Add OWASP Vulnerable Web Applications Directory metadata (#152)

owasp-nest[bot] · arkid15r · kingthorin · web-flow · commit 7d03fe669bce · 2025-09-26T10:01:44.000-04:00
* Add OWASP Vulnerable Web Applications Directory metadata

Generated on 2025-09-25 by Arkadii Yakovets as part of the OWASP Schema initiative within OWASP Nest.
Repository: `OWASP/www-project-vulnerable-web-applications-directory`

Co-authored-by: Arkadii Yakovets &lt;arkadii.yakovets@owasp.org&gt;

* Updated tags

---------

Co-authored-by: owasp-nest[bot] &lt;204073339+owasp-nest[bot]@users.noreply.github.com&gt;
Co-authored-by: Arkadii Yakovets &lt;arkadii.yakovets@owasp.org&gt;
Co-authored-by: kingthorin &lt;kingthorin@users.noreply.github.com&gt;
diff --git a/.github/workflows/validate-owasp-metadata.yaml b/.github/workflows/validate-owasp-metadata.yaml
@@ -0,0 +1,28 @@
+name: Validate OWASP entity metadata
+
+on:
+  pull_request:
+    paths:
+      - '*.owasp.yaml'
+  push:
+    paths:
+      - '*.owasp.yaml'
+
+concurrency:
+  cancel-in-progress: true
+  group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  validate-metadata:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Validate metadata file
+        # We want to use the latest version of the action which lives in the
+        # `owasp/nest-schema` repository subdirectory and doesn't have a separate release process.
+        # This approach simplifies the workflow support however
+        # you can change it to use a specific SHA version if needed.
+        uses: owasp/nest-schema/.github/actions/validate@v0  # NOSONAR
diff --git a/project.owasp.yaml b/project.owasp.yaml
@@ -0,0 +1,35 @@
+audience:
+  - breaker
+  - builder
+  - defender
+leaders:
+  - name: Rick Mitchell
+    email: rick.mitchell@owasp.org
+    github: kingthorin
+  - name: Simon Bennetts
+    email: simon.bennetts@owasp.org
+    github: psiinon
+  - name: Raul Siles
+    email: raul.siles@owasp.org
+    github: raulsiles
+level: 3
+license:
+  - Apache-2.0
+name: OWASP Vulnerable Web Applications Directory
+pitch: The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications
+  currently available for legal security and vulnerability testing of various kinds.
+repositories:
+  - name: www-project-vulnerable-web-applications-directory
+    url: https://github.com/OWASP/www-project-vulnerable-web-applications-directory
+    description: The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable
+      web applications currently available.
+  - name: OWASP-VWAD
+    url: https://github.com/OWASP/OWASP-VWAD
+    description: ':warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory'
+tags:
+  - vwad
+  - learning
+  - vulnerableapp
+  - appsec
+type: documentation
+website: https://owasp.org/www-project-vulnerable-web-applications-directory
