SecureFlag's contextual security training is now available for SonarQube!

After the success of our Jira and GitHub integrations comes the SecureFlag Knowledge Base for SonarQube. Our on-demand remediation techniques, recommended hands-on labs, testing advice, and example code are all available for SonarQube at the low cost of nothing.

The plugin adds an additional project page that enumerates over SonarQube’s recently detected vulnerabilities and security hotspots to fetch relevant information from our knowledge base.

How to Install

Follow the instructions from the help page, then on any project you can access the plugin by clicking on More -> SecureFlag Knowledge Base in the navigation bar.

With contextual training, learning is made more efficient by giving developers (who are continuously juggling many tasks of varying priorities and time restraints) the information they need to remediate vulnerabilities when they need it, and not during a linear theory-heavy training programme which they will inevitably forget within a year (or an afternoon even!). Whilst we’ve found that dynamic and practical training is the most effective path to security champions, this contextual, on-demand approach is an excellent light-touch alternative that is streaks ahead of leaving developers to search the Internet for fragmented, unreliable, and outdated resources.

Get the SecureFlag Knowledge Base app for SonarQube today.