Get AI-generated guides for remediation | Fluid Attacks Help

Get AI-generated guides for remediation

Warning on AI-generated fix suggestions
Always review the accuracy of remediation suggestions generated with AI.

Fluid Attacks' Custom fix feature provides targeted guidance for addressing specific vulnerabilities in your code. Powered by the GPT-4 AI model, Custom Fix generates detailed, customized remediation guides tailored to the unique challenges each vulnerability represents.  Currently, this feature is available in Fluid Attacks' platform and VS Code extension.

Below is a simple explanation of how Custom fix works and how to use it.

How Custom fix works

Custom fix's efficiency stems from its integration with GPT-4's advanced code analysis and generation capabilities. It generates step-by-step guides to remediate security vulnerabilities. To do so, a minimal fragment of the vulnerable code is transmitted to GPT-4 via a secure API. Rest assured that your data is handled with the utmost care and in strict accordance with data usage policies. Your code is not used, stored, or shared for any other purpose, ensuring the confidentiality and integrity of your intellectual property.

Please take the following notes on guide generation:
  1. Initial generation: The initial generation of a remediation guide for a specific vulnerability may take some time.
  2. Caching for efficiency: To optimize performance, generated guides are cached for future reference. This means subsequent requests for the same vulnerability will be served much faster.
  3. Updating guides: If the vulnerable commit changes, a new guide is automatically generated to reflect the updated code. This process utilizes the code version stored by Fluid Attacks, not your locally stored code. Therefore, if you modify the code, ensure you upload the changes to your repository and synchronize them with the Fluid Attacks vulnerability management platform.

For details on Fluid Attacks' usage of GPT-4 to generate fixes and data privacy in relation to it, refer to the integrations FAQ.

Use Custom fix

You can use Custom fix from the platform or directly from the IDE. Please note that this feature is not available for some vulnerabilities

To use this Custom fix on the platform, follow these steps:
  1. Access the group where the vulnerability was reported.

  2. In the group's Vulnerabilities section, select the type of vulnerability in question.

  3. In the Locations section, click on the specific vulnerability you wish to fix.

  4. In the pop-up window, click the How to fix button. The steps to remediate the vulnerability start appearing in the window.

  5. Carefully review the output before proceeding to fix your code.
To use Custom fix on VS Code, you must have Fluid Attacks' extension installed. Then, follow these steps:
  1. Click on the Fluid Attacks extension in VS Code's activity bar and locate the file containing the vulnerability you wish to fix.

  2. Click the wrench icon associated with that file to initiate Custom fix.

    3. Find the Fluid Attacks Custom fix feature on VS Code

    Custom fix automatically establishes a connection with the GPT-4 AI model. This connection enables the model to analyze the code and generate the necessary fixes. In no time, the step-by-step guide appears on VS Code.

    Generate fix guides with the Fluid Attacks VS Code extension

  3. Review Custom fix's output and follow the suggestions only after verification that the resulting code is secure.
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.