The popular software development hosting service GitHub Inc. today announced multiple new updates and features for its artificial intelligence-powered Copilot tool that will assist coders in their everyday work.

GitHub provides an AI-powered coding tool called Copilot Chat in beta mode, which is attached to a developer’s code editor that acts as a conversational assistant that can help give code suggestions, provide tips, explain code and produce code blocks, which could help them speed the development process. It can even help fix broken code by remediating errors and refactoring older code.

However, it is only aware of the current code the developer is working on and has no scope beyond that. To change this, GitHub announced Copilot Enterprise during its annual GitHub Universe event today. It will connect Copilot Chat to all the code repositories and knowledge bases that a business has, providing it additional context to work from.

“This brings it to the rest of the software development lifecycle,” Ryan Salva, vice president of product at GitHub, told SiliconANGLE in an interview. “It brings it to pull requests and code reviews. It will bring Chat to GitHub.com, where developers can ask about who is contributing to the codebase and where symbols and classes and methods are being used so that they can make sense of their code outside of their code editor.”

To expand on this even further, GitHub is incorporating documentation into its AI tool. To date, the Copilot has focused entirely on being a conversational “pair programmer” that assists with the coding process, but now it can ingest a business’ documentation knowledge base that’s outside the code and configuration, and use that to provide an additional layer of context.

Although developers might be good about commenting their code, there’s often a lot in external documentation that can tell a different story about the best practices of an organization. That includes engineering systems and assets other than code files that describe best practices, or documentation for how to set up development and test environments.

All these documents could be profoundly valuable during the development process and developers may already consult them often. Having these files available to the AI means it can reference them when needed.

Enterprise users will soon be able to fine-tune their models based on their specific organization’s way of doing things, such as their preferred software development kit versions, libraries or programming languages. Salva said GitHub has been experimenting with these customizable models internally for the past year and with external customers for the past few months.

Many different businesses could benefit from this, such as those that have a preference for a specific version of Java and those that use their own internal application programming interfaces, libraries or SDKs. Because most AI models are trained broadly, they are most likely to provide suggestions based on the most current versions of languages and libraries. As a result, the code will not be as accurate as it could be.

“Then there are organizations that are working with codebases that are not well-represented in the public domain, not because they’re proprietary, but because well, often, they’re very old,” said Salva. “They’re the COBOLs and the Fortrans of the world — programming languages that had their heyday before GitHub and public repositories became a thing. Those can benefit quite a bit from fine-tuning.”

Now that the AI system is capable of ingesting additional context from numerous repositories and documents, GitHub has added a new policy engine that will allow administrators to limit what the AI can use for context. This will permit organizations to safely deploy the AI assistant so that it doesn’t reach out into sensitive areas and use anything that they don’t want it to.

GitHub also announced that the AI assistant will be getting more extensible through integrations with third-party developer tools, online services and other knowledge outside of GitHub. Through a new partner program, third parties will be able to connect their services and feed data to the AI assistant. The first phase of the partner program features integrations from Datastax Inc., LaunchDarkly, Postman Inc., Hashicorp Inc. and Datadog Inc.

GitHub Copilot Enterprise is slated for general availability in February 2024 with a subscription cost of $39 per user per month. Copilot Chat itself will also enter general availability as part of the Copilot Business subscription in December 2023 for $19 per user per month.

New AI-powered security features coming to GitHub Advanced Security

Copilot Chat already applies AI-powered vulnerability prevention filters that block insecure code in real-time to make its suggestions more secure. It does this by scanning for and identifying commonly known patterns such as hardcoded secrets, SQL injections and path injections.

But now, GitHub announced that it’s adding AI-powered application security testing to help detect and fix vulnerabilities and secrets in code as part of its Advanced Security offering. Its code-scanning capability will automatically suggest AI-generated fixes using CodeQL, a semantic engine that can query code as if it were data and detect these problems on the fly. The feature is available for JavaScript and TypeScript directly on pull requests.

The AI assistant will offer up a suggestion on how the fix will be done and even offer to do it automatically. All the developer needs to do is review the fix and accept it to have it completed before the code is merged.

An AI secret scanning service has also been added that uses large language models to look through the code to determine if developers accidentally left credentials behind in the code. Normally this can be an arduous process that involves writing specialized pattern-matching regular expressions to discover them, but it turns out that LLMs are very good at finding passwords accidentally leaked in code and revealing them. The same technology can assist developers in building custom regular expressions to help discover secrets.

These new security features are available in preview and will be added to GitHub Advanced Security soon. A waitlist is available.

Photo: Pixabay