Fix code issues automatically with Snyk IDE plugin (beta)

Snyk Code Fix Suggestions is in Open Beta and fully supports Javascript frameworks.

Fix the source code's security issues and quality flaws through an automated flow. Snyk Code Fix Suggestions calculates the most suitable solution for your issues and applies it automatically.

Why use Fix Suggestions

Fix Suggestions combines the power of a thorough program analysis engine with the abilities of an in-house deep learning-based large language model. This merger allows for compiling large amounts of unstructured language information from open source code.

Two key features set Fix Suggestions apart. Firstly, it has a neural network trained on millions of lines of code, allowing for greater versatility and creativity. Secondly, the Snyk Code engine rigorously checks the network's suggestions, ensuring all automated fixes are small and targeted to each vulnerability or code issue.

What issues can you fix automatically

You can address a range of issues detected by the Snyk Code engine, both in terms of quality, promoting best code practices, and security vulnerabilities such as SQL Injection or SSRF.

How Fix Suggestions works

A representation of information flow involved in fixing one issue is presented in the table below.

Stage

Subsystem

Details

Code scan and discovery of issues

Static Code Analysis Engine

Corresponds to a normal flow of scanning the code from IDE.

Code preprocessing and minimization w.r.t. the data flow of the particular issue $\mathcal{I}$

Static Code Analysis Engine

Data flow of $\mathcal{I}$ is analyzed and code is minimized, keeping the relevant context only.

Generating $k$ candidate fixes for the given issue $\mathcal{I}$

Neural Network (Generative LLM)

Here, $k$ is an implementation parameter.

Candidate fixes ranking and self-assessment

Static Code Analysis Engine

Each of the $k$ fixes is assessed by the Code Engine, filtering out those rendering invalid code or failing to fix the issue (issue persists).

Returning the best candidate fix

The system has finished.

Requirements

Snyk IDE Plugin (see available Snyk plugins and extensions). Available for IDE plugins that use Language Server, such as VS Code and Eclipse.
Available in the USA Multi-Tenant region (see available regions).

Language support

Fix Suggestions supports only Javascript.

Enable Snyk Code Fix Suggestions

Enable Snyk Code Fix Suggestions for your Organization in Snyk Web UI by navigating to Settings > Snyk Preview.

Enabling Snyk Code Fix Suggestions in Snyk Preview.

Example: Fix code issue automatically

Consider the following scenario where an insecure WebSocket protocol is fixed using Snyk Code Fix Suggestions.

When selecting the code, Snyk reveals the ws protocol to be insecure, with detailed information about the vulnerability.

Discovering a vulnerability in the code.

Clicking the💡 lightbulb in the IDE shows the Quick Fix dropdown, where Attempt to fix issue with Snyk Code Fix is selected.

Attempting to fix issue with Snyk Code Fix.

The insecure protocol is replaced by wss, a secure version of the WebSocket protocol.

You can follow through the entire sequence in this short (13-second) video.

What data does Snyk Code Fix Suggestions collect

The Large Language Model (LLM) is trained exclusively on public repositories with permissive licenses. If a repository's license changes after the initial scrape, it is immediately excluded from the training data.

During the inference, Snyk Code Fix Suggestions does not collect the the client data, neither it sends it to third parties.

The data collection process is thorough and includes the following:

Static analysis
Automated assessment of the suggested fix qualities
Partial in-house labeling by humans

The training data is ensured to be of the highest quality to optimize the performance of the LLM.

🔗See How Snyk handles your data.

PreviousUsing Snyk Code via the IDE NextDeployment options for Snyk Code

Last updated 2 years ago

Was this helpful?