OWASP BLT (Bug Logging Tool) is a gamified, crowd-sourced platform for QA testing and vulnerability disclosure across various digital assets. It connects security researchers with organizations needing testing, fostering collaboration and rewarding contributions. The project integrates AI for efficiency and a blockchain system for rewards, aiming to streamline bug hunting and security improvements.

How It Works

BLT operates on a gamified, community-driven model. It facilitates the discovery of testing opportunities and incentivizes participation through a blockchain-based staking system and rewards. AI tools assist in coding, code review, and vulnerability identification. A core feature is the automated GitHub Actions leaderboard, which tracks and ranks user contributions (PRs, reviews, comments) to promote engagement and recognize top contributors.

Quick Start & Requirements

• Prerequisites: Python 3.11.2+, PostgreSQL, Docker & Docker Compose (recommended).
• Installation: Docker (docker-compose up) or Poetry (poetry install). A beginner-friendly setup using GitHub Codespaces with Poetry and SQLite is available.
• Links: Contributing Guide (implied by README).

Highlighted Details

• Gamified QA Testing & Vulnerability Disclosure platform.
• AI-Powered Tools for coding, PR reviews, issue generation, and similarity scanning.
• Blockchain-based Staking System for contributor rewards.
• Automated GitHub Actions Leaderboard for contribution tracking and ranking.
• OWASP Project affiliation.

Maintenance & Community

Developed by the OWASP BLT Community. Key community links include the Website, Slack, and Twitter.

Licensing & Compatibility

Licensed under AGPL-3.0. This strong copyleft license requires derivative works to be shared under the same terms, impacting commercial use and closed-source integration.

Limitations & Caveats

Potential psutil import errors during Poetry setup require manual installation. The leaderboard employs anti-abuse measures like PR limits and daily caps. The beginner setup relies on GitHub Codespaces.