[2026-03-18] Repository admins can disable Copilot coding agent's validation tools, which are enabled by default (#60269)

timrogers · Copilot · am-stead · web-flow · commit 109c5bb95959 · 2026-03-18T18:48:16.000Z
Co-authored-by: Copilot Autofix powered by AI &lt;175728472+Copilot@users.noreply.github.com&gt;
Co-authored-by: Anne-Marie &lt;102995847+am-stead@users.noreply.github.com&gt;
diff --git a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md
@@ -133,10 +133,12 @@ You can customize {% data variables.copilot.copilot_coding_agent %} in a number
 
 Security is a fundamental consideration when you enable {% data variables.copilot.copilot_coding_agent %}, as with any other AI agent. {% data variables.copilot.copilot_coding_agent %} has a strong base of built-in security protections that you can supplement by following best practice guidance.
 
-* **Validated for security issues**: {% data variables.product.prodname_copilot_short %} analyzes the code created by {% data variables.copilot.copilot_coding_agent %} for security issues and attempts to resolve them prior to completing the pull request. This reduces the likelihood of the code generated by {% data variables.copilot.copilot_coding_agent %} introducing problems such as hardcoded secrets, insecure dependencies, and other vulnerabilities. Details about the analysis performed and the actions taken by {% data variables.copilot.copilot_coding_agent %} can be reviewed in the session log. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions).
+* **Validated for code quality and security issues**: {% data reusables.copilot.coding-agent-validation-tools-intro %}
   * **{% data variables.product.prodname_codeql %}** is used to identify code security issues.
   * Newly introduced dependencies are checked against the **{% data variables.product.prodname_advisory_database %}** for malware advisories, and for any CVSS-rated High or Critical vulnerabilities.
   * **{% data variables.product.prodname_secret_scanning_caps %}** is used to detect sensitive information such as API keys, tokens, and other secrets.
+  * Details about the analysis performed and the actions taken by {% data variables.copilot.copilot_coding_agent %} can be reviewed in the session log. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions).
+  * Optionally, you can disable one or more of the code quality and security validation tools used by {% data variables.copilot.copilot_coding_agent %}. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/configuring-agent-settings).
   * {% data variables.copilot.copilot_coding_agent %}'s security validation **does not require** a {% data variables.product.prodname_GHAS_cs_or_sp %} license.
 * **Subject to existing governance**: Organization settings and enterprise policies control availability. Any security policies and practices set up for the organization also apply to {% data variables.copilot.copilot_coding_agent %}.
 * **Restricted development environment**: {% data variables.copilot.copilot_coding_agent %} works in a sandbox development environment with internet access controlled by a firewall. It has read-only access to the repository it's assigned to work in.
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/configuring-agent-settings.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/configuring-agent-settings.md
@@ -9,13 +9,28 @@ category:
   - Configure Copilot
 ---
 
+## Enabling or disabling built-in code quality and security validation tools
+
+{% data reusables.copilot.coding-agent-validation-tools-intro %}
+
+Optionally, you can choose to disable these tools to help {% data variables.product.prodname_copilot_short %} work faster or avoid conflicts with other code quality or security products you're using.
+
+You must be a repository administrator to configure these settings.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short_cap_c %}**.
+1. In the "Validation tools" section, toggle the tool, or tools, you want to enable or disable.
+
 ## Allowing {% data variables.product.prodname_actions %} workflows to run automatically when {% data variables.product.prodname_copilot_short %} pushes
 
 {% data reusables.copilot.coding-agent-workflow-run-approval-default %}
 
 > [!WARNING] Allowing {% data variables.product.prodname_actions %} workflows to run without approval may allow unreviewed code written by {% data variables.product.prodname_copilot_short %} to gain write access to your repository or access your {% data variables.product.prodname_actions %} secrets.
 
+You must be a repository administrator to configure these settings.
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short %}**.
-1. In the "Actions workflow approval" section, disable the **Require approval for workflow runs** setting.
+1. In the "Actions workflow approval" section, disable the **Require approval for workflow runs** setting.
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md
@@ -20,10 +20,10 @@ children:
   - /integrate-coding-agent-with-linear
   - /integrate-coding-agent-with-azure-boards
   - /changing-the-ai-model
+  - /configuring-agent-settings
   - /customize-the-agent-environment
   - /customize-the-agent-firewall
   - /use-hooks
-  - /configuring-agent-settings
   - /troubleshoot-coding-agent
 redirect_from:
   - /copilot/using-github-copilot/using-copilot-coding-agent-to-work-on-tasks
diff --git a/data/reusables/copilot/coding-agent-validation-tools-intro.md b/data/reusables/copilot/coding-agent-validation-tools-intro.md
@@ -0,0 +1 @@
+By default, {% data variables.copilot.copilot_coding_agent %} checks code it generates for security issues and gets a second opinion on its code with {% data variables.copilot.copilot_code-review_short %}. It attempts to resolve issues identified prior to completing the pull request. This improves code quality and reduces the likelihood of the code generated by {% data variables.copilot.copilot_coding_agent %} introducing problems such as hardcoded secrets, insecure dependencies, and other vulnerabilities.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+By default, {% data variables.copilot.copilot_coding_agent %} checks code it generates for security issues and gets a second opinion on its code with {% data variables.copilot.copilot_code-review_short %}. It attempts to resolve issues identified prior to completing the pull request. This improves code quality and reduces the likelihood of the code generated by {% data variables.copilot.copilot_coding_agent %} introducing problems such as hardcoded secrets, insecure dependencies, and other vulnerabilities.