Get new issues of The GitHub Insider in your inbox. Sign up now →
The GitHub Insider
Goodbye, vulnerabilities  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏
GitHub

In this edition of Insider, we're delving into the strategic approach of “shifting left” in software development with the help of artificial intelligence—to help you deliver safer, more secure applications. 🤖✨

Meme with Andy Dwyer saying I still dont know what shift left means and im too afraid to ask.

Let's strip away the mystique and focus on the nuts and bolts of shifting left for a moment. This isn't magic; it's about strategically positioning yourself in the development process to identify and address potential challenges early on. At GitHub, we think that developers should be able to secure their code as they write it, rather than just fix issues later. Luckily, AI has the power to help transform the way developers create secure applications right from the start.

We recently announced previews for three, brand new AI-powered features within GitHub Advanced Security that radically redefine the traditional notions of shifting left. These include:

👀 Code scanning autofix. With this new feature, AI generates precise, actionable fixes for CodeQL JavaScript and TypeScript alerts in your pull requests. This capability lets you quickly understand vulnerabilities and commit fixes instantly, speeding up issue resolution and preventing new vulnerabilities from creeping into your codebases.

🔒 Secret scanning for leaked passwords. Due to frequent leaks, passwords pose a unique challenge for secret detection and are a prime target for unauthorized access. The latest generation of LLMs presents an opportunity to find these passwords with lower false positives than traditional methods. Secret scanning, now in limited public beta, leverages AI to automatically identify generic or unstructured secrets in your code.

Meme of a dog saying someone figured out my password and now i have to rename my dog.

⏱️ Regular expression generator for custom patterns. Creating regular expressions can be challenging—it’s almost like learning a brand-new, mini-coding language. To streamline how you create and update custom patterns, GitHub now offers an AI-powered experience for crafting custom patterns. All you have to do is answer a few simple questions in a form-based interface, and the tool auto-generates regular expressions. With this feature, you can also execute dry runs in real time to ensure proper scanning before saving the newly created pattern.

While these AppSec features are on the horizon for GitHub customers, you can start securing your code with GitHub Copilot’s security vulnerability prevention features ASAP. In fact, Copilot produces code scanning alerts for vulnerable code, generates suggestions with filters, prevents SQL injections, and more! Check out this video to see Copilot in action.

Video still from a GitHub Copilot security video on LinkedIn

You can also take a look at this article to learn more about why our Chief Security Officer believes that AI is the future of cybersecurity, and some pro tips on how to adopt it safely for your teams. 🔮 💻

Until next time, stay left, stay inventive, and may your code always be ultra secure!

Start securing your code with GitHub Copilot


Secure Code Game

Win a secure code mindset 💪🏽

Writing secure code is an art… that can be improved! Dive into our Secure Code Game to learn how you can easily spot and fix security issues in any of your projects.

Play now

Subscribe to our LinkedIn newsletter 🚀

Do your best work on GitHub. Subscribe to our LinkedIn newsletter, Branching Out_.

Sign up now



Join our security conversations 🤖

Visit our community forum to see what people are saying + offer your own two cents.

Visit now




GitHub

The world’s leading AI-powered developer platform.