GitHub has unveiled Copilot Autofix, an AI-powered software vulnerability remediation service as part of its GitHub Advanced Security (GHAS) service.
GitHub introduced Copilot Autofix in production on August 14. “Copilot Autofix analyzes vulnerabilities in code, explains why they matter, and offers code suggestions that help developers fix vulnerabilities as fast as they are found,” GitHub said in the announcement. GHAS customers on GitHub Enterprise Cloud already have Copilot Autofix included in their subscription. GitHub has enabled Copilot Autofix by default for these customers in their GHAS code scanning settings. Beginning in September, Copilot Autofix will be offered for free in pull requests to open source projects.
During the public beta, which began in March, GitHub found that developers using Copilot Autofix were fixing code vulnerabilities more than three times faster than those doing it manually, demonstrating how AI agents such as Copilot Autofix can radically simplify and accelerate software development. Copilot Autofix can be generated for dozens of classes of vulnerabilities, such as SQL injection and cross-site scripting, which developers can dismiss, edit, or commit in their pull request, the company said.