SDLC - Repositories with SAST / DAST scanning enabled¶
Description¶
The percentage of code repositories with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scanning enabled, ensuring early detection of vulnerabilities during development and reducing the risk of security breaches before code is deployed.
How we measure it¶
Query the code repository management system to identify all repositories with SAST and DAST scanning enabled. Calculate the percentage of repositories with scanning enabled against the total number of repositories.
Meta Data¶
| Attribute | Value |
|---|---|
| Metric id | sd_repository_coverage |
| Category | Software Development |
| SLO | 90.00% - 95.00% |
| Weight | 0.5 |
| Type |  |
References¶
| Framework | Ref | Domain | Control |
|---|---|---|---|
| CIS 8.1 | 16.12 | Application Software Security | Implement Code-Level Security Checks |
| ISO 27001:2022 | A.8.25 | 8 Technological controls | Secure development life cycle |
| NIST CSF v2.0 | PR.PS-06 | Platform Security (PR.PS) | PR.PS-06: Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle |