CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and file types.

The GitHub Blog provides updates, announcements, and insights from the world's leading software development platform, covering topics such as new features, community highlights, and industry trends. Developers can learn about GitHub's latest developments, best practices for collaboration, and tips for maximizing productivity on the platform.

GitHub Blog

GitHub is introducing AI-powered security detections in GitHub Code Security to expand vulnerability coverage beyond what CodeQL's static analysis supports alone. The new hybrid detection model adds coverage for Shell/Bash, Dockerfiles, Terraform (HCL), and PHP, surfacing findings directly in pull requests. In internal testing, the system processed over 170,000 findings in 30 days with 80%+ positive developer feedback. Copilot Autofix complements detection by suggesting fixes, having resolved over 460,000 security alerts in 2025 with an average resolution time of 0.66 hours. Public preview is planned for early Q2, with a live demonstration at RSAC.

GitHub expands application security coverage with AI‑powered detections

Expanding application security coverage with static analysis and AI

Bringing expanded security coverage into pull requests

Turning expanded detection into review-ready fixes with Copilot Autofix

Enforce security outcomes at the point of merge