Skip to main content
Skip table of contents

Get Training on Typical Vulnerabilities for Mend for GitHub.com

Overview

The Secure Code Warrior Training Material section can be expanded for each finding to see context-based links to content for established training material provided by Secure Code Warrior. The links provide security knowledge for developers directly from the reported findings within the repo and will allow them to remediate vulnerabilities faster and write more secure code in the future.

Getting it Done

The Secure Code Warrior Training Material section can be found on both the Mend Code Security Check after a scan

image-20240308-215624.png

and on the 10 most relevant findings of the Code Security Report on the GitHub Issues tab.

image-20240308-215937.png
image-20240308-220017.png

In case either a whole language or a certain finding is not supported, the Secure Code Warrior Training Material bullet will not be displayed. If training material is available, click on Secure Code Warrior Training Material to see the training resources available for each finding.

image-20240308-220008.png

Note: The Secure Code Warrior Training Material links will open in the current browser tab. You will need to use one of the following methods to open them in a new tab:

  • Middle Mouse Click the link to open the link in a new tab.

  • CTRL + Click the link to open the context menu and then select “Open Link in New Tab”

  • Right Click the link to open the context menu and then select “Open Link in New Tab”

  • Training: A Secure Code Warrior training session relevant to the reported finding.

Clicking on the training material links under the Training section will immediately take you to Secure Code Warrior’s login portal in your browser.

If you have a Secure Code Warrior account, log in so your progress through the learning challenges can be tracked.

You also have the ability to sign up for a 14-day free trial or continue as a guest.

After logging in or continuing as a guest, Secure Code Warrior will present you with a learning challenge catered to the detected finding by the Mend Code Scan. The Challenge will be pre-configured for the same vulnerability type and programming language.

When you start the learning challenge, the challenge's goal and instructions will be located in the left pane, while the example file explorer and code for the challenge will be found in the right pane.

In the example challenge for SQL Injection, two files are marked with 2 highlighted lines of code in each file. The instructions are to find the one line of code that causes the vulnerability and then submit your answer.

If you submit the correct line of code causing the vulnerability, you will be greeted with a golden Success shield with a brief explanation of why the correct line of code was selected and the ability to continue to another stage of the challenge.

If you submit the incorrect line of code causing the vulnerability, you will be greeted with a broken Failed shield with a clue to help you select the correct line of code on your retries.

After completing the learning challenge, if you are logged in, the progress will be tracked on your account. If you complete the challenge as a guest, you will simply be congratulated for completing the challenge and given the opportunity to complete other challenges.

Each stage of the Secure Code Warrior challenges is formatted the same and gives similar feedback to help you learn secure coding best practices.

  • Videos: A Secure Code Warrior video relevant to the reported finding.

Clicking on the training material links under the Videos section will immediately open a video player in your browser and start playing a video related to the topic of the detected finding. The contents of the videos explain what the vulnerabilities are, how they are caused, and ways to prevent them.

Example video: Secure Code Warrior SQL Injection

  • Further Reading: Additional reading material relevant to the reported finding.

Clicking on the training material links under the Further Reading section will immediately open an article from OWASP in your browser related to the topic of the finding. These articles can either explain the vulnerabilities and how they can be exploited or be cheat sheets containing examples of best practice code to resolve or avoid the vulnerabilities in the first place.

Example further reading: Secure Code Warrior SQL Injection

Learn more about SCW

Reference

Secure Code Warrior Language Coverage

Language

Coverage

Covered CWEs

Total CWEs

ABAP

100%

6

Details

CWE-22 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-94 +
CWE-400 +

6

ASP Classic/Visual Basic/VBScript

0%

0

18

Android Java

64%

9

Details

CWE-16 -
CWE-89 +
CWE-94 +
CWE-200 +
CWE-209 +
CWE-244 -
CWE-295 +
CWE-319 +
CWE-326 +
CWE-338 +
CWE-676 -
CWE-749 -
CWE-798 +
CWE-926 -

14

Apex

66%

4

Details

CWE-89 +
CWE-209 +
CWE-244 -
CWE-501 -
CWE-798 +
CWE-918 +

6

C/C++ (Beta)

73%

14

Details

CWE-22 +
CWE-78 +
CWE-89 +
CWE-90 +
CWE-114 +
CWE-121 +
CWE-125 +
CWE-134 +
CWE-190 +
CWE-191 +
CWE-242 -
CWE-244 -
CWE-367 +
CWE-369 -
CWE-415 +
CWE-416 +
CWE-676 -
CWE-787 +
CWE-789 -

