Latest pre-release

Commits

• 364cca5: Adding the wiki deck to each card and adding STRIDE explanation that can be used in threat modeling sessions. (sydseter) #1695
• da18909: Add instructions regarding using the mapping (sydseter) #1695

Release v2.4.8

Merge pull request #1677 from OWASP/urls-to-devguide

Add urls to the OWASP Developer Guide from Cornucopia

Release v2.4.7

Merge pull request #1661 from OWASP/licensing

Update licensing to make way for the next version

Release v2.4.6

Merge pull request #1653 from OWASP/dependabot/pip/types-requests-2.3…

Release v2.4.5

Merge pull request #1629 from OWASP/cw-owasp-patch-1

Added Max's video to How to Play page

Release v2.4.4

Merge pull request #1620 from OWASP/code-coverage

#1487 and #1614 Allow failure, but publish results

Release v2.4.3

Merge pull request #1603 from OWASP/dependabot/npm_and_yarn/cornucopi…

v2.4.2 release

Merge pull request #1549 from OWASP/companion-edition

Companion edition post

v2.4.1

Merge pull request #1528 from OWASP/dependabot/npm_and_yarn/cornucopi…

v2.4.0

The clouds can be a scary place. All these machines that simply aren't yours. So how can you make sure you continuously keep your cloud infrastructure secure? OWASP Cumulus is the easy way to bring security into the cloud and your DevOps teams. Play it at copi.owasp.org!

---

As a variant of the card game Elevation of Privilege it follows the idea of threat modeling a system via gamification. This lightweight and low-barrier approach helps you to find threats in your DevOps or cloud project and teaches the developers a security oriented mindset.

Threat Modeling

The idea of threat modeling via serious games goes back to the card game Elevation of Privilege by Adam Shostack. The basic idea is to bring the developers to the table and get them to start discussing the security of their system. For this, a card game serves as a guide through a catalogue of threats. It is designed to be a low-barrier and naturally embeddable approach within agile software development processes.

While we at OWASP Cornucopia have been focusing on creating games focused on web- and mobile application security, we have felt that the specific needs of the DevOps team working in cloud environments have been missing. OWASP Cumulus seeks to fill this gap and provides a custom card deck with threats for cloud systems.

How to Play Cumulus

• Go to: https://copi.owasp.org/games/new
• Select OWASP Cumulus from the drop-down list
• Make sure you have done all the preparations
• The click: Create the Game
• Send the link to 3 players

Once 3 players have join, click start the game.

Commits

• 2990e72: Bump urllib3 from 2.4.0 to 2.5.0 in the pip group (dependabot[bot]) #1397
• 7c9c41f: Bump step-security/harden-runner from 2.12.0 to 2.12.1 (dependabot[bot]) #1398
• 51d68a6: Bump svelte from 5.34.5 to 5.34.6 in /cornucopia.owasp.org (dependabot[bot]) #1400
• a723f44: Bump hexpm/elixir in /copi.owasp.org (dependabot[bot]) #1401
• a9e4a55: Bump plug_cowboy from 2.7.3 to 2.7.4 in /copi.owasp.org (dependabot[bot]) #1402
• 37ca5ab: Bump ecto_sql from 3.12.1 to 3.13.0 in /copi.owasp.org (dependabot[bot]) #1403
• 924c749: Bump svelte-check from 4.2.1 to 4.2.2 in /cornucopia.owasp.org (dependabot[bot]) #1406
• d57556a: Bump @sveltejs/kit from 2.21.5 to 2.22.0 in /cornucopia.owasp.org (dependabot[bot]) #1407
• bbc4316: Bump swoosh from 1.19.2 to 1.19.3 in /copi.owasp.org (dependabot[bot]) #1408
• 54746fa: Bump svelte from 5.34.6 to 5.34.7 in /cornucopia.owasp.org (dependabot[bot]) #1405
• 728483b: Do no install the pyinstaller as part of the package manifest as it crashes the build (Johan Sydseter) #1410
• 8384f3d: Bump ecto_sql from 3.13.0 to 3.13.1 in /copi.owasp.org (dependabot[bot]) #1412
• a17e122: Add OWASP Cumulus as a game to Copi (sydseter) #1413
• cb41197: Add the creator of OWASP Cumulus (sydseter) #1413
• 73a1b8f: Fix test (sydseter) #1413
• 4f1669c: Adding article about OWASP Cumulus (sydseter) #1413
• 9a9d8da: Fix writing error (sydseter) #1413
• 2597633: Bump urllib3 from 2.4.0 to 2.5.0 (dependabot[bot]) #1404
• 44b80bd: Bump pathvalidate from 3.2.3 to 3.3.1 (dependabot[bot]) #1392
• a319439: Bump mypy from 1.15.0 to 1.16.1 (dependabot[bot]) #1391
• a8efcbf: Bump flake8 from 7.2.0 to 7.3.0 (dependabot[bot]) #1417
• 56fd1b7: Update post about Cumulus (Uncle Joe) #1419
• 3ad5fe3: Bump @types/node from 24.0.3 to 24.0.4 in /cornucopia.owasp.org (dependabot[bot]) #1421
• 4d856c4: Bump phoenix_ecto from 4.6.4 to 4.6.5 in /copi.owasp.org (dependabot[bot]) #1422
• 7ce45a9: Bump erlef/setup-beam from 1.19.0 to 1.20.1 (dependabot[bot]) #1424
• 6c14563: Fix css styling for the Cumulus cars (sydseter) #1425
• 413e9d6: Bump ecto_sql from 3.13.1 to 3.13.2 in /copi.owasp.org (dependabot[bot]) #1423
• 160bd14: Revert "Merge pull request #1401 from OWASP/dependabot/docker/copi.owasp.org/hexpm/elixir-1.18.4-erlang-28.0-debian-bullseye-20250610" (sydseter) #1415
• 3525720: Build the docker file always to check that it can be deployed. (sydseter) #1415
• 6bfe644: Specify working dir for building the dockerfile (sydseter) #1415
• 33d4ff3: Bump vite-plugin-static-copy in /cornucopia.owasp.org (dependabot[bot]) #1427
• 778e497: Bump svelte from 5.34.7 to 5.34.8 in /cornucopia.owasp.org (dependabot[bot]) #1429- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -