github GitHub Changelog ·

GitHub Code Scanning adds AI security detections to PRs

securitypreviewengineer
feature announcement

GitHub Code Scanning now surfaces AI-powered security detections directly on pull requests, expanding vulnerability coverage to new languages and frameworks. This helps teams identify potential issues earlier in the development workflow before merging code. The feature is available in public preview for customers with GitHub Code Security, requires a GitHub Copilot license, and uses AI credits.

  • AI security detections integrated into pull requests
  • Expanded language and framework support
  • Public preview availability and prerequisites
Features (1)
  • AI security detections integrated into pull requests

    GitHub Code Scanning now displays AI-powered security detections on pull requests, offering broader vulnerability coverage for languages and frameworks not supported by CodeQL. These alerts are labeled with 'AI' and appear directly in PRs for review before code merges.

Enhancements (1)
  • Expanded language and framework support

    AI-powered detections extend code scanning capabilities to languages and frameworks beyond CodeQL's native analysis, reducing blind spots in codebase security. Findings are surfaced as the AI detection engine returns them, without requiring a full analysis.

Notes (1)
  • Public preview availability and prerequisites

    This feature is in public preview on github.com for customers with GitHub Code Security. It requires enterprise-level allowance, organization-level enablement, and CodeQL default setup on repositories. A GitHub Copilot license is also required during the preview, and usage consumes AI credits.

Read the original announcement →

https://github.blog/changelog/2026-07-14-code-scanning-shows-ai-security-detections-on-pull-requests

Related releases