Cloudogu GmbH has integrated a free plugin into its SCM-Manager (tool for SourceCode Management) that displays contextual training videos and exercises on security topics from Secure Code Warrior in pull requests. This allows developers and reviewers to find and fix insecure code, at the earliest stage of the development lifecycle.
When descriptions, inserted comments or tasks in pull requests contain a keyword related to a security topic, the new SCM-Manager plugin automatically adds relevant explanations, videos and fun challenges from Secure Code Warrior. By displaying the information in small learning units based on the situation, developers can quickly educate themselves individually in an engaging way. This helps development teams to ship high-quality and secure code with confidence.
Recommended ITech News: Data Security Disruptor Dasera Strengthens Executive Ranks With Three Top Women Leaders In Marketing, Engineering, And Product Roles
Quickly fill knowledge gaps with micro-learning and gamification.
The extensive Secure Code Warrior database includes short descriptions, training videos, and gamified exercises for all major programming languages and frameworks, including frontend, web, mobile, infrastructure-as-code (IaC), backend, and APIs. SCM-Manager users can take advantage of these without an account with Secure Code Warrior. The more than 30 topics include learning content on about 150 security vulnerabilities such as access control (including authentication and authorization), data processing (including XSS and DoS), insecure development practices, protecting sensitive data, and incorrect configuration.
The keyword list also includes synonyms for each term, as well as different spellings, to provide developers with relevant content in as many cases as possible.
The Secure Code Warrior learning content easily assists developers and reviewers in creating secure code. Two example scenarios:
Recommended ITech News: North American Utilities Expand Digital Transformations to Address Vulnerabilities Exposed by COVID-19 Pandemic
Pull Request as a learning example: an experienced developer has closed a security vulnerability and then creates a pull request with keywords related to the corresponding security topic. The plugin automatically adds the relevant content from Secure Code Warrior. In this way, the pull request can be used as a learning example for team members, who can expand their knowledge of security topics in an entertaining, quick and easy way.
Learning while performing a review: An experienced developer performs a review of a pull request and finds a potential security vulnerability. To have it closed before the merge, he adds a comment or task to the pull request. Matching the terms that occur, the developer receives all the necessary information from Secure Code Warrior and can make the necessary changes.
Recommended ITech News: Intelligent Waves LLC Promotes John Hammes To Chief Strategy Officer (CSO)
