Our GitHub integration provides contextual training on secure coding techniques in a variety of programming languages and frameworks from directly within the issues and pull requests you are working on. This GitHub app will automatically add comments containing security vulnerability descriptions and links to relevant code exercises to help you and your team learn how these vulnerabilities work and how to prevent them.
Secure Code Warrior for GitHub will serve training content based on Common Weakness Enumeration (CWE) or Open Web Application Security Project (OWASP) references identified in the issue or pull request title, body, labels and comments. This has been designed to work with several popular security tools that can be configured to push findings into GitHub issues with these references automatically. The app will also search pull request status check output for these references. If no references are included, this app will also search for common vulnerability names and phrases.
Contextual micro-learning helps minimise disruption of development workflow to make learning more efficient by giving you access to training relevant to the issues you are working on when you are working on them, saving you time and increasing effectiveness. Read more about it in this blog post or try it out here.