{"id":4303,"date":"2026-06-11T15:54:32","date_gmt":"2026-06-11T15:54:32","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/06\/11\/copilot-autofix-for-github-advanced-security-for-azure-devops\/"},"modified":"2026-06-11T15:54:32","modified_gmt":"2026-06-11T15:54:32","slug":"copilot-autofix-for-github-advanced-security-for-azure-devops","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/06\/11\/copilot-autofix-for-github-advanced-security-for-azure-devops\/","title":{"rendered":"Copilot Autofix for GitHub Advanced Security for Azure DevOps"},"content":{"rendered":"

Over the last few years, we\u2019ve encouraged customers to move their repositories from Azure Repos to GitHub, where the newest AI-powered and agentic development experiences land first.<\/p>\n

Migrating isn\u2019t equally simple for everyone. A move to GitHub can range from straightforward to a multi-year program, depending on an organization\u2019s size, customizations, compliance requirements, tooling, and industry constraints. While many customers are actively planning or running migrations today, others aren\u2019t ready yet. They continue to rely on Azure Repos for day-to-day development.<\/p>\n

For teams still building on Azure Repos, here\u2019s what\u2019s new. Copilot Autofix<\/strong> is available today in limited private preview<\/strong> for GitHub Advanced Security for Azure DevOps. To request enrollment, sign up here<\/a>. Enablement is processed in waves, and it may take a few weeks before the functionality is available for your organization. We will notify each customer by email once the feature has been enabled for their organization.<\/p>\n

This phased rollout allows us to closely monitor usage, collect feedback, and validate the experience before making the feature more broadly available.<\/p>\n

Why Autofix<\/h2>\n

Advanced Security has been good at finding vulnerabilities. CodeQL scans your code, flags the SQL injection or the path traversal, and hands you an alert. Until now, fixing it has been the part left to you. You research the vulnerability, work out a safe change, write the patch, and open a pull request. For most teams, that\u2019s where alerts pile up.<\/p>\n

Autofix closes that gap. It uses the same CodeQL engine that finds a vulnerability to generate an AI-suggested fix for it, right in the Azure DevOps alert experience. You review the suggested change, edit it if you need to, and then commit it to a pull request without leaving the alert.<\/p>\n

From scanning to remediation, on the same surface<\/h2>\n

When you open a CodeQL alert in the Advanced Security<\/strong> tab of your repository, you\u2019ll see a new Generate fix<\/strong> button on alerts from supported rules.<\/p>\n

\"copilot<\/a><\/p>\n

Autofix gathers the surrounding code and alert context to return a suggested change automatically as a pull request.<\/p>\n

\"advanced<\/a><\/p>\n

Your usual review and build gates run on the pull request. Once it merges and the next CodeQL scan completes, the alert resolves on its own.<\/p>\n

This works well alongside CodeQL default setup. Default setup turns scanning on without any pipeline configuration, and Autofix then turns the resulting alerts into pull requests without a manual rewrite. Together, they shorten the path from \u201cwe have a vulnerability\u201d to \u201cwe have a fix in review.\u201d A developer can do it in a few minutes.<\/p>\n

What\u2019s in the preview<\/h2>\n

Copilot Autofix at limited private preview covers:<\/p>\n