You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are excited to announce a significant enhancement to Copilot Autofix, a feature designed to help you fix code scanning alerts and avoid introducing new security vulnerabilities. Copilot Autofix leverages large language models to suggest potential fixes, making it easier to address security issues in your code.
Expanded Coverage of CodeQL Security Alerts
We have recently expanded the range of CodeQL security alerts where Copilot can suggest an autofix. This expansion now covers a group that accounts for 29% of all CodeQL alerts. As a result, we have seen:
An 8% overall increase in alerts with an available autofix.
A 270% increase in autofixes for this specific group of improved alerts.
With more autofix suggestions available, you can resolve security issues identified by CodeQL more easily. You can either apply Copilot’s suggested fix directly or use it as a starting point for your own edits.
How We Improved Autofix Suggestions
To make these improvements, we analyzed our usage data to understand the most common types of alerts where Copilot was not suggesting fixes. We then made a targeted effort to enhance autofix for these alerts. This systematic approach has led to more effective and relevant fix suggestions.
Looking Ahead
We continuously evaluate the performance of CodeQL and Copilot Autofix to ensure they provide the best possible support for your security needs. Stay tuned for more improvements in the future.
📣 ANNOUNCEMENTAnnouncements from the GitHub Community teamCode SecurityBuild security into your GitHub workflow with features to keep your codebase secureCopilotCode accurately and faster with your AI powered pair-programmer.GHASDiscussions related to GitHub Advanced SecurityProduct FeedbackChangelogA discussion post associated with a Changelog post
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
GitHub Community
-
We are excited to announce a significant enhancement to Copilot Autofix, a feature designed to help you fix code scanning alerts and avoid introducing new security vulnerabilities. Copilot Autofix leverages large language models to suggest potential fixes, making it easier to address security issues in your code.
Expanded Coverage of CodeQL Security Alerts
We have recently expanded the range of CodeQL security alerts where Copilot can suggest an autofix. This expansion now covers a group that accounts for 29% of all CodeQL alerts. As a result, we have seen:
With more autofix suggestions available, you can resolve security issues identified by CodeQL more easily. You can either apply Copilot’s suggested fix directly or use it as a starting point for your own edits.
How We Improved Autofix Suggestions
To make these improvements, we analyzed our usage data to understand the most common types of alerts where Copilot was not suggesting fixes. We then made a targeted effort to enhance autofix for these alerts. This systematic approach has led to more effective and relevant fix suggestions.
Looking Ahead
We continuously evaluate the performance of CodeQL and Copilot Autofix to ensure they provide the best possible support for your security needs. Stay tuned for more improvements in the future.
Read more about the testing process that GitHub uses to identify the quality of autofix suggestions.
Check out the update for this in The GitHub Blog: Copilot Autofix is available for more code scanning alerts :rock
Stay secure with the new and improved Copilot Autofix for CodeQL alerts!
Beta Was this translation helpful? Give feedback.
All reactions