Skip to content

Commit

Permalink
Merge pull request github#34634 from github/repo-sync
Browse files Browse the repository at this point in the history
Repo sync
  • Loading branch information
docs-bot authored Sep 18, 2024
2 parents 0bfc081 + cb7352c commit 667abc4
Show file tree
Hide file tree
Showing 23 changed files with 39 additions and 55 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,34 +6,29 @@ allowTitleToDifferFromFilename: true
product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
versions:
feature: code-scanning-autofix
fpt: '*'
type: rai
topics:
- Advanced Security
- Code scanning
- CodeQL
- AI
---
<!--Note on the versioning above ^. This article is visible to free, pro, team users for transparency. They cannot use the feature so `fpt` is not included in the feature definition.-->

{% data reusables.rai.code-scanning.autofix-note %}

## About {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}

{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase and from {% data variables.product.prodname_codeql %} analysis.

> [!NOTE]
> While {% data variables.product.prodname_copilot_autofix_short %} is powered by {% data variables.product.prodname_copilot %}, your enterprise does not need a subscription to {% data variables.product.prodname_copilot %} to use {% data variables.product.prodname_copilot_autofix_short %}. As long as your enterprise has {% data variables.product.prodname_GH_advanced_security %}, you will have access to {% data variables.product.prodname_copilot_autofix_short %}.
{% data reusables.rai.code-scanning.copilot-autofix-note %}

{% data variables.product.prodname_copilot_autofix_short %} generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. {% data variables.product.prodname_copilot_autofix_short %} uses internal {% data variables.product.prodname_copilot %} APIs interfacing with the large language model GPT-4o from OpenAI, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.

{% ifversion code-scanning-autofix %}While {% data variables.product.prodname_copilot_autofix_short %} is allowed by default in an enterprise and enabled for every repository using {% data variables.product.prodname_codeql %}, you can choose to opt out and disable {% data variables.product.prodname_copilot_autofix_short %}. To learn how to disable {% data variables.product.prodname_copilot_autofix_short %} at the enterprise, organization and repository levels, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)."{% endif %}
While {% data variables.product.prodname_copilot_autofix_short %} is allowed by default and enabled for every repository using {% data variables.product.prodname_codeql %}, you can choose to opt out and disable {% data variables.product.prodname_copilot_autofix_short %}. To learn how to disable {% data variables.product.prodname_copilot_autofix_short %} at the enterprise, organization and repository levels, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)."

In an organization's security overview dashboard, you can view the total number of code suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights#autofix-suggestions)" in the {% data variables.product.prodname_ghe_cloud %} documentation.

## Developer experience

{% data variables.product.prodname_GH_advanced_security %} users can already see any security alerts detected by {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %} to analyze their pull requests. However, developers often have little training in code security so fixing these alerts requires substantial effort. They must first read and understand the alert location and description, and then use that understanding to edit the source code to fix the vulnerability.
{% data variables.product.prodname_code_scanning_caps %} users can already see any security alerts detected by {% data variables.product.prodname_codeql %} to analyze their pull requests. However, developers often have little training in code security so fixing these alerts requires substantial effort. They must first read and understand the alert location and description, and then use that understanding to edit the source code to fix the vulnerability.

{% data variables.product.prodname_copilot_autofix_short %} lowers the barrier of entry to developers by combining information on best practices with details of the codebase and alert to suggest a potential fix to the developer. Instead of starting with a search for information about the vulnerability, the developer starts with a code suggestion that demonstrates a potential solution for their codebase. The developer evaluates the potential fix to determine whether it is the best solution for their codebase and to ensure that it maintains the intended behavior.

Expand Down Expand Up @@ -120,16 +115,7 @@ It is important to remember that the author of a pull request retains responsibi

## Next steps

{% ifversion code-scanning-autofix %}

* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts-on-a-pull-request)"
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#generating-suggested-fixes-for-code-scanning-alerts)
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)"

{% elsif fpt %}

* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
* [AUTOTITLE](/enterprise-cloud@latest/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts-on-a-pull-request) in the {% data variables.product.prodname_ghe_cloud %} documentation

{% endif %}
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,13 @@ topics:
- AI
---

{% data reusables.rai.code-scanning.autofix-note %}

## About disabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}

{% data variables.product.prodname_copilot_autofix %} is a {% data variables.product.prodname_copilot %}-powered is an expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. To learn more about {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."

{% data variables.product.prodname_copilot_autofix_short %} is allowed by default in an enterprise and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt-out and disable {% data variables.product.prodname_copilot_autofix_short %}.
{% data reusables.rai.code-scanning.copilot-autofix-note %}

{% data variables.product.prodname_copilot_autofix_short %} is allowed by default and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt out and disable {% data variables.product.prodname_copilot_autofix_short %}.

Note that disabling {% data variables.product.prodname_copilot_autofix_short %} at any level will close all open {% data variables.product.prodname_copilot_autofix_short %} comments. If {% data variables.product.prodname_copilot_autofix_short %} is disabled and then subsequently enabled, {% data variables.product.prodname_copilot_autofix_short %} won't automatically suggest fixes for any pull requests that are already open. The suggestions will only be generated for any pull requests that are opened after {% data variables.product.prodname_copilot_autofix_short %} is enabled, or after re-running {% data variables.product.prodname_codeql %} analysis on existing pull requests.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -136,9 +136,9 @@ Alternatively, to track a {% data variables.product.prodname_code_scanning %} al

## Generating suggested fixes for {% data variables.product.prodname_code_scanning %} alerts

{% data reusables.rai.code-scanning.autofix-note %}
{% data variables.product.prodname_copilot_autofix %} can generate fixes for alerts from {% data variables.product.prodname_codeql %} analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."

{% data variables.product.prodname_copilot_autofix %} can generate fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
{% data reusables.rai.code-scanning.copilot-autofix-note %}

{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -132,10 +132,10 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr

## Working with {% data variables.product.prodname_copilot_autofix_short %} suggestions for alerts on a pull request

{% data reusables.rai.code-scanning.autofix-note %}

{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.

{% data reusables.rai.code-scanning.copilot-autofix-note %}

![Screenshot of the check failure for a {% data variables.product.prodname_code_scanning %} alert in a pull request. Part of the "autofix" suggestion is outlined in dark orange.](/assets/images/help/code-scanning/alert+autofix.png)

### Generating {% data variables.product.prodname_copilot_autofix_short %} suggestions and publishing to a pull request
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,4 @@ topics:

{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

{% data reusables.rai.code-scanning.autofix-note %}

{% data reusables.code-scanning.codeql-query-tables.cpp %}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,4 @@ topics:

{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

{% data reusables.rai.code-scanning.autofix-note %}

{% data reusables.code-scanning.codeql-query-tables.csharp %}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,4 @@ topics:

{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

{% data reusables.rai.code-scanning.autofix-note %}

{% data reusables.code-scanning.codeql-query-tables.go %}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,4 @@ topics:

{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

{% data reusables.rai.code-scanning.autofix-note %}

{% data reusables.code-scanning.codeql-query-tables.java %}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,4 @@ topics:

{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

{% data reusables.rai.code-scanning.autofix-note %}

{% data reusables.code-scanning.codeql-query-tables.javascript %}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,4 @@ topics:

{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

{% data reusables.rai.code-scanning.autofix-note %}

{% data reusables.code-scanning.codeql-query-tables.python %}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,4 @@ topics:

{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

{% data reusables.rai.code-scanning.autofix-note %}

{% data reusables.code-scanning.codeql-query-tables.ruby %}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,4 @@ topics:

{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}

{% data reusables.rai.code-scanning.autofix-note %}

{% data reusables.code-scanning.codeql-query-tables.swift %}
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,11 @@ as a plain string.
\[SARIF formats only] Produce pretty-printed SARIF output. By default,
SARIF output is minified to reduce the size of the output file.

#### `--sarif-run-property=<String=String>`

\[SARIF formats only] A key value pair to add to the generated SARIF
'run' property bag. Can be repeated.

#### `--no-group-results`

\[SARIF formats only] Produce one result per message, rather than one
Expand Down Expand Up @@ -197,11 +202,6 @@ Defaults to 1. You can pass 0 to use one thread per core on the machine,
or -_N_ to leave _N_ cores unused (except still use at least one
thread).

#### `--sarif-run-property=<String=String>`

\[SARIF only] A key value pair to add to the generated SARIF 'run'
property bag. Can be repeated.

#### `--column-kind=<columnKind>`

\[SARIF only] The column kind used to interpret location columns. One
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,11 @@ as a plain string.
\[SARIF formats only] Produce pretty-printed SARIF output. By default,
SARIF output is minified to reduce the size of the output file.

#### `--sarif-run-property=<String=String>`

\[SARIF formats only] A key value pair to add to the generated SARIF
'run' property bag. Can be repeated.

#### `--no-group-results`

\[SARIF formats only] Produce one result per message, rather than one
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,8 +101,7 @@ The build mode that will be used to create the database.
Choose your build mode based on the language you are analyzing:
`none`: The database will be created without building the source root.
Available for JavaScript/TypeScript, Python, and Ruby. Also available in
beta for C# and Java.
Available for C#, Java, JavaScript/TypeScript, Python, and Ruby.
`autobuild`: The database will be created by attempting to automatically
build the source root. Available for C/C++, C#, Go, Java/Kotlin, and
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -114,8 +114,7 @@ The build mode that will be used to create the database.
Choose your build mode based on the language you are analyzing:
`none`: The database will be created without building the source root.
Available for JavaScript/TypeScript, Python, and Ruby. Also available in
beta for C# and Java.
Available for C#, Java, JavaScript/TypeScript, Python, and Ruby.
`autobuild`: The database will be created by attempting to automatically
build the source root. Available for C/C++, C#, Go, Java/Kotlin, and
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,11 @@ as a plain string.
\[SARIF formats only] Produce pretty-printed SARIF output. By default,
SARIF output is minified to reduce the size of the output file.

#### `--sarif-run-property=<String=String>`

\[SARIF formats only] A key value pair to add to the generated SARIF
'run' property bag. Can be repeated.

#### `--no-group-results`

\[SARIF formats only] Produce one result per message, rather than one
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ checkout path if it is omitted.
#### `-f, --ref=<ref>`

Name of the ref that was analyzed. If this ref is a pull request merge
commit, then use _refs/pulls/1234/merge_ or _refs/pulls/1234/head_
commit, then use _refs/pull/1234/merge_ or _refs/pull/1234/head_
(depending on whether or not this commit corresponds to the HEAD or
MERGE commit of the PR). Otherwise, this should be a branch:
_refs/heads/branch-name_. If omitted, the CLI will attempt to
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -148,8 +148,6 @@ Alerts that are reopened and re-closed during the chosen time period are ignored

### {% data variables.product.prodname_copilot_autofix_short %} suggestions

{% data reusables.rai.code-scanning.autofix-note %}

{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."

The "{% data variables.product.prodname_copilot_autofix_short %} suggestions" metric is the total number of {% data variables.product.prodname_copilot_autofix_short %} suggestions generated in open and closed pull requests during the chosen time period.
Expand Down
3 changes: 2 additions & 1 deletion data/features/code-scanning-autofix.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# Reference: #11173
# Reference: #11173, and 14966

versions:
ghec: '*'
fpt: '*'
Loading

0 comments on commit 667abc4

Please sign in to comment.