GitHub has introduced a new AI-powered code scanning autofix feature, a convenient tool designed to automatically rectify flaws in your code.
The new feature – a blend of CodeQL and GitHub Copilot, the company’s generative AI tool for writing and tweaking code – is designed to address the process of vulnerability remediation during the coding phase with the hope of inspiring developer confidence in their codebase.
Currently available in public beta, code scanning autofix has been automatically enabled for all private repositories among GitHub Advanced Security (GHAS) customers.
GitHub code scanning autofix launches in beta
GitHub’s Pierre Tempel and Eric Tooley, authors of the new announcement, said that the feature is designed to tackle more than 90% of alert types in popular programming languages such as JavaScript, Typescript, Java, and Python, promising to speed up the fixing process with minimal developer intervention.
Tempel and Tooley explained: “When a vulnerability is discovered in a supported language, fix suggestions will include a natural language explanation of the suggested fix, together with a preview of the code suggestion that the developer can accept, edit, or dismiss.”
Moreover, code scanning autofix extends its reach to include changes across multiple files and project dependencies, which is hoped to allow organizations to reduce the burden on security teams, in turn allowing them to focus on more proactive work instead of constantly fighting vulnerabilities.
The platform has already expressed its commitment to making this an even more valuable tool by promising upcoming support for more languages, including C# and Go.
And of course, because this tool is in beta, the company is also keen to stress that developer feedback is vital to shaping the product, urging customers to share their findings.
+ There are no comments
Add yours