Blog

Introducing AI Security Champion with Auto-remediation for SAST

4 min.

May 5, 2024

Applications have vulnerabilities. Lots of them. And there’s not enough time to fix them all. In Checkmarx’ recently released Future of Application Security report, 29% of AppSec managers reported that they knowingly released vulnerable applications in order to meet a deadline and 27% reported that the vulnerabilities would be fixed in a later release. 

But what if you could get reliable guidance and a suggested fix for those vulnerabilities? You can now – using Generative AI.  

We previously announced AI Guided Remediation for IaC, and now we’re happy to now introduce AI Security Champion with auto-remediation for SAST

This  solution goes beyond mere identification by offering actionable fixes alongside each finding.

These recommendations, tailored to the specific vulnerability, allow developers to:

  • Deepen their understanding of the issue’s nature and impact.
  • Navigate the remediation process with confidence, saving time and resources.
  • Make the fix as quickly and easily as possible.

Introducing AI Security Champion for SAST

AI Security Champion for SAST uses the power of GenAI to propose code to fix each vulnerability.

The AI Security Champion goes beyond simply identifying vulnerabilities. While guided remediation provides AI-generated assistance, suggestions, explanations, and other guidance in human-readable language, auto-remediation provides the actual code that can be used directly within the development workflow. 

This empowers developers to confidently navigate the remediation process, saving valuable time and resources, enabling developers to review and then automatically implement the fix. It’s as simple as copy and paste (and soon, we will also add the ability to automatically implement it at the touch of a button)!

This integration signifies a significant advancement in the realm of application security testing. By harnessing the power of artificial intelligence, we are excited to offer a streamlined and efficient approach to vulnerability remediation, enabling organizations to achieve their security goals without compromising development velocity.

How It Works

AI Security Champion with auto-remediation is an integral part of the Checkmarx One platform, which makes it easy to adopt and implement. The new AI Security Champion function meets developers where they are – within the integrated development environments (IDE) that developers are already using. 

Initial Setup

To set it up, select the “AI Security Champion” plugin from the plugins menu within Checkmarx One.

Then connect to ChatGPT. 

Make AI Your Newest Security Champion

Once it’s set up, this is where to start moving forward. Everything takes place in the IDE as Checkmarx is fully integrated. Developers stay in their natural environment. 

After set up, select a vulnerability from Checkmarx One results.

Select the “AI Security Champion” tab from the Checkmarx One results and click Start Remediation.

AI Security Champion shows the developer the following:

  1. Confidence score –  On a scale of 0 (low)-100 (high), indicates the degree of confidence of how exploitable the vulnerability is in the context of your code.
  2. Explanation – An OpenAI-generated description of the vulnerability. 
  3. Proposed remediation –A customized code snippet, generated by OpenAI, that can be used to remediate the vulnerability in your code. 
  4. “Ask a question” – A further prompt to ask AI Security Champion about the vulnerability or proposed code.

How to Get Started

Checkmarx SAST users on Checkmarx One can get started straight away. Simply enable AI Security Champion.

Taking advantage of the capabilities presented by AI are just another reason to use Checkmarx One. Existing CxSAST users can work with their customer success manager to migrate to Checkmarx One.

Existing customers can contact their account manager to learn more. Everyone else, contact Checkmarx today.