Copilot Autofix is available for more code scanning alerts

Copilot Autofix helps you fix code scanning alerts and avoid introducing new security vulnerabilities by using large language models to suggest potential fixes.

We recently expanded the range of CodeQL security alerts where Copilot can suggest an autofix, covering a group that accounts for 29% of all CodeQL alerts. This expansion led to an 8% overall increase in alerts with an available autofix and a 270% increase in autofixes for this specific group of improved alerts. With more autofix suggestions, you can resolve security issues identified by CodeQL more easily—either by applying Copilot’s suggested fix directly or using it as a starting point for your own edits.

We made these improvements by analyzing our usage data to understand the most common types of alerts where Copilot was not suggesting fixes and then made a targeted effort to improve autofix for these alerts. Read more about the testing process that GitHub uses to identify the quality of autofix suggestions.

We continuously evaluate the performance of CodeQL and Copilot Autofix, so look for more improvements in the future.

GitHub Copilot in JetBrains IDEs: @project context and commit message suggestions

The GitHub Copilot plugin for JetBrains IDES now helps you ask questions about your entire codebase, via @project, and Copilot can help you out even more by generating commit message suggestions.

@project context

With @project context, you can ask any question you have about your project, and Github Copilot will read your entire project’s codebase and return detailed answers with references to relevant files and symbols. @project context helps you find the code you’re looking for, understand how functionality is implemented, and much more.

Commit message suggestions

Now GitHub Copilot in JetBrains will generate commit messages for you, helping you craft informative commit messages and saving you that extra bit of time every day. 

UX improvements & bug fixes

This update also includes a few other UX improvements:

  • Chat conversations are now ordered by last modified time.
  • We fixed a bug where chat conversation history was lost after signing out.
  • We fixed color display issues when switching system themes between dark and light. 

Get started and join the discussion

Try out the latest version of the GitHub Copilot plugin and share your thoughts in the GitHub Community. We’d love to hear your feedback!

 

See more

Dependabot helps users focus on the most important alerts by including EPSS scores that indicate likelihood of exploitation, now generally available

Dependabot alerts now feature the Exploit Prediction Scoring System (EPSS) from the global Forum of Incident Response and Security Teams (FIRST), helping you better assess vulnerability risks.

EPSS scores predict the likelihood of a vulnerability being exploited, with scores ranging from 0 to 1 (0 to 100%). Higher scores mean higher risk. We also show the EPSS score percentile, indicating how a vulnerability compares to others.

For example, a 90.534% EPSS score at the 95th percentile means:

  • 90.534% chance of exploitation in the next 30 days
  • 95% of other vulnerabilities are less likely to be exploited

You can use EPSS scores to help prioritize dependency vulnerabilities based on exploit likelihood.

This feature is available on GitHub.com today, and will be available in GitHub Enterprise Server staring with version 3.17.

Learn more in FIRST’s EPSS User Guide.
Join the discussion within GitHub Community.
Read more about viewing, sorting, and filtering Dependabot alerts in GitHub’s Dependabot docs.

See more
View all changes