GitHub Introduces Code Scanning Autofix, Powered by Copilot and CodeQL

Mukund Kapoor
By Mukund Kapoor - Author 2 Min Read
2 Min Read

New feature helps developers remediate vulnerabilities faster and easier, reducing application security debt

In Short
  • Code scanning autofix is now available in public beta for GitHub Advanced Security customers
  • The feature covers over 90% of alert types in JavaScript, TypeScript, Java, and Python
  • Autofix delivers code suggestions that can remediate more than two-thirds of found vulnerabilities with minimal editing

March 21st, 2024: GitHub has launched a new feature called code scanning autofix, which is now available in public beta for all GitHub Advanced Security customers.

The feature, powered by GitHub Copilot and CodeQL, aims to help developers fix vulnerabilities more quickly and easily, reducing the growing problem of “application security debt.”

Code scanning autofix supports more than 90% of alert types in popular programming languages such as JavaScript, TypeScript, Java, and Python.

code scanning autofix

When a vulnerability is discovered in one of these languages, the feature provides developers with a natural language explanation of the suggested fix, along with a preview of the code suggestion.

Developers can then accept, edit, or dismiss the suggestion. Remarkably, these code suggestions have been shown to remediate more than two-thirds of found vulnerabilities with little or no editing required.

Pierre Tempel and Eric Tooley, authors of the blog post announcing the feature, state that code scanning autofix is “the next leap forward” in GitHub’s vision for application security, where “found means fixed.”

code scanning autofix
Code Scanning Autofix

By prioritizing the developer experience, the company aims to help teams remediate vulnerabilities up to seven times faster than traditional security tools.

Behind the scenes, code scanning autofix leverages the CodeQL engine and a combination of heuristics and GitHub Copilot APIs to generate code suggestions.

These suggestions can include changes to multiple files and the dependencies that should be added to the project.

GitHub plans to continue adding support for more languages, with C# and Go coming next.

The company encourages users to join the autofix feedback and resources discussion to share their experiences and help guide further improvements to the feature.

The introduction of code scanning autofix is expected to benefit both development and security teams.

Developers will be able to reclaim time previously spent on remediation, while security teams can focus on protecting the business and keeping up with the accelerated pace of development, as the volume of everyday vulnerabilities is reduced.



Based on our quality standards, we deliver this website’s content transparently. Our goal is to give readers accurate and complete information. Check our News section for latest news. To stay in the loop with our latest posts follow us on Facebook, Twitter and Instagram

Subscribe to our Daily Newsletter to join our growing community and if you wish to share feedback or have any inquiries, please feel free to Contact Us. If you want to know more about us, check out our Disclaimer, and Editorial Policy.

By Mukund Kapoor Author
Mukund Kapoor, the enthusiastic author and creator of GreatAIPrompts, is driven by his passion for all things AI. With a special knack for simplifying complex AI concepts, he's committed to helping readers of all levels - be it beginners or experts - navigate the intriguing world of artificial intelligence. Through GreatAIPrompts, Mukund ensures that readers always have access to the most recent and relevant AI news, tools, and insights. His dedication to quality, accuracy, and clarity is what sets his blog apart, making it a reliable go-to source for anyone interested in unlocking the potential of AI. For more information visit Author Bio.
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *