Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
app
 
 
 
 
db
 
 
doc
 
 
lib
 
 
log
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

SAMM Self Assessment

So what is the Samm Self Assessment tool?

The Samm Self Assessment tool is an implementation of the OpenSAMM (www.opensamm.org) process wrapped together into a little Rails application. Its aim is to simplify the measurement of your organisation against OpenSAMM, and to assist in the construction of a roadmap, and subsequent tracking of progress down that roadmap.

Why would you build this?

Well, simply put, we think that OpenSAMM is a great process to help organisations measure the maturity of security within their software development lifecycle. Plus, we wanted something lightweight that could be stood up on a standalone desktop (with Rails), or even hosted on the Internet (Heroku/EC2/etc)

Okay, so why would I measure software security maturity?

Without this measurement trying to improve the state of security within your software development lifecycle is going to be difficult. As they say: You can't manage what you can't measure.

Install Instructions

(This is a fairly standard Rails app, so, these instructions are somewhat generic)

1. Install Ruby 1.9.3 (I use RVM - rvm.io/)

2. Clone this repo:

$ git clone https://github.com/AsteriskLabs/ssa.git

3. Change into the ssa directory (RVM may warn if you want to trust the rvmrc file, this sets a new gemset for 'ssa')

$ cd ssa

4. Install dependencies with bundler, if you don't have bundler 'gem install bundler' it

$ bundle

5. Copy the example DB config file (and edit it if you wish)

$ cp config/database.yml.example config/database.yml

6. Run the database migrations

$ rake db:migrate

7. Create the secret_token.rb file in 'config/initializers'

$ vi config/initializers/secret_token.rb

8. Enter the following into the file

Ssa::Application.config.secret_token = "<RANDOM TOKEN>"

9. Rake can be used to generate a random value for you if you wish

$ rake secret

10. By default, registering a new account will require email validation, so update 'config/initializers/mail.rb' with appropriate settings.

11. Update 'config/initializers/devise.rb' with an appropriate 'from' email address

12. If you don't want users to have to validate their emails, update 'app/models/user.rb' and remove the ':confirmable' option.

13. Start up the local server

$ rails s

Thanks and things we couldn't have built this without

About

SAMM Self Assessment

Resources

License

Releases

No releases published

Packages

No packages published