Skip to content

Introducing AI-Powered Remediation Guidance for Every Pull Request

Original Post: Announcing: AI-assisted remediation guidance on every PR

Semgrep Assistant has introduced step-by-step remediation guidance for nearly every true positive finding, reducing median-time-to-resolution by 15%, or 20 minutes. This feature helps developers fix security vulnerabilities efficiently within their PR workflow and educates them on secure practices.

Initially, about 70% of findings included AI-generated code snippets, which doubled the fix rate compared to those without. However, generating perfect snippets often poses challenges, such as needing changes outside the code scope or providing guidance that involves external tools.

With the improvement, Semgrep Assistant now offers over 95% of true positives with detailed remediation instructions. These instructions are integrated directly into PR comments and Jira tickets, ensuring developers understand the necessary changes. This fosters better security practices and reduces repeat vulnerabilities.

The guidance quality is regularly evaluated by a team of security researchers and developers, who rate it as actionable 77.9% of the time. The AI-assisted remediation process not only accelerates fixing vulnerabilities but also acts as a scalable code review from the security team, an essential feature for companies with limited AppSec resources. Try out Semgrep Assistant to experience these enhancements.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *