When Copilot coding agent writes code, it automatically runs your project’s tests and linter. It also runs GitHub’s security and quality validation tools, including CodeQL, the GitHub Advisory Database, secret scanning, and Copilot code review. If any problems are found, Copilot attempts to resolve them before stopping work and requesting review.

These validation tools are free of charge, enabled by default, and don’t require a GitHub Advanced Security license. However, in some cases, teams may want to disable specific checks (e.g., if CodeQL analysis takes a long time for a particular project).

Repository admins can now configure which validation tools the coding agent runs from the Copilot -> Coding agent section in repository settings.