From 6e41dc4b4fd61ff5e64aefdd886c86d1dbcd23ee Mon Sep 17 00:00:00 2001 From: Pierre Date: Wed, 8 May 2024 09:23:32 -0700 Subject: [PATCH] Update autofix docs to include Ruby and Go (#50441) --- .../about-autofix-for-codeql-code-scanning.md | 4 ++-- data/reusables/rai/code-scanning/beta-autofix.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md index ca23b52546..048390ba05 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md @@ -43,7 +43,7 @@ After committing a suggested fix or modified fix, the developer should always ve ## Supported languages -{% data variables.product.prodname_code_scanning_caps %} autofix supports fix generation for a subset of queries included in the default query suite for JavaScript, TypeScript, Python, Java, and C#. For more information on the default query suite, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)." +{% data variables.product.prodname_code_scanning_caps %} autofix supports fix generation for a subset of queries included in the default query suite for C#, Go, Java, JavaScript/TypeScript, Python, and Ruby. For more information on the default query suite, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)." ## Autofix generation process @@ -65,7 +65,7 @@ The process of generating fixes does not gather or utilize any customer data bey {% data variables.product.prodname_dotcom %} uses an automated test harness to continuously monitor the quality of autofix suggestions. This allows us to understand how the autofix suggestions generated by the LLM change as the model develops. -The test harness includes a set of over 1,870 alerts from a diverse set of public repositories where the highlighted code has test coverage. Autofix suggestions for these alerts are tested to see how good they are, that is, how much a developer would need to edit them before committing them to the codebase. For many of the test alerts, autofixes generated by the LLM could be committed as-is to fix the alert while continuing to successfully pass all the existing CI tests. +The test harness includes a set of over 2,300 alerts from a diverse set of public repositories where the highlighted code has test coverage. Autofix suggestions for these alerts are tested to see how good they are, that is, how much a developer would need to edit them before committing them to the codebase. For many of the test alerts, autofixes generated by the LLM could be committed as-is to fix the alert while continuing to successfully pass all the existing CI tests. In addition, the system is stress-tested to check for any potential harm (often referred to as red teaming), and a filtering system on the LLM helps prevent potentially harmful suggestions being displayed to users. diff --git a/data/reusables/rai/code-scanning/beta-autofix.md b/data/reusables/rai/code-scanning/beta-autofix.md index 3bb3b53283..c05e1a2968 100644 --- a/data/reusables/rai/code-scanning/beta-autofix.md +++ b/data/reusables/rai/code-scanning/beta-autofix.md @@ -2,7 +2,7 @@ {% note %} -**Note:** {% data variables.product.prodname_dotcom %} autofix for {% data variables.product.prodname_code_scanning %} is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to JavaScript, TypeScript, Python, and Java alerts identified by {% data variables.product.prodname_codeql %}. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, your enterprise has access to the beta. +**Note:** {% data variables.product.prodname_dotcom %} autofix for {% data variables.product.prodname_code_scanning %} is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to C#, Go, Java, JavaScript/TypeScript, Python, and Ruby alerts identified by {% data variables.product.prodname_codeql %}. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, your enterprise has access to the beta. {% endnote %}