Data for the OWASP DevSecOps Maturity Model.
To test changes to the yaml-files, please run:
docker run -ti -v $(pwd)/src/assets/YAML/:/var/www/html/src/assets/YAML wurstbrot/dsomm-yaml-generation
# Afterwards, you can use the generated.yaml in a container
docker run -v $(pwd)/src/assets/YAML/generated/generated.yaml:/usr/share/nginx/html/assets/YAML/generated/generated.yaml -p 8080:8080 wurstbrot/dsomm
- The dimension Test and Verification is based on Christian Schneiders Security DevOps Maturity Model (SDOMM). Application tests and Infrastructure tests are added by Timo Pagel. Also, the sub-dimension Static depth has been evaluated by security experts at OWASP Stammtisch Hamburg.
- The sub-dimension Process has been added after a discussion with Francois Raynaud that reactive activities are missing.
- Enhancement of my basic translation is performed by Claud Camerino.
- Adding ISO 27001:2017 mapping, Andre Baumeier.
- OWASP Project Integration Project Writeup for providing documentation on different DevSecOps practices which are copied&pasted/ (and adopted) (https://github.com/northdpole, https://github.com/ThunderSon)
- The requirements from level 0 are based on/copied from AppSecure NRW
- The sub dimension Test KPI, Triage, Dynamic depth for app/infra, Static depth for app/infra and some other vulnerability management activities are based/inspired by [Vulnerability Managment Maturity Model - Cheat Sheet V1.6](TODO FRANCESCO LINK)