GitHub, a leading developer platform, has announced the launch of code scanning autofix in public beta for all GitHub Advanced Security customers. This new feature, powered by GitHub Copoilot and CodeQL, streamlines the process of fixing code vulnerabilities and enhances application security.
Code scanning autofix covers more than 90% of alert types in popular programming languages such as JavaScript, TypeScript, Java, and Python.
It provides code suggestions proven to remediate over two-thirds of discovered vulnerabilities with minimal editing required.
The vision behind this initiative is to create an environment where identifying a vulnerability automatically leads to its resolution. By prioritising the developer experience, GitHub Advances Security has already demonstrated a significant improvement in remediation speed, achieving a rate 7 times faster than traditional security tools.
Code scanning autofix represents the next step forward, empowering developers to reduce the time and effort needed for remediation tasks.
According to the company, despite the increasing threat landscape, where applications remain a primary target for attacks, many organisations struggle with unaddressed vulnerabilities in their production repositories. Code scanning autofix aims to mitigate this challenge by simplifying the process of fixing vulnerabilities during the code phase, thus reducing the accumulation of ‘application security debt.’
Like GitHub Copilot, code scanning autofix streamlines coding tasks. It enables development teams to reclaim valuable time previously spent on manual remediation efforts. This benefits developers and contributes to a decrease in everyday vulnerabilities. It also allows security teams to focus on strategic initiatives to safeguard businesses while keeping pace with rapid development cycles.
The functionality of code scanning autofix is straightforward. When a vulnerability is detected in a supported language, developers receive fix suggestions, including a clear explanation of the proposed solution and a preview of the suggested code changes.
Developers can choose to accept, modify, or dismiss these suggestions. Furthermore, the autofix feature can make changes across multiple files and recommend necessary dependencies for the project.
Behind the scenes, code scanning autofix uses the CodeQL engine and GitHub Copilot APIs to generate actionable code suggestions. GitHub plans to expand support for additional languages, with C# and Go slated for future integration. The company also encourages users to participate in the autofix feedback and resources discussion to share their experiences and contribute to further improvements.
With the introduction of code scanning autofix, GitHub aims to advance application security towards a paradigm where identifying a vulnerability promptly results in its resolution, thereby reinforcing software security.
In the News: Neuralink’s first human subject controls games with brain implant
