Skip to content

OWASP SAMM Secure Build Software Dependencies #181

New issue
New issue
Open
Open
OWASP SAMM Secure Build Software Dependencies#181
@wurstbrot

Description

@wurstbrot
wurstbrot
opened on Sep 14, 2025

DSOMM:

  • DSOMM Level 1: Inventory of production components
  • DSOMM Level 2: Inventory of production artifacts
  • DSOMM Level 3/SAMM Level 1: Inventory of production dependencies

I am struggling to integrate an inventory of production dependencies, so I added an inventory of production components (e.g. a list of apps) and artifacts (e.g. list of microservices) beforehand to DSOMM.

I propose the same for SAMM. A list of applications on level 1 and the content of level 1 with dependencies to level 2. Will be happy to draft a PR if you welcome this big change.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions