A curated, community-driven library of recipes that turn the AI assistants your engineers already use into autonomous remediators — patching vulnerabilities, fixing flaky tests, and closing security findings without leaving the IDE.
Click any tool to see the step-by-step recipe for enabling agentic remediation in your environment.
Share the prompts, rules, skills, and instruction files that are
actually shipping fixes on your team. Stop re-inventing
copilot-instructions.md — borrow from the people who've
already iterated theirs. Contribute yours back so the next team
starts further along than you did.
Before you reach for a model, reach for a --fix flag.
Dependabot, Renovate, npm audit fix, pip-audit,
go mod tidy, and GitHub code scanning do a huge amount of
risk-reduction work without an LLM in the loop — and they pair well
with the agentic flows on this site. Use deterministic tools where you
can; save the agent for the places deterministic tools can't reach.
Reference workflows a security team operates on engineering's behalf — not ones engineering teams are asked to run. Bounded scope, reversible output (always a PR, never a merge), measurable outcomes, and clean failure modes. The output is PRs tagged with an auto-remediation label (rename to your org's convention), or triage tickets when the agent stops cleanly.
Click to find out moreAn agent is only as fast as the context it can reach. The more of your risk-relevant signals — findings, ownership, tickets, runbooks, build status — are exposed through MCP with the right scopes, the shorter the distance from a new finding to a reviewed PR. Scoped tokens, typed interfaces, rate limits, audit logs: Security stays in control while Engineering ships faster.
Click to find out more