Autofix for GitLab Self Managed

Introduction

Aikdo Autofix is a tool you can use to have Aikido fix vulnerabilities in 3rd party dependencies in your projects. It will do this by creating pull requests that remove the vulnerability via package updates or by other means. In some cases an Aikido Autofix can remove a whole class of vulnerabilities instead of just 1 issue.

Setup Autofix for GitLab Self Managed

By default, Aikido only has read access on your Gitlab Self Managed instance. To use Aikido Autofix a separate access token with write access is required.

Step 1. Enable Autofix on the Autofix Settings page or go to Autofix Page and click on Enable Autofix.

Step 2. Click Authorize, and you will see this modal:

Step 3. Head over to your Self Managed Gitlab account. Click on your personal account icon top left and go to preferences.

Step 4. In the sidebar, select Access Token. Then click the "Add new token"-button

Step 5. Name the token 'Aikido Autofix' and add the following permissions: api & write_repository

Step 6. Copy the newly created token and paste it into the modal in Aikido.

Step 7. Click save and you are all set. You will now be able to execute autofix PRs from the Autofix page or from the action menu for subissues in the sidebar.

Automatic Creation of Pull Requests

Autofix for Azure DevOps