FAQs
What are Pixee's AI features?​
We utilize Large Language Models (LLMs) in some context-aware code fixes and to add code-specific comments, helping developers understand why a change is being recommended. Our triage features use LLMs to gather facts about the vulnerable code flow, wider technical context, in combination with deterministic analysis, to feed an expert recommendation system that produces our results.
What is Pixee's AI policy?​
At Pixee, we take your data privacy and security seriously. We want you to have peace of mind, knowing that your data will never be used to train AI models.
By default, we enable the use of Large Language Models (LLMs) for an enhanced user experience. However, if you prefer not to use them, you can easily disable this feature at your convenience. We believe in providing you with the flexibility to tailor your experience according to your preferences and needs.
How does Pixee handle my data?​
Pixee is a platform focused on helping developers deliver higher quality code and places the utmost importance on our own security, including secure software development practices, IT practices, corporate controls and partner assessments. In case anyone asks, yes -- all data is encrypted in transit and at rest, and guaranteed to be destroyed.
As an aside, many of us have been in security our whole careers, and we're quite passionate about it! We document all of this and more in our Security and Trust Center.
How will my information (i.e. code, projects, etc.) be used?​
Each party agrees to hold data and confidential information of the other party in confidence and not to disclose, retain, or distribute such information to third parties or to use such information for any purpose whatsoever. Please take a look at our full Privacy Policy for more detail.
How do I know Pixee made changes?​
Pixee works directly with your repositories through pull/merge requests, so you decide when and if you want to accept changes suggested by Pixee. You can find suggestions made by Pixee in the Pixee Dashboard as well as your repository's GitHub.com pull requests page. Also, Pixee cryptographically signs every commit, which means changes suggested by Pixee are guaranteed to have come from Pixee, were not modified after the fact and are verified by GitHub.
You said Pixee supports rule X for language Y, but I don't see a fix available. What gives?​
Some "shapes" of vulnerable code may not be fixable in a safe way, or recognized by our remediation logic. Please file a ticket if this happens and you think we should fix it! Providing an anonymized code sample and security finding will help us a lot.
How can I apply automatic formatting to PRs generated by Pixee?​
See our Preferences page for more information on how to enable automatic formatting of PRs generated by Pixee.
Where can I learn more and discuss Pixee?​
Users can join the Pixee community on Slack. This channel can be used to engage with peers who are also interested in Pixee. Feel free to email us at help@pixee.ai with any questions or comments.
Why does pixee sometimes add new dependencies to my project?​
We always prefer to use existing controls built into a language, or a control from a well-known and trusted community dependency. When this is not an option, we add our own open source dependency to the project to ensure maximum readability and maintainability. All dependencies utilize permissive open-source licenses.
Learn more about the Java Security Toolkit (io.github.pixee.java-security-toolkit) on Maven Central.
Learn more about the Python security package on PyPI.