The OWASP DevSlop project contains several modules, all with the purpose of teaching participants about DevSecOps.

The offical website for the project can be found at https://devslop.co.

OWASP DevSlop Modules

DevSlop has different modules that make up the project. You can use one, some, or all of them. They are all maintained to function independantly of each other.


OWASP DevSlop has a blog on dev.to!


At least once a month, we invite brillant folks from the DevSecOps community to teach us something new. You can find out when we stream by joining our Meetup Group. You can catch the shows you’ve missed on YouTube. This module is lead by Nancy Gariché.


This module is lead by Nicole Becher with help from Mordecai Kraushar and Tanya Janca.


The Pixi-CRS Continuous Integration pipeline provides automated end-to-end testing of the intentionally-vulnerable Pixi application with a Web Application Firewall (WAF) in front of the application, and an automated security vulnerability scanner and web proxy (“ZAP”, OWASP Zed Attack Proxy) pointed at the application and WAF. This module is lead by Franziska Bühler.

More details on Pixi-CRS.


Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.