1title: Secure Software Development Guidance to OWASP Top 10
 2metadata:
 3  id: SSD-OWASP-MAP-001
 4  version: "1.0.0"
 5  type: MappingDocument
 6  gemara-version: "0.20.0"
 7  description: >
 8    Maps Secure Software Development Guidance guidelines to OWASP Top 10
 9    categories. Minimal example for tutorials; relationship types are relates-to.
10  author:
11    id: gemara-example
12    name: Gemara Example Author
13    type: Human
14  mapping-references:
15    - id: ORG-SSD
16      title: Secure Software Development Guidance
17      version: "1.0.0"
18      url: "file://guidance-example.yaml"
19    - id: OWASP
20      title: OWASP Top 10
21      version: "2021"
22      url: "https://owasp.org/Top10"
23
24source-reference:
25  reference-id: ORG-SSD
26target-reference:
27  reference-id: OWASP
28remarks: Guidance guidelines ORG.SSD.GL01–GL03 mapped to OWASP for tutorial use.
29
30mappings:
31  - id: GL01-A06
32    source:
33      entry-id: ORG.SSD.GL01
34      entry-type: Guideline
35    target:
36      entry-id: "A06"
37      entry-type: Guideline
38    relationship: relates-to
39    rationale: Immutable image references support supply chain integrity; OWASP A06 covers vulnerable and outdated components.
40
41  - id: GL02-A01
42    source:
43      entry-id: ORG.SSD.GL02
44      entry-type: Guideline
45    target:
46      entry-id: "A01"
47      entry-type: Guideline
48    relationship: relates-to
49    rationale: Branch protection reduces unauthorized code changes; OWASP A01 covers broken access control.
50
51  - id: GL03-A02
52    source:
53      entry-id: ORG.SSD.GL03
54      entry-type: Guideline
55    target:
56      entry-id: "A02"
57      entry-type: Guideline
58    relationship: relates-to
59    rationale: VPN on untrusted networks protects data in transit; OWASP A02 covers cryptographic failures.