Introducing Bulk Remediation for Software Composition Analysis (SCA)

user profile
Director of Engineering

Bulk Remediation

Cycode Software Composition Analysis (SCA) now includes bulk remediation. This new feature allows users to efficiently address multiple vulnerabilities across different repositories and code projects with a single action. With bulk remediation, users can select vulnerabilities across multiple repositories, and the system automatically creates pull requests to update the associated dependencies. Designed to address common scenarios, such as resolving all vulnerabilities within a single repository or mitigate the same CVE across all of your organization’s repositories, this feature streamlines security processes and enhances your vulnerability management experience.

Why You Need Bulk Remediation

In the world of security vulnerabilities with third-party dependencies, mitigating the vulnerability includes updating the vulnerable dependency to a new version. When a high severity vulnerability comes along, quickly updating it across all of your organization’s repositories is key to a swift remediation. 

In addition, during ongoing vulnerabilities clean-up, you might want to address multiple vulnerabilities within the same repository or code project at once. Tackling these requirements manually can sometimes feel like a Herculean task. Cycode can now help you solve them with a click of a button.

Cycode SCA detects vulnerable third-party dependencies in your repositories by scanning your manifest files and checking for known vulnerabilities. After filtering the vulnerabilities based on repository, code project, CVE identifier, or any other property that fits your need, you can simply select all vulnerabilities you would like to resolve.

How to Use Bulk Remediation

Bulk remediation takes just three short steps:

  1. Understand which vulnerabilities can be patched and which cannot.
    In certain cases, a vulnerability can’t be patched. For example, vulnerabilities in packages where a fix version isn’t yet available cannot be updated.

When deciding whether to remediate, you can also select whether to include updates in major versions.

As a rule of thumb, Cycode SCA chooses the first patched version of the package in the same major version you’re currently using – when it’s available.

However, in some cases, the package’s maintainer has only released a fixed version in newer major versions. Updating to a major version isn’t trivial. It can lead to breaking changes within your application’s code. 

2. Select the scope in which you want to open pull requests.

You can select a single pull request per repository, which fits repositories where the code owners are responsible for the whole repository, and can audit the change to make sure the version updates passed all tests successfully.

You can also select pull requests per code project (manifest file), which fits “monorepo” scenarios, where there are multiple code owners to different modules within the same repository.

Creating a pull request for each vulnerability within each repository is also possible, for cases in which more fine-grained inspection of each update is required.

Upon completion, pull requests are opened in the chosen repositories, and links are attached to each violation selected.

3. Once the system generates the pull request, you can review and merge it.

After a pull request is merged to the main branch, violations originating from the patched dependency are automatically marked as resolved.

We designed this feature with the aim of streamlining the vulnerability remediation process for our customers, and we’re keen to hear about your experiences to refine and enhance the tool further.


Cycode Application Security Posture Management

Cycode SCA is one use case in Cycode’s application security offering, which is part of our greater Application Security Posture Management platform. 

​​Cycode Application Security Posture Management (ASPM) delivers consolidated application security findings on one platform. Cycode ASPM provides visibility, detection, correlation, prioritization, and remediation of security vulnerabilities and defects across the entire software development lifecycle (SDLC), freeing you from AppSec Chaos. ASPM gives you a comprehensive view of security and risk across your organization while also ​​facilitating the management and remediation of individual findings. By continuously assessing, managing, and enhancing the security of modern applications, Cycode is able to improve your overall risk posture.


Want to learn more about bulk remediation, SCA or Cycode’s complete ASPM platform? Book a demo now to find out how we can help you achieve faster time to value, reduce critical vulnerabilities, and remediate faster.