docs-bot
@@ -11,7 +11,7 @@ versions:
|
||||
ghec: '*'
|
||||
type: reference
|
||||
---
|
||||
|
||||
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
## About Dockerfile instructions
|
||||
@@ -110,4 +110,4 @@ If you use `CMD` in your `Dockerfile`, follow these guidelines:
|
||||
|
||||
## Supported Linux capabilities
|
||||
|
||||
{% data variables.product.prodname_actions %} supports the default Linux capabilities that Docker supports. Capabilities can't be added or removed. For more information about the default Linux capabilities that Docker supports, see "[Runtime privilege and Linux capabilities](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)" in the Docker documentation. To learn more about Linux capabilities, see "[Overview of Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)" in the Linux man-pages.
|
||||
{% data variables.product.prodname_actions %} supports the default Linux capabilities that Docker supports. Capabilities can't be added or removed. For more information about the default Linux capabilities that Docker supports, see "[Linux kernel capabilities](https://docs.docker.com/engine/security/#linux-kernel-capabilities)" in the Docker documentation. To learn more about Linux capabilities, see "[Overview of Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)" in the Linux man-pages.
|
||||
|
||||
@@ -15,7 +15,7 @@ topics:
|
||||
- Containers
|
||||
- Docker
|
||||
---
|
||||
|
||||
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
## About service containers
|
||||
@@ -32,7 +32,7 @@ You can configure jobs in a workflow to run directly on a runner machine or in a
|
||||
|
||||
### Running jobs in a container
|
||||
|
||||
When you run jobs in a container, {% data variables.product.prodname_dotcom %} connects service containers to the job using Docker's user-defined bridge networks. For more information, see "[Use bridge networks](https://docs.docker.com/network/bridge/)" in the Docker documentation.
|
||||
When you run jobs in a container, {% data variables.product.prodname_dotcom %} connects service containers to the job using Docker's user-defined bridge networks. For more information, see "[Bridge network driver](https://docs.docker.com/engine/network/drivers/bridge/)" in the Docker documentation.
|
||||
|
||||
Running the job and services in a container simplifies network access. You can access a service container using the label you configure in the workflow. The hostname of the service container is automatically mapped to the label name. For example, if you create a service container with the label `redis`, the hostname of the service container is `redis`.
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ If {% data variables.product.prodname_code_scanning %} finds a potential vulnera
|
||||
|
||||
{% ifversion code-scanning-autofix %}
|
||||
|
||||
Autofix will suggest fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories, allowing developers to prevent and reduce vulnerabilities with less effort. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
{% data variables.product.prodname_copilot_autofix %} will suggest fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories, allowing developers to prevent and reduce vulnerabilities with less effort. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
---
|
||||
title: About autofix for CodeQL code scanning
|
||||
shortTitle: Autofix for code scanning
|
||||
title: About Copilot Autofix for CodeQL code scanning
|
||||
shortTitle: Copilot Autofix for code scanning
|
||||
intro: Learn how GitHub uses AI to suggest potential fixes for {% data variables.product.prodname_code_scanning %} alerts found by {% data variables.product.prodname_codeql %}.
|
||||
allowTitleToDifferFromFilename: true
|
||||
product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
|
||||
versions:
|
||||
feature: code-scanning-autofix
|
||||
@@ -17,16 +18,16 @@ topics:
|
||||
|
||||
{% data reusables.rai.code-scanning.autofix-note %}
|
||||
|
||||
## About autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}
|
||||
## About {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_caps %} autofix is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase and from {% data variables.product.prodname_codeql %} analysis.
|
||||
{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase and from {% data variables.product.prodname_codeql %} analysis.
|
||||
|
||||
> [!NOTE]
|
||||
> While {% data variables.product.prodname_code_scanning %} autofix is powered by {% data variables.product.prodname_copilot %}, your enterprise does not need a subscription to {% data variables.product.prodname_copilot %} to use autofix. As long as your enterprise has {% data variables.product.prodname_GH_advanced_security %}, you will have access to autofix.
|
||||
> While {% data variables.product.prodname_copilot_autofix_short %} is powered by {% data variables.product.prodname_copilot %}, your enterprise does not need a subscription to {% data variables.product.prodname_copilot %} to use {% data variables.product.prodname_copilot_autofix_short %}. As long as your enterprise has {% data variables.product.prodname_GH_advanced_security %}, you will have access to {% data variables.product.prodname_copilot_autofix_short %}.
|
||||
|
||||
{% data variables.product.prodname_code_scanning_caps %} autofix generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. Autofix uses internal {% data variables.product.prodname_copilot %} APIs interfacing with the large language model GPT-4o from OpenAI, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.
|
||||
{% data variables.product.prodname_copilot_autofix_short %} generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. {% data variables.product.prodname_copilot_autofix_short %} uses internal {% data variables.product.prodname_copilot %} APIs interfacing with the large language model GPT-4o from OpenAI, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.
