2 min Devops

GitHub Copilot Autofix solves vulnerabilities at lightning speed

GitHub Copilot Autofix solves vulnerabilities at lightning speed

“Found means fixed,” is the slogan of the new GitHub Copilot Autofix. Developers are said to deliver secure programming code three times faster thanks to this AI-driven tool.

Autofix is not in GitHub Copilot’s standard offering. Enterprise accounts can opt for GitHub Advanced Security (GHAS), which now detects vulnerabilities even faster and more clearly. During the public beta, Autofix users were found to fix vulnerabilities three times faster than users who had to do it manually. What is the secret of the tool?

Text and explanation

The promise behind Autofix focuses not only on its speed. The reason for this lightning pace: developers know faster why a vulnerability occurs, not just that there is a potential risk. Autofix explains a code vulnerability and immediately suggests an alternative.

Prevention is better than cure, GitHub also knows. So Autofix is particularly intended as a prevention tool for different types of vulnerabilities. For example, GitHub itself cites SQL injections and cross-site scripting. Implementing a fix based on a GitHub alert normally takes 1.5 hours, but thanks to Autofix it takes 28 minutes. For cross-site scripting, the speed gain is even greater: 22 minutes versus three hours; vulnerabilities related to SQL injections take only 18 minutes to resolve with Autofix, whereas it usually takes 3.7 hours.

Existing issues

Autofix can also come to the rescue when it comes to existing vulnerabilities. With Autofix, a scanning alert within GHAS includes a “Generate fix” button with the same functionality as Autofix elsewhere. It is additionally possible to create a pull request with the new AI-driven fix. Because legacy code can also be cleaned up thanks to AI, GitHub sees an opportunity for organizations to eliminate “years of accumulated security debt.”

Also read: Developers lose GitHub Copilot copyright case again