GitHub has launched the first beta version of a new feature that automatically finds and fixes security vulnerabilities in code while it is being written.
The new feature combines:
The new system is capable of fixing more than two-thirds of the vulnerabilities it finds — often without the need for developers to edit the code themselves. The autocorrector will also cover more than 90% of the alert types in the supported languages. Currently, these are JavaScript, Typescript, Java, and Python.
The new feature is now available to all GitHub Advanced Security users. GitHub notes that it will save developers time that they previously spent on monotonous bug fixing tasks and speed up the development process, as well as relieve security teams and allow them to focus on strategic tasks of protecting their companies.
OpenAI’s built-in GPT-4 model will generate patches and explanations for them. GitHub is convinced that the vast majority of auto-suggestions will be correct, but warns that in a small percentage of cases «there may be a significant misunderstanding of the code base or vulnerability».