GitHub's new AI tool helps users automatically fix bugs and vulnerabilities in their code

GitHub Launched today for all Advanced Security (GHAS) licensees, the new "CodeScan" feature (in preview) to search GitHub code for potentialSecurity Vulnerabilitiesand coding errors.

GitHub's new AI tool helps users automatically fix bugs and vulnerabilities in their code

This new feature uses Copilot and CodeQL, a code analysis engine developed by GitHub to automate security checks, to find possible vulnerabilities or bugs in your code, categorize them, and prioritize fixes. It's worth noting that Code Scan consumes GitHub Actions minutes.

Code Scan is also described as preventing developers from introducing new issues, and supports scanning at specific dates and times, or triggering a scan when a specific event occurs in the repository (e.g., a push).

If the AI finds a possible vulnerability or bug in your code, GitHub alerts the repository and cancels the alert after the user fixes the code that triggered it.

To monitor your repository or organization's Code Scanning results, you can use web hooks and the code scanning API, and Code Scanning can also interoperate with third-party code scanning tools that output Static Analysis Result Interchange Format (SARIF) data. Code Scan can also interoperate with third-party code scanning tools that output static analysis result interchange format (SARIF) data.

Currently, there are three main approaches to CodeQL analysis for Code Scanning:

  • Quickly configure CodeQL analysis for Code Scan on the repository using the default settings. The default settings automatically select the language to analyze, the query suite to run, and the event that triggers the scan, or you can manually select the query suite to run and the language to analyze if desired. When CodeQL is enabled, GitHub Actions performs a workflow run to scan code.

  • Add a CodeQL workflow to the repository using the advanced settings. This will generate a customizable workflow file that runs the CodeQL CLI using github / codeql-action.

  • Run the CodeQL CLI directly on an external CI system and upload the results to GitHub.

GitHub promises that this AI system can fix more than two-thirds of the vulnerabilities it discovers, so there's generally no need for developers to actively edit code. The company also promises that the code scanning auto-remediation will cover more than 90% alert types in its supported languages, which currently include JavaScript, Typescript, Java, and Python.

statement:The content is collected from various media platforms such as public websites. If the included content infringes on your rights, please contact us by email and we will deal with it as soon as possible.
Information

Lenovo announced that it will release new AI PC products at the Innovation Technology Conference on April 18

2024-3-22 9:23:17

Information

Stability AI releases Stable Video 3D model to create multi-view 3D video from a single image

2024-3-22 9:25:24

Search