Add a disable_remediation configuration field#15170
Conversation
|
/gcbrun skip |
| is disabled, all disclosure notifications will not include any proposed code | ||
| changes. If enabled (default), proposed code changes and comments to remediate | ||
| bugs may be automatically included in disclosure that is private during the | ||
| embargo of each issue on a case-by-case basis basis. |
There was a problem hiding this comment.
Looks like "basis" is repeated twice.
I'm guessing it involves LLM-generated patches OSS-Fuzz has experimented with but just out of curiosity was that feature already announced or is it in the works and hasn't been rolled out yet?
There was a problem hiding this comment.
Some early work here on automated remediation for OSS-Fuzz projects was announced last year: https://deepmind.google/blog/introducing-codemender-an-ai-agent-for-code-security/
There was a problem hiding this comment.
Got it. I saw the "codemender-patching@google.com" thing but those patches weren't posted fully automatically up until recently as far as I know. Either way as far as I understand with this setting it should be possible to opt out and it should cover use cases where it's not desirable for various reasons.
3 participants
No description provided.