December 2025

Quests

Enhanced Email Reminders

We’ve enhanced Quests to give admins greater control over the frequency of reminder emails. This helps drive learner engagement by bringing learners back to the platform to complete their training.

PDF Curriculum Preview

Admins can now download a PDF version of the training curriculum in Quests. The PDF provides a clear breakdown of the training delivered for each language, including the specific activity types within each topic. This gives admins greater visibility into the learner experience and an easy way to share curricula internally.

Content

OWASP LLM Top 10: New Language, Topics, and Hands-On Activities

Python LangChain has been added as a new language in Quests and Learn, aligned with the OWASP LLM Top 10 vulnerabilities. Hands-on activities are now available for every covered vulnerability. This learning pathway and vulnerability set are fully supported by Quests and Trust Score. This content is exclusive to Quests, Learn, and Explore.

Cyber Resilience Act (CRA)–Aligned Learning in Quests and Legacy Courses

Quests now includes the following CRA-aligned resources:

• CRA Standard Objective: Enables admins to assign vulnerability topics aligned with CRA requirements.
• CRA Secure by Design Topic Collection: Allows admins to find and assign secure-by-design conceptual topics aligned with CRA requirements.

In addition, a new CRA legacy course template is now available, combining both vulnerability and secure-by-design learning aligned with CRA requirements.

New Quest Topics and Legacy Course Templates

The following topics are now available for selection in Quests and as legacy course templates:

• LLM Security Design Patterns
• Vibe Coding: Risk Management Framework

Language-Specific Python Rules Added to the AI Security Rules Public Repository

We've added language-specific Python rules to our publicly available GitHub repo of Security Rules for use with GenAI coding tools.

Trust Agent

Developer Discovery

We’ve added the ability to identify missing learners by analyzing code committers, now integrated into the user management experience. Once identified, admins can review code contributors, assign teams and tags, and invite them to the SCW learning platform in bulk. This helps ensure no developer is left out of your application security training program. This capability is available on Business and Enterprise plans.

Platform

Team Manager Dashboard

The new Team Manager dashboard is now available to all customers (once Quests is enabled). It provides team managers with a dedicated homepage featuring:

Quick visibility into Quest completion and Trust Score across their teams An overview of managed teams and users, with direct links to user and team management Engagement insights from the last three months, including new learners, active learners, and total time spent, with a link to the engagement report

Vulnerability Data Ingestion via API Connectors

Native API connectors for vulnerability scanners are now available, allowing customers to automatically sync vulnerability data into the SCW platform without manual CSV uploads.

Supported tools include:

• Fortify
• Polaris
• GitHub Advanced Security
• Snyk

Customers can connect by providing scanner credentials and selecting a 3-, 6-, 12-, or 24-month lookback period. The platform then securely authenticates, pulls data in the background, and normalizes it into a standard format, reducing manual effort and improving data consistency for more accurate reporting and learning recommendations.