What is it?

Our GitHub integration enables development teams to resolve vulnerability issues quickly and confidently - with highly relevant and bite-sized secure coding learning within GitHub.

How does it work?

When SAST tools scan and detect vulnerabilities, they may send the results to other developer tools as needed. This is done using an industry-standard format, Statis Analysis Results Interchange Format (SARIF) file. When the SARIF file reaches GitHub, our GitHub Action will pre-process the file and scan the findings for any vulnerability references. If found, the relevant content is fetched from our Learning Platform, appended to the SARIF file, which is then processed by GitHub to create Code Scanning Alerts under the Security tab within GitHub.

This empowers your development and security teams to not only find vulnerabilities, but also enrich supported SAST tool reports with real-time knowledge that helps developers prevent vulnerabilities from recurring.

To see it in action, please see the video below:

Installation and configuration

The GitHub Action can be added from the Marketplace: https://github.com/marketplace/actions/add-secure-code-warrior-contextual-training-to-sarif 

More information on the installation can also be found at the link above.

Useful links

• Overview: https://www.securecodewarrior.com/products/scw-for-github 
• GitHub Marketplace: https://github.com/marketplace/actions/add-secure-code-warrior-contextual-training-to-sarif 
• Blog post: Stop disrupting my workflow! How you can get the right security training at the right time