GitHub enhances security: AI agents check pull requests
(Bild: amgun/ Shutterstock.com)
A new security analysis with AI agents is intended to improve the static checking of pull requests.
GitHub [1] has announced AI support for searching for vulnerabilities in code. An initial preview is expected in early Q2.
The AI agent complements the current static code analysis tool, the database-driven CodeQL, which is limited to a few major languages such as Java, TypeScript, Python, or Go. Now, checking Bash, Dockerfiles, HCL (HashiCorp Configuration Language, used for Terraform, among others), PHP, and others should also be possible. The agent is intended to find code problems such as database commands and SQL queries from arbitrary strings, weak cryptographic implementations, or the disclosure of infrastructure configurations.
In its announcement, GitHub describes [2] that the security mechanism automatically activates with new pull requests and decides whether an analysis is performed via CodeQL query or AI agent. The result is found within the pull request and can be immediately fixed using the Autofix function [3].
(who [4])
Don't miss any news – follow us on Facebook [5], LinkedIn [6] or Mastodon [7].
This article was originally published in German [8]. It was translated with technical assistance and editorially reviewed before publication.
URL dieses Artikels:
https://www.heise.de/-11227294
Links in diesem Artikel:
[1] https://www.heise.de/thema/GitHub
[2] https://github.blog/security/application-security/github-expands-application-security-coverage-with-ai-powered-detections/
[3] https://www.heise.de/news/Mit-KI-gegen-Schwachstellen-im-Sourcecode-GitHub-startet-Code-Scanning-Autofix-9661229.html?from-en=1
[4] mailto:who@heise.de
[5] https://www.facebook.com/heiseonlineEnglish
[6] https://www.linkedin.com/company/104691972
[7] https://social.heise.de/@heiseonlineenglish
[8] https://www.heise.de/news/GitHub-erhoeht-die-Sicherheit-KI-Agenten-pruefen-Pull-Requests-11226834.html
Copyright © 2026 Heise Medien