[{"data":1,"prerenderedAt":447},["ShallowReactive",2],{"/en-us/the-source/authors/iganbaruch/":3,"footer-en-us":31,"the-source-navigation-en-us":339,"the-source-newsletter-en-us":366,"iganbaruch-articles-list-authors-en-us":378,"iganbaruch-articles-list-en-us":409,"iganbaruch-page-categories-en-us":446},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":10,"content":12,"type":23,"slug":17,"_id":24,"_type":25,"title":26,"_source":27,"_file":28,"_stem":29,"_extension":30},"/en-us/the-source/authors/iganbaruch","authors",false,"",{"layout":9},"the-source",{"title":11},"Itzik Gan Baruch",[13,21],{"componentName":14,"type":14,"componentContent":15},"TheSourceAuthorHero",{"config":16,"name":11,"headshot":18},{"gitlabHandle":17},"iganbaruch",{"altText":11,"config":19},{"src":20},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463443/vibb2fkc0ojni2d1eqde.png",{"componentName":22,"type":22},"TheSourceArticlesList","author","content:en-us:the-source:authors:iganbaruch.yml","yaml","Iganbaruch","content","en-us/the-source/authors/iganbaruch.yml","en-us/the-source/authors/iganbaruch","yml",{"_path":32,"_dir":33,"_draft":6,"_partial":6,"_locale":7,"data":34,"_id":335,"_type":25,"title":336,"_source":27,"_file":337,"_stem":338,"_extension":30},"/shared/en-us/main-footer","en-us",{"text":35,"source":36,"edit":42,"contribute":47,"config":52,"items":57,"minimal":327},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":37,"config":38},"View page source",{"href":39,"dataGaName":40,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":43,"config":44},"Edit this page",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":48,"config":49},"Please contribute",{"href":50,"dataGaName":51,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":53,"facebook":54,"youtube":55,"linkedin":56},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[58,85,158,226,288],{"title":59,"links":60,"subMenu":66},"Platform",[61],{"text":62,"config":63},"DevSecOps platform",{"href":64,"dataGaName":65,"dataGaLocation":41},"/platform/","devsecops platform",[67],{"title":68,"links":69},"Pricing",[70,75,80],{"text":71,"config":72},"View plans",{"href":73,"dataGaName":74,"dataGaLocation":41},"/pricing/","view plans",{"text":76,"config":77},"Why Premium?",{"href":78,"dataGaName":79,"dataGaLocation":41},"/pricing/premium/","why premium",{"text":81,"config":82},"Why Ultimate?",{"href":83,"dataGaName":84,"dataGaLocation":41},"/pricing/ultimate/","why ultimate",{"title":86,"links":87},"Solutions",[88,93,98,103,108,113,118,123,128,133,138,143,148,153],{"text":89,"config":90},"Digital transformation",{"href":91,"dataGaName":92,"dataGaLocation":41},"/topics/digital-transformation/","digital transformation",{"text":94,"config":95},"Security & Compliance",{"href":96,"dataGaName":97,"dataGaLocation":41},"/solutions/security-compliance/","security & compliance",{"text":99,"config":100},"Automated software delivery",{"href":101,"dataGaName":102,"dataGaLocation":41},"/solutions/delivery-automation/","automated software delivery",{"text":104,"config":105},"Agile development",{"href":106,"dataGaName":107,"dataGaLocation":41},"/solutions/agile-delivery/","agile delivery",{"text":109,"config":110},"Cloud transformation",{"href":111,"dataGaName":112,"dataGaLocation":41},"/topics/cloud-native/","cloud transformation",{"text":114,"config":115},"SCM",{"href":116,"dataGaName":117,"dataGaLocation":41},"/solutions/source-code-management/","source code management",{"text":119,"config":120},"CI/CD",{"href":121,"dataGaName":122,"dataGaLocation":41},"/solutions/continuous-integration/","continuous integration & delivery",{"text":124,"config":125},"Value stream management",{"href":126,"dataGaName":127,"dataGaLocation":41},"/solutions/value-stream-management/","value stream management",{"text":129,"config":130},"GitOps",{"href":131,"dataGaName":132,"dataGaLocation":41},"/solutions/gitops/","gitops",{"text":134,"config":135},"Enterprise",{"href":136,"dataGaName":137,"dataGaLocation":41},"/enterprise/","enterprise",{"text":139,"config":140},"Small business",{"href":141,"dataGaName":142,"dataGaLocation":41},"/small-business/","small business",{"text":144,"config":145},"Public sector",{"href":146,"dataGaName":147,"dataGaLocation":41},"/solutions/public-sector/","public sector",{"text":149,"config":150},"Education",{"href":151,"dataGaName":152,"dataGaLocation":41},"/solutions/education/","education",{"text":154,"config":155},"Financial services",{"href":156,"dataGaName":157,"dataGaLocation":41},"/solutions/finance/","financial services",{"title":159,"links":160},"Resources",[161,166,171,176,181,186,191,196,201,206,211,216,221],{"text":162,"config":163},"Install",{"href":164,"dataGaName":165,"dataGaLocation":41},"/install/","install",{"text":167,"config":168},"Quick start guides",{"href":169,"dataGaName":170,"dataGaLocation":41},"/get-started/","quick setup checklists",{"text":172,"config":173},"Learn",{"href":174,"dataGaName":175,"dataGaLocation":41},"https://university.gitlab.com/","learn",{"text":177,"config":178},"Product documentation",{"href":179,"dataGaName":180,"dataGaLocation":41},"https://docs.gitlab.com/","docs",{"text":182,"config":183},"Blog",{"href":184,"dataGaName":185,"dataGaLocation":41},"/blog/","blog",{"text":187,"config":188},"Customer success stories",{"href":189,"dataGaName":190,"dataGaLocation":41},"/customers/","customer success stories",{"text":192,"config":193},"Remote",{"href":194,"dataGaName":195,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":197,"config":198},"GitLab Services",{"href":199,"dataGaName":200,"dataGaLocation":41},"/services/","services",{"text":202,"config":203},"TeamOps",{"href":204,"dataGaName":205,"dataGaLocation":41},"/teamops/","teamops",{"text":207,"config":208},"Community",{"href":209,"dataGaName":210,"dataGaLocation":41},"/community/","community",{"text":212,"config":213},"Forum",{"href":214,"dataGaName":215,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":217,"config":218},"Events",{"href":219,"dataGaName":220,"dataGaLocation":41},"/events/","events",{"text":222,"config":223},"Partners",{"href":224,"dataGaName":225,"dataGaLocation":41},"/partners/","partners",{"title":227,"links":228},"Company",[229,234,239,244,249,254,259,263,268,273,278,283],{"text":230,"config":231},"About",{"href":232,"dataGaName":233,"dataGaLocation":41},"/company/","company",{"text":235,"config":236},"Jobs",{"href":237,"dataGaName":238,"dataGaLocation":41},"/jobs/","jobs",{"text":240,"config":241},"Leadership",{"href":242,"dataGaName":243,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":245,"config":246},"Team",{"href":247,"dataGaName":248,"dataGaLocation":41},"/company/team/","team",{"text":250,"config":251},"Handbook",{"href":252,"dataGaName":253,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":255,"config":256},"Investor relations",{"href":257,"dataGaName":258,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":260,"config":261},"Sustainability",{"href":262,"dataGaName":260,"dataGaLocation":41},"/sustainability/",{"text":264,"config":265},"Diversity, inclusion and belonging (DIB)",{"href":266,"dataGaName":267,"dataGaLocation":41},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":269,"config":270},"Trust Center",{"href":271,"dataGaName":272,"dataGaLocation":41},"/security/","trust center",{"text":274,"config":275},"Newsletter",{"href":276,"dataGaName":277,"dataGaLocation":41},"/company/contact/","newsletter",{"text":279,"config":280},"Press",{"href":281,"dataGaName":282,"dataGaLocation":41},"/press/","press",{"text":284,"config":285},"Modern Slavery Transparency Statement",{"href":286,"dataGaName":287,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":289,"links":290},"Contact Us",[291,296,301,306,311,316,321],{"text":292,"config":293},"Contact an expert",{"href":294,"dataGaName":295,"dataGaLocation":41},"/sales/","sales",{"text":297,"config":298},"Get help",{"href":299,"dataGaName":300,"dataGaLocation":41},"/support/","get help",{"text":302,"config":303},"Customer portal",{"href":304,"dataGaName":305,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":307,"config":308},"Status",{"href":309,"dataGaName":310,"dataGaLocation":41},"https://status.gitlab.com/","status",{"text":312,"config":313},"Terms of use",{"href":314,"dataGaName":315,"dataGaLocation":41},"/terms/","terms of use",{"text":317,"config":318},"Privacy statement",{"href":319,"dataGaName":320,"dataGaLocation":41},"/privacy/","privacy statement",{"text":322,"config":323},"Cookie preferences",{"dataGaName":324,"dataGaLocation":41,"id":325,"isOneTrustButton":326},"cookie preferences","ot-sdk-btn",true,{"items":328},[329,331,333],{"text":312,"config":330},{"href":314,"dataGaName":315,"dataGaLocation":41},{"text":317,"config":332},{"href":319,"dataGaName":320,"dataGaLocation":41},{"text":322,"config":334},{"dataGaName":324,"dataGaLocation":41,"id":325,"isOneTrustButton":326},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":340,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":341,"subscribeLink":346,"navItems":350,"_id":362,"_type":25,"title":363,"_source":27,"_file":364,"_stem":365,"_extension":30},"/shared/en-us/the-source/navigation",{"altText":342,"config":343},"the