GitHub, a Microsoft-owned code hosting platform, has introduced AI-powered security features aimed at helping developers identify and address code vulnerabilities more efficiently. The platform’s GitHub Advanced Security now offers a range of features, with some, like Dependabot, available for public repositories.
In an effort to enhance proactive security measures, GitHub has incorporated AI into its security offering. Developers can benefit from an ‘autofix’ capability, allowing AI-generated fixes for CodeQL, JavaScript, and TypeScript alerts, enabling immediate issue resolution and preventing new vulnerabilities from creeping into codebases.
One notable AI application is the use of the latest LLMs (Language Model Models) to identify leaked passwords with reduced false positives as part of the secret scanning feature, currently in limited public beta. GitHub’s secret scanning program boasts 180 partners and provides over 225 patterns for scanning, with AI making it easier for code maintainers to create custom patterns to detect organization-specific secrets. The platform also updates its security overview dashboard, providing security managers and administrators with an improved view of their security posture, based on risks, remediation, and prevention, harnessing AI to enhance alert relevance and expedite remediation.
GitHub’s Octoverse report highlights a surge in developers’ interest in open source generative AI projects, with a substantial increase in such projects on GitHub, more than doubling in the first half of 2023 compared to the entire previous year.
Developers have transitioned from research to using pre-trained models and APIs to create generative AI-powered applications, opening the door for mainstream adoption. The report indicates that open source developers are poised to drive the next wave of AI innovation on GitHub, with organizations also expected to increasingly use pre-trained AI models as developers become more familiar with them.
Furthermore, GitHub is expanding the use of LLMs for its AI developer tool, GitHub Copilot, introducing Copilot Chat to help developers identify errors and debug code. The offering will be available in December 2023 as part of existing GitHub Copilot subscriptions, including for organizations and individuals, and will be free for verified teachers, students, and maintainers of popular open source projects.
Reference:
