GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Code scanning autofix is available in a public beta to GitHub Advanced Security customers.
Launched March 20, code scanning autofix makes vulnerability fixes available right away as a developer is coding, GitHub said. GitHub Copilot AI is used to provide a code suggestion and explanation directly in the pull request. Code scanning autofix covers more than 90% of alert types in JavaScript, TypeScript, Java, and Python, and remediates more than two-thirds of found vulnerabilities with little or no editing, according to the company.
Code scanning autofix leverages the CodeQL engine and a combination of heuristics and GitHub Copilot APIs to generate code suggestions. The feature builds on the November 2023 unveiling of GitHub Application Security, which provides additional security features including code scanning, secrets scanning, auto-triage rules for security alerts, and dependency reviews. These features require a GitHub Advanced Security license to run on repositories apart from public repositories on GitHub.