source logo",{"src":344,"href":345},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":347,"config":348},"Subscribe",{"href":349},"#subscribe",[351,355,358],{"text":352,"config":353},"Artificial Intelligence",{"href":354},"/the-source/ai/",{"text":94,"config":356},{"href":357},"/the-source/security/",{"text":359,"config":360},"Platform & Infrastructure",{"href":361},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":367,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":368,"description":369,"submitMessage":370,"formData":371,"_id":375,"_type":25,"_source":27,"_file":376,"_stem":377,"_extension":30},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":372},{"formId":373,"formName":374,"hideRequiredLabel":326},1077,"thesourcenewsletter","content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"amanda-rueda":379,"andre-michael-braun":380,"andrew-haschka":381,"ayoub-fandi":382,"bob-stevens":383,"brian-wald":384,"bryan-ross":385,"chandler-gibbons":386,"dave-steer":387,"ddesanto":388,"derek-debellis":389,"emilio-salvador":390,"erika-feldman":391,"george-kichukov":392,"gitlab":393,"grant-hickman":394,"haim-snir":395,"iganbaruch":11,"jlongo":396,"joel-krooswyk":397,"josh-lemos":398,"julie-griffin":399,"kristina-weis":400,"lee-faus":401,"ncregan":402,"rschulman":403,"sabrina-farmer":404,"sandra-gittlen":405,"sharon-gaudin":406,"stephen-walters":407,"taylor-mccaslin":408},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Bob Stevens","Brian Wald","Bryan Ross","Chandler Gibbons","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Niall Cregan","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"allArticles":410,"visibleArticles":445,"showAllBtn":326},[411],{"_path":412,"_dir":413,"_draft":6,"_partial":6,"_locale":7,"config":414,"seo":417,"content":422,"type":440,"slug":441,"category":413,"_id":442,"_type":25,"title":418,"_source":27,"_file":443,"_stem":444,"_extension":30,"date":423,"description":419,"timeToRead":424,"heroImage":420,"keyTakeaways":425,"articleBody":429,"faq":430},"/en-us/the-source/ai/understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo","ai",{"layout":9,"template":415,"articleType":416,"author":17,"featured":6,"isHighlighted":6,"authorName":11},"TheSourceArticle","Regular",{"title":418,"description":419,"ogImage":420,"config":421},"Understand and resolve vulnerabilities with AI-powered GitLab Duo","Developers can find and fix vulnerabilities with auto explanation and auto-generated merge requests, ensuring a streamlined development process.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464462/a8lhn3mrjyjuq55m1yqc.png",{"ignoreTitleCharLimit":326},{"title":418,"date":423,"description":419,"timeToRead":424,"heroImage":420,"keyTakeaways":425,"articleBody":429,"faq":430},"2024-02-21","3 min read",[426,427,428],"GitLab Duo uses AI to explain vulnerabilities, bridging knowledge gaps and speeding up issue resolution.","One-click AI fixes in GitLab Duo auto-generate merge requests, saving developers time on security patches.","GitLab Duo fosters proactive security by empowering developers to understand and resolve vulnerabilities efficiently.","In the dynamic world of software development, companies are dedicated to delivering quick and efficient innovations, and they recognize the importance of ensuring they deliver secured applications. GitLab, the most comprehensive [AI-powered](https://about.gitlab.com/gitlab-duo/) DevSecOps Platform, already provides built-in scans in the CI pipeline to deliver detailed scan reports that highlight potential issues within the code. However, not every developer is well-versed in cybersecurity or has encountered every type of vulnerability before, creating a knowledge gap that can lead to confusion and delays in addressing security concerns.\n\n![A vulnerability example detected by static application security testing](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175720/Blog/vrukdl5d06omgln77s7x.png)\n\n\u003Ccenter>\u003Ci>A vulnerability example detected by static application security testing\u003C/i>\u003C/center>\u003Cp>\u003C/p>\n\n## Resolving vulnerabilities with GitLab Duo (AI)\n\n[GitLab Duo](https://about.gitlab.com/gitlab-duo/) uses AI to help developers resolve vulnerabilities. Here's how.