In most organizations, remediation of security risks--regardless of how those risks are identified--is accomplished through manual changes to the code, often with the assistance of security experts. It’s very labor intensive and difficult to fit into modern automated, repeatable pipelines, and a major contributor to reduced release velocity and security bottlenecks.
Remediation as Code automates the remediation process by incorporating security expertise into the tools and eliminating manual steps. When a security risk is identified, Accurics can automatically recommend appropriate code changes and submit a complete merge/pull request using your standard existing processes. This minimizes the effort of remediating risks and ensures problems are fixed at the source.
It’s not always necessary or desirable to interrupt the pipeline and restart after merging the pull request. When there can be no compromises or delays, Accurics also allows for unsupervised remediation by patching or overriding risky configurations without disrupting the pipeline. This allows the delivery to complete without exposing any risk, while simultaneously submitting the pull request to ensure the IaC and runtime configuration remain in sync. In essence, your infrastructure is able to heal itself.