Remediate your custom code findings (SAST) with Mend for GitHub.com
Overview
Mend’s AI-based Code (SAST) remediation utilizes an advanced AI model powered by ChatGPT to enhance code security by providing actionable code-fix suggestions for detected security findings and automating remediation. This solution integrates seamlessly into your security workflow, allowing for effective risk reduction through automated code remediation.
Once activated, the system evaluates detected issues using the Mend SAST detection engine Gen 2 and suggests high-confidence code fixes, which can be reviewed in both Mend Repository Integrations and the Mend Platform. Feedback on these suggestions helps refine future recommendations, while dashboards within the Mend Application offer insights into remediation trends and volumes at various organizational levels.
What data Mend AI-Based Code Remediation Collect
Customer Data
Mend AI-Based Code Remediation Fix neither gathers customer data for training nor shares it with third parties.
The remediation process is based solely on source code snippets related to your Code findings.
No additional data is collected, and the AI model operates on a private instance, ensuring that no data is shared with the third-party LLM Provider(s).
Optional feedback may be provided to help Mend monitor adoption and enhance the solution.
For more information on the terms and conditions of the Mend AI-Based Code Remediation, please visit our Mend AI-Powered Code Features Supplemental Terms of Service.
Getting it done
Prerequisites
Note: This feature is a controlled release. Your feedback during this phase will be invaluable, as it will help us perfect it and deliver an exceptional, game-changing product.
Mend account with SAST entitlement on the Mend Platform
GitHub.com repository integration should be activated and configured with the Mend license key
Code Remediation feature enabled for your Mend organization
Enable the Code Findings Remediation Opt-In toggle under the General Administration menu:
If enabled, snippets of your source code will be shared with Mend.io’s AI model to provide remediation suggestions.
To get remediation suggestions, the snippet size must be set to at least 10 lines of code, which is the default.
You can disable this option to prevent any code sharing with the model and turn off Mend Code AI-based remediation entirely.
After enabling the Code Findings Remediation Opt-In toggle, your projects must be rescanned to make Code Remediation work. Then, you have to log out and log in again to update the UI and view the code remediations.
Mend AI-Based Code Remediation Supported Languages
Mend AI-based Code remediation supports the following languages and CWEs (Common Weakness Enumeration):
Language | CWE |
---|---|
Java |
|
JavaScript | |
C# |
Enable Mend AI-Based Code Remediation in Mend for GitHub.com
To configure the AI-based Code remediation through the Mend for GitHub.com integration, you should add the parameter "enableRemediation": true
under the scanSettingsSAST
section in the .whitesource file:
"scanSettingsSAST": {
"enableScan": true,
"enableRemediation": true,
"scanPullRequests": true,
"incrementalScan": true,
"baseBranches": [],
"snippetSize": 10
}
View the suggested Code remediations
If you scanned through the repository, you can also view and apply the suggested Code remediations in two ways:
Mend Code Security Report
Navigate to the Mend Code Security Report in the GitHub Issues section.
Click on Remediation Suggestion to view the available code fix for the given finding.
You can view the suggested remediation and use the following method to understand the results:
Red lines indicate removed original code lines.
Green lines represent added code for completed remediation.
You can provide feedback on the provided remediation (Like / Unlike). This feedback is tracked but not used to improve the suggestions, as Mend is not sharing any customer code with the model.
Mend Code Security Check
Once a Pull Request is created on a feature branch, navigate to the Conversation section.
Click on Remediation Suggestion to view the available code fix for the given finding.
You can view the suggested remediation and use the following method to understand the results:
Red lines indicate removed original code lines.
Green lines represent added code for completed remediation.
You can provide feedback on the provided remediation (Like / Unlike). This feedback is tracked but not used to improve the suggestions, as Mend is not sharing any customer code with the model.
Mend Platform
Within the Mend Platform, Code remediation is just computed on demand and can be viewed in your Application/Project Code findings view:
Select a project and navigate to the Code Findings section.
Within the Code Findings table, make sure the Remediation column is added to the view to see which findings have an available remediation.
Select a Code Finding with an available remediation to see its remediation details.
You can review the Remediation Description as suggested by Mend.
You can provide feedback on the provided remediation (Like / Unlike). This feedback is tracked but not used to improve the suggestions, as Mend is not sharing any customer code with the model.
In case you would like to provide detailed feedback, click on Provide detailed feedback.
A pop-up screen will appear with various options for you to select from, or you can describe your feedback in your own words. When you are ready to send it, click Submit Feedback.
How to fix Code findings
Once a Mend Code Security Check (SAST) has been completed in the repository, you can review the suggested remediations and create a Pull Request to implement the code fix.
Mend Code Security Report
Navigate to the Mend Code Security Report in the created GitHub Issue.
Click on Remediation Suggestion to view the available code fix for the given finding.
In case you would like to apply the suggested remediation, click on Create Pull Request.
Navigate to the Pull Requests section of the repository.
Open the newly created Pull Request after applying the Mend remediate suggestion.
You can review the PR Explanation in the conversation comment.
Click Merge pull request to push the Mend code remediation to your branch. Mend recommends waiting for a completed Mend Code Security Check before pushing this PR into your relevant branch.
Mend Code Security Check
Navigate to the Mend Code Security Check in the created GitHub Pull Request, and click on the Conversation section.
Click on Remediation Suggestion to view the available code fix for the given finding.
In case you would like to apply the suggested remediation, you can select between two ways:
You can create a pull request by clicking on “Create Pull Request into yourFeatureBranchName”.
Update the feature branch through a commit by clicking on “Update yourFeatureBranchName”.
In case a pull request was created, navigate to the Pull Requests section of the repository.
Open the newly created Pull Request after applying the Mend remediate suggestion.
You can review the PR Explanation in the conversation comment.
Click Merge pull request to push the Mend code remediation to your branch. Mend recommends waiting for a completed Mend Code Security Check before pushing this PR into your relevant branch.