SecureFlag Knowledge Base responds to issues and pull requests that mention security vulnerabilities or are linked to a code scanning alert, providing developers with relevant information and recommended hands-on training labs, including: an example scenario, remediation techniques, and testing advice linked to the OWASP Application Security Verification Standard.

Get recommended training labs

Links to a relevant training lab are provided where developers can practice finding and remediating the vulnerability in a hands-on live environment.

Industry standard advice

Remediating and testing advice is linked to OWASP material.

Learn what you need, when you need

With contextual learning, the relevant information is provided when and where applicable, meaning developers can immediately use it in practice, thus reinforcing retention and understanding.

Usage

Issues and Pull Requests

Simply mention a software vulnerability by name or CWE number in a pull request or issue in either the title or body, and the bot will reply. Common abbreviations are supported.

Code Scanning Vulnerability Alerts

Create an issue with a link to a vulnerability alert either manually or by clicking "Create issue" on a vulnerability alert generated by GitHub Code Scanning.