Microsoft has rolled out Copilot Autofix in limited private preview for GitHub Advanced Security users still utilizing Azure DevOps. This feature aims to streamline the process of addressing vulnerabilities detected by CodeQL.
Migration Challenges: While many organizations are transitioning their repositories from Azure Repos to GitHub, the process can vary significantly in complexity. Factors such as size, customizations, and compliance requirements influence the migration timeline.
What is Copilot Autofix? This new feature addresses the gap between identifying vulnerabilities and implementing fixes. Previously, developers had to manually research and patch vulnerabilities flagged by CodeQL. With Autofix, an AI-generated fix is suggested right within the Azure DevOps alert experience.
How It Works: When a CodeQL alert is opened in the Advanced Security tab, users will see a new Generate fix button for supported rules. Autofix gathers relevant code context to automatically propose a change, which can be reviewed and committed directly from the alert.
Benefits: This integration simplifies vulnerability management by converting alerts into pull requests without requiring manual intervention. Developers can resolve issues in a matter of minutes, significantly reducing the time from detection to remediation.
Cost Structure: Copilot Autofix is included with GitHub Advanced Security for Azure DevOps licenses. However, each fix generation consumes AI credits from the organization’s Azure billing meter, with costs depending on the complexity of the change.
Next Steps: Organizations interested in this feature can request enrollment in the limited preview. Microsoft plans to onboard customers in waves, providing detailed setup and usage guidance through dedicated documentation.
Future Developments: The team is working on expanding Autofix capabilities to cover all CodeQL alerts across all branches, aiming to enhance the overall code scanning experience.
