This new GitHub tool will automatically fix security flaws in your code

GitHub code scanning autofix
(Image credit: GitHub)

GitHub has introduced a new AI-powered code scanning autofix feature, a convenient tool designed to automatically rectify flaws in your code.

The new feature – a blend of CodeQL and GitHub Copilot, the company’s generative AI tool for writing and tweaking code – is designed to address the process of vulnerability remediation during the coding phase with the hope of inspiring developer confidence in their codebase.

Currently available in public beta, code scanning autofix has been automatically enabled for all private repositories among GitHub Advanced Security (GHAS) customers.

GitHub code scanning autofix launches in beta

GitHub’s Pierre Tempel and Eric Tooley, authors of the new announcement, said that the feature is designed to tackle more than 90% of alert types in popular programming languages such as JavaScript, Typescript, Java, and Python, promising to speed up the fixing process with minimal developer intervention.

Tempel and Tooley explained: “When a vulnerability is discovered in a supported language, fix suggestions will include a natural language explanation of the suggested fix, together with a preview of the code suggestion that the developer can accept, edit, or dismiss.”

Moreover, code scanning autofix extends its reach to include changes across multiple files and project dependencies, which is hoped to allow organizations to reduce the burden on security teams, in turn allowing them to focus on more proactive work instead of constantly fighting vulnerabilities. 

The platform has already expressed its commitment to making this an even more valuable tool by promising upcoming support for more languages, including C# and Go.

And of course, because this tool is in beta, the company is also keen to stress that developer feedback is vital to shaping the product, urging customers to share their findings.

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
A profile of a human brain against a digital background.
Securely working with AI-generated code
Gemini Code Assist
What is Gemini Code Assist? Everything we know about the AI coding tool
A laptop screen showing a ChatGPT coding panel
The ChatGPT Mac app just got a massive coding upgrade – and it’s coming to Windows soon
Hands on a laptop with overlaid logos representing network security
How AI-powered remediation can help tackle security debt
AI Education
AI in 2025: Moving beyond code generation to intelligent development platforms
hacker.jpeg
Thousands of GitHub repositories exposed via Microsoft Copilot
Latest in Pro
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks
Hands on a laptop with overlaid logos representing network security
Winning the war on ransomware with multi-layer security
Protection from AI hacker attacks
Maintaining SAP’s confidentiality, integrity, and availability triad
A trough sensor at Overbury farm
“It's wildlife working for you” - how Agri-Tech can help revolutionize British farming as we know it
Latest in News
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons