Fix code vulnerabilities automatically

Release status

DeepCode AI Fix is in Early Access and available only for Enterprise plans.

To enable the feature, see Enable DeepCode AI Fix Suggestions.

Fix the security issues and quality flaws in the source code through an automated flow. DeepCode AI Fix Suggestions calculates the most suitable solution for your issues and applies it automatically.

Why use DeepCode AI Fix?

DeepCode AI Fix combines the power of a thorough program analysis engine with the abilities of an in-house deep learning-based large language model. This combination allows for compiling large amounts of unstructured language information from open-source code.

Key features set DeepCode AI Fix apart. It has a neural network trained on millions of lines of code, allowing for greater versatility and creativity. The Snyk Code engine rigorously checks the suggestions from the neural network, ensuring all automated fixes are small and targeted to each vulnerability or code issue.

What issues can you fix automatically?

You can address various issues detected by the Snyk Code engine in terms of quality, promoting best code practices, and security vulnerabilities. DeepCode AI Fix currently does not support inter-file fixes.

DeepCode AI Fix language support

DeepCode AI Fix supports the following languages:

Javascript and Typescript
Java
Python
C/C++
Go (Limited support)
C# (Limited support)
APEX (Limited support)

What is the difference between supported and limited support?

Supported languages provide remediation for 10 or more rules covering the OWASP Top 10,
Limited support languages provide remediation for less than 10 rules.

What data does DeepCode AI Fix collect?

Customer data

DeepCode AI Fix does not collect customer data for training purposes nor send customer data to third parties.

Training data

The Large Language Model (LLM) is trained exclusively on public repositories with permissive licenses. If a license for a repository changes after the initial scrape, the repository is immediately excluded from the training data. DeepCode AI Fix does not use customer data for training purposes.

The data collection process is thorough and includes the following:

Static analysis of permissive public repositories
Automated assessment of the suggested fix qualities
Partial in-house labeling by humans

The training data is ensured to be of the highest quality to optimize the performance of the LLM.

For more information on how Snyk manages data, see How Snyk handles your data.

How DeepCode AI Fix works

A representation of information flow involved in fixing one issue is presented in the following table.

Stage	Subsystem	Details
Code scan and discovery of issues	Static Code Analysis Engine	Corresponds to a normal flow of scanning the code from IDE.
Code preprocessing and minimization with respect to the data flow of the particular issue $\mathcal{I}$	Static Code Analysis Engine	Data flow of $\mathcal{I}$ is analyzed and code is minimized, keeping the relevant context only.
Generating $k$ candidate fixes for the given issue $\mathcal{I}$	Neural Network (Generative LLM)	Here, $k$ is an implementation parameter.
Candidate fixes ranking and self-assessment	Static Code Analysis Engine	Each of the $k$ fixes is assessed by the Code Engine, filtering out those rendering invalid code or failing to fix the issue (the issue persists).
Returning the best candidate fix		The system has finished.

Stage

Subsystem

Details

Code scan and discovery of issues

Static Code Analysis Engine

Corresponds to a normal flow of scanning the code from IDE.

Code preprocessing and minimization with respect to the data flow of the particular issue $\mathcal{I}$

Static Code Analysis Engine

Data flow of $\mathcal{I}$ is analyzed and code is minimized, keeping the relevant context only.

Generating $k$ candidate fixes for the given issue $\mathcal{I}$

Neural Network (Generative LLM)

Here, $k$ is an implementation parameter.

Candidate fixes ranking and self-assessment

Static Code Analysis Engine

Each of the $k$ fixes is assessed by the Code Engine, filtering out those rendering invalid code or failing to fix the issue (the issue persists).

Returning the best candidate fix

The system has finished.

Requirements for DeepCode AI Fix

Snyk Code Enterprise plan.
Snyk IDE Plugin for VS Code or Eclipse.

Enable DeepCode AI Fix

Enable DeepCode AI Fix for your Organization in Snyk Web UI by navigating to Settings > Snyk Preview.

Prerequisites for enabling DeepCode AI Fix

Save the file before fixing an issue, as it requires clean code (saved code) to provide a fix.
Snyk recommends that when you save the code, you re-run the analysis to show code actions, such as Fix this issue.
You can request a fix by clicking Fix this issue in Code Lense and then saving the file. If your plugin settings are set to test automatically when saving, it will trigger the Snyk Code Analysis, and as a result, the issue disappears.

Example: Fix code issue automatically

Consider the following scenario where hardcoded credentials are fixed using DeepCode AI Fix Suggestions.

Snyk highlights hardcoded credentials as a vulnerability by adding a Fix this issue element in the IDE.

The issue is fixed by replacing the credentials with environment variables.

You can follow the entire sequence in this short (12-second) video.

PreviousBreakdown of Code analysis NextSnyk Code custom rules

Last updated 16 days ago