|
||||
|
||||
{% ifversion code-scanning-autofix %}While {% data variables.product.prodname_code_scanning %} autofix is allowed by default in an enterprise and enabled for every repository using {% data variables.product.prodname_codeql %}, you can choose to opt out and disable autofix. To learn how to disable autofix at the enterprise, organization and repository levels, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)."{% endif %}
|
||||
{% ifversion code-scanning-autofix %}While {% data variables.product.prodname_copilot_autofix_short %} is allowed by default in an enterprise and enabled for every repository using {% data variables.product.prodname_codeql %}, you can choose to opt out and disable {% data variables.product.prodname_copilot_autofix_short %}. To learn how to disable {% data variables.product.prodname_copilot_autofix_short %} at the enterprise, organization and repository levels, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)."{% endif %}
|
||||
|
||||
In an organization's security overview dashboard, you can view the total number of code suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights#autofix-suggestions)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
|
||||
|
||||
@@ -34,17 +35,17 @@ In an organization's security overview dashboard, you can view the total number
|
||||
|
||||
{% data variables.product.prodname_GH_advanced_security %} users can already see any security alerts detected by {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %} to analyze their pull requests. However, developers often have little training in code security so fixing these alerts requires substantial effort. They must first read and understand the alert location and description, and then use that understanding to edit the source code to fix the vulnerability.
|
||||
|
||||
{% data variables.product.prodname_code_scanning_caps %} autofix lowers the barrier of entry to developers by combining information on best practices with details of the codebase and alert to suggest a potential fix to the developer. Instead of starting with a search for information about the vulnerability, the developer starts with a code suggestion that demonstrates a potential solution for their codebase. The developer evaluates the potential fix to determine whether it is the best solution for their codebase and to ensure that it maintains the intended behavior.
|
||||
{% data variables.product.prodname_copilot_autofix_short %} lowers the barrier of entry to developers by combining information on best practices with details of the codebase and alert to suggest a potential fix to the developer. Instead of starting with a search for information about the vulnerability, the developer starts with a code suggestion that demonstrates a potential solution for their codebase. The developer evaluates the potential fix to determine whether it is the best solution for their codebase and to ensure that it maintains the intended behavior.
|
||||
|
||||
After committing a suggested fix or modified fix, the developer should always verify that continuous integration testing (CI) for the codebase continues to pass and that the alert is shown as resolved before they merge their pull request.
|
||||
|
||||
## Supported languages
|
||||
|
||||
{% data variables.product.prodname_code_scanning_caps %} autofix supports fix generation for a subset of queries included in the default and security-extended query suites for {% data variables.code-scanning.code_scanning_autofix_languages %}. For more information on these query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#built-in-codeql-query-suites)."
|
||||
{% data variables.product.prodname_copilot_autofix_short %} supports fix generation for a subset of queries included in the default and security-extended query suites for {% data variables.code-scanning.code_scanning_autofix_languages %}. For more information on these query suites, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#built-in-codeql-query-suites)."
|
||||
|
||||
## Suggestion generation process
|
||||
|
||||
When autofix is enabled for a repository, {% data variables.product.prodname_code_scanning %} alerts that are identified by supported {% data variables.product.prodname_codeql %} queries send input to the LLM. If the LLM can generate a potential fix, the fix is shown as a suggestion.
|
||||
When {% data variables.product.prodname_copilot_autofix_short %} is enabled for a repository, {% data variables.product.prodname_code_scanning %} alerts that are identified by supported {% data variables.product.prodname_codeql %} queries send input to the LLM. If the LLM can generate a potential fix, the fix is shown as a suggestion.
|
||||
|
||||
{% data variables.product.prodname_dotcom %} sends the LLM a variety of data from the {% data variables.product.prodname_codeql %} analysis.
|
||||
|
||||
@@ -54,13 +55,13 @@ When autofix is enabled for a repository, {% data variables.product.prodname_cod
|
||||
* First ~10 lines from each file involved in any of those locations.
|
||||
* Help text for the {% data variables.product.prodname_codeql %} query that identified the problem. For examples, see “[{% data variables.product.prodname_codeql %} query help](https://codeql.github.com/codeql-query-help/).”
|
||||
|
||||
Any autofix suggestions are generated and stored within the {% data variables.product.prodname_code_scanning %} backend. They are displayed as suggestions. No user interaction is needed beyond enabling {% data variables.product.prodname_code_scanning %} on the codebase and creating a pull request.
|
||||
Any {% data variables.product.prodname_copilot_autofix_short %} suggestions are generated and stored within the {% data variables.product.prodname_code_scanning %} backend. They are displayed as suggestions. No user interaction is needed beyond enabling {% data variables.product.prodname_code_scanning %} on the codebase and creating a pull request.
