Skip to content

Commit 7428864

Browse files
wurstbrotwurstbrot
authored
🤖 fmt
1 parent 4ecac41 commit 7428864

File tree

3 files changed

+8446
-0
lines changed

3 files changed

+8446
-0
lines changed

‎CHANGELOG.md‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
1+
## [1.23.1](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/compare/v1.23.0...v1.23.1) (2025-12-15)
2+
3+
4+
### Bug Fixes
5+
6+
* use correct GitHub repository context in workflow ([7493262](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/commit/74932622e77448f48e5b17f1ffdb8cc312286e59))
7+
18
# [1.23.0](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/compare/v1.22.0...v1.23.0) (2025-12-15)
29

310

‎generated/dependency-tree.md‎

Lines changed: 270 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,270 @@
1+
## DSOMM Activity Dependencies
2+
3+
The activities in this DSOMM Model have the following dependencies.
4+
5+
```mermaid
6+
graph LR
7+
8+
0(L2 Pinning of artifacts)
9+
1(L1 Defined build process)
10+
2(L2 SBOM of components)
11+
3(L3 Signing of code)
12+
4(L5 Signing of artifacts)
13+
5(L1 Defined deployment process)
14+
6(L1 Inventory of production components)
15+
7(L2 Inventory of production artifacts)
16+
8(L3 Handover of confidential parameters)
17+
9(L2 Environment depending configuration parameters secrets)
18+
10(L3 Inventory of production dependencies)
19+
11(L3 Rolling update on deployment)
20+
12(L4 Same artifact for environments)
21+
13(L4 Usage of feature toggles)
22+
14(L5 Blue/Green Deployment)
23+
15(L4 Smoke Test)
24+
16(L2 Automated merge of automated PRs)
25+
17(L1 Automated PRs for patches)
26+
18(L3 Automated deployment of automated PRs)
27+
19(L3 Creation of simple abuse stories)
28+
20(L1 Conduction of simple threat modeling on technical level)
29+
21(L3 Creation of threat modeling processes and standards)
30+
22(L4 Conduction of advanced threat modeling)
31+
23(L5 Creation of advanced abuse stories)
32+
24(L2 Regular security training of security champions)
33+
25(L2 Each team has a security champion)
34+
26(L2 Determining the protection requirement)
35+
27(L2 App. Hardening Level 1)
36+
28(L1 App. Hardening Level 1 50%)
37+
29(L3 App. Hardening Level 2 75%)
38+
30(L4 App. Hardening Level 2)
39+
31(L5 App. Hardening Level 3)
40+
32(L1 Versioning)
41+
33(L3 Block force pushes)
42+
34(L2 Require a PR before merging)
43+
35(L3 Dismiss stale PR approvals)
44+
36(L3 Require status checks to pass)
45+
37(L1 Simple access control for systems)
46+
38(L2 Backup)
47+
39(L2 MFA)
48+
40(L1 MFA for admins)
49+
41(L2 Usage of test and production environments)
50+
42(L2 Virtual environments are limited)
51+
43(L2 Applications are running in virtualized environments)
52+
44(L3 Immutable infrastructure)
53+
45(L3 Infrastructure as Code)
54+
46(L3 Limitation of system events)
55+
47(L3 Audit of system events)
56+
48(L3 Role based authentication and authorization)
57+
49(L3 Usage of security by default for components)
58+
50(L3 WAF baseline)
59+
51(L1 Context-aware output encoding)
60+
52(L4 Production near environments are used by developers)
61+
53(L4 WAF medium)
62+
54(L5 WAF Advanced)
63+
55(L2 Centralized application logging)
64+
56(L2 Alerting)
65+
57(L3 Visualized logging)
66+
58(L1 Centralized system logging)
67+
59(L5 Correlation of security events)
68+
60(L2 Visualized metrics)
69+
61(L2 Monitoring of costs)
70+
62(L1 Simple application metrics)
71+
63(L1 Simple system metrics)
72+
64(L3 Advanced availability and stability metrics)
73+
65(L3 Deactivation of unused metrics)
74+
66(L3 Targeted alerting)
75+
67(L4 Advanced app. metrics)
76+
68(L4 Coverage and control metrics)
77+
69(L4 Defense metrics)
78+
70(L3 Filter outgoing traffic)
79+
71(L4 Screens with metric visualization)
80+
72(L3 Grouping of metrics)
81+
73(L5 Metrics are combined with tests)
82+
74(L2 Patching mean time to resolution via PR)
83+
75(L3 Generation of response statistics)
84+
76(L3 Usage of a vulnerability management system)
85+
77(L4 Patching mean time to resolution via production)
86+
78(L2 Artifact-based false positive treatment)
87+
79(L1 Simple false positive treatment)
88+
80(L3 Fix based on accessibility)
89+
81(L1 Treatment of defects with severity high or higher)
90+
82(L3 Global false positive treatment)
91+
83(L3 Exploit likelihood estimation)
92+
84(L3 Office Hours)
93+
85(L2 Coverage of client side dynamic components)
94+
86(L2 Usage of different roles)
95+
87(L2 Simple Scan)
96+
88(L3 Coverage of hidden endpoints)
97+
89(L3 Coverage of more input vectors)
98+
90(L3 Coverage of sequential operations)
99+
91(L4 Usage of multiple scanners)
100+
92(L5 Coverage of service to service communication)
101+
93(L2 Test for exposed services)
102+
94(L2 Isolated networks for virtual environments)
103+
95(L2 Test network segmentation)
104+
96(L3 Test for unauthorized installation)
105+
97(L2 Evaluation of the trust of used components)
106+
98(L2 Software Composition Analysis server side)
107+
99(L2 Test for Time to Patch)
108+
100(L2 Test libyear)
109+
101(L3 API design validation)
110+
102(L3 Software Composition Analysis client side)
111+
103(L3 Static analysis for important client side components)
112+
104(L3 Static analysis for important server side components)
113+
105(L3 Test for Patch Deployment Time)
114+
106(L4 Static analysis for all self written components)
115+
107(L4 Usage of multiple analyzers)
116+
108(L5 Dead code elimination)
117+
109(L5 Exclusion of source code duplicates)
118+
110(L5 Static analysis for all components/libraries)
119+
111(L4 Correlate known vulnerabilities in infrastructure with new image versions)
120+
112(L2 Usage of a maximum lifetime for images)
121+
113(L4 Test of infrastructure components for known vulnerabilities)
122+
123+
124+
1 --> 0
125+
1 --> 2
126+
1 --> 3
127+
1 --> 4
128+
1 --> 5
129+
1 --> 12
130+
1 --> 48
131+
1 --> 49
132+
1 --> 87
133+
1 --> 98
134+
1 --> 100
135+
1 --> 102
136+
1 --> 103
137+
1 --> 104
138+
1 --> 105
139+
1 --> 108
140+
1 --> 109
141+
0 --> 4
142+
5 --> 6
143+
5 --> 7
144+
5 --> 11
145+
5 --> 32
146+
5 --> 37
147+
5 --> 38
148+
5 --> 41
149+
5 --> 48
150+
5 --> 52
151+
5 --> 15
152+
6 --> 7
153+
6 --> 26
154+
6 --> 80
155+
6 --> 98
156+
6 --> 101
157+
6 --> 102
158+
6 --> 103
159+
6 --> 104
160+
6 --> 106
161+
6 --> 110
162+
9 --> 8
163+
7 --> 10
164+
2 --> 10
165+
12 --> 13
166+
15 --> 14
167+
17 --> 16
168+
17 --> 74
169+
17 --> 77
170+
17 --> 99
171+
17 --> 105
172+
16 --> 18
173+
20 --> 19
174+
20 --> 21
175+
20 --> 22
176+
21 --> 19
177+
21 --> 22
178+
19 --> 23
179+
25 --> 24
180+
25 --> 76
181+
28 --> 27
182+
27 --> 29
183+
29 --> 30
184+
30 --> 31
185+
34 --> 33
186+
34 --> 35
187+
34 --> 36
188+
40 --> 39
189+
43 --> 42
190+
45 --> 44
191+
45 --> 52
192+
47 --> 46
193+
51 --> 50
194+
50 --> 53
195+
53 --> 54
196+
56 --> 55
197+
56 --> 59
198+
56 --> 66
199+
58 --> 57
200+
55 --> 57
201+
57 --> 59
202+
60 --> 56
203+
60 --> 64
204+
60 --> 47
205+
60 --> 65
206+
60 --> 67
207+
60 --> 68
208+
60 --> 69
209+
62 --> 61
210+
62 --> 60
211+
62 --> 64
212+
62 --> 67
213+
63 --> 61
214+
63 --> 60
215+
70 --> 69
216+
72 --> 71
217+
72 --> 73
218+
76 --> 75
219+
76 --> 82
220+
74 --> 77
221+
79 --> 78
222+
81 --> 80
223+
78 --> 82
224+
83 --> 76
225+
83 --> 102
226+
84 --> 76
227+
86 --> 85
228+
86 --> 88
229+
86 --> 89
230+
86 --> 90
231+
86 --> 91
232+
87 --> 86
233+
87 --> 92
234+
94 --> 93
235+
94 --> 95
236+
97 --> 96
237+
98 --> 83
238+
98 --> 107
239+
103 --> 106
240+
103 --> 110
241+
104 --> 106
242+
104 --> 110
243+
102 --> 107
244+
106 --> 107
245+
112 --> 111
246+
112 --> 113
247+
248+
O --> 1
249+
O --> 9
250+
O --> 17
251+
O --> 20
252+
O --> 25
253+
O --> 28
254+
O --> 34
255+
O --> 40
256+
O --> 43
257+
O --> 45
258+
O --> 51
259+
O --> 58
260+
O --> 62
261+
O --> 63
262+
O --> 70
263+
O --> 72
264+
O --> 79
265+
O --> 81
266+
O --> 84
267+
O --> 94
268+
O --> 97
269+
O --> 112
270+
```

0 commit comments

Comments
 (0)