Custom Labs: Quick Start Manual
Custom Labs lets you build tailored Code Review labs in just a few clicks, using your own demonstrative code or snippets. They help challenge developers with vulnerabilities that reflect the technologies and patterns they use every day.
In Code Review Labs, participants are guided through analyzing a given scenario, understanding the code and its associated vulnerability, and identifying the specific lines that lead to the security weakness.
These labs can be fully customized to meet an organization’s specific training needs.
How Custom Labs Works
- The code for your Custom Lab is stored in a Git repository (GitHub or GitLab).
- You can edit or upload code directly using the platform’s built-in web IDE (for example, GitHub Codespaces or GitLab Web IDE).
- After your code is ready, simply tag your repository to automatically upload your labs to SecureFlag.
- Set up the lab by adding the required metadata in the platform.
1. Set Up a Git Repository
Ask your Customer Success Manager (CSM) to set up a new GitHub or GitLab repository for your Custom Labs. If you prefer to use your own existing repository, your CSM can also guide you through configuring it to work seamlessly with our platform.
Authentication Setup
As part of the setup, your Customer Success Manager will provide a unique Customer ID for your organization (for example, 123-org-name-1a2b3c4d). CI automation uses this ID to deploy your Custom Labs, and you will reference it later when writing the lab instructions.
If needed, AWS authentication tokens can also be configured to ensure secure communication between your repository and our platform.
2. Add Your Labs' Code
Repository Structure
Each lab's code lives in its own directory and represents a specific vulnerability scenario tailored to your team.
For each lab, the code must be placed under “labs/<flag name>/” either in GitLab or GitHub.
Flag name rules:
- Lowercase
- Alphanumeric characters only
- No spaces or special characters
Platform Agnostic
You don’t need Git installed locally to use Custom Labs. The system works with any Git-based repository that supports CI automation, making it easy to use with your existing GitHub, GitLab, or other Git platforms.
Editing Your Code
GitLab
GitHub
GitLab
You can upload or edit code directly online using GitLab Web IDE.
Add the code to the relevant repository by opening the file in the GitLab Web IDE and committing your changes there.
Below is an example of the directory structure for reference:
Once your code is uploaded, you can either commit it directly to the repository or create a merge request to review and merge the changes.
GitHub
You can upload or edit code directly online using GitHub’s VSCode Web Editor.
Add the code to the relevant repository by opening the file in the GitHub Web IDE and committing your changes there.
Below is an example of the directory structure for reference:
Once your code is uploaded, you can either commit it directly to the repository or create a pull request to review and merge the changes.
3. Deploy Your Code
After uploading or editing your lab code, tag your repository.
Tagging in GitLab
Tagging in GitHub
Tagging in GitLab
Once you’ve added or updated your code, you’ll need to tag your repository and create a release.
You can tag the repository by following the steps below:
- In the left-hand menu, click Code and then select Tags.
- Click the New tag button to create a new tag.
- Enter a tag name (for example, v1.1.3) and click Create tag.
- After the tag is created, click Create release.
- Enter a title in the Release title field and click Create release again.
- You’ll then see the new release associated with your tag under the Tags section.
If the run/job completes successfully, it means all your labs in the repository have been uploaded to the SecureFlag system and will be deployed within approximately 5 minutes.
Tagging in GitHub
Once you’ve added or updated your code, you’ll need to tag your repository and create a release.
You can tag the repository by following the steps below:
- In the right-hand menu inside the repository, under the Releases section, click the + release.
- Click the Draft a new release button to create a new tag.
- Click the Tag dropdown and click the Create new tag button.
- Enter a name for the tag and click the Create button to add it.
- Give the release a title and click the Publish release button.
- You can see the released version under the Actions menu.
If the run/job completes successfully, it means all your labs in the repository have been uploaded to the SecureFlag system and will be deployed within approximately 5 minutes.
4. Write Your Metadata
After you have created the code, you’ll need to define the lab metadata in the SecureFlag platform to complete your custom lab setup.
1. Adding Description
Start by adding the title and other key details for your custom lab. You will need to provide:
- Title of the lab
- Subtitle of the lab
- Author of the lab – typically your organization
- Lab Type – select Code Review from the dropdown
- Lab Status
- Technology – the main technology used in your lab
- Description – a description of the vulnerability covered
- Max Duration – the expected time to complete the lab
- Difficulty – the complexity level of the lab
- Lab Framework
2. Information for the Lab
The Information tab explains how to run the code review labs. It serves as a setup guide to help you navigate the code, select a line, and submit your findings.
3. Adding Lab Flags
In the Flags tab, you can define the flag title, select the Knowledge Base article related to your lab, set the maximum score, and provide the lab instructions.
Next, specify the offending line in your code where the vulnerability exists in the Vulnerability Code Ranges section.
You can also add a hint for the lab and configure the score deduction applied when the hint is used.
Once done, click Update Flag to save your changes.
4. Assign Tags
You can assign tags to the lab by entering them in the Tags text box.
5. Repository
In the Repository tab, enter the Customer ID provided by your Customer Success Manager, along with the flag name you configured for your lab in GitHub or GitLab.
Once everything is completed, click Save to create the lab. You can then find your custom lab by searching in the Labs tab.
5. Create Infinite Learning Opportunities
Now that your Custom Labs are set up, you’re ready to engage your entire development community. Combine your own code, videos, and vulnerability references with SecureFlag’s content to create limitless learning paths. Custom Labs make the possibilities endless. Build, share, and challenge your developers in ways that best align with your organization’s goals.
Related Articles
Review Completed Labs
The Completed Labs view provides Organization Admins with full visibility of the labs being played by their users. To access this view, navigate to the Completed Labs Tab. The Completed Labs view allows you to filter attempts of users by: Lab ID Lab ...Setting Assignment Strategy
You can set assignment strategies for new users in your organization. There are four different assignment strategies available, and you can choose your preferred assignment from the ones below. Overview of Assignment Strategy: None: No activities ...Users
The platform offers multiple user roles with varying levels of privilege to help you run an efficient, secure coding training program. User Role Run Labs Run Learning Paths Create Learning Paths Create Labs Add Remove Update Users Create Tournaments ...Learning Paths
Custom Learning Paths This feature is available exclusively on the Enterprise Plans. Learn more. The platform offers a catalog of courses called Learning Paths, which include hands-on labs, knowledge-base articles, and videos. We highly recommend ...Assign Activities
The platform offers multiple options to assign activities such as labs or learning paths, to individual users, groups, teams, or the entire organization. By following these steps, you can create customized training plans that address learners' ...