GitHub releases AI-based tool to automatically patch vulnerabilities in code
GitHub
The GitHub platform has introduced a new artificial intelligence-based feature called Code Scanning Autofix. It automatically fixes security vulnerabilities in code while it is being written. The feature is powered by GitHub Copilot and CodeQL.
Here's What We Know
In public beta, Code Scanning Autofix is automatically enabled in all private repositories of GitHub Advanced Security (GHAS) users. It is capable of handling more than 90% of vulnerability alert types in JavaScript, TypeScript, Java, and Python.
Once enabled, the feature offers potential fixes that GitHub claims can address more than two-thirds of detected vulnerabilities with virtually no code editing by the developer. The suggestions are accompanied by a natural language explanation and a preview of the changes.
Adopting this approach can significantly reduce the number of vulnerabilities that require manual handling by security teams. This will allow the focus to be on the overall cybersecurity of the organisation, rather than wasting resources on fixing new flaws during development.
That said, developers are advised to always verify that issues are fully fixed and code functionality is preserved, as AI patches can be incomplete.
GitHub plans to add support for additional programming languages, including C# and Go, to Code Scanning Autofix in the coming months.
Earlier in April, the company enabled accidental secret disclosure protection by default for all public repositories to prevent sensitive data from being leaked when new code is published.
Source: BleepingComputer