1. GitHub launches beta of code-scanning autofix feature for security vulnerabilities
2. GitHub promises to remediate over two-thirds of vulnerabilities without developer intervention
3. Code-scanning autofix feature available for GitHub Advanced Security customers
Sentry and GitHub both announced new features today aimed at improving the debugging and security vulnerability fixing processes for developers. Sentry introduced its AI Autofix feature for debugging production code, while GitHub launched the first beta of its code-scanning autofix feature for finding and fixing security vulnerabilities during the coding process.
GitHub’s new feature combines GitHub Copilot with CodeQL, the company’s semantic code analysis engine, to quickly and automatically remediate more than two-thirds of vulnerabilities it finds without developers having to edit the code themselves. This new tool covers more than 90% of alert types in JavaScript, Typescript, Java, and Python.
The code-scanning autofix feature is now available to all GitHub Advanced Security (GHAS) customers. By utilizing CodeQL and GitHub Copilot APIs, GitHub promises that development teams will save time on remediation tasks, and security teams can focus on protecting the business while keeping up with the fast pace of development.
This new feature uses a combination of heuristics, GitHub Copilot APIs, and OpenAI’s GPT-4 model to suggest fixes for vulnerabilities. While GitHub is confident in the accuracy of the autofix suggestions, it acknowledges that a small percentage of suggested fixes may not fully understand the codebase or vulnerability.
Overall, GitHub’s code-scanning autofix feature promises to streamline the debugging and security vulnerability fixing processes for developers, allowing them to focus on building and maintaining secure code without having to spend excessive time on remediation tasks.