AWS Security ChangesHomeSearch

AWS securityagent documentation change

Service: securityagent · 2026-03-31 · Documentation low

File: securityagent/latest/userguide/remediate-finding.md

Summary

Updated documentation for AWS Security Agent code remediation feature, clarifying that public repositories receive downloadable diff files instead of pull requests, adding regional availability note (us-east-1 only), and restructuring content.

Security assessment

This change documents security remediation capabilities but does not address a specific security vulnerability. It clarifies operational details about how code remediation works for different repository types (public vs private) and adds regional availability information. No evidence of security incident or vulnerability being fixed.

Diff

diff --git a/securityagent/latest/userguide/remediate-finding.md b/securityagent/latest/userguide/remediate-finding.md
index c56ba6d9f..7b9e51491 100644
--- a//securityagent/latest/userguide/remediate-finding.md
+++ b//securityagent/latest/userguide/remediate-finding.md
@@ -5 +5 @@
-ProcedurePrerequisitesConfigure code remediationStep 1: Enable or disable automatic remediationStep 2: Select repositories for code remediationStep 3: Start a penetration test and view findingsStep 4: Start and view code remediation
+PrerequisitesStep 1: Enable or disable automatic remediationStep 2: Select repositories for code remediationStep 3: Start a penetration test and view findingsStep 4: Start and view code remediation
@@ -9 +9 @@ ProcedurePrerequisitesConfigure code remediationStep 1: Enable or disable automa
-When viewing the findings for a penetration test, you can request AWS Security Agent attempt to remediate a finding. AWS Security Agent will open a GitHub pull request for a finding.
+When viewing the findings for a penetration test, you can request AWS Security Agent attempt to remediate a finding. For private GitHub repositories, AWS Security Agent opens a pull request with the proposed fix. For public repositories, the remediation is available as a downloadable diff file that you can apply locally.
@@ -13 +13,3 @@ You must enable finding remediation in the AWS Management Console. (See [Enable
-## Procedure
+###### Note
+
+Code remediation is currently available in only us-east-1.
@@ -28,4 +29,0 @@ Before you begin, ensure you have:
-## Configure code remediation
-
-You can configure code remediation options when you create or modify a penetration test.
-
@@ -34 +32 @@ You can configure code remediation options when you create or modify a penetrati
-If you enable automatic remediation, AWS Security Agent will automatically attempt to remediate the associated GitHub repositories if the Agent confirms a finding during the pentest. You can also manually start code remediation. . In the view to edit **Penetration test details** , in the **Automatic code remediation** section, enable or disable code remediation.
+You can configure code remediation options when you create or modify a penetration test. If you enable automatic remediation, AWS Security Agent will automatically attempt to remediate the associated GitHub repositories if the Agent confirms a finding during the pentest. You can also manually start code remediation. . In the view to edit **Penetration test details** , in the **Automatic code remediation** section, enable or disable code remediation.
@@ -65 +63 @@ Run the penetration test to detect findings. For more information, see [Review f
-  4. In the **Code Remediation** section of the finding, you can view the code remediation status and links to the pull requests.
+  4. In the **Code Remediation** section of the finding, you can view the code remediation status and links to the pull requests. If the GitHub repository is public, the code remediation is available as a downloadable file instead of a pull request. You can run `git apply /path/to/code_remediation_changes.diff` to apply the change to your repository locally.