GitHub's latest AI tool, Code Scanning Auto-Fix, is now available for public testing to GitHub Advanced Security customers. This new feature helps developers fix over two-thirds of supported warnings with minimal or no editing, significantly reducing the time and effort required for fixing work.

The Code Scanning Auto-Fix feature is supported by GitHub Copilot and CodeQL, its code analysis engine that automates security checks. It covers over 90% of warning types in JavaScript, TypeScript, Java, and Python. It provides code suggestions that require minimal or no editing to fix vulnerabilities, making it easier for developers to address them during the coding process.

This tool generates code suggestions by leveraging the combination of the CodeQL engine, heuristic methods, and the GitHub Copilot API. When vulnerabilities are detected in supported languages, the repair suggestions include a natural language explanation of the proposed fix, as well as a preview of code suggestions that developers can accept, edit, or ignore.

GitHub states that their vision for application security is to create a "discover and fix" environment. By prioritizing the optimization of developer experience in GitHub Advanced Security, the company has already helped teams fix issues seven times faster than traditional security tools. Code Scanning Auto-Fix is the next leap, as it makes it easier for developers to address vulnerabilities during the coding process, helping organizations mitigate the growth of "application security debt."

GitHub plans to continue expanding support for more languages, with C# and Go being the next ones. The company encourages users to provide feedback and engage in resource discussions for auto-fixing, sharing their experiences, and helping further improve the auto-fixing experience.