Introducing Auto Remediation for Github Actions

With this integration, teams were alerted with any security and compliance violations at run-time but DevOps engineers still had to invest time and resources to fix the issues. From investigating the issue, figuring out the root cause, to applying the fixes - all of which is time-consuming.

Here is where auto-remediation for GitHub Actions comes in. Auto-remediation streamlines the SDLC process even further by creating a remediation Pull Request (PR) with the suggested fixes for the reported violations. The operators can then review the fixes and merge that PR to their repo.

The auto remediation feature is a great addition to software teams to help them focus their efforts on innovation and accelerate their SDLC while maintaining a secure and compliant cloud-native infrastructure.

“Infrastructure operators and developers already have a lot on their plate. The cloud-native stack is evolving very quickly. We wanted to save our customers time resolving violations with embedded best practices. We are taking this experience and knowledge one step further with the auto-remediation feature” 

Mohamed Ahmed, Magalix founder and CEO.

Auto-Remediation - GitHub Actions

For the teams that are using Magalix GitHub Actions to enforce security and compliance policies at commit time, now they can take advantage of the auto-remediation feature that’s embedded in Magalix GitHub Actions, to streamline their security even further.

Magalix GitHub Action will identify the security violations and highlight which entities are violating which security policies, while the auto-remediation feature will create a PR that has all the suggested fixes for the violating files and entities in the repository.

With auto-remediation software developers and operators can remediate hundreds of security and compliance violations in a matter of minutes without spending hours and days fixing these violations one by one and figuring out how to apply them.

“Our goal here at Magalix is to help software teams focus their time and effort on innovation, instead of getting sidetracked in securing their infrastructure and remaining compliant. With the Auto-remediation feature, we aim to save software practitioners time to discover and fix security violations, in order to concentrate on what they do best, which is continuously innovating and delivering products faster,”
Mostafa Megahid, Technical Product Manager at Magalix.

How to Use Auto-Remediation

To get started with auto-remediation, you need to have Github Actions set up by doing the following steps:

1. Once you login to Magalix Console, Navigate to KubeGuard.

2. If you don’t already have a guard that’s set up, go to KubeGuard and set up a new guard, and add the policies you need to enforce at commit time.

3. Once it’s set up you can copy the guard URL.
   

4. In Github, add the guard URL to your secrets.

5. Add the following action YAML to the repo you want to enforce the guard policies on.

 
name: Magalix

on:
 push:
   branches: [ master ]
 pull_request:
   branches: [ master ]

jobs:
 magalix:
   runs-on: ubuntu-latest
   steps:
   - uses: actions/checkout@v2
   - name: Magalix
     uses: magalixcorp/magalix-action@main
     with:
       webhook: $
       auto-remediation: true

By default, the auto-remediation feature is enabled in GitHub Action, to disable it just set the auto-remediation key to false.

Once auto-remediation is on, for every PR created in the repo, a new PR will be created by Magalix GitHub Action with all the violation fixes suggestions.

Get Started with Magalix GitHub Actions

To get a feel of how GitHub Actions and Auto-Remediation works with Magalix Platform, Check Magalix Documentation and learn what Magalix is, how to get started using it, and reference materials for its features and supported cloud providers.