Code-hosting platform GitHub on Tuesday announced the general availability of Copilot Autofix, the AI-powered vulnerability remediation feature meant to help developers address bugs in their code faster.
Copilot Autofix was initially announced in November 2023 and released in public beta in March, allowing JavaScript, Typescript, Java, and Python developers to quickly identify flaws in their repositories and receive fix suggestions.
Now generally available in GitHub Advanced Security (GHAS), Copilot Autofix analyzes security defects identified in pull requests and provides explanations along with fix suggestions. Developers can dismiss, edit, or commit the suggestions.
The feature offers fix suggestions for a broad range of vulnerability classes, including SQL injections and cross-site scripting (XSS) flaws, helping developers take care of both newly introduced and existing issues.
“During the public beta, we found that developers were fixing code vulnerabilities more than three times faster than those who do so manually, a powerful example of how AI agents can radically simplify and accelerate secure software development,” GitHub says.
According to the Microsoft-owned platform, developers using Copilot Autofix would need an average of 28 minutes to automatically commit a fix after receiving an alert, while those resolving the alert manually would need roughly 1.5 hours, on average.
XSS and SQL injection flaws were addressed even faster, at an average of 22 and 18 minutes, respectively, compared to three and 3.7 hours, respectively.
Developers can enable Copilot Autofix for bugs in existing code by pressing the ‘Generate fix’ button when receiving a GHAS code scanning alert and then pressing the ‘Create PR with fix’ button to create a new pull request that includes the necessary code changes.
“Just as GitHub Copilot helps developers code more quickly, Copilot Autofix accelerates the pace of remediation so security teams make real progress with the backlog of existing vulnerabilities, commonly known as security debt,” GitHub says.
Copilot Autofix, the code-hosting platform explains, uses a combination of heuristics and Copilot APIs, the CodeQL semantic code analysis engine, and GPT-4o to provide code suggestions.
Starting September, Copilot Autofix will be available for free to all open source projects, GitHub announced.
Related: GitHub Paid Out Over $4 Million via Bug Bounty Program
Related: ‘Phantom’ Source Code Secrets Haunt Major Organizations
Related: Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying
Related: FEMA Urges Patching of Emergency Alert Systems, But Some Flaws Remain Unfixed
