QODRYX
Documentation
DocsAPICLISDK
DiscordTwitter
DocsAPICLISDK
Docs/Security/Auto-Remediation

Auto-Remediation

AI-Powered

Let QODRYX's AI automatically fix security vulnerabilities and generate pull requests with the fixes.

Overview

Auto-remediation goes beyond detection β€” it uses AI to understand vulnerabilities and generate secure code fixes automatically. QODRYX can fix common security issues and create pull requests for your review.

How it works

When a vulnerability is detected, QODRYX's AI analyzes the context, understands the security issue, and generates a fix that maintains your code's functionality while eliminating the vulnerability.

What Can Be Auto-Fixed

SQL Injection

Converts string concatenation to parameterized queries

query("SELECT * FROM users WHERE id = ?", [userId])

XSS Vulnerabilities

Adds proper output encoding and sanitization

escapeHtml(userInput)

Exposed Secrets

Moves secrets to environment variables

process.env.API_KEY

Dependency Updates

Upgrades vulnerable packages to patched versions

lodash: ^4.17.21

Insecure Crypto

Replaces weak algorithms with secure alternatives

crypto.createHash('sha256')

Path Traversal

Adds path validation and sanitization

path.resolve(baseDir, sanitizedPath)

Remediation Workflow

1

Vulnerability Detected

Security scan identifies a vulnerability in your code with severity and location.

2

AI Analyzes Context

QODRYX's AI understands the surrounding code, variable types, and usage patterns.

3

Generate Fix

AI generates a secure fix that maintains functionality while eliminating the vulnerability.

4

Create Pull Request

A PR is created with the fix, detailed explanation, and before/after comparison.

5

Review & Merge

Your team reviews the AI-generated fix and merges when satisfied.

Configuration

Configure auto-remediation behavior in your project settings:

{
  "security": {
    "remediation": {
      "enabled": true,
      "autoCreatePR": true,
      "autoMerge": false,
      "targetBranch": "main",
      "prPrefix": "security/",
      "assignReviewers": ["security-team"],
      "fixTypes": [
        "sql-injection",
        "xss",
        "secrets",
        "dependencies"
      ]
    }
  }
}

CLI Usage

# Auto-fix all detected vulnerabilities
qodryx fix --all

# Fix specific vulnerability by ID
qodryx fix --finding FINDING_ID

# Preview fixes without applying
qodryx fix --dry-run

# Fix and create PR automatically
qodryx fix --create-pr

# Fix only specific types
qodryx fix --type sql-injection,xss

Example: SQL Injection Fix

Before (Vulnerable)
// SQL Injection vulnerability
const query = `SELECT * FROM users WHERE id = '${userId}'`;
const result = await db.query(query);
After (Fixed)
// Fixed: Using parameterized query
const query = 'SELECT * FROM users WHERE id = $1';
const result = await db.query(query, [userId]);

Safety & Review

Always Review AI-Generated Fixes

While QODRYX's AI generates high-quality fixes, we recommend always reviewing changes before merging. Auto-merge is disabled by default for this reason.

  • All fixes include detailed explanations of what was changed and why
  • Before/after code comparison in every PR
  • Automated tests run against fixes to ensure functionality
  • Rollback instructions included if issues arise
Dependency ScanningTesting