GitHub is rolling out a new feature to not only help developers find vulnerabilities, but fix them quickly.
Copilot Autofix in GitHub Advanced Security (GHAS) analyzes vulnerabilities, explains their importance, and offers suggestions on how to remediate them.
“For developers who aren’t necessarily security experts, Copilot Autofix is like having the expertise of your security team at your fingertips while you review code,” Mike Hanley, chief security officer and SVP of engineering at GitHub, wrote in a blog post.
When GHAS finds a vulnerability, there is now a button that developers can click and have Copilot Autofix generate a fix. Then, developers can either dismiss the suggestion or have it create a new pull request with a code change that remediates the issue.
It can generate fixes for dozens of classes of vulnerabilities, including SQL injection and cross-site scripting.
Copilot Autofix was first introduced as a public beta in March, and according to the company, beta participants were able to fix vulnerabilities three times faster than developers fixing them manually. Fixing cross-site scripting vulnerabilities was seven times faster and fixing SQL injection vulnerabilities was 12 times faster.
According to GitHub, Copilot Autofix will help cut down on technical debt when it comes to vulnerabilities. The company explained that the longer a vulnerability remains in a codebase, the more difficult it is to remove them.
“When a developer is asked to fix vulnerabilities in code that they haven’t seen in a while or aren’t familiar with, it can take hours to assess the surrounding code and experiment with manual fixes,” Hanley wrote.
The new functionality is available to any GitHub customer with an Advanced Security license, and, starting in September, Copilot Autofix will be made available for free to open source maintainers as well.
“As the global home of the open source community, GitHub is uniquely positioned to help maintainers detect and remediate vulnerabilities so that open source software is safer and more reliable for everyone,” Hanley wrote.
You may also like…
Harness software intelligence to conquer complexity and drive innovation
Software engineering leaders must act to manage integration technical debt