If you’re an avid reader of Application Security surveys, analyst papers, or incident reports, you may have concluded that the biggest issue most organizations have with application security is NOT finding the flaws in their codebase, but is, in fact, finding ways to remediate them while also creating new applications and updates, oh and keeping the lights on.
Many organizations are drowning in security debt. Worse, every innovation that helps new code get created faster — like AI coding assistants - is just adding to it. What they have been asking us for are more and more ways to accelerate flaw remediation and to off-load as much of the toil from their developers as possible.
In the year or so since we launched Veracode Fix, thousands of developers have been able to use our combination of human expertise and AI-scale to fix flaws in minutes that were previously taking hours. Along with the requests for more language and flaw-type support, the biggest ask has been for workflow integrations—after all, Veracode Fix is here to make things easier, not add a speed bump. We’ve delivered Fix into popular IDEs (with more to come) and in a CLI that works on most platforms. But that’s clearly not enough. So much workflow is embedded into tools like GitHub that it was clear that our customers needed Veracode Fix integrated into the Push/Pull Request activities.
Veracode are pleased to announce the availability of a new GitHub action that brings the power of our AI code remediation assistant to your GitHub CI/CD pipeline. In combination with Veracode’s existing Actions, customers now get a workflow that will package, scan, and then remediate discovered flaws in your project.
The new Veracode Fix action is flexible and can be configured to work in several different ways:
What flaws to identify for remediation:
- Remediate all the files in the project, or just the files changed in the pull request
- Remediate all the supported flaw types or select a range of specific flaw types
- Make individual comments for each flaw remediation, or a single comment for all flaws/remediations
What to do with the remediations:
- Create comments and annotations on the pull request (if the triggering event is a pull request) with the potential fixes
- Create a new branch and a new pull request with the remediation code changes to the source file.
Obviously, these settings can be used in different combinations depending on how you want everything to function in your workflow. There are several example configurations in the documentation, along with more detailed explanations of the various settings.
The Veracode Fix GitHub action is available in the GitHub Marketplace now for Veracode customers. We want to hear what you think. New features and improvements are being planned and made right now, so your voice is important.
Not yet a Veracode customer? If you’d like to experience what having us on your team would feel like, why not book a demo?