Build code security skills with the GitHub Secure Code Game

In March 2023, the Secure Code Game was launched as an in-repo learning experience where developers fix intentionally vulnerable code to build a secure coding mindset while having fun. Since its release, over 3,500 developers have participated, prompting the launch of a second season featuring community-contributed challenges in JavaScript, Python, Go, and GitHub Actions. The game provides an engaging, hands-on alternative to traditional secure coding training, addressing community feedback about the limitations of theoretical, video-based courses. The gamified approach encourages developers to identify and fix security issues without regressing functionality, all within their familiar coding environment. The game has been adopted by enterprises, educational institutions, and open-source communities, significantly reducing security issues and fostering an increased sense of ownership among developers. Open-sourcing the game allows the community to contribute, and its use in classrooms, like at the University of Novi Sad, has demonstrated its effectiveness in interactive, practical learning. Additionally, the integration of CodeQL within GitHub Advanced Security (GHAS) provides further support for players tackling game challenges.