eCommerceNews New Zealand - Technology news for digital commerce decision-makers
New Zealand
Guides
#
business intelligence
#
commerce systems
#
customer data platforms
#
marketing technologies
#
payment gateways
Search
Story image
#
App development
#
Application Security
#
Cybersecurity
GitHub launches code scanning autofix for advanced security customers
Thu, 21st Mar 2024
Author image
By Sean Mitchell, Publisher
Follow us

GitHub has announced the public beta availability of its code scanning autofix for all GitHub Advanced Security (GHAS) customers. This auto-fixing feature, powered by GitHub Copilot and CodeQL, is designed to address vulnerabilities in code as they are identified, significantly reducing remediation time and effort.

The new feature covers more than 90% of alert types in JavaScript, Typescript, Java, and Python. Furthermore, it is capable of remediating over two-thirds of discovered vulnerabilities with minimal or zero editing, offering an intuitive and more efficient coding experience for developers.

Eric Tooley, Senior Product Marketing Manager at GitHub, alleges that the new auto-fix feature brings them closer to realising their vision for application security, where "found means fixed." He stated: "By prioritising the developer experience in GitHub Advanced Security, we are already helping teams remediate 7x faster than traditional security tools. Code scanning autofix is the next leap forward, helping developers dramatically reduce time and effort spent on remediation."

The majority of organisations admit to an ever-growing number of unremediated vulnerabilities within their production repositories. Tooley stresses that code scanning auto-fix addresses this issue, enabling developers to eliminate vulnerabilities as they code and easing the growth of the so-called 'application security debt'.

Similar to how GitHub Copilot alleviates developers from tedious and repetitive tasks, the code scanning auto fix will assist development teams in reclaiming vital time previously expended on remediation. This feature also promises a decreased volume of common vulnerabilities, allowing security teams to concentrate on business-focused protection strategies while maintaining pace with rapid development.

When a vulnerability is found in a supported coding language, the fix suggestions will include a natural language explanation of the recommended solution alongside a preview of the code suggestion. The developer can accept, edit, or dismiss these suggestions, which can entail changes to the current file and multiple others, as well as the incorporation of necessary dependencies into the project.

GitHub plans to extend support to more programming languages, with C# and Go slated as the next additions. This expansion demonstrates GitHub's commitment to shifting application security towards an environment where vulnerabilities, once identified, are remediated promptly, streamlining the developer's experience and increasing efficiency.

For the uninitiated, code scanning auto-fix leverages the CodeQL engine and a combination of heuristics and GitHub Copilot APIs to generate code suggestions. Developers are encouraged to join the auto-fix feedback and resources discussion to share their experiences and contribute to further enhancements to the auto-fix experience.

Related stories
Creating the blueprint for introducing AI and robotics to business: A hospitality perspective
Adobe reveals new AI-powered mobile app, Adobe Express
GitLab unveils Duo Chat for simplified AI-powered DevSecOps workflows
Half of online traffic in 2024 generated by bots, report finds
NAB Show 2024: Harnessing GenAI for media's next frontier
Top stories
Cash Chasm report reveals drawbacks of manual cash management
GumGum integrates Playground xyz into APAC ad suite
NZ retailers urged to prioritise CX over tech advances
TeamViewer & Manhattan Associates team up for warehouse digitisation
Unleash the potential of AI and elevate customer-centric marketing