AI Autofix for Containers

The goal is simple: fix more, faster—with less noise. AI Autofix helps you patch container vulnerabilities in bulk by suggesting safe, reviewable Dockerfile updates.

In Short

• Base Image Updates: When vulnerabilities are found in a container's base image, Autofix suggests update options—patch, minor, or major.

• Multiple Patch Options: Get 3–5 Dockerfile variants, each tied to a different base image. For each, see which vulnerabilities are fixed—and if any new ones are introduced.

• Use Your Judgment: Major updates often fix more, but may require manual changes. Choose what fits your stack best.

Key Features of AI Autofix for Containers

• Preview Changes Before You Fix: Review detailed previews of AI-generated fixes before implementing them.

• Create Pull Requests (PRs): Generate pull requests directly in your Source Control Management (SCM) system

  

Good to Know

• Processing Time: It can take up to 5 minutes for Autofix to generate suggestions, as it scans all potential base image updates for vulnerabilities.

• Public Base Images Only: Container Autofix only supports public base images. If a private base image is detected, you’ll see a "no fix available" message.

• Dockerfile Linking: We auto-detect the Dockerfile from your repo. If there’s ambiguity, you’ll be asked to set the correct path in the UI.

• Privacy First: We never use your code for training or fine-tuning AI models. Code snippets are sent securely to AWS Bedrock via encrypted channels.

How to use the AI Autofix functionality

• Step 1. Go to the Container Autofix Page.

  See a list of containers with the option to Generate Preview. If a container isn’t linked to a repo, or if the Dockerfile path is unclear, you’ll be prompted to configure it manually.

  

• Step 2. Review and Select a Patch Option

  Each option shows what it fixes and if it introduces new issues. Pick the one that fits your setup.

  • 

• Step 3. Create PR

  Autofix generates a pull request directly in your SCM with the updated Dockerfile.