OWASP ModSecurity Contributing
ModSecurity has a long history but it was only in January 2024 that it has been transferred to OWASP. When OWASP ModSecurity started, there was no development community and we are now building this community from the ground up.
We want this to be a welcoming development community with strong technical skills and an excellent culture.
The guidelines will grow and expand as we move forward. We start with the bare minimum.
We welcome contributions via pull requests to the github repo.
For the time being, ModSecurity v2 and ModSecurity v3 continue to be developed in parallel. So new features or breaking changes will have to be execute out in parallel. When unsure, please get in touch early so we can discuss your plans.
The team is available on github and the OWASP Slack in the #project-modsecurity channel. So for technical questions or discussions of feature requests you can either open a github issue or fire a question on our Slack.
See below for technical guidelines and what we want to see in PRs.
We have a CI/CD in place. What we got from Trustwave was minimal, but more automated testing is on the roadmap for us.
For the time being, there is no real team with write access to the repo. In fact the only developers with write access to the repos are the project leaders. That means every review and every merging is in the hand of the OWASP ModSecurity project leaders.
Every PR will be reviewed by one of the project leaders. Expect some feedback, the need to update your PR etc. Standard procedure.
As we move forward the community will grow and formalize and more people will get write access to the repo. But th
FIXME
FIXME
ModSecurity v3 is written in C++, following the C++17 standard.
FIXME