Topics
Latest
AI
Amazon
Image Credits:Lionel Ng/Bloomberg / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Lionel Ng/Bloomberg / Getty Images
Cloud Computing
Department of Commerce
Crypto
Code-scanning autofix in GitHub Copilot.Image Credits:GitHub
Enterprise
EVs
Fintech
Image Credits:GitHub
fund raise
Gadgets
Gaming
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
startup
TikTok
transport
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
It ’s a bad Clarence Shepard Day Jr. for bug . to begin with today , Sentry announced its AI Autofix feature for debugging production codification and now , a few hours later , GitHub is launching the first genus Beta of its code - scan autofix feature for finding and desex surety vulnerability during the rally cognitive operation . This new feature of speech combines the material - time capabilities of GitHub ’s Copilot withCodeQL , the company ’s semantic code analytic thinking engine . The companionship firstpreviewedthis capability last November .
GitHub promises that this newfangled arrangement can remediate more than two - thirds of the vulnerabilities it chance — often without the developer having to edit any code themselves . The party also promises that computer code scanning autofix will cover more than 90 % of alert types in the languages it patronise , which are presently JavaScript , Typescript , Java , and Python .
This new feature is now uncommitted for allGitHubAdvanced Security(GHAS ) customer .
“ Just asGitHubCopilot palliate developers of tedious and repetitive tasks , code scanning autofix will help ontogeny teams reclaim metre formerly spend on remedy , ” GitHub writes in today ’s promulgation . “ certificate teams will also benefit from a reduced volume of routine vulnerabilities , so they can concenter on strategies to protect the business while keeping up with an accelerated step of growing . ”
In the background , this new feature uses theCodeQL engine , GitHub ’s semantic analysis engine to see exposure in computer code , even before it has been fulfil . The ship’s company made a first generation of CodeQL usable to the public in late 2019 after itacquired the computer code analysis inauguration Semmle , where CodeQL was incubated . Over the year , it made a number of improvement to CodeQL , but one thing that never commute was that CodeQL was only available for free for researcher and open source developers .
Now CodeQL is at the centre of attention of this new peter , though GitHub also notes that it uses “ a combination of heuristics andGitHubCopilot APIs ” to suggest its fix . Togeneratethe fixes and their explanation , GitHub uses OpenAI ’s GPT-4 model . And while GitHub is clearly confident enough to suggest that the Brobdingnagian majority of autofix suggestions will be correct , the company does note that “ a small percent of suggested pickle will reflect a significant misunderstanding of the codebase or the vulnerability . ”
GitHub acquires code analysis shaft Semmle
