Glog.AI is available on GitHub as a GitHub action. GitHub Actions is a feature of GitHub that allows you to automate, customize, and execute your software development workflows in your repository. GitHub Actions are used to perform tasks such as building, testing, and deploying your code, as well as creating workflows for other purposes, such as issue triaging, code review, and package management.
We developed Glog.AI GitHub action to perform Glog security solutions functions such as onboarding, predictions, triage and remediation.
Glog.AI integrates with GitHub (as well as other platforms like GitLab and Bitbucket) to provide security-focused features throughout the software development lifecycle (SDLC). It leverages machine learning and AI to analyze code, process scan reports, and offer actionable remediation advice.
When used in a GitHub environment, it would typically function as part of a workflow, either through a custom GitHub Action or direct integration with a repository:
- Integration with GitHub Repositories:AI can be set up to connect with your GitHub repositories, through custom GitHub Action. This allows it to monitor code changes in real-time or on a scheduled basis, such as when a pull request is opened or a commit is pushed.
- Vulnerability Detection and Prioritization: Using its AI capabilities, Glog.AI identifies security flaws in the code, such as coding errors or misconfigurations that could be exploited. It then prioritizes these vulnerabilities based on severity, exploitability, and potential impact, reducing noise from false positives and helping developers focus on critical issues.
- Receiving Remediation Information: The GitHub Actions workflow would then receive the results from Glog.AI, which could detailed remediation steps for identified vulnerabilities. Glog.AI analyzes vulnerabilities within the specific context of the application’s architecture, threat model, and execution environment to provide more accurate and relevant remediation advice.
- Workflow Decisions: Based on the information from Glog.AI, the workflow could then proceed with actions such as:
- Approving and merging automatically generated fix pull requests (with appropriate reviews and checks in place). [under development]
- Assigning developers to address vulnerabilities with the provided remediation advice.
- Failing the build or deployment if critical vulnerabilities are found and not addressed.