Application Security

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta

GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities.

Published

GitHub security

GitHub on Wednesday announced the public beta availability of code scanning autofix, a new feature meant to help developers address code vulnerabilities faster.

Initially announced in November 2023, code scanning autofix relies on GitHub’s AI-powered code completion tool Copilot and semantic code analysis engine CodeQL to identify vulnerabilities in JavaScript, Typescript, Java, and Python repositories, and provide fix suggestions for them.

According to the Microsoft-owned code hosting platform, the feature can suggest remediation for more than two-thirds of the identified flaws.

“Our vision for application security is an environment where found means fixed. By prioritizing the developer experience in GitHub Advanced Security, we already help teams remediate 7x faster than traditional security tools,” GitHub says.

With code scanning autofix, the platform aims to significantly reduce the time developers spend on addressing bugs and help enterprises slow the growth of unaddressed vulnerabilities in production repositories.

“Security teams will also benefit from a reduced volume of everyday vulnerabilities, so they can focus on strategies to protect the business while keeping up with an accelerated pace of development,” GitHub notes.

Fix suggestions for bugs identified in the supported programming languages include natural language explanations and previews of the code suggestions that developers can accept, edit, or dismiss.

The code suggestions include changes to the current file and may include changes to multiple files and dependencies that should be added to the project, GitHub says.

Advertisement. Scroll to continue reading.

Next, the code hosting platform will add support for C# and Go, followed by other programming languages.

GitHub has made available resources and documentation about the system and encourages developers to join the autofix feedback and resources discussion.

Code scanning autofix is now available in beta for all GitHub Advanced Security customers.

Related: GitHub Enhances Security Capabilities With AI

Related: GitHub Enterprise Server Gets New Security Capabilities

Related: GitHub Announces New Security Improvements

In this article:

Related Content

Malware & Threats

Threat Actors Manipulate GitHub Search to Deliver Malware

Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.

April 12, 2024

Vulnerabilities

GitHub Rotates Credentials in Response to Vulnerability

GitHub rotates credentials and releases patches after being alerted of a vulnerability affecting GitHub.com and GitHub Enterprise Server.

January 17, 2024

Application Security

Stolen GitHub Credentials Used to Push Fake Dependabot Commits

Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions.

September 27, 2023

Artificial Intelligence

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

September 18, 2023

Vulnerabilities

Thousands of Code Packages Vulnerable to Repojacking Attacks

Despite GitHub’s efforts to prevent repository hijacking, cybersecurity researchers continue finding new attack methods, and thousands of code packages and millions of users could...

September 12, 2023

Application Security

GitHub Enterprise Server Gets New Security Capabilities

GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules.

August 30, 2023

Application Security

GitHub Announces New Security Improvements

GitHub this week introduced NPM package provenance and deployment protection rules and announced general availability of private vulnerability reporting.

April 21, 2023

Security Infrastructure

GitHub Rotates Publicly Exposed RSA SSH Private Key

GitHub replaced the RSA SSH private key used to secure Git operations for GitHub.com after it was exposed in a public GitHub repository.

March 27, 2023

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version