DEVOPSdigest

Secure Code Warrior announced support for GitHub’s new code scanning functionality in conjunction with a new collaboration with Snyk.

Secure Code Warrior has built a GitHub Action that brings contextual learning to GitHub code scanning. The new GitHub Action processes the new industry-standard SARIF file and appends Secure Code Warrior contextual learning based upon CWE references in a SARIF rule object. This means developers can use a third-party action like the Snyk Container Action to find vulnerabilities, and then augment the output with hyper-relevant learning.

“Secure Code Warrior’s vision is to empower developers with the skills and knowledge to prevent code vulnerabilities in the first place. This new GitHub Action adds our secure code training to industry-standard SARIF files within a GitHub Workflow - delivering developer-centric contextual learning when needed most, ultimately making it easier for developers to release quality code faster.” said Matias Madou, CTO and co-founder, Secure Code Warrior. “We feel that the more context developers have for the vulnerabilities being flagged, the more they’re able to understand the risks, prioritize fixing the most pressing issues, and ultimately prevent them in the first place.”

Secure Code Warrior is positioned to support the new SARIF standard and integrate with other third-party scanning tools inside the Github code scanning ecosystem such as; Snyk, Checkmarx, Fortify On Demand, Synopsis and Veracode. Our open approach to developer-centric learning empowers development and security teams to not just find vulnerabilities but enrich SAST reports with actionable knowledge. This provides developers with the skills and knowledge when they need it most, preventing vulnerabilities from occurring and reducing the need for rework.

“Pairing integrations from Snyk and Secure Code Warrior with GitHub code scanning is a powerful combination that gives developers security information and education that is both insightful and actionable,” said John Leon, VP of Business Development, GitHub.

“Snyk and Secure Code Warrior have a joint focus on helping developers reduce the impact of software vulnerabilities by increasing the security awareness and skills of developers. Combining Snyk's security technology with training solutions from Secure Code Warrior helps developers more easily build secure applications with confidence,” said Gareth Rushgrove, Director of Product Management, Snyk.

Secure Code Warrior has a number of technical integrations that allows organizations to build securely by delivering contextual training and coaching in the developers preferred environment. The platform launched in 2015, helps developers to think and act with a security mindset every day.