OWASP Appsec Pipeline

The OWASP AppSec Rugged DevOps Pipeline Project is the place to find the information you need to increase the speed and automation of your AppSec program. Using the sample implementation, documentation and references of this project will allow you to setup your own AppSec Pipeline.


The AppSec pipeline project is a place to gather together information, techniques and tools to create your own AppSec Pipeline. AppSec Pipelines takes the principles of DevOps and Lean and applies that to an application security program. The project will gather references, code, and specific guidance for tools/software which would compose an AppSec Pipeline.


The OWASP AppSec Pipeline Project documentation is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license (CC BY-SA 4.0) so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is the OWASP AppSec Pipeline Project

The AppSec Pipeline project is a place to gather together information, techniques and tools to create your own AppSec Pipeline.

News and Events

In Print



Besides the project leaders, contributions have been made by:

  • Michael J Reed Archangel33 - For a PR to help migrate the project website from the legacy wiki

Getting Involved

Involvement in the DevOps AppSec Pipeline is actively encouraged!

You do not have to be a security expert in order to contribute.

If you are interested in participating or having your product included in the review? Contact the project leaders on the Google Group (TBD - see below)

Some of the ways you can help:

Case Studies

Share your AppSec Pipeline! We would like to gather case studies on how organizations are addressing AppSec at scale. Please email the project leaders to have your case study added.


Is there a tool that is missing from our AppSec tooling review? Has your organization integrated or created a tool that integrates into the AppSec pipeline? Click on the ‘Pipeline Tool’s to contribute your review/tool.


Google Group will be available shortly for feedback, questions, etc - mtesauro on 2020-02-29