In 2024, developers across GitHub used secret scanning to detect more than 39 million secret leaks, according to GitHub’s Octoverse 2024 report.

The most common security vulnerabilities

Alexis Wales, CISO, GitHub

GitHub expects tools like this to improve security across open source and public projects — as well as with closed source, too. So far, Copilot Autofix has helped developers:

  • Fix code vulnerabilities more than three times faster than those who did so manually, reducing time to fix for a pull request-time alert from 1.5 hours to 28 minutes
  • Fix cross-site scripting vulnerabilities seven times faster, reducing time to fix to 22 minutes, compared to almost three hours
  • Fix SQL injection vulnerabilities twelve times faster, cutting time to fix to just 18 minutes, compared to 3.7 hours

According to Wales, GitHub is actively working to harmonize global regulations and build trust in AI-powered software development through several key initiatives:

  1. Public-private partnerships: GitHub is engaging directly with policy makers around the world to have early and upfront conversations about the impact of AI and the needs of the developer community. This helps ensure regulations are informed and current.
  2. Transparency and education: GitHub is focused on providing transparency around its responsible AI practices and policies, as part of Microsoft. This includes publicly sharing its standards and making efforts to educate both policy makers and the public on the value and importance of open source and AI-powered development tools.
  3. Secure software supply chain: GitHub is investing heavily in advanced security features like code scanning, secret scanning, and dependency awareness. The goal is to maintain a secure software ecosystem and proactively address vulnerabilities at scale.
  4. Seamless security integration: GitHub recognizes that developers are not security experts, so it is working to build security tools that integrate seamlessly into developers’ workflows. This helps reduce the security burden on individual developers.
  5. Building trust through community By fostering a strong, global developer community, GitHub aims to amplify the voice of developers and ensure their needs and concerns are represented in policy discussions. This helps build trust between the industry, policy makers, and the public.