PO.3.1: Specify which tools or tool types must or should be included in each toolchain to mitigate identified risks, as well as how the toolchain components are to be integrated with each other.
Example 1: Define categories of toolchains, and specify the mandatory tools or tool types to be used for each category.
Example 2: Identify security tools to integrate into the developer toolchain.
Example 3: Define what information is to be passed between tools and what data formats are to be used.
Example 4: Evaluate tools’ signing capabilities to create immutable records/logs for auditability within the toolchain.
Example 5: Use automated technology for toolchain management and orchestration.
Description
Specify which tools or tool types must or should be included in each toolchain to mitigate identified risks, as well as how the toolchain components are to be integrated with each other.