GitHub Introduces Code Scanning |
Written by Kay Ewbank |
Tuesday, 26 March 2024 |
GitHub has announced a public beta of a code scanner that automatically fixes problems. The new feature was announced back in November, but has now moved to public beta status. The beta, for GitHub Advanced Security customers, aims to help developers remediate more than two-thirds of supported alerts with little or no editing. The new feature is powered by GitHub Copilot and CodeQL, and GitHub says it covers more than 90% of alert types in JavaScript, Typescript, Java, and Python. The tool also offers code suggestions that have been shown to remediate more than two-thirds of found vulnerabilities with little or no editing. Code scans can be scheduled for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push. If code scanning finds a potential vulnerability or error in the code, GitHub displays an alert in the repository. After the problem that triggered the alert is fixed, GitHub closes the alert. Developers can also monitor results from code scanning across repositories or the entire organization using webhooks and the code scanning API. The way the tool works is that if a vulnerability is found in code written in one of the supported languages, AI is used to find suitable potential fixes. The affected code and a description of the problem are sent behind the scenes to a large language model (LLM), asking it to suggest code edits that will fix the problem without changing the functionality of the code. The code edits are offered along with a natural language explanation of the suggested fix. The developer can then look at a preview of the code suggestion and accept, edit, or dismiss it. The code suggestions can include changes to multiple files and the dependencies that should be added to the project. The AI used by the code scanning tool makes use of the CodeQL engine and GitHub Copilot APIs to generate code suggestions. GitHub plans to add support for more languages, with C# and Go coming next.
More InformationRelated ArticlesGitHub Copilot Provides Productivity Boost GitHub Copilot - Your Programming Pal
To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
Comments
or email your comment to: comments@i-programmer.info |
Last Updated ( Tuesday, 26 March 2024 ) |