|
||||
|
||||
The process of generating fixes does not gather or utilize any customer data beyond the scope outlined above. Therefore, the use of this feature is governed by the existing terms and conditions associated with {% data variables.product.prodname_GH_advanced_security %}. Moreover, data handled by {% data variables.product.prodname_code_scanning %} autofix is strictly not employed for LLM training purposes. For more information on {% data variables.product.prodname_GH_advanced_security %} terms and conditions, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security){% ifversion fpt %}."{% else %} in the Free, Pro, & Team documentation.{% endif %}
|
||||
The process of generating fixes does not gather or utilize any customer data beyond the scope outlined above. Therefore, the use of this feature is governed by the existing terms and conditions associated with {% data variables.product.prodname_GH_advanced_security %}. Moreover, data handled by {% data variables.product.prodname_copilot_autofix_short %} is strictly not employed for LLM training purposes. For more information on {% data variables.product.prodname_GH_advanced_security %} terms and conditions, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security){% ifversion fpt %}."{% else %} in the Free, Pro, & Team documentation.{% endif %}
|
||||
|
||||
## Quality of suggestions
|
||||
|
||||
{% data variables.product.prodname_dotcom %} uses an automated test harness to continuously monitor the quality of suggestions from autofix. This allows us to understand how the suggestions generated by the LLM change as the model develops.
|
||||
{% data variables.product.prodname_dotcom %} uses an automated test harness to continuously monitor the quality of suggestions from {% data variables.product.prodname_copilot_autofix_short %}. This allows us to understand how the suggestions generated by the LLM change as the model develops.
|
||||
|
||||
The test harness includes a set of over 2,300 alerts from a diverse set of public repositories where the highlighted code has test coverage. Suggestions for these alerts are tested to see how good they are, that is, how much a developer would need to edit them before committing them to the codebase. For many of the test alerts, suggestions generated by the LLM could be committed as-is to fix the alert while continuing to successfully pass all the existing CI tests.
|
||||
|
||||
@@ -79,20 +80,20 @@ In addition, we spot check many of the successful suggestions and verify that th
|
||||
|
||||
### Effectiveness on other projects
|
||||
|
||||
The test set contains a broad range of different types of projects and alerts. We predict that suggestions for other projects using languages supported by autofix should follow a similar pattern.
|
||||
The test set contains a broad range of different types of projects and alerts. We predict that suggestions for other projects using languages supported by {% data variables.product.prodname_copilot_autofix_short %} should follow a similar pattern.
|
||||
|
||||
* Autofix is likely to add a code suggestion to the majority of alerts.
|
||||
* {% data variables.product.prodname_copilot_autofix_short %} is likely to add a code suggestion to the majority of alerts.
|
||||
* When developers evaluate the suggestions we expect that the majority of fixes can be committed without editing or with minor updates to reflect the wider context of the code.
|
||||
* A small percentage of suggested fixes will reflect a significant misunderstanding of the codebase or the vulnerability.
|
||||
|
||||
However, each project and codebase is unique, so developers may need to edit a larger percentage of suggested fixes before committing them. Autofix provides valuable information to help you resolve {% data variables.product.prodname_code_scanning %} alerts, but ultimately it remains your responsibility to evaluate the proposed change and ensure the security and accuracy of your code.
|
||||
However, each project and codebase is unique, so developers may need to edit a larger percentage of suggested fixes before committing them. {% data variables.product.prodname_copilot_autofix_short %} provides valuable information to help you resolve {% data variables.product.prodname_code_scanning %} alerts, but ultimately it remains your responsibility to evaluate the proposed change and ensure the security and accuracy of your code.
|
||||
|
||||
> [!NOTE]
|
||||
> Fix generation for supported languages is subject to LLM operational capacity. In addition, each suggested fix is tested before it is added to a pull request. If no suggestion is available, or if the suggested fix fails internal testing, then no suggestion is displayed.
|
||||
|
||||
## Limitations of suggestions
|
||||
|
||||
When you review a suggestion from autofix, you must always consider the limitations of AI and edit the changes as needed before you accept the changes. You should also consider updating the CI testing and dependency management for a repository before enabling autofix for {% data variables.product.prodname_code_scanning %}. For more information, see "[Mitigating the limitations of suggestions](#mitigating-the-limitations-of-suggestions)."
|
||||
When you review a suggestion from {% data variables.product.prodname_copilot_autofix_short %}, you must always consider the limitations of AI and edit the changes as needed before you accept the changes. You should also consider updating the CI testing and dependency management for a repository before enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}. For more information, see "[Mitigating the limitations of suggestions](#mitigating-the-limitations-of-suggestions)."
|
||||
|
||||
### Limitations of code suggestions
|
||||
|
||||
@@ -113,7 +114,7 @@ Sometimes a suggested fix includes a change in the dependencies of the codebase.
|
||||
|
||||
## Mitigating the limitations of suggestions
|
||||
|
||||
The best way to mitigate the limitations of suggestions from autofix is to follow best practices. For example, using CI testing of pull requests to verify functional requirements are unaffected and using dependency management solutions, such as the dependency review API and action. For more information, see “[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).”
|
||||
The best way to mitigate the limitations of suggestions from {% data variables.product.prodname_copilot_autofix_short %} is to follow best practices. For example, using CI testing of pull requests to verify functional requirements are unaffected and using dependency management solutions, such as the dependency review API and action. For more information, see “[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).”
|
||||
|
||||
It is important to remember that the author of a pull request retains responsibility for how they respond to review comments and suggested code changes, whether proposed by colleagues or automated tools. Developers should always look at suggestions for code changes critically. If needed, they should edit the suggested changes to ensure that the resulting code and application are correct, secure, meet performance criteria, and satisfy all other functional and non-functional requirements for the application.
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ By default, {% data variables.product.prodname_code_scanning %} analyzes your co
|
||||
|
||||
{% ifversion code-scanning-autofix %}
|
||||
|
||||
You can use autofix to generate fixes automatically for {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#generating-suggested-fixes-for-code-scanning-alerts)."
|
||||
You can use {% data variables.product.prodname_copilot_autofix %} to generate fixes automatically for {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#generating-suggested-fixes-for-code-scanning-alerts)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
---
|
||||
title: Disabling autofix for code scanning
|
||||
shortTitle: Disable autofix
|
||||
intro: You can choose to disallow {% data variables.product.prodname_code_scanning %} autofix for an enterprise or disable autofix at the organization and repository level.
|
||||
title: Disabling Copilot Autofix for code scanning
|
||||
shortTitle: Disable Copilot Autofix
|
||||
allowTitleToDifferFromFilename: true
|
||||
intro: You can choose to disallow {% data variables.product.prodname_copilot_autofix %} for an enterprise or disable {% data variables.product.prodname_copilot_autofix %} at the organization and repository level.
|
||||
product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
|
||||
versions:
|
||||
feature: code-scanning-autofix
|
||||
@@ -15,45 +16,45 @@ topics:
|
||||
|
||||
{% data reusables.rai.code-scanning.autofix-note %}
|
||||
|
||||
## About disabling autofix for {% data variables.product.prodname_code_scanning %}
|
||||
## About disabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_caps %} autofix is a {% data variables.product.prodname_copilot %}-powered is an expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. To learn more about autofix for {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
{% data variables.product.prodname_copilot_autofix %} is a {% data variables.product.prodname_copilot %}-powered is an expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. To learn more about {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
|
||||
{% data variables.product.prodname_code_scanning_caps %} autofix is allowed by default in an enterprise and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt-out and disable autofix.
|
||||
{% data variables.product.prodname_copilot_autofix_short %} is allowed by default in an enterprise and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt-out and disable {% data variables.product.prodname_copilot_autofix_short %}.
|
||||
|
||||
Note that disabling autofix at any level will close all open autofix comments. If autofix is disabled and then subsequently enabled, autofix won't automatically suggest fixes for any pull requests that are already open. The suggestions will only be generated for any pull requests that are opened after autofix is enabled, or after re-running {% data variables.product.prodname_codeql %} analysis on existing pull requests.
|
||||
Note that disabling {% data variables.product.prodname_copilot_autofix_short %} at any level will close all open {% data variables.product.prodname_copilot_autofix_short %} comments. If {% data variables.product.prodname_copilot_autofix_short %} is disabled and then subsequently enabled, {% data variables.product.prodname_copilot_autofix_short %} won't automatically suggest fixes for any pull requests that are already open. The suggestions will only be generated for any pull requests that are opened after {% data variables.product.prodname_copilot_autofix_short %} is enabled, or after re-running {% data variables.product.prodname_codeql %} analysis on existing pull requests.
|
||||
|
||||
## Blocking use of autofix for an enterprise
|
||||
## Blocking use of {% data variables.product.prodname_copilot_autofix_short %} for an enterprise
|
||||
|
||||
Enterprise administrators can disallow autofix for their enterprise. If you disallow autofix for an enterprise, autofix cannot be enabled for any organizations or repositories within the enterprise.
|
||||
Enterprise administrators can disallow {% data variables.product.prodname_copilot_autofix_short %} for their enterprise. If you disallow {% data variables.product.prodname_copilot_autofix_short %} for an enterprise, {% data variables.product.prodname_copilot_autofix_short %} cannot be enabled for any organizations or repositories within the enterprise.
|
||||
|
||||
Note that allowing autofix for an enterprise does not enforce enablement of autofix, but means that organization and repository administrators will have the option to enable or disable autofix.
|
||||
Note that allowing {% data variables.product.prodname_copilot_autofix_short %} for an enterprise does not enforce enablement of {% data variables.product.prodname_copilot_autofix_short %}, but means that organization and repository administrators will have the option to enable or disable {% data variables.product.prodname_copilot_autofix_short %}.
|
||||
|
||||
Disallowing autofix at the enterprise level will remove all open autofix comments across all repositories of all organizations within the enterprise.
|
||||
Disallowing {% data variables.product.prodname_copilot_autofix_short %} at the enterprise level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across all repositories of all organizations within the enterprise.
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.policies-tab %}
|
||||
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
|
||||
1. Under "Autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}", use the dropdown menu to choose "Not allowed."
|
||||
1. Under "{% data variables.product.prodname_copilot_autofix_short %}", use the dropdown menu to choose "Not allowed."
|
||||
|
||||
## Disabling autofix for an organization
|
||||
## Disabling {% data variables.product.prodname_copilot_autofix_short %} for an organization
|
||||
|
||||
If autofix is allowed at the enterprise level, organization administrators have the option to disable autofix for an organization. If you disable autofix for an organization, autofix cannot be enabled for any repositories within the organization.
|
||||
If {% data variables.product.prodname_copilot_autofix_short %} is allowed at the enterprise level, organization administrators have the option to disable {% data variables.product.prodname_copilot_autofix_short %} for an organization. If you disable {% data variables.product.prodname_copilot_autofix_short %} for an organization, {% data variables.product.prodname_copilot_autofix_short %} cannot be enabled for any repositories within the organization.
|
||||
|
||||
Note that disabling autofix at the organization level will remove all open autofix comments across all repositories in the organization.
|
||||
Note that disabling {% data variables.product.prodname_copilot_autofix_short %} at the organization level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across all repositories in the organization.
