Techniques for performing auto-remediation on computer system vulnerabilities in source code are disclosed herein. An application source code representation is scanned to determine any security vulnerabilities and from those vulnerabilities, a set of security patch rules are generated that may be used to automatically remediate the vulnerabilities. One or more of the security patch rules is selected for verification and, once verified may be used to generate a security patch. The security patch may then be automatically applied to the source code representation to produce a patched representation of the application source code with the vulnerability at least partly remediated.