Expand OWASP standards and resource mappings for issue #471#3
Open
Bornunique911 wants to merge 18 commits into
Open
Expand OWASP standards and resource mappings for issue #471#3Bornunique911 wants to merge 18 commits into
Bornunique911 wants to merge 18 commits into
Conversation
Signed-off-by: Bornunique911 <69379200+Bornunique911@users.noreply.github.com>
modified: application/frontend/src/pages/Explorer/explorer.scss modified: application/frontend/src/pages/Explorer/explorer.tsx modified: application/frontend/src/pages/GapAnalysis/GapAnalysis.scss modified: application/frontend/src/pages/GapAnalysis/GapAnalysis.tsx modified: application/frontend/src/providers/DataProvider.tsx modified: application/frontend/src/types.ts modified: application/frontend/www/bundle.js modified: application/frontend/www/bundle.js.LICENSE.txt modified: application/frontend/www/index.html modified: application/prompt_client/openai_prompt_client.py modified: application/tests/cheatsheets_parser_test.py modified: application/tests/cre_main_test.py modified: application/tests/cwe_parser_test.py modified: application/tests/web_main_test.py modified: application/utils/external_project_parsers/parsers/cheatsheets_parser.py modified: application/utils/external_project_parsers/parsers/cwe.py modified: application/web/web_main.py modified: cre.py modified: yarn.lock application/tests/owasp_aisvs_parser_test.py application/tests/owasp_api_top10_2023_parser_test.py application/tests/owasp_kubernetes_top10_2022_parser_test.py application/tests/owasp_kubernetes_top10_2025_parser_test.py application/tests/owasp_llm_top10_2025_parser_test.py application/tests/owasp_top10_2025_parser_test.py application/utils/external_project_parsers/data/ application/utils/external_project_parsers/parsers/owasp_aisvs.py application/utils/external_project_parsers/parsers/owasp_api_top10_2023.py application/utils/external_project_parsers/parsers/owasp_kubernetes_top10_2022.py application/utils/external_project_parsers/parsers/owasp_kubernetes_top10_2025.py application/utils/external_project_parsers/parsers/owasp_llm_top10_2025.py application/utils/external_project_parsers/parsers/owasp_top10_2025.py package-lock.json scripts/run-local.sh scripts/show-db-stats.sh scripts/update-cheatsheets.sh scripts/update-cwe.sh scripts/update-owasp-top10-2025-mappings.sh scripts/update-owasp-top10-standards.sh
new file: application/tests/owasp_api_top10_2023_parser_test.py new file: application/tests/owasp_kubernetes_top10_2022_parser_test.py new file: application/tests/owasp_kubernetes_top10_2025_parser_test.py new file: application/tests/owasp_llm_top10_2025_parser_test.py new file: application/tests/owasp_top10_2025_parser_test.py new file: application/utils/external_project_parsers/data/cwe_fallback_mappings.json new file: application/utils/external_project_parsers/data/owasp_aisvs_1_0.json new file: application/utils/external_project_parsers/data/owasp_api_top10_2023.json new file: application/utils/external_project_parsers/data/owasp_cheatsheets_supplement.json new file: application/utils/external_project_parsers/data/owasp_kubernetes_top10_2022.json new file: application/utils/external_project_parsers/data/owasp_kubernetes_top10_2025.json new file: application/utils/external_project_parsers/data/owasp_llm_top10_2025.json new file: application/utils/external_project_parsers/data/owasp_top10_2025.json new file: application/utils/external_project_parsers/parsers/owasp_aisvs.py new file: application/utils/external_project_parsers/parsers/owasp_api_top10_2023.py new file: application/utils/external_project_parsers/parsers/owasp_kubernetes_top10_2022.py new file: application/utils/external_project_parsers/parsers/owasp_kubernetes_top10_2025.py new file: application/utils/external_project_parsers/parsers/owasp_llm_top10_2025.py new file: application/utils/external_project_parsers/parsers/owasp_top10_2025.py new file: package-lock.json new file: scripts/run-local.sh new file: scripts/show-db-stats.sh new file: scripts/update-cheatsheets.sh new file: scripts/update-cwe.sh new file: scripts/update-owasp-top10-2025-mappings.sh new file: scripts/update-owasp-top10-standards.sh
Signed-off-by: Bornunique911 <69379200+Bornunique911@users.noreply.github.com>
Signed-off-by: Bornunique911 <69379200+Bornunique911@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issue
This branch addresses:
#471Mapping: to more owasp resourcesProblem
OpenCRE is most useful when its CRE catalog is connected to the OWASP resources practitioners actually use during design, implementation, testing, and review.
Issue
#471calls for broader mapping to OWASP resources. At the moment, that coverage is incomplete in a few important ways:This leaves gaps in practical coverage for newer OWASP guidance across web, API, AI/LLM, cloud, and cheat-sheet resources.
Solution
This branch expands OpenCRE’s OWASP resource coverage by adding curated standards data, parser support, mapping data, official reference normalization, and local refresh workflows.
1. Add importer support for additional OWASP resources
This branch adds parser/data support for newer OWASP resources, including:
These resources are added through explicit parser and data files so the mappings remain maintainable and reviewable.
2. Expand curated mapping coverage
This branch adds curated CRE mappings for the new OWASP resources so they can participate meaningfully in OpenCRE linking and comparison flows.
This includes:
3. Normalize official OWASP references
This branch updates resource references so imported OWASP items point to stable and official locations where possible.
This includes:
4. Add local update workflows
This branch adds scripts to simplify local refresh of mapped OWASP resources and related data.
These scripts support repeatable local updates for:
5. Surface the new resources in application flows
To make the added mappings usable in practice, this branch also includes supporting application changes so the imported standards can be surfaced in:
6. Add focused test coverage
This branch adds targeted tests for:
Testing
Focused validation during development included commands such as:
./venv/bin/python -m pytest application/tests/owasp_top10_2025_parser_test.py -q ./venv/bin/python -m pytest application/tests/owasp_llm_top10_2025_parser_test.py -q ./venv/bin/python -m pytest application/tests/owasp_api_top10_2023_parser_test.py -q ./venv/bin/python -m pytest application/tests/owasp_aisvs_parser_test.py -q ./venv/bin/python -m pytest application/tests/cheatsheets_parser_test.py -q ./venv/bin/python -m pytest application/tests/web_main_test.py -k 'owasp or specialized or direct_cre_overlap' -q ./venv/bin/python -m pytest application/tests/cre_main_test.py -q