AutoFix Suggestions and Inline Commenting for PR Checks
Aikido supports inline comments for Secrets, SAST & IaC issues directly in your SCM software. This feature allows developers to receive security feedback on specific lines of code, helping them resolve issues faster. Configuration is available per repository, so teams can enable it only where needed.
Moreover, for SAST and IaC issues, we can also make AutoFix suggestions to fix issues instantly when they arise.
This feature is currently available for GitHub, GitLab Cloud/Server, Bitbucket and Azure DevOps.
Prerequisities
Make sure to have your CI Checks enabled (via the Aikido Dashboard)
You are an admin within Aikido
Enabling Inline Commenting
Step 1: Go to the settings page via Repositories > Pull/Merge Requests > Manage PR/MR Checks
Step 2:Select the repo(s) for which you want to enable it and click Setup PR Scans
Step 3:Enable the toggle for Add comments. Make sure at least SAST or Secrets scan is enabled.
Step 4: When a new SAST, IaC or secret issue is introduced (based on the scan failure severity), a new comment will be added in your SCM.
Security bot flags script from malicious domain, recommends its immediate removal from code.
Step 5. When available, Aikido will make AutoFix suggestions. Review the diff and commit the suggestion to fix the newly introduced vulnerability all at once.
Suggested code change to add "drop_invalid_header_fields" to AWS ALB resource configuration.
