At Klarna we have a lot of internal docs for Threat Modeling. These describe how you ought to threat model using Gram, what we think the process should look like, how to use certain features, etc. These live in an internal centralized documentation store currently.
I think it would benefit the open source community greatly if these were included per default in Gram. This would allow other security teams to simply reuse these materials and not have to redefine their own processes etc.
We still want to keep our centralized docs, however from what I've been told there is a tooling which allows for docs to be mirrored from a repository into them, so we could use that.
At Klarna we have a lot of internal docs for Threat Modeling. These describe how you ought to threat model using Gram, what we think the process should look like, how to use certain features, etc. These live in an internal centralized documentation store currently.
I think it would benefit the open source community greatly if these were included per default in Gram. This would allow other security teams to simply reuse these materials and not have to redefine their own processes etc.
We still want to keep our centralized docs, however from what I've been told there is a tooling which allows for docs to be mirrored from a repository into them, so we could use that.