The GitHub Insider

GitHub Copilot helps you find and fix vulnerabilities before they become problems. ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌ ͏‌

Three things can be true at once:

🔒 Everyone knows you should write secure code
❎ No one wants to be the reason for a security breach
😵‍💫 And let’s be honest, making security a priority is hard (like, really hard) when you’ve got a million things on your plate

But here’s the good news: You’re not alone in the security fight. You’ve got GitHub Copilot. In today’s edition of The GitHub Insider, we’ll cover three ways your AI pair programmer can not only help secure your code, but also increase your overall security knowledge. (Thanks @LadyKerr for sharing these tips with us!)

Sort of like a superhero/teacher/helmet-wearing alien friend.

Let’s go!

1. Learn something new with every Copilot suggestion

When Copilot suggests a solution, don’t just accept it automatically—especially if you’re unsure why it works. Follow up with questions like “What does this vulnerability mean?” or “Can you suggest a safer way to do this?” Just like in school, there’s no such thing as a dumb question!

2. Prompt Copilot for secure code examples

When you’re starting on a new feature or handling sensitive data, ask Copilot for secure patterns. For example, you can type a prompt like “Show me how to safely store user passwords in Python” or “What’s the best way to sanitize user input in JavaScript?” Copilot will then suggest code that follows best practices, giving you a safer foundation from the start.

PS: It’s always a good idea to review these suggestions to make sure they reflect your organization’s standards. You can also customize Copilot Chat and the Copilot coding agent to follow your own coding guidelines.

3. Pair Copilot with the security tools you use every day

Copilot Chat is powerful but it’s even more effective when paired with GitHub’s built-in security features. Here are some ways you can use Copilot alongside tools like code scanning and autofix to write more secure code, faster.

Enable code scanning and when the scanner flags an issue, you can ask Copilot for a secure fix.
Pair Copilot’s suggestions with Dependabot to stay ahead of security risks in your supply chain. If you see Copilot recommending a newer version of a package or flagging a deprecated library, take a moment to check your dependencies.
With Copilot Autofix enabled, GitHub will automatically run Copilot when it discovers a problem. Then it will create a pull request with a suggested solution. Once you review the solution, you’ll have the option to accept the pull request and continue on with your work.

For sample prompts, check out our Copilot Chat Cookbook—the section on finding vulnerabilities will be particularly useful for your security studies. Now go forth and secure! 🔒

Explore GitHub’s security features

✨ This newsletter was produced by Gwen Davis. ✨

More to explore 🌎

Join our GitHub Copilot conversations 🤖

Visit our community forum to see what people are saying + offer your own two cents.

Visit now

Stay updated on GitHub products 📦

Discover the latest ships, launches, and improvements in our Changelog.

Explore now

Subscribe to our LinkedIn newsletter 🚀

Do your best work on GitHub. Subscribe to our LinkedIn newsletter, Branching Out_.

The world’s leading AI-powered developer platform.