PHPackages nzta/sdlt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. nzta/sdlt ActiveSilverstripe-recipe[Security](/categories/security) nzta/sdlt ========= NZTA Security Development Lifecycle Tool Recipe 4.0.1(4y ago)16190[6 issues](https://github.com/NZTA/SDLT/issues)BSD-3-ClausePHPPHP >=7.2CI failing Since May 3Pushed 1y ago1 watchersCompare [ Source](https://github.com/NZTA/SDLT)[ Packagist](https://packagist.org/packages/nzta/sdlt)[ RSS](/packages/nzta-sdlt/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (4)Versions (39)Used By (0) NZTA Security Development Lifecycle Tool ======================================== [](#nzta-security-development-lifecycle-tool) This repository is no longer actively maintained or supported. Issues will not be monitored or responded to. Code and examples are provided as-is and may be outdated. The SDLT is Web Application that supports, and expedites I.T. security professionals as part of the change approval process within their organisation. Requirements ------------ [](#requirements) The SDLT is written in ReactJS and PHP and built on the [SilverStripe](https://silverstripe.org) framework. As such, in order to install the software you will need access to a dedicated LAMP, LEMP or similar environment. Refer to the official [Server Requirements Documentation](https://docs.silverstripe.org/en/4/getting_started/server_requirements/) to help you spec a suitable configuration for your SDLT. This repository consists of three parts: - the base project, which includes a Docker image as well as metadata about the project. - [the SDLT framework](https://github.com/nzta/sdlt-framework), which includes the Silverstripe framework and CMS as dependencies and powers the GraphQL endpoints - [the SDLT theme](https://github.com/nzta/sdlt-theme), which is a front-end React framework designed to communicate with Silverstripe via GraphQL. ### Infrastructure [](#infrastructure) - See the [Server Requirements Documentation](https://docs.silverstripe.org/en/4/getting_started/server_requirements/) but Apache httpd or Nginx on a Linux distribution e.g. Ubuntu is typical - See the [Server Requirements Documentation](https://docs.silverstripe.org/en/4/getting_started/server_requirements/) but MySQL or MariaDB will work. PostgreSQL may work, but is untested. (You will need to alter the project's `.env` file to suit) - A minimal `.env` file. (You can adapt the one provided at the root of this codebase) - Test the setup by running: `./vendor/bin/sake dev/build` (CLI) or pointing a GUI browser at: . Installation ------------ [](#installation) This assumes you have a LAMP environment: Linux (Ubuntu), Apache (v2), MySQL (5.7) and PHP (7.2). Another assumption is that you're using a virtualhost on Apache. We assume your project is installed at /var/www/example.com/sdlt with a DocumentRoot set to something like /var/www/example.com/sdlt/public. ``` cd /var/www/example.com/ #clone most stable version directly from Github. This also runs composer automatically composer create-project nzta/sdlt sdlt ^3 #change directory cd sdlt #make a .env if you haven't yet cp .env.example .env #build database tables vendor/bin/sake dev/build flush= #(optional) setup default data, see "Data Import" below vendor/bin/sake dev/tasks/SetupSDLTDataTask #(optional) change permissions on homepage to login-only vendor/bin/sake dev/tasks/HydrateCustomConfig ``` The `public/assets` folder needs to be writeable by the webserver user. You may also need to make `public/assets/.htaccess` and `public/assets/.protected` writeable. `sudo chown -R www-data:www-data public/assets public/assets/.htaccess public/assets/.protected` ### Data Import [](#data-import) The codebase comes with a data-importer which will configure most of what you will need to get up and running with the tool. - On the CLI or within the browser run: dev/tasks/SetupSDLTDataTask. This can take several minutes, and may exceed your server's script execution time. If the script fails, new data will only be generated where it left off. - Login to the SilverStripe admin area to verify this data, by using the `SS_DEFAULT_ADMIN_XXX` vars below at: `https://my-sdlt.dept.govt.nz/admin/?showloginform=1`. - This