Sentry, GitHub Use AI to Help Fixing Coding Errors
2024-3-21 23:43:14 Author: securityboulevard.com(查看原文) 阅读量:12 收藏

Developers are getting more help detecting and addressing bugs in their code through new AI-based tools that Sentry.io and GitHub each introduced this week.

Sentry unveiled the beta of Autofix, a feature that uses company’s machine learning and AI capabilities and is aimed at debugging errors in production by leveraging what the vendor knows about an organization’s development environment.

“Many generative AI (GenAI) tools (e.g. GitHub Copilot) improve developer productivity in their dev environment, though few have the contextual data Sentry has to help fix errors in production,” Tillman Elser, engineering manager for machine learning and AI, Ben Peven, lead product marketing manager, and Senior Product Manager Rachel Wang wrote in a blog post. “Our new AI-enabled Autofix feature understands what your users are doing when an error occurs, analyzes the error, generates a fix and even opens a pull request for your review.”

They described it as “having a junior developer ready to help on-demand.”

The feature is designed to debug flaws in production; for those who need help in development as well, Elser, Peven, and Wang recommended an AI code review tool from Codecov.

The same day, GitHub, the Microsoft-owned software developer platform and code repository, launched the beta of its code-scanning autofix feature, which is powered by its Copilot AI-based coding tool and CodeQL code analysis engine.

The feature, aimed at bugs in code development, addresses more than 90% of alert types in such programming languages as JavaScript, Typescript, Java, and Python and provides suggestions that are proven for remediating more than two-thirds of code vulnerabilities with little to no editing.

“Even though applications remain a leading attack vector, most organizations admit to an ever-growing number of unremediated vulnerabilities that exist in production repositories,” Pierre Tempel, staff product manager, and Eric Tooley, product marketing lead for GitHub Advanced Security, wrote in a blog post. “Code scanning autofix helps organizations slow the growth of this ‘application security debt’ by making it easier for developers to fix vulnerabilities as they code.”

Developers Adopting Generative AI

This comes as generative AI is having a far-reaching impact on software development, much as it has in most areas of business and IT. A GitHub survey last year found that 92% of developers are using AI coding, adding that “these tools not only improve day-to-day tasks but enable upskilling opportunities, too. Developers see material benefits to using AI tools including improved performance and coding skills, as well as increased team collaboration.”

The effects of the emerging technology will be even more greatly felt in the coming years, with web hosting company DreamHost saying in a report in January that in five years, “AI will likely handle more repetitive coding tasks but not fully replace human judgment and oversight for creating complex software systems.”

Given that, it’s not surprising that vendors are now using generative AI to help track down and remediate bugs in code.

Autofix’s Agent-Based Architecture

Sentry’s Autofix architecture includes a problem-discovery agency that assesses the problem and decides whether it can be fixed by changing the code and a planning agent looks at the error message and codebase to map out a resolution. The plan is sent to execution agents, which will create a fix along with unit tests, which are then reviewed.

Autofix also will ask developers for more information if needed.

“This process is designed to be iterative and transparent – the system will proactively ask for context and feedback as it proceeds and the result of each step is presented in a CI-like interface that should feel familiar to developers,” Elser, Peven, and Wang wrote.

GitHub Security Takes a Leap Forward

For their part, GitHub’s Tempel and Tooley said code-scanning autofix will be “the next leap forward” for a GitHub Advanced Security lineup that already helps developers remediate issues seven times faster than other security tools.

“Our vision for application security is an environment where found means fixed,” they wrote, adding that code-scanning will further reduce the time and effort developers spend on fixing vulnerabilities.

When the tool discovers a flaw in code in one of the languages it supports, suggestions for fixes will be explained in a natural language and will com with a preview of the code suggestion that the developer can either accept, edit, or dismiss. Along with changes to the current file, the suggestions also can include changes to multiple files and dependencies that should be added to the project.

The code suggestions are created with the CodeQL engine and a combination of Copilot APIs and heuristics to generate the recommendations. Tempel and Tooney wrote that the plan is to expand the number of programming languages the tool supports, with C# and Go next on the list.

Recent Articles By Author


文章来源: https://securityboulevard.com/2024/03/sentry-github-use-ai-to-help-fixing-coding-errors/
如有侵权请联系:admin#unsafe.sh