GitHub introduces a new AI-based tool to automatically fix vulnerabilities in code
GitHub has launched the first beta version of a new feature that automatically finds and fixes security vulnerabilities in code while it is being written.
The new feature combines:
- Copilot assistant features
- proprietary CodeQL engine for semantic code analysis.
The new system is capable of fixing more than two-thirds of the vulnerabilities it finds, often without the need for developers to edit the code themselves. In addition, the code autocorrector will cover more than 90% of the types of alerts in the supported languages. Currently, these are JavaScript, Typescript, Java, and Python.
The new feature is now available to all GitHub Advanced Security users. GitHub notes that it will save developers time that they used to spend on monotonous bug fixing tasks and speed up the development process, as well as relieve security teams and allow them to focus on strategic tasks of protecting their companies.
The built-in GPT-4 model from OpenAI will generate corrections and explanations for them. GitHub is convinced that the vast majority of auto-suggestions will be correct, but warns that in a small percentage of cases “there may be a significant misunderstanding of the code base or vulnerability.”
