claude-code-owasp  by agamm

OWASP security standards for AI and application development

Created 5 months ago
278 stars

Top 93.1% on SourcePulse

GitHubView on GitHub
Project Summary

This project provides a Claude Code skill designed to integrate the latest OWASP security best practices (2025-2026) directly into developer workflows. It targets developers using Claude Code, offering immediate access to comprehensive security standards and language-specific guidance to build more secure applications.

How It Works

The skill operates within the Claude Code environment, leveraging its progressive disclosure model. A core SKILL.md file provides quick references for OWASP Top 10:2025, ASVS 5.0, LLM Application security, and Agentic AI security. Additional detailed information, including language-specific security quirks and code examples, is loaded on demand from the reference/ directory. This approach ensures efficient access to relevant security information without overwhelming the user, facilitating context-aware code reviews and secure coding practices.

Quick Start & Requirements

Installation is straightforward using Node.js's npx with degit to copy the GitHub subdirectory: npx degit agamm/claude-code-owasp/.claude/skills/owasp-security .claude/skills/owasp-security. Alternatively, the entire repository can be cloned via git clone https://github.com/agamm/claude-code-owasp.git and the relevant directory copied. The primary requirement is a functional Claude Code environment. No other non-default prerequisites like specific hardware or datasets are mentioned.

Highlighted Details

  • Comprehensive coverage includes OWASP Top 10:2025, ASVS 5.0, OWASP Top 10 for LLM Applications (2025), and OWASP Agentic AI Security (2026).
  • Features security code review checklists for critical areas like input handling, authentication, and data protection.
  • Provides practical secure code patterns with explicit unsafe/safe examples.
  • Extensive language support details security quirks, common vulnerabilities, and best practices for over 20 languages, including JavaScript/TypeScript, Python, Java, C/C++, Rust, and Go.

Maintenance & Community

Contributions are welcomed and can be submitted via pull requests following standard GitHub fork-and-branch workflows. The project is hosted on GitHub at https://github.com/agamm/claude-code-owasp.git. No specific community channels like Discord or Slack are listed in the README.

Licensing & Compatibility

The project is released under the permissive MIT License. This license allows for broad use, modification, and distribution, including integration into commercial and closed-source applications without significant restrictions.

Limitations & Caveats

The primary limitation is its dependency on the Claude Code platform; it cannot be used as a standalone tool. While it provides extensive guidance, developers remain responsible for implementing and verifying security measures. No alpha status or known bugs are mentioned.

Health Check
Last Commit

1 week ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
0
Star History
48 stars in the last 30 days

Explore Similar Projects

Starred by Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems").

codegate by stacklok

0%
789
AI agent security and management tool
Created 1 year ago
Updated 1 year ago
Feedback? Help us improve.