Skip to content

docs: restructure guideline and expand content for 2025/2026#104

Merged
Ali-Yazdani merged 1 commit into
OWASP:masterfrom
Ali-Yazdani:master
Jun 27, 2026
Merged

docs: restructure guideline and expand content for 2025/2026#104
Ali-Yazdani merged 1 commit into
OWASP:masterfrom
Ali-Yazdani:master

Conversation

@Ali-Yazdani

Copy link
Copy Markdown
Collaborator

Refactor the documentation structure to a more logical hierarchy and significantly expand the technical depth of the DevSecOps guidelines.

Key changes include:

  • Restructured the directory hierarchy for better organization of People, Process, and Governance pillars.
  • Added comprehensive new sections on modern security concerns:
    • Software Supply Chain Security (SBOM, Artifact Signing, Provenance, and CI/CD Pipeline Security).
    • AI Governance and Risk (AI in the SDLC and AI in products).
    • Application Security Posture Management (ASPM).
  • Expanded existing documentation with deep dives into:
    • Secure Design and Requirements.
    • IDE and AI-assisted development security.
    • Infrastructure as Code (IaC) scanning.
    • Container hardening and cloud-native security (CNAPP).
    • API security (OWASP API Top 10).
    • Mobile application security (OWASP MAS).
    • Vulnerability management and risk-based prioritization.
  • Updated all core documentation to reflect current industry standards and frameworks (NIST SSDF, SLSA, OWASP SAMM/DSOMM).
  • Archived previous versions into the old-versions/V0.3/ directory to maintain historical context.
  • Updated the README and Table of Contents to reflect the new structure.

@Ali-Yazdani Ali-Yazdani merged commit a4f4793 into OWASP:master Jun 27, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant