Autonomous Patch Generation for Vulnerabilities Detected by Static Application Security Testing using LLMs

Authors

  • Dr. T. Veeranna Author
  • Ch. Varshini Author
  • G. Siri Bhargavi Author
  • B. Bhavya Sri Author
  • K. Akhil Kumar Author

DOI:

https://doi.org/10.64751/ijdim.2026.v5.n2.pp68-81

Keywords:

CI/CD Pipeline, DevSecOps, Static Application Security Testing (SAST), Agentic AI, Vulnerability Patching, Automated Security, Machine Learning, Program Repair, Python Flask, Secure Software Development, Continuous Integration, Continuous Deployment, Security Automation, Vulnerability Detection, Patch Generation

Abstract

The increasing complexity of software supply chains and the rising frequency of security breaches necessitate robust security integration in CI/CD pipelines. This paper presents an intelligent CI/CD pipeline that integrates Static Application Security Testing (SAST) tools with agentic AI for automated vulnerability patching. Our framework automatically detects code-level security issues upon code push, generates comprehensive security reports, employs AI agents to generate and apply patches, performs regression security testing, and automates deployment upon vulnerability resolution. The system employs an ensemble of four SAST tools (Bandit, Pyre, Pylint, Semgrep) with weighted aggregation to achieve 94.7% vulnerability detection rate across 1,247 real-world vulnerabilities from 15 open-source Python Flask applications. The agentic AI framework, comprising three specialized agents (Code Understanding, Security Knowledge, and Patch Synthesis), achieves 87.3% successful automated patching rate while maintaining code functionality. The proposed system reduces meantime-to-remediation (MTTR) from 3.7 days to 4.2 hours (95.3% reduction) with a false positive rate of only 8.7%. We demonstrate statistical significance (p < 0.001) across all performance metrics through rigorous evaluation. The system's integration with existing CI/CD workflows (Jenkins, GitLab CI, GitHub Actions) enables seamless adoption in enterprise environments. Our work represents a significant advancement toward fully autonomous DevSecOps pipelines, addressing critical gaps in current security automation approaches. 

Downloads

Published

2026-04-02

Issue

Vol. 5 No. 2 (2026): Volume 5, Issue 2, 2026

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

How to Cite

Dr. T. Veeranna, Ch. Varshini, G. Siri Bhargavi, B. Bhavya Sri, & K. Akhil Kumar. (2026). Autonomous Patch Generation for Vulnerabilities Detected by Static Application Security Testing using LLMs. International Journal of Data Science and IoT Management System, 5(2), 68-81. https://doi.org/10.64751/ijdim.2026.v5.n2.pp68-81

Similar Articles

1-10 of 620

You may also start an advanced similarity search for this article.