optimize

devsecopsmaturitymodel · Jul 21, 2024 · 10cc808 · 10cc808
1 parent db5be93
commit 10cc808
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 2 deletions.
diff --git a/src/assets/YAML/default/BuildAndDeployment/Deployment.yaml b/src/assets/YAML/default/BuildAndDeployment/Deployment.yaml
@@ -203,7 +203,32 @@ Build and Deployment:
       isImplemented: false
       evidence: ""
       comments: ""
-    Inventory of running artifacts:
+    Inventory of production applications:
+      uuid: 2a44b708-734f-4463-b0cb-86dc46344b2f
+      risk:
+        An organization is unaware of applications in production.
+      measure: A documented inventory or applications exists (gathered manually or automatically)
+      dependsOn:
+      difficultyOfImplementation:
+        knowledge: 2
+        time: 2
+        resources: 3
+      usefulness: 3
+      level: 3
+      implementation: []
+      references:
+        samm2:
+          - I-SD-2-A
+        iso27001-2017:
+          - 8.1
+          - 8.2
+        iso27001-2022:
+          - 5.9
+          - 5.12
+      isImplemented: false
+      evidence: ""
+      comments: ""
+    Inventory of production artifacts:
       uuid: 83057028-0b77-4d2e-8135-40969768ae88
       risk:
         In case a vulnerability of severity high or critical exists, it needs

diff --git a/src/assets/YAML/default/TestAndVerification/StaticDepthForApplications.yaml b/src/assets/YAML/default/TestAndVerification/StaticDepthForApplications.yaml
@@ -151,7 +151,8 @@ Test and Verification:
           - 8.27 # Secure system architecture and engineering principles
           - 8.28 # Secure coding
       isImplemented: false
-      evidence: ""
+      dependsOn:
+        - Inventory of production applications
       comments: ""
     Static analysis for all components/libraries:
       uuid: f4ff841d-3b2a-45d9-853e-5ec7ecbcb054
@@ -166,6 +167,7 @@ Test and Verification:
       dependsOn:
         - Static analysis for important client side components
         - Static analysis for important server side components
+        - Inventory of production applications
       implementation: []
       references:
         samm2:
@@ -200,6 +202,7 @@ Test and Verification:
       dependsOn:
         - Static analysis for important client side components
         - Static analysis for important server side components
+        - Inventory of production applications
       references:
         samm2:
           - V-ST-2-A
@@ -233,6 +236,7 @@ Test and Verification:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/appscan-vscode-extension
       dependsOn:
         - Defined build process
+        - Inventory of production applications
       references:
         samm2:
           - V-ST-2-A
@@ -265,6 +269,7 @@ Test and Verification:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/appscan-vscode-extension
       dependsOn:
         - Defined build process
+        - Inventory of production applications
       references:
         samm2:
           - V-ST-2-A
@@ -318,6 +323,7 @@ Test and Verification:
       level: 3
       dependsOn:
         - Defined build process
+        - Inventory of production applications
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/retire-js
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/npm-audit
@@ -347,6 +353,7 @@ Test and Verification:
       level: 2
       dependsOn:
         - Defined build process
+        - Inventory of production applications
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/owasp-dependency-che
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/dependencyTrack