> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tolmo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Download Threat Model Artifacts

> Retrieve threat model pipeline runs and artifacts using tolmo threat-model. Download the latest run or a specific step from a named pipeline scan.

Tolmo's threat model commands let you download artifacts produced by the platform's threat model pipeline — including full run outputs and individual analysis steps. This is useful for reviewing findings offline or feeding them into other tools.

## List pipeline runs

Use `tolmo threat-model list` to see all recorded pipeline runs for your organization. The output shows each scan's ID and its current status, giving you a quick overview of what has run and whether it completed successfully.

```bash theme={null}
tolmo threat-model list
```

## Download run artifacts

Once you know which run you want to inspect, use `tolmo threat-model get` to fetch its artifacts. You can target the latest run, a specific run by ID, or a single analysis step within a run.

<Steps>
  <Step title="Download the latest run">
    Run the command without any flags to pull artifacts from the most recent pipeline execution:

    ```bash theme={null}
    tolmo threat-model get
    ```
  </Step>

  <Step title="Download a specific run by ID">
    Pass the scan ID you retrieved from `threat-model list` to download a particular run's artifacts:

    ```bash theme={null}
    tolmo threat-model get --run <scanId>
    ```
  </Step>

  <Step title="Download a single step">
    Use `--step` to narrow the download to one analysis step within the latest run. For example, to pull only the vulnerability qualification step:

    ```bash theme={null}
    tolmo threat-model get --step vuln-qualif
    ```
  </Step>
</Steps>

## Working with artifacts

After downloading, artifacts are available locally for inspection or further processing.

<Tip>
  Add `--json` to get machine-readable output, then pipe it to `jq` to filter or extract specific fields. Artifacts are most meaningful when reviewed alongside the corresponding security findings in your Tolmo dashboard, since the platform links each artifact back to its source findings.
</Tip>

## Common use cases

Threat model artifacts fit naturally into several workflows:

* **Automated artifact archiving in CI** — schedule `tolmo threat-model get` in your pipeline to capture and store artifacts after each scan, building a historical record of your threat model evolution.
* **Offline review** — download artifacts before a review session so that security and engineering teams can work through findings without needing live platform access.
* **Importing into other security tools** — consume the JSON output in vulnerability management platforms, ticketing integrations, or custom dashboards that your team already uses.
