GitHub发布了名为代码扫描自动修复的新功能，该功能现已面向所有GitHub高级安全客户开放公测。这项功能由GitHub Copilot和CodeQL提供支持，旨在帮助开发人员更快、更轻松地修复漏洞，从而减少日益严重的“应用程序安全债务”问题。它支持多种流行编程语言，并能自动生成代码修复建议，显著提高漏洞修复效率，开发人员只需接受、编辑或驳回建议即可。GitHub希望通过此功能实现“发现即修复”的目标，加速漏洞修复流程，让开发和安全团队都能受益。

🤔 **GitHub推出代码扫描自动修复功能，现已开放公测:** 该功能由GitHub Copilot和CodeQL提供支持，旨在帮助开发人员更快、更轻松地修复漏洞，减少“应用程序安全债务”。

💻 **支持多种编程语言并提供代码修复建议:** 目前支持JavaScript、TypeScript、Java和Python等语言，并能为发现的漏洞提供自然语言解释和代码修复建议，修复效率显著提升。

🚀 **加速漏洞修复流程，提升开发和安全团队效率:** 通过自动修复功能，开发人员可以节省修复漏洞的时间，安全团队可以专注于保护业务并跟上开发速度，从而降低日常漏洞数量。

💡 **“发现即修复”的理念:** GitHub希望通过代码扫描自动修复功能，实现“发现即修复”的目标，让漏洞修复流程更加高效便捷。

🌐 **持续拓展语言支持和改进功能:** GitHub计划继续添加对更多语言的支持，例如C#和Go，并鼓励用户提供反馈，帮助改进该功能。

March 21st, 2024: GitHub has launched a new feature called code scanning autofix, which is now available in public beta for all GitHub Advanced Security customers.

The feature, powered by GitHub Copilot and CodeQL, aims to help developers fix vulnerabilities more quickly and easily, reducing the growing problem of “application security debt.”

Code scanning autofix supports more than 90% of alert types in popular programming languages such as JavaScript, TypeScript, Java, and Python.

When a vulnerability is discovered in one of these languages, the feature provides developers with a natural language explanation of the suggested fix, along with a preview of the code suggestion.

Developers can then accept, edit, or dismiss the suggestion. Remarkably, these code suggestions have been shown to remediate more than two-thirds of found vulnerabilities with little or no editing required.

Pierre Tempel and Eric Tooley, authors of the blog post announcing the feature, state that code scanning autofix is “the next leap forward” in GitHub’s vision for application security, where “found means fixed.”

By prioritizing the developer experience, the company aims to help teams remediate vulnerabilities up to seven times faster than traditional security tools.

Behind the scenes, code scanning autofix leverages the CodeQL engine and a combination of heuristics and GitHub Copilot APIs to generate code suggestions.

These suggestions can include changes to multiple files and the dependencies that should be added to the project.

GitHub plans to continue adding support for more languages, with C# and Go coming next.

The company encourages users to join the autofix feedback and resources discussion to share their experiences and help guide further improvements to the feature.

The introduction of code scanning autofix is expected to benefit both development and security teams.

Developers will be able to reclaim time previously spent on remediation, while security teams can focus on protecting the business and keeping up with the accelerated pace of development, as the volume of everyday vulnerabilities is reduced.

The post GitHub Introduces Code Scanning Autofix, Powered by Copilot and CodeQL appeared first on Weam - AI For Digital Agency.