Welcome to our FAQs page, where you’ll find Secure Code Warrior answers to the most common questions about our Learning Platform. Whether you're looking for specific details or just want to learn more, this is the place to start.
Trust Agent: AI correlates AI usage with vulnerability benchmarks and developer skill data, enforces governance controls at commit, and triggers targeted adaptive learning to reduce recurring AI-introduced vulnerabilities over time.
MCP visibility provides insight into which Model Context Protocol (MCP) providers and tools are installed and actively used across development workflows. This establishes a baseline inventory for AI tool supply chain governance and reduces shadow AI risk.
No. Trust Agent: AI captures observable AI usage signals and commit metadata without storing source code or prompts, preserving developer privacy while enabling enterprise governance.
Trust Agent: AI is designed for CISOs, AI governance leaders, AppSec teams, and engineering organizations that need measurable, enforceable control over AI-assisted software development.
AI software governance is the ability to see, measure, and control how artificial intelligence tools influence software development. It includes AI usage visibility, commit-level risk analysis, model traceability, and enforceable security policies across the software development lifecycle (SDLC).
Trust Agent: AI is a commit-level governance layer for AI-assisted software development. It makes AI tool and model usage visible, correlates AI-assisted commits with software risk, and enforces security policies before code reaches production.
Traditional AppSec tools detect vulnerabilities after code is written. Trust Agent: AI governs AI-assisted development at commit by correlating AI usage, developer competency, and risk signals to prevent vulnerabilities earlier in the SDLC.
Trust Agent: AI captures observable AI usage signals, links them to developers and repositories, correlates commits with vulnerability benchmarks and developer Trust Score® metrics, and applies governance controls or adaptive remediation based on risk thresholds.
Commit-level risk scoring evaluates individual commits influenced by AI tools against vulnerability benchmarks, developer secure coding proficiency, and model usage signals to identify elevated security risk before code moves downstream.
Yes. Trust Agent: AI provides visibility into supported AI coding assistants, LLM APIs, CLI agents, and MCP-connected tools. It links model influence to commits and repositories without storing source code or prompts.
AI code scanning analyzes output after it is written. AI software governance controls AI model usage, enforces policy at commit, correlates risk signals, and maintains continuous oversight across the AI software supply chain.
Securing AI-generated code requires visibility into AI tool usage, commit-level risk analysis, and governance oversight across development workflows. Secure Code Warrior provides AI observability, vulnerability correlation, and developer capability insights within a unified AI software governance platform.
Preventing AI-introduced vulnerabilities requires visibility into AI usage, validation against secure coding standards, enforceable model policies, and measurable developer capability across human and AI-assisted workflows.
Secure Code Warrior conducts independent research in partnership with universities to evaluate how leading LLMs perform against real-world vulnerability patterns. Organizations can mandate approved models and restrict high-risk LLMs at commit based on research-backed security performance.
Shadow AI refers to unapproved AI tools or models used without oversight. The platform detects shadow AI through commit-level model traceability, repository monitoring, and enforceable policy controls that flag unauthorized AI usage.
Yes. Secure Code Warrior provides full AI tool traceability, including which LLMs and MCP-connected agents generated specific commits—maintaining a verifiable AI SBOM across repositories.
Professional Services is ideal for CISOs, AI governance leaders, AppSec teams, and engineering organizations that want to accelerate program rollout, reduce operational burden, and achieve measurable risk reduction faster.
Secure Code Warrior provides executive dashboards, Trust Score® benchmarking, introduced vulnerability metrics, and remediation data to demonstrate measurable reductions in software risk and improved developer competency over time.
Yes. Professional Services evaluates your current program maturity, identifies gaps, and builds a roadmap to strengthen adoption, improve reporting, and align secure coding efforts with enterprise AI governance goals.
Customer success is included with your license and focuses on program guidance, status reviews, and adoption tracking. Strategic services are premium engagements that provide deeper AppSec expertise, cultural transformation support, and tailored governance program design.
Secure Code Warrior experts help organizations operationalize AI software governance by aligning learning, policy enforcement, developer competency metrics, and executive reporting into a unified program that reduces AI-introduced risk.
Professional services accelerate time to value by providing structured onboarding, risk-aligned program design, change management expertise, and ongoing optimization. This ensures faster adoption, stronger engagement, and earlier measurable reductions in introduced vulnerabilities.
Yes. Secure Code Warrior offers premium managed services where our experts own program administration, reporting, optimization, and governance execution. This reduces internal lift for AppSec and engineering teams while accelerating measurable outcomes.
Secure Code Warrior Professional Services provides expert guidance, strategic program design, implementation support, and fully managed services to accelerate secure coding and AI software governance adoption. Services include onboarding, maturity planning, executive reporting, and operational program management.
Yes. Secure Code Warrior provides SCW Trust Score® metrics, skill assessments, benchmarking, and enterprise reporting to demonstrate measurable improvement and reductions in introduced vulnerabilities.
Yes. Content aligns to OWASP Top 10, NIST, PCI DSS, CRA, and NIS2—supporting both compliance initiatives and real-world security improvement.
Secure Code Warrior delivers interactive, hands-on secure coding training — not passive video-based or awareness-only application security training. Developers practice in live coding environments, receive immediate feedback, and build measurable secure coding skills that reduce introduced vulnerabilities before they reach production.
The platform combines AI-focused security modules, adaptive learning aligned to real risk signals, and objective skill benchmarking through Trust Score®. Secure Code Warrior provides secure coding training across 75+ programming languages, including Java, Python, C#, JavaScript, and more — making it one of the most comprehensive enterprise secure coding training platforms available.
In addition, Secure Code Warrior delivers dedicated AI security training that teaches developers how to validate AI-generated code, detect insecure LLM patterns, prevent prompt injection, and secure agentic workflows — ensuring teams can build securely in modern AI-assisted development environments.
Secure coding training reduces introduced vulnerabilities by improving real developer behavior. Hands-on exercises inside real workflows teach developers to recognize, prevent, and remediate security flaws before they reach production.
Secure Code Warrior has documented 20+ independent customer proof points using real vulnerability and remediation data. Reported outcomes include:
Results are based on pre- and post-program vulnerability metrics from customer environments.
An enterprise secure coding training platform is a hands-on, developer-focused system that teaches engineers how to prevent, identify, and remediate software vulnerabilities before they reach production. It includes structured learning programs, interactive coding labs, and measurable skill benchmarking.
Traditional AppSec tools detect vulnerabilities after code is written. Trust Agent enforces AI usage and secure coding policy at commit — preventing introduced vulnerabilities before they enter production.
Trust Agent supports modern AI-assisted development environments, including AI coding assistants, agent-based IDEs, and CLI-driven workflows.
Supported environments include tools such as GitHub Copilot (including Agent Mode), Claude Code, Cursor, Cline, Roo Code, Gemini CLI, Windsurf, and other AI-enabled development platforms.
At the API layer, Trust Agent supports major LLM providers including OpenAI, Anthropic, Google Vertex AI, Amazon Bedrock, Gemini API, OpenRouter, and other enterprise AI model endpoints.
Model traceability and commit-level risk visibility are applied consistently across supported environments.
Trust Agent is built to evolve alongside the AI development ecosystem as new coding environments and model providers emerge.
Effective governance at commit requires:
Trust Agent brings these together in a unified enforcement layer.
Commit-level risk scoring evaluates individual commits — including AI-assisted commits — against defined policy thresholds, vulnerability benchmarks, and AI model usage signals to surface elevated risk before merge.
Trust Agent is the enforcement engine within the AI software governance platform. It applies commit-level visibility, risk correlation, and policy controls to prevent introduced vulnerabilities before code reaches production.
Secure Code Warrior provides enterprise dashboards, AI model traceability, and governance reporting that demonstrate measurable reductions in introduced vulnerabilities, improved developer Trust Score®™ metrics, and policy compliance across teams.
The platform also maintains audit-ready traceability of who — or what — generated specific code, including developers, AI coding assistants, LLMs, and autonomous agents. This creates verifiable AI software supply chain accountability for leadership, regulators, and auditors.
Securing AI-generated code requires visibility into AI tool usage, commit-level risk analysis, and governance oversight across development workflows. Secure Code Warrior provides AI observability, vulnerability correlation, and developer capability insights within a unified AI software governance platform.
DevSecOps integrates security testing into CI/CD pipelines to detect vulnerabilities. AI development governance goes further by making AI usage visible, correlating AI-assisted commits with developer skill, enforcing AI model policies at commit, and improving secure coding behavior. DevSecOps detects risk; AI governance prevents it.
As organizations move from developers casually using AI chatbots to AI agents autonomously generating and modifying code, the risk surface expands dramatically. These tools can introduce vulnerabilities, insecure patterns, and compliance exposure at machine speed.
AI software governance enables organizations to adopt AI safely by making AI usage visible, enforcing policy controls, and preventing AI-introduced risk before code reaches production.
AI software governance is the ability to see, measure, control, and enforce how artificial intelligence is used in software development. It includes visibility into AI coding assistants and LLMs, commit-level risk analysis, policy enforcement, and preventing risky AI-generated code from reaching production.
We have a fully-integrated support system built into the Platform through which we can communicate with an individual developer who requests help. We can also accept feedback on the Platform and individual challenges in the Platform from any user through the platform.
In addition, we offer email support to Training Administrators as needed. For more guided learning, developers can utilize our Walkthroughs feature, which provides step-by-step instructions to help them confidently navigate through missions and coding labs.
Yes, all data generated within our training and evaluation platform is fully downloadable by the Training Administrator at any time. This ensures that your organization has continuous access to valuable insights and performance metrics, which can be used for internal reporting, compliance, or further analysis.
Our platform is designed to seamlessly integrate with your existing Learning Management System (LMS), enabling you to streamline secure coding education and track progress alongside other training initiatives. This flexibility allows you to tailor the learning experience to your organization’s specific needs and easily incorporate Secure Code Warrior into your broader training programs.
Yes, the training is self-paced. According to Deloitte’s “Meet the Modern Learner,” typically 1% of a typical workweek is all that employees have to focus on training and development. Our platform is built to ensure that this available time is hands-on and effective but it is also designed with the goal that Developers can utilise it outside work hours. On-demand learning in an 'everywhere available' format is critical for today’s learner.
No. We have new developers with little secure code experience and seasoned developers with lots of experience on the platform. For new developers, we have built in Learning and Knowledge Transfer to help them shape their basic skills and understanding of the leading vulnerabilities. As their skills develop and, like seasoned developers, they become more aware they are challenged by the gamified engagement and increasingly difficulty of the content challenges to constantly improve and become a Secure Code Warrior.
We prioritize the security and privacy of customer data by minimizing the storage of any Customer or Personally Identifiable Information (PII) to the greatest extent possible. Customer data is stored securely in our production systems and is retained only as long as necessary—either until you choose to delete it or your license expires and deletion is requested. We follow strict protocols to ensure that your data is protected at all times. For more detailed information, read here for our full data protection policy.
Current software security tools and processes focus on moving from right to left, so called 'shifting left' in the Software Development Life Cycle (SDLC) – an approach that supports detection and reaction – detect the vulnerabilities in the written code and then react to fix them.
Secure Code Warrior takes a different approach by 'starting left' and creating the Secure Software Development Life Cycle (SSDLC). This focus makes the developer the first line of defense in their organization and prevents vulnerabilities in the first place.
Yes, we offer tiered pricing for organizations with 100 or more users. Our pricing structure is designed to accommodate the needs of larger teams, providing greater value as your team size increases. For detailed information on our Business and Enterprise plans, which cater to teams ranging from 50 to 100+ developers, please visit our pricing and packages page. There, you'll discover how each plan is tailored to meet the unique requirements of different-sized businesses, ensuring that your organization can effectively leverage our secure coding platform while benefiting from scalable, cost-effective pricing. Whether you're looking for continuous learning access, in-depth data analytics, or a dedicated customer success manager, we have the right plan to support your team's growth and security needs.
Access to Secure Code Warrior's Learning Platform is offered through flexible annual or multi-year subscriptions, allowing you to choose the term that best fits your organization’s needs. Our user-based pricing model scales with the size and complexity of your AppSec program, ensuring that as your team grows, our platform continues to support your expanding requirements. Whether you're a small team or a large enterprise, our subscription model is designed to provide comprehensive access to secure coding resources that align with your strategic goals.
Our Learning Platform offers robust analytics that track and measure a developer’s progress throughout their secure coding journey. Depending on your account configuration, Administrators, Team Managers, and Developers can monitor a wide range of metrics, including challenges completed, time spent on training, strengths and weaknesses, as well as accuracy and confidence scores. Additionally, Secure Code Warrior offers SCW Trust Score which provides an industry-first benchmark of your secure code learning. These insights empower your team to identify areas for improvement, optimize training efforts, and demonstrate the effectiveness of your AppSec program over time.
Our challenges are continuously revised and updated with new challenges and new language:frameworks to cover new vulnerability types. Right now, we have thousands of challenges in different languages:frameworks covering the OWASP Top 10, OWASP Mobile Top 10, OWASP API Security Top 10, CWE and SANS Top 25. If you don’t see your language:framework of choice, drop us a note.
We’re committed to keeping our content current, so if you don’t see your preferred language or framework, we encourage you to reach out to us. We’re always looking to expand our offerings based on user feedback and evolving industry standards.
Our platform provides an extensive catalog of challenges and missions that cover a wide range of vulnerability types, ensuring comprehensive training for your development team. We address critical security concerns, including the OWASP Top 10, among other industry-recognized threat categories. To learn more about the specific vulnerabilities we cover, and how they align with your organization’s security needs, you can explore further details here.