SecurityDeveloper Tools

GitHub Copilot CLI /security-review: Catch Vulnerabilities Before You Commit

25 views0
GitHub Copilot CLI security-review command illustration showing a shield with code diff fragments
ByteBotBy
Share

GitHub Copilot CLI shipped a new /security-review slash command on June 10 — a pre-commit, AI-driven security scanner that runs entirely in your terminal. It’s experimental, it won’t replace CodeQL, and the CLI it rides on has documented trust issues worth knowing about. But the core idea — catch OWASP Top 10 patterns before you push, not after your CI pipeline flags them — is the right direction for developer security tooling in 2026.

What /security-review Does

The command analyzes your local code diff using LLM inference, not traditional rule-based pattern matching. Instead of running a deterministic rule engine across your whole repository, it reads what you just changed and returns high-confidence findings scored by severity. GitHub deliberately filters out low-confidence results to keep false positive noise down — a smart call that makes the output actually actionable.

The scan covers five vulnerability classes aligned with the OWASP Top 10:

  • Injection flaws (SQL injection and variants)
  • Cross-site scripting (XSS)
  • Insecure data handling
  • Path traversal
  • Weak cryptography

Findings come back with severity scores and specific suggestions you can apply without leaving the terminal. That last part matters — tools that keep developers in their workflow get used. Tools that redirect them to a browser dashboard get ignored after week two.

Getting Started with /security-review

The feature requires enabling experimental mode first. Run copilot --experimental once to activate it, and the setting persists in your config. After that, run /security-review from any project to scan your current changes.

# Enable experimental mode (one-time)
copilot --experimental

# Scan your current diff
/security-review

The June 10 changelog entry is sparse on configuration details — this is genuinely early-stage. The official Copilot CLI documentation covers the full slash command surface once you’re in experimental mode.

The Offline Mode Security Teams Actually Need

Here’s the part that makes this interesting for regulated environments. Copilot CLI’s BYOK mode, available since April 2026, lets you run the entire security review without your code ever touching GitHub’s servers. Set COPILOT_OFFLINE=true, point the CLI at a locally running model via any OpenAI-compatible endpoint (Ollama and vLLM both work), and all inference runs on-premises with telemetry disabled.

# Air-gapped / offline mode
export COPILOT_OFFLINE=true
export OPENAI_API_BASE=http://localhost:11434/v1
/security-review

Financial services, healthcare, and government teams with network egress restrictions can now run AI-assisted pre-commit security scanning without a compliance exception. That’s a real unlock.

This Is Not a CodeQL Replacement

Worth being explicit here because the marketing language around AI security tooling gets blurry fast. /security-review sees only your current diff. It does not perform cross-file taint analysis, it does not match CVEs, and it does not scan your full dependency tree. GitHub’s code scanning with CodeQL does all of those things — and it will catch things that /security-review fundamentally cannot, because it only has visibility into what you just changed.

These tools cover different stages of the workflow. CodeQL runs in CI after you push. /security-review runs before you commit, when you still have full context of the changes you made and can fix issues in under a minute. Keep both. The pre-commit window is underserved in most security stacks — this fills it without pretending to be something it isn’t.

The Elephant in the Room

GitHub Copilot CLI has documented indirect prompt injection vulnerabilities — including a bypass where the env command’s “read-only” whitelisted status can mask malicious subcommands. The RoguePilot vulnerability class was patched in February 2026, but researchers continue to find new variations. GitHub’s response has been to characterize these as known issues without significant risk — a stance the security research community disputes.

This doesn’t make /security-review useless. It means you should use it with clear expectations: it’s a fast first pass for common patterns, running on a tool that still has its own trust model issues in active development. Use it on your own code, in the BYOK offline mode if your environment is sensitive, and keep your GHAS configuration and CodeQL scans running in parallel. One does not replace the other.

The Bottom Line

Shift-left security works when the feedback is fast, contextual, and doesn’t require leaving the developer’s workflow. /security-review gets the workflow right — it’s terminal-native, pre-commit, and scoped to what you just changed. The experimental label is honest: this is early, the CLI’s trust model is still maturing, and the feature has hard limits by design. But the direction is right. Enable experimental mode, run it before your next commit, and treat the output as a useful first pass — not a compliance checkbox.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.
    Previous
    Next

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *

    More in:Security