You can now run a security review on your in-flight code changes directly from the GitHub Copilot app. The /security-review
slash command is shipping in public preview, bringing the same AI-driven vulnerability scanning already available in Copilot CLI into your everyday coding workflow.
What it does
/security-review
analyses your current workstream changes and returns:
- High-confidence security findings, scored by severity and confidence.
- Actionable suggestions you can apply and reverify without leaving Copilot.
- A focused, prioritised view so you can fix the issues that matter before code lands.
The scan is tuned to catch common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal and weak cryptography.
Why it matters
The /security-review
command gives you a way to catch issues while you’re still working without leaving your coding environment. It complements GitHub code scanning, Dependabot, and secret scanning by giving you a lightweight, on-demand check on your local changes.
How to try it
Open a project in the Copilot app, make your code changes, and run /security-review
to scan those changes. The command is available to Copilot Free, Pro, Business, and Enterprise users during public preview.
Join the discussion and share your feedback in the GitHub Community.