Integrate Secure Code Warrior for GitHub in Slack
with Axolo

Secure Code Warrior for GitHub is a powerful application that brings secure coding learning to GitHub. The service is designed to help developers access highly relevant learning resources when they need them. The resources are available in several programming languages and frameworks and are fetched from the Learning Platform based on vulnerability descriptions found in issues and pull requests. The app only adds the most relevant learning resources as comments, making learning a part of the developers' conversations in GitHub.

The contextual learning feature of Secure Code Warrior for GitHub is particularly useful. When a vulnerability issue is assigned to a developer, they are given help in the form of learning content in comments to resolve the issue. The app uses Common Weakness Enumeration (CWE) or Open Web Application Security Project (OWASP) references to identify content. This means that the app will serve training content based on the references identified in the issue or pull request title, body, labels, or comments.

Secure Code Warrior for GitHub is compatible with several popular security tools that can be configured to push findings into GitHub issues with these references automatically. The app will also search pull request status check output for these references and is compatible with GitHub CodeQL Code Scanning. If no references are included, the app will fall back to searching for common vulnerability names and phrases. Overall, Secure

- Fetches learning resources from the Learning Platform based on vulnerability descriptions found in issues and pull requests
- Adds only the most relevant learning resources as comments to developers' conversations in GitHub
- Provides contextual learning in the form of bite-sized and highly relevant learning content in comments to resolve vulnerability issues
- Uses CWE or OWASP references to identify content
- Serves training content based on CWE or OWASP references identified in the issue or pull request title, body, labels, or comments
- Designed to work with several popular security tools that can be configured to push findings into GitHub issues with these references automatically
- Searches pull request status check output for these references
- Compatible with GitHub CodeQL Code Scanning
- Falls back to searching for common vulnerability names and phrases if no references are included

The pricing for Secure Code Warrior for GitHub is a free plan with no additional paid options available.

Integrating Secure Code Warrior for GitHub in Slack with Axolo is beneficial because it allows developers to access relevant secure coding learning resources in real-time, making it easier for them to resolve vulnerability issues. This contextual learning approach ensures that developers receive bite-sized and highly relevant learning content based on the vulnerability descriptions found in issues and pull requests, which can be added as comments in GitHub. This integration also uses CWE or OWASP references to identify content and is compatible with several popular security tools, making it an effective solution for secure coding.