Auto-remediate insecure cloud resources with AI #2722
Conversation
|
This pull request is automatically being deployed by Amplify Hosting (learn more). |
…ort-labs/port-docs into PORT-mcp-to-fix-cloud-insecure
| - You have installed [Port's AWS integration](https://docs.port.io/build-your-software-catalog/sync-data-to-catalog/cloud-providers/aws) (or [GCP](https://docs.port.io/build-your-software-catalog/sync-data-to-catalog/cloud-providers/gcp/)/[Azure](https://docs.port.io/build-your-software-catalog/sync-data-to-catalog/cloud-providers/azure/)) | ||
| - You have completed the setup in the [Trigger Claude Code from Port guide](https://docs.port.io/guides/all/trigger-claude-code-from-port) | ||
|
|
||
| :::tip Multi-cloud support |
There was a problem hiding this comment.
@PeyGis as well as other coding agents, right? I could use Gemini as well
| }, | ||
| "condition": { | ||
| "type": "JQ", | ||
| "expressions": [ |
There was a problem hiding this comment.
@PeyGis the answer might be "NO", but would it make sense to leverage scorecards/AI agent to determine whether the RDS is secured or not?
There was a problem hiding this comment.
It’s possible to use an AI agent to determine whether an RDS is secured or not.
Here’s the workflow I imagine:
- An RDS instance is created.
- We send the full entity properties to an AI agent and instruct it to evaluate the security posture.
- If the instance doesn’t meet standards, the agent can auto-fix it (by opening a PR with the necessary changes).
This has a lot of value, but I also see a potential downside: every single RDS instance would go to the AI agent. For large organizations, that could become overwhelming — both in terms of volume and token usage, which has cost implications.
One way to mitigate this would be to leverage our automation layer as a control mechanism, so the AI agent is only triggered under certain conditions.
That way we get the benefits of AI-driven remediation, without the overhead of sending every single resource through the agent.
I’m happy to align with whichever approach you think fits best.
|
|
||
| # Auto-remediate insecure cloud resources with AI | ||
|
|
||
| Many organizations have strict policies requiring that all cloud resources meet specific security standards: |
There was a problem hiding this comment.
So currently the workflow is:
New RDS created -> Port automation identifies violation -> Claude code triggered -> Developer reviews the PR & Merge -> RDS security remediated?
There was a problem hiding this comment.
@PeyGis discussed - let's add Port AI to trigger Claude Code with the goal of finding the owner of the PR
Description
Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context.
Added docs pages
Please also include the path for the added docs
/)/platform-overview/port-components/blueprint)Updated docs pages
Please also include the path for the updated docs
/)/platform-overview/port-components/blueprint)