Remediate your Code (SAST) findings

Overview

Mend’s AI-based Code (SAST) remediation utilizes an advanced AI model powered by ChatGPT to enhance code security by providing actionable code-fix suggestions for detected security findings and automating remediation. This solution integrates seamlessly into your security workflow, allowing for effective risk reduction through automated code remediation.

Once activated, the system evaluates detected issues using the Mend SAST detection engine Gen 2 and suggests high-confidence code fixes, which can be reviewed in both Mend Repository Integrations and the Mend Platform. Feedback on these suggestions helps refine future recommendations, while dashboards within the Mend Application offer insights into remediation trends and volumes at various organizational levels.

What Data does Mend AI-Based Code Remediation Collect?

Customer Data

Mend AI-Based Code Remediation Fix neither gathers customer data for training nor shares it with third parties.

• The remediation process is based solely on source code snippets related to your Code findings.

• No additional data is collected, and the AI model operates on a private instance, ensuring that no data is shared with the third-party LLM Provider(s).

• Optional feedback may be provided to help Mend monitor adoption and enhance the solution.

For more information on the terms and conditions of the Mend AI-Based Code Remediation, please visit our Mend AI-Powered Code Features Supplemental Terms of Service.

Getting it done

Prerequisites

Note: This feature is a controlled release. Your feedback during this phase will be invaluable, as it will help us perfect it and deliver an exceptional, game-changing product.

• Mend account with SAST entitlement on the Mend Platform

• Code Remediation feature enabled for your Mend organization

• Connect Mend with your Jira project (to view remediation suggestions in Jira)

• Enable the Code Findings Remediation Opt-In toggle under the General Administration menu:

  

  • If enabled, snippets of your source code will be shared with Mend.io’s AI model to provide remediation suggestions.

    • To get remediation suggestions, the snippet size must be set to at least 10 lines of code, which is the default.

    • You can disable this option to prevent any code sharing with the model and turn off Mend Code AI-based remediation entirely.

  • After enabling the Code Findings Remediation Opt-In toggle, your projects must be rescanned to make Code Remediation work. Then, you have to log out and log in again to update the UI and view the code remediations.

Mend AI-Based Code Remediation Supported Languages

Mend AI-based Code remediation supports the following languages and CWEs (Common Weakness Enumeration):

Enable Mend AI-Based Code Remediation in the Mend Repository Integrations

To configure the AI-based Code remediation through the supported Mend repository integrations, you should add the parameter "enableRemediation": true under the scanSettingsSAST section in the .whitesource file:

 "scanSettingsSAST": {
    "enableScan": true,
    "enableRemediation": true,
    "scanPullRequests": true,
    "incrementalScan": true,
    "baseBranches": [],
    "snippetSize": 10
  }

View the suggested Code remediations

Mend Platform

Within the Mend Platform, Code remediation is just computed on demand and can be viewed in your Application/Project Code findings view:

1. Select a project and navigate to the Code Findings section.

   

2. Within the Code Findings table, make sure the Remediation column is added to the view to see which findings have an available remediation.

   

3. Select a Code Finding with an available remediation to see its remediation details.

4. You can review the Remediation Description as suggested by Mend.

5. You can provide feedback on the provided remediation (Like / Unlike). This feedback is tracked but not used to improve the suggestions, as Mend is not sharing any customer code with the model.

6. In case you would like to provide detailed feedback, click on Provide detailed feedback.

   

7. A pop-up screen will appear with various options for you to select from, or you can describe your feedback in your own words. When you are ready to send it, click Submit Feedback.

   

Mend Repository Integrations

In order to view remediation suggestions in your source code repository, Mend Repository Integration should be activated and configured with Mend license key.

If you scanned through the repository, you can also view and apply the suggested Code remediations in two ways:

In this example, we will guide you through using Mend for GitHub.com integration.

Mend Code Security Report

1. Navigate to the Mend Code Security Report in the GitHub Issues section.

2. Click on Remediation Suggestion to view the available code fix for the given finding.

   

3. You can view the suggested remediation and use the following method to understand the results:

   • Red lines indicate removed original code lines.

   • Green lines represent added code for completed remediation.

   

4. You can provide feedback on the provided remediation (Like / Unlike). This feedback is tracked but not used to improve the suggestions, as Mend is not sharing any customer code with the model.

Mend Code Security Check

1. Once a Pull Request is created on a feature branch, navigate to the Conversation section.

   

2. Click on Remediation Suggestion to view the available code fix for the given finding.

   

3. You can view the suggested remediation and use the following method to understand the results:

   • Red lines indicate removed original code lines.

   • Green lines represent added code for completed remediation.

   

4. You can provide feedback on the provided remediation (Like / Unlike). This feedback is tracked but not used to improve the suggestions, as Mend is not sharing any customer code with the model.

Mend CLI

Within the Mend CLI, once a Code scan is completed, the suggested remediations count is available in the console results:

Mend for Jira Integration

In order to view remediation suggestions in your Jira project's board, you need to connect the Mend integration with your Jira project. Additionally, Mend recommends configuring Workflows to create a Jira issue automatically for Code Analysis findings.

When scan findings meet a Workflow condition and the selected action is to create a Jira Issue, Mend will generate issues for those findings. If a remediation suggestion is available, it will be included in the issue description.

You can also create a Jira Issue manually on demand for a finding.

1. Within your configured Jira project with the Mend integration, navigate to the Issues section:

   

2. Review the results and search for the Remediation Suggestion and the Remediation Suggestion Snippet, where you can find Mend.io’s recommendation, including the actual code fix suggested.

   

   • Use the following method to understand the results:

     • Red lines indicate removed original code lines.

     • Green lines represent added code for completed remediation.

Note: The line numbers in the snippet do not match the source code lines, as the Jira code snippet begins from line 1 and not the actual source code lines.

How to fix Code findings

Once a Mend Code Security Check (SAST) has been completed in the repository, you can review the suggested remediations and create a Pull Request to implement the code fix.

In this example, we will guide you through using Mend for GitHub.com integration.

Mend Code Security Report

1. Navigate to the Mend Code Security Report in the created GitHub Issue.

2. Click on Remediation Suggestion to view the available code fix for the given finding.

   

3. In case you would like to apply the suggested remediation, click on Create Pull Request.

   

4. Navigate to the Pull Requests section of the repository.

5. Open the newly created Pull Request after applying the Mend remediate suggestion.

   

6. You can review the PR Explanation in the conversation comment.

7. Click Merge pull request to push the Mend code remediation to your branch. Mend recommends waiting for a completed Mend Code Security Check before pushing this PR into your relevant branch.

   

Mend Code Security Check

1. Navigate to the Mend Code Security Check in the created GitHub Pull Request, and click on the Conversation section.

2. Click on Remediation Suggestion to view the available code fix for the given finding.

   

In case you would like to apply the suggested remediation, you can select between two ways:

3. You can create a pull request by clicking on “Create Pull Request into yourFeatureBranchName”.

4. Update the feature branch through a commit by clicking on “Update yourFeatureBranchName”.

   

5. In case a pull request was created, navigate to the Pull Requests section of the repository.

6. Open the newly created Pull Request after applying the Mend remediate suggestion.

   

7. You can review the PR Explanation in the conversation comment.

8. Click Merge pull request to push the Mend code remediation to your branch. Mend recommends waiting for a completed Mend Code Security Check before pushing this PR into your relevant branch.