Code scanning autofix: Preview Feedback and Resources #111094
Replies: 7 comments 16 replies
-
Love the feature, a couple of questions:
|
Beta Was this translation helpful? Give feedback.
-
When can independent open source maintainers get their hands on this lovely tool? After reading the announcement post, it seems it's intended for enterprise customers? |
Beta Was this translation helpful? Give feedback.
-
How do you create the ````suggestion` with "Outside changed files" targeting line 16 of package.json? |
Beta Was this translation helpful? Give feedback.
-
Hi, great to see this shipped! I hope eventually we can see autofix suggestions directly in an alert and create a PR from there? |
Beta Was this translation helpful? Give feedback.
-
@turbo can we use it with github enterprise plan in which we will have only 1 user/seat, and if not then why you guys are blocking this? Because nowadays in this Ai era everybody is talking about one person company powered by ai and we are not able to use such ai features for us... |
Beta Was this translation helpful? Give feedback.
-
Thanks for this new cool feature! I am (and I believe many developers among us) looking for C# support. Is this something on the roadmap already? Where to get a notification after it's released? |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Welcome to the preview for code scanning autofix!
Autofix is an AI-powered expansion of code scanning that provides users with targeted recommendations to help them fix code scanning alerts in pull requests so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from CodeQL analysis.
Read our announcement blog here
This discussion is the place to provide feedback and ask questions about autofix.
Status
Autofix is available to all GitHub Advanced Security (GHAS) customers. Fix suggestions are available on private repositories with a working code scanning configuration.
Capabilities
Fix suggestions are currently generated for nearly all supported security queries for JavaScript/TypeScript, Java, Python, and C#. We will be adding support for more languages soon. Only new alerts on Pull Requests are considered.
To learn more about the capabilities, limitations, and fix generation process, please refer to our public transparency documentation.
For a more hands-on demo of autofix, take a look at this 5-minute walkthrough we've put together.
Beta Was this translation helpful? Give feedback.
All reactions