GitHub Launches AI Code Scanning Autofix to Automatically Suggest Fixes for App Vulnerabilities
-
GitHub launched an AI-powered Code Scanning Autofix feature in public beta to automatically suggest fixes for vulnerabilities in JavaScript, Typescript, Java, and Python code.
-
The tool is powered by GitHub Copilot and CodeQL and can address over 90% of alert types, fixing about two-thirds of found vulnerabilities with little or no editing.
-
It provides natural language explanations of suggested fixes that can involve changes to current files, multiple files, or dependencies.
-
The feature aims to reduce time developers spend on remediation so they can focus more on ensuring application security.
-
GitHub plans to add C# and Go language support next before expanding to more languages in coming months.