GitHub’s New Code-Scanning Autofix: A Game-Changer for Software Development and Cybersecurity : Tech : Tech Times | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

GitHub’s code-scanning auto-fix capability marks a major progress in software development and cybersecurity following Sentry’s announcement of AI autofix for debugging production code. 

This new beta tool uses GitHub’s Copilot and CodeQL semantic code analysis engines to find and fix security problems while coding, per TechCrunch. GitHub previewed this feature in November.

GitHub claims its new approach can fix nearly two-thirds of vulnerabilities without developers editing code. Code scanning autofix will cover over 90% of alert types in JavaScript, Typescript, Java, and Python, according to the firm. All GitHub Advanced Security (GHAS) clients may use this functionality.

Here’s How It Works

By eliminating onerous and repetitive activities, code scanning auto fix will save development teams time on remediation, GitHub noted. The developer platform also states that security teams will benefit from fewer daily vulnerabilities, enabling them to concentrate on business protection tactics during rapid development.

In the background, this new functionality uses GitHub’s semantic analysis engine, CodeQL, to find code vulnerabilities before execution. GitHub launched CodeQL in late 2019 following its acquisition of Semmle, the code analysis firm that fostered it.

A photo illustration shows a laptop screen displaying welcome screens and messages on the GitHub developer platform website on February 23, 2024, in London, England. (Photo: Leon Neal/Getty Images)

CodeQL powers the auto-fix tool, although GitHub says it proposes solutions using “a combination of heuristics and GitHub Copilot APIs.” GitHub provides fixes and explanations using OpenAI’s GPT-4 model. The firm admits that certain recommended patches may misrepresent the codebase or vulnerability.

GitHub, known for promoting programmer collaboration on coding projects, has integrated AI into its goods and services to increase member numbers.

Read Also: Global Outage Strikes Meta’s Facebook, Instagram, and Messenger For the Second Time This Month

AI is Changing The Landscape

GitHub CEO Thomas Dohmke noted AI’s transformational influence on business. He believes that AI-driven features may improve the onboarding process for individuals transferring to major businesses, reducing the need for organizational practice research. 

“You can just ask questions and get the answers,” Dohmke said, as reported by Bloomberg.

Last month, GitHub announced that it will soon let developers autocomplete their applications using their employer’s codebase. This feature should benefit financial services corporations and other enterprises using proprietary programming languages. It will also serve Microsoft, whose Office desktop programs use C and C++ in unique ways.

Microsoft, a major GitHub partner, has touted the success of OpenAI-powered GitHub Copilot in its quarterly financial reports. Copilot has inspired Microsoft to overhaul Office and Windows with AI-driven technologies and concepts.

GitHub’s 50,000 corporate customers may purchase a basic Copilot Business plan for $19 per month per user. This shows GitHub’s dedication to democratizing AI-driven technologies and meeting its broad user base.

A recent data breach at documentation company Mintlify revealed many users’ GitHub tokens, increasing tech community worries and calling into question third-party service providers’ security standards.

Mintlify acted quickly after the breach last week. Han Wang, Mintlify’s co-founder, said that their logs uncovered 91 hacked GitHub tokens, as reported by TechTimes.  As a precaution, impacted individuals were alerted, and Mintlify is working with GitHub to determine whether the leaked tokens were used to access secret repositories.

Related Article: OpenAI’s GPT Store Flooded with Copyright-Infringing GPTs: Report

ⓒ 2024 All rights reserved. Do not reproduce without permission.


Click Here For The Original Source.

National Cyber Security