Security campaigns available with the Copilot Autofix tool aim to manage risk and increaase collaboration between developers and security teams.
GitHub has made security campaigns available for GitHub Advanced Security and GitHub Code Security users. Security campaigns help control security debt and manage risk by enabling collaboration between developers and security teams, GitHub said.
Announced April 8 and available in the Copilot Autofix code scanning tool, security campaigns help security and developer teams collaborate on security across an entire codebase, according to GitHub. The feature makes vulnerability remediation quicker and more scalable, the company said.
Security campaigns with Copilot Autofix have been available for public preview since October 2024. With general availability, Github also provided updated capabilities including draft security campaigns, with security managers able to iterate on the scope of campaigns before making them available to developers. The feature also now allows the creation of GitHub issues that are updated automatically as the campaign progresses. Additionally, security managers can now view aggregated statistics showing the progress across both currently active and past campaigns.
Copilot Autofix with security campaigns helps security teams triage and prioritize vulnerabilities, with the ability to generate code suggestions for as many as 1,000 scanning alerts simultaneously, GitHub said. The Autofix tool provides instant remediation suggestions and reduces mean-time to remediation by as much as 60%, said GitHub.
