From f4a295abeea3ec7c206971882ab8b4d43db78fe6 Mon Sep 17 00:00:00 2001
From: "owasp-nest[bot]" <204073339+owasp-nest[bot]@users.noreply.github.com>
Date: Sat, 11 Oct 2025 00:28:02 +0000
Subject: [PATCH 1/2] Add OWASP Top 10 for Large Language Model Applications
 metadata

Generated on 2025-10-11 by Arkadii Yakovets as part of the OWASP Schema initiative within OWASP Nest.
Repository: `OWASP/www-project-top-10-for-large-language-model-applications`

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
---
 .github/dependabot.yml                        | 52 ++-----------------
 .../workflows/validate-owasp-metadata.yaml    | 27 ++++++++++
 project.owasp.yaml                            | 38 ++++++++++++++
 3 files changed, 69 insertions(+), 48 deletions(-)
 create mode 100644 .github/workflows/validate-owasp-metadata.yaml
 create mode 100644 project.owasp.yaml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c0d9df61..8f35efdf 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,51 +1,7 @@
-# .github/dependabot.yml
 version: 2
 updates:
-  # Enable version updates for npm/yarn (JavaScript/TypeScript dependencies)
-  - package-ecosystem: "npm"
-    directory: "/"
+  - package-ecosystem: github-actions
+    directory: /
     schedule:
-      interval: "weekly"
-    # Ignore the agent_security_initiative directory as it contains deliberately insecure code
-    ignore:
-      - dependency-name: "*"
-        paths:
-          - "initiatives/agent_security_initiative/**"
-    labels:
-      - "dependencies"
-      - "security"
-
-  # Enable version updates for Python dependencies (pip/pipenv/poetry)
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    ignore:
-      - dependency-name: "*"
-        paths:
-          - "initiatives/agent_security_initiative/**"
-    labels:
-      - "dependencies"
-      - "security"
-
-  # Enable version updates for Docker
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    ignore:
-      - dependency-name: "*"
-        paths:
-          - "initiatives/agent_security_initiative/**"
-    labels:
-      - "dependencies"
-      - "security"
-
-  # Enable version updates for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    labels:
-      - "dependencies"
-      - "ci"
+      interval: weekly
+      time: '00:45'
diff --git a/.github/workflows/validate-owasp-metadata.yaml b/.github/workflows/validate-owasp-metadata.yaml
new file mode 100644
index 00000000..3c148ca0
--- /dev/null
+++ b/.github/workflows/validate-owasp-metadata.yaml
@@ -0,0 +1,27 @@
+name: Validate OWASP entity metadata
+
+on:
+  pull_request:
+    paths:
+      - '*.owasp.yaml'
+  push:
+    paths:
+      - '*.owasp.yaml'
+
+permissions:
+  contents: read
+
+concurrency:
+  cancel-in-progress: true
+  group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  validate-metadata:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Validate metadata file
+        uses: owasp/nest-schema/.github/actions/validate@a733198b4a942eb12d3ee8629cd9e0d409b1b2b9
diff --git a/project.owasp.yaml b/project.owasp.yaml
new file mode 100644
index 00000000..b4167475
--- /dev/null
+++ b/project.owasp.yaml
@@ -0,0 +1,38 @@
+audience:
+  - builder
+community:
+  - name: project-genai
+    platform: slack
+    url: https://owasp.slack.com/archives/C05956H7R8R
+    description: "Project Website: <https://genai.owasp.org>\n\nOWASP page: <https://github.com/OWASP/www-project-top-10-for-large-language-model-applications>\n\
+      \nGitHub Repo: <https://github.com/OWASP/www-project-top-10-for-large-language-model-applications>"
+leaders:
+  - name: Steve Wilson
+    email: steve.wilson@owasp.org
+    github: virtualsteve-star
+  - name: Ads Dawson
+    email: ads.dawson@owasp.org
+    github: GangGreenTemperTatum
+  - name: John Sotiropoulos
+    email: john.sotiropoulos@owasp.org
+    github: jsotiro
+  - name: Scott Clinton
+    email: scott.clinton@owasp.org
+    github: SClinton
+  - name: Sandy Dunn
+    email: sandy.dunn@owasp.org
+    github: subzer0girl2
+level: 2
+name: OWASP Top 10 for Large Language Model Applications
+pitch: Aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large
+  Language Models (LLMs)
+repositories:
+  - name: www-project-top-10-for-large-language-model-applications
+    url: https://github.com/OWASP/www-project-top-10-for-large-language-model-applications
+    description: OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)
+tags:
+  - example-tag
+  - custom-tag-1
+  - custom-tag-2
+type: documentation
+website: https://owasp.org/www-project-top-10-for-large-language-model-applications

From d3de56c7bb0a3ba391c90410834eebe85599b3cf Mon Sep 17 00:00:00 2001
From: "owasp-nest[bot]" <204073339+owasp-nest[bot]@users.noreply.github.com>
Date: Sat, 11 Oct 2025 00:35:11 +0000
Subject: [PATCH 2/2] Add OWASP Top 10 for Large Language Model Applications
 metadata

Generated on 2025-10-11 by Arkadii Yakovets as part of the OWASP Schema initiative within OWASP Nest.
Repository: `OWASP/www-project-top-10-for-large-language-model-applications`

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
---
 .github/dependabot.yml | 52 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 48 insertions(+), 4 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8f35efdf..c0d9df61 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,7 +1,51 @@
+# .github/dependabot.yml
 version: 2
 updates:
-  - package-ecosystem: github-actions
-    directory: /
+  # Enable version updates for npm/yarn (JavaScript/TypeScript dependencies)
+  - package-ecosystem: "npm"
+    directory: "/"
     schedule:
-      interval: weekly
-      time: '00:45'
+      interval: "weekly"
+    # Ignore the agent_security_initiative directory as it contains deliberately insecure code
+    ignore:
+      - dependency-name: "*"
+        paths:
+          - "initiatives/agent_security_initiative/**"
+    labels:
+      - "dependencies"
+      - "security"
+
+  # Enable version updates for Python dependencies (pip/pipenv/poetry)
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*"
+        paths:
+          - "initiatives/agent_security_initiative/**"
+    labels:
+      - "dependencies"
+      - "security"
+
+  # Enable version updates for Docker
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "*"
+        paths:
+          - "initiatives/agent_security_initiative/**"
+    labels:
+      - "dependencies"
+      - "security"
+
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "ci"