Merge pull request #10 from devsecopsmaturitymodel/feat/setup

Feat/setup

.gitignore

@@ -0,0 +1,2 @@
+target
+.idea

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,2 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar

README.md

@@ -1,3 +1,15 @@
 # Metric Analyzer
 
-tbd
+## Local Installation and Deployment
+
+### Build and execute with Maven
+
+```bash
+mvn spring-boot:run -Dspring-boot.run.arguments="--metricCA.configuration.yaml-path=/home/XXX/git/metricAnalyzer/definitions/configuration.yaml,metricCA.application.yaml-path=/home/XXX/git/metricAnalyzer/definitions/App1.yaml"
+```
+
+### Add to Docker 
+```bash
+docker build -t <registry-name>/<docker-name>:<tag> .
+docker push <registry-name>/<docker-name>:<tag>
+```

analyzer.iml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module version="4">
+  <component name="FacetManager">
+    <facet type="hibernate" name="Hibernate">
+      <configuration>
+        <datasource-map />
+        <naming-strategy-map />
+        <deploymentDescriptor name="hibernate.cfg.xml" url="file://$MODULE_DIR$/src/main/resources/hibernate.cfg.xml" />
+      </configuration>
+    </facet>
+  </component>
+</module>

definitions/App1.yaml

@@ -0,0 +1,25 @@
+applicationId: 5
+team: superhero
+
+activities:
+  # Plan
+  conduction of simple threat modeling on a technical level:
+    - title: Feature Y
+      conduction date: 2023-10-01
+      link: # Maybe some teams would like the option for multiple links, e.g. to a used threat library
+        - title: Documentation of new Feature Y
+          url: https://link-for-example-in-confluencex
+    - title: Feature X
+      conduction date: 2023-11-01
+      link: # Maybe some teams would like the option for multiple links, e.g. to a used threat library
+        - title: Documentation of new Feature X
+          url: https://link-for-example-in-confluence
+  #      finding handling: do we want finding handling confirmation?
+  #        security_team_confirmation:
+  #          - confirmed by: Max Mustermann
+  #            confirmed date: 2023-10-09
+
+  data privacy requirements:
+    - read date: 2023-10-01
+    - read date: 2023-11-01
+    - read date: 2023-12-01

definitions/configuration.yaml

@@ -0,0 +1,23 @@
+conduction of simple threat modeling on a technical level:
+  components:
+    - title: string
+      conduction date: date
+      link:
+        - title: string
+          url: string
+  level: Level 2
+  # treshold:
+    # target: "[].conduction date"
+    # timeframe: "year"
+    # count: 1
+  # TODO: threshold
+
+data privacy requirements:
+  components:
+    - read date: date
+  level: Level 1
+  # treshold:
+    # target: "[].date"
+    # timeframe: "year"
+    # count: 1
+  # TODO: threshold

docker-compose.yaml

@@ -0,0 +1,15 @@
+version: '3.8'
+services:
+  grafana:
+    container_name: grafana
+    image: grafana/grafana:latest
+    user: "0:0"
+      #    environment:
+    restart: unless-stopped
+    ports:
+      - 3111:3000
+    volumes:
+      - grafana:/var/lib/grafana
+volumes:
+  grafana:
+    driver: local