data is generated from a default set and contains a set of default questionnaires, tasks, and risk assestments that you are able to alter for your own needs. ### Customisation: [](#customisation) - The frontend is a React application whose application logic, templates and CSS are found in the: "themes/sdlt" directory. It is theoretically possible to replace this theme with your own GraphQL-powered theme. To do this, you will need to replace the sdlt-theme project with your own implementation of it. This capability is currently untested and undocumented. - To add further calculation algorithms to appear in "Risk Questionnaire" Tasks, developers will need to subclass `app/src/Formulae/RiskFormula.php` (See app/src/Formulae/NztaApproxRepresentation.php and its tests as an example). ### Config [](#config) Rename the `.env.example` file included with the project to `.env` and ensure it is in the project-root with r+x permissions by your webserver's user. You'll need to change the dummy entries for the environment variables within the file, to suit your own environment. Alternatively, you can create environment variables on your server in place of a .env file. In order to protect the entire project behind an authentication screen, run the following task: ``` ./vendor/bin/sake dev/tasks/HydrateCustomConfig ``` ### Tests [](#tests) To run the suite ("dev" environments only - see the .env file example below): ``` ./vendor/bin/phpunit ``` ### Setting up Azure Active Directory [](#setting-up-azure-active-directory) This application normally uses SilverStripe's default authentication system (username and password). It can optionally be configured to support Azure's Active Directory service or any provider that supports OAuth2. Instructions for configuring SDLT to work with Azure and other OAuth providers can be found here: ### Setting up project using docker [](#setting-up-project-using-docker) Make sure you have docker and docker compose installed on your machine and then run the below commands. Clone the repository ``` git clone git@github.com:NZTA/SDLT.git ``` Create .env file ``` cp .env.example .env ``` Starts the containers in the background and leaves them running ``` docker-compose up -d ``` Displays log output from services. ``` docker logs -f sdlt_php ``` ### Health Score 34 — LowBetter than 77% of packages Maintenance27 Infrequent updates — may be unmaintained Popularity18 Limited adoption so far Community15 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor1 Top contributor holds 52.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~41 days Recently: every ~57 days Total 26 Last Release 1545d ago Major Versions 1.0.55 → 2.0.22019-12-12 2.1.1 → 3.0.02020-08-27 3.2.1 → 4.0.02022-02-14 ### Community Maintainers ![](https://www.gravatar.com/avatar/ad627a2d8fe16725eb7c9cdde9f4e92e26bf3fbf4c5baf3b9eebca58c8168941?d=identicon)[0x0000](/maintainers/0x0000) ![](https://www.gravatar.com/avatar/ff99459f7f2ca26bdf0fa8e4b43a971c28d8f2bf6f588eda2d239a6a8bf5b7ee?d=identicon)[NZTA](/maintainers/NZTA) ![](https://avatars.githubusercontent.com/u/36830253?v=4)[roopamjain](/maintainers/roopamjain)[@roopamjain](https://github.com/roopamjain) --- Top Contributors [![roopamjain-catalyst](https://avatars.githubusercontent.com/u/64883346?v=4)](https://github.com/roopamjain-catalyst "roopamjain-catalyst (225 commits)")[![elliot-sawyer](https://avatars.githubusercontent.com/u/354793?v=4)](https://github.com/elliot-sawyer "elliot-sawyer (154 commits)")[![zhanglian77](https://avatars.githubusercontent.com/u/44794413?v=4)](https://github.com/zhanglian77 "zhanglian77 (31 commits)")[![evhan](https://avatars.githubusercontent.com/u/96712?v=4)](https://github.com/evhan "evhan (9 commits)")[![HaydenNZTA](https://avatars.githubusercontent.com/u/45440468?v=4)](https://github.com/HaydenNZTA "HaydenNZTA (6 commits)")[![Zaita](https://avatars.githubusercontent.com/u/1491276?v=4)](https://github.com/Zaita "Zaita (5 commits)") ### Embed Badge ![Health badge](/badges/nzta-sdlt/health.svg) ``` [![Health](https://phpackages.com/badges/nzta-sdlt/health.svg)](https://phpackages.com/packages/nzta-sdlt) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)