AI/ML, DevSecOps

Copilot Autofix by GitHub launches

Share
GitHub symbol

GitHub has launched Copilot Autofix, an AI-powered tool designed to help developers quickly remediate software vulnerabilities, reports DevOps.

Copilot Autofix, which is integrated into the GitHub Advanced Security, uses GitHub’s CodeQL scanning engine and GPT-4o to detect and fix vulnerabilities in real-time. It provides developers with code suggestions that can be accepted, edited, or rejected, enabling them to address security issues more efficiently and as soon as they are detected.

GitHub Chief Security Officer Mike Hanley, emphasized that while detecting vulnerabilities is common, fixing them remains challenging, noting that "remediation takes security expertise and time, two valuable resources in critically short supply. He says users during the public beta were fixing vulnerabilities three times faster than manual methods. The tool currently supports several programming languages, including JavaScript, Python, C#, and Kotlin, and is available to open-source developers for free, while enterprise users can access it through GHAS. GitHub plans to enhance Copilot Autofix’s capabilities, including expanding its secret scanning features and developing workflows for organizations with high security debt.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.