Promote scorecards with OWASP Top 10 examples

[udayk-port]

Description

1. Introduce OWASP Top 10 score card with Snyk
2. Re-organize

Added docs pages

The following paths have been added

• /promote-scorecards/examples/
• /promote-scorecards/examples/Benchmarking%20against%20OWASP%20Top%2010
• /promote-scorecards/examples/Dora%20metrics%20based%20on%20number%20of%20deployments
• /promote-scorecards/examples/Ensure%20relation%20existence
• /promote-scorecards/examples/Ownership%20Scorecard

Updated docs pages

This path now has a new page markdown under the folder structure to help accomodate more sub-sections

• /promote-scorecards/examples/

[aws-amplify-eu-west-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-2649.d2ngvl90zqbob8.amplifyapp.com

[udayk-port]

Fixing typos and making minor improvements soon. ETA: 11th Monday 12 Noon AEST. Please do not merge

[kodjomiles]

Some few comments

[kodjomiles]

rename the file to follow the same file naming conventions (ie begin with small letters, like examples.md)

[kodjomiles]

This looks odd, Can we have a section for examples in the promote scorecard page, and then the link will lead to this page.

It will also be good if they were cards. the page looks weird with just the links

[kodjomiles]

add a line break here to detach the bottom context a bit slightly from the image

[kodjomiles]

You should move this to prerequisite and reference the integrations that need to be setup for this documentation. So user's before hand know which integrations are needed to follow through with this example

[kodjomiles]

Change to a header tag

Prerequisite

[kodjomiles]

There's a way we put this.

This guide assumes you have a Port account and that you have finished the onboarding process.
Install Port's GitHub app
Install Port's Snyk integration

[kodjomiles]

Move all the blueprint related setup to a header called ## Set up data model

[kodjomiles]

Move this to a separate header called update data source and let the blueprint setup come before the mapping update happens

[claude]

Claude finished @udayk-port's task —— View job

---

PR Review Complete ✅

Reviewing PR #2649: "Promote scorecards with OWASP Top 10 examples"

Todo List:

• Read CONTRIBUTING.md guidelines
• Review modified documentation file
• Check against previous reviewer feedback
• Provide comprehensive review feedback

---

📋 Overall Assessment

This PR adds a comprehensive OWASP Top 10 scorecard example to the documentation, which is valuable content. However, there are several issues that need to be addressed to meet Port's documentation standards.

🎯 Major Issues

1. File Organization & Structure

• The file was previously docs/promote-scorecards/examples/Examples.md (per review comments) but should be renamed to follow lowercase conventions (examples.md)
• Consider restructuring the page to use cards for better visual hierarchy instead of just links

2. OWASP Section Issues

The OWASP Top 10 section has several structural problems:

Prerequisites Section (lines 164-167)

❌ Current format:

<h2>Prerequisites</h2>
- This example assumes you have a Port account...

✅ Should be:

## Prerequisites

This guide assumes you have a Port account and that you have finished the [onboarding process](https://docs.port.io/getting-started/overview).

**Required integrations:**
- Install Port's [GitHub app](https://docs.port.io/build-your-software-catalog/sync-data-to-catalog/git/github/#setup)
- Install Port's [Snyk integration](https://docs.port.io/build-your-software-catalog/sync-data-to-catalog/code-quality-security/snyk/)

Content Structure Issues

• Line 109: Typo "blueprtint" should be "blueprint"
• Lines 186-194: Code block not properly formatted within collapsible section
• Line 155: Image needs line break separation from surrounding content
• Lines 1034-1051: "Next steps" section needs better formatting and structure

3. Writing Style & Tone Issues

Inconsistent Voice (Line 157)

❌ Current: "This section explains how to build..."
✅ Should be: "Let's build..." (following "We" language guideline)

British vs American Spelling (Line 1046)

❌ Current: "customised", "organisation's"
✅ Should be: "customized", "organization's"

Typo (Line 1051)

❌ Current: "security weaknesss"
✅ Should be: "security weakness"

4. Technical Content Issues

Formatting Standards

• Missing proper spacing around sections
• HTML tags used instead of markdown headers in some places
• Inconsistent code block formatting within collapsible sections

