Closed amacleay-cohere closed 2 months ago
I just saw you opened https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/issues/314 - this question seems to overlap quite a lot so feel free to close if you think that's going to be addressed another way @wurstbrot
Thanks!
@amacleay-cohere the workflow is correct. The first question is answered with the ticket. @0x41head is about to implement it in the next couple of weeks (not guarantee as it is OpenSource).
Regarding the second question: Ideally, you add the teams to meta.yaml
and mount it to your container. What workflow would you pref.?
Regarding customizations to meta.yaml - I might expect a similar workflow with a default meta.yaml that gets merged with a custom meta.yaml.
I actually don't have any real preference, it is just a bit confusing to navigate as there are multiple checked in meta.yaml
files (in the -data
project and the site project) and, as a consumer, it's hard to know if there is a reason to prefer managing changes in one or the other. I think the answer is "there's more than one way to do it", and that's totally fine.
Thanks for the responses and the great work!
I think the intended lifecycle for hosting and managing an internal maturity model is:
default
activities in a correspondingcustom
activity; eg overrides tosrc/assets/YAML/default/BuildAndDeployment/Build.yaml
go insrc/assets/YAML/custom/BuildAndDeployment/Build.yaml
src/assets/YAML/meta.yaml
meta.yaml
andgenerated.yaml
from DevSecOps-MaturityModel-data and mounts/copies them into the sitePlease correct if that doesn't seem ideal.
This still leaves me with some questions:
default
YAML files?meta.yaml
doesn't have a build process and is just identically copied into the site - am I misunderstanding the intended lifecycle for that asset?Thanks in advance!