Did you hear that? GitHub launched a code scanning auto-fix tool that is a GitHub Capilot AI-powered application. This code scanning auto-fix will provide users with recommendations to help them fix bugs within codes and avoid introducing vulnerabilities. This tool includes capabilities of both GitHub Capilot and CodeQL. Code QL works to scan codes and find issues in the code while Capilot fixes vulnerabilities in codes.Â
About GitHub’s Code Scanning Auto-Fix Tool
This beta version of auto-fix was launched on 20th March 2024, designed to help developers generate codes easily. This code-scanning auto-fix tool uses advanced AI technology like ChatGPT-4 to suggest problems and fix codes automatically.Â
This tool can fix 90% of alerts in programming languages like JavaScript, Java, Python, and Typescript. Also, this can suggest code fixes for more than two or three vulnerabilities with minimal or no editing. The developer can accept, edit or dismiss the suggestion according to the preference.Â
Eric Tooley on GitHub Code Scanning Tool
Eric Tooley, senior product marketing manager of GitHub added that this tool is designed to fulfil companies vision for application security, where the introduction of vulnerabilities leads directly to the resolution. The announcement also highlighted that the GitHub Capilot code scanning auto-fix tool helps development teams save time and they are already helping teams resolve vulnerabilities seven times faster compared to other traditional tools.Â
Auto-fix Generation Process
When the auto-fix is enabled for any codebase, codeQL works to scan and find the vulnerabilities in codes and send input to LLM (large language model). LLM analyse the issue and suggest a fix. The output generated by LLM appears as a comment in the pull request. The overall process helps developers quickly identify code errors and fix them with minimum or zero editing.Â
The code suggestion by the auto-fix can come with some changes including editing the current file, modification to multiple files, or suggestions to add dependencies to the project. Also to generate these code fixes the tool uses CodeQL engines with a combination of heuristics and Capilot APIs.Â
Core benefits of the Tool
- The core benefit of using this AI-powered code scanning auto-fix tool is that it will reduce remediation time for developers, as it can automatically fix more than two or three vulnerabilities shown in the codes.
- It will save developers from repetitive tasks and also the automation of code fixes will allow security teams to focus more on implementing wider security measures.Â
- Another core benefit of this tool is that it supports many programming languages.
Conclusion
This GitHub’s Code Scanning Auto-Fix tool has reduced the stress of developers and saves the time taken by code error fixing. It is an advanced step towards developer security. This automation process of fixing codes with minimum or zero editing will help developers focus more on core coding tasks.Â
Frequently Asked Questions (FAQ’s)
Q.1 What is the code scanning tool for GitHub?
CodeQL is the engine developed by GitHub that analyses the code and displays the results as code-scanning alerts. It supports both interpreted and compiled languagesÂ
Q.2 What languages are supported by GitHub advanced security code scanning?
GitHub advanced security code scanning can find vulnerabilities in code written in languages such as C++, C, Java, Python, JavaScript/Typescript, etc.Â
Q.3 Who can use GitHub scanning?
GitHub scanning is available for all public users on GitHub.com. This code scanning can be available for private users that use GitHub Enterprise Cloud and also have a license for advanced GitHub security.
