Add support to generate auto fixes using LLM (AI) (#1177)

This feature adds support to generate auto fixes for Go scanning findings using LLM (AI). In a first instance, it relies on Gemini API to get a suggestion for a solution. This can be later extended, to integrate also other AI providers. --------- Signed-off-by: Cosmin Cojocar <ccojocar@google.com> Co-authored-by: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2025-11-29 22:37:59 +02:00 · 2024-08-12 17:52:41 +07:00
parent f33fd4bf29
commit 56f943b802
13 changed files with 419 additions and 23 deletions
--- a/issue/issue.go
+++ b/issue/issue.go
@@ -97,17 +97,18 @@ var ruleToCWE = map[string]string{

 // Issue is returned by a gosec rule if it discovers an issue with the scanned code.
 type Issue struct {
-	Severity     Score             `json:"severity"`     // issue severity (how problematic it is)
-	Confidence   Score             `json:"confidence"`   // issue confidence (how sure we are we found it)
-	Cwe          *cwe.Weakness     `json:"cwe"`          // Cwe associated with RuleID
-	RuleID       string            `json:"rule_id"`      // Human readable explanation
-	What         string            `json:"details"`      // Human readable explanation
-	File         string            `json:"file"`         // File name we found it in
-	Code         string            `json:"code"`         // Impacted code line
-	Line         string            `json:"line"`         // Line number in file
-	Col          string            `json:"column"`       // Column number in line
-	NoSec        bool              `json:"nosec"`        // true if the issue is nosec
-	Suppressions []SuppressionInfo `json:"suppressions"` // Suppression info of the issue
+	Severity     Score             `json:"severity"`          // issue severity (how problematic it is)
+	Confidence   Score             `json:"confidence"`        // issue confidence (how sure we are we found it)
+	Cwe          *cwe.Weakness     `json:"cwe"`               // Cwe associated with RuleID
+	RuleID       string            `json:"rule_id"`           // Human readable explanation
+	What         string            `json:"details"`           // Human readable explanation
+	File         string            `json:"file"`              // File name we found it in
+	Code         string            `json:"code"`              // Impacted code line
+	Line         string            `json:"line"`              // Line number in file
+	Col          string            `json:"column"`            // Column number in line
+	NoSec        bool              `json:"nosec"`             // true if the issue is nosec
+	Suppressions []SuppressionInfo `json:"suppressions"`      // Suppression info of the issue
+	Autofix      string            `json:"autofix,omitempty"` // Proposed auto fix the issue
 }

 // SuppressionInfo object is to record the kind and the justification that used