{"id":13624295,"url":"https://github.com/skills/secure-code-game","last_synced_at":"2025-05-14T04:09:16.138Z","repository":{"id":148710212,"uuid":"617044081","full_name":"skills/secure-code-game","owner":"skills","description":"A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.","archived":false,"fork":false,"pushed_at":"2025-03-13T20:07:05.000Z","size":293,"stargazers_count":2258,"open_issues_count":1,"forks_count":256,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-04-11T01:41:46.014Z","etag":null,"topics":["code-scanning","code-security","codeql","skills-course"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skills.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-21T15:35:53.000Z","updated_at":"2025-04-10T14:36:33.000Z","dependencies_parsed_at":"2024-06-24T15:45:30.850Z","dependency_job_id":"44417154-9bad-402e-b8b2-c4a97718b64f","html_url":"https://github.com/skills/secure-code-game","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skills%2Fsecure-code-game","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skills%2Fsecure-code-game/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skills%2Fsecure-code-game/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skills%2Fsecure-code-game/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skills","download_url":"https://codeload.github.com/skills/secure-code-game/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254070020,"owners_count":22009559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-scanning","code-security","codeql","skills-course"],"created_at":"2024-08-01T21:01:41.129Z","updated_at":"2025-05-14T04:09:11.100Z","avatar_url":"https://github.com/skills.png","language":"Python","readme":"\u003cheader\u003e\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Course header \u003e\u003e\u003e\n  Read \u003chttps://skills.github.com/quickstart\u003e for more information about how to build courses using this template.\n  Include a 1280×640 image, course name in sentence case, and a concise description in emphasis.\n  In your repository settings: enable template repository, add your 1280×640 social image, auto delete head branches.\n  Next to \"About\", add description \u0026 tags; disable releases, packages, \u0026 environments.\n  Add your open source license, GitHub uses the MIT license.\n--\u003e\n\n# Secure Code Game\n\n_A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code. At the same time, this is an open source project that welcomes your [contributions](https://github.com/skills/secure-code-game/blob/main/CONTRIBUTING.md) as a way to give back to the community._\n\n\u003c/header\u003e\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Course start \u003e\u003e\u003e\n  Include start button, a note about Actions minutes,\n  and tell the learner why they should take the course.\n--\u003e\n\n## Welcome\n\n- **Who is this for**: Developers, students.\n- **What you'll learn**: How to spot and fix vulnerable patterns in real-world code, build security into your workflows, and understand security alerts generated against your code.\n- **What you'll build**: You will develop fixes on functional but vulnerable code.\n- **Prerequisites**: For the first season, you will need some knowledge of `python3` for most levels and `C` for Level 2. For the second season, you will need some knowledge of `GitHub Actions` for level 1, `go` for level 2, `python3` for level 4, and `javascript` for levels 3 and 5.\n- **How long**: Each season is five levels long and takes 2-9 hours to complete. The complete course has 2 seasons.\n\n### How to start this course\n\n\u003c!-- For start course, run in JavaScript:\n'https://github.com/new?' + new URLSearchParams({\n  template_owner: 'skills',\n  template_name: 'secure-code-game',\n  owner: '@me',\n  name: 'skills-secure-code-game',\n  description: 'My clone repository',\n  visibility: 'public',\n}).toString()\n--\u003e\n\n[![start-course](https://user-images.githubusercontent.com/1221423/235727646-4a590299-ffe5-480d-8cd5-8194ea184546.svg)](https://github.com/new?template_owner=skills\u0026template_name=secure-code-game\u0026owner=%40me\u0026name=skills-secure-code-game\u0026description=My+clone+repository\u0026visibility=public)\n\n1. Right-click **Start course** and open the link in a new tab.\n1. In the new tab, most of the prompts will automatically fill in for you.\n   - For owner, choose your personal account or an organization to host the repository.\n   - We recommend creating a public repository, as private repositories will [use Actions minutes](https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions).\n   - Scroll down and click the **Create repository** button at the bottom of the form.\n1. You can now proceed to the 🛠️ set up section.\n\n## 🛠️ The set up\n\n#### 🖥️ Using codespaces\n\nAll levels are configured to run instantly with GitHub Codespaces. If you chose to use codespaces, be aware that this course **will count towards your 60 hours of monthly free allowance**. For more information about GitHub Codespaces, see the \"[GitHub Codespaces overview](https://docs.github.com/en/codespaces/overview).\" If you prefer to work locally, please follow the local installation guide in the next section.\n\n1. To create a codespace, click the **Code** drop down button in the upper-right of your repository navigation bar.\n1. Click **Create codespace on main**.