GitHub Copilot security review vs code scanning autofix: when to use each
Quick answer
Use GitHub's AI security features by workflow stage, not by hype.
local or in-flight change
-> run Copilot /security-review for fast high-confidence findings
pull request
-> request Copilot code review and keep CodeQL/code scanning required
new PR coverage gap
-> enable AI security detections where GitHub Code Security and policy allow it
existing code scanning alert
-> use Copilot Autofix or agentic autofix, then review the draft PR like any security change
The important boundary is that none of these tools should become the merge decision. Copilot can review, suggest, label, and open draft pull requests; a human still owns the security judgement, test evidence, and final merge.
Who this is for
This guide is for indie developers and small teams already using GitHub Copilot, CodeQL, or GitHub code scanning, especially when AI-generated code is entering the repository faster than the review process can absorb it.
If the immediate problem is untrusted local code, start with the AI coding agent sandbox checklist. If the problem is a JavaScript js/system-prompt-injection alert, use the CodeQL system prompt injection fix checklist first. This article is about routing the broader GitHub AI security review workflow.
What changed, and why now
GitHub made three security-review surfaces newly relevant in July 2026.
On July 14, GitHub announced that the Copilot app now supports the /security-review slash command in public preview. It scans current workstream changes, returns high-confidence findings with severity and confidence, and is meant to catch issues before code lands. GitHub lists common vulnerability classes such as injection, cross-site scripting, insecure data handling, path traversal, and weak cryptography.
On July 10, GitHub put agentic autofix for code scanning alerts into public preview. Assigning a code scanning alert to Copilot can start a cloud agent session that explores related code, proposes a fix, reruns CodeQL, iterates, and opens a draft pull request. GitHub also documents important limits: it requires Copilot cloud agent and Copilot Autofix availability, consumes AI credits, and validates on a best-effort basis.
On July 14, GitHub also announced AI security detections in code scanning for pull requests. These detections can broaden coverage beyond languages and frameworks supported by CodeQL, appear in pull requests, and are labeled as AI-generated findings. During public preview they are informational and do not block merges.
That creates a practical question: when should a solo developer run a local AI security review, when should they rely on PR code scanning, and when is it worth spending agent credits to fix an alert?
The routing workflow
1. Before commit: run /security-review on the risky diff
Use /security-review when you are still shaping a change and want a fast check on the code you just touched. It is strongest when the diff includes auth logic, file handling, request parsing, payment callbacks, admin actions, AI tool calls, prompt construction, webhooks, or cross-origin browser behavior.
Treat the output as a triage list:
| Finding type | Response |
|---|---|
| Clear bug in changed code | Fix immediately, rerun the review, and add a regression test. |
| Possible issue outside the diff | Open a follow-up issue with file paths and evidence. |
| Framework-specific claim | Verify against framework docs or an existing security test. |
| Vague warning | Do not rewrite blindly; ask for the source, sink, and exploit path. |
For AI-built prototypes, this is the cheapest first gate. It catches obvious classes before you create review noise. It does not replace dependency review, CodeQL, secret scanning, or a manual read of security-sensitive paths.
2. Pull request: combine Copilot review with deterministic checks
Use Copilot code review for PR-level feedback, especially when the change spans multiple files and the reviewer needs a second pass on naming, missing tests, edge cases, and security-sensitive patterns. GitHub's docs make one governance point clear: Copilot code review leaves comment reviews, not approvals or requested changes, so it does not satisfy required approvals.
That is the right default. Keep CodeQL, tests, lint, type checks, secret scanning, and branch protection as deterministic gates. Let Copilot add review comments, but do not let it replace the required human reviewer.
For small teams, a useful PR template section is:
AI security review evidence
- /security-review run on:
- Copilot review requested:
- CodeQL/code scanning status:
- Human-reviewed sensitive files:
- Residual risk:
This keeps the AI result visible without pretending it is the authority.
3. PR coverage gap: use AI security detections carefully
GitHub's AI security detections are designed for places where CodeQL coverage is incomplete. They can be useful for repositories with mixed frameworks, generated code, or languages where you have historically relied on manual review.
Enable them only when the repository already has the basics:
- CodeQL default setup or an equivalent maintained code scanning workflow;
- clear owner for new security findings;
- a policy for AI-labeled findings that separates true positives, false positives, and "needs human review";
- budget awareness, because public-preview usage consumes AI credits;
- no assumption that informational findings block unsafe merges.
The best use is to catch more candidate issues in PRs, not to make the PR merge button smarter.
4. Existing alerts: choose classic autofix or agentic autofix by blast radius
For one isolated alert, Copilot Autofix can be enough: generate a suggested fix, review it, test it, and create a PR. For an alert that spans several files, requires understanding a helper layer, or needs a real validation loop, agentic autofix may be worth the credits.
Use this decision table:
| Alert shape | Best starting point |
|---|---|
| Single-line validation or escaping issue | Classic Copilot Autofix or manual fix |
| Multi-file data-flow alert | Agentic autofix, then strict PR review |
| Auth, payment, tenant isolation, or destructive action | Manual design review before assigning to Copilot |
| Third-party tool alert | Treat agent output as untrusted; GitHub notes fix quality is not guaranteed |
| Custom CodeQL or security-extended query | Require manual validation; agentic autofix may not prove closure |
When Copilot opens a draft PR, inspect the session log, changed files, tests, and CodeQL rerun result. Then run the same security review you would require from a human contributor. A passing scanner can prove a path is no longer detected; it cannot prove the replacement behavior is correct.
The indie developer checklist
Before relying on GitHub AI security tools, write down this minimum operating rule:
AI may find, suggest, and patch.
CI may verify repeatable checks.
Only a human may accept residual security risk.
For each security-sensitive PR, check:
- Was
/security-reviewrun on the final diff, not only an early draft? - Did Copilot code review run after the last push, or does it need a re-review?
- Did CodeQL/code scanning finish on the commit being merged?
- Are AI security detections informational, required, or disabled by policy?
- Did any agentic autofix PR consume credits or Actions minutes unexpectedly?
- Are sensitive files reviewed by a human who understands the product boundary?
- Are prompts, tools, dependencies, and secrets covered by separate checks?
Common mistakes
- Running
/security-reviewonce, then changing the diff without rerunning it. - Treating Copilot review comments as approval evidence.
- Assigning every alert to agentic autofix and burning credits on low-risk one-line fixes.
- Trusting an agentic fix because CodeQL no longer reports the same alert.
- Enabling AI security detections without an owner for triage.
- Mixing security review with broad refactoring in the same PR.
- Forgetting that prompt injection, dependency risk, and runtime authorization need separate review paths.
FAQ
Should /security-review run before every commit?
No. Use it on risky diffs and before opening a PR for AI-generated code, auth, payments, file handling, webhooks, prompt construction, or tool execution. Running it mechanically on every typo change creates noise.
Can agentic autofix replace a security engineer?
No. It can create a draft PR and run validation, but GitHub documents it as best-effort and still requires review. For small teams, treat it as a junior remediation assistant with good tool access, not as the final security owner.
Should AI security detections block merges?
Not by default. GitHub says public-preview AI security detections are informational. Use them to expand visibility, then decide which finding classes deserve branch-protection treatment later.
How does this relate to CodeQL prompt injection alerts?
CodeQL prompt injection alerts are specific source-to-sink findings. Use the dedicated CodeQL prompt injection checklist for remediation, then use this article's routing model to decide whether Copilot review, /security-review, or agentic autofix should participate.
Sources
- GitHub Changelog: Security reviews now available in the GitHub Copilot app: https://github.blog/changelog/2026-07-14-security-reviews-now-available-in-the-github-copilot-app/
- GitHub Changelog: Agentic autofix for code scanning alerts in public preview: https://github.blog/changelog/2026-07-10-agentic-autofix-for-code-scanning-alerts-in-public-preview/
- GitHub Changelog: Code scanning shows AI security detections on pull requests: https://github.blog/changelog/2026-07-14-code-scanning-shows-ai-security-detections-on-pull-requests/
- GitHub Docs: Using GitHub Copilot code review: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review
- GitHub Docs: About autofix for code scanning: https://docs.github.com/en/code-security/concepts/code-scanning/autofix-for-code-scanning
- GitHub Docs: Resolving code scanning alerts: https://docs.github.com/en/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolve-alerts
- GitHub Docs: Risks and mitigations for GitHub Copilot cloud agent: https://docs.github.com/en/copilot/concepts/agents/cloud-agent/risks-and-mitigations
Top comments (0)