Skip to content

yeolde/ssa

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

113 Commits
app
app
 
 
config
config
 
 
db
db
 
 
doc
doc
 
 
lib
lib
 
 
log
log
 
 
public
public
 
 
script
script
 
 
test
test
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
.rvmrc
.rvmrc
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
LICENSE.txt
LICENSE.txt
 
 
README.rdoc
README.rdoc
 
 
Rakefile
Rakefile
 
 
config.ru
config.ru
 
 

Repository files navigation

SAMM Self Assessment

So what is the Samm Self Assessment tool?

The Samm Self Assessment tool is an implementation of the OpenSAMM (www.opensamm.org) process wrapped together into a little Rails application. Its aim is to simplify the measurement of your organisation against OpenSAMM, and to assist in the construction of a roadmap, and subsequent tracking of progress down that roadmap.

Why would you build this?

Well, simply put, we think that OpenSAMM is a great process to help organisations measure the maturity of security within their software development lifecycle. Plus, we wanted something lightweight that could be stood up on a standalone desktop (with Rails), or even hosted on the Internet (Heroku/EC2/etc)

Okay, so why would I measure software security maturity?

Without this measurement trying to improve the state of security within your software development lifecycle is going to be difficult. As they say: You can’t manage what you can’t measure.

Install Instructions

(This is a fairly standard Rails app, so, these instructions are somewhat generic)

1. Install Ruby 1.9.3 (I use RVM - rvm.io/)

2. Clone this repo: 

$ git clone https://github.com/AsteriskLabs/ssa.git

3. Change into the ssa directory (RVM may warn if you want to trust the rvmrc file, this sets a new gemset for ‘ssa’) 

$ cd ssa

4. Install dependencies with bundler, if you don’t have bundler ‘gem install bundler’ it 

$ bundle

5. Copy the example DB config file (and edit it if you wish) 

$ cp config/database.yml.example config/database.yml

6. Run the database migrations 

$ rake db:migrate

7. Create the secret_token.rb file in ‘config/initializers’ 

$ vi config/initializers/secret_token.rb

8. Enter the following into the file 

Ssa::Application.config.secret_token = "<RANDOM TOKEN>"

9. Rake can be used to generate a random value for you if you wish 

$ rake secret

10. By default, registering a new account will require email validation, so update ‘config/initializers/mail.rb’ with appropriate settings.

11. Update ‘config/initializers/devise.rb’ with an appropriate ‘from’ email address

12. If you don’t want users to have to validate their emails, update ‘app/models/user.rb’ and remove the ‘:confirmable’ option.

13. Start up the local server 

$ rails s

Thanks and things we couldn’t have built this without

About

SAMM Self Assessment

asterisklabs.github.io

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published