New Configuration Control for Copilot Validation

GitHub Copilot's coding agent automatically validates generated code against your project's tests, linters, and a suite of security tools. Repository admins can now fine-tune which of these validation checks run, addressing scenarios where specific checks (like CodeQL analysis) may be time-consuming for particular projects.

Validation Tools Available

The coding agent runs the following validation checks by default at no additional charge:

• Test and lint validation – Your project's own tests and linters
• CodeQL analysis – Static code scanning for security vulnerabilities
• Secret scanning – Detection of exposed credentials and tokens
• GitHub Advisory Database checks – Known vulnerability matching
• Copilot code review – AI-powered code quality feedback

These tools require no GitHub Advanced Security license and are enabled automatically.

How to Configure

Repository admins can access validation tool settings via Copilot → Coding agent in the repository settings page. From there, teams can disable specific checks that may be unnecessary or resource-intensive for their workflow. If problems are detected during validation, the coding agent attempts to resolve them automatically before requesting human review.

What Developers Should Know

This feature gives teams greater flexibility in customizing their AI-assisted development workflow. Teams experiencing performance issues with particular validation tools can now disable them without losing other safety benefits.