Security campaigns with Copilot Autofix are now in public preview

Security campaigns with Copilot Autofix are now in public preview. Available as part of GitHub Advanced Security, security campaigns rapidly reduce your backlog of application security debt. By using Copilot Autofix to generate contextual explanations and code suggestions for up to 1,000 historical code scanning alerts at a time, security campaigns help developers and security teams collaborate to fix vulnerabilities with speed and confidence.

Code scanning detection engines such as GitHub’s CodeQL are incredibly effective at automatically notifying developers about potential security vulnerabilities in their code in the form of code scanning alerts. Most developers fix these vulnerabilities with the help of Copilot Autofix when they’re flagged pull requests. However, in situations where these alerts aren’t remediated in a timely manner, security debt can build up and pose a serious risk to deployed applications. Using security campaigns, security teams and developers can easily collaborate to remediate and eradicate security debt at scale, with the help of Copilot Autofix.

A security campaign on GitHub can contain a large number of code scanning alerts, prioritized by your security team to be fixed within a chosen timeframe. When a campaign is created, Copilot Autofix automatically suggests fixes for all supported alerts, and developers who are most familiar with the code are notified. From there, they can review the fixes, open pull requests, and remediate the security debt.

Security teams can monitor the progress of the campaign and track the number of alerts that have been fixed. Using security campaigns, security and developer teams work together with Copilot Autofix to remove security debt in targeted efforts aimed at maximizing impact by focusing on the alerts that matter.

Organization-level view of a security campaign to remediate SQL injection alerts

Security campaigns are available for users of GitHub Advanced Security on GitHub Enterprise Cloud. For more information about security campaigns, see About security campaigns in the GitHub documentation.

If you have any feedback on security campaigns: join the discussion in the GitHub Community.

GitHub Copilot code completion in Xcode

We are excited to announce that GitHub Copilot for Xcode is now available in public preview. This is a major milestone in our ongoing mission to make Copilot an essential tool for developers across a wide variety of platforms. Now, Apple developers can enjoy the same intelligent coding assistance, seamlessly integrated into their favorite IDE. With this public beta, Xcode users can boost productivity, speed up development, and enhance their overall coding experience using Copilot. We’re excited to bring the power of Copilot to even more developers, empowering them to innovate and build faster.

Key features of GitHub Copilot for Xcode:

  • Code completions: Copilot is now seamlessly embedded within Xcode, providing real-time code suggestions as you type.
  • Multi-language support: GitHub Copilot for Xcode supports multiple programming languages commonly used in the Apple ecosystem, including Swift and Objective-C. This broad language support ensures that all developers, regardless of their preferred language, can benefit from Copilot’s intelligent assistance.
  • Multiline suggestions: By default, you’ll see a single-line suggestion, but if multiple-line suggestions are available, you can access them by holding the Option key and pressing Option + Tab to accept the full suggestion.
  • Content filtering: Copilot includes advanced filters to screen out harmful or inappropriate content from its suggestions. This ensures that all code recommendations adhere to professional standards and contribute to a safe, respectful coding environment.
  • Block suggestions matching public code: You have the option to activate our duplicate detection filter that blocks suggestions matching public code on GitHub.

Video of code completion in Xcode

How to get started

You need to have a Copilot license to get access to Copilot for Xcode. All Copilot individual, business, and enterprise users have access to the public beta. To install the extension, simply follow the steps outlined in our getting started guide.

Feedback

To provide feedback or report issues, please open an issue on GitHub at https://github.com/github/CopilotForXcode/issues. If you’re experiencing a similar problem, please check existing issues and add a comment to share your experience or ask questions.

Join the Community

Connect with other developers, share tips, and discuss other updates to Copilot in our dedicated Copilot Community Discussions.

See more

With GitHub Copilot code review in Visual Studio Code, you can now get fast, AI-powered feedback on your code as you write it, or request a review of all your changes before you push.

There are two ways to use Copilot code review in VS Code:

  • Review selection: highlight code in VS Code and ask for an initial review. (Available now to all Copilot subscribers)
  • Review changes: ask Copilot for a deeper review of all your changes before you push from the “Source Control” tab, which you can also do in your pull request on GitHub.com. (Join the waitlist, open to all Copilot subscribers)

Copilot’s feedback shows up as comments in the editor, attached to lines of your code. Where possible, the comments include actionable code suggestions, which you can apply in one click.

A comment from Copilot in Visual Studio Code

To learn more about Copilot code review, head to the docs.

See more