Full Program
Summary:
The continuous digitisation of all types of data and business information, although undoubtedly beneficial, has triggered an exponential rise to security risks, as more attack vectors are introduced at a high frequency. To facilitate the process of suppressing security threats to software, we present an AI-powered pipeline that enables developers to mitigate security alerts identified by security assessment reports generated by popular open source security tools. The proposed pipeline harnesses the power of LLMs to propose code fixes and flows the fixed code through a CI/CD pipeline that reruns the security assessment process to examine whether the vulnerability is fixed. Source code is then accepted, with the approval of a human administrator. Evaluation performed indicates that the proposed pipeline can be considered as the first set of steps towards enabling self-healing software systems within a DevSecOps culture, where software can be generated, patched and updated in an automated manner.Author(s):
Georgios Siachamis
Greece
Georgios Papadopoulos
Greece
Andreas Symeonidis
Greece