Add OWASP Vulnerable Web Applications Directory metadata #152
Conversation
Generated on 2025-09-25 by Arkadii Yakovets as part of the OWASP Schema initiative within OWASP Nest. Repository: `OWASP/www-project-vulnerable-web-applications-directory` Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
owasp-nest
bot
requested review from
hblankenship,
kingthorin,
psiinon and
raulsiles
| # `owasp/nest-schema` repository subdirectory and doesn't have a separate release process. | ||
| # This approach simplifies the workflow support however | ||
| # you can change it to use a specific SHA version if needed. | ||
| uses: owasp/nest-schema/.github/actions/validate@v0 # NOSONAR |
There was a problem hiding this comment.
should the github action be pinned to a more specific version? as written it will be latest 0.Minor.Patch version which could provide a stage of an attack if that latest version is compromised
There was some guidance about this provided by github, I can look it out if needed
There was a problem hiding this comment.
You're right, I think we can do better here. I'll change this approach to pin the action's version to SHA and provide dependabot config for automatic updates. It's not that convenient from the support perspective but much better from security one.
// I need to test if first though.
There was a problem hiding this comment.
I pinned it to SHA, skipped the dependabot part as it already exists in this repository.
| - builder | ||
| - defender | ||
| leaders: | ||
| - name: Rick Mitchell |
There was a problem hiding this comment.
Very good to have this drive for consistency, and a 'nice to have' is that the validate meta file resticts the number of leaders to a maximum of 5?
Not sure if that is practical, but it is the existing limit for number of leaders (or was in 2023)
There was a problem hiding this comment.
Any idea if that's also valid for chapters?
There was a problem hiding this comment.
agreed, it does not apply to Chapters, which are encouraged to have as many organizers / leaders as possible :
Chapter Handbook -> Chapter 5: Governance -> Chapter Leadership
There was a problem hiding this comment.
Thanks for confirming, will limit for projects only.
project.owasp.yaml
Outdated
| description: ':warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory' | ||
| tags: | ||
| - vwad | ||
| - custom-tag-1 |
There was a problem hiding this comment.
any reason for including the custom tags?
There was a problem hiding this comment.
I'll tweak it before merge.
There was a problem hiding this comment.
The schema has a (reasonable?) requirement for at least 3 tags.
There was a problem hiding this comment.
Well, not if they endup being "filler" 😉
There was a problem hiding this comment.
I'll tweak it before merge.
I think you got it right -- as a project leader you can/should fix all points that don't look right to you -- the guidelines directly recommend that:
Data Accuracy: Verify that the entity information is correct (type, level, leaders, tags)
|
@arkid15r you (or the bot) seem to have killed my updates |
Oh yeah, sorry about that. Me (or the bot) has a very limited functionality in terms of code merge via GitHub API. My ideal use case is to create a PR and be done with it. Could you add the tag related changes again please? Thank you! |
|
Yup, I won't get to it till the morning though, so like 6-8 hrs. If it needs to be merged as-is, then tweaked separately lemme know. |
This is not urgent. It's not required to be merged as is. I appreciate all help and feedback you've provided 👍 |
kingthorin
force-pushed
the
nest/owasp-vulnerable-web-applications-directory-metadata
branch
from
af2f1ba to
29eacbd
Compare
kingthorin
deleted the
nest/owasp-vulnerable-web-applications-directory-metadata
branch
OWASP Entity Information
OWASP/www-project-vulnerable-web-applications-directoryChanges
This PR adds the project data to comply with the OWASP Schema specification. The changes include:
Purpose
This update ensures that the project data follows the standardized OWASP Schema format, enabling:
Review Guidelines
When reviewing this PR, please focus on:
owasp/nest-schema/.github/actions/validate@v0to serve the latest version. This can be changed to a specific SHA if needed.Support & Questions
If you have any questions about this PR or the OWASP Schema implementation: