You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Agentic autofix is a smarter, more capable way to remediate security alerts with Copilot. Unlike traditional autofix, it doesn’t just suggest a patch; it explores your codebase, validates its own work, and iterates until it’s confident the fix is correct.
How it works
When you assign a code scanning alert to Copilot, it will:
Explore relevant files across your codebase
Generate a proposed fix
Validate the fix by re-running CodeQL, LLM detectors, and linters
Iterate if needed
Open a draft pull request for your review
Fix generation typically takes 2–4 minutes.
The resulting pull request includes:
A summary of the fix
Why the fix closes the alert
The validation steps Copilot took to confirm it works
You can also continue working with Copilot after the PR is opened by commenting directly on the pull request or by interacting with the session in the Agents tab of your repository.
Where you can use it
You can trigger agentic autofix in several places:
From any code scanning alert, by assigning the alert to Copilot
From the list of security alerts in your repository, by selecting one or more alerts for Copilot to fix together in a single pull request
Within a security campaign, by selecting one or more alerts for Copilot to fix together in a single pull request
Via the Update a Code Scanning Alert REST API, by setting assignees to ["copilot-swe-agent[bot]"]
Who can use this
The public preview of agentic autofix requires:
An active GitHub Code Security or GitHub Advanced Security license
A Copilot license with Copilot Coding Agent enabled
Agentic autofix uses Copilot usage-based billing, and tool-calling activity also consumes GitHub Actions minutes.
Have questions, feedback, or early impressions? Drop them in the comments below — we’d love to hear what you think.
🚀 ShippedA feature has been released📣 ANNOUNCEMENTAnnouncements from the GitHub Community teamCode ScanningCode scanning: our code analysis features, powered by the CodeQL engineCode SecurityBuild security into your GitHub workflow with features to keep your codebase secureCopilotCode accurately and faster with your AI powered pair-programmer.Copilot in GitHubCopilot functionality in GitHub Copilot Chat and in github.comsource:uiDiscussions created via Community GitHub templatesCopilot Code ReviewAI-assisted pull request reviews with suggestions.
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Agentic autofix is a smarter, more capable way to remediate security alerts with Copilot. Unlike traditional autofix, it doesn’t just suggest a patch; it explores your codebase, validates its own work, and iterates until it’s confident the fix is correct.
How it works
When you assign a code scanning alert to Copilot, it will:
Fix generation typically takes 2–4 minutes.
The resulting pull request includes:
You can also continue working with Copilot after the PR is opened by commenting directly on the pull request or by interacting with the session in the Agents tab of your repository.
Where you can use it
You can trigger agentic autofix in several places:
assigneesto["copilot-swe-agent[bot]"]Who can use this
The public preview of agentic autofix requires:
Agentic autofix uses Copilot usage-based billing, and tool-calling activity also consumes GitHub Actions minutes.
Have questions, feedback, or early impressions? Drop them in the comments below — we’d love to hear what you think.
Beta Was this translation helpful? Give feedback.
All reactions