GitHub has introduced the Copilot Autofix feature, leveraging artificial intelligence to scan for code vulnerabilities. Originally named Code scanning autofix, it has been rebranded as Copilot. The Copilot Autofix feature is part of the GitHub Advanced Security (GHAS) service, combining various techniques such as CodeQL code queries, GPT-4o models, heuristic techniques, and the Copilot API to generate code that fixes vulnerabilities. Following public beta testing, GitHub found that this feature can reduce the time to fix general vulnerabilities by three times compared to manual human efforts, and for specific types like cross-site scripting by 7 times, and SQL injection by 12 times.
Additionally, GitHub has announced that the Copilot Autofix feature will be available for open-source projects for free starting from September 2024, aiming to improve the overall security of open-source code. This builds on GitHub’s existing initiative of providing security services for the global open-source community free of charge.
TLDR: GitHub introduces Copilot Autofix, an AI-powered feature to scan and fix code vulnerabilities, reducing fix time significantly and offering it for free to open-source projects starting September 2024.
Leave a Comment