\n\n### Understanding vulnerabilities\nCritical vulnerabilities detected in developers' code can delay code merging, often necessitating assistance from security experts to resolve the issues promptly. This leads to extended periods of open merge requests and delays in releasing features. GitLab recognizes the knowledge gap and empowers developers to comprehend security vulnerabilities identified by scans using the [Vulnerability Explanation feature](https://docs.gitlab.com/ee/user/application_security/vulnerabilities/index.html#explaining-a-vulnerability), which offers clear insights into detected vulnerabilities, potential risks with attack examples, and practical solutions for resolution, including example code snippets.\n\nVulnerability Explanation generates a dedicated overview of vulnerabilities. You can access this overview by clicking the \"Explain this vulnerability\" button within each vulnerability report.\n\n![Vulnerability Explanation example](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175726/Blog/bxuwzj9ize3wffo0ydfj.png)\n\u003Ccenter>\u003Ci>Vulnerability Explanation example\u003C/i>\u003C/center>\u003Cp>\u003C/p>\n\nDevelopers can follow all sections in the explanation to swiftly address the vulnerabilities, fostering a culture where they are involved in threat mitigation. This involvement cultivates a sense of comfort and confidence in handling security concerns, ultimately promoting a more proactive and secure development environment.\n\n### Fixing vulnerabilities\n\nGitLab goes beyond just explaining detected vulnerabilities – now, with the power of AI, the platform can swiftly suggest a resolution with just one click. This feature automatically generates detailed merge requests containing all pertinent information about the vulnerability and its intended fix. Moreover, it even suggests the necessary code to address the vulnerability. This saves developers significant time. All that's left for the developer is to review the fix, make any necessary adjustments, and merge it.\n\n![Merge request, automatically generated by AI, including details of the vulnerability, and suggested code to resolve it](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175733/Blog/emogf7awocdtudjbjhzd.png)\n\nThe above image shows a merge request, automatically generated by AI, including details of the vulnerability, and suggested code to resolve it.\n\n## Take a product tour\n\nWe've prepared a brief product tour so you can quickly dive into the functionality and see it in action (click on the image and use the \"Next\" button to progress through the demo).\n\n[![vulnerability explanation product tour screenshot](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752175738/Blog/fd7yws7a1anvzhffv9sg.png)](https://tech-marketing.gitlab.io/static-demos/pt-explain-vulnerability.html)\n\n> __[Get started with GitLab Duo today](https://about.gitlab.com/gitlab-duo/)!__\n",[431,434,437],{"header":432,"content":433},"How does the Vulnerability Explanation feature improve security remediation?","The Vulnerability Explanation feature provides developers with detailed insights into detected security issues, including potential risks and best practices for resolution. By offering attack examples and step-by-step guidance, it helps bridge the cybersecurity knowledge gap among developers.",{"header":435,"content":436},"Why is AI-driven vulnerability management important in DevSecOps?","AI-driven vulnerability management accelerates threat detection and resolution, reducing delays in code deployment. By automating security scans, explanations, and fixes, AI enhances DevSecOps efficiency, minimizes security risks, and allows developers to focus on innovation.",{"header":438,"content":439},"How does GitLab Duo use AI to help developers resolve vulnerabilities?","How does GitLab Duo use AI to help developers resolve vulnerabilities?\n> GitLab Duo leverages AI to detect security vulnerabilities, provide clear explanations, and generate suggestions for fixing vulnerabilities.","article","understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo","content:en-us:the-source:ai:understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo:index.yml","en-us/the-source/ai/understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo/index.yml","en-us/the-source/ai/understand-and-resolve-vulnerabilities-with-ai-powered-gitlab-duo/index",[411],{"ai":352,"platform":359,"security":94},1753475371562]