This feature will be part of Google Summer of code 2026. Please ensure you read the following to ensure you are able to participate: https://owasp.org/www-community/initiatives/gsoc/gsoc2026
The Solution
Similarly to cornucopia, we should add an endpoint for each EoP card and have a browsable EOP deck. A feature like that has been asked for through OWASP Threat Dragon in order to integrate threat modeling card games into Threat Dragon. This will make it easier to increase adoption when doing threat modeling using card games.
Additional context
Each of the cards in the EoP game should be browsable from here: https://cornucopia.owasp.org/cards
and from here: http://cornucopia.owasp.org/edition/eop
Like done here:
http://cornucopia.owasp.org/edtion/webapp
and here:
http://cornucopia.owasp.org/cards/VE2
The code that needs to be changed can be found here:
The source for the cards (description and card values) are available here: https://github.com/OWASP/cornucopia/blob/master/source/eop-cards-5.0-en.yaml
Once it is done, it should work like for the website edition:
https://cornucopia.owasp.org/cards/AZ2
You may need to add some dummy yaml pages under a folder called eop-cards-5.0-en here: https://github.com/OWASP/cornucopia/tree/master/cornucopia.owasp.org/data/cards
The YAML does not need to be filled out.
The graphics can be found here: https://github.com/adamshostack/eop/tree/master
We prefer the use of svg to minimize the site load, if possible, but there is already images and css for eop generated and available at:
The EoP cards should also be accessible through the API that OWASP Threat Dragon uses: /api/cre/[edition] /[lang]/
This is the full overview over the html routes:
/edition/[edition]/[card]/[version]/[en]
/edition/[edition]/[card]/[version]
/edition/[edition]/[card]
/edition/[edition]
/cards/[card]
In addition you have the json api which gives you:
/lang/[edition]/[version]
/cre/[edition]/[lang]
/cre/[edition]/[lang]
This feature will be part of Google Summer of code 2026. Please ensure you read the following to ensure you are able to participate: https://owasp.org/www-community/initiatives/gsoc/gsoc2026
The Solution
Similarly to cornucopia, we should add an endpoint for each EoP card and have a browsable EOP deck. A feature like that has been asked for through OWASP Threat Dragon in order to integrate threat modeling card games into Threat Dragon. This will make it easier to increase adoption when doing threat modeling using card games.
Additional context
Each of the cards in the EoP game should be browsable from here: https://cornucopia.owasp.org/cards
and from here: http://cornucopia.owasp.org/edition/eop
Like done here:
http://cornucopia.owasp.org/edtion/webapp
and here:
http://cornucopia.owasp.org/cards/VE2
The code that needs to be changed can be found here:
The source for the cards (description and card values) are available here: https://github.com/OWASP/cornucopia/blob/master/source/eop-cards-5.0-en.yaml
Once it is done, it should work like for the website edition:
https://cornucopia.owasp.org/cards/AZ2
You may need to add some dummy yaml pages under a folder called eop-cards-5.0-en here: https://github.com/OWASP/cornucopia/tree/master/cornucopia.owasp.org/data/cards
The YAML does not need to be filled out.
The graphics can be found here: https://github.com/adamshostack/eop/tree/master
We prefer the use of svg to minimize the site load, if possible, but there is already images and css for eop generated and available at:
cornucopia/copi.owasp.org/assets/css/cards.scss
Line 500 in 1bfa5cf
The EoP cards should also be accessible through the API that OWASP Threat Dragon uses: /api/cre/[edition] /[lang]/
This is the full overview over the html routes:
/edition/[edition]/[card]/[version]/[en]
/edition/[edition]/[card]/[version]
/edition/[edition]/[card]
/edition/[edition]
/cards/[card]
In addition you have the json api which gives you:
/lang/[edition]/[version]
/cre/[edition]/[lang]
/cre/[edition]/[lang]