A clean, searchable interface for exploring the OWASP Secure Pipeline Verification Standard.
This site makes it easier to work with the OWASP SPVS by providing an interactive table where you can search, filter, and sort all 108 security requirements. Each requirement includes practical "Quick Wins" - actionable tips to help teams implement controls quickly with specific tools, time estimates, and resources.
It contains all 108 requirements from SPVS across 5 pipeline stages:
- V1: Plan - Identity and Access Management, Hardening User Machines, Security Requirements, Developer Tools, Source Code Management
- V2: Develop - Secure Coding Practices, Software Quality, Code Review, Security Checks, Credential Hygiene, 3rd Party Libraries, Unit Testing
- V3: Integrate (CI) - Pipeline Environment Security, Credential Hygiene, Continuous Security Checks, Artifact Integrity
- V4: Release (CD) - Final Security Assessments, Compliance Checks, Secure Deployment Practices
- V5: Operate - Access Audit, Security Standard Enforcement, Secure Maintenance, Detection & Monitoring, Incident Response
- Search - Find requirements by keyword
- Filter by Chapter/Section - Focus on specific pipeline stages
- Filter by Level - View Level 1 (Foundational), Level 2 (Standard), or Level 3 (Advanced) requirements
- Quick Wins - Practical tips with tools, time estimates, and effort levels
- Progress Tracking - Mark requirements as complete (saved locally)
- Export - Download filtered results as CSV or PDF
The OWASP Secure Pipeline Verification Standard (SPVS) content is © 2008-2025 The OWASP Foundation and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
This website implementation is also shared under CC BY-SA 4.0 to maintain license compatibility.