SD Elements User Guide

SD Elements automates software security requirements based on a project’s technology, business, and compliance drivers. It helps eliminate security vulnerabilities before scanning begins, identifies where to focus manual security testing, scales training through Just-in-Time Training, and integrates with development teams.

What’s new?

2026.6.1
- Import from Devici: Import Devici threat models into SD Elements projects with automatic countermeasure generation.
- Jira OAuth 2.0: Authenticate to Jira using OAuth 2.0 service accounts for more secure, token-based integration.
- DE Library Rules: Documentation for Decision Enabled-specific attributes and rules.
- See the release notes for more information.

Key capabilities

Feature	Description
AI Navigator	An AI-powered assistant that delivers personalized, context-specific security guidance directly within SD Elements using natural language.
Threat Model Diagrams	Visually model your system’s architecture to identify threats and vulnerabilities before writing code.
Scan a Repository	Connect Git repositories and scan them to automatically map data points to survey answers and generate diagram components.
Just-in-Time Training	In-context training modules that help team members stay up-to-speed on security concepts as they work.
Import from Devici	Import threat models from Devici into SD Elements with automatic attribute mapping and countermeasure generation.
Agentic AI Workflow	Configure IDE or agentic workflow clients to interact with SD Elements via Model Context Protocol (MCP).
Reusable Components	Create shared components that capture security controls, so consuming teams don’t have to re-implement them.
System View	Group projects across business units and applications for aggregated reporting and system-wide analysis.

Feature

Description

AI Navigator

An AI-powered assistant that delivers personalized, context-specific security guidance directly within SD Elements using natural language.

Threat Model Diagrams

Visually model your system’s architecture to identify threats and vulnerabilities before writing code.

Scan a Repository

Connect Git repositories and scan them to automatically map data points to survey answers and generate diagram components.

Just-in-Time Training

In-context training modules that help team members stay up-to-speed on security concepts as they work.

Import from Devici

Import threat models from Devici into SD Elements with automatic attribute mapping and countermeasure generation.

Agentic AI Workflow

Configure IDE or agentic workflow clients to interact with SD Elements via Model Context Protocol (MCP).

Reusable Components

Create shared components that capture security controls, so consuming teams don’t have to re-implement them.

System View

Group projects across business units and applications for aggregated reporting and system-wide analysis.

For team members

Understand applications and projects.
Perform a search.
Sync Countermeasures to another system using Issue Tracker integration.
Verify Countermeasures with Scanner integration.
Understand how security requirements map to your project with Explainable Mapping.
Track progress using project reports.
Complete Just-in-Time Training modules assigned to your project.
Update your account profile information.

For application administrators

Provision users and organize them into groups.
Authorize users and groups by assigning custom global and project roles.
Organize teams and applications into different business units.
Monitor risk across business units, applications, and projects using Risk policies.
Generate organization reports, advanced reports, and dashboards.
Assign your projects with a level of risk with Project Classification.
Create System Views to group related projects for aggregated insights.
Manage feature flags to enable or disable platform functionality.

For content administrators

Customize the content with your own Countermeasures and Weaknesses.
Tailor the project survey to match your organization’s needs.
Develop regulations to track compliance with custom standards and objectives.
Organize Countermeasures into a custom set of phases.
Onboard projects quickly using project profiles.
Bring existing content into the application using import/export.
Use Contextually Aware Content to populate dynamic values across all instances of a Countermeasure.
Use the Content Pack Selector to deactivate base content in SD Elements.

For developers & DevOps

Scan a repository to automatically answer project survey questions from your codebase.
Create security gates in CI/CD pipelines with DevOps integration.
Connect to on-premises systems using the Remote Integration Agent.
Configure agentic clients to interact with SD Elements via MCP-based workflows.
Generate an API token and develop custom integrations.

For system administrators

Learn about different authentication options.
Provision users and groups.
Authorize users and groups by assigning custom global and project roles.
Facilitate integrations by configuring Issue Tracker connectors and System Verification connectors.
Use LDAP sync to automatically provision users & groups and assign them permissions.
Manage System Views for cross-project visibility.
Use Automations to automatically complete routine processes.
Configure feature flags to control platform features.

Introduction