SecureFlag Knowledge Base - Visual Studio Marketplace

Make it easy for developers to get the security training they need with the SecureFlag Knowledge Base plugin.

Whenever a work item mentions a vulnerability, developers can quickly access relevant hands-on labs and security training material to help them learn how to address the issue. Train with the same languages and technologies that are in your code base, and receive remediation and testing advice linked to the OWASP Application Security Verification Standard.

Usage

Simply mention a software vulnerability by name or CWE number in a pull request or issue in either the title or body, and the bot will reply. Common abbreviations are supported.

For example:

Hey, there's a CSRF vulnerability here. Please fix ASAP!

Thanks for spotting this. This pull request fixes the vuln mentioned in issue 123. CWE 352.

Hm, there is another cross site request forgery vulnerability. Please audit all forms.