OWASP Secure Code Review Guide
Welcome to the official repository for the Secure Code Review Guide. The Secure Code Review Guide is a comprehensive guide that aids software developers in reviewing code for security vulnerabilities and security bugs.
We are currently working on a new release (3.0), and our project is open for contributions. Have a look at the discussion folder to see how the project is shaping up and read about the roadmap and vision.
To find the previous code review guide 2.0 here.
How to contribute
The new release of the secure code review guide has just started, and as such, it's a fantastic time to join us and help shape the latest version. We welcome your contributions, whether you have a lot or just minimal experience in software engineering, security, or IT. We are happy to help you get started. Similarly, if you have a lot or just a little time at your hand, there are plenty of opportunities to help with this project.
Here are a few ways you can help:
- Please help us fix any spelling mistakes or grammatical errors in the current draft.
- The code review guide is only available in English, but it would be great if you could help translate it to another language.
- We have a list of open issues from which you can pick one to work on and submit a pull request. If you need help with getting started, please get in touch.
- Finally, if you have an excellent idea for improving the code review guide, you can also open a new issue yourself.
Get in touch
You can find us on Slack:
- Join the OWASP Group Slack with this invitation link.
- Join this project's channel #project-secure-code-review-guide
Feel free to ask questions, suggest ideas, or share your best recipes.