In one sentence
Copilot Code Review is a feature that lets you assign Copilot as a reviewer โ manually or automatically.
Once assigned, Copilot reads the code's intent and returns inline comments, a PR summary, and fix suggestions.
๐ก Analogy: A junior reviewer on call 24/7. Hand off all the basic feedback โ style, null safety, test coverage โ so humans can focus on design, business logic, and mentoring.
Strengths of Copilot Code Review
- ๐ง Understands context โ grasps code intent and returns inline comments, PR summaries, and fix suggestions
- โ๏ธ Automation โ can run automatically at the Repo / Org / Enterprise level
- ๐ Customizable โ define review standards in
copilot-instructions.md - ๐ง Fix suggestions โ apply fixes one by one or all at once
- ๐ฅ๏ธ Smooth UI โ review and apply suggested changes via diff view in VS Code / GitHub.com
- ๐ Transparency โ everything is traceable via Actions logs and agent sessions
Impact data
A leading automotive and manufacturing customer in Japan (Sep 2025 โ Feb 2026, median PR open duration).
๐ฐ Business value: Shorter time from PR approval to merge โ development lead time shrinks, time-to-market improves. Exceptionally high ROI.
How to use it
| Where | Trigger | What happens |
|---|---|---|
| GitHub.com manual review | Add Copilot to the Reviewers on a PR | Inline comments + PR Overview returned within minutes |
| GitHub.com automatic review | Enable โauto-review on PR creationโ in Repo / Org / Enterprise settings | All new PRs are reviewed automatically (deploy org-wide in 3 steps) |
| VS Code | Run Copilot: Review uncommitted changes from the Source Control panel | Instant review of uncommitted changes โ self-check before push |
| GitHub CLI | Run /review in the terminal | Review the current working tree / branch diff inline โ no editor needed |
| GitHub CLI (rubber duck) | Discuss design or implementation approach โ bounce ideas off the rubber-duck agent | Catch blind spots, logic gaps, and alternatives before implementing โ prevent rework |
Setting up automatic review
Enable โauto-review on PR creationโ via a Ruleset. Choose scope at Repo / Org / Enterprise level.
| Scope | Settings path | Key options |
|---|---|---|
| Repository | Repo โ Settings โ Code and automation โ Rules โ Rulesets โ New branch ruleset | โ
Automatically request Copilot code review โ Review new pushes โ Review draft pull requests |
| Organization | Org โ Settings โ Repository โ Rulesets โ New branch ruleset | Target repositories by pattern (e.g. *-feature) |
| Enterprise | Enterprise โ Policies โ Rulesets | Force-apply to all Orgs โ centralized governance |
๐ Official guide: Configure automatic code review โ with screenshots
Customization
Define review standards in .github/copilot-instructions.md โ thatโs all it takes.
# Code Review Standards
## <Security>
- ...
## <Naming Conventions>
- ...
## <Library Policy>
- ...To scope rules by file type, combine with NAME.instructions.md:
---
applyTo: "**/*.test.ts"
---
## <Testing Conventions>
- ...Limits and the human role
Copilot Code Review is powerful but not omniscient. Humans still own these areas:
- Business logic correctness โ comparing against requirements and specs is beyond AI
- Deep security analysis โ combine with dedicated tools like CodeQL for SAST / SCA
- Design review โ architecture, module boundaries, and trade-off discussions
- Mentoring โ explaining why code should be written a certain way to teammates
๐ฏ Division of labor: AI handles basic feedback, style, null safety, and missing tests, freeing humans for the high-value work of design, requirements, and team growth.