GitHub Copilot coding agent is GitHub’s asynchronous, autonomous developer agent that helps your teams move faster by allowing you to delegate a wide range of tasks to it, including implementing new features, fixing bugs, and improving test coverage.

Copilot coding agent has always included a wide range of built-in security protections, and with this release, we’ve gone even further: new code generated by Copilot coding agent is automatically analyzed by GitHub’s security and quality validation tools.

Copilot coding agent now proactively performs security and quality analysis of code that it creates. When Copilot writes new code, it analyzes it for potential security vulnerabilities using CodeQL, checks any newly-introduced dependencies against the GitHub Advisory Database, and uses secret scanning to detect sensitive information such as API keys and tokens. Copilot also proactively performs a code review to assess it for code quality issues. If the security validation or code review tools find any problems, Copilot attempts to resolve them before finishing the pull request and summarizing the actions taken in the pull request summary.

Automated security and quality validations for Copilot coding agent don’t require a GitHub Advanced Security license or any additional configuration — these security tools are seamlessly included with your normal Copilot coding agent usage. Copilot coding agent is available for all paid Copilot plans and in all repositories stored on GitHub, except repositories owned by managed user accounts where it has been explicitly disabled.