Autofix
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
This feature is currently in beta. If you would like to use it, please contact us.
Overview
Takumi Autofix is a feature that automatically generates patches to fix vulnerabilities detected during security assessments and creates Pull Requests.
It is available through the Shisho Cloud byGMO web interface.
Credit Consumption
Credits are required to use this feature. Credit consumption varies depending on the complexity of the vulnerability and the size of the repository.
Prerequisites
To use the Autofix feature, you need to connect a Write-enabled GitHub App with access permissions to the repository containing the code you want to fix.
For details, see the GitHub Integration page.
With the release of this feature, the GitHub App's "Contents" permission has been updated from Read to Read and Write. For organizations that have already installed the GitHub App, a permission update request will be sent via email from GitHub. Before using the Autofix feature, please approve this request.
Usage
In Autofix, you create a "fix task" for each vulnerability you want to fix, and the autofix process is executed on a per-task basis.
1. Creating a Task
There are two ways to create a task.
1-A: Create from Assessment Results (Recommended)
On the assessment results page, click the "Fix Vulnerability" button, select the vulnerability you want to fix from the displayed menu, and click the "Proceed to Create Task" button.
For past assessment results, the "Fix Vulnerability" button may not be available. In that case, please use the method described in "1-B: Create Directly from the Autofix Tab".
Then, enter and confirm the following information in the task creation dialog:
- Task Name: Automatically populated with the vulnerability title
- Output Language: Select the report output language (Japanese/English)
- Repository: Select the GitHub repository containing the code to fix
- Branch / Tag / Commit: Specify the base branch for the fix
- Target Vulnerability: Automatically populated with the vulnerability report
1-B: Create Directly from the Autofix Tab
Open the "Autofix" tab on the assessments page and click the "Create Task" button.
Enter the following information:
- Task Name: Set an easily identifiable name
- Output Language: Select the report output language (Japanese/English)
- Repository: Select the target GitHub repository
- Branch / Tag / Commit: Specify the base branch for the fix
- Target Vulnerability: Enter details of the vulnerability to fix (please copy from assessment reports)
2. Running Autofix
After creating a task, select "Run Autofix" from the task menu. The task will transition to the "Running" status.
While the task is running, Takumi automatically performs the following processes:
- Cloning the repository
- Analyzing the vulnerability
- Creating fix code
- Creating unit tests to validate the fix
- Creating a report about the fix
Processing may take several minutes to tens of minutes.
3. Reviewing Results
When processing is complete, the task status changes to "Reviewing". Click the task name in the task list to open the detail dialog.
In the detail dialog, you can review the following:
- "Fix Proposals": Review the generated fix
- Report: Analysis results and explanation of the fix
- Diff: The generated fix code diff
- "Target Vulnerability": Review the entered vulnerability information
If you run the fix multiple times, fix proposals are saved for each version. You can select any version from the version list on the left side to review.
4. Creating a Pull Request
After reviewing the fix and confirming there are no issues, click the "Create Pull Request with this version" button. A Pull Request will be automatically created in the GitHub repository with the fix from the selected version.
After the PR is created, the task status changes to "Completed", and a link to the PR is displayed in the list.
5. Retry, Dismiss, or Delete
The following operations are available from the task menu:
- Retry: Select "Retry Autofix", enter "Additional Instructions", and run the fix again. A new fix proposal will be generated and added as a new version.
- Dismiss: Select "Dismiss" to close the task. The status changes to "Dismissed".
- Delete: Select "Delete" to permanently delete the task.
Task Statuses
| Status | Description |
|---|---|
| Pending | Task has been created and is waiting to be executed |
| Running | Takumi is executing the fix process |
| Reviewing | Fix is complete and waiting for user review |
| Completed | Pull Request has been created and the task is complete |
| Dismissed | Task has been closed by the user |
Important Notes
- Always have the generated fix code reviewed by a human before applying it to production environments
- AI-generated fixes may not be perfect. We recommend running tests and performing code reviews
- Processing may take longer for large repositories or complex vulnerabilities