From 6c4316479ccf7f676344a74b95b092fc0ad6cc09 Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Fri, 10 Nov 2023 11:24:56 +0100 Subject: [PATCH 1/3] feat: BREAKING CHANGE: Use UUID for navigation. Old dimension/subdimesion/activityName will not work anymore --- .../activity-description.component.ts | 68 ++++++++++++++++--- .../component/matrix/matrix.component.html | 1 + src/app/component/matrix/matrix.component.ts | 3 +- 3 files changed, 63 insertions(+), 9 deletions(-) diff --git a/src/app/component/activity-description/activity-description.component.ts b/src/app/component/activity-description/activity-description.component.ts index c9a09fc0..d57fade2 100644 --- a/src/app/component/activity-description/activity-description.component.ts +++ b/src/app/component/activity-description/activity-description.component.ts @@ -83,10 +83,7 @@ export class ActivityDescriptionComponent implements OnInit { ngOnInit() { this.route.queryParams.subscribe(params => { - this.currentActivity.dimension = params['dimension']; - this.currentActivity.subDimension = params['subDimension']; - this.currentActivity.level = 'level-' + params['level']; - this.currentActivity.activityName = params['activityName']; + this.currentActivity.uuid = params['uuid']; }); //gets value from sample file @@ -103,10 +100,65 @@ export class ActivityDescriptionComponent implements OnInit { // Function sets data this.yaml.getJson().subscribe(data => { this.YamlObject = data; - var data = - this.YamlObject[this.currentActivity.dimension][ - this.currentActivity.subDimension - ][this.currentActivity.activityName]; + + var allDimensionNames = Object.keys(this.YamlObject); + for (let i = 0; i < allDimensionNames.length; i++) { + var subdimensionsInCurrentDimension = Object.keys( + this.YamlObject[allDimensionNames[i]] + ); + + for (let j = 0; j < subdimensionsInCurrentDimension.length; j++) { + var temp: any = { + Dimension: allDimensionNames[i], + SubDimension: subdimensionsInCurrentDimension[j], + }; + var activityInCurrentSubDimension: string[] = Object.keys( + this.YamlObject[allDimensionNames[i]][ + subdimensionsInCurrentDimension[j] + ] + ); + + for (let a = 0; a < activityInCurrentSubDimension.length; a++) { + var currentActivityName = activityInCurrentSubDimension[a]; + + try { + console.log(this.currentActivity.uuid, this.currentActivity.uuid); + console.log( + 'uuid', + this.YamlObject[allDimensionNames[i]][ + subdimensionsInCurrentDimension[j] + ][currentActivityName].uuid + ); + console.log( + 'currentActivityName', + this.YamlObject[allDimensionNames[i]][ + subdimensionsInCurrentDimension[j] + ][currentActivityName] + ); + if ( + this.YamlObject[allDimensionNames[i]][ + subdimensionsInCurrentDimension[j] + ][currentActivityName].uuid == this.currentActivity.uuid + ) { + data = + this.YamlObject[allDimensionNames[i]][ + subdimensionsInCurrentDimension[j] + ][currentActivityName]; + this.currentActivity = data; + this.currentActivity.dimension = allDimensionNames[i]; + this.currentActivity.subDimension = + subdimensionsInCurrentDimension[j]; + this.currentActivity.activityName = currentActivityName; + console.log('found'); + break; + } + } catch { + console.log('Level for activity does not exist'); + } + } + } + } + this.currentActivity.description = this.defineStringValues( data['description'], '' diff --git a/src/app/component/matrix/matrix.component.html b/src/app/component/matrix/matrix.component.html index 854e5586..6d0cb47e 100644 --- a/src/app/component/matrix/matrix.component.html +++ b/src/app/component/matrix/matrix.component.html @@ -67,6 +67,7 @@ style="margin-bottom: 1em" (click)=" navigate( + YamlObject[element.Dimension][element.SubDimension][activity].uuid, element.Dimension, element.SubDimension, i + 1, diff --git a/src/app/component/matrix/matrix.component.ts