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**.
|
||||
1. Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **Autofix for {% data variables.product.prodname_codeql %}**.
|
||||
1. Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}**.
|
||||
|
||||
For more information about configuring global {% data variables.product.prodname_code_scanning %} settings, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#configuring-global-code-scanning-settings)."
|
||||
|
||||
## Disabling autofix for a repository
|
||||
## Disabling {% data variables.product.prodname_copilot_autofix_short %} for a repository
|
||||
|
||||
If autofix is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable autofix for a repository. Disabling autofix at the repository level will remove all open autofix comments across the repository.
|
||||
If {% data variables.product.prodname_copilot_autofix_short %} is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable {% data variables.product.prodname_copilot_autofix_short %} for a repository. Disabling {% data variables.product.prodname_copilot_autofix_short %} at the repository level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across the repository.
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-settings %}
|
||||
{% data reusables.user-settings.security-analysis %}
|
||||
1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **Autofix for {% data variables.product.prodname_codeql %}**.
|
||||
1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}**.
|
||||
|
||||
@@ -122,13 +122,13 @@ Alternatively, to track a {% data variables.product.prodname_code_scanning %} al
|
||||
|
||||
{% data reusables.rai.code-scanning.autofix-note %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_caps %} autofix can generate fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
{% data variables.product.prodname_copilot_autofix %} can generate fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-security %}
|
||||
{% data reusables.repositories.sidebar-code-scanning-alerts %}
|
||||
1. Click the name of an alert.
|
||||
1. If autofix can suggest a fix, at the top of the page, click **{% octicon "shield-check" aria-label="Generate fix"%} Generate fix**.
|
||||
1. If {% data variables.product.prodname_copilot_autofix_short %} can suggest a fix, at the top of the page, click **{% octicon "shield-check" aria-label="Generate fix"%} Generate fix**.
|
||||
1. Once the suggested fix has been generated, at the bottom of the page, you can click **Create PR with fix** to automatically generate a pull request with the suggested fix.
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -44,7 +44,7 @@ In repositories where {% data variables.product.prodname_code_scanning %} is con
|
||||
|
||||
{% ifversion code-scanning-autofix %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_caps %} autofix will suggest fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories. For more information on working with suggestions from autofix in pull requests, see "[Working with autofix suggestions for alerts on a pull request](#working-with-autofix-suggestions-for-alerts-on-a-pull-request)."
|
||||
{% data variables.product.prodname_copilot_autofix %} will suggest fixes for alerts from {% data variables.product.prodname_codeql %} analysis in private repositories. For more information on working with suggestions from {% data variables.product.prodname_copilot_autofix_short %} in pull requests, see "[Working with {% data variables.product.prodname_copilot_autofix_short %} suggestions for alerts on a pull request](#working-with-copilot-autofix-suggestions-for-alerts-on-a-pull-request)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -124,34 +124,34 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr
|
||||
|
||||
{% ifversion code-scanning-autofix %}
|
||||
|
||||
## Working with autofix suggestions for alerts on a pull request
|
||||
## Working with {% data variables.product.prodname_copilot_autofix_short %} suggestions for alerts on a pull request
|
||||
|
||||
{% data reusables.rai.code-scanning.autofix-note %}
|
||||
|
||||
Autofix, powered by {% data variables.product.prodname_copilot %}, is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
|
||||
{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
|
||||
|
||||
|
||||
|
||||
### Generating autofix suggestions and publishing to a pull request
|
||||
### Generating {% data variables.product.prodname_copilot_autofix_short %} suggestions and publishing to a pull request
|
||||
|
||||
When autofix is enabled for a repository, alerts are displayed in pull requests as normal and information from any alerts found by {% data variables.product.prodname_codeql %} is automatically sent to the LLM for processing. When LLM analysis is complete, any results are published as comments on relevant alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
When {% data variables.product.prodname_copilot_autofix_short %} is enabled for a repository, alerts are displayed in pull requests as normal and information from any alerts found by {% data variables.product.prodname_codeql %} is automatically sent to the LLM for processing. When LLM analysis is complete, any results are published as comments on relevant alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
|
||||
{% note %}
|
||||
|
||||
**Notes:**
|
||||
* Autofix supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of autofix, see the query tables linked from "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites)."
|
||||
* When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an autofix suggestion, you should assume that the LLM has finished identifying potential fixes for your code.
|
||||
* On alerts generated from queries that are not supported by autofix, you will see a note telling you that the query is not supported. If an autofix suggestion for a supported query fails to generate, you will see a note on the alert prompting you to try pushing another commit or to contact support.
|
||||
* {% data variables.product.prodname_copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.product.prodname_copilot_autofix_short %}, see the query tables linked from "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites)."
