alprina fix
Generate AI-powered fixes for security vulnerabilities discovered in your code.
Synopsis
alprina fix <target> [OPTIONS]Description
The alprina fix command uses AI to automatically generate code fixes for security vulnerabilities found during scans. It can operate in interactive mode (asking for confirmation) or automatically apply fixes without user intervention.
This command is perfect for:
- Quickly remediating security issues
- Learning secure coding practices
- Automating security fixes in CI/CD pipelines
- Previewing potential fixes before applying them
Arguments
<target>- Path to file or directory to fix (required)
Options
--id
Specify a particular finding ID to fix instead of fixing all findings.
alprina fix ./app.py --id VULN-2024-001--auto-fix
Automatically apply all fixes without asking for confirmation. Use with caution in production code.
alprina fix ./src --auto-fixWarning: Always review auto-applied fixes and test your code after using this option.
--severity
Fix only vulnerabilities of a specific severity level.
Valid values: critical, high, medium, low
# Fix only critical issues
alprina fix ./src --severity critical
# Fix high and critical issues
alprina fix ./src --severity high--preview
Preview the fixes that would be applied without actually modifying any files.
alprina fix ./src --previewThis shows you a diff of proposed changes before you commit to applying them.
Examples
Interactive Fix (Recommended)
Fix a single file with confirmation prompts:
alprina fix ./app.pyOutput:
π οΈ Alprina Fix Tool
βββββββββββββββββββββββββββββββββββ
Found 3 vulnerabilities to fix:
1. HIGH: SQL Injection in database.py:42
2. MEDIUM: Hardcoded secret in config.py:15
3. LOW: Weak cryptography in auth.py:89
Fix vulnerability #1? [y/N]: y
β Applied fix for SQL InjectionAuto-fix All Issues
Automatically fix all vulnerabilities in a directory:
alprina fix ./src --auto-fixUse case: CI/CD pipelines where you trust the AI fixes.
Fix Only Critical Issues
Fix only critical vulnerabilities:
alprina fix ./src --severity criticalPreview Fixes
See what would be fixed without applying changes:
alprina fix ./src --previewOutput shows diffs:
File: database.py
βββββββββββββββββββββββββββββββββββ
- query = f"SELECT * FROM users WHERE id = {user_id}"
+ query = "SELECT * FROM users WHERE id = ?"
+ cursor.execute(query, (user_id,))
β Would fix SQL injection vulnerabilityFix Specific Finding
Fix only a particular vulnerability:
alprina fix ./app.py --id VULN-2024-042Workflow
- Scan First: Run
alprina scanto find vulnerabilities - Review Results: Check the scan report to understand issues
- Fix Issues: Run
alprina fixto remediate - Test Code: Always test your code after applying fixes
- Rescan: Run
alprina scanagain to verify fixes worked
Best Practices
Do:
β
Review AI-generated fixes before committing
β
Test your code after applying fixes
β
Use --preview first to see what will change
β
Fix critical issues first with --severity critical
β
Keep backups or use version control
Donβt:
β Blindly apply --auto-fix in production without testing
β Skip code review after AI fixes
β Assume all fixes are perfect (AI can make mistakes)
β Forget to run tests after applying fixes
Exit Codes
| Code | Meaning |
|---|---|
0 | All fixes applied successfully |
1 | Error occurred during fixing |
2 | No vulnerabilities found to fix |
3 | User cancelled operation |
Integration with Scan
The fix command works seamlessly with scan results:
# Scan and save results
alprina scan ./src --output results.json
# Fix issues from that scan
alprina fix ./src
# Verify fixes worked
alprina scan ./srcCI/CD Integration
Example GitHub Actions workflow:
- name: Scan for vulnerabilities
run: alprina scan ./src
- name: Auto-fix critical issues
run: alprina fix ./src --severity critical --auto-fix
- name: Commit fixes
run: |
git config user.name "Alprina Bot"
git add .
git commit -m "fix: auto-remediate critical vulnerabilities"
git pushLimitations
- Only fixes issues that Alprinaβs AI can confidently remediate
- Some complex vulnerabilities may require manual intervention
- Always review and test AI-generated fixes
- Does not guarantee 100% security (defense in depth still required)
Related Commands
alprina scan- Find vulnerabilities firstalprina mitigate- Get fix suggestions without applyingalprina history- View past fixes
Troubleshooting
βNo vulnerabilities foundβ
Run alprina scan first to detect issues before fixing.
βCannot apply fix automaticallyβ
Some vulnerabilities require manual intervention. Use alprina mitigate for guidance.
βFix failed to applyβ
The AI-generated fix may conflict with your code structure. Apply manually using the suggested fix from alprina mitigate.