Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Principle:OWASP Www project top 10 for large language model applications Entry Publication

From Leeroopedia
Knowledge Sources OWASP/www-project-top-10-for-large-language-model-applications
Domains Security Standards, Publication Pipeline, CI/CD, Automation
Last Updated 2026-02-14

Overview

Entry Publication defines the process of publishing finalized vulnerability entries through a Pull Request workflow with automated tooling including LLM-generated PR descriptions, standardized PR templates, and GitHub Actions.

Description

Once vulnerability entries have been refined and the final Top 10 ranking is established through community voting, the entries must be published to the project's official site. Entry Publication is the principle governing the final stage of the vulnerability entry development workflow, where completed entries are submitted through Pull Requests that follow a standardized template, receive automatically generated descriptions, and are processed by CI/CD pipelines.

This principle solves the problem of inconsistent and poorly documented contributions to the published standard. Without a structured publication pipeline, contributors might submit Pull Requests with minimal descriptions, making review difficult. The project addresses this with three complementary mechanisms:

  • Contributing Guidelines (CONTRIBUTING.md) -- establishes the community-driven project ethos, points contributors to the main project site for comprehensive guidelines, directs them to the style guide, and encourages participation through bi-weekly sync meetings, Slack channels, and various project initiatives. No OWASP membership is required to contribute.
  • PR Template (.github/PULL_REQUEST_TEMPLATE.md) -- provides a structured checklist for every Pull Request with sections for Key Changes, Added, Changed, and Removed items. Each section uses checkbox lists to ensure contributors document their changes systematically.
  • Automated PR Description Generator (.hooks/generate_pr_description.py) -- uses the rigging library with openai/gpt-4o-mini to automatically generate PR descriptions from git diffs. The tool analyzes the diff between the source branch and the base branch, truncates large diffs to a configurable maximum (default 1000 lines), and produces a concise markdown summary focusing on key modifications and potential impact.

Usage

Apply this principle during the final publication stage of the vulnerability entry development workflow. It is relevant whenever contributors open Pull Requests to merge new or updated vulnerability entries, documentation changes, or any other project content into the main branch. The automated PR description generator is particularly useful for large changesets where manually summarizing the diff would be time-consuming.

Theoretical Basis

The Entry Publication process follows a multi-layered automation methodology:

Layer 1: Contribution Guidelines

Contributors are guided by CONTRIBUTING.md to the main project site and style guide. The guidelines emphasize that the project is community-driven and open to all contributors regardless of background or experience.

Layer 2: PR Template Enforcement

GitHub automatically populates the PR body with the template when contributors create a new Pull Request. The template requires structured documentation: 

Key Changes:
  - [ ] List major changes and core updates
  - [ ] Keep each line under 80 characters
  - [ ] Focus on the "what" and "why"

Added:
  - [ ] New features/functionality
  - [ ] New files/configurations
  - [ ] New dependencies

Changed:
  - [ ] Updates to existing code
  - [ ] Configuration changes
  - [ ] Dependency updates

Removed:
  - [ ] Deleted files/code
  - [ ] Removed dependencies
  - [ ] Cleaned up configurations

Layer 3: Automated PR Description Generation

The generate_pr_description.py script automates PR description creation using LLM-powered analysis: 

def publication_pipeline(base_ref, source_ref, generator_id, max_diff_lines):
    """
    Generate a PR description from git diff using LLM.
    """
    # Step 1: Compute the diff between branches
    diff = get_diff(base_ref, source_ref)

    # Step 2: Truncate if too large
    diff_lines = diff.split("\n")
    if len(diff_lines) > max_diff_lines:
        diff = "\n".join(diff_lines[:max_diff_lines]) + TRUNCATION_WARNING

    # Step 3: Use LLM to generate structured description
    description = generate_pr_description(diff)

    return description

The LLM prompt instructs the model to:

  • Keep the summary concise and informative.
  • Use bullet points to structure important statements.
  • Focus on key modifications and potential impact.
  • Write like a developer who authored the changes.
  • Prefer flat bullet lists over nested.
  • Order bullet points by importance.
  • Return "No relevant changes." if there are no changes.

The pipeline uses rigging as the LLM orchestration library with openai/gpt-4o-mini as the default generator, and includes security validation for git commands (PATH validation, argument type checking, path traversal prevention in exclude lists).

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Principle:OWASP_Www_project_top_10_for_large_language_model_applications_Entry_Publication&oldid=23557"