Fix code vulnerabilities automatically

Release status and feature availability

DeepCode AI Fix is in Early Access for anyone to try in the IDE.

To enable the feature, see Enable DeepCode AI Fix.

Fix the security issues and quality flaws in the source code through an automated flow. DeepCode AI Fix calculates the most suitable solution for your issues and applies it automatically.

Why use DeepCode AI Fix?

DeepCode AI Fix combines the power of a thorough program analysis engine with the abilities of an in-house deep learning-based large language model. This combination allows for compiling large amounts of unstructured language information from open-source code.

Key features set DeepCode AI Fix apart. It has a neural network trained on millions of lines of code, allowing for greater versatility and creativity. The Snyk Code engine rigorously checks the suggestions from the neural network, ensuring all automated fixes are small and targeted to each vulnerability or code issue.

What issues can you fix automatically?

You can address various issues detected by the Snyk Code engine in terms of quality, promoting best code practices, and security vulnerabilities. DeepCode AI Fix currently does not support inter-file fixes.

DeepCode AI Fix language support

DeepCode AI Fix supports the following languages:

Javascript and Typescript
Java
Python
C/C++
Go (Limited support)
C# (Limited support)
APEX (Limited support)

What is the difference between supported and limited support?

Supported languages provide remediation for 10 or more rules covering the OWASP Top 10,
Limited support languages provide remediation for less than 10 rules.

What data does DeepCode AI Fix collect?

Customer data

DeepCode AI Fix does not collect customer data for training purposes nor send customer data to third parties.

Training data

The Large Language Model (LLM) is trained exclusively on public repositories with permissive licenses. If a license for a repository changes after the initial scrape, the repository is immediately excluded from the training data. DeepCode AI Fix does not use customer data for training purposes.

The data collection process is thorough and includes the following:

Static analysis of permissive public repositories
Automated assessment of the suggested fix qualities
Partial in-house labeling by humans

The training data is ensured to be of the highest quality to optimize the performance of the LLM.

For more information on how Snyk manages data, see How Snyk handles your data.

How DeepCode AI Fix works

A representation of information flow involved in fixing one issue is presented in the following table.

Stage

Subsystem

Details

Requirements for DeepCode AI Fix

Snyk Code enabled
Snyk IDE Plugin for VS Code, Eclipse, or JetBrains IDEs including IntelliJ

Enable DeepCode AI Fix

Enable DeepCode AI Fix for your Group or Organization in the Snyk Web UI by navigating to Group/Organization > Settings > Snyk Preview.

Fix code issues automatically

Before you begin

Ensure you have automated fixes enabled in Snyk Preview to work with your Snyk IDE plugin or extension.
Save the files and scan your code to generate a fresh set of results.
You should see a zap icon next to all Snyk Code issues that can be automatically fixed.

Open your code base.
Find and fix issues through the panel or by clicking Fix this issue in Code Lens.
After a fix has been applied, save and rescan.

Example: Fix a code issue automatically

DeepCode AI Fix highlights all identified vulnerabilities that can be automatically fixed. These are highlighted with a zap icon . For example, in this scenario, we have identified a Cross-Site Request Forgery (CSRF).

Opening the vulnerability gives us details on where the issue is and allows us to generate a fix using DeepCode AI Fix.

Once you click on Generate fix using Snyk DeepCode AI, the machines will start turning and up to 5 fixes will be generated. To ensure we have fixed the vulnerability and DeepCode AI has not hallucinated and added a new vulnerability, we automatically retest all fixes with Snyk Code's engine.

The result, in this case, is 5 fixes, which you can navigate through to decide which one is best for you. The first one is importing and using csrf, should solve this issue.

When you apply the fix, you will be guided to where the new code has been introduced. After you save and rescan, the vulnerability will disappear.

Known limitations

DeepCode AI Fix is at the forefront of AI but there are still limitations based on the AI engine. Users must always review AI Fix suggestions to ensure that the resulting implementation of the fix does not break their application

DeepCode AI Fix suggestions might generate code that results in the application's not working properly
DeepCode AI Fix suggestions might generate code that is not syntactically correct
DeepCode AI Fix verifies that the vulnerability is fixed and no new vulnerabilities are introduced. This means that sometimes, a valid suggestion will not be made because the AI engine has not generated a good enough result.

PreviousBreakdown of Code analysis NextSnyk Code custom rules

Last updated 12 days ago