Copilot Autofix, a new addition to the GitHub Advanced Security service, analyzes vulnerabilities in code and offers code suggestions to help developers fix them. Credit: SkillUp / Shutterstock GitHub has unveiled Copilot Autofix, an AI-powered software vulnerability remediation service as part of its GitHub Advanced Security (GHAS) service. GitHub introduced Copilot Autofix in production on August 14. “Copilot Autofix analyzes vulnerabilities in code, explains why they matter, and offers code suggestions that help developers fix vulnerabilities as fast as they are found,” GitHub said in the announcement. GHAS customers on GitHub Enterprise Cloud already have Copilot Autofix included in their subscription. GitHub has enabled Copilot Autofix by default for these customers in their GHAS code scanning settings. Beginning in September, Copilot Autofix will be offered for free in pull requests to open source projects. During the public beta, which began in March, GitHub found that developers using Copilot Autofix were fixing code vulnerabilities more than three times faster than those doing it manually, demonstrating how AI agents such as Copilot Autofix can radically simplify and accelerate software development. Copilot Autofix can be generated for dozens of classes of vulnerabilities, such as SQL injection and cross-site scripting, which developers can dismiss, edit, or commit in their pull request, the company said. Related content news Microsoft extends Entra ID to WSL, WinGet Iintegration with Entra ID brings identity-based access controls to the distribution and use of Windows Subsystem for Linux and Windows Package Manager in enterprises. By Paul Krill Nov 19, 2024 2 mins Access Control Application Security Identity and Access Management feature A GRC framework for securing generative AI How can enterprises secure and manage the expanding ecosystem of AI applications that touch sensitive business data? Start with a governance framework. By Trevor Welsh Nov 19, 2024 11 mins Generative AI Data Governance Application Security news Java proposals would boost resistance to quantum computing attacks OpenJDK proposals would provide Java implementations of a quantum-resistant module-latticed-based digital signature algorithm and key encapsulation mechanism. By Paul Krill Nov 08, 2024 2 mins Java Quantum Computing Application Security news analysis What Entrust certificate distrust means for developers Secure communications between web browsers and web servers depend on digital certificates backed by certificate authorities. What if the web browsers stop trusting your CA? By Travis Van Oct 30, 2024 9 mins Browser Security Web Development Application Security Resources Videos