Image: GitHub.
GitHub unveiled a feature last week that automatically detects vulnerabilities in source code and suggests fixes.
According to the blog post announcing Code Scanning Autofix, published last Wednesday, the beta version of the service is now available to everyone using GitHub Advanced Security.
Powered by GitHub Copilot and CodeQL, the tool allows for automatic code analysis that covers “more than 90% of alert types in JavaScript, Typescript, Java and Python”. It also provides “code suggestions that address more than two-thirds of the vulnerabilities found, with little or no editing.”
Allow developers to focus on other tasks
Code analysis can be run on a set schedule or at specific times. The tool can also be integrated with external services, including open source tools.
Just as GitHub CoPilot minimizes tedious, repetitive tasks, CodeScan AutoFix aims to help developers spend less time inspecting and fixing their code, so they can free up more time strategizing about how to protect their organizations.
“By prioritizing developer experience in GitHub Advanced Security, we’re already helping teams resolve issues 7x faster than traditional security tools,” GitHub said. “Code Scanning AutoFix is the next step in helping developers dramatically reduce the time and effort they spend fixing code. »
Source: ZDNet Korea