# AutoFix for Containers The goal is simple: fix more, faster—with less noise. AI Autofix helps you patch container vulnerabilities in bulk by suggesting safe, reviewable Dockerfile updates. ### In Short * **Base Image Updates:** When vulnerabilities are found in a container's base image, Autofix suggests update options—patch, minor, or major. * **Multiple Patch Options**: Get 3–5 Dockerfile variants, each tied to a different base image. For each, see which vulnerabilities are fixed—and if any new ones are introduced. * **Extended Lifecycle Support Images:** When available, AutoFix will propose an Aikido-maintained version of the base image where **HIGH** and **CRITICAL** severity issues have been remediated. [Learn more](/autofix-and-remediation/scope/autofix-for-containers-using-hardened-images.md) about using ELS images. * **Use Your Judgment**: Major updates often fix more, but may require manual changes. Choose what fits your stack best. ### Key Features of AI Autofix for Containers * **Preview Changes Before You Fix:** Review detailed previews of AI-generated fixes before implementing them. * **Create Pull Requests (PRs):** Generate pull requests directly in your Source Control Management (SCM) system ![Autofix preview updating nginx version to resolve critical security vulnerabilities.](/files/FPxGjUwlvHYkEwTOsiHQ) *** ### Good to Know * **Processing Time:** It can take up to 5 minutes for Autofix to generate suggestions, as it scans all potential base image updates for vulnerabilities. * **Public and Private Base Images**: Container Autofix can update both public base images and private base images. The private base images need to be scanned by Aikido. Supported registries for private base images are: Docker Hub, GitHub Container Registry, AWS Elastic Container Registry, Azure Container Registry, GCP Container Registry. * **Dockerfile Linking**: We auto-detect the Dockerfile from your repo. If there’s ambiguity, you’ll be asked to set the correct path in the UI. * **Privacy First**: code snippets are sent securely to AWS Bedrock via encrypted channels. Neither Aikido **nor** [AWS Bedrock](https://aws.amazon.com/bedrock/security-compliance/) use your code for training or fine-tuning AI models. ### How to use the AI Autofix functionality * **Step 1**. **Go to the** [**Container Autofix Page**](https://app.aikido.dev/issues/fix/container)[.](https://app.aikido.dev/issues/fix/sast) See a list of containers with the option to **Generate Preview**. If a container isn’t linked to a repo, or if the Dockerfile path is unclear, you’ll be prompted to configure it manually. ![Dashboard showing critical security issues in container images and options to generate autofix previews.](/files/ZD8bGr2ygisnXkfMnSd1) * **Step 2.** **Review and Select a Patch Option** Each option shows what it fixes and if it introduces new issues. Pick the one that fits your setup. ![Security update preview for nginx-web Dockerfile, showing resolved vulnerabilities and suggested version upgrade.](/files/17D1deWONvhUgEzc041C) * **Step 3. Create PR** Autofix generates a pull request directly in your SCM with the updated Dockerfile. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/autofix-and-remediation/scope/ai-autofix-for-containers.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.