Code scanning autofix pairs GitHub’s CodeQL code scanner with GitHub Copilot APIs to generate fix suggestions for discovered vulnerabilities. Credit: Shutterstock GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Code scanning autofix is available in a public beta to GitHub Advanced Security customers. Launched March 20, code scanning autofix makes vulnerability fixes available right away as a developer is coding, GitHub said. GitHub Copilot AI is used to provide a code suggestion and explanation directly in the pull request. Code scanning autofix covers more than 90% of alert types in JavaScript, TypeScript, Java, and Python, and remediates more than two-thirds of found vulnerabilities with little or no editing, according to the company. Code scanning autofix leverages the CodeQL engine and a combination of heuristics and GitHub Copilot APIs to generate code suggestions. The feature builds on the November 2023 unveiling of GitHub Application Security, which provides additional security features including code scanning, secrets scanning, auto-triage rules for security alerts, and dependency reviews. These features require a GitHub Advanced Security license to run on repositories apart from public repositories on GitHub. Related content news Java proposals would boost resistance to quantum computing attacks OpenJDK proposals would provide Java implementations of a quantum-resistant module-latticed-based digital signature algorithm and key encapsulation mechanism. By Paul Krill Nov 08, 2024 2 mins Java Quantum Computing Application Security news analysis What Entrust certificate distrust means for developers Secure communications between web browsers and web servers depend on digital certificates backed by certificate authorities. What if the web browsers stop trusting your CA? By Travis Van Oct 30, 2024 9 mins Browser Security Web Development Application Security news Embedded developers face mounting pressure on security A recent survey by BlackBerry Limited finds tensions between innovation, project deadlines, and functional safety. By Paul Krill Oct 11, 2024 2 mins Developer Application Security Software Development feature 6 ways to apply automation in devsecops Automation should serve as a foundational principle for approaching every security challenge. Here’s how automation can help you secure software development processes. By Shashank Srivastava Sep 30, 2024 9 mins DevSecOps CI/CD Application Security Resources Videos