Skip to content

Getting Started

First of all Create a GitHub account (a free one is enough) by following these steps.

Our workflow is like this:

  1. Open a Discussion (for ideas and proposals) If your proposal qualifies for the MASTG/MASVS we'll convert it into an "Issue" (the discussion might take a while).

  2. MASVS Example: "Add a MASVS-CRYPTO requirement on Key rotation"

  3. MASTG Example: "Add a Test case for key rotation"

  4. Open an Issue (for concrete actionable things that have to / could be done) For instance, there's a typo, or it's clear that a certain Test case doesn't have e.g. "Dynamic Analysis" and it should be added.

  5. Open a PR (to add actual content) This could be the fix for the mentioned typo, a whole new section or some other content. Usually a PR has a "closes" sentence in its description. For example "Closes #543" so that we (and GitHub) know which Issue(s) is being addressed on that PR.

Normally, contributors should follow the whole flow. But sometimes it's clear what's needed so we directly go to 2 (open an issue) or even to 3 (open a PR). We recommend starting with a discussion or directly contacting us to save you the hurdle of writing and submitting new content that does not qualify so we have to reject it after the work is done.

If you just have an specific question you can post it to (you need a GitHub Account):

  • https://github.com/OWASP/owasp-masvs/discussions/categories/q-a
  • https://github.com/OWASP/owasp-mastg/discussions/categories/q-a

"GitHub Discussions" are re-posted to our Slack channel.

Once you get your answer please mark it as answered. When you mark a question as an answer, GitHub will highlight the comment and replies to the comment to help visitors quickly find the answer.

Contribute Online

GitHub makes this extremely easy.

For small changes in one file:

  1. Go to the file you'd like to modify and click on "Edit".
  2. Do your changes and commit them. GitHub will guide you and suggest to open a Pull Request.

For more complex changes or across files:

  1. Press . while browsing the repo or pull request.
  2. You'll be welcomed with a "github.dev Web-based Editor" where you can work using an online Visual Studio.
  3. Do your changes, commit and push them as you'd do locally.

github.dev

Learn more about the github.dev Web-based Editor in "GitHub Docs".

Contribute Offline

For this you need an IDE or text editor and git on your machine. We recommend using the free Visual Studio Code editor with the markdownlint extension.

  1. Fork the repo. Forking the repo allows you to make your changes without affecting the original project until you're ready to merge them.
  2. Clone your fork repo and add the remote upstream repo, e.g. for owasp-masvs: 
    $ git clone https://github.com/<your_github_user>/owasp-masvs.git
$ cd owasp-masvs/
$ git remote add upstream [email protected]:OWASP/owasp-masvs.git
  3. Create a branch. 
    $ git checkout -b fix-issue-1456
  4. Make your changes.
  5. Commit and push your changes. This can be done by executing the command git add MYFILE for every file you have modified, followed by git commit -m 'Your Commit Message' to commit the modifications and git push to push your modifications to GitHub.
  6. Open a PR.