prpl
Sign in
← All documentation
Review and respond

Generate and review patches with Defend

Cover acknowledgement-triggered and bundled patch generation, eligibility, progress, generated patches, and revalidation.

userorg admin capture: defend-findings

Outcome

You have launched Defend patch generation for one or more defend-ready findings — individually or as a bundle — and you can locate the generated patch, its evaluation, and the per-finding coverage.

Who can do it

  • Requires the patch.generate capability on the repository — held by customers on their own repositories, by organization members with an owner's grant (directly or via the Repo owner role), and by site admins.
  • Members with only the Findings reviewer role can review decisions but cannot launch patch generation.

Before you begin

  • Most patch runs start automatically: clicking Acknowledge true positive & generate patch during finding review launches Defend for that finding. Use this page when you held a patch back, want to relaunch, or want one patch covering several findings.
  • Each finding you select must be defend ready — acknowledged or confirmed, not rejected, and not already in a patch run.
  • A bundle must target a single environment and a single commit; the selection is refused otherwise.
  • Patch generation is a cost-incurring agent run.

Steps

  1. Open Attack Surface (/byos), select the repository, and click the defend ready filter chip on the Findings tab.
  2. One finding: click Defend on its row.
  3. Several findings, one patch: tick the checkbox at the start of each row (Include in defend bundle) or click Select all defend-ready in the Defend bundle bar. The bar counts your selection (e.g. 3 selected); Clear resets it.
  4. Click Launch defend for selected — or Defend all ready (N) to skip selection and patch every defend-ready finding at once.
  5. The Defend bundle bar above the findings table with two rows selected; call out the Launch defend for selected button.
  6. The page reloads with the banner "Defend bundle launched." and the run id as a link. The selected rows flip to defend running.
  7. Follow the run from that link (or via Monitor environments and scan jobs). One patch agent works across all bundled findings and produces a single diff.
  8. When it completes, the rows show defended and gain a defend ✓ link. Open it to read the defend result page: the patch evaluation with a pass / partial / fail verdict, the source.diff artifact, and — for bundles — a per-finding coverage table with a rationale for each finding.
  9. A completed defend result page; call out the patch evaluation verdict badge above the per-finding coverage table.

Verify

  • The finding rows show defended and link to the defend result via defend ✓.
  • The defend result page shows an evaluation verdict and lists source.diff under the run's artifacts.
  • For a bundle, every selected finding appears in the coverage table with a verdict and rationale.

Troubleshooting

  • "One or more selected findings are pending review or already defending." — deselect rows that are not defend ready; decide pending rows first via finding review.
  • "Bundle selection must target a single env." / "Bundle selection must target a single commit/ref." — your selection spans environments or commits; filter the page to one environment and reselect.
  • "No defend-ready findings to bundle." — nothing is currently eligible; acknowledge findings first.
  • "Select at least one finding before launching a bundle." — the selected-rows launch needs at least one checkbox ticked.
  • Defend button disabled on a scan run page with "another defend is in flight for this run" — wait for the running patch job to finish.
  • Patch verdict is fail or partial — read the coverage rationale; relaunch Defend after a new scan, or capture the constraint as repository knowledge so future runs account for it.

Next steps

Ship the patch: Review and approve a Defend pull request. For where patching sits in the pipeline, see the Scan and finding lifecycle.

Last verified against commit c0bf54d on 2026-07-10 · capture scenario: defend-findings