Spring PetClinic modified to include vulnerabilities for the purpose of demonstrating the power of IAST and RASP.

Controls Assessment Specification

A Java library for calculating CVSSv2 and CVSSv3 scores and vectors

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues

.NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/sarif-standard/sarif-spec)

An Open Letter to the OWASP Board

Cloud Foundry buildpack for running Java applications

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

Book to hold the content files for the 'Generation Z Developer'

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

Open Source Generative AI Policy

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST),…