GitHub has announced the general availability of Copilot Autofix within its GitHub Advanced Security (GHAS) suite, designed to prevent new vulnerabilities from entering code before you even see them.
The tool, announced by Chief Security Officer Mike Hanley in a blog post, will also tackle existing vulnerabilities in code, which was previously unmanageable without automation.
Besides identifying code vulnerabilities, Copilot Autofix also promises to explain their significance and offer automated code suggestions to fix them.
GitHub Copilot Autofix will fix your code for you
According to the company’s research, the tool has already proven to be around three times more efficient than doing the process manually. Early adopters like Optum and Otto Group have also reported saving thousands of hours monthly on remediation tasks.
Kevin Cooper, Principal Engineer at Optum, commented: “Since implementing Copilot Autofix, we’ve observed a 60% reduction in the time spent on security-related code reviews and a 25% increase in overall development productivity.”
In the announcement, Hanley was proud to highlight Copilot Autofix’s ability to address the backlog of security debt – vulnerabilities that linger in software for extended periods, often going unnoticed. Tackling these types of vulnerabilities can significantly reduce the risk of costly security breaches.
Hanley added: “Vulnerabilities can live forever, and the longer they’ve remained dormant, the harder and more expensive they are to fix.”
In addition to serving enterprise customers, GitHub will offer the tool to the open-source community for no cost from September 2024. Maintainers will be able to enhance the security of their own software, which aligns with the Microsoft-owned company’s commitment to creating a safer software scene.
Hanley concluded by stating that “AI agents can help relieve much of the burden” in a world of limited security talent, adding that Copilot Autofix will help ensure that “a vulnerability found means a vulnerability fixed.”
