The Samm Self Assessment tool is an implementation of the OpenSAMM (www.opensamm.org) process wrapped together into a little Rails application. Its aim is to simplify the measurement of your organisation against OpenSAMM, and to assist in the construction of a roadmap, and subsequent tracking of progress down that roadmap.
Well, simply put, we think that OpenSAMM is a great process to help organisations measure the maturity of security within their software development lifecycle. Plus, we wanted something lightweight that could be stood up on a standalone desktop (with Rails), or even hosted on the Internet (Heroku/EC2/etc)
Without this measurement trying to improve the state of security within your software development lifecycle is going to be difficult. As they say: You can’t manage what you can’t measure.
(This is a fairly standard Rails app, so, these instructions are somewhat generic)
$ git clone https://github.com/AsteriskLabs/ssa.git
3. Change into the ssa directory (RVM may warn if you want to trust the rvmrc file, this sets a new gemset for ‘ssa’)
$ cd ssa
$ bundle
$ cp config/database.yml.example config/database.yml
$ rake db:migrate
$ vi config/initializers/secret_token.rb
Ssa::Application.config.secret_token = "<RANDOM TOKEN>"
$ rake secret
10. By default, registering a new account will require email validation, so update ‘config/initializers/mail.rb’ with appropriate settings.
12. If you don’t want users to have to validate their emails, update ‘app/models/user.rb’ and remove the ‘:confirmable’ option.
$ rails s