Skip to main content

Contrast AI SmartFix

Legal Disclaimer

When you use Contrast AI SmartFix, you agree that your code and other data will be submitted to an LLM of your choice. Both the submission of data to the LLM and the output generated by the LLM will be subject to the terms of service of that Contrast AI SmartFixLLM. Use of is entirely at your own risk.

Contrast AI SmartFix is an AI-powered agent designed to streamline the process of vulnerability remediation. It automatically generates code fixes for security vulnerabilities that Contrast AST technology (Assess) identifies. The agent seamlessly integrates into your existing workflow through GitHub Actions. It creates pull requests (PRs) with its proposed remediations.

Note

For access to this feature, contact your Contrast representative.

SmartFix benefits

  • Automated remediation: SmartFix significantly reduces the manual effort and time that you typically require to fix vulnerabilities.

  • Developer-focused: The tool is designed with developers in mind. It delivers fixes directly as pull requests within your GitHub repository. This behavior allows it to fit naturally into your existing development workflows.

  • Runtime context: By using the runtime analysis from Contrast IAST technology (Assess), SmartFix can provide more accurate and relevant code fixes.

SmartFix features

  • Bring Your Own LLM (BYOLLM): SmartFix lets you use your preferred Large Language Model (LLM) provider and model.

  • Configurable PR throttling: You control the volume of automated PRs that SmartFix creates by using the max_open_prs input setting.

  • Build command integration: To ensure that the generated changes can build successfully, you provide a build_command. Ideally, this command also runs your tests to ensure that the agent does not break existing tests.

  • Code formatting: If your project requires specific code formatting, you can provide a formatting_command to ensure that the generated code adheres to your project's style guide. Use this command before the build runs.

  • Debug mode: For more detailed logging in the GitHub Action output, set debug_mode to true.

SmartFix status changes in Contrast

For each vulnerability, when SmartFix opens a pull request (PR) or the pull request is merged, the Notes tab on the Vulnerabilities page in the web interface includes these details and a link to the PR:

  • Auto fix PR generated

  • Auto fix PR merged

The status for the vulnerability changes to Remediated.

See also

Set up Contrast AI SmartFix

Contrast AI SmartFix Troubleshooting