AutoFix suggestions and Inline Commenting for PR Checks

Aikido supports inline comments for Secrets, SAST & IaC issues directly in your SCM software (like GitHub). This feature allows developers to receive security feedback on specific lines of code, helping them resolve issues faster. Configuration is available per repository, so teams can enable it only where needed.

Moreover, for SAST and IaC issues, we can also make AutoFix suggestions to fix issues instantly when they arise.

This feature is currently available for GitHub, GitLab Cloud/Server, Bitbucket and Azure DevOps.

Prerequisities

Make sure to have your CI Checks enabled (via the Aikido Dashboard)
You are an admin within Aikido

Enabling Inline Commenting

Step 1: Go to the CI checks page via Integrations > CI > Your SCM

Step 2: Select the repos for which you want to enable the functionality and click Configure scans

Step 3: Enable the toggle for inline commenting. Make sure at least SAST or Secrets scan is enabled.

Step 4: When a new SAST, IaC or secret issue is introduced (based on the scan failure severity), a new comment will be added in your SCM.

Step 5. When available, Aikido will make AutoFix suggestions. Review the diff and commit the suggestion to fix the newly introduced vulnerability all at once.

CI Scan History Overview

GitHub CI: PR Gating via Aikido Dashboard