Merge pull request #370 from helxplatform/owasppr

Pr template
helxplatform · Aug 15, 2024 · aa2410c · aa2410c
2 parents 5b6826b + e25aab0
commit aa2410c
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,16 @@
+## Describe your changes
+
+## Secure Software Development Lifecycle
+- [ ] High Level Data Flow Diagrams Exist for Feature/Function?
+- [ ] Initial Threat Modeling table has been completed against diagram?
+- [ ] Have code changes been validated against [OWASP Top 10?](https://owasp.org/www-project-top-ten/)
+   - [A01:2021 - Broken Access Control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/)
+   - [A02:2021 - Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/)
+   - [A03:2021 - Injection](https://owasp.org/Top10/A03_2021-Injection/)
+   - [A04:2021 - Insecure Design](https://owasp.org/Top10/A04_2021-Insecure_Design/)
+   - [A05:2021 - Security Misconfiguration](https://owasp.org/Top10/A05_2021-Security_Misconfiguration/) 
+   - [A06:2021 - Vulnerable and Outdated Components](https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/)
+   - [A07:2021 - Identification and Authentication Failures](https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/)
+   - [A08:2021 - Software and Data Integrity Failures](https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/)
+   - [A09:2021 - Security Logging and Monitoring Failures](https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/)
+   - [A10:2021 - Server-Side Request Forgery](https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/)