Updated Install and Readme docs and Usage and About Us pages #468
Conversation
… the Docker instance
This reverts commit dd0aebb.
|
|
||
| [](https://pagel.pro) | ||
|
|
||
| [](https://apiiro.com/) |
There was a problem hiding this comment.
OWASP sponsors in the past donated money to a project with the benefit of getting listed. I am not sure at which time we are allowed to remove them. Therefore, they need to stay.
Heroku sponsored hosting once, now I am paying from my own money, so they can be removed.
There was a problem hiding this comment.
Could we make a separate page for Supporters, and how to become a supporter, @wurstbrot?
(Such as https://owaspsamm.org/supporters/ and https://owaspsamm.org/sponsor/?)
EDIT: Nah. Thinking about it, I think they are better left under About us/README (as they were)
|
To remind myself how the html will look like in the application: |
wurstbrot
left a comment
wurstbrot
left a comment
There was a problem hiding this comment.
Hi @johnnyrenaissance ,
thank you for your valuable contributions.
Please let us know how you want to continue (e.g. you perform changes or we merge and I adjust).
I think we should remove duplicated content. As said, you can do that now or I do it afterwards.
| - How do we systematically improve security without slowing delivery? | ||
|
|
||
| To do that, you need to install your own local DSOMM application. | ||
| The model focuses on **concrete, technical activities** that integrate security directly into DevOps workflows such as CI/CD pipelines, containerization, infrastructure provisioning, and testing. |
There was a problem hiding this comment.
From my point of view DSOMM also offers process related activities like threat modeling. That could be mentioned in a sentence afterwards.
| - Written primarily by security specialists for security programs | ||
| - Takes a broad, organization-wide perspective | ||
|
|
||
| **DSOMM**: |
| **DSOMM**: | ||
| - Focuses on embedding security directly into DevOps workflows | ||
| - Operates lower in the technical stack (pipelines, containers, tooling) | ||
| - Provides concrete implementation guidance for engineering teams |
There was a problem hiding this comment.
- Provides overviews to guide technical management decisions
|
|
||
| For organizations that require evidence (e.g., for CISOs or auditors), DSOMM supports attaching evidence directly in YAML files. | ||
|
|
||
| Evidence is defined in `generated.yaml` or `team-progress.yaml` files using the `teamsEvidence` attribute. Markdown is supported, and multi-line evidence can be provided using YAML block syntax. |
There was a problem hiding this comment.
we do not need to support old versions.
generated.yaml can be removed. correct @vbakke ?
There was a problem hiding this comment.
I agree. We don't ned to support generated.yaml anymore. But we don't have a good solution for the evidence in v4 yet. I was three days delayed back from Amsterdam at New Years, so I've been flat out trying to catch up.
| @@ -1,103 +1,391 @@ | |||
| # Install DSOMM | |||
There was a problem hiding this comment.
we do not need to keep redundant parts.
E.g. Running DSOMM as a Docker Container (Recommended) or the SAMM overview
vbakke
left a comment
vbakke
left a comment
There was a problem hiding this comment.
Thank you @johnnyrenaissance! Here are some comments. But as you may have ben notified about, I have also started a top level discussion in the slack channel #dsomm.
I think if we can land the top level first, then it will be easer to move some of the information to the right place afterwards.
|
|
||
| [](https://pagel.pro) | ||
|
|
||
| [](https://apiiro.com/) |
There was a problem hiding this comment.
Could we make a separate page for Supporters, and how to become a supporter, @wurstbrot?
(Such as https://owaspsamm.org/supporters/ and https://owaspsamm.org/sponsor/?)
EDIT: Nah. Thinking about it, I think they are better left under About us/README (as they were)
| --- | ||
|
|
||
| ### Evidence and Team-Specific Implementation | ||
|
|
There was a problem hiding this comment.
I think we should remove the evidence part, until we land how we are going to do the evidence part.
| @@ -1,63 +1,417 @@ | |||
| # DSOMM - DevSecOps Maturity Model | |||
| <details> | |||
There was a problem hiding this comment.
I really like that you have hidden all the content under expandable headings. It makes the total page look much less daunting. And easier to navigate.
But I suggest we lean the first section open, so the page is not just a list of headings:
<details> → <details open>
(And then we tailor this first section to suit the newcomers that have never seen this web site before.)
|
|
||
| ## DSOMM vs OWASP SAMM | ||
| [DSOMM](https://dsomm.owasp.org/) and [OWASP SAMM](https://owaspsamm.org/) are both frameworks that share a common goal of improving security. | ||
| DSOMM is an open project of the **OWASP Foundation**, developed to provide practical, implementation-focused guidance for modern DevOps environments. |
There was a problem hiding this comment.
With the new structure, I think we can move this sentence to the About us. And rather say a few brief sentences about using the DSOMM website.
Target audience: newcomers that have never seen this web site before.
And when we present it like this, I think we should have one very short paragraph in the section describing how to use DSOMM. For the first entry user, that has never seen the web site before.
Some ideas to the content of that paragraph.
DSOMM is organized in maturity levels. If you are new to DSOMM, start with familiarize yourself with the activities at level 1, which is in the inner circle. Play with the teams to group your applications or your people in a size that makes it easy to manage. When starting out it might be better to have fewer, rather than many and smaller, teams.
| ## DSOMM vs OWASP SAMM | ||
| [DSOMM](https://dsomm.owasp.org/) and [OWASP SAMM](https://owaspsamm.org/) are both frameworks that share a common goal of improving security. | ||
| DSOMM is an open project of the **OWASP Foundation**, developed to provide practical, implementation-focused guidance for modern DevOps environments. | ||
|
|
There was a problem hiding this comment.
I think we should add a wee note about data storage here in the initial section.
NB! The DSOMM website does not have a database and stores your changes in your local browser. To share your data, you need to run your own instance, and upload the files containing your teams and your progress.
| @@ -1,103 +1,391 @@ | |||
| # Install DSOMM | |||
| The DSOMM application is frontend only. Data is only stored in server side YAML files, and in the localStorage im the user's browser. | |||
| <details> | |||
There was a problem hiding this comment.
The INSTALL.md is currently not shown as a webpage, thus making summary makes less sense. (Unless we move it to /assets/ of course. : )
3 participants
This change includes updates to the GitHub Install.md and Readme.md docs for updated usage as well as reformating so the information isn't in a single long page.
Also updated the About Us and Usage pages in the DSOMM app to be consistent with latest usage information. Seperated the usage and install instructions from the About Us page and kept them solely in the Usage page.