Abstract

AutoFix is an innovative open-source tool that marries static analysis with advanced Large Language Models (LLMs) to automate the detection and remediation of software vulnerabilities. Utilizing cutting-edge models like StarCoder and Salesforce CodeGen2, AutoFix excels in generating precise patches for a wide range of vulnerabilities, identified through robust static analysis methods including Semgrep. Designed for developers, security professionals, and DevSecOps teams, AutoFix streamlines security integration in software development, balancing speed and accuracy in patch deployment. As a community-driven tool, it evolves continuously, embodying the future of automated, secure coding practices.