Shortcut Plugin

Shortcut Plugin

Contextual software security microtraining for Shortcut stories, powered by the SecureFlag Knowledge Base.

This plugin adds a link to the SecureFlag Knowledge Base to the description of stories that mention security vulnerabilities, with relevant labs and technical information. Each reply includes an overview of everything a developer needs to know in order to understand and remediate a given type of vulnerability, including example code!

We know that not all developers are security professionals, so CWE (Common Weakness Enumeration) numbers for common vulnerabilities are mapped to the Knowledge Base, providing an easier to ingest description of the vulnerability.

Installation

This must be performed by either an administrator, security champion, or a user with similar permissions.
  1. Create an API Token.
    - Name it appropriately, e.g. 'SecureFlag Knowledge Base'.
    - Keep the token visible for now whilst performing the next steps.

  2. Open a Terminal with the curl tool available.
    - Run the following command, inserting your own token.
      unset HISTFILE curl -v -X POST https://shortcut-plugin.secureflag.com/register --data '{"token":"YOUR_TOKEN_HERE"}'

  3. In Shortcut, open the Integrations page.

  4. Find an open the Webhooks integration.

  5. Add a new webhook.

  6. Set the payload URL to https://shortcut-plugin.secureflag.com/webhooks. Leave the secret empty.

  7. Done!

Usage

Simply mention a software vulnerability by name or CWE number when making a story. If relevant training is found, then it will be appended to the bottom of the story description.

For example, CWE-327, CWE 327, sql injection are all valid.



    • Related Articles

    • Azure Plugin

      Contextual software security microtraining for issues and pull requests, powered by the SecureFlag knowledge base. This plugin adds a new page to issues that mention security vulnerabilities, with a recommended lab and information from the SecureFlag ...

    • SonarQube Plugin

      Contextual software security training for detected vulnerabilities and Security Hotspots. This plugin lists recent vulnerabilities and security hotspots detected by SonarQube, then attempts to find relevant training labs and remediation advice from ...

    • GitHub Plugin

      SecureFlag Knowledge Base for GitHub Contextual software security microtraining for issues and pull requests, powered by the SecureFlag knowledge base. This app responds to issues and pull requests that mention security vulnerabilities, with a ...

    • Jira Plugins

      SecureFlag Knowledge Base for Jira Plugins Contextual software security training for Jira issues, powered by the SecureFlag knowledge base. This app responds to issues that mention security vulnerabilities, with a recommended lab and information from ...

    • SecureFlag ThreatCanvas for Jira

      AI-powered threat modelling -- for Jira Cloud and Jira Data Center! SecureFlag ThreatCanvas for Jira Cloud and Jira Data Center enables developers to easily generate threat models from issues describing new features or changes to be made. ...