Blog AI/ML Understand and resolve vulnerabilities with AI-powered GitLab Duo
February 21, 2024
3 min read

Understand and resolve vulnerabilities with AI-powered GitLab Duo

Developers can find and fix vulnerabilities with auto explanation and auto-generated merge requests, ensuring a streamlined development process.


In the dynamic world of software development, companies are dedicated to delivering quick and efficient innovations, and they recognize the importance of ensuring they deliver secured applications. GitLab, the most comprehensive AI-powered DevSecOps Platform, already provides built-in scans in the CI pipeline to deliver detailed scan reports that highlight potential issues within the code. However, not every developer is well-versed in cybersecurity or has encountered every type of vulnerability before, creating a knowledge gap that can lead to confusion and delays in addressing security concerns.

A vulnerability example detected by static application security testing

A vulnerability example detected by static application security testing

Resolving vulnerabilities with GitLab Duo (AI)

GitLab Duo uses AI to help developers resolve vulnerabilities. Here's how.

Understanding vulnerabilities

Critical vulnerabilities detected in developers' code can delay code merging, often necessitating assistance from security experts to resolve the issues promptly. This leads to extended periods of open merge requests and delays in releasing features. GitLab recognizes the knowledge gap and empowers developers to comprehend security vulnerabilities identified by scans using the Vulnerability explanation feature (Beta), which offers clear insights into detected vulnerabilities, potential risks with attack examples, and practical solutions for resolution, including example code snippets.

Vulnerability explanation generates a dedicated overview of vulnerabilities. You can access this overview by clicking the "Explain this vulnerability" button within each vulnerability report.

Vulnerability explanation example

Vulnerability explanation example

Developers can follow all sections in the explanation to swiftly address the vulnerabilities, fostering a culture where they are involved in threat mitigation. This involvement cultivates a sense of comfort and confidence in handling security concerns, ultimately promoting a more proactive and secure development environment.

Fixing vulnerabilities

GitLab goes beyond just explaining detected vulnerabilities – now, with the power of AI, the platform can swiftly suggest a resolution with just one click. This feature automatically generates detailed merge requests containing all pertinent information about the vulnerability and its intended fix. Moreover, it even suggests the necessary code to address the vulnerability. This saves developers significant time. All that's left for the developer is to review the fix, make any necessary adjustments, and merge it.

Understanding and resolving vulnerabilities with Duo - image 3

The above image shows a merge request, automatically generated by AI, including details of the vulnerability, and suggested code to resolve it.

Take a product tour

We've prepared a brief product tour so you can quickly dive into the functionality and see it in action (click on the image and use the "Next" button to progress through the demo).

understanding and resolving vulnerabilities - image 4

Get started with GitLab Duo

GitLab Duo features are available in GitLab Premium or Ultimate subscriptions with the GitLab Duo Pro license.

Contact the GitLab sales team to get started with GitLab Duo today.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert