Welcome to the official repository for the Secure Code Review Guide. The Secure Code Review Guide is a comprehensive guide that aids software developers in reviewing code for security vulnerabilities and security bugs.

We are currently working on a new release (3.0), and our project is open for contributions. Have a look at the discussion folder to see how the project is shaping up and read about the roadmap and vision.

To find the previous code review guide 2.0 here.

• How to contribute
• Get in touch

The new release of the secure code review guide has just started, and as such, it's a fantastic time to join us and help shape the latest version. We welcome your contributions, whether you have a lot or just minimal experience in software engineering, security, or IT. We are happy to help you get started. Similarly, if you have a lot or just a little time at your hand, there are plenty of opportunities to help with this project.

Here are a few ways you can help:

• Please help us fix any spelling mistakes or grammatical errors in the current draft.
• The code review guide is only available in English, but it would be great if you could help translate it to another language.
• We have a list of open issues from which you can pick one to work on and submit a pull request. If you need help with getting started, please get in touch.
• Finally, if you have an excellent idea for improving the code review guide, you can also open a new issue yourself.

You can find us on Slack:

1. Join the OWASP Group Slack with this invitation link.
2. Join this project's channel #project-secure-code-review-guide

Feel free to ask questions, suggest ideas, or share your best recipes.