# OWASP Top 10 CI CD Security Risks

### What is OWASP Top 10 CI CD 

OWASP (Open Web Application Security Project) Top 10 list focuses primarily on web application security risks rather than CI/CD (Continuous Integration/Continuous Deployment) security risks. 

### Example of OWASP CI CD policies in Delivery Shield

* **Prohibited use of unspecified package versions** - Unspecified Package versions can results in fetching uncertified latest package versions. It should be mandatory to pull only specific version except for latest as artifacts and dependencies.
* **Refrain from running pipelines originating from forked repos** - Repositories should be protected based on 2FA authentication
* **Untrusted Deployment via Configuration Drift** - Pipeline configuration should be fetched only from trusted sources.
*  **Open to merge public repositories for code utilities** - Dependency packages in code should not be open to merge publically.

Refer [OWASP](https://owasp.org/) for more information.