Skip to content

Integrating AI Providers for Assisted Remediation

BoostSecurity's AI integration enhances your security workflow by providing AI-assisted remediation for vulnerabilities directly within your pull requests. By connecting an AI provider, you can leverage powerful language models to generate code suggestions and comments, helping your developers fix security issues faster and more efficiently.

This guide will walk you through the process of connecting and configuring an AI provider, such as OpenAI, Gemini, or Anthropic, within the BoostSecurity platform.

Key Benefits

  • Automated Code Suggestions: Receive AI-generated code snippets to fix detected vulnerabilities.
  • Seamless SCM Integration: View suggestions and comments directly in your existing pull requests across GitHub, GitLab, Azure DevOps (ADO), and Bitbucket.
  • Flexible Provider Support: Choose from a range of leading AI providers and models to fit your organization's needs.
  • Improved Developer Experience: Empower developers to resolve security findings without leaving their workflow.

Prerequisites

Before you begin, ensure you have the following:

  • AI Provider Account: An active account with an AI provider (e.g., OpenAI, Google AI, Anthropic) and a valid API key.
  • Compatible AI Model: The selected AI model must support text-based analysis and generation for code review. Models designed for chat, code, or text are recommended (e.g., gpt-4, claude-sonnet, gemini-pro). Using models specialized in image or audio processing may result in errors or empty results.

Integration Steps

Follow these steps to configure the AI integration:

  1. Navigate to the Integrations page on your BoostSecurity dashboard.

  2. Under the "Available" section, locate the AI integration card and select it.

    AI integration card

  3. Click the "Install" button in the top right to add an AI provider.

    Install new AI config

  4. Select a Provider: From the Provider dropdown menu, choose the AI provider you wish to connect (e.g., OpenAI, Gemini, Anthropic).

    Select Provider

  5. Paste your API key from the selected provider into the API Key field and click the Get Available Models button. BoostSecurity will use the provided API key to query the provider and populate the list of available models.

    Input API Key

    Important

    When enabling AI in your application, make sure to choose a model designed for text understanding and generation. Models specialized in image, audio, or speech processing cannot perform code review or generate text comments. We recommend selecting a chat or code-oriented model (for example, models labeled "chat", "code", or "text"). Using an unsupported model may cause the AI review to fail or return empty results.

  6. Select a Model: From the Model dropdown menu, select the specific AI model you want to use for generating code suggestions.

    Select a model

  7. Install the Integration: Once you have filled in all the required fields, click the "Install" button to save the configuration.

Your AI provider is now connected. BoostSecurity will begin using this integration to provide automated remediation suggestions in your SCM tools.

Important

You can only install a single provider per account for generating suggestions.

Managing Existing Integrations

You can manage your configured AI providers at any time from the Integrations > AI page.

  • Edit: To change the selected model or update the API key, click the pencil icon next to the provider.

    Edit AI Integration

  • Delete: To remove an integration, click the trash icon.

    Delete AI Integration

Troubleshooting

Error / Issue Possible Cause Solution
"Get Available Models" Fails or Returns Empty The API key is invalid, has been revoked, or lacks the necessary permissions to list models. Verify that the API key is correct and has the appropriate permissions in your AI provider's account settings. Generate a new key if necessary and update it in the integration settings.
AI Suggestions Are Not Appearing in Pull Requests The configured model is not suitable for code review, or there is a configuration issue with your SCM integration. 1. Ensure you have selected a text-based or code-oriented model as recommended.
2. Verify that your SCM integration (e.g., GitHub, GitLab) is properly configured and active.
3. Check the BoostSecurity scan logs for any errors.
Poor Quality or Irrelevant Suggestions The selected model may not be powerful enough or well-suited for the specific programming language or vulnerability type. Experiment with different models offered by your provider. More advanced models (e.g., GPT-4 over GPT-3.5) often provide higher-quality suggestions.

Frequently Asked Questions (FAQ)

Q1: Can I connect multiple AI providers at the same time?

No, you can only install a single provider per account for generating suggestions.

Q2: How is my API key stored?

API keys are encrypted and stored securely. BoostSecurity follows industry best practices for managing sensitive credentials.

Q3: Which SCM platforms are supported for AI-assisted remediation?

The AI-assisted remediation feature is available for GitHub at present with support for GitLab, BitBucket, and ADO in the pipeline.