Cloud-native security demands organizations fix the root cause of cloud risks at their source in development. For many cloud risks, simply remediating them in runtime only temporarily solves the problem, which can resurface in future deployments if the underlying code remains unchanged. 

Yet for many organizations, fixing these issues where they start—in the code itself—has traditionally been slow and manual. Cloud environments are complex and highly dynamic, where misconfigurations and other risks can span multiple development artifacts, code ownership is unclear, and finding the responsible team is difficult. 

That’s why Orca is pleased to introduce our AI-Driven Remediation for Code feature, which enables users to transform cloud alerts into instant pull requests (PRs) and apply code fixes directly from the Orca Platform. This allows teams to fix misconfigurations and other risks at their source and commit changes seamlessly. This approach dramatically simplifies remediation across both runtime and development, reducing risk while keeping teams focused on delivering secure applications.  

With this update, the Orca Platform further enhances its Cloud-to-Dev capabilities and Application Security solution. It also complements several new updates to the Orca Platform.

An example of Orca’s AI-Driven Remediation feature enabling teams to accelerate remediations for IaC issues and vulnerabilities at any phase of the application lifecycle
Orca’s AI-Driven Remediation feature enables teams to accelerate remediations for IaC issues and vulnerabilities at any phase of the application lifecycle

Why is Orca delivering AI-Driven Remediation for Code?

According to recent studies, two in every three organizations report an increase in IaC misconfigurations, while 62% report severe vulnerabilities in code repositories. Issues such as these can quickly snowball into cloud risks that present challenges for security and development teams to effectively remediate. 

Since IaC templates are often reused, for example, even minor flaws can multiply into hundreds or thousands of vulnerable assets, putting organizations at greater risk of breaches or compliance failures. Effective remediation calls for going beyond simply addressing risks in runtime to fixing them at their origin. 

With Orca’s AI-Driven Remediation for Code feature, security and development teams can quickly trace vulnerabilities to their source, identify the responsible code owners, and generate PRs directly from the Orca Platform, remediating development issues fast and easily, while preventing future risks from resurfacing. 

What are the features of AI-Driven Remediation for Code?

Orca is introducing several exciting updates that expand its AI-Driven Security capabilities, including the following.

#1: AI-Driven Remediation from Cloud-to-Dev

For relevant cloud risks, the enhancement automatically detects and matches cloud alerts to their code origins. Each alert enables users to generate high-quality, AI-driven code fixes, as well as open a one-click PR request—all without leaving the Orca Platform. The result saves security teams the need to track down the responsible developers or problematic code, and instead allows them to jumpstart their coordination with development teams, greatly reducing the Mean Time to Resolution (MTTR). 

The feature also enables security teams to easily communicate with developers in a language they understand, automatically providing the needed context to dramatically improve existing processes and solutions.

An example of Orca’s AI-Driven Remediation for Code enabling teams to open one-click PRs for code issues in cloud assets
Orca’s AI-Driven Remediation for Code enables teams to open one-click PRs for code issues in cloud assets

#2: AI-Driven Remediation for Application Security Alerts

In addition to cloud risks, the feature also works for misconfigurations or vulnerabilities detected before code is shipped to production. In this context, users can generate AI-driven code fixes and leverage one-click PRs, ensuring they can quickly fix issues before they get deployed while enabling projects to run on schedule. 

An example of Orca’s AI-Driven Remediation for Code enabling teams to generate AI-driven code fixes and leverage one-click PRs for issues detected in development
Orca’s AI-Driven Remediation for Code enables teams to generate AI-driven code fixes and leverage one-click PRs for issues detected in development

#3: Seamless integrations with SCM platforms

Additionally, the feature provides developers with a seamless experience that eliminates friction and maximizes productivity. The feature natively integrates with GitHub, GitLab, and Azure DevOps, ensuring users can leverage one-click PRs across their preferred source code management (SCM) platform. 

This enables developers to expedite remediations in a way that accommodates their existing tools and processes, ensuring they can help secure applications without impacting their productivity. The feature reinforces Orca’s commitment to infuse security into how organizations already operate, empowering security and development teams to secure applications on their terms.

A screenshot of The Orca Cloud Security Platform supporting one-click pull requests across multiple platforms for source code management, including GitHub, GitLab, and Azure DevOps
The Orca Cloud Security Platform supports one-click pull requests across multiple platforms for source code management, including GitHub, GitLab, and Azure DevOps

About the Orca Cloud Security Platform

The Orca Cloud Security Platform provides unified and comprehensive security across the application lifecycle, identifying, prioritizing, and remediating security risks and compliance issues across AWS, Azure, Google Cloud, Kubernetes, Oracle Cloud, and Alibaba Cloud. Leveraging its patented SideScanning™ Technology, the Orca Platform detects vulnerabilities, misconfigurations, malware, lateral movement, data risks, API risks, overly permissive identities, and much more.

Learn More

Interested in seeing Orca’s Application Security solution in action? Schedule a personalized 1:1 demo with one of our experts.