The Samm Self Assessment tool is an implementation of the OpenSAMM (www.opensamm.org) process wrapped together into a little Rails application. Its aim is to simplify the measurement of your organisation against OpenSAMM, and to assist in the construction of a roadmap, and subsequent tracking of progress down that roadmap.
Well, simply put, we think that OpenSAMM is a great process to help organisations measure the maturity of security within their software development lifecycle. Plus, we wanted something lightweight that could be stood up on a standalone desktop (with Rails), or even hosted on the Internet (Heroku/EC2/etc)
Without this measurement trying to improve the state of security within your software development lifecycle is going to be difficult. As they say: You can’t manage what you can’t measure.
(This is a fairly standard Rails app, so, these instructions are somewhat generic)
$ git clone https://github.com/AsteriskLabs/ssa.git
$ cd ssa
$ cp config/database.yml.example config/database.yml
$ rake db:migrate
$ vi config/initializers/secret_token.rb
Ssa::Application.config.secret_token = "<RANDOM TOKEN>"
$ rake secret
$ rails s