Fix code issues automatically with DeepCode AI Fix Suggestions

DeepCode AI Fix Suggestions is in Open Beta and fully supports Javascript/Typescript frameworks.
To enable the feature, see Enable DeepCode AI Fix Suggestions
Fix the security issues and quality flaws in the source code through an automated flow. DeepCode AI Fix Suggestions calculates the most suitable solution for your issues and applies it automatically.

Why use Fix Suggestions?

Fix Suggestions combines the power of a thorough program analysis engine with the abilities of an in-house deep learning-based large language model. This combination allows for compiling large amounts of unstructured language information from open-source code.
Key features set Fix Suggestions apart. It has a neural network trained on millions of lines of code, allowing for greater versatility and creativity. The Snyk Code engine rigorously checks the suggestions from the neural network, ensuring all automated fixes are small and targeted to each vulnerability or code issue.

What issues can you fix automatically?

You can address various issues detected by the Snyk Code engine, in terms of quality, promoting best code practices, and security vulnerabilities. DeepCode AI Fix currently does not support inter-file fixes.

How Fix Suggestions works

A representation of information flow involved in fixing one issue is presented in the following table.
Code scan and discovery of issues
Static Code Analysis Engine
Corresponds to a normal flow of scanning the code from IDE.
Code preprocessing and minimization with respect to the data flow of the particular issue
Static Code Analysis Engine
Data flow of
is analyzed and code is minimized, keeping the relevant context only.
candidate fixes for the given issue
Neural Network (Generative LLM)
is an implementation parameter.
Candidate fixes ranking and self-assessment
Static Code Analysis Engine
Each of the
k k
fixes is assessed by the Code Engine, filtering out those rendering invalid code or failing to fix the issue (the issue persists).
Returning the best candidate fix
The system has finished.

Requirements for Fix Suggestions

  • Snyk Security Code, Open Source Dependencies, IaC Configurations IDE plugin. Available for IDE plugins that use Language Server, such as VS Code and Eclipse.
  • Available in the USA Multi-Tenant region. To learn where Snyk offers data residency, see What regions are available?

Fix Suggestions language support

Fix Suggestions supports only Javascript and Typescript.

Enable DeepCode AI Fix Suggestions

Enable DeepCode AI Fix Suggestions for your Organization in Snyk Web UI by navigating to Settings > Snyk Preview.
DeepCodeAI Fix Suggestions settings in Snyk Preview
DeepCodeAI Fix Suggestions settings in Snyk Preview
Prerequisites for enabling Fix Suggestions
  • Save the file before fixing an issue, as it requires clean code (saved code) to provide a fix.
  • Snyk recommends that when you save the code, you re-run the analysis to show code actions, such as Fix this issue.
  • You can request a fix by clicking Fix this issue in Code Lense and then saving the file. If your plugin settings are set to test automatically when saving, it will trigger the Snyk Code Analysis, and as a result, the issue disappears.

Example: Fix code issue automatically

Consider the following scenario where hardcoded credentials are fixed using DeepCode AI Fix Suggestions.
Snyk highlights hardcoded credentials as a vulnerability by adding a Fix this issue element in the IDE.
Discovering a vulnerability in the code
Discovering a vulnerability in the code
The issue is fixed by replacing the credentials with environment variables.
Fix applied with DeepCode AI Fix
Fix applied with DeepCode AI Fix
You can follow the entire sequence in this short (12-second) video.
Fix hardcoded credentials with DeepCode AI Fix
Fix hardcoded credentials with DeepCode AI Fix

What data does DeepCode AI Fix Suggestions collect?

The Large Language Model (LLM) is trained exclusively on public repositories with permissive licenses. If a license for a repository changes after the initial scrape, the repository is immediately excluded from the training data. During the inference, DeepCode AI Fix Suggestions does not collect or send the client data to third parties.
The data collection process is thorough and includes the following:
  • Static analysis
  • Automated assessment of the suggested fix qualities
  • Partial in-house labeling by humans
The training data is ensured to be of the highest quality to optimize the performance of the LLM.
For more information, see How Snyk handles your data.