AI Autofix for Containers
Aikido Local Scan accounts DO NOT have access to AutoFix within the UI. In the future, it will be available within our IDE plugins.
The goal is simple: fix more, faster—with less noise. AI Autofix helps you patch container vulnerabilities in bulk by suggesting safe, reviewable Dockerfile updates.
In Short
Base Image Updates: When vulnerabilities are found in a container's base image, Autofix suggests update options—patch, minor, or major.
Multiple Patch Options: Get 3–5 Dockerfile variants, each tied to a different base image. For each, see which vulnerabilities are fixed—and if any new ones are introduced.
Use Your Judgment: Major updates often fix more, but may require manual changes. Choose what fits your stack best.
Key Features of AI Autofix for Containers
Preview Changes Before You Fix: Review detailed previews of AI-generated fixes before implementing them.
Create Pull Requests (PRs): Generate pull requests directly in your Source Control Management (SCM) system
Good to Know
Processing Time: It can take up to 5 minutes for Autofix to generate suggestions, as it scans all potential base image updates for vulnerabilities.
Public Base Images Only: Container Autofix only supports public base images. If a private base image is detected, you’ll see a "no fix available" message.
Dockerfile Linking: We auto-detect the Dockerfile from your repo. If there’s ambiguity, you’ll be asked to set the correct path in the UI.
Privacy First: ode snippets are sent securely to AWS Bedrock via encrypted channels. Neither Aikido nor AWS Bedrock use your code for training or fine-tuning AI models.
How to use the AI Autofix functionality
Step 1. Go to the Container Autofix Page.
See a list of containers with the option to Generate Preview. If a container isn’t linked to a repo, or if the Dockerfile path is unclear, you’ll be prompted to configure it manually.
Step 2. Review and Select a Patch Option
Each option shows what it fixes and if it introduces new issues. Pick the one that fits your setup.
Step 3. Create PR
Autofix generates a pull request directly in your SCM with the updated Dockerfile.