GitHub - devsecopsmaturitymodel/DevSecOps-MaturityModel-custom (original) (raw)

Customization

This repo is there to customize the original OWASP DevSecOps Maturity Model.

Generation of yaml and usage of it

cd DevSecOps-MaturityModel-custom mkdir /tmp/generated docker run -e "IS_IMPLEMENTED_WHEN_EVIDENCE=true" -v $(pwd)/data/custom:/var/www/html/src/assets/YAML/custom -v /tmp/generated:/var/www/html/src/assets/YAML/generated wurstbrot/dsomm-yaml-generation docker run -p 8080:8080 -v /tmp/generated:/srv/assets/YAML/generated -v $(pwd)/evidence-images:/srv/assets/evidence-images wurstbrot/dsomm:latest

You can set the environment variable IS_IMPLEMENTED_WHEN_EVIDENCE=true to enable an activity if evidence is set.

Development

docker run -ti -v (pwd)/../DevSecOps−MaturityModel−data/yaml−generation/generateDimensions.php:/var/www/html/yaml−generation/generateDimensions.php−v(pwd)/../DevSecOps-MaturityModel-data/yaml-generation/generateDimensions.php:/var/www/html/yaml-generation/generateDimensions.php -v (pwd)/../DevSecOps−MaturityModel−data/yaml−generation/generateDimensions.php:/var/www/html/yaml−generation/generateDimensions.php−v(pwd)/../DevSecOps-MaturityModel-data/yaml-generation/:/var/www/html/yaml-generation/ -e "IS_IMPLEMENTED_WHEN_EVIDENCE=true" -v (pwd)/data/custom:/var/www/html/src/assets/YAML/custom−v(pwd)/data/custom:/var/www/html/src/assets/YAML/custom -v (pwd)/data/custom:/var/www/html/src/assets/YAML/custom−v(pwd)/generated:/var/www/html/src/assets/YAML/generated wurstbrot/dsomm-yaml-generation bash

