Split iso and other specifications in a separate record. - Githubissues

devsecopsmaturitymodel / DevSecOps-MaturityModel

GNU General Public License v3.0

496 stars 287 forks source link

Split iso and other specifications in a separate record. #52

Closed ioggstream closed 9 months ago

ioggstream commented 3 years ago

I propose

to associate standards to a given action, use a list

Proposal 1

references:
- iso27001: xxx

Proposal 2

references:
  iso27001-2017:
  - xxx1
  - xxx2
  samm2:
  - yyy1
  - yy2

Proposal 3

references:
  - samm2:xxx
  - iso27001-2017:xxxx

ioggstream commented 3 years ago

This could enable rendering automatically eg samm2 labels to

https://github.com/OWASP/samm/blob/master/Current%20Releases/head/core/implementation/i-secure-build.md#maturity-2

or https://owaspsamm.org/model/operations/environment-management/stream-b/

wurstbrot commented 3 years ago

SAMM uses markdown, do you also want to use markdown insead of yaml?

ioggstream commented 3 years ago

I think we can write a rendering function where we define eg. samm2 "URI" that the webui will render to a linked page. eg.

function render_samm_uri(samm){
  samm2:i-secure-build-b  returns `<a href="https://github.com/OWASP/samm/blob/master/Current%20Releases/head/core/implementation/i-secure-build.md#maturity-2" >Implementation - Secure Build</a>`
}

AndreBaumeier commented 3 years ago

+1 for Proposal 2. Making it a list everywhere probably also helps in later processing.

ioggstream commented 2 years ago

@wurstbrot MITRE is following the URI road here https://d3fend.mitre.org/technique/d3f:FileAnalysis/ Following this too allows us to integrate with them... I'll PR an hypothesis, but the webapp should be updated then...