The promise of “AI that programs for you” has run into a stubborn reality: 45% of developers say that debugging AI-generated code takes them more time than writing it themselves, according to the Stack Overflow Developer Survey 2025. Amidst the back-and-forth of tabs, disconnected tools, and tickets that never reach production, software teams continue to lose hours on context switching, manual troubleshooting, and partial remediation.
Against this backdrop, New Relic — the company of Intelligent Observability — has announced three new integrations with GitHub aimed at bringing intelligent observability directly where developers work: the repository and the pipeline. The highlight: an AI-powered integration that correlates vulnerabilities between GitHub and New Relic, generates remediation plans, and automates fixes with GitHub Copilot, incorporating runtime context to prioritize what’s truly exposed in production.
The package also includes a instrumentation assistant that detects and fixes missing observability at deployment time (also using Copilot to add coverage directly in pull requests), and an integration between Service Architecture Intelligence and GitHub to import metadata (releases, ownership, etc.) and accelerate the adoption of best practices. Overall, the message is clear: fewer tools, fewer manual tasks, and more automation for the over 20 million users of GitHub Copilot.
Security that “understands” context: from signal to fix without switching windows
In many organizations, application security is a labyrinth: data siloed in silos, mountains of tickets on code that doesn’t even run, and a carousel of tabs that disincentivizes fixing anything. New Relic Security RX’s AI integration with GitHub Copilot aims to cut through this:
- Automatic correlation of vulnerabilities between GitHub and New Relic, enriched with execution context (runtime and build time).
- Real risk assessment: distinguishing production exposure from repository noise to prioritize what really matters.
- Remediation plan generated in context: opening a GitHub Issue with impact, steps for testing and verification, and acceptance criteria.
- Closing the loop with Copilot: GitHub Copilot creates a pull request with proposed changes, comments, and all necessary traceability to ensure quick and auditable resolution.
The goal isn’t just to apply a patch, but to apply the right patch exactly where the vulnerability was proven, with minimal friction for the team.
Zero “blind spots” when deploying: instrumentation as part of the pull request
Another classic: deploying a new feature to production, then when something goes wrong, there’s no metrics or sufficient traces. The new instrumentation assistant integration makes GitHub Copilot a more comprehensive builder:
- Detects absence of instrumentation at deployment.
- Invokes Copilot to add observability coverage within the PR that introduces the new functionality.
- Doesn’t just deliver “a piece of logic” that works: delivers a fully instrumented service end to end.
According to New Relic, Copilot doesn’t limit itself to writing backend code; it installs full-stack instrumentation by adding:
- APM (traces, metrics, errors)
- Custom attributes for business logic
- A Change Tracking GitHub Action with New Relic
- The Browser agent for front-end visibility
The result: the same PR that adds functionality also delivers necessary observability to see how it behaves in production from the get-go. Teams stop discovering “later on” that visibility was missing.
Less setup, more speed: GitHub metadata in Service Architecture Intelligence
Productivity isn’t just about code. Without rich data on releases, ownership, and service topology, teams spend more time figuring out who owns what, where the owner is, or what affects what. With the integration between New Relic Service Architecture Intelligence and GitHub, teams can import GitHub metadata directly into New Relic and automate part of their configuration.
This accelerates:
- Ownership assignment (avoiding the “Slack ping-pong”).
- Adoption of recommended practices (tag conventions, service hygiene, runbooks).
- Onboarding new team members (living context without outdated wikis).
What changes for developers’ daily work?
- Less context switching: security, observability, and architecture insights in GitHub, where work already happens.
- Fewer manual tasks: correlations, remediation plans, issue and PR creation automated with execution context.
- Less instrumentational debt: coverage is detected and fixed in the same PR, not after an incident.
- More focus on the problem: with data and context at hand, resolution stops being archaeology and becomes engineering.
For organizations dealing with tool sprawl (too many tools and tabs), the added value is clear: consolidation on a unified platform of Intelligent Observability that collects telemetry, provides context, and triggers actions.
What about security? Fixing “what matters” without halting the team
The Security RX approach tackles two common pain points:
- False urgency: endless lists of vulnerabilities in stagnant code. The integration uses runtime context to separate real exposure from noise.
- Paralysis by complexity: too many steps, too many tools. Here, the remediation plan arrives automatically as a GitHub Issue with impact, tests, and acceptance; Copilot prepares the PR with comments and references.
The team shifts from spending time on triaging and hunting for context to focusing on resolving actual risks in production.
Copilot as “solution builder”, not just code snippet generator
The announcements point to a natural evolution of GitHub Copilot: from code generator to solution constructor that includes observability and security from the start. Rather than just producing a “compiles” fragment, the assistant proposes a complete service:
- With telemetry ready for analysis
- With tracked changes in deploy
- With traceability for audits and post-mortems
- With a remediation plan when a real vulnerability appears
For organizations looking to reduce downtime and speed up releases without increasing risk, this convergence of code, observability, and security is the obvious path.
Fewer tools, hidden costs reduced
The modern developer’s “toil tax” is not just time. Every extra tool implies:
- