Security reviews now available in the GitHub Copilot app
You can now run a security review on your in-flight code changes directly from the GitHub Copilot app. The /security-review slash command is shipping in public preview, bringing the same AI-driven vulnerability scanning already available in Copilot CLI into your everyday coding workflow.
What it does
/security-review analyses your current workstream changes and returns:
- High-confidence security findings, scored by severity and confidence.
- Actionable suggestions you can apply and reverify without leaving Copilot.
- A focused, prioritised view so you can fix the issues that matter before code lands.
The scan is tuned to catch common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal and weak cryptography.
Why it matters
The /security-review command gives you a way to catch issues while you’re still working without leaving your coding environment. It complements GitHub code scanning, Dependabot, and secret scanning by giving you a lightweight, on-demand check on your local changes.
How to try it
Open a project in the Copilot app, make your code changes, and run /security-review to scan those changes. The command is available to Copilot Free, Pro, Business, and Enterprise users during public preview.
Join the discussion and share your feedback in the GitHub Community.