Azure Plugin
Contextual software security microtraining for issues and pull requests, powered by the SecureFlag knowledge base.
This plugin adds a new page to issues that mention security vulnerabilities, with a recommended lab and information from the SecureFlag Knowledge Base. Each reply includes an overview of everything a developer needs to know in order to understand and remediate a given type of vulnerability, including example code!
We know that not all developers are security professionals, so CWE (Common Weakness Enumeration) numbers for common vulnerabilities are mapped to the Knowledge Base, providing an easier to ingest description of the vulnerability.
Installation
Access the app via the Visual Studio Marketplace here .
Click the Get it free button. From there, select the organization on which to install the plugin and click “Install”. The plugin is available for free.
Usage
Simply mention a software vulnerability by name or CWE number in an issue, in either the title or body, and then open the SecureFlag page. Common abbreviations are supported as well.
For example:
Hey, there's a SQLi vulnerability here. Please fix ASAP.
Thanks for spotting this. This pull request fixes the vuln mentioned in issue 123. CWE 89.
Hm, there is another sql injection vulnerability. Please audit all HTML forms.
All the above leads to the below response:
Feedback
Want a new feature? Something not working right? We genuinely want to hear what you think! Please get in touch with us using our contact form here .
Related Articles
SecureFlag ThreatCanvas for Azure
Threat model your features with AI-powered tooling. The SecureFlag ThreatCanvas plugin helps you integrate security early in your development lifecycle by automatically generating threat model diagrams from your Azure Boards work item descriptions. ...Shortcut Plugin
Contextual software security microtraining for Shortcut stories, powered by the SecureFlag Knowledge Base. This plugin adds a link to the SecureFlag Knowledge Base to the description of stories that mention security vulnerabilities, with relevant ...SonarQube Plugin
Contextual software security training for detected vulnerabilities and Security Hotspots. This plugin lists recent vulnerabilities and security hotspots detected by SonarQube, then attempts to find relevant training labs and remediation advice from ...SecureFlag Findings2Training Plugin for IntelliJ IDEA
SecureFlag Findings2Training is an IntelliJ IDEA plugin that watches for security issues in your project and automatically recommends the relevant training articles and hands-on practice labs to help you understand and fix them. Prerequisites Before ...SecureFlag Analyzer Plugin for IntelliJ IDEA
AI-powered vulnerability detection, right in your IDE. Overview The SecureFlag Analyzer plugin integrates with IntelliJ IDEA to deliver real-time security analysis as you code. Powered by advanced LLMs (Anthropic and ChatGPT), it detects potential ...