@@ -16,42 +16,55 @@ DevOps Maturity Specification is a set of guidelines for DevOps best practices,
1616
1717### DevOps Maturity Criteria
1818
19- must have → 🟢
20- nice to have → 🟡
21-
22- | ** Category** | ** Criteria** | ** Req.** | ** Weight** |
23- | ---------------------| --------------------------------------------| ----------| ------------|
24- | CI/CD Basic | Build a specific branch | 🟢 | 1 |
25- | | Build upon pull request | 🟢 | 1 |
26- | | Build from clean environment | 🟡 | 0.5 |
27- | Quality | Automated Testing: Functional testing | 🟢 | 1 |
28- | | Automated Testing: Performance testing | 🟢 | 1 |
29- | | Code Coverage | 🟡 | 0.5 |
30- | | Accessibility Testing | 🟡 | 0.5 |
31- | Security | Security scan | 🟢 | 1 |
32- | | License scan | 🟡 | 0.5 |
33- | Secure Supply Chain | Documented Build Chain | 🟢 | 1 |
34- | | CICD as coded | 🟢 | 1 |
35- | | Artifacts are signed | 🟡 | 0.5 |
36- | | Artifactory download for Package Managers | 🟡 | 0.5 |
37- | Analysis | Quality Gate | 🟡 | 0.5 |
38- | | Code Lint | 🟡 | 0.5 |
39- | | Static code analysis | 🟡 | 0.5 |
40- | | Dynamic code analysis | 🟡 | 0.5 |
41- | Reporting | Email/Slack reporting functionality | 🟢 | 1 |
19+ MUST have → 🟢 (weight 1)
20+ NICE to have → 🟡 (weight 0.5)
21+
22+ | ** Category** | ** Code** | ** Criteria** | ** Req.** |
23+ | --------------------| --------| --------------------------------------------| ---------|
24+ | Basics | D101 | Build a specific branch | 🟢 |
25+ | | D102 | Build upon pull request | 🟢 |
26+ | | D103 | Build from clean environment | 🟡 |
27+ | Quality | D201 | Automated Testing: Functional testing | 🟢 |
28+ | | D202 | Automated Testing: Performance testing | 🟡 |
29+ | | D203 | Code Coverage | 🟡 |
30+ | | D204 | Accessibility Testing | 🟡 |
31+ | Security | D301 | Security scan | 🟢 |
32+ | | D302 | License scan | 🟡 |
33+ | Secure Supply Chain| D401 | Documented Build Chain | 🟢 |
34+ | | D402 | CI/CD as coded | 🟢 |
35+ | | D403 | Artifacts are signed | 🟡 |
36+ | | D404 | Artifactory download for Package Managers | 🟡 |
37+ | Analysis | D501 | Static code analysis | 🟡 |
38+ | | D502 | Dynamic code analysis | 🟡 |
39+ | | D503 | Quality Gate | 🟡 |
40+ | | D504 | Code Lint | 🟡 |
41+ | Reporting | D601 | Email/Slack reporting functionality | 🟢 |
42+ | | D602 | Attached Reports | 🟢 |
43+
44+
45+ ### Code Groupings
46+
47+ | ** Code** | ** Description** |
48+ | -------| ---------------|
49+ | D1xx | Basics |
50+ | D2xx | Quality |
51+ | D3xx | Security |
52+ | D4xx | Secure Supply Chain |
53+ | D5xx | Analysis |
54+ | D6xx | Reporting |
4255
4356
4457## Badge Levels
4558
4659Your score will generate one of the following badges:
4760
48- | Level | Score Range | Badge |
49- | ---------| -------------- | ------|
50- | WIP | 0% | ![ WIP] ( https://img.shields.io/badge/DevOps%20Maturity-WIP-red.svg ) |
51- | PASSING | 1–49% | ![ PASSING] ( https://img.shields.io/badge/DevOps%20Maturity-PASSING-green.svg ) |
52- | BRONZE | 50–69% | ![ BRONZE] ( https://img.shields.io/badge/DevOps%20Maturity-BRONZE-yellow.svg ) |
53- | SILVER | 70–89% | ![ SILVER] ( https://img.shields.io/badge/DevOps%20Maturity-SILVER-silver.svg ) |
54- | GOLD | 90–100% | ![ GOLD] ( https://img.shields.io/badge/DevOps%20Maturity-GOLD-gold.svg ) |
61+ | Level | Score Range | Badge |
62+ | ---------| -------------| ------|
63+ | WIP | 0% | ![ WIP] ( https://img.shields.io/badge/DevOps%20Maturity-WIP-red.svg ) |
64+ | PASSING | 1–49% | ![ PASSING] ( https://img.shields.io/badge/DevOps%20Maturity-PASSING-green.svg ) |
65+ | BRONZE | 50–69% | ![ BRONZE] ( https://img.shields.io/badge/DevOps%20Maturity-BRONZE-yellow.svg ) |
66+ | SILVER | 70–89% | ![ SILVER] ( https://img.shields.io/badge/DevOps%20Maturity-SILVER-silver.svg ) |
67+ | GOLD | 90–100% | ![ GOLD] ( https://img.shields.io/badge/DevOps%20Maturity-GOLD-gold.svg ) |
5568
5669---
5770
@@ -60,3 +73,9 @@ Your score will generate one of the following badges:
6073### What tools can be used to caculate your score?
6174
6275You can used [ devops-maturity] ( https://github.com/devops-maturity/devops-maturity ) which support web UI and CLI to calculate your score automatically.
76+
77+ ### What is the difference between OpenSSF Best Practices and DevOps Maturity?
78+
79+ [ OpenSSF Best Practices] ( https://www.bestpractices.dev/ ) targets open source projects, while DevOps Maturity applies to both open source and internal enterprise projects.
80+
81+ DevOps Maturity offers a web UI and CLI for automatically calculating your maturity score. OpenSSF Best Practices is web-based SaaS and may not support internal deployment.
0 commit comments