Configuration Control for Validation Tools

GitHub has added configuration options for the Copilot coding agent's automatic validation capabilities. Repository admins can now manage which validation tools run when the agent writes code through a new settings panel in Copilot -> Coding agent section.

What Gets Validated

By default, the Copilot coding agent automatically executes:

• Your project's tests and linter
• CodeQL security analysis
• GitHub Advisory Database checks
• Secret scanning for credential leaks
• Copilot code review quality checks

If any issues are discovered, the agent attempts to resolve them automatically before pausing work and requesting human review.

Key Features

• No additional licensing required: All validation tools are free and don't require a GitHub Advanced Security license
• Granular control: Teams can disable specific checks if needed—for example, if CodeQL analysis creates performance bottlenecks on large projects
• Easy management: Configuration is available directly in repository settings without CLI or configuration files

What Developers Should Know

This feature is particularly useful for teams managing large codebases where certain validation tools (like CodeQL) may add significant analysis time. Repository admins can now balance security and quality checks against development velocity by selectively disabling less critical validations.