Media Release

Secure Code Warrior Announces New GitHub Action and Integration with Snyk to Embed Secure Coding Skills at Every Stage of the Development Lifecycle

October 8, 2020

New action adds developer-centric training directly in GitHub code scanning workflows

SYDNEY, BRUGES, LONDON, BOSTON – 8 October 2020 -- Secure Code Warrior®, the global secure coding company, today announced support for GitHub’s new code scanning functionality in conjunction with a new collaboration with Snyk.

Secure Code Warrior has built a GitHub Action that brings contextual learning to GitHub code scanning. The new GitHub Action processes the new industry-standard SARIF file and appends Secure Code Warrior contextual learning based upon CWE references in a SARIF rule object. This means developers can use a third-party action like the Snyk Container Action to find vulnerabilities, and then augment the output with hyper-relevant learning.

“Secure Code Warrior’s vision is to empower developers with the skills and knowledge to prevent code vulnerabilities in the first place. This new GitHub Action adds our secure code training to industry-standard SARIF files within a GitHub Workflow - delivering developer-centric contextual learning when needed most, ultimately making it easier for developers to release quality code faster.” said Matias Madou, CTO and co-founder, Secure Code Warrior. “We feel that the more context developers have for the vulnerabilities being flagged, the more they’re able to understand the risks, prioritize fixing the most pressing issues, and ultimately prevent them in the first place.”

Secure Code Warrior is uniquely positioned to support the new SARIF standard and integrate with other third-party scanning tools inside the Github code scanning ecosystem such as; Snyk, Checkmarx, Fortify On Demand, Synopsis and Veracode. Our open approach to developer-centric learning empowers development and security teams to not just find vulnerabilities but enrich SAST reports with actionable knowledge. This provides developers with the skills and knowledge when they need it most, preventing vulnerabilities from occurring and reducing the need for rework.

“Pairing integrations from Snyk and Secure Code Warrior with GitHub code scanning is a powerful combination that gives developers security information and education that is both insightful and actionable,” said John Leon, VP of Business Development, GitHub.

“Snyk and Secure Code Warrior have a joint focus on helping developers reduce the impact of software vulnerabilities by increasing the security awareness and skills of developers. Combining Snyk's security technology with training solutions from Secure Code Warrior helps developers more easily build secure applications with confidence,” said Gareth Rushgrove, Director of Product Management, Snyk.

Secure Code Warrior has a number of technical integrations that allows organisations to build securely by delivering contextual training and coaching in the developers preferred environment. The platform launched in 2015, helps developers to think and act with a security mindset every day.

For more information, please visit: https://www.securecodewarrior.com/product/integrations

태그라인

Govern AI-driven development before it ships

Measure AI-assisted risk, enforce secure coding policy at commit, and accelerate secure delivery across your SDLC.

book a demo
태그라인

Explore more articles

우리는 이 방법을 잘 알고 있습니다. 우리는 이 두 가지 축복을 골고루 살기 위해 노력하고 있습니다.

browse all
Case Study
Filter Label
This is some text inside of a div block.

Supercharged Security Awareness: How Tournaments are Inspiring Developers at Erste Group

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Security as culture: How Blue Prism cultivates world-class secure developers

Learn how Blue Prism, the global leader in intelligent automation for the enterprise, used Secure Code Warrior's agile learning platform to create a security-first culture with their developers, achieve their business goals, and ship secure code at speed

Learn More
Case Study
Filter Label
This is some text inside of a div block.

One Culture of Security: How Sage built their security champions program with agile secure code learning

Discover how Sage enhanced security with a flexible, relationship-focused approach, creating 200+ security champions and achieving measurable risk reduction.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

ITWire: Agentic AI Era Demands Overhaul of Governance Frameworks

The emergence of agentic AI marks a structural shift in software development, introducing systems that not only accelerate production cycles but also perform autonomous reasoning and action beyond direct human control.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

SD Times: Platform Engineering & Developer Experience: Making Engineers Faster Without Making Them Reckless: SD Times 100

This category has taken on new urgency in 2026 for a reason that’s specific to this moment: AI coding tools and agents are dramatically increasing how much code gets written and how often it needs to be deployed, tested, and provisioned for. Platform engineering is the layer that determines whether that increased velocity translates into shipped value or into chaos.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

SecurityWeek: How to Conduct a Successful Audit of AI-Driven Software Development

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production.

Learn More

Secure AI-driven development before it ships

See developer risk, enforce policy, and prevent vulnerabilities across your software development lifecycle.

Book a demo