GitHub’s new Autofix feature automatically fixes code vulnerabilities during the coding process. The feature is available in beta for GitHub Advanced Security customers.

GitHub is launching a new AI tool that can automatically fix code vulnerabilities. The Autofix code scanning feature covers more than 90 percent of alert types in JavaScript, Typescript, Java and Python and provides code suggestions that can fix more than two-thirds of the vulnerabilities found, according to GitHub. The feature is supported by GiHub’s Copilot and CodeQL and is available in beta to all GitHub Advanced Security (GHAS) customers.

Autofix function

GitHub presents the new autofix function in a blog post. This tool can automatically detect and fix vulnerabilities during the encryption process. According to GitHub, this new system will address more than two-thirds of the vulnerabilities found and cover more than 90 percent of alert types in languages ​​such as JavaScript, Typescript, Java and Python.

The feature combines the features of GitHub’s Copilot with CodeQL. The latter is the company’s semantic code analysis engine. This new feature can save development teams a lot of time scanning code, just as GitHub Copilot saves developers time by eliminating repetitive tasks.

How it works

Autofix for code scanning is powered by the CodeQL engine, GitHub’s semantic analysis engine for finding vulnerabilities in code. Together with GitHub’s Copilot, the Autofix feature generates code suggestions. The following video explains the function using a demo.