GitHub has launched the first beta version of a new feature that automatically searches for and fixes security vulnerabilities in code as it is being written.
The new feature combines:
- Copilot assistant capabilities
- CodeQL's proprietary engine for semantic code analysis.
The new system is able to eliminate more than two-thirds of the vulnerabilities it finds, often without the need for developers to edit the code themselves. The code autocorrector will also cover over 90% of alert types in supported languages. Currently, these are JavaScript, Typescript, Java, and Python.
The new feature is now available to all GitHub Advanced Security users. GitHub notes that it will save developers time previously spent on tedious error-fixing tasks, speed up development processes, relieve security teams, and allow them to focus on strategic security tasks for their companies.
Generating fixes and explanations will be done by the built-in GPT-4 model from OpenAI. GitHub is confident that the vast majority of auto-suggestions will be accurate, but warns that in a small percentage of cases, "significant misunderstanding of the code base or vulnerabilities may occur."
Comments (0)
There are no comments for now