AI-Assisted Code Review
Can Copilot automatically review our code?
I’ve been using GitHub Copilot since its technical preview a few years ago. For a long time, it wasn’t quite ready for automatic code reviews. But things have changed. Thus, I wrote a detailed blog post exploring Copilot’s ability to assist with automated code reviews.
In the post, I dive into how GitHub Copilot supports developers during code reviews by offering explanations, suggesting improvements, and answering questions. I also showcase how Copilot works within the IDE, highlighting the new “Review and Comment” functionality, which enables a guided and structured review experience. Additionally, I examine Copilot’s beta feature for reviewing pull requests directly on GitHub, demonstrating how it can enhance the PR review process.
Here are four key insights from the article:
1) Use Copilot in the IDE for self-reviews.
Copilot shines in IDEs like Visual Studio Code, helping you iteratively improve your code before submitting a PR. The new Review and Comment feature enables structured and guided code reviews, highlighting changes line by line with detailed explanations. It’s a powerful companion for self-reviews and error detection.
2) Be cautious with AI suggestions.
While Copilot enhances code comprehension and suggests solutions, its outputs are based on statistical patterns rather than true understanding. Applying these suggestions requires careful evaluation to avoid broken code and errors. Always critically assess AI-generated feedback before implementing it.
3) A pull request is too late for AI review.
Once your code reaches the code review stage, applying AI-generated improvements is not ideal. Reviewers cannot easily validate these suggestions without deeper investigation, making them impractical unless the changes are obvious to the reviewer.
4) Many workflows for AI code reviews exist.
AI can still assist during PR reviews by answering questions about the code, helping build a mental model of the changes, summarizing the PR, or clarifying potential improvements. While it’s not a replacement for human judgment, it’s a valuable tool for specific use cases.
All in all, I’m a fan of LLMs and tools like Copilot and their ability to assist developers. These are fantastic technologies that can make us happier and better developers. Yet, we must apply them thoughtfully and stay aware of their limitations.
If you’re curious about GitHub Copilot and want a comprehensive walkthrough of its review capabilities—along with my insights and experiences with AI-assisted review workflows—be sure to check out the full post: Using GitHub Copilot to Automate Code Reviews.
Cheers, Michaela
I would push back slightly on the PR being too late for AI review. Running specialised reviewers against the diff before you open the PR changes the dynamic. I set up a system where frontend, backend, and DevOps specialists each review their slice in parallel. You catch the obvious stuff before any human sees it. Covered the setup here: https://reading.sh/one-reviewer-three-lenses-building-a-multi-agent-code-review-system-with-opencode-21ceb28dde10
Is it possible to do secure code review with Visual studio copilot and if yes. How to use it? Share article for the same