🛠️

Run Copilot security reviews before code leaves your branch

GitHub's Copilot app now exposes a /security-review command in public preview for scanning in-flight code changes.

Original
Jul 14, 2026
Status & Access
Current access and latest update details.
Access
Free
Updated
Jul 14, 2026, 04:14 PM

GitHub has added a /security-review slash command to the GitHub Copilot app, extending the security-focused review flow beyond the earlier Copilot CLI preview. Use it as a pre-PR or pre-merge check when a branch includes authentication, file upload, payment, dependency, or permission changes.

What to try:

  • Open a project in the Copilot app.
  • Make or load the code changes you want reviewed.
  • Run /security-review and inspect the findings before you create or merge a pull request.
  • Keep normal SAST, dependency scanning, secret scanning, and human review in place.

Limits to remember:

  • GitHub labels the app command as public preview.
  • Copilot code review availability depends on plan and organization policy.
  • AI review can miss issues, especially in framework-specific flows or code paths that need runtime context.
  • Treat findings as triage input, not as a release gate by itself.
Discussion

Sign in to join the discussion and vote on comments.

No comments yet. Start the discussion.
Keep exploring

More from this topic

More in Tools & Apps