GitHub's code scan auto-fix feature enters public beta

GitHub's code scan auto-fix feature enters public beta

GitHub announces code scan auto-fix feature powered by GitHub Copilot and CodeQL is now available in public beta for all GitHub Advanced Security customers. announced.

The Autofix tool aims to fix more than two-thirds of the vulnerabilities found during code scanning while minimizing developer editing effort.

"Our vision for application security is an environment where what is found is fixed," his GitHub says in a blog post. “By prioritizing the developer experience with GitHub Advanced Security, we are already helping teams fix bugs 7x faster than traditional security tools. Shooting is the next step, allowing developers to significantly reduce the time and effort required for troubleshooting.''

The tool currently supports JavaScript, TypeScript, Java, and Python. Covers over 90% of alarm types in these languages. GitHub plans to add support for C# and Go next.

When a vulnerability is detected, automatic code scanning remediation describes the problem and recommended code to fix it. Developers can approve, edit, or reject the proposed fixes. AI-powered suggestions can span changes across multiple files and dependencies.

"While applications remain the primary attack vector, most organizations acknowledge that unpatched vulnerabilities in their production repositories continue to grow," GitHub said.

GitHub says this tool can help organizations slow the growth of this 'application security debt' by making it easier for developers to fix coding vulnerabilities." We believe it saves time on tasks and benefits the development team. So that you can focus on other priorities. Security teams also need fewer routine vulnerability discoveries to free up resources to focus on strategies that protect the business in the face of an accelerated pace of development.

Behind the scenes, the code scan auto-fix feature leverages the CodeQL engine and heuristics and the GitHub Copilot API to generate code suggestions. GitHub publishes extensive resources detailing the tool's system architecture, data flows, and AI policies.

Organizations that are new to GitHub or have not yet implemented GitHub Advanced Security can contact the company to request a demo and set up a free trial of Code-Scanning Autofix.