SAST Vulnerability Resolution Flow
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Agentic SAST vulnerability resolution automatically analyzes SAST vulnerabilities and generates merge requests with context-aware code fixes. This agentic approach uses multi-shot reasoning to resolve vulnerabilities with minimal human intervention.
When a SAST security scan runs on the main branch, GitLab Duo automatically analyzes high and critical severity vulnerabilities to determine if a fix can be generated with high confidence. The analysis happens in the background and results appear in the vulnerability report once processing is complete.
Results are based on AI analysis and should be reviewed by security professionals.
You can’t trigger this flow by mentioning, assigning, or requesting a review from its service account. The flow runs automatically after security scans complete. You can run it manually from the vulnerability report by clicking the Check for false positive button.
Running agentic SAST vulnerability resolution
The flow runs automatically when specific conditions are met. For details on automatic and manual execution, see Agentic SAST Vulnerability Resolution.