Security reviews now available in the GitHub Copilot app — /security-review command in public preview
What's new
- /security-review command: new slash command in Copilot app scans code changes for security vulnerabilities before commit
- AI detections on PRs: code scanning now shows AI-powered security findings directly on the diff in pull requests
- Covered vulnerabilities: injection flaws, XSS, insecure data handling, path traversal, weak cryptography
- Outputs: findings categorized by severity and confidence, with actionable suggestions
- Availability: Copilot Free, Pro, Business, Enterprise — all plans in public preview
Why it matters
Both features move security review into the coding iteration — developers get feedback before code leaves the IDE or branch. Agentic autofix (July 10) additionally enables automated remediation of code scanning alerts across an entire repository.
How to try it
For /security-review: run the command directly in the Copilot app while editing code. PR detections are automatic for repositories with code scanning enabled.
Open original source
GitHub