|
||||
* When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an {% data variables.product.prodname_copilot_autofix_short %} suggestion, you should assume that the LLM has finished identifying potential fixes for your code.
|
||||
* On alerts generated from queries that are not supported by {% data variables.product.prodname_copilot_autofix_short %}, you will see a note telling you that the query is not supported. If a suggestion for a supported query fails to generate, you will see a note on the alert prompting you to try pushing another commit or to contact support.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an autofix comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file.
|
||||
Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an {% data variables.product.prodname_copilot_autofix_short %} comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file.
|
||||
|
||||
|
||||
|
||||
|
||||
### Assessing and committing an autofix suggestion
|
||||
### Assessing and committing an {% data variables.product.prodname_copilot_autofix_short %} suggestion
|
||||
|
||||
Each autofix suggestion demonstrates a potential solution for a {% data variables.product.prodname_code_scanning %} alert in your codebase. You must assess the suggested changes to determine whether they are a good solution for your codebase and to ensure that they maintain the intended behavior. For information about the limitations of autofix suggestions, see "[Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions)" and "[Mitigating the limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#mitigating-the-limitations-of-suggestions)" in "About autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}."
|
||||
Each {% data variables.product.prodname_copilot_autofix_short %} suggestion demonstrates a potential solution for a {% data variables.product.prodname_code_scanning %} alert in your codebase. You must assess the suggested changes to determine whether they are a good solution for your codebase and to ensure that they maintain the intended behavior. For information about the limitations of {% data variables.product.prodname_copilot_autofix_short %} suggestions, see "[Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions)" and "[Mitigating the limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#mitigating-the-limitations-of-suggestions)" in "About {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}."
|
||||
|
||||
1. Click **Edit** to display the editing options and select your preferred method.
|
||||
* Under **Edit with {% data variables.product.prodname_cli %}**, follow the instructions for checking out the pull request locally and applying the suggested fix.
|
||||
@@ -163,9 +163,9 @@ Each autofix suggestion demonstrates a potential solution for a {% data variable
|
||||
1. When you have finished testing your changes, commit the changes, and push them to your branch.
|
||||
1. Pushing the changes to your branch will trigger all the usual tests for your pull request. Confirm that your unit tests still pass and that the {% data variables.product.prodname_code_scanning %} alert is now fixed.
|
||||
|
||||
### Dismissing an autofix suggestion
|
||||
### Dismissing a {% data variables.product.prodname_copilot_autofix_short %} suggestion
|
||||
|
||||
If you decide to reject an autofix suggestion, click **Dismiss suggestion** in the comment to dismiss the suggested fix.
|
||||
If you decide to reject a {% data variables.product.prodname_copilot_autofix_short %} suggestion, click **Dismiss suggestion** in the comment to dismiss the suggested fix.
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ The built-in {% data variables.product.prodname_codeql %} query suites, `default
|
||||
|
||||
## Query lists for the default query suites
|
||||
|
||||
For each language, the following article lists which queries are included in the `default` and the `security-extended` suites. {% ifversion code-scanning-autofix %}Where autofix is available for a language, details of which queries are supported are also included.{% endif %}
|
||||
For each language, the following article lists which queries are included in the `default` and the `security-extended` suites. {% ifversion code-scanning-autofix %}Where {% data variables.product.prodname_copilot_autofix_short %} is available for a language, details of which queries are supported are also included.{% endif %}
|
||||
|
||||
{% data reusables.code-scanning.codeql-query-tables.links-to-all-tables %}
|
||||
|
||||
|
||||
@@ -68,7 +68,7 @@ To update private dependencies of repositories in your organization, {% data var
|
||||
You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_code_scanning %}:
|
||||
|
||||
* [Recommending the extended query suite for default setup](#recommending-the-extended-query-suite-for-default-setup){% ifversion code-scanning-autofix %}
|
||||
* [Enabling autofix for {% data variables.product.prodname_codeql %}](#enabling-autofix-for-codeql) {% endif %}
|
||||
* [Enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %}](#enabling-copilot-autofix-for-codeql) {% endif %}
|
||||
* [Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests](#setting-a-failure-threshold-for-code-scanning-checks-in-pull-requests)
|
||||
|
||||
### Recommending the extended query suite for default setup
|
||||
@@ -77,9 +77,9 @@ You can customize several {% data variables.product.prodname_global_settings %}
|
||||
|
||||
{% ifversion code-scanning-autofix %}
|
||||
|
||||
### Enabling autofix for {% data variables.product.prodname_codeql %}
|
||||
### Enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %}
|
||||
|
||||
You can select **Autofix for {% data variables.product.prodname_codeql %}** to enable autofix for all the repositories in your organization that use {% data variables.product.prodname_codeql %} default setup or {% data variables.product.prodname_codeql %} advanced setup. Autofix is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %} that suggests fixes for {% data variables.product.prodname_code_scanning %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
You can select **{% data variables.product.prodname_copilot_autofix_short %}** to enable {% data variables.product.prodname_copilot_autofix_short %} for all the repositories in your organization that use {% data variables.product.prodname_codeql %} default setup or {% data variables.product.prodname_codeql %} advanced setup. {% data variables.product.prodname_copilot_autofix_short %} is an expansion of {% data variables.product.prodname_code_scanning %} that suggests fixes for {% data variables.product.prodname_code_scanning %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -146,13 +146,13 @@ Alerts that are reopened and re-closed during the chosen time period are ignored
|
||||
|
||||
{% ifversion code-scanning-autofix %}
|
||||
|
||||
### Autofix suggestions
|
||||
### {% data variables.product.prodname_copilot_autofix_short %} suggestions
|
||||
|
||||
{% data reusables.rai.code-scanning.autofix-note %}
|
||||
|
||||
Autofix, powered by {% data variables.product.prodname_copilot %}, is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
{% data variables.product.prodname_copilot_autofix %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
|
||||
|
||||
The "Autofix suggestions" metric is the total number of autofix suggestions generated in open and closed pull requests during the chosen time period.
|
||||
The "{% data variables.product.prodname_copilot_autofix_short %} suggestions" metric is the total number of {% data variables.product.prodname_copilot_autofix_short %} suggestions generated in open and closed pull requests during the chosen time period.
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% rowheaders %}
|
||||
|
||||
| Query name | Related CWEs | Default | Extended | Autofix |
|
||||
| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| [Bad check for overflow of integer addition](https://codeql.github.com/codeql-query-help/cpp/cpp-bad-addition-overflow-check/) | 190, 192 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Badly bounded write](https://codeql.github.com/codeql-query-help/cpp/cpp-badly-bounded-write/) | 120, 787, 805 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% rowheaders %}
|
||||
|
||||
| Query name | Related CWEs | Default | Extended | Autofix |
|
||||
| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| ['requireSSL' attribute is not set to true](https://codeql.github.com/codeql-query-help/csharp/cs-web-requiressl-not-set/) | 319, 614 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/csharp/cs-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% rowheaders %}
|
||||
|
||||
| Query name | Related CWEs | Default | Extended | Autofix |
|
||||
| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/go/go-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Arbitrary file write extracting an archive containing symbolic links](https://codeql.github.com/codeql-query-help/go/go-unsafe-unzip-symlink/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% rowheaders %}
|
||||
|
||||
| Query name | Related CWEs | Default | Extended | Autofix |
|
||||
| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| [`TrustManager` that accepts all certificates](https://codeql.github.com/codeql-query-help/java/java-insecure-trustmanager/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Android `WebView` that accepts all certificates](https://codeql.github.com/codeql-query-help/java/java-improper-webview-certificate-validation/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% rowheaders %}
|
||||
|
||||
| Query name | Related CWEs | Default | Extended | Autofix |
|
||||
| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/javascript/js-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/javascript/js-bad-tag-filter/) | 020, 080, 116, 184, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% rowheaders %}
|
||||
|
||||
| Query name | Related CWEs | Default | Extended | Autofix |
|
||||
| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| [Accepting unknown SSH host keys when using Paramiko](https://codeql.github.com/codeql-query-help/python/py-paramiko-missing-host-key-validation/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/python/py-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% rowheaders %}
|
||||
|
||||
| Query name | Related CWEs | Default | Extended | Autofix |
|
||||
| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/ruby/rb-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Badly anchored regular expression](https://codeql.github.com/codeql-query-help/ruby/rb-regex-badly-anchored-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% rowheaders %}
|
||||
|
||||
| Query name | Related CWEs | Default | Extended | Autofix |
|
||||
| Query name | Related CWEs | Default | Extended | {% data variables.product.prodname_copilot_autofix_short %} |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/swift/swift-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Cleartext logging of sensitive information](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-logging/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% ifversion code-scanning-autofix or fpt %}
|
||||
|
||||
> [!NOTE]
|
||||
> {% data variables.product.prodname_dotcom %} autofix for {% data variables.product.prodname_code_scanning %} is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to alerts identified by {% data variables.product.prodname_codeql %} for private and internal repositories. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, your enterprise has access to the beta.
|
||||
> {% data variables.product.prodname_copilot_autofix %} is restricted to alerts identified by {% data variables.product.prodname_codeql %} for private and internal repositories. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, your enterprise has access to {% data variables.product.prodname_copilot_autofix_short %}.
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1 +1 @@
|
||||
Autofix for {% data variables.product.prodname_code_scanning %} is available only to {% data variables.product.prodname_ghe_cloud %} users who have {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
|
||||
{% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is available only to {% data variables.product.prodname_ghe_cloud %} users who have {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
|
||||
|
||||
@@ -279,6 +279,8 @@ prodname_copilot_customization: 'Copilot Customization'
|
||||
prodname_copilot_in_support: 'Copilot in GitHub Support'
|
||||
prodname_copilot_sku_isolation: 'Copilot subscription-based network routing'
|
||||
prodname_copilot_autocomplete_pr: 'Copilot text completion'
|
||||
prodname_copilot_autofix: 'GitHub Copilot Autofix'
|
||||
prodname_copilot_autofix_short: 'Copilot Autofix'
|
||||
|
||||
# Command Palette
|
||||
prodname_command_palette: 'GitHub Command Palette'
|
||||
|
||||
8
package-lock.json
generated
8
package-lock.json
generated
@@ -4155,12 +4155,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/axios": {
|
||||
"version": "1.6.2",
|
||||
"resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz",
|
||||
"integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==",
|
||||
"version": "1.7.4",
|
||||
"resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz",
|
||||
"integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"follow-redirects": "^1.15.0",
|
||||
"follow-redirects": "^1.15.6",
|
||||
"form-data": "^4.0.0",
|
||||
"proxy-from-env": "^1.1.0"
|
||||
}
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
"apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
|
||||
"apiRequestEvent": "This event is only available via audit log streaming."
|
||||
},
|
||||
"sha": "13366cfb5779116a03797d9ccc5dcbd8e7df8d0a"
|
||||
"sha": "bafb3e76ab8e53b09d307bcde2960c7d6e87c241"
|
||||
}
|
||||
@@ -198,7 +198,13 @@ function printQueries(options: Options, queries: QueryExtended[]) {
|
||||
const markdown: string[] = []
|
||||
markdown.push('{% rowheaders %}')
|
||||
markdown.push('') // blank line
|
||||
const header = ['Query name', 'Related CWEs', 'Default', 'Extended', 'Autofix']
|
||||
const header = [
|
||||
'Query name',
|
||||
'Related CWEs',
|
||||
'Default',
|
||||
'Extended',
|
||||
'{% data variables.product.prodname_copilot_autofix_short %}',
|
||||
]
|
||||
markdown.push(`| ${header.join(' | ')} |`)
|
||||
markdown.push(`| ${header.map(() => '---').join(' | ')} |`)
|
||||
|
||||
|
||||
@@ -45,16 +45,15 @@ export const SimpleHeader = () => {
|
||||
aria-label="Main"
|
||||
>
|
||||
<div className="d-flex flex-items-center" style={{ zIndex: 3 }} id="github-logo-mobile">
|
||||
<Link href={`/${router.locale}`} passHref legacyBehavior>
|
||||
{/* eslint-disable-next-line jsx-a11y/anchor-is-valid */}
|
||||
<a aria-hidden="true" tabIndex={-1}>
|
||||
<MarkGithubIcon size={32} className="color-fg-default" />
|
||||
</a>
|
||||
<Link href={`/${router.locale}`} aria-hidden="true" tabIndex={-1}>
|
||||
<MarkGithubIcon size={32} className="color-fg-default" />
|
||||
</Link>
|
||||
|
||||
<Link href={`/${router.locale}`} passHref legacyBehavior>
|
||||
{/* eslint-disable-next-line jsx-a11y/anchor-is-valid */}
|
||||
<a className="h4 color-fg-default no-underline no-wrap pl-2">GitHub Docs</a>
|
||||
<Link
|
||||
href={`/${router.locale}`}
|
||||
className="no-underline h4 color-fg-default no-wrap pl-2"
|
||||
>
|
||||
GitHub Docs
|
||||
</Link>
|
||||
</div>
|
||||
</header>
|
||||
|
||||
@@ -8,17 +8,10 @@ const { NODE_ENV } = process.env
|
||||
|
||||
type Props = {
|
||||
locale?: string
|
||||
disableClientTransition?: boolean
|
||||
makeAbsolute?: boolean
|
||||
} & ComponentProps<'a'>
|
||||
export function Link(props: Props) {
|
||||
const {
|
||||
href,
|
||||
locale,
|
||||
disableClientTransition = false,
|
||||
makeAbsolute = false,
|
||||
...restProps
|
||||
} = props
|
||||
const { href, locale, makeAbsolute = false, ...restProps } = props
|
||||
const router = useRouter()
|
||||
const { currentVersion } = useVersion()
|
||||
|
||||
@@ -38,17 +31,12 @@ export function Link(props: Props) {
|
||||
url = `/${locale}${href}`
|
||||
}
|
||||
|
||||
if (disableClientTransition) {
|
||||
return (
|
||||
/* eslint-disable-next-line jsx-a11y/anchor-has-content */
|
||||
<a href={url} rel={isExternal ? 'noopener' : ''} {...restProps} />
|
||||
)
|
||||
}
|
||||
|
||||
return (
|
||||
<NextLink href={url} locale={locale || false} passHref legacyBehavior>
|
||||
{/* eslint-disable-next-line jsx-a11y/anchor-has-content */}
|
||||
<a rel={isExternal ? 'noopener' : ''} {...restProps} />
|
||||
</NextLink>
|
||||
<NextLink
|
||||
href={url}
|
||||
locale={locale || false}
|
||||
rel={isExternal ? 'noopener' : ''}
|
||||
{...restProps}
|
||||
></NextLink>
|
||||
)
|
||||
}
|
||||
|
||||
@@ -32,7 +32,6 @@ export default function GQLExplorer({
|
||||
<AutomatedPageContext.Provider value={automatedPageContext}>
|
||||
<AutomatedPage fullWidth={true}>
|
||||
<div>
|
||||
{/* eslint-disable-next-line jsx-a11y/iframe-has-title */}
|
||||
<iframe
|
||||
ref={graphiqlRef}
|
||||
style={{ height: 715 }}
|
||||
|
||||
Reference in New Issue
Block a user