SCORM Overview
SecureCodingHub integrates with Learning Management Systems (LMS) via SCORM 1.2 and SCORM 2004 packages. Launch SecureCodingHub directly from your LMS and track completion and scores.
What is SCORM?
SCORM (Sharable Content Object Reference Model) is an e-learning standard for packaging and delivering training content through an LMS. SecureCodingHub provides SCORM packages that launch the platform within your LMS.
Supported Versions
SCORM 1.2
Widely supported. Compatible with most LMS platforms including Moodle, Canvas, Blackboard, and SAP SuccessFactors.
SCORM 2004
Newer standard with improved sequencing. Recommended for modern LMS platforms that support it.
How It Works
Admin downloads SCORM package from SecureCodingHub
Admin uploads package to their LMS
Learner launches the course from the LMS
SCORM bridge redirects to SecureCodingHub with session info
Learner completes training in SecureCodingHub
Progress and scores are reported back to the LMS
What Gets Tracked
| Data | Description |
|---|---|
| Completion Status | incomplete / completed |
| Score | 0-100 (raw score based on challenge performance) |
| Session Time | Time spent in each session |
| Bookmark | Resume position for continuing later |
When to use SCORM vs. native SecureCodingHub
SCORM is the right choice when the organisation has already standardised on an LMS — typically Cornerstone, SAP SuccessFactors, Workday Learning, Moodle, Canvas, Blackboard, or Docebo — and wants every learning record, including secure-coding training, to live alongside compliance, HR, and onboarding modules in a single transcript. The same is true when the compliance team needs to generate evidence from the LMS for an external auditor and cannot rely on a separate export from another platform.
Native SecureCodingHub access is usually a better fit when developers need a frictionless path into the practice and learn environment, when you want to use leaderboards, streaks, and rich progress dashboards, or when administrators want to manage assignments, deadlines, and reminder cadence inside SecureCodingHub instead of through the LMS. Many customers use both: SCORM for the official record of completion, native access for day-to-day practice between assignments.
What's inside the SCORM package
The SecureCodingHub SCORM package is a self-contained ZIP that conforms to either the SCORM 1.2 Run-Time Environment or the SCORM 2004 4th Edition Sequencing and Navigation models. It contains an imsmanifest.xml describing the SCO structure and resources, a lightweight HTML launch shell, and a SCORM bridge script that handles single-sign-on hand-off from the LMS to the SecureCodingHub session. No SecureCodingHub training content lives inside the package itself — the package is the connector, the content is streamed live so updates and new topics appear without re-uploading.
That separation matters in practice. When SecureCodingHub publishes a new OWASP Top 10 module, a refreshed PCI DSS challenge, or a new language path, the LMS catalog picks it up immediately. Customers do not need to download a new SCORM package, request a security review for the new ZIP, or re-publish the course inside the LMS for each content release.
Compliance and reporting considerations
For PCI DSS v4.0.1 requirement 6.2.2, ISO/IEC 27001 Annex A.8.28, SOC 2 CC1.4, and EU Cyber Resilience Act secure-development expectations, the LMS becomes the system of record. The SCORM bridge writes the completion status, raw score, and total session time back into the LMS at the end of every session, which means the auditor's evidence — the LMS transcript export — already contains everything required to demonstrate that named developers completed the training within the policy window.
If your auditor asks for additional detail, such as per-challenge performance or remediation activity, those reports remain available inside SecureCodingHub and can be exported as PDF or CSV from the admin console. The two views complement each other: the LMS proves the policy was satisfied; SecureCodingHub proves the engineering team got better.