Autofix for 3rd Party Dependencies

Aikido Autofix is a tool you can use to automatically fix vulnerabilities in 3rd party dependencies in your projects. It will do this by creating pull requests that remove the vulnerability via package updates or by other means. In some cases an Aikido Autofix can remove a whole class of vulnerabilities instead of just 1 issue.

Note. If you are using Aikido Local Scanner, you will not have access to this functionality and this will be hidden in sidebar.

Autofix Overview Page

Aikido allows you to easily create PRs for multiple version upgrades and fixes at the same time. By grouping per repo and lockfile, we ensure that PRs never get to large and are able to be merged without breaking certain parts of the app.

Important. By default, Aikido will always give you the minimum version required to do the fix, never a higher one. This means we prioritise minor version bumps always over the major ones, ensuring there are not too many breaking changes on your side. If a major upgrade is proposed, it is because a minor version upgrade would not fix the issue at hand.

Autofix options

When creating an autofix, multiple options will be presented to you.

Upgrade all packages: upgrades all packages and will contain major, minor and patch upgrades.
Minor and Patch Versions Only: upgrades minor and patch versions only
Critical Issues only: these are the critical issues as defined by Aikido. These can contain major, minor and patch upgrades.

After you will be shown with a progress window (bottom right) on the state of the PR creation. You will receive an update once the PR is ready.

Aikido CI API

Autofix for GitHub, BitBucket, GitLab Cloud