Exporting Threat Models
Devici allows you to export threat modeling results so they can be shared, reviewed, and used outside the platform.
Exports provide a snapshot in time of a threat model and are commonly used for documentation, remediation planning, and stakeholder communication.
Use this guide to understand when to export a threat model and how to choose the right export format.
Export options in Devici
Devici supports three export formats:
- PDF export — a complete, visual representation of a threat model
- PNG export — a high-resolution image of the threat model diagram
- CSV export — structured threat data for tracking and integration
Each format is designed for a different audience and use case.
Accessing export options
Export options are available from the Threat Model canvas.
- Open a threat model
- Select the Export icon in the canvas toolbar
- Choose the desired export format
Exports always reflect the current version of the threat model at the time they are generated.
Tip
Exports represent a point-in-time snapshot. If the model changes, generate a new export to reflect the updated state.
PDF export
PDF export produces a detailed report of the threat model, suitable for sharing and documentation.
What the PDF includes
A PDF export may include:
- The threat model diagram
- Modeled elements and data flows
- Applied attributes
- Generated threats
- Mitigations and their current status
This format is ideal for design reviews, audits, and sharing with stakeholders who do not work directly in Devici.
When to use PDF export
Use PDF export when you need to:
- Communicate threat modeling results
- Support security or architecture reviews
- Document design decisions
- Share a complete model snapshot
Tip
PDF exports are best used for communication and documentation, not ongoing tracking.
PNG export
PNG export produces a high-resolution image of the threat model diagram.
Unlike PDF export, PNG focuses only on the visual diagram, without threat or mitigation details.
What the PNG includes
A PNG export includes:
- The current threat model diagram
- All visible elements, data flows, and trust boundaries
- The current canvas layout and positioning
When to use PNG export
Use PNG export when you need to:
- Embed the diagram in design documents or slide decks
- Share architecture visuals in reviews or presentations
- Include the model in external documentation or wikis
- Communicate system structure without detailed threat data
Tip
PNG exports are ideal for visual communication and presentations where a full report is not required.
CSV export
CSV export provides a tabular view of threats from the Threat Register.
What the CSV includes
A CSV export typically includes:
- Threat title
- Status
- Priority
- Associated element
- Threat description
This format is designed for analysis and integration with other tools.
When to use CSV export
Use CSV export when you want to:
- Track threats in external systems
- Create engineering work items
- Perform custom prioritization or analysis
- Integrate with security or risk workflows
Tip
CSV exports are most effective when paired with the Threat Register for model-wide review.
Choosing the right export format
Use this guidance when deciding how to export:
- PDF — comprehensive, review-ready documentation
- PNG — visual diagrams for presentations and documents
- CSV — structured data for tracking and integration
Many teams use multiple formats at different stages of the threat modeling process.
Best practices for exporting
To get the most value from exports:
- Review threats and mitigations before exporting
- Ensure mitigation statuses are up to date
- Use the Threat Model Health Score to assess readiness
- Treat exports as snapshots, not living artifacts
Warning
Exported files do not automatically update when a model changes. Always regenerate exports after significant updates.
What’s next
After exporting a threat model:
- Track remediation using Threats & Mitigations
- Measure completeness with Threat Model Health Score
- Manage evolution using Threat Model Versioning & Restoring
Exports help bridge the gap between threat modeling and action.