You can now run a security review on your code changes directly from GitHub Copilot CLI. The new /security-review slash command is shipping as an experimental feature in public preview, giving you a fast, AI-driven way to catch security vulnerabilities before they reach production code.

GitHub Copilot CLI running the /security-review command in a terminal

What it does

/security-review analyzes your local code changes and returns:

  • High-confidence security findings, scored by severity and confidence.
  • Actionable suggestions you can apply without leaving the terminal.
  • A focused review that lives in your existing workflow.

The scan is tuned to flag common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal, and weak cryptography.

This is a Copilot-driven scan that doesn’t rely on GitHub code scanning, Dependabot, or GitHub secret scanning. It complements those tools by giving you a lightweight, on-demand way to review your changes before you commit.

This is an experimental command. To try it, turn on experimental mode in Copilot CLI, then run /security-review in any project to scan your current changes.

Join the discussion and share your feedback within the GitHub Community.