Skip to content

Commit 3b09ba1

Browse files
wurstbrotwurstbrot
committed
dopcs: Enhance team docs
1 parent 605d082 commit 3b09ba1

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

README.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,27 @@ docker run -d -p 80:8080 wurstbrot/dsomm:latest
8585
## Activity Definitions
8686
The definition of the activities are in the [data-repository](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data).
8787

88+
## Teams and Groups
89+
To customize these teams, you can create your own [meta.yaml](src/assets/meta.yaml) file with your unique team definitions.
90+
91+
Assessments within the framework can be based on either a team or a specific application, which can be referred to as the context. Depending on how you define the context or teams, you may want to group them together.
92+
93+
Here are a couple of examples to illustrate this, in breakers the DSOMM word:
94+
- Multiple applications (teams) can belong to a single overarching team (application).
95+
- Multiple teams (teams) can belong to a larger department (group).
96+
97+
Feel free to create your own [meta.yaml](src/assets/meta.yaml) file to tailor the framework to your specific needs and mount it in your environment (e.g. kubernetes or docker).
98+
Here is an example to start docker with customized meta.yaml:
99+
```
100+
# Customized meta.yaml
101+
cp src/assets/YAML/meta.yaml .
102+
docker run -v $(pwd)meta.yaml:/usr/share/nginx/html/assets/YAML/meta.yaml -p 8080:8080 wurstbrot/dsomm
103+
104+
# Customized meta.yaml and generated.yaml
105+
cp src/assets/YAML/meta.yaml .
106+
cp $(pwd)/src/assets/YAML/generated/generated.yaml .
107+
docker run -v $(pwd)/meta.yaml:/usr/share/nginx/html/assets/YAML/meta.yaml -v $(pwd)/generated.yaml:/usr/share/nginx/html/assets/YAML/generated/generated.yaml -p 8080:8080 wurstbrot/dsomm
108+
```
88109
# Credits
89110

90111
* The dimension _Test and Verification_ is based on Christian Schneiders [Security DevOps Maturity Model (SDOMM)](https://www.christian-schneider.net/SecurityDevOpsMaturityModel.html). _Application tests_ and _Infrastructure tests_ are added by Timo Pagel. Also, the sub-dimension _Static depth_ has been evaluated by security experts at [OWASP Stammtisch Hamburg](https://www.owasp.org/index.php/OWASP_German_Chapter_Stammtisch_Initiative/Hamburg).

0 commit comments

Comments
 (0)