
Security reviews now available in the GitHub Copilot app
Quick Answer
GitHub Copilot now includes a /security-review command in public preview, allowing users to analyze code changes for vulnerabilities directly within the app.
Quick Take
GitHub Copilot now includes a /security-review command in public preview, allowing users to analyze code changes for vulnerabilities directly within the app. This feature provides high-confidence findings, actionable suggestions, and prioritizes issues, making it easier to address security concerns before code deployment.
Key Points
- /security-review analyzes in-flight code changes for vulnerabilities.
- Provides high-confidence security findings scored by severity.
- Offers actionable suggestions that can be applied directly in Copilot.
- Catches common vulnerabilities like injection flaws and weak cryptography.
- Available for Copilot Free, Pro, Business, and Enterprise users.
📖 Reader Mode
~1 min readYou can now run a security review on your in-flight code changes directly from the GitHub Copilot app. The /security-review slash command is shipping in public preview, bringing the same AI-driven vulnerability scanning already available in Copilot CLI into your everyday coding workflow.
What it does
/security-review analyses your current workstream changes and returns:
- High-confidence security findings, scored by severity and confidence.
- Actionable suggestions you can apply and reverify without leaving Copilot.
- A focused, prioritised view so you can fix the issues that matter before code lands.
The scan is tuned to catch common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal and weak cryptography.
Why it matters
The /security-review command gives you a way to catch issues while you’re still working without leaving your coding environment. It complements GitHub code scanning, Dependabot, and secret scanning by giving you a lightweight, on-demand check on your local changes.
How to try it
Open a project in the Copilot app, make your code changes, and run /security-review to scan those changes. The command is available to Copilot Free, Pro, Business, and Enterprise users during public preview.
Join the discussion and share your feedback in the GitHub Community.
— Originally published at github.blog
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from GitHub Copilot Changelog
See more →
GitHub Copilot app available to all
The GitHub Copilot app is now accessible to all users across every Copilot plan, including Free and Education. Users can sign in with their GitHub accounts to initiate agent-driven development on macOS, Windows, and Linux, with the option to run sessions using their own model provider without a subscription.

