RRepoGEO

REPOGEO REPORT · LITE

OWASP/pytm

Default branch master · commit e452aaf2 · scanned 5/28/2026, 4:26:12 AM

GitHub: 1,124 stars · 221 forks

AI VISIBILITY SCORE
69 /100
Needs work
Category recall
1 / 2
Avg rank #1.0 when recommended
Rule findings
1 pass · 1 warn · 0 fail
Objective metadata checks
AI knows your name
3 / 3
Direct prompts that named your repo
HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface OWASP/pytm, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION
  • highreadme#1
    Explicitly mention CI/CD integration in the README introduction

    Why:

    CURRENT
    The goal of pytm is to shift threat modeling to the left, making threat modeling more automated and developer-centric.
    COPY-PASTE FIX
    The goal of pytm is to shift threat modeling to the left, making threat modeling more automated and developer-centric, and easily integratable into CI/CD pipelines.
  • highabout#2
    Add a homepage URL to the repository's About section

    Why:

    COPY-PASTE FIX
    Add a relevant URL (e.g., project documentation, OWASP project page, or a demo site) to the 'Website' field in the repository's 'About' section.
  • mediumreadme#3
    Clarify the project's license directly in the README

    Why:

    COPY-PASTE FIX
    Add a 'License' section to the README, stating the specific license(s) under which pytm is distributed, referencing the existing LICENSE file (e.g., 'pytm is licensed under [License Name/Type]. See the LICENSE file for details.').

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall
1 / 2
50% of queries surface OWASP/pytm
Avg rank
#1.0
Lower is better. #1 = top recommendation.
Share of voice
6%
Of all named tools, what % are you?
Top rival
PlantUML
Recommended in 1 of 2 queries
COMPETITOR LEADERBOARD
  1. PlantUML · recommended 1×
  2. Mermaid.js · recommended 1×
  3. OWASP Threat Dragon · recommended 1×
  4. Graphviz · recommended 1×
  5. Palo Alto Networks Prisma Cloud · recommended 1×
  • CATEGORY QUERY
    How can I automate threat modeling and generate DFDs directly from Python code?
    you: #1
    AI recommended (in order):
    1. PyTM ← you
    2. PlantUML
    3. Mermaid.js
    4. OWASP Threat Dragon
    5. Graphviz
    6. Palo Alto Networks Prisma Cloud
    7. Wiz
    8. Orca Security
    Show full AI answer
  • CATEGORY QUERY
    What tools help developers integrate threat modeling into CI/CD and create sequence diagrams?
    you: not recommended
    AI recommended (in order):
    1. OWASP Threat Dragon (OWASP/threat-dragon)
    2. IriusRisk
    3. SecuriThings Horizon
    4. Lucidchart
    5. draw.io (Diagrams.net) (jgraph/drawio)
    6. PlantUML (plantuml/plantuml)
    7. PlantText
    8. OWASP Threat Modeling Playbook

    AI recommended 8 alternatives but never named OWASP/pytm. This is the gap to close.

    Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

  • Metadata completeness
    warn

    Suggestion:

  • README presence
    pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

  • Compared to common alternatives in this category, what is the core differentiator of OWASP/pytm?
    pass
    AI named OWASP/pytm explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • If a team adopts OWASP/pytm in production, what risks or prerequisites should they evaluate first?
    pass
    AI named OWASP/pytm explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • In one sentence, what problem does the repo OWASP/pytm solve, and who is the primary audience?
    pass
    AI named OWASP/pytm explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of OWASP/pytm. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

RepoGEO badge previewLive preview
MARKDOWN (README)
[![RepoGEO](https://repogeo.com/badge/OWASP/pytm.svg)](https://repogeo.com/en/r/OWASP/pytm)
HTML
<a href="https://repogeo.com/en/r/OWASP/pytm"><img src="https://repogeo.com/badge/OWASP/pytm.svg" alt="RepoGEO" /></a>
Pro

Subscribe to Pro for deep diagnoses

OWASP/pytm — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

  • Deep reports10 / month
  • Brand-free category queries5 vs 2 in Lite
  • Prioritized action items8 vs 3 in Lite