Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Aspen: Adapt Turn Real Code Activity into Targeted Secure Coding Training

This article explains how Security Journey’s GitHub Integration uses a secure API connection to scan commits, identify CWE patterns, and surface findings in the platform so admins can assign precise training based on real vulnerabilities quickly and efficiently.

Aspen: Adapt

Aspen: Adapt integrates Security Journey directly with GitHub to analyze live commit activity and identify potential code weaknesses mapped to CWE (Common Weakness Enumeration). These findings appear inside the Security Journey platform, giving administrators clear insight into the secure-coding skills that need reinforcement across their teams.

Rather than relying on generic training or disruptive in-workflow prompts, admins can quickly prioritize the most common or impactful weaknesses and assign targeted Security Journey lessons that address those gaps.

Key benefits

  • Evidence-based training aligned to real vulnerabilities

  • Admin-controlled assignments—no PR comments or developer alerts

  • Faster, more relevant skill reinforcement

  • Scales across teams and repositories without added noise

Result

A continuous feedback loop between real code activity and secure-coding training—strengthening developer skills without interrupting developer workflow.

How It Works

Aspen: Adapt uses your organization’s GitHub activity to drive which training matters most.

With a secure GitHub API key, the integration scans code and will help you:

  1. Detect potential issues aligned to CWE patterns.

  2. Consolidate findings inside the Security Journey platform.

    1. You can see the CWE number, GitHub Username, GitHub Email, Github Repository, PR Number, Commit SHA and when it was created all in one place. 

  3. Reduce the time needed to review findings and assign training.

For privacy and security, this integration does not view submitted code. It uses only the scan output from tools already operating in your CI/CD pipeline.

Configuration and Setup

Prerequisites

To complete this setup in GitHub, you must have the following access:

  • Organization or Repository Admin access
    Required to add or manage secrets (e.g., Actions secrets, environment secrets) or other methods as applicable.

  • Write/Commit access to the repository
    Required to create or update GitHub Actions workflows (files in .github/workflows/).

  • Note: CODEOWNERS restrictions may apply
    If the repository uses a CODEOWNERS file, workflow changes may require review and approval from designated code owners before they can be merged.

Additional Documentation

For complete setup instructions and configuration details, refer to our published GitHub Integration documentation.