Compliance monitoring · Production

GitHub explores generative AI for compliance automation in software development pull request workflows

The problem

Many enterprises still manage separation of duties compliance manually, adding steps that slow delivery and innovation, and compliance programs around code reviews have traditionally been very labor and time intensive.

Workflow diagram · grounded in source
1
Developer opens pull request
trigger
“pull requests are part of the existing workflow that millions of developers use daily”
2
AI generates PR description
ai_action
“AI-powered tags are embedded into a pull request description and automatically filled out by GitHub Copilot based on the code which the developers changed”
3
AI reviews code and suggests changes
ai_action
“the GitHub Next team is looking at AI to help review the code and provide suggestions for changes”
4
Human reviewer makes final decision
human_review
“The code reviewer will have everything they need to quickly review the change and decide to either move forward or send the change back”
Reported outcome

GitHub Copilot for Business currently offers AI-based security vulnerability filtering; future capabilities include AI-generated pull request descriptions and AI code review suggestions intended to reduce manual compliance tasks and keep developers in the flow.

Reported metrics
Developer task completion speedcomplete tasks faster
Manual compliance tasksreducing manual tasks
Reported stack
GitHub CopilotGitHub Copilot for Pull RequestsGitHub Copilot for Business
Source
https://github.blog/2023-04-11-generative-ai-enabled-compliance-for-software-development
Read source ↗

Frequently asked questions

What did this team achieve with this AI workflow?

GitHub Copilot for Business currently offers AI-based security vulnerability filtering; future capabilities include AI-generated pull request descriptions and AI code review suggestions intended to reduce manual compl…

What tools did this team use?

GitHub Copilot, GitHub Copilot for Pull Requests, GitHub Copilot for Business.

What results were reported?

Developer task completion speed: complete tasks faster; Manual compliance tasks: reducing manual tasks (source-reported, not independently verified).

How is this compliance monitoring AI workflow structured?

Developer opens pull request → AI generates PR description → AI reviews code and suggests changes → Human reviewer makes final decision.