Saturday, April 13, 2024

GitHub’s New AI Tool that Fixes Your Code Automatically

GitHub has leaped application security by introducing a new feature that promises to revolutionize how developers address code vulnerabilities.

The new tool, code scanning autofix, is now available in public beta for all GitHub Advanced Security customers, harnessing the power of GitHub Copilot and CodeQL to offer unprecedented assistance in code remediation.

Found Means Fixed: A Vision for Application Security

GitHub’s vision for application security is encapsulated in the principle that “found means fixed.”

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

With the introduction of code scanning autofix, GitHub is making strides towards an environment where the discovery of a vulnerability is immediately followed by its resolution.

This tool is not just a theoretical advancement; it is a practical solution that has been shown to help teams remediate issues up to seven times faster than traditional security tools.

Github Advanced Security (source:Github)
Github Advanced Security (source:GitHub)

How Code Scanning Autofix Works

Code scanning auto-fix is designed to provide developers with an explanation and code suggestions to remediate a vulnerability.

This feature covers over 90% of alert types in popular programming languages such as JavaScript, TypeScript, Java, and Python.

It can deliver code suggestions that can remediate more than two-thirds of found vulnerabilities with minimal editing required by the developer.

Github Advanced Security

Addressing Application Security Debt

Applications are a leading attack vector, and many organizations acknowledge the challenge of managing an increasing number of unremediated vulnerabilities in production repositories.

Code scanning autofix aims to curb the growth of this “application security debt” by simplifying the process for developers to fix vulnerabilities as they arise during coding.

Just as GitHub Copilot has been assisting developers by automating tedious and repetitive tasks, code scanning auto-fix is set to help development teams save valuable time previously spent on remediation.

Security teams also benefit from this tool as it reduces the volume of everyday vulnerabilities, allowing them to concentrate on higher-level strategies to safeguard the business in a fast-paced development environment.

The Technology Behind Autofix

The magic behind code scanning auto-fix lies in the CodeQL engine, which, in combination with heuristics and GitHub Copilot APIs, generates code suggestions.

When a vulnerability is detected in a supported language, the tool provides a natural-language explanation of the fix and a preview of the code suggestion.

Developers can then choose to accept, edit, or dismiss the suggestion. These suggestions can span multiple files and include necessary changes to project dependencies.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Website

Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles