Secure Code Warrior for GitHub brings secure coding learning to GitHub, making it easier for you to access the highly relevant learning resources when you need them. Available in a number of programming languages and frameworks, these resources are fetched from our Learning Platform based on the vulnerability descriptions found in issues and pull requests. Only the most relevant learning resources are added as comments - making learning a part of the developers' conversations in GitHub.

Get the help you need at the right time

When a vulnerability issue is assigned to a developer, they are given help - in the form of learning content in comments - to resolve the issue. We call this contextual learning - bite-sized and highly relevant to the vulnerability in question.

Uses CWE or OWASP references to identify content

This app will serve training content based on Common Weakness Enumeration (CWE) or Open Web Application Security Project (OWASP) references identified in the issue or pull request title, body, labels, or comments. This has been designed to work with several popular security tools that can be configured to push findings into GitHub issues with these references automatically. The app will also search pull request status check output for these references and is compatible with GitHub CodeQL Code Scanning. If no references are included, this app will fall back to searching for common vulnerability names and phrases.