Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

GitHub Makes Copilot Autofix Generally Available

GitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster.

Code-hosting platform GitHub on Tuesday announced the general availability of Copilot Autofix, the AI-powered vulnerability remediation feature meant to help developers address bugs in their code faster.

Copilot Autofix was initially announced in November 2023 and released in public beta in March, allowing JavaScript, Typescript, Java, and Python developers to quickly identify flaws in their repositories and receive fix suggestions.

Now generally available in GitHub Advanced Security (GHAS), Copilot Autofix analyzes security defects identified in pull requests and provides explanations along with fix suggestions. Developers can dismiss, edit, or commit the suggestions.

The feature offers fix suggestions for a broad range of vulnerability classes, including SQL injections and cross-site scripting (XSS) flaws, helping developers take care of both newly introduced and existing issues.

“During the public beta, we found that developers were fixing code vulnerabilities more than three times faster than those who do so manually, a powerful example of how AI agents can radically simplify and accelerate secure software development,” GitHub says.

According to the Microsoft-owned platform, developers using Copilot Autofix would need an average of 28 minutes to automatically commit a fix after receiving an alert, while those resolving the alert manually would need roughly 1.5 hours, on average.

XSS and SQL injection flaws were addressed even faster, at an average of 22 and 18 minutes, respectively, compared to three and 3.7 hours, respectively.

Developers can enable Copilot Autofix for bugs in existing code by pressing the ‘Generate fix’ button when receiving a GHAS code scanning alert and then pressing the ‘Create PR with fix’ button to create a new pull request that includes the necessary code changes.

Advertisement. Scroll to continue reading.

“Just as GitHub Copilot helps developers code more quickly, Copilot Autofix accelerates the pace of remediation so security teams make real progress with the backlog of existing vulnerabilities, commonly known as security debt,” GitHub says.

Copilot Autofix, the code-hosting platform explains, uses a combination of heuristics and Copilot APIs, the CodeQL semantic code analysis engine, and GPT-4o to provide code suggestions.

Starting September, Copilot Autofix will be available for free to all open source projects, GitHub announced.

Related: GitHub Paid Out Over $4 Million via Bug Bounty Program

Related: ‘Phantom’ Source Code Secrets Haunt Major Organizations

Related: Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying

Related: FEMA Urges Patching of Emergency Alert Systems, But Some Flaws Remain Unfixed

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights