Code scanning: AI-powered autofixes for CodeQL alerts integrated into VS Code

[github-product-roadmap]

Summary

By default, code scanning with CodeQL scans code in pull requests, and code on all default/protected branches. We recently shipped our AI-powered autofixes for alerts in pull requests. In the future, code scanning will also provide AI-generated fixes for CodeQL alerts that are present on default and protected branches, outside the pull request experience. To help developers interact with these fixes more easily and quickly, we will integrate alerts and autofixes into VS Code.

Intended Outcome

AI-powered autofixes will help developers fix existing security vulnerabilities on the main or default branches more quickly and with less effort, straight in their code editor on their local machine, without leaving their flow. This helps reduce the number of active vulnerabilities and improves the security posture.

How will it work?

The VS Code extension will integrate code scanning alerts (and autofixes) into VS Code.

[ankneis]

Please continue to refer to our updated Public Roadmap for the latest ships, including updates on the continuation of these projects.

[ankneis]

We wanted to provide more details on why we removed this from the roadmap. We are currently focusing on other IDE-related experiences. This has been removed from the roadmap for now, and we will revisit it once we can provide a more accurate delivery estimate.

If you’re interested in this feature, please share your feedback in the GitHub community so we can track interest and consider it in the future.