Architectural threat modeling is a crucial technique for identifying and mitigating security threats in software systems, helping to prevent costly design flaws. While existing tools aim to reduce its resource-intensive nature through automation, they often lack key features—such as scriptability and integration capabilities—needed for practical use in development workflows.

In this paper, we present FlowStrider, a tool that addresses these shortcomings by implementing a new, practice-oriented workflow and enabling CI/CD integration through scriptability. FlowStrider reduces the required manual effort, enhances the quality of analysis results, and eases integration into software development workflows, thereby lowering the adoption barrier for continuous threat modeling.