GitHub has launched a beta version of its code-scanning autofix feature, which can identify and rectify security vulnerabilities during the coding process. The tool integrates the real-time capabilities of GitHub’s Copilot with CodeQL, the company’s semantic code analysis engine. It can remediate more than two-thirds of the vulnerabilities it finds, often without developers having to edit any code themselves. The tool covers more than 90% of alert types in JavaScript, Typescript, Java, and Python. It is now available for all GitHub Advanced Security (GHAS) customers. The tool uses CodeQL to find vulnerabilities in code, even before it has been executed. To suggest fixes, it uses a combination of heuristics and Copilot APIs. To explain the fixes, GitHub uses OpenAI’s GPT-4 model.
read more > techcrunch.com