Document secure development practices as OSCAL component

[aj-stein-gsa]

User Story

As a software developer, system engineer, or architect that will want to use this library and its dependencies for integration into a part of my system, I want clear documentation about the security process and characteristics of the development software and development process. Ideally, we want to see this in the form of an OSCAL component so we can use documentation and evidence to also integrate into our own security documentation.

Goals

• Decide on secure software practices
• Decide on secure software deployment (development and operations)
• Act on the above
• Document them with OSCAL components

Dependencies

We probably need to threat model this system after considering the other components: metaschema-java, liboscal-java, and their combination with the oscal-cli as we use it today.

Acceptance Criteria

• All website and readme documentation affected by the changes in this issue have been updated.
• A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
• The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

Revisions

No response

[wandmagic]

see #23