Dedicated security review command now available in Copilot CLI

GitHub has released a new experimental `/security-review` slash command for Copilot CLI, now available in public preview, that analyzes local code changes for security vulnerabilities such as injection flaws and cross-site scripting. The command provides high-confidence findings with severity scores and actionable suggestions directly in the terminal, complementing existing tools like GitHub code scanning and Dependabot. Users must enable experimental mode in Copilot CLI to access the feature.

Dedicated security review command now available in Copilot CLI You can now run a security review on your code changes directly from GitHub Copilot CLI. The new /security-review slash command is shipping as an experimental feature in public preview, giving you a fast, AI-driven way to catch security vulnerabilities before they reach production code. What it does what-it-does /security-review analyzes your local code changes and returns: - High-confidence security findings, scored by severity and confidence. - Actionable suggestions you can apply without leaving the terminal. - A focused review that lives in your existing workflow. The scan is tuned to flag common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal, and weak cryptography. This is a Copilot-driven scan that doesn’t rely on GitHub code scanning, Dependabot, or GitHub secret scanning. It complements those tools by giving you a lightweight, on-demand way to review your changes before you commit. This is an experimental command. To try it, turn on experimental mode in Copilot CLI https://github.com/github/copilot-cli experimental-mode , then run /security-review in any project to scan your current changes. Join the discussion and share your feedback within the GitHub Community https://github.com/orgs/community/discussions/196523 .