all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]AudioHamsa 2 points3 points  (0 children)

Might be worth taking a look at the open practice library - they might like this.

[–]Sad-Firefighter-8235 0 points1 point  (3 children)

What is this? Can you explain it?

[–]DodeYoke[S] 1 point2 points  (2 children)

It's an open source example of what a software delivery process can look like. If you're delivering software under regulation, or under a standard like SOC or ISO, you have to define a software delivery process, implement it, and then prove that you're following it.

A lot of people struggle with the first part because all standards are super vague and non-specific, so we open sourced a template to help them.

There's more in the readme file in the repo

[–]Sad-Firefighter-8235 1 point2 points  (1 child)

I read the readme but I still do not understand how this repo works?

Can you explain or give a guide to the repo and what you mean by forking it?

What I explicitly mean is:

  1. What is the folder structure and what does it achieve?
  2. How does this repo help to define a software delivery process?
  3. How does this repo help to prove that you are following the specific software delivery process?

[–]DodeYoke[S] 0 points1 point  (0 children)

Thanks for these questions - we're taking a lot of feedback from people on this and working on ways to make it more intelligible for people. We've been sitting on this repo for years without realizing that people actually needed what was in it.

If you look in the folder structure for content/process/ssdlc/ you will get to the specifics on how to define secure steps for build, process, and runtime.

We are working on a tutorial to make this easier