GitHub Copilot app adds security reviews in public preview
GitHub Copilot app now offers AI-driven security reviews for code changes using the `/security-review` command, currently in public preview. This feature aims to catch high-impact vulnerabilities and provide actionable suggestions before code is committed, complementing existing GitHub security tools. It is available to all Copilot users during the preview period.
- →AI-powered security reviews available in GitHub Copilot app
- →Security reviews provide findings and actionable suggestions
- →Security scanning tuned for common vulnerability classes
- →Security reviews complement existing GitHub security tools
- →How to try the new security review feature
Features (3) ›
- AI-powered security reviews available in GitHub Copilot app
A new `/security-review` slash command allows users to scan in-flight code changes for security vulnerabilities directly within the GitHub Copilot app. The feature is currently shipping in public preview.
- Security reviews provide findings and actionable suggestions
The `/security-review` command analyzes current code changes to identify high-confidence security findings scored by severity and confidence. It offers actionable suggestions for remediation directly within Copilot, allowing for reverification without leaving the coding environment.
- Security scanning tuned for common vulnerability classes
The scan is designed to detect common, high-impact vulnerability types including injection flaws, cross-site scripting (XSS), insecure data handling, path traversal, and weak cryptography.
Notes (2) ›
- Security reviews complement existing GitHub security tools
This new command offers a lightweight, on-demand check for local changes, acting as a complement to GitHub's established tools like code scanning, Dependabot, and secret scanning.
- How to try the new security review feature
Users can try the `/security-review` command by opening a project in the Copilot app, making code changes, and then executing the command. It is available to Copilot Free, Pro, Business, and Enterprise users during the public preview.
https://github.blog/changelog/2026-07-14-security-reviews-now-available-in-the-github-copilot-app
Related releases
- Dependabot adds default cooldown for version updates GitHub Changelog ·
- GitHub Agentic Autofix for Code Scanning Alerts in Public Preview GitHub Changelog ·
- GitHub Code Quality license estimate in public preview GitHub Changelog ·
- GitHub Settings: Separate SSO and Organizations pages GitHub Changelog ·
- CodeQL 2.26.0 adds Kotlin support, AI prompt injection detection GitHub Changelog ·
- GitHub Secret Scanning Detector Types Renamed GitHub Changelog ·