\n1. After creating a codespace, relax and wait for VS Code extensions and background installations to complete. This should take less than three minutes.\n1. At this point, you can get started with Season-1 or Season-2 by navigating on the respective folders and reading the `README.md` file.\n1. Once you click on individual levels, a banner might appear on the bottom right asking you if you want to create a virtual environment. Dismiss this notification as you _don't_ need to create a virtual environment.\n\nOptional: We recommend these free-of-charge additional extensions, but we haven't pre-installed them for you:\n\n1. `github.copilot-chat` to receive AI-generated code explanations.\n1. `alexcvzz.vscode-sqlite` to visualize the SQL database created in Season-1/Level-4 and the effects of our exploits on its content.\n\nIf you need assistance, don't hesitate to ask for help in our [GitHub Discussions](https://github.com/skills/secure-code-game/discussions) or on our [Slack](https://gh.io/securitylabslack), at the [#secure-code-game](https://ghsecuritylab.slack.com/archives/C05DH0PSBEZ) channel.\n\n#### 💻 Local installation\n\nPlease note: You don't need a local installation if you are using GitHub Codespaces.\n\nThe following local installation guide is adapted to Debian/Ubuntu and CentOS/RHEL.\n\n1. Open your terminal.\n1. Install OpenLDAP headers needed to compile `python-ldap`, depending on your Linux distribution. Check by running:\n\n```bash\nuname -a\n```\n- For Debian/Ubuntu, run:\n```bash\nsudo apt-get update\nsudo apt-get install libldap2-dev libsasl2-dev\n```\n\n- For CentOS/RHEL, run:\n\n```bash\nsudo yum install python-devel openldap-devel\n```\n\n- For Archlinux, run:\n\n```bash\nsudo pacman -Sy libldap libsasl\n```\n\n- Then, for all of the above Linux distributions install `pyOpenSSL` by running:\n\n```bash\npip3 install pyOpenSSL\n```\n\nOnce installation has completed, clone your repository to your local machine and install required dependencies.\n\n1. From your repository, click the **Code** drop down button in the upper-right of your repository navigation bar.\n1. Select the `Local` tab from the menu.\n1. Copy your preferred URL.\n1. In your terminal, change the working directory to the location where you want the cloned directory.\n1. Type `git clone` and paste the copied URL.\n\n```\n$ git clone https://github.com/YOUR-USERNAME/YOUR-REPOSITORY\n```\n\n6. Press **Enter** to create your local clone.\n7. Change the working directory to the cloned directory.\n8. Install dependencies by running:\n\n```bash\npip3 install -r requirements.txt\n```\n\n- Programming Languages\n\n1. To play Season 1, you will need to have `python3` and `c` installed.\n1. To play Season 2, you will need to have `yaml`, `go`, `python3` and `node` installed.\n\nIf you are using VS Code locally, you can install the above programming languages through the editor extensions with these identifiers:\n\n1. `ms-python.python`\n1. `ms-python.vscode-pylance`\n1. `ms-vscode.cpptools-extension-pack`\n1. `redhat.vscode-yaml`\n1. `golang.go`\n\nPlease note that for the `go` programming language, you need to perform an extra step, which is to visit the [official website](https://go.dev/dl/) and download the driver corresponding to your operating system.\n\nNow, it's necessary to install `node` to get the `npm` packages we have provided. To do so:\n\n1. Start by installing a package manager like `homebrew` by running:\n\n```bash\n/bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"\n```\n\n2. Install `node`:\n\n```bash\nbrew install node\n```\nAdapt the command to the package manager you have chosen if it's not homebrew.\n\n3. The `npm` packages needed are specified in `package.json` and `package-lock.json`. Navigate to the `secure-code-game` repository and install them by running:\n\n```bash\nnpm install --prefix Season-2/Level-4/ \u0026\u0026 npm install --global mocha\n```\n\n4. At this point, you can get started with Season-1 or Season-2 by navigating on the respective folders and reading the `README.md` file.\n\nWe recommend these free-of-charge additional extensions:\n\n1. `github.copilot-chat` to receive AI-generated code explanations.\n1. `alexcvzz.vscode-sqlite` to visualize the SQL database created and the effects of our exploits on its content.\n\nFor more information about cloning repositories, see \"[Cloning a repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository).\"\n\n\u003cfooter\u003e\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Footer \u003e\u003e\u003e\n  Add a link to get support, GitHub status page, code of conduct, license link.\n--\u003e\n\n---\n\nGet help: Email us at securitylab-social@github.com \u0026bull; [Review the GitHub status page](https://www.githubstatus.com/)\n\n\u0026copy; 2024 GitHub \u0026bull; [Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md) \u0026bull; [MIT License](https://gh.io/mit)\n\n\u003c/footer\u003e\n","funding_links":[],"categories":["Python","Getting Started","JavaScript"],"sub_categories":["CodeQL Getting Started and Guides (along side the [official docs](https://codeql.github.com/docs/))"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskills%2Fsecure-code-game","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskills%2Fsecure-code-game","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskills%2Fsecure-code-game/lists"}