19

ColdFusion

0%

0

4

C#

79%

23

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-209 +
CWE-244 -
CWE-326 +
CWE-338 +
CWE-400 +
CWE-434 +
CWE-472 +
CWE-501 -
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-941 -
CWE-1004 +

29

Cobol

100%

3

Details

CWE-78 +
CWE-89 +
CWE-121 +

3

Go

76%

20

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-113 +
CWE-117 +
CWE-244 -
CWE-295 +
CWE-322 +
CWE-326 +
CWE-338 +
CWE-377 -
CWE-400 +
CWE-434 +
CWE-472 +
CWE-601 +
CWE-643 +
CWE-676 -
CWE-732 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-1327 -

26

Groovy

0%

0

30

iOS Objective-C

66%

6

Details

CWE-73 +
CWE-89 +
CWE-200 +
CWE-209 +
CWE-242 -
CWE-319 +
CWE-326 +
CWE-676 -
CWE-749 -

9

JavaScript / Node.js

83%

15

Details

CWE-20 -
CWE-22 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-242 -
CWE-338 +
CWE-400 +
CWE-601 +
CWE-611 +
CWE-676 -
CWE-798 +
CWE-918 +
CWE-943 +

18

Java

75%

31

Details

CWE-15 -
CWE-20 -
CWE-22 +
CWE-74 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-134 +
CWE-209 +
CWE-297 -
CWE-312 +
CWE-319 +
CWE-325 +
CWE-326 +
CWE-327 +
CWE-328 +
CWE-335 +
CWE-338 +
CWE-347 +
CWE-400 +
CWE-470 -
CWE-472 +
CWE-497 -
CWE-501 -
CWE-502 +
CWE-532 +
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-780 -
CWE-798 +
CWE-917 +
CWE-918 +
CWE-941 -
CWE-1004 +
CWE-1204 -

41

Kotlin

76%

23

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-209 +
CWE-244 -
CWE-326 +
CWE-338 +
CWE-400 +
CWE-434 +
CWE-472 +
CWE-497 -
CWE-501 -
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-941 -
CWE-1004 +

30

Kotlin Mobile

71%

25

Details

CWE-16 -
CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-200 +
CWE-209 +
CWE-244 -
CWE-295 +
CWE-326 +
CWE-338 +
CWE-400 +
CWE-434 +
CWE-472 +
CWE-497 -
CWE-501 -
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-749 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-926 -
CWE-941 -
CWE-1004 +

35

PHP

77%

21

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-98 -
CWE-113 +
CWE-209 +
CWE-326 +
CWE-338 +
CWE-384 -
CWE-400 +
CWE-434 +
CWE-472 +
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-918 +
CWE-941 -
CWE-1004 +

27

PLSQL

100%

4

Details

CWE-22 +
CWE-73 +
CWE-79 +
CWE-89 +

4

Python

73%

14

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-244 -
CWE-472 +
CWE-502 +
CWE-530 -
CWE-601 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-916 +
CWE-941 -

19

R

0%

0

8

Ruby

83%

15

Details

CWE-22 +
CWE-59 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-244 -
CWE-321 +
CWE-434 +
CWE-530 -
CWE-676 -
CWE-798 +
CWE-915 +
CWE-916 +
CWE-1004 +

18

Swift

66%

6

Details

CWE-73 +
CWE-89 +
CWE-200 +
CWE-209 +
CWE-242 -
CWE-319 +
CWE-326 +
CWE-676 -
CWE-749 -

9

TypeScript

80%

12

Details

CWE-20 -
CWE-22 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-242 -
CWE-338 +
CWE-400 +
CWE-601 +
CWE-676 -
CWE-798 +
CWE-943 +

15

http://VB.Net

79%

23

Details

CWE-20 -
CWE-22 +
CWE-73 +
CWE-78 +
CWE-79 +
CWE-89 +
CWE-90 +
CWE-94 +
CWE-113 +
CWE-117 +
CWE-209 +
CWE-244 -
CWE-326 +
CWE-338 +
CWE-400 +
CWE-434 +
CWE-472 +
CWE-501 -
CWE-502 +
CWE-530 -
CWE-601 +
CWE-611 +
CWE-643 +
CWE-676 -
CWE-798 +
CWE-916 +
CWE-918 +
CWE-941 -
CWE-1004 +

29

Xamarin (C#)

0%

0

27

Mend.io and Secure Code Warrior Integration

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.