Update meta.yaml #391
Update meta.yaml #391
Conversation
|
Thank you for the PR. @vbakke does this match your team enhancements? |
There was a problem hiding this comment.
Thank you @Whiteends to take your time to suggest improvements to DSOMM.
I might not agree with all your suggestions, but feel free to share your thoughts why you suggested this. I might be missing the background.
| @@ -21,16 +21,16 @@ strings: | |||
| label: ISO 27001:2022 | |||
| description: |- | |||
| ISO 27001:2022 | |||
| labels: ['Very Low', 'Low', 'Medium', 'High', 'Very High'] | |||
| labels: ['Very Low', 'Low', 'Medium', 'High', 'Critical'] | |||
There was a problem hiding this comment.
I agree that ToDo tasks could have a 'Critical' label. But these labels are displayed for 'Time', 'Resources' and 'Usefullness'.
I don't think it makes sense to have 'Critical time' as a label for something that takes a long time. Same for 'Critical resouces'. As for 'Critical usfullness', it makes more sense. But then again, 'Very high usefullness' is also fine, and does not require us to split the lables into several arrays.
| @@ -40,8 +40,8 @@ strings: | |||
| 'Level 5: Advanced deployment of security practices at scale', | |||
| ] | |||
| # Default team | |||
| teams: ['Default', 'B', 'C'] | |||
| teams: ['DevOps', 'Security', 'Applications'] | |||
There was a problem hiding this comment.
This is interesting. I was on a very different planet. This changeis suggesting the each team is different type of team. That can definitely also be the case.
In my head, all teams were development teams. (Or different applications in an organisation.) And I just named them Team A, Team B, Team C and Team D.
Then I was splitting these into the groups:
- Customer related
- Internal focus
- Cloud
- On-premise
Just to illustrate situations where a team/application naturally may have more than one parent.
The teams in the default meta.yaml will only be an initial suggestion, that users can change.
(And @Whiteends, some time this year, we might publish an update where users can manually change the team names in the browser. Feel free to comment and have a sneak peak at https://dsomm.pages.dev/teams)
I have no strong feelings about what specific names we choose to be the inital default values. But I think it should be an example than makes sense for most people in many situations, and that is easy to understand.
So please share your thoughts @Whiteends. There are no rights or wrongs here, just shades of grey 😊
|
Hi Timo,
Thank you, i agree with your response on the "rating". That makes lot of
sense, but the team should be tailored a bit more to the technical
stakeholders; DevOps, Developers, Security, etc since most of the
stakeholders responsible for providing responses are technical stakeholders.
My only question is if we can get a report (maybe in PDF or CSV?) based on
the supplied information. If we can get a report that will contain
responses to each process, gap analysis and recommendations based on the
supplied responses?
I understand we currently get that with the "downloadable YAML file" but
you'll understand how limiting this can be, i am rady to provide support
for this integration, thank you!
…On Tue, Aug 12, 2025 at 7:33 PM vbakke ***@***.***> wrote:
***@***.**** commented on this pull request.
Thank you @Whiteends <https://github.com/Whiteends> to take your time to
suggest improvements to DSOMM.
I might not agree with all your suggestions, but feel free to share your
thoughts why you suggested this. I might be missing the background.
------------------------------
In src/assets/YAML/meta.yaml
<#391 (comment)>
:
> @@ -21,16 +21,16 @@ strings:
label: ISO 27001:2022
description: |-
ISO 27001:2022
- labels: ['Very Low', 'Low', 'Medium', 'High', 'Very High']
+ labels: ['Very Low', 'Low', 'Medium', 'High', 'Critical']
I agree that ToDo tasks could have a 'Critical' label. But these labels
are displayed for *'Time'*, *'Resources'* and *'Usefullness'*.
I don't think it makes sense to have *'Critical time'* as a label for
something that takes a long time. Same for *'Critical resouces'*. As for *'Critical
usfullness'*, it makes more sense. But then again, *'Very high
usefullness'* is also fine, and does not require us to split the lables
into several arrays.
