APIAikido login

AutoFix suggestions and Inline Commenting for PR Checks

Aikido supports inline comments for Secrets, SAST & IaC issues directly in your SCM software (like GitHub). This feature allows developers to receive security feedback on specific lines of code, helping them resolve issues faster. Configuration is available per repository, so teams can enable it only where needed.

Moreover, for SAST and IaC issues, we can also make AutoFix suggestions to fix issues instantly when they arise.

This feature is currently available for GitHub, GitLab Cloud/Server, Bitbucket and Azure DevOps.

Prerequisities

  • Make sure to have your CI Checks enabled (via the Aikido Dashboard)

  • You are an admin within Aikido

Enabling Inline Commenting

Step 1: Go to the CI checks page via Integrations > PR Quality Gating > Your SCM

Step 2: Select the repos for which you want to enable the functionality and click Configure scans

Step 3: Enable the toggle for comments and AutoFix suggestions. Make sure at least SAST or Secrets scan is enabled.

Step 4: When a new SAST, IaC or secret issue is introduced (based on the scan failure severity), a new comment will be added in your SCM.

Security bot flags script from malicious domain, recommends its immediate removal from code.

Step 5. When available, Aikido will make AutoFix suggestions. Review the diff and commit the suggestion to fix the newly introduced vulnerability all at once.

Suggested code change to add "drop_invalid_header_fields" to AWS ALB resource configuration.

Last updated

Was this helpful?