Definition of Yaml files

You can use the following script to include all actvities from DSOMM

rm data/custom/*/*.yaml 
for file in <span class="katex"><span class="katex-mathml"><math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mo stretchy="false">(</mo><mi>f</mi><mi>i</mi><mi>n</mi><mi>d</mi><mi mathvariant="normal">.</mi><mi mathvariant="normal">.</mi><mi mathvariant="normal">/</mi><mi>D</mi><mi>e</mi><mi>v</mi><mi>S</mi><mi>e</mi><mi>c</mi><mi>O</mi><mi>p</mi><mi>s</mi><mo>−</mo><mi>M</mi><mi>a</mi><mi>t</mi><mi>u</mi><mi>r</mi><mi>i</mi><mi>t</mi><mi>y</mi><mi>M</mi><mi>o</mi><mi>d</mi><mi>e</mi><mi>l</mi><mo>−</mo><mi>d</mi><mi>a</mi><mi>t</mi><mi>a</mi><mi mathvariant="normal">/</mi><mi>s</mi><mi>r</mi><mi>c</mi><mi mathvariant="normal">/</mi><mi>a</mi><mi>s</mi><mi>s</mi><mi>e</mi><mi>t</mi><mi>s</mi><mi mathvariant="normal">/</mi><mi>Y</mi><mi>A</mi><mi>M</mi><mi>L</mi><mi mathvariant="normal">/</mi><mi>d</mi><mi>e</mi><mi>f</mi><mi>a</mi><mi>u</mi><mi>l</mi><mi>t</mi><mi mathvariant="normal">/</mi><mo>∗</mo><mi mathvariant="normal">/</mi><mo>∗</mo><mi mathvariant="normal">.</mi><mi>y</mi><mi>a</mi><mi>m</mi><mi>l</mi><mi mathvariant="normal">∣</mi><mi>g</mi><mi>r</mi><mi>e</mi><mi>p</mi><mo>−</mo><msub><mi>v</mi><mi>m</mi></msub><mi>e</mi><mi>t</mi><mi>a</mi><mi mathvariant="normal">.</mi><mi>y</mi><mi>a</mi><mi>m</mi><mi>l</mi><mo stretchy="false">)</mo><mo separator="true">;</mo><mi>d</mi><mi>o</mi><mi>b</mi><mi>a</mi><mi>s</mi><mi>e</mi><mi>F</mi><mi>i</mi><mi>l</mi><mi>e</mi><mi>N</mi><mi>a</mi><mi>m</mi><mi>e</mi><mo>=</mo></mrow><annotation encoding="application/x-tex">(find ../DevSecOps-MaturityModel-data/src/assets/YAML/default/*/*.yaml | grep -v _meta.yaml); do baseFileName=</annotation></semantics></math></span><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:1em;vertical-align:-0.25em;"></span><span class="mopen">(</span><span class="mord mathnormal" style="margin-right:0.10764em;">f</span><span class="mord mathnormal">in</span><span class="mord mathnormal">d</span><span class="mord">../</span><span class="mord mathnormal">De</span><span class="mord mathnormal" style="margin-right:0.03588em;">v</span><span class="mord mathnormal" style="margin-right:0.05764em;">S</span><span class="mord mathnormal">ec</span><span class="mord mathnormal">Op</span><span class="mord mathnormal">s</span><span class="mspace" style="margin-right:0.2222em;"></span><span class="mbin">−</span><span class="mspace" style="margin-right:0.2222em;"></span></span><span class="base"><span class="strut" style="height:0.8889em;vertical-align:-0.1944em;"></span><span class="mord mathnormal" style="margin-right:0.10903em;">M</span><span class="mord mathnormal">a</span><span class="mord mathnormal">t</span><span class="mord mathnormal">u</span><span class="mord mathnormal" style="margin-right:0.02778em;">r</span><span class="mord mathnormal">i</span><span class="mord mathnormal">t</span><span class="mord mathnormal" style="margin-right:0.03588em;">y</span><span class="mord mathnormal" style="margin-right:0.10903em;">M</span><span class="mord mathnormal">o</span><span class="mord mathnormal">d</span><span class="mord mathnormal">e</span><span class="mord mathnormal" style="margin-right:0.01968em;">l</span><span class="mspace" style="margin-right:0.2222em;"></span><span class="mbin">−</span><span class="mspace" style="margin-right:0.2222em;"></span></span><span class="base"><span class="strut" style="height:1em;vertical-align:-0.25em;"></span><span class="mord mathnormal">d</span><span class="mord mathnormal">a</span><span class="mord mathnormal">t</span><span class="mord mathnormal">a</span><span class="mord">/</span><span class="mord mathnormal">src</span><span class="mord">/</span><span class="mord mathnormal">a</span><span class="mord mathnormal">sse</span><span class="mord mathnormal">t</span><span class="mord mathnormal">s</span><span class="mord">/</span><span class="mord mathnormal" style="margin-right:0.22222em;">Y</span><span class="mord mathnormal">A</span><span class="mord mathnormal" style="margin-right:0.10903em;">M</span><span class="mord mathnormal">L</span><span class="mord">/</span><span class="mord mathnormal">d</span><span class="mord mathnormal">e</span><span class="mord mathnormal" style="margin-right:0.10764em;">f</span><span class="mord mathnormal">a</span><span class="mord mathnormal">u</span><span class="mord mathnormal">lt</span><span class="mord">/</span><span class="mspace" style="margin-right:0.2222em;"></span><span class="mbin">∗</span><span class="mspace" style="margin-right:0.2222em;"></span></span><span class="base"><span class="strut" style="height:1em;vertical-align:-0.25em;"></span><span class="mord">/</span><span class="mspace" style="margin-right:0.2222em;"></span><span class="mbin">∗</span><span class="mspace" style="margin-right:0.2222em;"></span></span><span class="base"><span class="strut" style="height:1em;vertical-align:-0.25em;"></span><span class="mord">.</span><span class="mord mathnormal" style="margin-right:0.03588em;">y</span><span class="mord mathnormal">am</span><span class="mord mathnormal" style="margin-right:0.01968em;">l</span><span class="mord">∣</span><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="mord mathnormal">re</span><span class="mord mathnormal">p</span><span class="mspace" style="margin-right:0.2222em;"></span><span class="mbin">−</span><span class="mspace" style="margin-right:0.2222em;"></span></span><span class="base"><span class="strut" style="height:1em;vertical-align:-0.25em;"></span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">v</span><span class="msupsub"><span class="vlist-t vlist-t2"><span class="vlist-r"><span class="vlist" style="height:0.1514em;"><span style="top:-2.55em;margin-left:-0.0359em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">m</span></span></span></span><span class="vlist-s">​</span></span><span class="vlist-r"><span class="vlist" style="height:0.15em;"><span></span></span></span></span></span></span><span class="mord mathnormal">e</span><span class="mord mathnormal">t</span><span class="mord mathnormal">a</span><span class="mord">.</span><span class="mord mathnormal" style="margin-right:0.03588em;">y</span><span class="mord mathnormal">am</span><span class="mord mathnormal" style="margin-right:0.01968em;">l</span><span class="mclose">)</span><span class="mpunct">;</span><span class="mspace" style="margin-right:0.1667em;"></span><span class="mord mathnormal">d</span><span class="mord mathnormal">o</span><span class="mord mathnormal">ba</span><span class="mord mathnormal">se</span><span class="mord mathnormal" style="margin-right:0.13889em;">F</span><span class="mord mathnormal">i</span><span class="mord mathnormal" style="margin-right:0.01968em;">l</span><span class="mord mathnormal">e</span><span class="mord mathnormal" style="margin-right:0.10903em;">N</span><span class="mord mathnormal">am</span><span class="mord mathnormal">e</span><span class="mspace" style="margin-right:0.2778em;"></span><span class="mrel">=</span></span></span></span>(basename <span class="katex"><span class="katex-mathml"><math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>f</mi><mi>i</mi><mi>l</mi><mi>e</mi><mo stretchy="false">)</mo><mo separator="true">;</mo><mi>c</mi><mi>a</mi><mi>t</mi></mrow><annotation encoding="application/x-tex">file); cat </annotation></semantics></math></span><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:1em;vertical-align:-0.25em;"></span><span class="mord mathnormal" style="margin-right:0.10764em;">f</span><span class="mord mathnormal">i</span><span class="mord mathnormal" style="margin-right:0.01968em;">l</span><span class="mord mathnormal">e</span><span class="mclose">)</span><span class="mpunct">;</span><span class="mspace" style="margin-right:0.1667em;"></span><span class="mord mathnormal">c</span><span class="mord mathnormal">a</span><span class="mord mathnormal">t</span></span></span></span>file | grep "^    [a-Z]\|^  [a-Z]\|^[a-Z]" > data/custom/definition/definition-$baseFileName;done