-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Albert Tregnaghi edited this page Oct 2, 2020
·
7 revisions
Here we got some additional information outside code.
Provide good agile security threat modeling and software architecture with least effort
Developers shall easily integrate a sttk-${major.minor.hotfix}.jar inside their sources (e.g. in a own gradle subproject), design and maintain their setup here when developing new features etc.
- Developers add STTK jar to sub project and design their system by fluent API in a JVM language as code
see Example model 1 - Build server uses STTK generators to generate asciidoc and plantuml files on build
see Generate example 1 - Build server creates documentation and diagrams via asciidoc tools like https://asciidoctor.github.io/asciidoctor-gradle-plugin/
- So developer got always a up-to-date documentation of
- architecural overview
- threatmodel
- Security experts/architects do not longer need to write documents from scratch, but discuss with developers changes by output of the STTK generators.
- Changes/additons are done by developers and or security experts directly in code, so history changes are easy to track by SCMs like GIT
- Documentation is always up-to-date and easy to maintain