From 66bfd3080da430bb7c80a679a5c1b104cd7ee53f Mon Sep 17 00:00:00 2001
From: "owasp-nest[bot]" <204073339+owasp-nest[bot]@users.noreply.github.com>
Date: Fri, 3 Oct 2025 17:06:01 +0000
Subject: [PATCH 1/3] Add OWASP CSRFGuard metadata

Generated on 2025-10-03 by Arkadii Yakovets as part of the OWASP Schema initiative within OWASP Nest.
Repository: `OWASP/www-project-csrfguard`

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
---
 .../workflows/validate-owasp-metadata.yaml    | 24 ++++++++++++++
 project.owasp.yaml                            | 32 +++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 .github/workflows/validate-owasp-metadata.yaml
 create mode 100644 project.owasp.yaml

diff --git a/.github/workflows/validate-owasp-metadata.yaml b/.github/workflows/validate-owasp-metadata.yaml
new file mode 100644
index 0000000..45d5a03
--- /dev/null
+++ b/.github/workflows/validate-owasp-metadata.yaml
@@ -0,0 +1,24 @@
+name: Validate OWASP entity metadata
+
+on:
+  pull_request:
+    paths:
+      - '*.owasp.yaml'
+  push:
+    paths:
+      - '*.owasp.yaml'
+
+concurrency:
+  cancel-in-progress: true
+  group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  validate-metadata:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Validate metadata file
+        uses: owasp/nest-schema/.github/actions/validate@a733198b4a942eb12d3ee8629cd9e0d409b1b2b9
diff --git a/project.owasp.yaml b/project.owasp.yaml
new file mode 100644
index 0000000..8e46b93
--- /dev/null
+++ b/project.owasp.yaml
@@ -0,0 +1,32 @@
+audience:
+  - breaker
+  - builder
+leaders:
+  - name: Azzeddine RAMRAMI
+    email: azzeddine.ramrami@owasp.org
+    github: aramrami
+  - name: Istvan Albert-Toth
+    email: istvan.alberttoth@owasp.org
+  - name: Sébastien Gioria
+    email: sebastien.gioria@owasp.org
+    github: SPoint42
+level: 4
+license:
+  - BSD-3-Clause
+name: OWASP CSRFGuard
+pitch: OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF)
+  attacks.
+repositories:
+  - name: www-project-csrfguard
+    url: https://github.com/OWASP/www-project-csrfguard
+    description: The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
+  - name: OWASP-CSRFGuard
+    url: https://github.com/aramrami/OWASP-CSRFGuard
+    description: OWASP CSRFGuard 3.1.0
+tags:
+  - csrfguard
+  - defenders
+  - breakers
+  - vulnerability-management
+type: tool
+website: https://owasp.org/www-project-csrfguard

From d25d7d9778e2ab03f2925dc8f0840c641d71403a Mon Sep 17 00:00:00 2001
From: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
Date: Fri, 7 Nov 2025 13:35:02 +0200
Subject: [PATCH 2/3] Fixed contributors and repository entries

---
 project.owasp.yaml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/project.owasp.yaml b/project.owasp.yaml
index 8e46b93..6aa93d1 100644
--- a/project.owasp.yaml
+++ b/project.owasp.yaml
@@ -7,9 +7,6 @@ leaders:
     github: aramrami
   - name: Istvan Albert-Toth
     email: istvan.alberttoth@owasp.org
-  - name: Sébastien Gioria
-    email: sebastien.gioria@owasp.org
-    github: SPoint42
 level: 4
 license:
   - BSD-3-Clause
@@ -20,9 +17,6 @@ repositories:
   - name: www-project-csrfguard
     url: https://github.com/OWASP/www-project-csrfguard
     description: The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
-  - name: OWASP-CSRFGuard
-    url: https://github.com/aramrami/OWASP-CSRFGuard
-    description: OWASP CSRFGuard 3.1.0
 tags:
   - csrfguard
   - defenders

From 9b662f6dfc275f1759ade066af332e05edc4dd97 Mon Sep 17 00:00:00 2001
From: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
Date: Fri, 7 Nov 2025 13:36:17 +0200
Subject: [PATCH 3/3] Reduce OWASP metadata validation action permission to
 read

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/validate-owasp-metadata.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/validate-owasp-metadata.yaml b/.github/workflows/validate-owasp-metadata.yaml
index 45d5a03..29dd696 100644
--- a/.github/workflows/validate-owasp-metadata.yaml
+++ b/.github/workflows/validate-owasp-metadata.yaml
@@ -1,4 +1,6 @@
 name: Validate OWASP entity metadata
+permissions:
+  contents: read
 
 on:
   pull_request: