OWASP Top 10 CI/CD Security Risks


Daniel Krivelevich

Thursday, November 10, 2022

We’re excited to announce the “Top 10 CI/CD Security Risks” framework is now officially an OWASP project, titled “OWASP Top 10 CI/CD Security Risks”!

OWASP, and specifically the “Top 10 Web Application Security Risks” framework, has had a crucial influence on the AppSec industry, both in relation to informing methodologies and thought patterns, as well as shaping the landscape of Web Application Security technologies.

To this day, OWASP continues to play a pivotal role in shaping the trajectory of the AppSec domain through an amazing community and infrastructure that allows AppSec practitioners all across the globe to build, share and spread knowledge around anything AppSec related.

The “Top 10 CI/CD Security Risks” framework is a result of over 9 months of extensive research and analysis by some of the best minds the AppSec industry has to offer with specific contributions by our main sponsor, Cider Security.
The AppSec domain has been undergoing a massive evolution over the last 2-3 years, with many new areas of focus appended to the scope of responsibilities of the AppSec practitioner. This contribution will assist the community to continue building a solid foundation of knowledge and context that will allow a smooth transition into this new AppSec area.

Cider Security, the main sponsor the of “Top 10 CI/CD Security Risks” framework, will remain highly committed to the cause of building and providing foundational knowledge to OWASP and the rest of the infosec community, to ensure it remains vigilant and continue successfully adapting to the evolving CI/CD security risk landscape.

Feel free to provide comments and contributions to the OWASP Top 10 CI/CD Security Risks through the project’s home page - https://owasp.org/www-project-top-10-ci-cd-security-risks/.