Expand OWASP resource mappings for issue #471#6
Conversation
SummaryThis draft PR is being kept as the aggregate integration branch for issue OWASP#471 on my fork. It is not intended to be the primary review surface because the full branch diff is too large to review effectively in one pass. Instead, the work has been split into a stacked series of smaller PRs using the Why This PR Is DraftThe full To make review manageable, the work has been split into smaller logical branches so each PR covers one focused concern. Review OrderPlease review the smaller fork PRs in this order:
Notes
|
|
This draft PR remains the fork-level integration/tracking PR for issue OWASP#471. Please review the stacked
Important update:
This keeps the main frontend behavior review earlier in the stack and keeps the final Kubernetes PR narrower. |
f5b9ce2 to
f2841d1
Compare
f2841d1 to
0c816b7
Compare
Related Issue
This branch addresses:
#471Mapping: to more owasp resourcesProblem
OpenCRE is most useful when its CRE graph is connected to the OWASP resources practitioners actually use during design, implementation, testing, and review.
Issue
#471asks for broader mapping to OWASP resources. At the moment, that coverage is incomplete in several practical ways:This leaves gaps across important OWASP materials for web, API, AI/LLM, cloud, Kubernetes, AISVS, and cheat-sheet resources.
Solution
This branch expands OpenCRE’s OWASP resource coverage across the parser, mapping, refresh, and application layers.
1. Add importer support for newer OWASP resources
This branch adds parser/data support for resources including:
2. Expand curated OWASP mapping coverage
This branch adds curated mappings so the imported OWASP resources can participate in OpenCRE linking and comparison flows.
3. Normalize official OWASP references
This branch updates OWASP references so imported resources point to stable and official locations where possible, including:
4. Add local refresh workflows
This branch adds local scripts that make OWASP resource refreshes repeatable during development.
5. Surface the added resources in application flows
This branch includes backend and frontend support so the imported OWASP resources can be surfaced in:
Testing
Focused validation during development included commands such as:
./venv/bin/python -m pytest \ application/tests/owasp_top10_2025_parser_test.py \ application/tests/owasp_api_top10_2023_parser_test.py \ application/tests/owasp_aisvs_parser_test.py \ application/tests/owasp_kubernetes_top10_2022_parser_test.py \ application/tests/owasp_kubernetes_top10_2025_parser_test.py \ application/tests/owasp_llm_top10_2025_parser_test.py \ -q ./venv/bin/python -m pytest application/tests/cheatsheets_parser_test.py -q ./venv/bin/python -m pytest application/tests/cre_main_test.py -q ./venv/bin/python -m pytest application/tests/web_main_test.py \ -k 'owasp_top10_comparison_section or direct_cre_overlap or specialized_section or keeps_prompt_injection_cheatsheet_for_llm01 or filters_generic_cheatsheets_for_llm_top10 or ma_job_results_adds_specialized_cheatsheet_section' \ -q