GitHub Launches AI-Powered Tool to Automatically Fix Bugs


Published on:

GitHub has introduced a new AI-powered feature, code scanning autofix, which is now accessible in public beta for GitHub Advanced Security customers. This innovative tool is designed to assist developers in addressing more than two-thirds of supported alerts with minimal or no manual modifications, significantly streamlining the bug remediation process.

Powered by GitHub Copilot and CodeQL, GitHub’s code analysis engine, this feature extends its coverage to over 90% of alert types in several programming languages, including JavaScript, TypeScript, Java, and Python. It is engineered to offer code suggestions that resolve vulnerabilities effortlessly, allowing developers to concentrate on coding rather than fixing vulnerabilities

GitHub’s new tool operates by utilizing the CodeQL engine in combination with heuristics and the GitHub Copilot APIs. This integration generates code suggestions automatically when a vulnerability is detected in a supported language. Developers are provided with a natural language explanation of the proposed fix and a preview of the code suggestion, which they can then accept, modify, or reject according to their preferences.

Emphasizing the concept of “found means fixed,” GitHub envisions an application security environment where vulnerabilities are promptly addressed. GitHub Advanced Security is already facilitating teams to remediate issues seven times faster than with traditional security tools. The introduction of code scanning autofix is a step forward in reducing the accumulation of “application security debt,” enabling developers to rectify vulnerabilities seamlessly during the coding process.

Further expanding its support, GitHub plans to include more programming languages, with C# and Go anticipated as the next additions. The company is actively seeking feedback from users to enhance the autofix experience and is inviting them to join the discussion on autofix feedback and resources.

In a detailed blog post, the GitHub Engineering team provides insights into the workings of code scanning autofix. The post elaborates on how the tool leverages a large language model to suggest code edits that address issues without altering the core functionality of the code. It also highlights the use of pre- and post-processing heuristics to manage the complexities encountered in real-world coding scenarios.

Alan Mathai
Alan Mathai
Alan Mathai is a passionate Flutter developer with a knack for exploring the intricacies of coding tools and open-source technologies. With a deep understanding of the Linux ecosystem, Alan delves into the world of programming, sharing his expertise and insights through his engaging and informative articles. His enthusiasm for all things tech and his commitment to staying up-to-date with the latest developments make him a valuable resource for fellow developers and technology enthusiasts.

Related Posts:

Leave a Reply

Please enter your comment!
Please enter your name here