Framework

Governance (G)

Tasks that focus on the organization, measurement of a secure software supply chain, decision-making policies, accountability to third-party obligations, and compliance with legal and regulatory requirements.

Product (P)

Tasks to lead to deploying a secure product with minimal vulnerabilities with associated required attestations and artifacts.

Environment (E)

Tasks to protect the confidentiality and integrity of source code, software components, and the build infrastructure from tampering and unauthorized access.

Deployment (D)

Tasks for identifying, analyzing, and addressing vulnerabilities in products in production/that have been deployed

Unassigned (U)

Tasks that have been identifed but that are not part of one of the mapped frameworks

Practice Groups

Governance (G)

Product (P)

Environment (E)

Deployment (D)

Unassigned (U)