You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 8, 2026. It is now read-only.
I think it would be useful for the DevSecOps requirements to be made available as an OSCAL control library, which could then be imported into the sort of GRC tools that organizations might use to track their compliance with the requirements.
A more futuristic vision might involve vendors publishing component definitions that describe, in machine-readable format, how their tools can be configured to best satisfy these controls, and/or generate automated assessments results that helps organizations identify misconfigurations and how they impact DevSecOps posture.
Hello!
I think it would be useful for the DevSecOps requirements to be made available as an OSCAL control library, which could then be imported into the sort of GRC tools that organizations might use to track their compliance with the requirements.
A more futuristic vision might involve vendors publishing component definitions that describe, in machine-readable format, how their tools can be configured to best satisfy these controls, and/or generate automated assessments results that helps organizations identify misconfigurations and how they impact DevSecOps posture.