Resolve vulnerabilities faster with in-app learning

Secure Code Warrior for GitHub brings secure coding learning to GitHub, making it easier for you to access the highly relevant learning resources when you need them. Available in a number of programming languages and frameworks, these resources are fetched from Secure Code Warrior’s Learning Platform based on the vulnerability descriptions found in issues and pull requests. Only the most relevant learning resources are identified and added as comments - making learning a part of the developers' conversations in GitHub.

Get the help you need at the right time

When a vulnerability issue is assigned to a developer, they are given help - in the form of learning content in comments - to resolve the issue. We call this contextual micro-learning - bite-sized and highly relevant to the vulnerability in question. Developers can take immediate action to resolve the issue rather than search for resources online that may not be validated or secure.

Uses CWE or OWASP references to identify content

This app will serve training content based on Common Weakness Enumeration (CWE) or Open Web Application Security Project (OWASP) references identified in the issue or pull request title, body, labels or comments. This has been designed to work with several popular security tools that can be configured to push findings into GitHub issues with these references automatically. The app will also search pull request status check output for these references and is compatible with GitHub CodeQL Code Scanning. If no references are included, this app will fall back to searching for common vulnerability names and phrases.

Additional Information

For more information on configuring the app, please refer to the configuration guide.