Cloudogu Logo

Hello, we are Cloudogu!

Experts in Software Lifecycle Management and process auto­mation, supporter of open source soft­ware and developer of the Cloudogu EcoSystem.

featured image Cloudogu integrates exclusive gamification and e-learning plugin from Secure Code Warrior into SCM Manager
07/09/2021 in News

Cloudogu integrates exclusive gamification and e-learning plugin from Secure Code Warrior into SCM Manager

Cloudogu GmbH has integrated a free plugin into its SCM Manager (tool for source code management). It contextually displays learning materials such as training videos and exercises on security topics from Secure Code Warrior in pull requests. This enables developers and reviewers to find and fix insecure code early in the development process. Secure Code Warrior provides a learning platform that helps developers write secure code in the shortest possible time.

As soon as a keyword on a security topic is included in pull requests descriptions, inserted comments or tasks, the new plugin of the SCM Manager automatically adds suitable explanations, videos and playful exercises from Secure Code Warrior. By displaying the information in small learning units according to the situation, programmers can educate themselves individually in an entertaining way. In this way, development teams achieve high-quality, secure code more quickly.

Closing knowledge gaps quickly with micro-learning and gamification

The extensive Secure Code Warrior database includes short descriptions, training videos and fun exercises for all popular programming languages and frameworks, including frontend, web, mobile, Infrastructure-as-Code (IaC), backend and APIs. Users of the SCM-Manager can use these without a Secure Code Warrior account. The more than 30 topics include learning content for around 150 security vulnerabilities such as access control (including authentication and authorisation), data processing (including XSS and DoS), insecure development practices, the protection of sensitive data and incorrect configuration.

The keyword list also contains synonyms for each term as well as different spellings in order to provide developers with relevant information in as many cases as possible.

The Secure Code Warrior learning content easily supports developers and reviewers in creating secure code. Two example scenarios:

Pull request as learning example: An experienced developer has closed a security gap and then creates a pull request with keywords on the corresponding security topic. The appropriate Secure Code Warrior content automatically appears here. This way, the pull request can be used as a learning example for team members, who can expand their knowledge of security topics in an entertaining, quick and easy way.

Review support: An experienced developer reviews a pull request and finds a potential security vulnerability. To have it closed before the merge, he adds a comment or a task. The developer receives all the necessary information from Secure Code Warrior and can make the necessary changes.

Users can download the plugin free of charge at the following link:

Download as PDF