Code scanning autofix: Preview Feedback and Resources #111094
Replies: 15 comments 24 replies
-
Love the feature, a couple of questions:
|
Beta Was this translation helpful? Give feedback.
-
When can independent open source maintainers get their hands on this lovely tool? After reading the announcement post, it seems it's intended for enterprise customers? |
Beta Was this translation helpful? Give feedback.
-
How do you create the ````suggestion` with "Outside changed files" targeting line 16 of package.json? |
Beta Was this translation helpful? Give feedback.
-
Hi, great to see this shipped! I hope eventually we can see autofix suggestions directly in an alert and create a PR from there? |
Beta Was this translation helpful? Give feedback.
-
@turbo can we use it with github enterprise plan in which we will have only 1 user/seat, and if not then why you guys are blocking this? Because nowadays in this Ai era everybody is talking about one person company powered by ai and we are not able to use such ai features for us... |
Beta Was this translation helpful? Give feedback.
-
Thanks for this new cool feature! I am (and I believe many developers among us) looking for C# support. Is this something on the roadmap already? Where to get a notification after it's released? |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Question! I'm wondering if and when this becomes available for its sister product, GitHub Advanced Security for Azure DevOps. What timeframe should we expect? |
Beta Was this translation helpful? Give feedback.
-
I have created several discussion posts related to CodeQL and AutoFix. They are here: "CodeQL XSS False Positives and XSS AutoFix incorrect location for defensive encoding" (#122802) (Now also reported here: github/codeql#16531), here: "CodeQL Findings Should be Reported in Filename Order in Pull Requests" (#123182) (Now also reported here: https://github.com/github/codeql/issues/16530), and here: "Relate Adoption of suggested AutoFixes to CodeQL Findings" (#122838). Some feedback from the GitHub team on these suggested enhancements would be appreciated. Also, rather than creating new Discussions like this, or posting comments here, is there a better/easier way to provide specific CodeQL/AutoFix feedback to the GitHub team, rather than in a public forum? For example, I adopted an AutoFix and it created a compilation error because one of the new methods in the AutoFix throws an additional type of Exception. I want to provide feedback on that specific issue, but posting those details here seems like not the right place for feedback that is super specific like this. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Is there a way to commit multiple suggestions at the same time? There doesn't seem to be a "Add suggestion to batch" as described in the general documentation for applying a suggested change |
Beta Was this translation helpful? Give feedback.
-
Would autofix be coming to public repositories as well? I'd like to try out the new C++ autofixes in my FOSS project and provide feedback. |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
Can we stop highlighting any use of http:// as a security error. |
Beta Was this translation helpful? Give feedback.
-
@turbo can i buy github copilot enterprise to use without enrolling for enterprise seat and if i have team or free plan in any organisation? |
Beta Was this translation helpful? Give feedback.
-
Welcome to the preview for code scanning autofix!
Autofix is an AI-powered expansion of code scanning that provides users with targeted recommendations to help them fix code scanning alerts in pull requests so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from CodeQL analysis.
Read our announcement blog here
This discussion is the place to provide feedback and ask questions about autofix.
Status
Autofix is available to all GitHub Advanced Security (GHAS) customers. Fix suggestions are available on private repositories with a working code scanning configuration.
Capabilities
Fix suggestions are currently generated for nearly all supported security queries for JavaScript/TypeScript, Java, Python, and C#. We will be adding support for more languages soon. Only new alerts on Pull Requests are considered.
To learn more about the capabilities, limitations, and fix generation process, please refer to our public transparency documentation.
For a more hands-on demo of autofix, take a look at this 5-minute walkthrough we've put together.
Beta Was this translation helpful? Give feedback.
All reactions