GitHub, the Microsoft-owned code hosting platform, announced on Wednesday that its code scanning autofix is now available in public beta for all GitHub Advanced Security (GHAS) customers.
GitHub Launches AI-Powered Code Scanning Autofix
This AI-powered debugging tool is powered by GitHub Copilot and CodeQL and covers more than 90% of alert types in JavaScript, Typescript, Java, and Python.
It also conveys code suggestions to remediate more than two-thirds of found vulnerabilities with little or no editing, which will help developers dramatically reduce the time and effort spent on remediation.
“Our vision for application security is an environment where found means fixed. By prioritizing the developer experience in GitHub Advanced Security, we already help teams remediate 7x faster than traditional security tools,” GitHub’s Pierre Tempel and Eric Tooley wrote in Wednesday’s announcement.
“Even though applications remain a leading attack vector, most organizations admit to an ever-growing number of unremediated vulnerabilities that exist in production repositories.”
According to the company, code scanning autofix helps organizations slacken the growth of this “application security debt” by making it easier for developers to fix vulnerabilities as they code.
“Just as GitHub Copilot relieves developers of tedious and repetitive tasks, code scanning autofix will help development teams reclaim time formerly spent on remediation,” the announcement added.
“Security teams will also benefit from a reduced volume of everyday vulnerabilities, so they can focus on strategies to protect the business while keeping up with an accelerated pace of development.”
How It Works
When a vulnerability is identified in a supported language, fix suggestions will include a natural language explanation of the suggested fix as well as previews of the code suggestions that the developers can accept, edit, or dismiss.
The code suggestions can also include changes to the current file, changes to multiple files, and the dependencies that should be added to the project. Additionally, the code scanning autofix leverages the CodeQL engine and a combination of heuristics and GitHub Copilot APIs to generate code suggestions.
GitHub plans to add support for additional programming languages, including C# and Go, to code scanning autofix in the coming months.
For more information on the GitHub Copilot-powered code scanning autofix tool, you can visit GitHub’s documentation website.
