The SDLT, previously the Security Development Lifecycle Tool, is a web application tool that serves as a self-service entry point for following a quality assurance lifecycle process. This tool collects relevant information about a delivery, determines the risk rating and generates the appropriate requirements. The tool tailors the list of requirements to the projects specific needs, without providing unnecessary unrelated requirements. The process is derived from a security centric perspective, allowing the security teams and other stakeholders (e.g., privacy, data, finance) to establish custom guidance and requirements as checklist items for all deliveries.
The SDLT is used as a guide and reference for deliverying high quality outcomes, be they software release or entire projects. This encourages a security mindset among project teams and can be used to easily track the completion of requirements for the project.
The SDLT is a no-code solution, allowing quick and easy deployment of workflows that support organisational delivery processes. You can be up and running in a few minutes with the pre-configured work-flows.
The tool comes pre-configured with:
- Basic workflows to illustrate common scenarios
- Tasks covering basic concerns like privacy, security and data management
- Built in approval flows with delegation ability
- Digital security risk assessment capability
- Control validation audit capability
- Certification and accreditation capability
- Service inventory module for certification and accreditation
- Usage Reporting
This fork is now the primarily repository for the SDLT.
The SDLT was previously developed by The New Zealand Transport Agency (Waka Kotahi), but they have now abandoned the project. This fork is to continue development of new functionality while ensuring the product remains open source.
If you would like to run the SDLT, we first recommend downloading the code and following the deployment instructions yourself to have a go.
If you would prefer to have a custom demo available to you, please log an issue against this project with contact details (email) and we'll reach out.
If you would like professional hosting of the SDLT, please reach out to Catalyst (NZ) Limited.
If you would like a fully managed instance, with us looking after the day to day setup, configuration and maintenance, please log an issue against this project with your email and we'll reach out.
Documentation for the SDLT can be found at: https://sdlt.readthedocs.io/en/latest/
This includes all relevant topics such as:
- Installing the SDLT
- Initial configuration and customisation
- Basic administration tasks
- How the digital security risk assessment methodology works
- How to configure single-sign on