You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/scan-with-snyk/snyk-code/manage-code-vulnerabilities/fix-code-vulnerabilities-automatically.md
+16-16Lines changed: 16 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,21 +28,21 @@ What is the difference between supported and limited support? 
28
28
29
29
## What data does DeepCode AI Fix collect?
30
30
31
-
### Customer data
32
-
33
-
DeepCode AI Fix does not collect customer data for training purposes nor send customer data to third parties.
34
-
35
31
### Training data
36
32
37
-
The Large Language Model (LLM) is trained exclusively on public repositories with **permissive licenses**. If a license for a repository changes after the initial scrape, the repository is immediately excluded from the training data. DeepCode AI Fix does not use customer data for training purposes.
33
+
Snyk trains its Large Language Model (LLM) using permissively-licensed public repositories. Snyk does not use code input by customers to train its LLM.
38
34
39
35
The data collection process is thorough and includes the following:
40
36
41
-
* Static analysis of permissive public repositories
42
-
* Automated assessment of the suggested fix qualities
43
-
* Partial in-house labeling by humans
37
+
* Static analysis of permissive public repositories.
38
+
* Automated assessment of the suggested fix qualities.
39
+
* Partial in-house labeling by humans.
40
+
41
+
The training data is regularly checked for quality to optimize the performance of the LLM.
42
+
43
+
### Customer data
44
44
45
-
The training data is ensured to be of the highest quality to optimize the performance of the LLM.
45
+
Snyk does not use customer code submitted to DeepCode AI Fix for training purposes.
46
46
47
47
For more information on how Snyk manages data, see [How Snyk handles your data](../../../working-with-snyk/how-snyk-handles-your-data.md).
48
48
@@ -73,27 +73,27 @@ Enable DeepCode AI Fix for your Group or Organization in the Snyk Web UI by navi
73
73
* You should see a zap icon next to all Snyk Code issues that can be automatically fixed.
74
74
{% endhint %}
75
75
76
-
1. Open your code base.
76
+
1. Open your codebase.
77
77
2. Find and fix issues **through the panel** or by clicking **Fix this issue** in Code Lens.
78
78
3. After a fix has been applied, save and rescan.
79
79
80
80
## Example: Fix a code issue automatically
81
81
82
-
DeepCode AI Fix highlights all identified vulnerabilities that can be automatically fixed. These are highlighted with a zap icon. For example, in this scenario, we have identified a Cross-Site Request Forgery (CSRF).
82
+
DeepCode AI Fix highlights all identified vulnerabilities that can be automatically fixed. These are highlighted with a zap icon. For example, in this scenario, we have identified an Information Exposure vulnerability.
83
83
84
84
Opening the vulnerability gives us details on where the issue is and allows us to generate a fix using DeepCode AI Fix.
85
85
86
-
<figure><imgsrc="../../../.gitbook/assets/image (444).png"alt=""><figcaption><p>Opening the Snyk Code vulnerability panel</p></figcaption></figure>
86
+
<figure><imgsrc="../../../.gitbook/assets/image (24) (1).png"alt=""><figcaption><p>Opening the Snyk Code vulnerability panel</p></figcaption></figure>
87
87
88
-
Once you click on Generate fix using Snyk DeepCode AI, the machines will start turning and up to 5 fixes will be generated. To ensure we have fixed the vulnerability and DeepCode AI has not hallucinated and added a new vulnerability, we automatically retest all fixes with Snyk Code's engine.
88
+
After you select Generate Fix using Snyk DeepCode AI, the system will analyze your code and generate up to five potential fixes. After you apply a fix, DeepCode AI Fix automatically retests the fix for quality using Snyk Code's engine.
89
89
90
-
The result, in this case, is 5 fixes, which you can navigate through to decide which one is best for you. The first one is importing and using `csrf`, should solve this issue.
90
+
The result, in this case, is five fixes, which you can navigate through to decide which one is best for you. The first fix is adding Helmet middleware package that disables the `X-Powered-By` header by default, preventing attackers from knowing that the app is running Express. 
91
91
92
-
<figure><imgsrc="../../../.gitbook/assets/image (443).png"alt=""><figcaption><p>5 fixes have been generated</p></figcaption></figure>
92
+
<figure><imgsrc="../../../.gitbook/assets/image (25) (2).png"alt=""><figcaption><p>5 fixes have been generated</p></figcaption></figure>
93
93
94
94
When you apply the fix, you will be guided to where the new code has been introduced. After you save and rescan, the vulnerability will disappear.
95
95
96
-
<figure><imgsrc="../../../.gitbook/assets/image (447).png"alt=""><figcaption><p>Vulnerability has been fixed</p></figcaption></figure>
96
+
<figure><imgsrc="../../../.gitbook/assets/image (26) (2).png"alt=""><figcaption><p>Vulnerability has been fixed</p></figcaption></figure>
0 commit comments