Start refactoring

Author: ioggstream

data-new/BuildAndDeployment/Sub-Dimensions.yaml

@@ -30,13 +30,15 @@ Build:
       time: 2
       resources: 2
     usefulness: 2
+    level: 2
     implementation:
     - Container technologies and orchestration like Docker, Kubernetes
     - *ci-cd
-    level: 2
-    samm2: i-secure-build|A|2
-    iso27001-2017:
-    - 14.2.6
+    references:
+      samm2:
+      - i-secure-build|A|2
+      iso27001-2017:
+      - 14.2.6
   Defined build process:
     risk:
     - Performing builds without a defined process is error prone; for example, as

data/strings.yml

@@ -4,6 +4,18 @@
 #
 strings:
   en: &en
+    references:
+      samm:
+        label: OWASP SAMM (Software Assurance Maturity Model)
+        description: |-
+          Software Assurance Maturity Model
+          The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate
+          and implement a strategy for software security that is tailored
+          to the specific risks facing the organization.
+      samm2:
+        label: OWASP SAMM VERSION 2
+        description: |-
+          https://owaspsamm.org/blog/2020/01/31/samm2-release/
     labels: ["Very Low", "Low", "Medium", "High", "Very High"]
     hardness: ["Very soft", "Soft", "Medium", "High", "Very high"]
     maturity_levels: ["Level 1: Basic understanding of security practices" ,

detail.php

@@ -78,6 +78,9 @@ function printDetail($dimension, $subdimension, $activityName, $dimensions, $rep
         $comment = $element['comment'];
         echo "<div><b>Comments:</b> $comment</div>";
     }
+
+    printReferences($element);
+
     if (array_key_exists("samm", $element) && !empty($element['samm'])) {
     	$samm = $element['samm'];
     	echo "<div><b>OWASP SAMM 1 Mapping:</b> $samm</div>";
@@ -97,4 +100,20 @@ function printDetail($dimension, $subdimension, $activityName, $dimensions, $rep
     }
 }
 
+function printReferences($element) {
+    if (!array_key_exists("references", $element)) {
+        return;
+    }
+    $actionLabels = readYaml("data/strings.yml#/actionLabels");
+    $referenceLabels = readYaml("data/strings.yml#/strings/en/references");
+
+    $references = $element['references'];
+    foreach ($references as $r => $values) {
+        $label = $referenceLabels[$r]['label'] ? $referenceLabels[$r]['label'] : $r ;
+        echo "<div><h3>$label</h3></div>";
+        echo "<ul><li>".  implode("</li><li>", $values) ."</li></ul>";
+    }
+    
+
+}
 printDetail($dimension, $subdimension, $activityName, $dimensions);