Skip to main content

Secure Code Warrior

Organizations: Access Secure Code Warrior’s pre-built learning modules directly from the HackerOne Platform (Beta)

Updated over a week ago

This feature is in Beta. To participate, please contact your Account Team.

Overview

Upskill your development teams based on vulnerability findings!

Access Secure Code Warrior’s pre-built learning modules directly from the HackerOne Platform or supported developer tools. Target learning modules based on the vulnerability types to improve code quality and prevent security vulnerabilities.

Use Cases

  • Utilize insights from HackerOne reports to provide pre-built training sessions, directly addressing common coding errors and security gaps.

  • Empower security teams to focus on more strategic, high-impact initiatives by automating targeted routine training suggestions on vulnerability findings.

  • Equip developers with the knowledge they need to prevent vulnerabilities at the source, enhancing their efficiency and reducing the need for later remediation.

Finding Recommended Learnings

In the HackerOne Platform

  1. Go to Findings and identify reports with an established weakness.

  2. Select a vulnerability report with a weakness.

  3. Click on View training for CWE-XXX to go to Secure Code Warrior for recommended learning.

  4. Log in to SCW.

  5. Select the coding language.

  6. Complete training to prevent future security vulnerabiltiies.

Supported Formats/Developer Tools

Escalate report data and relevant learning to prevent future security vulnerabilities in HackerOne integrations supporting markdown, Jira, and ServiceNow Applications.

The following integrations are currently supported.

  • ServiceNow

  • Jira

  • GitHub

  • Linear

  • Azure DevOps

  • Asana

  • ClickUp

Integrations

To add recommended Secure Code Warrior (SCW) learning content to tickets escalated from HackerOne reports, the following integration variables have been added:

  • secure_code_warrior

  • secure_code_warrior_jira

These integration variables contain a high-level description of the vulnerability and a link to relevant training exercises on the Secure Code Warrior platform.

For instructions on how to use the integration variables, please refer to the documentation in the setup for your specific integration.

Example configuration for Jira integration:

Did this answer your question?