If anyone from the AppSec team is interested in contributing to the Secure Code Warrior (SCW) training program and you don't have access to the Secure Code Warrior training portal, please post a comment in the
#sec-appsec Slack channel requesting access.
Once you have access to the Secure Code Warrior training portal, please do the following:
Once you have done the above, you will be in a great shape to start contributing to the SCW training program. Please feel free to post in
#sec-appsec if you have any questions.
Developer = Backend + Frontend Engineers. See Org Chart for more information on the number and types of developers at GitLab.
@gitlab-com/gl-security/appsecDL on the AR issue. The AppSec person on triage rotation picks up the AR.
[Trailing, 3 months] Integrating Secure Code Warrior into new hire onboarding template as a checklist item that needs to be finished within the first 3 months of starting at GitLab
[Trailing, 1 month] Those who sign in to Secure Code Warrior are able to use it successfully
[Leading & Trailing] Monthly Slack announcements calling out top 3 vulns seen in our last Security Release and how developers can learn to identify and fix them
[Trailing, 1 month] Integrating Secure Code Warrior with GitLab CI would greatly help drive continuous engagement
[Trailing, 6 months] Semi-annual tournaments for all developers at GitLab