As a software developer, system engineer, or architect that will want to use this library and its dependencies for integration into a part of my system, I want clear documentation about the security process and characteristics of the development software and development process. Ideally, we want to see this in the form of an OSCAL component so we can use documentation and evidence to also integrate into our own security documentation.
Goals
[ ] Decide on secure software practices
[ ] Decide on secure software deployment (development and operations)
[ ] Act on the above
[ ] Document them with OSCAL components
Dependencies
We probably need to threat model this system after considering the other components: metaschema-java, liboscal-java, and their combination with the oscal-cli as we use it today.
Acceptance Criteria
[ ] All website and readme documentation affected by the changes in this issue have been updated.
[ ] A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
[ ] The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.
wandmagic
commented
2 weeks ago
User Story
As a software developer, system engineer, or architect that will want to use this library and its dependencies for integration into a part of my system, I want clear documentation about the security process and characteristics of the development software and development process. Ideally, we want to see this in the form of an OSCAL component so we can use documentation and evidence to also integrate into our own security documentation.
Goals
Dependencies
We probably need to threat model this system after considering the other components: metaschema-java, liboscal-java, and their combination with the
oscal-clias we use it today.Acceptance Criteria
Revisions
No response