Get AI-generated guides for remediation | Fluid Attacks Help

Get AI-generated guides for remediation

Warning on AI-generated fix suggestions
Always review the accuracy of remediation suggestions generated with AI.

Fluid Attacks' Custom fix feature provides targeted guidance for addressing specific vulnerabilities in your code. Powered by Claude Sonnet's AI model, Custom Fix generates detailed, customized remediation guides tailored to the unique challenges each vulnerability represents. Currently, this feature is available in Fluid Attacks' platform, VS Code extension and Cursor extension.

Below is a simple explanation of how Custom fix works and how to use it.

How Custom fix works

Custom fix's efficiency stems from its integration with Claude 3.5 Sonnet's advanced code analysis and generation capabilities. It generates step-by-step guides to remediate security vulnerabilities. To do so, a minimal fragment of the vulnerable code is transmitted to the Claude instance hosted by Amazon Bedrock. Rest assured that your data is handled with the utmost care and in strict accordance with data usage policies. Your code is not used for any other purpose, and is not stored nor shared, ensuring the confidentiality and integrity of your intellectual property.

Please take the following notes on guide generation:
  1. Initial generation: The initial generation of a remediation guide for a specific vulnerability may take some time.
  2. Caching for efficiency: To optimize performance, generated guides are cached for future reference. This means subsequent requests for the same vulnerability will be served much faster.
  3. Updating guides: If the vulnerable commit changes, a new guide is automatically generated to reflect the updated code. This process utilizes the code version stored by Fluid Attacks, not your locally stored code. Therefore, if you modify the code, ensure you upload the changes to your repository and synchronize them with the Fluid Attacks vulnerability management platform.

For details on Fluid Attacks' usage of Claude to generate fixes and data privacy in relation to it, refer to the integrations FAQ.

Use Custom fix

You can use Custom fix from the platform or directly from the IDE. Please note that this feature is not available for some vulnerabilities

To use Custom fix on the platform, follow these steps:
  1. Access the group where the vulnerability was reported.

  2. In the group's Vulnerabilities section, select the type of vulnerability in question.

    3. Select a type of vulnerability on the Fluid Attacks platform

  3. In the Locations section, click on the specific vulnerability you wish to fix.

    4. Select a vulnerability to fix on the Fluid Attacks platform

  4. In the pop-up window, click the fix button (Find fix button on the Fluid Attacks platform). The steps to remediate the vulnerability start appearing in the window.

    5. Get fixes on the Fluid Attacks platform

  5. Carefully review the output before proceeding to fix your code.
To use Custom fix on VS Code or Cursor, you must have Fluid Attacks' extension installed. Then, follow these steps:
  1. Click on the Fluid Attacks extension in the IDE's activity bar and locate the file containing the vulnerability you wish to fix.

  2. Click the wrench icon associated with that file to initiate Custom fix.

    3. Find the Fluid Attacks Custom fix feature on VS Code

    Custom fix automatically establishes a connection with the Claude AI model. This connection enables the model to analyze the code and generate the necessary fixes. In no time, the step-by-step guide appears on the IDE.

    Generate fix guides with the Fluid Attacks VS Code extension

  3. Review Custom fix's output and follow the suggestions only after verification that the resulting code is secure.
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.