Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code scanning: AI-powered autofixes for CodeQL alerts integrated into VS Code #916

Closed
github-product-roadmap opened this issue Jan 31, 2024 · 2 comments
Labels
code scanning Feature: Github Code Scanning codeql Feature: GitHub codeql ga Feature phase: Generally available GitHub Advanced Security (GHAS) Product SKU: GitHub Advanced Security

Comments

@github-product-roadmap
Copy link
Collaborator

github-product-roadmap commented Jan 31, 2024

Summary

By default, code scanning with CodeQL scans code in pull requests, and code on all default/protected branches. We recently shipped our AI-powered autofixes for alerts in pull requests. In the future, code scanning will also provide AI-generated fixes for CodeQL alerts that are present on default and protected branches, outside the pull request experience. To help developers interact with these fixes more easily and quickly, we will integrate alerts and autofixes into VS Code.

Intended Outcome

AI-powered autofixes will help developers fix existing security vulnerabilities on the main or default branches more quickly and with less effort, straight in their code editor on their local machine, without leaving their flow. This helps reduce the number of active vulnerabilities and improves the security posture.

How will it work?

The VS Code extension will integrate code scanning alerts (and autofixes) into VS Code.

@github github locked and limited conversation to collaborators Jan 31, 2024
@github-product-roadmap github-product-roadmap added code scanning Feature: Github Code Scanning codeql Feature: GitHub codeql ga Feature phase: Generally available GitHub Advanced Security (GHAS) Product SKU: GitHub Advanced Security labels Jan 31, 2024
@ankneis ankneis moved this to Q3 2024 – Jul-Sep in GitHub Public Roadmap Jan 31, 2024
@github-product-roadmap github-product-roadmap changed the title Code scanning: AI-powered autofixes for CodeQL alerts on all branches, integrated into VS Code Code scanning: AI-powered autofixes for CodeQL alerts integrated into VS Code May 29, 2024
@ankneis
Copy link
Collaborator

ankneis commented Nov 20, 2024

Please continue to refer to our updated Public Roadmap for the latest ships, including updates on the continuation of these projects.

@ankneis ankneis closed this as not planned Won't fix, can't repro, duplicate, stale Nov 20, 2024
@ankneis
Copy link
Collaborator

ankneis commented Dec 9, 2024

We wanted to provide more details on why we removed this from the roadmap. We are currently focusing on other IDE-related experiences. This has been removed from the roadmap for now, and we will revisit it once we can provide a more accurate delivery estimate.

If you’re interested in this feature, please share your feedback in the GitHub community so we can track interest and consider it in the future.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
code scanning Feature: Github Code Scanning codeql Feature: GitHub codeql ga Feature phase: Generally available GitHub Advanced Security (GHAS) Product SKU: GitHub Advanced Security
Projects
Status: Q2 2025 – Apr-Jun
Development

No branches or pull requests

2 participants