Skip to content

Home

Jump to bottom
Albert Tregnaghi edited this page Oct 2, 2020 · 7 revisions

About

Here we got some additional information outside code.

Aim of this project

Provide good agile security threat modeling and software architecture with least effort

Agile security

Easy setup in development

Developers shall easily integrate a sttk-${major.minor.hotfix}.jar inside their sources (e.g. in a own gradle subproject), design and maintain their setup here when developing new features etc.

How security should go on in agile way

  • Developers add STTK jar to sub project and design their system by fluent API in a JVM language as code
    see Example model 1
  • Build server uses STTK generators to generate asciidoc and plantuml files on build
    see Generate example 1
  • Build server creates documentation and diagrams via asciidoc tools like https://asciidoctor.github.io/asciidoctor-gradle-plugin/
  • So developer got always a up-to-date documentation of
    • architecural overview
    • threatmodel
  • Security experts/architects do not longer need to write documents from scratch, but discuss with developers changes by output of the STTK generators.
  • Changes/additons are done by developers and or security experts directly in code, so history changes are easy to track by SCMs like GIT
  • Documentation is always up-to-date and easy to maintain
Clone this wiki locally