We will basically create a project without assessment model composition, include our prepared composition manually to the project paths and then make our Analysis-model depend on its models.
1. Create a security analysis project without any Assessment Model Composition. We will add the composition later on by hand.
2. As we can see, the created project contains only the analysis template in the model „Project12“ and no composition. I right-click on the root node now and click on „Project Paths“.
3. This view lists only that one solution. I click on the + and select the MyComposition.msd in the folder of my composition so that the composition solution is listed here as well. I click apply.
4. My project view lists both solutions now. What we configured so far is just about the solutions that are listed in the left pane. Let’s now configure the Project12 solution to use our Composition solution. For that, I right-click on the Project12 solution and select „Model Properties“:
5. I see that there are no dependencies yet. The solution model should depend on the AssessmentModel and the Catalog though. Let’s click on the plus to start adding them
6. The „Choose Model“ window opened in front of it. You may need to resize it – sometimes the parts on the right side are important to see. In this case, we want to add the two upper models. For that, I click on AssessmentModel, hold shift and click on Catalog to select both entries and click on „Ok“.
7. They are listed now in the model properties. Note that when adding them for the first time, they may appear in red font. That’s okay for now. I hit „Ok“ anyway to close the model properties.
8. That should be all. When creating a threat now and looking at its instantiates-menu, I can see the threat classes that come from the imported catalog as intended.
9. The VCS integration supports having multiple VCS roots and also supports using svn externals / git submodules (as far as I know). You can add the respective repositories by opening the project preferences and adding the VCS root of the composition:
The integration (in my case git) will then show both repositories in all the views. Peculiarly, if I make a change in both repositories and try to commit them together, I will create a commit in each repository with a shared commit message.