Configurable Validation for Copilot Coding Agent

GitHub Copilot's coding agent automatically validates generated code using a comprehensive suite of security and quality tools. When writing code, the agent runs your project's tests and linter alongside GitHub's built-in validation systems.

Validation Tools Now Under Your Control

The coding agent automatically executes:

• CodeQL for static analysis and vulnerability detection
• GitHub Advisory Database checks for known vulnerabilities
• Secret scanning to prevent credential leaks
• Copilot code review for automated code quality assessment

These tools are free, enabled by default, and require no GitHub Advanced Security license. However, development teams sometimes need flexibility—for instance, when CodeQL analysis takes excessive time on large projects.

Configuration Available in Repository Settings

Repository administrators can now customize which validation tools run by accessing the Copilot → Coding agent section in repository settings. This allows teams to disable specific checks when they conflict with project requirements or development workflows, while maintaining essential security controls.

The coding agent will continue to attempt resolution of any problems detected by enabled tools before stopping and requesting manual review.