AutoFix
This capability is not enabled by default. Please contact Customer Success if you need assistance.
Qwiet AI AutoFix uses large language models (LLMs) to generate potential code fix suggestions for findings produced by preZero analyses. In addition to code changes, AutoFix also provides steps to address the vulnerability findings.
AutoFix suggestions are provided in context of a particular analysis and the existing application source code. To generate the fix, the LLM uses data available in the Code Property Graph (CPG) generated during the application analysis, including relevant source code snippets captured only when this capability is enabled. Qwiet AI AutoFix LLMs are deployed in Qwiet AI's virtual private cloud, and none of the data is shared with any third party.
Qwiet AI does NOT do any model training with customer data
AutoFix suggestions are generated automatically while the application is being analyzed in the cloud. This is an asynchronous process, and will not slow down the reporting of findings. Suggestions might take several seconds to be available for a particular finding. At the moment, AutoFix suggestions are generated for the top ten SAST findings for each application, sorted by severity in descending order (critical, high, medium, low).
Limitations
Users must always consider the limitations of AI and review and edit the suggestion or pull request to ensure that the resulting code and application are correct, secure, performant, compliant, etc.
Qwiet AI AutoFix capability has the following known limitations:
- The system primarily uses English data. If code and comments are written in other languages, the quality of the suggestions might be diminished
- The AutoFix suggestion might contain code that is not syntactically correct. Linters and proper test coverage should help mitigate this issue
- AutoFix suggestions might change the semantics of the application. Good test coverage should help mitigate this issue
- Some AutoFix suggestions might not fix or resolve the vulnerability finding, and in some cases it might introduce additional issues. Review suggestions carefully