GitHub has announced that its code scanning autofix feature, powered by GitHub Copilot and CodeQL, is now available in public beta for all GitHub Advanced Security customers.
The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning with minimal editing required by developers.
“Our vision for application security is an environment where found means fixed,” said GitHub in a blog post. “By prioritising the developer experience in GitHub Advanced Security, we already help teams remediate 7x faster than traditional security tools. Code scanning autofix is the next leap forward, helping developers dramatically reduce time and effort spent on remediation.”
The tool currently supports JavaScript, TypeScript, Java, and Python, covering over 90 percent of alert types in these languages. GitHub plans to add support for C# and Go next.
When a vulnerability is detected, code scanning autofix provides an explanation of the issue and a code suggestion to remediate it. Developers can accept, edit, or dismiss the suggested fix. The AI-powered suggestions can include changes across multiple files and dependencies.
“Even though applications remain a leading attack vector, most organisations admit to an ever-growing number of unremediated vulnerabilities that exist in production repositories,” GitHub said. “Code scanning autofix helps organisations slow the growth of this ‘application security debt’ by making it easier for developers to fix vulnerabilities as they code.”
GitHub believes the tool will benefit development teams by saving time on remediation tasks, allowing them to focus on other priorities. Security teams should also see a reduced volume of more routine vulnerabilities, freeing up resources to concentrate on strategies to protect the business amid an accelerated pace of development.
Behind the scenes, code scanning autofix leverages the CodeQL engine along with heuristics and the GitHub Copilot APIs to generate code suggestions. GitHub has published extensive resources detailing the system architecture, data flow, and AI policies governing the tool.
Organisations new to GitHub or that don’t yet have GitHub Advanced Security can contact the company to request a demo and set up a free trial of code scanning autofix.
(Photo by Eugen Str)
See also: NVIDIA employs GenAI for rapid software vulnerability detection
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.