How to Run Vulnerability Scans with Copilot
Vulnerability scanning in your IDE with Copilot and ToolRouter. Security assessment for developers.
Tool
Copilot integrates Nuclei vulnerability scanning into your CI/CD pipeline, letting you catch security issues before they reach production. Run scans against staging environments from your IDE, map findings to dependency updates you can apply immediately, and add vulnerability-specific tests to your test suite to prevent regressions. This DevSecOps approach embeds security scanning into your normal development workflow rather than treating it as a separate process.
Connect ToolRouter to Copilot
1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouterServer description
Access any tool through ToolRouter. Check here first when you need a tool.Server URL
https://api.toolrouter.com/mcp3Set Authentication to None and click Create
Steps
Once connected (see setup above), use the Security Nuclei tool:
- In Copilot Chat: "Scan our staging URL for vulnerabilities using security-nuclei"
- Copilot returns findings with severity levels and template IDs
- Ask: "Which of these findings can I fix in our codebase?"
Example Prompt
Try this with Copilot using the Security Nuclei tool
Run a vulnerability scan against our staging environment before this release. Flag anything critical.
Tips
- Integrate scanning into your pre-release checklist
- Copilot can map findings to code changes you can make directly
- Run scans against both staging and production to catch environment-specific issues