**NOTE**: Read the [**Auto Remediation** vision epic](https://gitlab.com/groups/gitlab-org/-/epics/759) for an high-level view of this feature. ### Description The scope of this MVC is to automate the creation of a code change to fix security vulnerabilities. Once a vulnerability has been discovered in new code, users can see it in the merge request security report. If a solution is available, a patch file is automatically generated by GitLab and attached to the vulnerability information. From the vulnerability details window, users can see that the solution is available and choose between two actions: 1. automatically create a merge request to merge the patch into the current branch 1. download the patch and apply it manually to the codebase In the former case, GitLab will create a new branch, and will commit the patch automatically. Then it will create a new merge request to merge this new branch into the original branch where the vulnerability was spotted. The commit will trigger a pipeline that will test the new code with any existing test (unit tests, integration tests, etc) that is present in the configuration. It will also show if the vulnerability has been fixed. Users can then manually merge the changes, or further improve them. In the latter case, users can download and manually analyze the suggested patch. They can then apply it locally to their repo, or modify it as they wish. This epic will support Dependency Scanning for Yarn based projects, and further support could be added in the future. ### Screenshots Vulnerability details window showing patch available to download (%11.7)