1# Secure Software Development Guidance to OWASP Top 10 (tutorial example)
2# Conforms to Gemara #MappingDocument (mappingdocument.cue).
3# gemara-version: v1.2.0 — https://github.com/gemaraproj/gemara/releases/tag/v1.2.0
4# Source guidance catalog: ../guidance/guidance-example.yaml (metadata.id ORG.SSD.001)
5# entry-type on source-reference / target-reference applies to all entries on that side (#TypedMapping).
6title: Secure Software Development Guidance to OWASP Top 10
7metadata:
8 id: SSD-OWASP-MAP-001
9 type: MappingDocument
10 gemara-version: "1.2.0"
11 description: >
12 Maps Secure Software Development Guidance guidelines to OWASP Top 10
13 categories. Minimal example for tutorials; relationship types are relates-to.
14 version: "1.0.0"
15 author:
16 id: gemara-example
17 name: Gemara Example Author
18 type: Human
19 mapping-references:
20 - id: ORG.SSD.001
21 title: Secure Software Development Guidance
22 version: "1.0.0"
23 url: "file://../guidance/guidance-example.yaml"
24 - id: OWASP
25 title: OWASP Top 10
26 version: "2021"
27 url: "https://owasp.org/Top10"
28
29source-reference:
30 reference-id: ORG.SSD.001
31 entry-type: Guideline
32target-reference:
33 reference-id: OWASP
34 entry-type: Guideline
35remarks: Guidance guidelines ORG.SSD.GL01–GL03 mapped to OWASP for tutorial use.
36
37mappings:
38 - id: GL01-A06
39 source: ORG.SSD.GL01
40 relationship: relates-to
41 targets:
42 - entry-id: "A06"
43 strength: 7
44 rationale: Immutable image references support supply chain integrity; OWASP A06 covers vulnerable and outdated components.
45
46 - id: GL02-A01
47 source: ORG.SSD.GL02
48 relationship: relates-to
49 targets:
50 - entry-id: "A01"
51 strength: 6
52 rationale: Branch protection reduces unauthorized code changes; OWASP A01 covers broken access control.
53
54 - id: GL03-A02
55 source: ORG.SSD.GL03
56 relationship: relates-to
57 targets:
58 - entry-id: "A02"
59 strength: 6
60 rationale: VPN on untrusted networks protects data in transit; OWASP A02 covers cryptographic failures.