Move regular test to test intensity

Author: wurstbrot

data/BuildandDeployment.yml

@@ -32,21 +32,6 @@ Build:
     iso27001-2017:
       - 12.1.1
       - 14.2.2
-  Regular tests:
-    risk: After pushing source code to the version control system, any delay in receiving feedback on defects makes them harder for the developer to remediate.
-    measure: On each push and/or at given intervals automatic security tests are performed.
-    difficultyOfImplementation:
-      knowledge: 1
-      time: 1
-      resources: 1
-    usefulness: 2
-    level: 2
-    implementation: ""
-    samm2: i-secure-build|A|3
-    iso27001-2017:
-      - 14.2.3
-      - 14.2.8
-      - 14.2.9
   Signing of code:
     risk: Unauthorized manipulation of source code might be difficult to spot.
     measure: Digitally signing commits helps to prevent unauthorized manipulation of source code.

data/TestandVerification.yml

@@ -293,6 +293,21 @@ Static depth for applications:
     - "Test of client side components with known vulnerabilities"
     - "Static analysis for all self written components"
 Test-Intensity:
+  Regular tests:
+    risk: After pushing source code to the version control system, any delay in receiving feedback on defects makes them harder for the developer to remediate.
+    measure: On each push and/or at given intervals automatic security tests are performed.
+    difficultyOfImplementation:
+      knowledge: 1
+      time: 1
+      resources: 1
+    usefulness: 2
+    level: 2
+    implementation: ""
+    samm2: i-secure-build|A|3
+    iso27001-2017:
+      - 14.2.3
+      - 14.2.8
+      - 14.2.9
   Creation and application of a testing concept:
     risk: Scans might use a too small or too high test intensity.
     measure: A testing concept considering the amount of time per scan/intensity is created and applied. A dynamic analysis needs more time than a static analysis. The dynamic scan, depending on the test intensity might be performed on every commit, every night, every week or once in a month.