roadmap icon indicating copy to clipboard operation
roadmap copied to clipboard
verified publisher icon github

Code scanning: AI-powered autofixes for CodeQL alerts in PRs

Open github-product-roadmap opened this issue 1 year ago • 0 comments

Summary

Code scanning will propose AI-generated fixes for CodeQL alerts in pull requests. These fixes help developers resolve alerts faster and prevent introducing new vulnerabilities into codebases.

This functionality will be available for all GHAS customers on GitHub.com.

Intended Outcome

Users can fix security vulnerabilities faster with the help of code scanning AI-generated remediation suggestions, which offer a convenient one-click fix option.

The UI will show statistics of generated fixes and suggestions that result in fixing alerts, as well as reasons for not displaying the autofix for the alert. Additionally, the UX will allow users to jump into an editing environment in order for developers to make any adjustments to the proposed fix.

How will it work?

Following the CodeQL analysis, an LLM (GPT 4) will propose a fix for any new alerts where possible. These AI-generated remediation suggestions are then posted as as a code scanning autofix on the PR's 'Conversation' and 'Files Changed' tabs.

github-product-roadmap avatar May 29 '24 20:05 github-product-roadmap