A new feature relying on intelligent machine learning has been launched by GitHub service, which can accelerate the process of fixing security vulnerabilities during programming.
This feature is still under public testing and automatically operates in all repositories owned by Gas Company’s clients.
Known as “Automatic Code Scanning Fix,” the feature assists in addressing over 90% of alerts in JavaScript, Typescript, Java, and Python languages.
The new feature depends on Copilot and CodeQL, which is the semantic analysis engine offered by the GitHub platform to locate security vulnerabilities in code before execution.
The CodeQL platform was made available to the public in late 2019 and has been continuously enhanced over the years. CodeQL has remained free for researchers and open-source developers.
Upon activation of the feature, GitHub provides fixes for security vulnerabilities that might have been discovered during programming, with the company claiming to easily fix over two-thirds of these vulnerabilities without the need for major code modifications.
The platform, which allows developers to create, store, manage, and deploy code instructions, explained: “When a security vulnerability is found in a specific programming language, repair suggestions are provided, including an explanation in Arabic for the proposed fix, along with proposed code modifications that the developer can accept, modify, or reject.”
The instructional suggestions from the feature include changes to the current file, multiple files, and project files.
Implementing this strategy may help reduce the occurrence of recurring security vulnerabilities faced by security teams daily.
This allows security teams to focus on ensuring security rather than needing to utilize unnecessary resources to address new security vulnerabilities that arise during development.
Developers should always be aware of security issue solutions, as the GitHub feature based on artificial intelligence may offer fixes that partially solve the security vulnerability problem or fail to maintain the functionality of the relevant code instructions.
GitHub stated: “The feature aims to assist organizations in reducing security issues by facilitating the process of fixing security vulnerabilities during programming, as well as helping development teams reduce the time needed to fix them.” GitHub plans to add support for additional languages in the coming months.
