GitHub's code scan autofix feature marks a major advance in software development and cybersecurity, as Sentry announced AI autofix for debugging production code.
According to TechCrunch, the new beta tool uses GitHub's Copilot and CodeQL semantic code analysis engines to find and fix security issues while coding. GitHub previewed this feature in his November.
GitHub claims its new approach allows developers to fix nearly two-thirds of vulnerabilities without having to edit their code. The company says code scan auto-remediation will cover more than 90% of JavaScript, Typescript, Java, and Python alert types. All GitHub Advanced Security (GHAS) clients can use this feature.
Here's how it works
Automatic remediation of code scans saves development teams remediation time by eliminating tedious and repetitive activities, GitHub says. The developer platform also says security teams benefit from fewer routine vulnerabilities and can focus on business protection tactics during rapid development.
Behind the scenes, this new feature uses GitHub's semantic analysis engine CodeQL to find vulnerabilities in your code before it runs. GitHub launched his CodeQL in late 2019 after acquiring Semmle, the code analysis company that incubated CodeQL.
While CodeQL is beefing up its auto-fix tools, GitHub says it is proposing a solution using “a combination of heuristics and the GitHub Copilot API.” GitHub provides a fix and explanation using his GPT-4 model in OpenAI. The company acknowledges that certain recommended patches may misrepresent the codebase or vulnerabilities.
GitHub, known for facilitating collaboration among programmers on coding projects, is incorporating AI into its products and services to increase membership.
Related article: Meta's Facebook, Instagram and Messenger suffer second global outage this month
AI changes things
GitHub CEO Thomas Dohmke noted that AI will have a transformative impact on business. He believes AI-driven capabilities could improve the onboarding process for individuals moving into large companies and reduce the need for organizational practice research.
“Just ask a question and you'll get an answer,” Domke said, according to a Bloomberg report.
Last month, GitHub announced that it would soon allow developers to autocomplete applications using their employer's codebase. This feature should be beneficial to financial services companies and other companies that use proprietary programming languages. It also serves Microsoft, whose Office desktop programs use C and C++ in unique ways.
Microsoft, a major GitHub partner, touts the success of GitHub Copilot powered by OpenAI in its quarterly financial report. Copilot inspired Microsoft to overhaul Office and Windows with AI-driven technologies and concepts.
GitHub's 50,000 business customers can purchase the basic Copilot Business plan for $19 per user per month. This shows GitHub's dedication to democratizing AI-driven technology and catering to a wide user base.
A recent data breach at documentation company Mintlify revealed many users' GitHub tokens, raising concerns in the tech community and questioning the security standards of third-party service providers.
Mintlify acted quickly after last week's breach. According to a TechTimes report, Mintlify co-founder Han Wang said that in their logs he discovered 91 of his GitHub tokens that were hacked. As a precautionary measure, affected individuals have been alerted and Mintlify is working with GitHub to determine if the leaked tokens were used to access private repositories.
Related article: OpenAI's GPT store flooded with copyright-infringing GPTs: Report
ⓒ 2024 TECHTIMES.com All rights reserved. Please do not reproduce without permission.