------------------------------
In src/assets/YAML/meta.yaml
<#391 (comment)>
:
> @@ -40,8 +40,8 @@ strings:
'Level 5: Advanced deployment of security practices at scale',
]
# Default team
-teams: ['Default', 'B', 'C']
+teams: ['DevOps', 'Security', 'Applications']
This is interesting. I was on a very different planet. This changeis
suggesting the each team is different *type* of team. That can definitely
also be the case.
In my head, all teams were development teams. (Or different applications
in an organisation.) And I just named them *Team A, Team B, Team C* and *Team
D*.
Then I was splitting these into the groups:
- Customer related
- Internal focus
- Cloud
- On-premise
Just to illustrate situations where a team/application naturally may have
more than one parent.
The teams in the default meta.yaml will only be an initial suggestion,
that users can change.
(And @Whiteends <https://github.com/Whiteends>, some time this year, we
might publish an update where users can manually change the team names in
the browser. Feel free to comment and have a sneak peak at
https://dsomm.pages.dev/teams)
I have no strong feelings about what specific names we choose to be the
inital default values. But I think it should be an example than makes sense
for most people in many situations, and that is easy to understand.
So please share your thoughts @Whiteends <https://github.com/Whiteends>.
There are no rights or wrongs here, just shades of grey 😊
—
Reply to this email directly, view it on GitHub
<#391 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AV2OLD6TVEX3YCILZUKFVKT3NIXN7AVCNFSM6AAAAACDVYTN6SVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTCMJSGEZTOMBUGI>
.
You are receiving this because you were mentioned.Message ID:
<devsecopsmaturitymodel/DevSecOps-MaturityModel/pull/391/review/3112137042
@github.com>
|
|
@Whiteends @vbakke has the name "Vegard". You are able to download an excel sheet at "mapping" with the green button. |
|
Thank you Timo,
What I actually meant by “downloading the matrix” is if we can get a report
AFTER supplying responses in the “overview” section.
Thank you!
…On Wed, 13 Aug 2025 at 5:50 PM, Timo Pagel ***@***.***> wrote:
*wurstbrot* left a comment
(devsecopsmaturitymodel/DevSecOps-MaturityModel#391)
<#391 (comment)>
@Whiteends <https://github.com/Whiteends> @vbakke
<https://github.com/vbakke> has the name "Vegard".
You are able to download an excel sheet at "mapping" with the green button.
image.png (view on web)
<https://github.com/user-attachments/assets/b4edc201-a8a9-4301-9af6-43622da83970>
—
Reply to this email directly, view it on GitHub
<#391 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AV2OLDZFZIIAHVM7GNOVYTT3NNUDTAVCNFSM6AAAAACDVYTN6SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTCOBUGY4DIMJWGY>
.
You are receiving this because you were mentioned.Message ID:
<devsecopsmaturitymodel/DevSecOps-MaturityModel/pull/391/c3184684166@
github.com>
|
|
ah ok. It is a bug that it is currently not implemented showing "false" for all teams. |
|
My previous job position was a BI consultant (business intelligence, mainly QlikView, Qlik Sense, but also PowerBI). And frankly, DSOMM will never be able to cover all analytical need out there. What we can provide is data that you can be fed into ones own tools for more analytics. Having said that, I'm working on a new release which in improving the internal data model, thus making it easier to provide some basic KPIs within DSOMM. Feel free to check out the experimental version on https://dsomm.pages.dev/ and leave comments on #380. There you see that the end user can freely change the team names and groups for their own liking. As for the Excel export, I don't recal the exact status in the experimental version. But each team-activity compnation will get more than just a boolean to indicate status. It will be a configurable set of stages, and each stage is given the date it was registered. Meaning it possible to later provide historical reviews, draw gannt diagrams etc. |
Updated meta.yaml to reflect the organisation's DevSecOps teams