This GitHub project (DevSecOps-MaturityModel-data) contains the source for the DSOMM model. The model is used by the DSOMM applciation DevSecOps-MaturityModel.
The source files include dimensions, activities, descriptions, measures, and other model data used by the application.
Contributions that improve the DSOMM model are welcome. Please edit the source files under src/assets/YAML/default/* and open a pull request.
After making changes, generate a new model.yaml and start a local DSOMM application to verify there are no technical issues. (See below.)
The script is executed using docker (or alternatively podman).
Depending on your platform use either generateDimensions.bash (Linux) or generateDimensions.bat (Windows).
-
Clone the repo:
git clone https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data.git -
Change directory:
cd yaml-generation -
Generate
model.yaml:./generateDimensions.bash
To start a local DSOMM instance on http://localhost:8080, run:
./generateDimensions.bash --start-dsomm
This will down the latest DSOMM docker image and spin it up as a docker container.
To test all URLs referenced by implementations.yaml and save results to url-test-results.txt, run:
./generateDimensions.bash --test-urls
If you prefer Podman over Docker, set the environement variable DOCKER_CMD to podman, or edit the script for you operating system.
- The "Test and Verification" dimension is based on Christian Schneider's Security DevOps Maturity Model (SDOMM).
- Application and infrastructure tests were added by Timo Pagel.
- The "Process" sub-dimension was added after discussion with Francois Raynaud.
- Translations and edits were contributed by Claud Camerino.
- ISO 27001:2017 mapping by Andre Baumeier.
- Other inspirations and contributions are acknowledged in the original README.
See the LICENSE file in this repository for license details.