-
-
![Agentic DevSecOps for Auto-Compliant Remediation [ADSOACRem] – screenshot 1](//d112y698adiu2z.cloudfront.net/photos/production/software_photos/004/465/867/datas/gallery.jpg)
ADSOACRem AI
![Agentic DevSecOps for Auto-Compliant Remediation [ADSOACRem] – screenshot 1](https://d112y698adiu2z.cloudfront.net/photos/production/software_photos/004/465/867/datas/original.png)
Project Submission: ADSOACRem AI
Inspiration In federal and enterprise DevSecOps, the "vulnerability backlog" is a critical point of failure. Security teams are overwhelmed by static alerts that require manual triage and slow, manual patching. ADSOACRem was inspired by the need to "Shift-Left" even further—moving from automated detection to autonomous remediation while keeping a human-in-the-loop for final accountability.
What it does ADSOACRem AI is an agentic bridge for GitLab CI/CD pipelines. It monitors security scan outputs (SAST/DAST) and triggers specialized AI agents to: Triage: Evaluate vulnerabilities against federal compliance frameworks (e.g., NIST 800-53). Analyze: Determine the root cause within the source code. Remediate: Generate a merge-ready code patch to resolve the issue instantly. Audit: Document the entire automated process for compliance reporting.
How we built it The project was architected as a GitLab Agentic Flow. We defined a system logic using Python to simulate the decision-making process of a Senior Security Engineer. We utilized GitLab Duo prompts to structure the remediation logic and mapped vulnerability types to specific "Fix-Action" playbooks. The repository structure was designed to be "Reviewer-Ready," focusing on clear documentation and reproducible logic.
Challenges we ran into The primary challenge was balancing Autonomy vs. Oversight. In a federal environment, you cannot have "black box" AI making changes to production code. We solved this by designing a "Human-Gate" mechanism, where the agent generates the remediation as a Merge Request that requires a manual security signature before deployment. Accomplishments that we're proud of Creating a naming convention and framework (ADSOACRem) that addresses specific federal compliance bottlenecks. Designing a "zero-trust" AI interaction model where every agentic action is logged and verifiable. Simplifying a complex DevSecOps workflow into a 30-minute deployment-ready concept.
What we learned We learned that Agentic Workflows are the future of cybersecurity. It isn't just about the AI "knowing" the answer; it's about the AI knowing when to trigger an action and how to interact with the existing CI/CD infrastructure without breaking the pipeline. What's next for ADSOACRem AI
The next phase is integrating Real-time Threat Intelligence feeds to allow the agents to prioritize remediation based on active global exploits. We also plan to expand the framework to support multi-cloud compliance standards (FedRAMP/IL5) for broader Department of Defense applications.
Technical Repository & Artifacts Public GitHub Repo: https://github.com/USH3R/ADSOACRem-AI Primary Tech Stack: Python (Orchestration), C++ (Legacy Remediation), Java (Enterprise Compliance). Compliance Mapping: NIST 800-53 / FedRAMP ready logic.
Log in or sign up for Devpost to join the conversation.