Addressing the challenge of automating remediation of security misconfigurations in container orchestration systems (e.g., Kubernetes), this paper proposes the first collaborative repair framework integrating Static Analysis Tools (SATs) with Large Language Models (LLMs). The framework introduces a Retrieval-Augmented Generation (RAG)-enhanced, security-context-aware prompting mechanism, coupled with Kubernetes configuration semantic parsing and structured prompt engineering, to precisely identify and rectify misconfigurations while preserving application functionality. Evaluated on 1,000 real-world production-grade Kubernetes configurations, the framework achieves a 94% remediation success rate and introduces new misconfigurations in fewer than 3% of cases—substantially reducing manual intervention overhead. This work establishes a scalable, high-fidelity automation paradigm for cloud-native configuration security governance.

Security misconfigurations in Container Orchestrators (COs) can pose serious threats to software systems. While Static Analysis Tools (SATs) can effectively detect these security vulnerabilities, the industry currently lacks automated solutions capable of fixing these misconfigurations. The emergence of Large Language Models (LLMs), with their proven capabilities in code understanding and generation, presents an opportunity to address this limitation. This study introduces LLMSecConfig, an innovative framework that bridges this gap by combining SATs with LLMs. Our approach leverages advanced prompting techniques and Retrieval-Augmented Generation (RAG) to automatically repair security misconfigurations while preserving operational functionality. Evaluation of 1,000 real-world Kubernetes configurations achieved a 94% success rate while maintaining a low rate of introducing new misconfigurations. Our work makes a promising step towards automated container security management, reducing the manual effort required for configuration maintenance.