This repository introduces two blueprints for an innovative automated remediation pipeline, designed to effectively address vulnerabilities detected by the Amazon Inspector. By leveraging the Generative AI through Amazon Bedrock in-context learning, this solution significantly enhances the security posture of application development workflows.
This repository contains two sample implementation.
This sample implementation is using AWS-provided services only, and illustrates how to use Bedrock to process CVE detection results produced by the Inspector in order to build a Pull Request (PR) content. Once content is generated, the solution is using a micro-service running on Amazon ECS to clone the source code repository and create a PR.
Learn more by reading the blog. See code here.
This sample implementation is expanding the previous one by illustrating how to run the NVIDIA NIM Agent Blueprint on AWS. In this sample, you will run the NIM Agent Blueprint on Amazon EKS. The Agent processes various data sources, such as source code, scan results, and SBOM, and produces comprehensive scan results. Once content is generated, an AWS Lambda function will generate a Github Issue with the scan outcome.
