Mean time to remediate metric for CodeQL pull request alerts now included on the security overview dashboard

We’ve added a “time to remediate” metric for GitHub CodeQL pull request alerts on the security overview dashboard. Now, you’ll see how quickly your team resolves code scanning vulnerabilities on pull requests, whether you’re fixing them manually or using Copilot Autofix.

Screenshot of bar graphs showing MTTR metric. Alerts with autofix closed in 15.6 hours and alerts without autofix closed in 17.4 hours

This update gives you clearer insights into how GitHub Copilot Autofix contributes to resolving security alerts over time.

Learn more about pull request alert metrics in our documentation: Viewing metrics for pull request alerts

JUN.17Improvement
Secret scanning updates – June 2026
- Application Security
JUN.16Release
GitHub Code Quality generally available July 20, 2026
- Application Security
JUN.16Release
Organization-level enablement for GitHub Code Quality
- Application Security
JUN.10Improvement
Incremental analysis for Go, C/C++, and CodeQL CLI
- Application Security
JUN.10Improvement
Dedicated security review command now available in Copilot CLI
- Application Security
JUN.9Release
Periodic code scanning of inactive repositories
- Application Security
JUN.9Improvement
Security validation for third-party coding agents
- Application Security
JUN.5Improvement
CodeQL 2.25.6 adds Swift 6.3.2 support and improves C# coverage
- Application Security
JUN.2Release
Cloud and local sandboxes for GitHub Copilot now in public preview
- Application Security

Mean time to remediate metric for CodeQL pull request alerts now included on the security overview dashboard

Related Posts

Subscribe to our developer newsletter