Skip to content

sjultra/sammwise

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

135 Commits

.github/workflows

.github/workflows

 
 

comps

comps

 
 

docker

docker

 
 

helm

helm

 
 

pages

pages

 
 

public

public

 
 

styles

styles

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

azure-pipelines.yml

azure-pipelines.yml

 
 

docker-compose.yml

docker-compose.yml

 
 

next.config.js

next.config.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

server.js

server.js

 
 

Repository files navigation

SAMMwise

Introduction

The mission of OWASP Software Assurance Maturity Model (SAMM) is to be the prime maturity model for software assurance that provides an effective and measurable way for all types of organizations to analyze and improve their software security posture. OWASP SAMM supports the complete software lifecycle, including development and acquisition, and is technology and process agnostic. It is intentionally built to be evolutive and risk-driven in nature.

SAMMwise is an open source Web App to calculate the Maturity score of an individual, enterprise, or project using the SAMM model. The application walks you through the assessment, allows you to save and re-use previously completed assessments, and presents the results in a similar style to the spreadsheet.

Getting Started

The quickest way to get up and running is to pull down the image from dockerhub using the following commands:
docker pull stephenmorgan/owasp-sammwise
docker run -p 3000:3000 stephenmorgan/owasp-sammwise

Refer to the Build Options section below for how to build and run the application.

Both the docker and npm options will run the application on port 3000. The application can be accessed by navigation to http://localhost:3000 in your browser.

Survey

The survey page (/survey) allows for users to perform an assessment. A SAMM survey rating your given project or enterprise against five domains: Governance, Design, Implementation, Verification, and Operations. Each domain consists of three subdomains which themselves consist of six questions. (TODO:) Further information about each question or domain can be viewed by hovering over the informational icons.

There is an optional sixth survey panel where you can enter project metadata that will be included in the results page.

Please refer to the OWASP Foundation documentation for guidance on the use of Software Assurance Maturity Model.

Report

Upon completion of a survey, you will be redirected to the report page and presented with the results of the survey.

It is possible to save the results of your survey, the bottom of the results page allows you to save the results to the browsers local storage, or download a copy of the json to your device. This latter option allows for the offline sharing of results.

Changes to re-uploaded results will be visualised in the report graphs.

Build Options

Docker Compose (Recommended)

Use the included docker-compose.yml file to quickly get up and running. Requires docker and docker-compose on the source system.

docker-compose up

Node

Requires npm 10.3 or higher to run. First pull down the required dependencies

npm install

Then run the following depending on your use case:

npm run dev (developer mode)

OR

npm run build

npm run start

Contribute

Please submit a Pull Request for bug fixes and feature enhancements.

About

NextJS-based single-page application for completing and reviewing SAMM assessments

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages 1

 

Languages

  • JavaScript 95.4%
  • CSS 3.9%
  • Dockerfile 0.7%