Enterprise Software Supply Chain Manager (ESSCM)
AI Remediate
Automated vulnerability remediation powered by Griffin AI
AI Remediate
AI Remediate uses Griffin AI to automatically generate and apply security fixes, reducing remediation time from days to minutes.
How AI Remediate Works
- Analysis - Griffin AI analyzes the vulnerability and your codebase
- Solution Generation - AI determines the safest upgrade path
- Impact Assessment - Breaking changes and compatibility checked
- PR Creation - Automated Pull Request with all changes
- Validation - Automated tests run to verify the fix
AI Remediate Capabilities
Dependency Upgrades
Griffin AI can automatically:
- Upgrade vulnerable packages to fixed versions
- Handle transitive dependency conflicts
- Update lock files appropriately
- Maintain compatibility with existing code
Configuration Fixes
For configuration-based vulnerabilities:
- Update security headers
- Patch insecure defaults
- Apply recommended settings
Code Modifications
In some cases, Griffin AI can:
- Replace deprecated function calls
- Update API usage patterns
- Apply security patches to code
Using AI Remediate
Single Vulnerability
- Navigate to the vulnerability
- Click AI Remediate
- Review the proposed changes
- Click Create Pull Request
Bulk AI Remediate
Fix multiple vulnerabilities at once:
- Select vulnerabilities to fix
- Click AI Remediate Selected
- Griffin AI batches compatible fixes
- Review all changes
- Create PRs (one per repository)
Page-Level AI Remediate
From the Vulnerabilities page:
- Click the AI Remediate button at the top
- Griffin AI analyzes all fixable vulnerabilities
- Review the comprehensive remediation plan
- Approve and create Pull Requests
AI Remediate Settings
Configure AI Remediate behavior in Settings → AI Remediate:
| Setting | Description |
|---|---|
| Auto-Create PRs | Automatically create PRs for safe fixes |
| Require Approval | Require manual approval before PRs |
| Test Integration | Run tests before creating PRs |
| Breaking Change Policy | How to handle breaking changes |
| Branch Naming | PR branch naming convention |
Supported Ecosystems
| Ecosystem | Package Manager | AI Remediate Support |
|---|---|---|
| JavaScript | npm, yarn, pnpm | Full |
| Python | pip, poetry, pipenv | Full |
| Java | Maven, Gradle | Full |
| Go | Go modules | Full |
| Rust | Cargo | Full |
| Ruby | Bundler | Full |
| .NET | NuGet | Full |
| PHP | Composer | Full |
Breaking Change Detection
Griffin AI analyzes potential breaking changes:
- Safe - No breaking changes expected
- Minor - Minor API changes, low risk
- Major - Significant changes, review recommended
- Critical - High risk of breaking, manual review required
PR Details
Auto-generated PRs include:
- Clear title with CVE reference
- Detailed description of the vulnerability
- Summary of changes made
- Breaking change warnings (if any)
- Test results (if configured)
- Links to relevant advisories
Best Practices
- Enable tests - Catch regressions automatically
- Start with safe fixes - Build confidence gradually
- Review major changes - Don't auto-merge breaking changes
- Monitor metrics - Track fix success rate