When fixing SAST issues, developers need to know how to apply generic security recommendations to fix issues in their system context. This talk demonstrates how to combine SAST issue fix experience with RAG technology to create an intelligent security advisor that understands your system context. We'll explore building a knowledge base of fix patterns. Through practical examples, we'll show how this system operates in CI pipelines to help teams efficiently resolve SAST findings, and share methods for capturing fix experience to build an intelligent advisor that provides precise, context-aware security recommendations.