Enterprise Vulnerability Remediation Agent

Find it once, fix it everywhere. Turn a single security fix into enterprise-wide remediation.

Comment

Inspiration

Propagating a security patch across large monorepos or multi-repo organizations takes weeks of cross-team coordination. When a Developer fixes a vulnerability in "Service A", determining if "Service B" or "Service C" has the same vulnerable pattern and submitting PRs for them is a massive manual bottleneck that leaves enterprises exposed.

What it does

Enterprise Vulnerability Remediation Agent turns a single code fix into enterprise-wide remediation. Inside an Issue or Merge Request, the AI autonomously:

  • Analyzes the proposed fix diff to understand the root vulnerability.
  • Scans the rest of the monorepo or organization for the vulnerable code pattern.
  • Adapts and commits the fix into new branches.
  • Opens context-aware automated Merge Requests (MRs) detailing the fix reasoning.

How we built it

GitLab Duo Agent Platform: To define the fully autonomous Persona Prompt and Router workflow execution dashboard. GitLab Built-in Tools: Integrated access to gitlab_blob_search, read_file, create_commit, and create_merge_request to enforce code modifications autonomously.

Challenges we ran into

Schema Validation Strictness: Debugging the mapping validation logs to correctly structure tool parameters from a dictionary setup into a clean array list schema format.

Sandbox Configuration Workspace Constraints: Bypassing restricted setting menus in the hackathon workspace environment meant we couldn't create automated API runner token authenticating hooks.

Accomplishments that we're proud of

We successfully built a fully autonomous remediation loop, where a single manual fix triggers automated code modifications and self-authored Merge Requests across the codebase.

What we learned

We discovered that the Agent is exceptionally flexible. It doesn't even have to wait for a branch to Merge into main before kicking into action. It is robust enough to pull unmerged diffs preemptively to secure the Workspace dashboard before approving merging rules!

What's next for Enterprise Vulnerability Remediation Agent

Adding automatic multi-repo scanning.

Built With

Share this project:

Updates