New Configuration Controls

The Copilot coding agent now includes configurable validation tools that repository admins can manage from the Copilot → Coding agent section in repository settings. This lets teams customize which security and quality checks run when the agent writes code.

What's Being Validated

By default, the coding agent automatically runs a comprehensive suite of validation tools:

• Project tests and linters – Your existing test suite and code quality checks
• GitHub security tools – CodeQL code scanning, the GitHub Advisory Database for known vulnerabilities, and secret scanning
• Copilot code review – AI-powered review of generated code

All of these validation tools are free and enabled by default, requiring no GitHub Advanced Security license.

Why Configuration Matters

While these validations improve code quality and security, some teams may want to disable specific checks. For example, CodeQL analysis can be time-consuming for large or complex projects, potentially slowing down the coding agent's workflow. Now teams can optimize the validation process to match their needs.

Key Takeaway

This change gives repository admins granular control over the Copilot coding agent's behavior without compromising the ability to run essential validations. If the agent encounters problems during any enabled validation, it still attempts to resolve issues before requesting human review.