knackforge knackforge
AI Cost Guide

Agentic AI – Empowering Autonomous Solutions for Common Vulnerabilities and Exposures (CVE)

stephy

September 5, 2025

    Make it quicker and easier to fix security issues for containerized and serverless workloads.

    Security patching often feels like whack‑a‑mole: scan an image, find a CVE, fix it, rebuild and hope nothing breaks. Our customer ran hundreds of container images in AWS, and the native tools focused on EC2, not ECR or serverless. Engineers spent hours manually updating Dockerfiles and dependency files, triggering builds and tests by hand. There was no automated path from vulnerability discovery to fix, which meant slow remediation and plenty of human toil.


    Challenges

    • Manual, error‑prone remediation: Engineers had to read Inspector and ECR reports, identify the root cause, update code or base images, then rebuild and test—over and over again.
    • Limited coverage: Existing AWS workflows targeted EC2 only, leaving ECR images and Lambda functions exposed.
    • No GitOps flow: There was no automated pipeline connecting a scan report to a code fix, rebuild, CI validation and deployment

    The Solution

    Knackforge designed a multi‑agent, AWS‑native solution that automates the entire CVE lifecycle.

    • Agents & roles (LangGraph): Orchestrator (task flow), Inspection (parse Amazon Inspector/ECR findings), Code Analysis (locate vulnerable packages in Dockerfiles/dependency files), Remediation (update base images/dependencies), Testing (trigger CI), Merge Request (open GitLab MR with full context).
    • Change control: Agents commit to branches and raise MRs for human review—no direct pushes—providing a safe, auditable GitOps path.
    • Architecture: Amazon Bedrock (Claude) for reasoning; AWS Lambda for agent execution; Amazon EventBridge for coordination; Amazon DynamoDB for state; GitLab CI/CD for build/test.
    • End-to-end flow: Scan → analyze → remediate → test → MR—automated, repeatable, and explainable from finding to approved fix.

    The Impact

    • >60 % faster remediation: Automating detection, fix, test and PR creation dramatically reduces the time it takes to close vulnerabilities compared with manual workflows.
    • End‑to‑end coverage: The solution provides container‑ and serverless‑native CVE mitigation, filling the gaps in AWS’s default tooling.
    • Auditability and trust: Pull requests and test results provide a clear GitOps trail, giving security teams and developers confidence to adopt the approach and scale it across production workloads.

    Technologies Used:

    • LangGraph (agent framework)
    • Amazon Bedrock (Claude LLM)
    • AWS Inspector
    • Amazon ECR
    • AWS Lambda
    • EventBridge
    • DynamoDB
    • GitLab CI/CD

    View Similar Client Stories

    Revolutionizing Enterprise DB Migration to AWS with Peak Performance and Elite Managed Services

    knackforge

    April 3, 2025

    Effortless Cloud Operations: Reliable BAU Support, Maximum Uptime, and Simplified AWS Management ...

    Keeping Data Safe with Automated Disaster Recovery

    knackforge

    March 20, 2025

    Minimizing Downtime and Protecting Data with AWS CloudFormation When critical applications go off...

    Ready to get started?

    We'd love to talk about how we can work together

    AWS CLOUDCOST

    Take control of your AWS cloud costs that enables you to grow!