You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a need to track compliance with STIGs and SRGs with our products. Typically, compliance with a STIG can be tracked with a tool like STIG Viewer, which saves a checklist in a standard format as a .CKL file.
There are hundreds of STIGs and SRGs and their corresponding checklists can be viewed on this website but are typically triaged through a tool like OpenRMF or NUWCDIVNPT/stig-manager. But it would make a lot of sense to bring similar featuring into DefectDojo since handling questionnaires is already a feature in this tool and the other open-source tooling on the market don't add a significant amount of features outside of just managing a bunch of .CKLs.
This would likely be a big change for DefectDojo and might be a good candidate for v3. I'd be willing to help work on adding the feature but I'm not even sure where v3 even lives right now.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I have a need to track compliance with STIGs and SRGs with our products. Typically, compliance with a STIG can be tracked with a tool like STIG Viewer, which saves a checklist in a standard format as a .CKL file.
There are hundreds of STIGs and SRGs and their corresponding checklists can be viewed on this website but are typically triaged through a tool like OpenRMF or NUWCDIVNPT/stig-manager. But it would make a lot of sense to bring similar featuring into DefectDojo since handling questionnaires is already a feature in this tool and the other open-source tooling on the market don't add a significant amount of features outside of just managing a bunch of .CKLs.
This would likely be a big change for DefectDojo and might be a good candidate for v3. I'd be willing to help work on adding the feature but I'm not even sure where v3 even lives right now.
Beta Was this translation helpful? Give feedback.
All reactions