OSS Auto-Remediation
Last updated
Last updated
Xygeni helps you to automatically fix vulnerabilities into your open source dependencies.
Actionable fixes for supported ecosystems appear in the scan results as shown in the example that follows.
To enable this functionality, please configure as explained at Remediation Systems
Filtering by Auto fix available you will see which vulnerabilities can be automatically fixed by Xygeni.
If the issue is tagged as Auto Fix, you will see enabled the Fix vulnerability button.
In this example, you can see that the vulnerability (CD-2019-10744) is related to lodash: 4.17.11 and fixed at 4.17.12. Clicking on Fix vulnerability button will open a dialog where you can see the manifest file to be updated as well as what is the modification to upgrade to the fixed version. You can also see the repo and the Pull Request the will be open with the proposed change.
Clicking on Open PR button will create the Pull Request
If you go now to your SCM (GitHub in this example), you will be able to see that a new branch has been created.
The new branch will contain a commit with the proposed changes:
You will also see the created Pull Request, so you can approve it and merge to the protected branch.
Please see Open Source Remediation Systems for further information on how to configure auto-remediation
In the issues table, by clicking on the icon of any issue, you will see the details of the issue.
