owaspsammowaspsamm
79

Sammwise

screenshot of Sammwise
nextjs
react

NextJS-based single-page application for completing and reviewing SAMM assessments

Github

Overview

The OWASP Software Assurance Maturity Model (SAMM) is an essential tool designed to help organizations assess and improve their software security practices. It provides a comprehensive framework that accommodates the entire software lifecycle, from development to acquisition, making it an invaluable resource for a variety of enterprises. SAMMwise is an open-source web application built on this model, offering a user-friendly interface to calculate maturity scores for projects, enterprises, or individuals, effectively helping them gauge their software security posture.

What makes SAMMwise exciting is its flexibility and process-agnostic nature. It not only walks users through an interactive assessment but also allows them to save, reuse, and share results easily. Whether you are a developer looking to enhance your project’s security or an organization aiming for a robust software assurance strategy, SAMMwise can facilitate those objectives seamlessly.

Features

  • Easy Setup: Quickly deploy SAMMwise using Docker with straightforward commands to get up and running, saving time in implementation.

  • Comprehensive Assessment: Conduct surveys across five critical domains: Governance, Design, Implementation, Verification, and Operations, making it easy to identify areas needing improvement.

  • User-Friendly Interface: The application guides users through the assessment process, ensuring a smooth experience for both technical and non-technical users.

  • Store and Share Results: Save assessment results into your browser's local storage or download them as JSON files for offline sharing and future reference.

  • Visualization of Changes: Re-uploaded results are displayed graphically in the report, offering clear insights into progress and changes over time.

  • Project Metadata Entry: Optionally include project metadata in the assessment results, adding meaningful context to the gathered data.

  • Community Driven: The open-source nature encourages user contributions, with a dedicated path for submitting bug fixes and feature enhancements.

nextjs
Next.js

Next.js is a React-based web framework that enables server-side rendering, static site generation, and other powerful features for building modern web applications.

react
React

React is a widely used JavaScript library for building user interfaces and single-page applications. It follows a component-based architecture and uses a virtual DOM to efficiently update and render UI components