Updated Install and Readme docs and Usage and About Us pages #468
Conversation
… the Docker instance
This reverts commit dd0aebb.
|
|
||
| [](https://pagel.pro) | ||
|
|
||
| [](https://apiiro.com/) |
There was a problem hiding this comment.
OWASP sponsors in the past donated money to a project with the benefit of getting listed. I am not sure at which time we are allowed to remove them. Therefore, they need to stay.
Heroku sponsored hosting once, now I am paying from my own money, so they can be removed.
|
To remind myself how the html will look like in the application: |
wurstbrot
left a comment
wurstbrot
left a comment
There was a problem hiding this comment.
Hi @johnnyrenaissance ,
thank you for your valuable contributions.
Please let us know how you want to continue (e.g. you perform changes or we merge and I adjust).
I think we should remove duplicated content. As said, you can do that now or I do it afterwards.
| - How do we systematically improve security without slowing delivery? | ||
|
|
||
| To do that, you need to install your own local DSOMM application. | ||
| The model focuses on **concrete, technical activities** that integrate security directly into DevOps workflows such as CI/CD pipelines, containerization, infrastructure provisioning, and testing. |
There was a problem hiding this comment.
From my point of view DSOMM also offers process related activities like threat modeling. That could be mentioned in a sentence afterwards.
| - Written primarily by security specialists for security programs | ||
| - Takes a broad, organization-wide perspective | ||
|
|
||
| **DSOMM**: |
| **DSOMM**: | ||
| - Focuses on embedding security directly into DevOps workflows | ||
| - Operates lower in the technical stack (pipelines, containers, tooling) | ||
| - Provides concrete implementation guidance for engineering teams |
There was a problem hiding this comment.
- Provides overviews to guide technical management decisions
|
|
||
| For organizations that require evidence (e.g., for CISOs or auditors), DSOMM supports attaching evidence directly in YAML files. | ||
|
|
||
| Evidence is defined in `generated.yaml` or `team-progress.yaml` files using the `teamsEvidence` attribute. Markdown is supported, and multi-line evidence can be provided using YAML block syntax. |
There was a problem hiding this comment.
we do not need to support old versions.
generated.yaml can be removed. correct @vbakke ?
| @@ -1,103 +1,391 @@ | |||
| # Install DSOMM | |||
There was a problem hiding this comment.
we do not need to keep redundant parts.
E.g. Running DSOMM as a Docker Container (Recommended) or the SAMM overview
2 participants
This change includes updates to the GitHub Install.md and Readme.md docs for updated usage as well as reformating so the information isn't in a single long page.
Also updated the About Us and Usage pages in the DSOMM app to be consistent with latest usage information. Seperated the usage and install instructions from the About Us page and kept them solely in the Usage page.