The OWASP Findings Format is a standardized structure for security items.
The idea behind OFF is to provide a unified open independent and trusted format that tools can export.
As this standard format is adopted and used, it will facilitate:
- Standardized representation of security findings in dashboards and such
- Standardized format for mining data out of large sets of findings from different tools
The OFF project initially defineds a JSON Schema for findings. Simply produce JSON that meets the validation requirements defined in the schema and offer this as an export option.
npm install ajv
node simpletest.js
We can use AJV to validate from the command line.
npm install ajv-cli
ajv validate -s owasp.off.schema.json -d example.finding.json
See: http://epoberezkin.github.io/ajv/#command-line-interface
The idea for OFF came from a Dallas OWASP Meeting where a participant indicated that the Indianapolis OWASP Chapter had conceived of this idea and made many exhortations to advance this as a standard.
The standard: http://json-schema.org/latest/json-schema-validation.html
Implementations: