Copilot CLI: /security-review command scans for vulnerabilities

You can now run a security review on your code changes directly from GitHub Copilot CLI. The new /security-review slash command is shipping as an experimental feature in public preview, giving you a fast, AI-driven way to catch security vulnerabilities before they reach production code.

What it does

/security-review analyzes your local code changes and returns:

• High-confidence security findings, scored by severity and confidence.
• Actionable suggestions you can apply without leaving the terminal.
• A focused review that lives in your existing workflow.

The scan is tuned to flag common, high-impact vulnerability classes such as injection flaws, cross-site scripting, insecure data handling, path traversal, and weak cryptography.

This is a Copilot-driven scan that doesn’t rely on GitHub code scanning, Dependabot, or GitHub secret scanning. It complements those tools by giving you a lightweight, on-demand way to review your changes before you commit.

This is an experimental command. To try it, turn on experimental mode in Copilot CLI, then run /security-review in any project to scan your current changes.

Join the discussion and share your feedback within the GitHub Community.

The post Dedicated security review command now available in Copilot CLI appeared first on The GitHub Blog.