Dev Tools · 2h ago
GitHub Copilot Adds Pre-Commit Vulnerability Scanning for All Users
GitHub has introduced a slash command in its Copilot desktop app that scans uncommitted code diffs for five OWASP vulnerability classes, including injection and XSS. The feature is available to all subscribers, including Free tier, and targets the most common flaws in AI-generated code. This move comes as Veracode reports that 45% of AI-generated code introduces at least one vulnerability.
Meridian48 take
GitHub is closing a loop it helped create: its own AI generates vulnerable code, and now it offers a tool to catch it before it reaches the repo, but the scanner's limited scope means it's no substitute for full SAST.
Read the full reporting
GitHub Copilot Now Prevents Vulnerabilities Before Code Commits →
DEV Community
github-copilotvulnerability-scanning