Home
Browse frameworks
Contact us
SAMMY premium
Login
SAMMY UI is optimized for resolutions with a width 1024px and higher.
DSOMM
Browse DSOMM
SAMM
DRP (Deprecated)
OpenSAMM1.5 (testing only)
ISO 27001 (Deprecated)
Cybersecurity Fundamentals
NIST CSF 2.0
NIST SSDF
NIST 800-34
DSOMM
BSIMM 14
Build and Deployment
Build
Deployment
Patch Management
Culture and Organization
Design
Education and Guidance
Process
Implementation
Application Hardening
Development and Source Code Control
Infrastructure Hardening
Information Gathering
Logging
Monitoring
Test and Verification
Application Tests
Consolidation
Dynamic Depth For Applications
Dynamic Depth For Infrastructure
Static Depth for Applications
Static Depth for Infrastructure
Test Intensity
API design validation
Software Composition Analysis (server side)
Test for Time to Patch
Test libyear
Local development security checks performed
Software Composition Analysis (client side)
Static analysis for important client side components
Static analysis for important server side components
Test for Patch Deployment Time
Static analysis for all self written components
Usage of multiple analyzers
Dead code elimination
Exclusion of source code duplicates
Static analysis for all components/libraries
Stylistic analysis
API design validation
I-SC-3-1: API design validation
Design contract-first APIs using an interface description language such as OpenAPI, AsyncAPI or SOAP and validate the specification using specific tools. Checks should be integrated in IDEs and CI/CD pipelines.
Not implemented
Partially implemented
Half implemented
Fully implemented