SAST Vulnerability Resolution Flow

Agentic SAST vulnerability resolution automatically analyzes SAST vulnerabilities and generates merge requests with context-aware code fixes. This agentic approach uses multi-shot reasoning to resolve vulnerabilities with minimal human intervention.

When a SAST security scan runs on the main branch, GitLab Duo automatically analyzes high and critical severity vulnerabilities to determine if a fix can be generated with high confidence. The analysis happens in the background and results appear in the vulnerability report once processing is complete.

Results are based on AI analysis and should be reviewed by security professionals. The feature requires GitLab Duo Enterprise with an active subscription.

Running agentic SAST vulnerability resolution

The flow runs automatically when specific conditions are met. For details on automatic and manual execution, see Agentic SAST Vulnerability Resolution.

Related links

• Agentic SAST Vulnerability Resolution.
• Vulnerability report.
• SAST.
• GitLab Duo.