DevSecOps-MaturityModel icon indicating copy to clipboard operation
DevSecOps-MaturityModel copied to clipboard

Published 20 hours ago verified publisher icon wurstbrot

Split iso and other specifications in a separate record.

Open ioggstream opened this issue 4 years ago • 5 comments

I propose

  • to associate standards to a given action, use a list

Proposal 1

references:
- iso27001: xxx

Proposal 2

references:
  iso27001-2017:
  - xxx1
  - xxx2
  samm2:
  - yyy1
  - yy2

Proposal 3

references:
  - samm2:xxx
  - iso27001-2017:xxxx

ioggstream avatar Feb 18 '21 14:02 ioggstream

This could enable rendering automatically eg samm2 labels to

https://github.com/OWASP/samm/blob/master/Current%20Releases/head/core/implementation/i-secure-build.md#maturity-2

or https://owaspsamm.org/model/operations/environment-management/stream-b/

ioggstream avatar Feb 23 '21 17:02 ioggstream

SAMM uses markdown, do you also want to use markdown insead of yaml?

wurstbrot avatar Feb 23 '21 20:02 wurstbrot

I think we can write a rendering function where we define eg. samm2 "URI" that the webui will render to a linked page. eg.

function render_samm_uri(samm){
  samm2:i-secure-build-b  returns `<a href="https://github.com/OWASP/samm/blob/master/Current%20Releases/head/core/implementation/i-secure-build.md#maturity-2" >Implementation - Secure Build</a>`
}

ioggstream avatar Feb 23 '21 21:02 ioggstream

+1 for Proposal 2. Making it a list everywhere probably also helps in later processing.

AndreBaumeier avatar Feb 24 '21 14:02 AndreBaumeier

@wurstbrot MITRE is following the URI road here https://d3fend.mitre.org/technique/d3f:FileAnalysis/ Following this too allows us to integrate with them... I'll PR an hypothesis, but the webapp should be updated then...

ioggstream avatar Oct 17 '22 20:10 ioggstream