b/src/app/component/matrix/matrix.component.ts index 796c3d31..9e26af41 100644 --- a/src/app/component/matrix/matrix.component.ts +++ b/src/app/component/matrix/matrix.component.ts @@ -309,9 +309,10 @@ export class MatrixComponent implements OnInit { // activity description routing + providing parameters - navigate(dim: string, subdim: string, lvl: Number, activityName: string) { + navigate(uuid: String, dim: string, subdim: string, lvl: Number, activityName: string) { let navigationExtras: NavigationExtras = { queryParams: { + uuid: uuid, dimension: dim, subDimension: subdim, level: lvl, From 605d082018511424c40f08c4ad4f860811708930 Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Fri, 10 Nov 2023 11:28:48 +0100 Subject: [PATCH 2/3] chore: beautify --- src/app/component/matrix/matrix.component.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/app/component/matrix/matrix.component.ts b/src/app/component/matrix/matrix.component.ts index 9e26af41..4b5513a6 100644 --- a/src/app/component/matrix/matrix.component.ts +++ b/src/app/component/matrix/matrix.component.ts @@ -309,7 +309,13 @@ export class MatrixComponent implements OnInit { // activity description routing + providing parameters - navigate(uuid: String, dim: string, subdim: string, lvl: Number, activityName: string) { + navigate( + uuid: String, + dim: string, + subdim: string, + lvl: Number, + activityName: string + ) { let navigationExtras: NavigationExtras = { queryParams: { uuid: uuid, From 3b09ba1b1bd38e56c9b8c3b7ed2a454bc803b95c Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Tue, 14 Nov 2023 13:38:18 +0100 Subject: [PATCH 3/3] dopcs: Enhance team docs --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index 80d712bb..0b7ffa3d 100644 --- a/README.md +++ b/README.md @@ -85,6 +85,27 @@ docker run -d -p 80:8080 wurstbrot/dsomm:latest ## Activity Definitions The definition of the activities are in the [data-repository](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data). +## Teams and Groups +To customize these teams, you can create your own [meta.yaml](src/assets/meta.yaml) file with your unique team definitions. + +Assessments within the framework can be based on either a team or a specific application, which can be referred to as the context. Depending on how you define the context or teams, you may want to group them together. + +Here are a couple of examples to illustrate this, in breakers the DSOMM word: +- Multiple applications (teams) can belong to a single overarching team (application). +- Multiple teams (teams) can belong to a larger department (group). + +Feel free to create your own [meta.yaml](src/assets/meta.yaml) file to tailor the framework to your specific needs and mount it in your environment (e.g. kubernetes or docker). +Here is an example to start docker with customized meta.yaml: +``` +# Customized meta.yaml +cp src/assets/YAML/meta.yaml . +docker run -v $(pwd)meta.yaml:/usr/share/nginx/html/assets/YAML/meta.yaml -p 8080:8080 wurstbrot/dsomm + +# Customized meta.yaml and generated.yaml +cp src/assets/YAML/meta.yaml . +cp $(pwd)/src/assets/YAML/generated/generated.yaml . +docker run -v $(pwd)/meta.yaml:/usr/share/nginx/html/assets/YAML/meta.yaml -v $(pwd)/generated.yaml:/usr/share/nginx/html/assets/YAML/generated/generated.yaml -p 8080:8080 wurstbrot/dsomm +``` # Credits * The dimension _Test and Verification_ is based on Christian Schneiders [Security DevOps Maturity Model (SDOMM)](https://www.christian-schneider.net/SecurityDevOpsMaturityModel.html). _Application tests_ and _Infrastructure tests_ are added by Timo Pagel. Also, the sub-dimension _Static depth_ has been evaluated by security experts at [OWASP Stammtisch Hamburg](https://www.owasp.org/index.php/OWASP_German_Chapter_Stammtisch_Initiative/Hamburg).