HOME
NEWS

GitHub rolls out Copilot-powered code scanning autofix


By VARINDIA - 2024-05-09
GitHub rolls out Copilot-powered code scanning autofix

GitHub has announced that code scanning autofix is available in public beta for all GitHub Advanced Security customers. Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and Python, and delivers code suggestions shown to remediate more than two-thirds of found vulnerabilities with little or no editing.

 

Eric Tooley, Senior Product Marketing Manager, GitHub, said, “Our vision for application security is an environment where ‘found means fixed’. By prioritizing the developer experience in GitHub Advanced Security, we are already helping teams remediate 7x faster than traditional security tools. Code scanning autofix is the next leap forward, helping developers dramatically reduce time and effort spent on remediation.

 

“Even though applications remain a leading attack vector, most organizations admit to an ever-growing number of unremediated vulnerabilities that exist in production repositories. Code scanning autofix helps organizations slow the growth of this ‘application security debt’ by making it easier for developers to fix vulnerabilities as they code,” adds Tooley.

 

Just as GitHub Copilot relieves developers of tedious and repetitive tasks, code scanning autofix will help development teams reclaim time formerly spent on remediation. Security teams will also benefit from a reduced volume of everyday vulnerabilities, so they can focus on strategies to protect the business while keeping up with an accelerated pace of development.

 

When a vulnerability is discovered in a supported language, fix suggestions will include a natural language explanation of the suggested fix, together with a preview of the code suggestion that the developer can accept, edit, or dismiss. In addition to changes to the current file, these code suggestions can include changes to multiple files and the dependencies that should be added to the project.Behind the scenes, code scanning autofix leverages the CodeQL engine and a combination of heuristics and GitHub Copilot APIs to generate code suggestions. To learn more about autofix and its data sources, capabilities, and limitations, check out About autofix for CodeQL code scanning.

 

GitHub will continue to add support for more languages, with C# and Go up next. Developers can join the autofix feedback and resources discussion to share their experiences and help guide further improvements to the autofix experience. GitHub is committed to moving application security closer to a place where a vulnerability found means a vulnerability fixed.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA