How to get integrated secure coding advice in GitLab

Mar 24, 2022 · 3 min read · Leave a comment
Tanuki GitLab profile

Busy developers want to write secure code and fix any issues. But they often lack the time and resources to get it done efficiently.

To resolve vulnerabilities faster, developers need actionable advice from trusted sources of secure coding right inside the tools they use every day. Secure Code Warrior is proud to partner with GitLab to enable developers to ship safe code faster, utilizing actionable and highly relevant secure coding guidance that is accessible from within GitLab’s DevOps Platform. This integration was announced as part of GitLab’s 14.9 release.

Empower developers with actionable guidance integrated inside GitLab

GitLab is enabling developer-led security by getting scan results into the hands of those who can make fixes fast. Secure Code Warrior further strengthens this vision by bringing to GitLab some of the world’s largest secure coding and remediation content (6500+ interactive coding challenges, 56+ languages:frameworks, 150+ vulnerability categories) that is used by hundreds of thousands of professional developers across many industries. With this integration, secure coding guidance that is highly relevant to the detected vulnerabilities is easily accessible to developers with the click of a link in GitLab.

How this integration delivers contextual secure coding training

When GitLab’s vulnerability scanners detect code security issues in merge requests and/or pipeline scans, a security issue is created and the identified vulnerability descriptions or CWE IDs are added to the Vulnerability Details section. The integration uses the vulnerability information to get a link to learning resources that educate developers on finding and fixing that particular security problem.

Secure Code Warrior platform

For example, if the vulnerability scanners detected a Cross-Site Request Forgery (CSRF) in the application code, the vulnerability detail would be updated with the relevant training link.

GitLab-Secure Code Warrior integration at a glance

When users click on the link, they are taken to SCW’s platform as shown below.

Secure Code Warrior platform

By completing an appropriate challenge they get the trusted guidance to resolve the CSRF vulnerability with confidence. This is also a highly effective way to retain the knowledge because:

Ship secure code faster with improved merge request rate

As more teams adopt this workflow path to resolve vulnerabilities faster, they will gradually improve their MR rate and release quality and create secure code at speed. By embedding secure coding training within developer workflows, this integration automates and scales remediation support to all development teams and lets AppSec focus on risk monitoring and strengthening the security posture of the organization.

The partnership between Secure Code Warrior and GitLab is just getting started; follow us as we enable developers to build and release secure software at speed. We’d love you to try it out, and your feedback can help shape the future of the product.

Get more details on how to enable this integration.

“Secure Code Warrior now offers integrated security training and guidance within the GitLab DevOps Platform.” –

Click to tweet

Open in Web IDE View source