Pixee is your automated product security engineer that fixes vulnerabilities, automatically triages scanner findings, hardens code, squashes bugs, and frees engineers to concentrate on high-value, strategic work.
πToday is the big day for us at Pixee! After over a year building and hundreds of interviews with developers about their most frustrating topic β security β we are ready to launch Pixeebot.
@nahsra and I embarked on this journey after being frustrated with the ever-increasing responsibilities faced by software developers today. Not only are they asked to build innovative features faster, they are expected to ensure itβs performant, usable and most critically, secure.
Pixeebot was built to actually DO the work of security for developers. No more JIRA tickets, findings from scanners, or debating with security teams, just re-written code provided back, ready for a developer to review. What you can expect from us:
- β Merge-Ready Pull Requests. We arenβt giving you more work, weβre doing it for you. Just review + merge, done.
- πͺ Auto-remediation from 3rd party scanners. Are you using another code scanner like Sonar, Semgrep, GitHub CodeQL? Weβll fix those findings too.
- π§ AI used thoughtfully, not just as a blunt instrument. We leverage AI only where it adds value. If youβre not ready for it, you can disable it.
- π Ears. We love feedback. The good, bad and ugly.
During our private early access we've already got over 2,500 repositories using Pixeebot on GitHub. Our team continues to burn the midnight oil and we ship new features daily. We will extend our support to Gitlab and other languages (e.g. Javascript, Node, Go, etc.) in the future.
Thank you so much! We look forward to your feedback and hope youβll give Pixeebot a try. It feels amazing to take this first step in our journey and bring it to this community. πͺ
Also a huge shout out to @chrismessina for hunting us! π
Report
@sipat Hi, we create Web Operating System with own app store, where users get software from. Your app is amazing and we want to enable you to share it to our users π Can we talk?
Congrats, as a developer, this is exactly the feature I've been wanting since AI came around, but a key question is whether it can be reliable enough to catch at least 95% of the issues?
@rick_fan - you're asking the exact right question. Before we even started building the product the first thing @nahsra and I researched is your question. We only wanted to build a product that we were confident could accurately and broadly fix the most critical and important vulnerabilities developers have been focused on the past decade. Given our prior experience building the most accurate security scanning tool in the market, we are also confident (and validated with our research) that we indeed fix the same. We're just getting started, but we already cover the bulk of the most critical and high vulnerabilities with many more coming. You can see all of it at our docs: https://docs.pixee.ai/codemods/o...
Love the value prop here β not only does Pixeebot catch bugs when you submit PRs, but it also proposes changes to fix them! It's like having another code reviewer on your team.
It can also look backwards across your codebase to find and propose fixes to bugs in your codebase.
And it's better than just an LLM making up fixes; the team has its own proprietary system for finding and composing vetted solutions.
You want Pixeebot watching your repo.
Security has always yelled about things -- I should know, I spent my career doing the same -- but never fixed anything.
I am so happy to show the world pixeebot! We help developers think less about security by issuing them PRs to fix the issues in their code. If you want better code and you never want to leave GitHub, this is your tool!
Eager for your feedback!
@gilday In short, we use AI selectively & with purpose where it is truly additive to the user value, not as a blunt instrument. We aren't using AI for sake of saying it's AI, but there are many ways in which AI is uniquely helpful for this use case when used purposefully. Some of our "Pro" codemods leverage AI to add context to only make changes that appropriate for that precise code base/repo. Sometimes we use it to add commentary that explains why we made a change and provide additional context specific to your code. Many more features are on the way too...
Report
This looks great! One question, is there any way to use this outside of GitHub?
Thanks @shelley_dill! π
Pixeebot can only be used through GitHub (free to install through the GitHub marketplace!) That said, we're actively rolling out new ways for developers to try out Pixee's automated code hardening.
Currently, there is a CLI available that you can use to see the types of changes Pixeebot would recommend locally before you install the GitHub app.
We're also working on making Pixee available to GitLab users, so make sure to keep an eye out for more updates!
Love the value prop here β not only does Pixeebot catch bugs when you submit PRs, but it also proposes changes to fix them! It's like having another code reviewer on your team.
It can also look backwards across your codebase to find and propose fixes to bugs in your codebase.
And it's better than just an LLM making up fixes; the team has its own proprietary system for finding and composing vetted solutions.
You want Pixeebot watching your repo.
1 fix is better than 100 findings.
Great job on this super-easy super-helpful GitHub app, @Pixeebot
Your blend of opensource-core boosted by AI makes this even more impressive.
Pixee
Pixee
Sider: AI Research Agent & Extension
Pixee
Sider: AI Research Agent & Extension
Pixee
Emma: AI Food Scanner
Pixee
Raycast
Pixee
Pixee
Pixee
Pixee