Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Aspen Adapt Turn Real Code Activity into Targeted Secure Coding Training

This article explains how Aspen Adapt uses a secure API connection to scan commits, identify CWE patterns, and surface findings in the platform so admins can assign precise training based on real vulnerabilities quickly and efficiently.

Aspen Adapt

Aspen Adapt integrates Security Journey directly with GitHub to analyze live commit activity and identify potential code weaknesses mapped to CWE (Common Weakness Enumeration). These findings appear inside the Security Journey platform, giving administrators clear insight into the secure-coding skills that need reinforcement across their teams.

Rather than relying on generic training or disruptive in-workflow prompts, admins can quickly prioritize the most common or impactful weaknesses and assign targeted Security Journey lessons that address those gaps.

Key benefits

  • Evidence-based training aligned to real vulnerabilities

  • Admin-controlled assignments—no PR comments or developer alerts

  • Faster, more relevant skill reinforcement

  • Scales across teams and repositories without added noise

Result

A continuous feedback loop between real code activity and secure-coding training—strengthening developer skills without interrupting developer workflow.

How It Works

Aspen Adapt uses your organization’s Source Control Managment (SCM) to drive which training matters most.

Aspen adapt links code scan results and commit metadata, to help you:

  1. Detect potential issues aligned to CWE patterns.

  2. Consolidate findings inside the Security Journey platform.

    1. You can see the CWE number, Username, Email, Repository, PR Number, Commit SHA and when it was created all in one place. 

  3. Reduce the time needed to review findings and assign training.

Notes

  • Aspen: Adapt does not access source code directly
  • Only scan output data from your existing tools is transmitted
  • This ensures both security and developer privacy

Configuration and Setup

Prerequisites

Before configuring Aspen Adapt, ensure the following requirements are met:

  • You are a Security Journey Admin with permission to generate and manage API keys
  • Aspen Adapt is enabled for your tenant
  • Access to your organization’s source control system (e.g., GitHub, GitLab, Bitbucket)
  • A CI/CD pipeline or security scanning tool that produces CWE-mapped findings

Choose Your Integration Method

Aspen Adapt supports two methods for sending CWE findings to Security Journey. Choose the option that best fits your workflow:

Option 1: Send Findings via API

Use this method if you want to integrate Aspen Adapt directly with your existing tools or pipelines.

Overview:

  • Send CWE findings to Security Journey using the Aspen Adapt API
  • Works with any CI/CD system or scanning tool
  • Provides maximum flexibility and customization

Steps:

  1. Generate an Aspen Adapt API key from the Security Journey platform
  2. Configure your pipeline or tooling to send findings to the API
  3. Ensure findings include required metadata (e.g., CWE, commit SHA, committer email)

Documentation:

Option 2: Use GitHub Adapt Action Workflow

Use this method if you want a pre-configured integration directly within GitHub.

Overview:

  • Leverages a GitHub Actions workflow to send findings automatically
  • Ideal for teams already using GitHub Actions
  • Simplifies setup with a standardized workflow

Steps:

  1. Incorporate the Adapt Action into your Github workflow within your repository
  2. Configure required environment variables (e.g., API key)
  3. Connect your scanning tool to the Adapt action within the workflow

Documentation:

Validate Integration

After configuring either method:

  • Trigger a scan or workflow run
  • Confirm findings are sent successfully
  • Verify data appears in Aspen Adapt, including:
    • CWE number
    • Username and email
    • Repository and PR number
    • Commit SHA
    • Timestamp