{"slug": "agentic-autofix-for-code-scanning-alerts-in-public-preview", "title": "Agentic autofix for code scanning alerts in public preview", "summary": "GitHub launched agentic autofix in public preview for code scanning alerts, enabling Copilot to explore codebases, propose fixes, and validate them with CodeQL before opening pull requests. The feature requires GitHub Code Security or Advanced Security and a Copilot license with cloud agent enabled, drawing down AI Credits during the preview.", "body_md": "# Agentic autofix for code scanning alerts in public preview\n\nAgentic autofix is now in public preview for code scanning alerts. It remediates alerts by working across your codebase the way a developer would: it explores relevant files, proposes a fix, and reruns CodeQL to confirm the fix closes the alert before opening a pull request for your review. Agentic autofix is available to organizations with both GitHub Code Security (or GitHub Advanced Security) and a Copilot license with Copilot cloud agent enabled.\n\n[How it works](#how-it-works)\n\nWhen you assign a code scanning alert to Copilot, it:\n\n- Explores relevant files across your codebase.\n- Generates a proposed fix.\n- Validates the fix works by rerunning CodeQL.\n- Iterates if needed, then opens a draft pull request ready for your review.\n\nFix generation typically takes 2–4 minutes. The pull request includes a summary of the fix, why it closes the alert, and the validation steps Copilot took to confirm that it works. When the pull request containing the fix is ready, you can instruct Copilot to make further changes to it by commenting on the pull request or interacting with the session in the **Agents** tab of your repository.\n\n[How to use it](#how-to-use-it)\n\nAgentic autofix replaces the free “Generate Fix” option on individual code scanning alerts with an **Assign to Copilot** button. Because it uses the Copilot cloud agent, it draws down AI Credits.\n\nYou can trigger agentic autofix:\n\n- From any code scanning alert, by assigning the alert to Copilot.\n- In the list of security alerts in your repository, by selecting one or more alerts for Copilot to fix together in a single pull request.\n- Within a security campaign, by selecting one or more alerts for Copilot to fix together in a single pull request.\n- Via the\n[Update a Code Scanning Alert REST API](https://docs.github.com/enterprise-cloud@latest/rest/code-scanning/code-scanning?apiVersion=2026-03-10#update-a-code-scanning-alert)by setting`assignees`\n\nto`[\"copilot-swe-agent[bot]\"]`\n\n.\n\n[Access](#access)\n\nThe public preview of agentic autofix requires:\n\n- An active GitHub Code Security or GitHub Advanced Security license.\n- A Copilot license with Copilot cloud agent enabled.\n\nAn organization or repository admin can turn Copilot Autofix off in Settings, and an enterprise admin can disable it by policy. When disabled via policy, both the classic and agentic autofix experiences are disabled.\n\n[Billing](#billing)\n\nDuring this public preview, agentic autofix draws down your organization’s AI Credits. AI Credits are consumed only when a fix runs, on the alerts you assign to Copilot. Usage for agentic autofix isn’t itemized separately from other Copilot activity during public preview. Learn more about [Copilot usage-based billing](https://docs.github.com/enterprise-cloud@latest/copilot/concepts/billing/usage-based-billing-for-organizations-and-enterprises).\n\nActivity performed by agentic autofix also consumes GitHub Actions minutes.\n\nJoin the discussion within the [GitHub Community](https://github.com/orgs/community/discussions/201446).", "url": "https://wpnews.pro/news/agentic-autofix-for-code-scanning-alerts-in-public-preview", "canonical_source": "https://github.blog/changelog/2026-07-10-agentic-autofix-for-code-scanning-alerts-in-public-preview", "published_at": "2026-07-10 15:49:21+00:00", "updated_at": "2026-07-14 14:31:15.313066+00:00", "lang": "en", "topics": ["ai-tools", "developer-tools", "ai-agents"], "entities": ["GitHub", "Copilot", "CodeQL", "GitHub Code Security", "GitHub Advanced Security"], "alternates": {"html": "https://wpnews.pro/news/agentic-autofix-for-code-scanning-alerts-in-public-preview", "markdown": "https://wpnews.pro/news/agentic-autofix-for-code-scanning-alerts-in-public-preview.md", "text": "https://wpnews.pro/news/agentic-autofix-for-code-scanning-alerts-in-public-preview.txt", "jsonld": "https://wpnews.pro/news/agentic-autofix-for-code-scanning-alerts-in-public-preview.jsonld"}}