GitHub Introduces Code Scanning
Written by Kay Ewbank   
Tuesday, 26 March 2024

GitHub has announced a public beta of a code scanner that automatically fixes problems. The new feature was announced back in November, but has now moved to public beta status.  

The beta, for GitHub Advanced Security customers, aims to help developers remediate more than two-thirds of supported alerts with little or no editing.

The new feature is powered by GitHub Copilot and CodeQL, and GitHub says it covers more than 90% of alert types in JavaScript, Typescript, Java, and Python. The tool also offers code suggestions that have been shown to remediate more than two-thirds of found vulnerabilities with little or no editing.

copilotsq

Code scans can be scheduled for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push. If code scanning finds a potential vulnerability or error in the code, GitHub displays an alert in the repository. After the problem that triggered the alert is fixed, GitHub closes the alert. Developers can also monitor results from code scanning across repositories or the entire organization using webhooks and the code scanning API.

The way the tool works is that if a vulnerability is found in code written in one of the supported languages, AI is used to find suitable potential fixes. The affected code and a description of the problem are sent behind the scenes to a large language model (LLM), asking it to suggest code edits that will fix the problem without changing the functionality of the code. The code edits are offered along with a natural language explanation of the suggested fix. The developer can then look at a preview of the code suggestion and accept, edit, or dismiss it. The code suggestions can include changes to multiple files and the dependencies that should be added to the project.

The AI used by the code scanning tool makes use of the CodeQL engine and GitHub Copilot APIs to generate code suggestions.

GitHub plans to add support for more languages, with C# and Go coming next.

 

copilotsq

More Information

GitHub Website

Related Articles

GitHub Copilot Provides Productivity Boost

GitHub Copilot Released

GitHub Copilot - Your Programming Pal

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Visual Studio 17.9 Now Generally Available
18/03/2024

Visual Studio 17.9 is now fully available with AI assistance and better extensibility. The first preview of 17.10 has also been made available in preview.



Redis Changes License, Rival Fork Launched
03/04/2024

The developers of Redis have announced that they are changing the licensing model for the database. From now on, all future versions of Redis will be released with source-available licenses rather tha [ ... ]


More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 26 March 2024 )