SDLC - Repositories without exploitable vulnerabilities¶
Description¶
The percentage of code repositories free from known security flaws, ensuring that development efforts prioritize secure coding practices, reduce the risk of breaches, and maintain the integrity of the software development lifecycle. This metric is important as it directly impacts the organization's ability to deliver secure products and protect against potential cyber threats.
How we measure it¶
Query the code repository management system to identify all repositories with exploitable vulnerabilities. Calculate the percentage of repositories without exploitable vulnerabilities against the total number of repositories.
Meta Data¶
| Attribute | Value |
|---|---|
| Metric id | sd_vulnerabilities |
| Category | Software Development |
| SLO | 98.00% - 99.00% |
| Weight | 0.8 |
| Type |  |
References¶
| Framework | Ref | Domain | Control |
|---|---|---|---|
| ISO 27001:2022 | A.8.25 | 8 Technological controls | Secure development life cycle |
| CIS 8.1 | 16.12 | Application Software Security | Implement Code-Level Security Checks |
| NIST CSF v2.0 | PR.PS-06 | Platform Security (PR.PS) | PR.PS-06: Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle |
Code¶
SELECT
projects.attributes.name AS resource,
'snyk' as resource_type,
CASE
WHEN issues.relationships.scan_item.data.id IS NOT NULL THEN 1
ELSE 0
END AS compliance,
projects.attributes.target_file AS detail
FROM
{{ ref('snyk_projects') }} AS projects
LEFT JOIN
{{ ref('snyk_issues') }} AS issues
ON
projects.id = issues.relationships.scan_item.data.id
AND issues.attributes.status = 'open'
AND issues.attributes.effective_severity_level IN ('critical', 'high')