The Source Artificial Intelligence
Article

Understand and resolve vulnerabilities with AI-powered GitLab Duo

Developers can find and fix vulnerabilities with auto explanation and auto-generated merge requests, ensuring a streamlined development process.

February 21, 2024 3 min read

In the dynamic world of software development, companies are dedicated to delivering quick and efficient innovations, and they recognize the importance of ensuring they deliver secured applications. GitLab, the most comprehensive AI-powered DevSecOps Platform, already provides built-in scans in the CI pipeline to deliver detailed scan reports that highlight potential issues within the code. However, not every developer is well-versed in cybersecurity or has encountered every type of vulnerability before, creating a knowledge gap that can lead to confusion and delays in addressing security concerns.

A vulnerability example detected by static application security testing

A vulnerability example detected by static application security testing

Resolving vulnerabilities with GitLab Duo (AI)

GitLab Duo uses AI to help developers resolve vulnerabilities. Here's how.

Understanding vulnerabilities

Critical vulnerabilities detected in developers' code can delay code merging, often necessitating assistance from security experts to resolve the issues promptly. This leads to extended periods of open merge requests and delays in releasing features. GitLab recognizes the knowledge gap and empowers developers to comprehend security vulnerabilities identified by scans using the Vulnerability Explanation feature, which offers clear insights into detected vulnerabilities, potential risks with attack examples, and practical solutions for resolution, including example code snippets.

Vulnerability Explanation generates a dedicated overview of vulnerabilities. You can access this overview by clicking the "Explain this vulnerability" button within each vulnerability report.

Vulnerability Explanation example

Vulnerability Explanation example

Developers can follow all sections in the explanation to swiftly address the vulnerabilities, fostering a culture where they are involved in threat mitigation. This involvement cultivates a sense of comfort and confidence in handling security concerns, ultimately promoting a more proactive and secure development environment.

Fixing vulnerabilities

GitLab goes beyond just explaining detected vulnerabilities – now, with the power of AI, the platform can swiftly suggest a resolution with just one click. This feature automatically generates detailed merge requests containing all pertinent information about the vulnerability and its intended fix. Moreover, it even suggests the necessary code to address the vulnerability. This saves developers significant time. All that's left for the developer is to review the fix, make any necessary adjustments, and merge it.

Merge request, automatically generated by AI, including details of the vulnerability, and suggested code to resolve it

The above image shows a merge request, automatically generated by AI, including details of the vulnerability, and suggested code to resolve it.

Take a product tour

We've prepared a brief product tour so you can quickly dive into the functionality and see it in action (click on the image and use the "Next" button to progress through the demo).

vulnerability explanation product tour screenshot

Get started with GitLab Duo today!.

Key takeaways
  • GitLab Duo uses AI to explain vulnerabilities, bridging knowledge gaps and speeding up issue resolution.
  • One-click AI fixes in GitLab Duo auto-generate merge requests, saving developers time on security patches.
  • GitLab Duo fosters proactive security by empowering developers to understand and resolve vulnerabilities efficiently.