GitHub Community
Support code auto-fixes for GitHub Code Scanning #52156
Unanswered
HollowMan6
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{title}}
-
Select Topic Area
Product Feedback
Body
It would be great if GitHub Code Scanning can take advantage of the fix object in SARIF reports, showing the proposed fixes from the SARIF report and allowing making commits to the codebase to fix the issues.
I think this feature would be quite useful. The fix object represents a proposed fix for the problem indicated by the Result. It specifies a set of artifacts to modify. For each artifact, it specifies regions to remove, and provides new content to insert.
Currently, I don't think GitHub Code Scanning supports it. I have tested with the SARIF report here which has a fix object.
I can't see any fix options available, neither in a PR:
nor under the security tab:
The wanted suggested fixes can be similar to the PR suggested changes
Beta Was this translation helpful? Give feedback.
All reactions