SAST <> Bits Code: replace campaigns language with automations#37423
Open
clreaume wants to merge 1 commit into
Open
SAST <> Bits Code: replace campaigns language with automations#37423clreaume wants to merge 1 commit into
clreaume wants to merge 1 commit into
Conversation
Contributor
Preview links (active after the
|
domalessi
reviewed
Jun 10, 2026
domalessi
left a comment
domalessi
left a comment
Contributor
There was a problem hiding this comment.
Thanks for the PR! Left some feedback. Tag me or re-request review when ready for another look!
| | [Detection](#ai-native-sast) | AI-native SAST: LLM-based taint analysis to detect security vulnerabilities with higher accuracy | At scan time (Datadog Hosted Scans only) | Identifies contextually complex vulnerabilities missed by rule-based analysis | | ||
| | [Validation](#validation-and-triage) | False positive filtering: Deprioritize low-likelihood findings | After scan | Reduce noise, allow focus on actual issues | | ||
| | [Remediation](#remediation) | Batched remediation: Generate suggested fixes (and optionally PRs) for one or multiple vulnerabilities | After scan | Reduces developer effort, accelerates fix cycle | | ||
| | [Remediation](#remediation) | Automated remediation: Generate suggested fixes (and optionally PRs) for vulnerabilities manually or with automation | After scan | Reduces developer effort, accelerates fix cycle | |
Contributor
There was a problem hiding this comment.
Suggested change
| | [Remediation](#remediation) | Automated remediation: Generate suggested fixes (and optionally PRs) for vulnerabilities manually or with automation | After scan | Reduces developer effort, accelerates fix cycle | | |
| | [Remediation](#remediation) | Automated remediation: Generate suggested fixes (and optionally PRs) for vulnerabilities manually or automatically | After scan | Reduces developer effort, accelerates fix cycle | |
| [Bits AI][9] reviews the context of each SAST finding and assesses whether it is more likely to be a true or false positive, along with a short explanation of the reasoning. | ||
|
|
||
| To narrow down your initial list for triage, in [Vulnerabilities][6], select **Filter out false positives**. This option uses the `-bitsAssessment:"False Positive"` query. | ||
| To narrow down your initial list for triage, in [Vulnerabilities][6], enable the **Filter out false positives** toggle. This option uses the `-bitsAssessment:"False Positive"` query. |
Contributor
There was a problem hiding this comment.
Suggested change
| To narrow down your initial list for triage, in [Vulnerabilities][6], enable the **Filter out false positives** toggle. This option uses the `-bitsAssessment:"False Positive"` query. | |
| To narrow down your initial list for triage, in [Vulnerabilities][6], turn on the **Filter out false positives** toggle. This option uses the `-bitsAssessment:"False Positive"` query. |
| ## Remediation | ||
|
|
||
| Datadog SAST uses the [Bits Code][10] to generate code fixes for vulnerabilities. You can remediate individual vulnerabilities or fix multiple vulnerabilities using bulk remediation campaigns. | ||
| Datadog SAST uses [Bits Code][10] to generate code fixes for vulnerabilities. In addition to remediating an individual vulnerability, you can set up an [automation][13] so that Bits Code automatically acts on similar vulnerabilities in the future. |
Contributor
There was a problem hiding this comment.
Suggested change
| Datadog SAST uses [Bits Code][10] to generate code fixes for vulnerabilities. In addition to remediating an individual vulnerability, you can set up an [automation][13] so that Bits Code automatically acts on similar vulnerabilities in the future. | |
| Datadog SAST uses [Bits Code][10] to generate code fixes for vulnerabilities. You can also create an [automation][13] to automatically generate fixes for vulnerabilities as they are found or on a schedule. |
| - To generate a fix, select [**Single fix**](#single-fix) or [**Bulk fix**](#bulk-fix-campaigns). | ||
| - If a fix has already been generated, select **View fix and create PR** to view the existing [remediation session](#remediation-session-details). | ||
| 1. In the **Next Steps** > **Remediation** section, click **Fix with Bits**, then one of the following options: | ||
| - [**Single fix**](#single-fix): Generates a code fix for this vulnerability |
Contributor
There was a problem hiding this comment.
Suggested change
| - [**Single fix**](#single-fix): Generates a code fix for this vulnerability | |
| - [**Single fix**](#single-fix): Generates a code fix for this vulnerability. |
| 1. In the **Next Steps** > **Remediation** section, click **Fix with Bits**, then one of the following options: | ||
| - [**Single fix**](#single-fix): Generates a code fix for this vulnerability | ||
| - If a fix has already been generated, select **View fix and create PR** to view the existing [remediation session](#remediation-session-details). | ||
| - [**Create automation**](#create-automation): Opens a pop-up modal where you can create a [Bits Code automation][13] |
Contributor
There was a problem hiding this comment.
Suggested change
| - [**Create automation**](#create-automation): Opens a pop-up modal where you can create a [Bits Code automation][13] | |
| - [**Create automation**](#create-automation): Opens a pop-up modal where you can create a [Bits Code automation][13]. |
| Use **Single fix** to open a Bits Code session to fix this single vulnerability. You can review the proposed diff, ask follow-up questions, edit the patch, and create a pull request to apply the remediation to your source code repository. | ||
|
|
||
| ### Bulk fix (campaigns) | ||
| View all Bits Code sessions on **Bits AI** > **Bits Code** > [**Sessions**][7]. |
Contributor
There was a problem hiding this comment.
Suggested change
| View all Bits Code sessions on **Bits AI** > **Bits Code** > [**Sessions**][7]. | |
| View all Bits Code sessions in **Bits AI** > **Bits Code** > [**Sessions**][7]. |
| Click a campaign to view details including session status, pull requests by repository, and remediated findings. You can click on individual sessions to review, edit, and merge fixes with the [Bits Code][10]. | ||
|
|
||
| {{< img src="/code_security/static_analysis/campaigner-hero-image.png" alt="Campaigns page in Bits Code" style="width:100%;">}} | ||
| View all Bits Code automations on **Bits AI** > **Bits Code** > [**Automations**][14]. |
Contributor
There was a problem hiding this comment.
Suggested change
| View all Bits Code automations on **Bits AI** > **Bits Code** > [**Automations**][14]. | |
| View all Bits Code automations in **Bits AI** > **Bits Code** > [**Automations**][14]. |
| To open the remediation session, select the vulnerability from the [**Vulnerabilities**][6] page to open the side panel, scroll to the **Remediation** section, and select **Expand & Chat**. | ||
|
|
||
| You can also navigate to remediation sessions through the [**Campaigns**][12] and [**Sessions**][7] views. | ||
| You can also view all remediation sessions on [**Sessions**][7]. |
Contributor
There was a problem hiding this comment.
Suggested change
| You can also view all remediation sessions on [**Sessions**][7]. | |
| You can also view all remediation sessions in [**Sessions**][7]. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do? What is the motivation?
The AI-Enhanced Static Code Analysis page's Remediation section mentions Bits Code campaigns, which are no longer a thing. We now have automations! I updated the page to reflect that.
Merge instructions
merge-able!
Merge readiness:
AI assistance
Had Claude review
Additional notes
Jira ticket