GitHub Plugin
SecureFlag Knowledge Base for GitHub
Contextual software security microtraining for issues and pull requests, powered by the SecureFlag knowledge base.
This app responds to issues and pull requests that mention security vulnerabilities, with a recommended lab and information from the SecureFlag Knowledge Base. Each reply includes an overview of everything a developer needs to know in order to understand and remediate a given type of vulnerability, including example code!
We know that not all developers are security professionals, so CWE (Common Weakness Enumeration) numbers for common vulnerabilities are mapped to the Knowledge Base, providing an easier to ingest description of the vulnerability.
Installation
Access the app via GitHub here .
Click the Install button and select whether to install on specific repositories or organisation wide. See below for further details on each.
Repository Install: Installing on a repository requires the user is a repository administrator.
Organization Install: Organization wide install requires the user is an organization owner.
Usage
Simply mention a software vulnerability by name or CWE number in a pull request or issue, in either the title or body, and the bot will reply. Common abbreviations are supported as well.
For example:
Hey, there's a CSRF vulnerability here. Please fix ASAP.
Thanks for spotting this. This pull request fixes the vuln mentioned in issue 123. CWE 352.
Hm, there is another cross site request forgery vulnerability. Please audit all HTML forms.
All the above leads to the below response:
You can expand the Read More section to view further details as well.
Feedback
Want a new feature? Something not working right? We genuinely want to hear what you think! Please get in touch with us using our contact form here .
Related Articles
SonarQube Plugin
Contextual software security training for detected vulnerabilities and Security Hotspots. This plugin lists recent vulnerabilities and security hotspots detected by SonarQube, then attempts to find relevant training labs and remediation advice from ...Azure Plugin
Contextual software security microtraining for issues and pull requests, powered by the SecureFlag knowledge base. This plugin adds a new page to issues that mention security vulnerabilities, with a recommended lab and information from the SecureFlag ...Shortcut Plugin
Contextual software security microtraining for Shortcut stories, powered by the SecureFlag Knowledge Base. This plugin adds a link to the SecureFlag Knowledge Base to the description of stories that mention security vulnerabilities, with relevant ...Jira Plugins
SecureFlag Knowledge Base for Jira Plugins Contextual software security training for Jira issues, powered by the SecureFlag knowledge base. This app responds to issues that mention security vulnerabilities, with a recommended lab and information from ...SecureFlag ThreatCanvas for Jira
AI-powered threat modelling -- for Jira Cloud and Jira Data Center! SecureFlag ThreatCanvas for Jira Cloud and Jira Data Center enables developers to easily generate threat models from issues describing new features or changes to be made. ...