Earlier today, Sentry announced its AI Autofix feature for debugging production code and now, a few hours later, GitHub is launching the first beta of its code scanning autofix feature for finding and fixing security vulnerabilities during the coding process.
This new feature combines the real-time capabilities of GitHub’s Copilot with CodeQL, the company’s semantic code analysis engine.
The company also promises that code scanning autofix will cover more than 90% of alert types in the languages it supports, which are currently JavaScript, Typescript, Java, and Python.
“Just as GitHub Copilot relieves developers of tedious and repetitive tasks, code scanning autofix will help development teams reclaim time formerly spent on remediation,” GitHub writes in today’s announcement.
To generate the fixes and their explanations, GitHub uses OpenAI’s GPT-4 model.
Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week.
Mintlify helps developers create documentation for their software and source code by requesting access and tapping directly into the customer’s GitHub source code repositories.
These private tokens allow GitHub users to share their account access with third parties apps, including companies like Mintlify.
“The targets of this attack were GitHub tokens of our users,” Wang told TechCrunch by email.
We are currently working with GitHub and our customers to uncover if any of the other tokens were used by the attacker,” Wang said.
GitHub today announced the general availability of Copilot Enterprise, the $39/month version of its code completion tool and developer-centric chatbot for large businesses.
Many teams already keep their documentation in GitHub repositories today, making it relatively easy for Copilot to reason over it.
On top of talking about today’s release, I also asked Dohmke about his high-level thinking of where Copilot is going next.
“Different use cases require different models.
We will continue going down that path of using the best models for the different pieces of the Copilot experience,” Dohmke said.
Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm that discovered it.
The London-based cybersecurity company said it discovered a Mercedes employee’s authentication token in a public GitHub repository during a routine internet scan in January.
According to Mittal, this token — an alternative to using a password for authenticating to GitHub — could grant anyone full access to Mercedes’s GitHub Enterprise Server, thus allowing the download of the company’s private source code repositories.
“The GitHub token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the internal GitHub Enterprise Server,” Mittal explained in a report shared by TechCrunch.
It’s not known if anyone else besides Mittal discovered the exposed key, which was published in late-September 2023.
Earlier this year, GitHub rolled out Copilot Chat, a ChatGPT-like programming-centric chatbot, for organizations subscribed to Copilot for Business.
Copilot Chat more recently came to individual Copilot customers — those paying $10 per month — in beta.
“And code complete was just the beginning.”Little else about Copilot Chat has changed since the beta.
Developers can prompt Copilot Chat in natural language to get real-time guidance, for example asking Copilot Chat to explain concepts, detect vulnerabilities or write unit tests.
Like all generative AI models, the model underpinning Copilot Chat, GPT-4, was trained on publicly available data — some of which is copyrighted or under a restrictive license.
Confluent, HashiCorp and MongoDB, for example, will provide data to train Duet AI for Developers to help developers with writing code for their platforms.
Google’s overall story around its AI coding tools is essentially the same as from every other vendor.
For now, the company only said that Turing, an ‘AI-powered tech services company,” saw a 33% productivity gain after adopting Duet AI for Developers.
Duet AI for Developers currently supports over 20 languages, including C, C++, Java, JavaScript and Python.
Until the end of January 2024, Duet AI for Developers will be available for free.
Investors appear to be bullish on generative AI technology, with new startups continuing to attract investment. Replit, an IDE startup developing a code-generating AI-powered tool called Ghostwriter, this week raised…
TechGround is your one-stop-shop for all the latest news and information in the technology industry. From breaking news to reviews, product announcements to trends, we have it all. So whether…
GitHub took down a repository containing proprietary source code to Twitter after the social network filed a DMCA takedown request. The username, “FreeSpeechEnthusiast,” seems to be a jab at Elon…
One important trend in the tech industry is the increasing prevalence of artificial intelligence and machine learning. This technology can be used to automate tasks and help make business processes…
