Access Secure Coder in the browser

Edit online

Access IBM Concert Secure Coder in the browser to investigate package dependency vulnerabilities, review remediation plans, and generate pull requests directly from IBM Concert.

Before you begin

Ensure that the following prerequisites are met:
  • Secure Coder is enabled by setting ENABLE_BUDDY=true during IBM Concert installation.
  • You have a valid BobShell API key.
  • You have a Personal Access Token (PAT) with read and write access to the target source code repository.
  • Vulnerability findings and remediation actions are available in IBM Concert.
  • You have access to the source code repository that is associated with the remediation action.

Procedure

  1. Sign in to IBM Concert.
  2. Click the Secure Coder chat icon in the IBM Concert toolbar.

    The Secure Coder browser experience opens.

  3. Select an existing IBM Bob connection or provide a valid IBM Bobshell API key.
  4. Start a remediation session.
  5. Select a remediation action or enter a request.
    For example, you can:
    • Review remediation recommendations.
    • Investigate vulnerable packages and dependencies.
    • Generate remediation plans.
    • Ask follow-up questions about vulnerabilities and recommended fixes.
    • Request remediation for a package dependency vulnerability.
  6. Follow the guided conversational workflow to review recommendations and perform remediation activities.

Results

A Secure Coder remediation session is created.

Secure Coder guides you through the remediation process by using a conversational interface. Depending on the selected remediation action, Secure Coder can analyze repository content, generate remediation plans, recommend dependency updates, validate proposed changes, and create pull requests for review.

Important:
  • A new remediation session is started each time you access Secure Coder in the browser.
  • Secure Coder in the browser currently supports remediation of package dependency vulnerabilities only.