Autofix for 3rd party dependencies
Aikdo Autofix is a tool you can use to have Aikido fix vulnerabilities in 3rd party dependencies in your projects. It will do this by creating pull requests that remove the vulnerability via package updates or by other means. In some cases an Aikido Autofix can remove a whole class of vulnerabilities instead of just 1 issue.
Step 1. Enable Autofix on the Autofix Settings page or go to Autofix Page and click on Enable Autofix.
Step 2. After installing the Aikido Autofix application, you can instruct Aikido to create these pull requests. This can either be done via the action menu in the sub-issues table in the sidebar or manage in bulk on the Autofix page.
We'll always explain beforehand what Aikido Autofix will be doing. In some cases, there are multiple ways we can fix an issue. In such a case you will be able to select the option you prefer.
When a fix is prepared, we'll present you with a modal with the commands we are running to install the requested fix. This way you'll be able to reproduce the creation of the pull request locally if needed. The modal can be closed while the process is still running.
Support for the auto-fixer at this time is limited to Javascript (Yarn, npm, pnpm), Go, PHP (composer) and Python repositories which are hosted on Github, Bitbucket or Gitlab/GitLab Self-Managed (see Article).