Repo sync

content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md

@@ -54,7 +54,7 @@ You can also use the Autofix API for historical alerts endpoints to generate, ge
 * [Get the status of an autofix for a code scanning alert](/rest/code-scanning/code-scanning#get-the-status-of-an-autofix-for-a-code-scanning-alert)
 * [Commit an autofix for a code scanning alert](/rest/code-scanning/code-scanning#commit-an-autofix-for-a-code-scanning-alert)
 
-For information about the limitations of automatically generated fixes, see [Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions).
+{% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} alerts won't be able to generate a fix for every alert in every situation. The feature operates on a best-effort basis and is not guaranteed to succeed 100% of the time. For information about the limitations of automatically generated fixes, see [Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions).
 
 {% endif %}
 

content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md

@@ -56,6 +56,19 @@ Any {% data variables.copilot.copilot_autofix_short %} suggestions are generated
 
 The process of generating fixes does not gather or utilize any customer data beyond the scope outlined above. Therefore, the use of this feature is governed by the existing terms and conditions associated with {% data variables.product.prodname_AS %}. Moreover, data handled by {% data variables.copilot.copilot_autofix_short %} is strictly not employed for LLM training purposes. For more information on {% data variables.product.prodname_AS %} terms and conditions, see [AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security){% ifversion fpt %}.{% else %} in the Free, Pro, & Team documentation.{% endif %}
 
+## Limitations and non-determinism of {% data variables.copilot.copilot_autofix_short %}
+
+{% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} alerts won't be able to generate a fix for every alert in every situation. The feature operates on a best-effort basis and is not guaranteed to succeed 100% of the time.
+
+### When a {% data variables.copilot.copilot_autofix_short %} suggestion may not be generated
+
+Several factors can prevent {% data variables.copilot.copilot_autofix_short %} from successfully generating a suggested fix.
+
+* _Non-determinism:_ The underlying large language model is a generative model and is therefore non-deterministic. This means that even with the same alert and code, it might fail to produce a viable suggestion, or the suggestion might vary across attempts.
+* _Problem complexity and context:_ Some security alerts, such as those that require tracing data flow across a complex, multi-file codebase or those that represent subtle logic flaws, could be difficult for the model to resolve.
+* _File size:_ If the affected code is within a very large file or repository, the context provided to the LLM may be truncated. The model needs sufficient context to understand the surrounding code logic and safely apply a fix; when this context is limited, the feature will not attempt a fix.
+* _Language and framework coverage:_ While {% data variables.copilot.copilot_autofix_short %} supports a growing list of languages and CodeQL alerts, it doesn't cover every possible alert type or language.
+
 ## Quality of suggestions
 
 {% data variables.product.prodname_dotcom %} uses an automated test harness to continuously monitor the quality of suggestions from {% data variables.copilot.copilot_autofix_short %}. This allows us to understand how the suggestions generated by the LLM change as the model develops.

content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md

@@ -130,6 +130,7 @@ When {% data variables.copilot.copilot_autofix_short %} is enabled for a reposit
 > * {% data variables.copilot.copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.copilot.copilot_autofix_short %}, see the query tables linked from [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites).
 > * When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an {% data variables.copilot.copilot_autofix_short %} suggestion, you should assume that the LLM has finished identifying potential fixes for your code.
 > * On alerts generated from queries that are not supported by {% data variables.copilot.copilot_autofix_short %}, you will see a note telling you that the query is not supported. If a suggestion for a supported query fails to generate, you will see a note on the alert prompting you to try pushing another commit or to contact support.
+> * {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} alerts won't be able to generate a fix for every alert in every situation. The feature operates on a best-effort basis and is not guaranteed to succeed 100% of the time. For information about the limitations of automatically generated fixes, see [Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions).
 
 Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an {% data variables.copilot.copilot_autofix_short %} comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file.