Link and Reference Issues

• All internal links should use full paths (per guidelines)
• Some code examples could benefit from better commenting
• Images properly formatted but could use better context

📝 Detailed Line-by-Line Review

Line	Issue	Fix
109	Typo: "blueprtint"	Change to "blueprint"
155	Image needs spacing	Add line break after image
157	Tone inconsistency	Change "This section explains" to "Let's build"
164-167	HTML headers instead of markdown	Use ## instead of <h2>
186-194	Code formatting in details	Fix JSON formatting
1034	Informal tone	"Some common issues" → proper heading
1046	British spelling	"customised" → "customized"
1051	Typo	"weaknesss" → "weakness"

🔧 Recommendations

High Priority

1. Fix the file naming convention issue mentioned by previous reviewer
2. Convert HTML headers to proper markdown headers (## not <h2>)
3. Restructure prerequisites section with proper formatting
4. Fix spelling and grammar issues

Medium Priority

1. Improve the examples page layout with cards instead of plain links
2. Add proper spacing between sections using <br /> where needed
3. Ensure consistent "We" language throughout the guide

Low Priority

1. Consider adding more troubleshooting scenarios
2. Enhance next steps section with more actionable items

✅ Positive Aspects

• Comprehensive technical content: The OWASP integration is well-documented with complete JSON configurations
• Good use of collapsible sections: Proper use of details/summary for large code blocks
• Helpful troubleshooting section: Addresses common implementation issues
• Complete end-to-end example: Covers all necessary steps from setup to implementation

🚧 Previous Review Comments Status

Addressed:

• ✅ OWASP section improvements by hadar-co have been incorporated

Still Need Attention:

• ❌ File naming convention (kodjomiles feedback)
• ❌ Page layout improvements with cards (kodjomiles feedback)
• ❌ Some formatting issues remain

🎯 Action Items

1. Rename file to follow lowercase conventions
2. Fix structural issues with headers and formatting
3. Address spelling/grammar issues identified
4. Improve prerequisites section formatting
5. Consider page layout improvements with cards for better UX

This PR contains valuable content but needs these formatting and structural improvements to meet Port's documentation standards.

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[kodjomiles]

Looks good overall, left some few comments and suggestions

[kodjomiles]

Suggested change

	With the addition of the `CWE` property to the `Snyk Vulnerability` blueprint, you can now classify vulnerabilities by CWE and align them with the [OWASP Top 10](http://owasp.org/Top10) categories.
	With the addition of the `CWE` property to the `Snyk Vulnerability` blueprint, you can now classify vulnerabilities by CWE and align them with the [OWASP Top 10](http://owasp.org/Top10) categories.

[kodjomiles]

We can head straight to {...} Edit JSON without going to Edit blueprint first

[kodjomiles]

Suggested change

	4. Update the existing JSON by incorporating the following data in it, then click `Save`.
	4. Update the aggregation property to include the snippet JSON snippet below:

[kodjomiles]

Since it's just the aggregation property we are adding we can be specific. so the user knows exactly where to put this json snippet

[kodjomiles]

If the relation is a high dependency then we might want to show them how to add that relation

[kodjomiles]

Suggested change

	The next step is to add the OWASP identifiers as mirrored properties to the `GitHub Repository` blueprint, and update the mapping configuration so that each `GitHub Repository` is automatically linked to its corresponding `Snyk Target`. This link is what allows the mirrored OWASP properties to pull their values from the related Snyk data.
	The next step is to add the OWASP identifiers as mirrored properties to the `GitHub Repository` blueprint, and update the mapping configuration so that each `GitHub Repository` is automatically linked to its corresponding `Snyk Target`.
	This link is what allows the mirrored OWASP properties to pull their values from the related Snyk data.

[kodjomiles]

Suggested change

	3. Click on the `...` button in the top right corner, choose `Edit blueprint`, then click on the `{...} Edit JSON` button.
	3. Click on the `...` button in the top right corner and click on the `{...} Edit JSON` button.

[kodjomiles]

Suggested change

	4. Update the existing JSON by incorporating the following data in it, then click `Save`.
	4. Update the mirrorProperties to include the snippet below:

[kodjomiles]

Updating the entire JSON would cause inconvenience if the user has other mirror properties or the user might end up replacing the entire JSON with the snippet we are providing