AI-driven, Human-verified: Application Security Autofix from HCL AppScan

HCL AppScan delivers faster secure coding assistance for developers with the launch of autofix capabilities, augmented with GenAI, integrated in our flagship SaaS platform, HCL AppScan on Cloud (ASoC). Now security professionals and developers can access the help they need in not only finding, but also fixing vulnerabilities with a remediation solution engineered to be fast, efficient, and trustworthy.

AI-driven, Human-verified

At the heart of our remediation assistance are curated autofix recommendations for common vulnerabilities found by Static Application Security Testing (SAST) scans in source code in 29 programming languages. These recommendations are developed, reviewed, and approved by an HCL AppScan team of security experts and researchers. Once a vulnerability is identified, ASoC quickly finds the correct autofix recommendation and leverages GenAI to provide easy to understand context for the fix. 

ASoC’s use of curated autofix recommendations, summarized and contextualized using GenAI,  allows developers to make remediation decisions quickly and with extreme confidence. This accelerates the overall time to remediate issues early in the development lifecycle, and reduces much of the need for more costly remediation by security teams later on during the build and test phases.

Many vendors today are offering AI security coding assistants that come with a host of inherent risks. When GenAI is tasked with creating autofix recommendations, there are two key dangers. One, the GenAI is limited by the training dataset. Second, GenAI has been demonstrated to provide more inconsistent responses as it learns. As a result, the quality of the suggested fixes is mixed – some provide accurate fix recommendations while others may include hallucinations and inconsistencies producing code less safe to use without significant manual oversight. The paradox here is clear: when GenAI can’t be fully trusted without human review, it actually slows developers down.

By using GenAI to help contextualize curated autofix recommendations, HCL AppScan provides security professionals and software developers with a powerful educational tool that is safe to use and avoids the risks commonly associated with GenAI. HCL AppScan’s approach is focused on shortening the time it takes to understand fix recommendations and move on to applying them as part of remediation. 

Time Savings at the Heart of HCL AppScan GenAI

HCL AppScan has a long history of utilizing AI to improve SAST scan accuracy with Intelligent Finding Analytics (IFA), and to widen scan coverage with Intelligent Code Analytics (ICA). In both cases, AI has been leveraged to improve the developer experience in two ways: by focusing on the highest priority vulnerabilities among others, and by grouping traditional findings so that developers can focus on the issues that are most critical.

Developers, professional and novice alike, have been benefiting for years from an earlier availability of autofix in HCL AppScan CodeSweep. This community edition of our SAST technology provides curated fix recommendations integrated with the plugins for the developer IDEs as well as the CI/CD pipelines.

The Future of GenAI-Enabled Autofix

This new version of autofix with GenAI is immediately available to all ASoC users with licenses that include access to the SAST technology. HCL AppScan has additional plans to accelerate autofix capabilities even more in the near future, for example adding autofix for additional programming languages. Deeper GenAI integrations will handle even more aspects of auto-remediation such as both creating and implementing autofix recommendations based on the scan results.

Auto-remediation is one of the key areas in application security where GenAI has the potential to play an increasingly positive role. But increasing the speed of fixing issues does not reduce risk unless the fix recommendations can be trusted. The HCL AppScan release of autofix using curated fix recommendations with summaries and context powered by GenAI is the perfect balance of human expertise and AI efficiency. The result is a fast, accurate auto-remediation solution that developers can trust.

Contact us today to take a free trial of HCL AppScan on Cloud and see for yourself how this auto-remediation solution, augmented with GenAI, can help you both find and fix vulnerabilities faster.

Learn about all HCL AppScan’s fast, accurate, and agile application security testing solutions.