If you have noticed that the deployment tab is not appearing in your questionnaire, please see the below article for information.
Prior to 2.1.x within product architecture there was a requirement to understand where a component was going to be deployed, for example, if you wanted to add a “Web service” to your threat model it was necessary to specify where that “Web service” was going to be placed i.e., Cloud/OnPrem Server, which was the main purpose of the deployment tab, once this was answered it then triggered rules to import relevant risk patterns into the threat model.
With the advancements made within our software we are now able to offer end users the ability to not only select cloud components but also nest services and other components within them, ultimately ruling out the need for the Deployment questionnaire, there is another article explaining this which can be found here.
The reason why the Deployment rules still exist is to allow for legacy threat models that still use old architecture to still have the functionality of specifying deployment options.
To summarise, any new Products/Threat models will not show this tab even if the conditions are met.
- Deployment – Client
- Deployment - Data Store
- Deployment - Load Balancer
- Deployment – Service
- Deployment - Web UI
// In this rule, we check if the product has not got the conclusion "Show deployment tab" (any of "Internal infrastructure" or "Public Cloud" was not answered),
// , and hide the deployment tab if this conclusion doesn't appear.
rule "Hide Deployment tab for new products"
not Conclusion(id == "show.deployment");
$groupDeployment : QuestionGroup(id == "deployment")