You can now run a security review on your code changes directly from GitHub Copilot CLI. The new /security-review
slash command is shipping as an experimental feature in public preview, giving you a fast, AI-driven way to catch security vulnerabilities before they reach production code.
What it does
/security-review
analyzes your local code changes and returns:
- High-confidence security findings, scored by severity and confidence.
- Actionable suggestions you can apply without leaving the terminal.
- A focused review that lives in your existing workflow.
The scan is tuned to flag common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal, and weak cryptography.
This is a Copilot-driven scan that doesn’t rely on GitHub code scanning, Dependabot, or GitHub secret scanning. It complements those tools by giving you a lightweight, on-demand way to review your changes before you commit.
This is an experimental command. To try it, turn on experimental mode in Copilot CLI, then run /security-review
in any project to scan your current changes.
Join the discussion and share your feedback within the GitHub Community.