This new GitHub tool automatically fixes security flaws in your code
GitHub has introduced a new AI-powered autofix code scanning feature, a handy tool designed to automatically correct errors in your code.
The new feature – a mix of CodeQL and GitHub Copilot, the company’s generative AI tool for writing and modifying code – is designed to address the process of remediating vulnerabilities during the coding phase, in the hope of increasing the trust of developers in their codebase.
Currently available in public beta, code scanning autofix is automatically enabled for all private repositories among GitHub Advanced Security (GHAS) customers.
Autofix for GitHub code scanning launches in beta
GitHub’s Pierre Tempel and Eric Tooley, authors of the new announcementsaid the feature is designed to address more than 90% of alert types in popular programming languages such as JavaScript, Typescript, Java and Python, and promises to speed up the remediation process with minimal developer intervention.
Tempel and Tooley explained: “When a vulnerability is discovered in a supported language, the solution suggestions include a natural language explanation of the proposed solution, along with an example of the code suggestion that the developer can accept, edit, or reject.”
Additionally, Code Scanning Autofix extends its reach by including changes across multiple files and project dependencies, hopefully allowing organizations to reduce the burden on security teams, allowing them to focus on more proactive work rather than constantly fighting vulnerabilities.
The platform has already expressed its commitment to making this an even more valuable tool by promising future support for more languages, including C# and Go.
And of course, because this tool is in beta, the company also wants to emphasize that developer feedback is essential in shaping the product, and encourages customers to share their findings.