PROEVERYTHING & even more
Code Read the original on Infoq 2 min read 0

Microsoft launches Copilot Autofix for Azure DevOps security

Microsoft has launched a limited public preview of Copilot Autofix for GitHub Advanced Security within the Azure DevOps ecosystem. This new tool leverages AI to automatically analyze security vulnerabilities identified by CodeQL and generate proposed code fixes. By creating pull requests directly for developers to review, Microsoft aims to accelerate the remediation process for organizations using Azure Repos. The move signifies a shift from passive vulnerability detection toward active, automated software security management.

#Microsoft #Azure DevOps #GitHub Copilot #Cybersecurity #Artificial Intelligence #Software Development
Білі промислові роботи працюють над складанням електронних компонентів на автоматизованій лінії у світлому цеху.
Білі промислові роботи працюють над складанням електронних компонентів на автоматизованій лінії у світлому цеху. · Image source: Infoq

According to Infoq, Microsoft is expanding its AI-driven security capabilities by bringing Copilot Autofix to teams utilizing Azure Repos. This integration allows the platform to automatically process security alerts and suggest specific code modifications, bridging the gap between identifying a flaw and implementing a solution.

Automated remediation via CodeQL and LLMs

The new feature combines the deep semantic analysis of CodeQL with the generative power of GitHub Copilot’s coding agent. When the system detects a supported security vulnerability, it evaluates the surrounding application context to produce a relevant fix. Instead of merely highlighting a single problematic line, the AI can suggest coordinated changes across multiple files to ensure the underlying issue is fully addressed.

Key features of the Copilot Autofix integration include:

  • Automated analysis of security vulnerabilities identified by CodeQL.
  • Generation of context-aware code fixes using large language models.
  • Automatic creation of pull requests for developer review and merging.
  • Integration with existing Azure DevOps workflows and governance structures.

Bridging the gap in software security

For years, Static Application Security Testing (SAST) tools have been effective at spotting risks but often left developers overwhelmed by the manual work required to interpret results. Microsoft identifies this "last mile" of remediation as a primary bottleneck in secure software delivery. By automating the initial drafting of fixes, Copilot Autofix reduces the time spent on research and manual coding while maintaining human oversight.

While the AI generates the suggestions, Microsoft emphasizes that developers remain responsible for validating every proposed change. Because large language models can occasionally produce incomplete or unintended side effects, all AI-generated pull requests must still pass through standard testing and approval cycles. This approach aligns with a broader industry trend where AI serves as an assistant to accelerate repetitive tasks without bypassing established enterprise compliance and quality assurance protocols.

This release also marks a significant step in narrowing the feature disparity between GitHub and Azure DevOps. By adding AI-generated remediation to the existing suite of secret scanning, dependency scanning, and CodeQL analysis, Microsoft ensures that organizations committed to Azure Repos can access high-level security automation without migrating their entire infrastructure.

FAQ

How does Copilot Autofix handle security vulnerabilities?
The system combines CodeQL semantic analysis with GitHub Copilot's coding agent. It evaluates the application context to produce relevant fixes, which can include coordinated changes across multiple files rather than just a single line of code.
Do developers have to manually write the code for every fix?
No, the tool automatically generates proposed code modifications and creates pull requests. However, developers remain responsible for validating every change because AI-generated suggestions must still pass through standard testing and approval cycles.
What tools are integrated with Copilot Autofix in Azure DevOps?
The integration works alongside existing security features including secret scanning, dependency scanning, and CodeQL analysis to provide high-level security automation for organizations using Azure Repos.
Telegram

Fresh news on our Telegram

Get instant alerts for new posts in «Code»

@procodeandevenmore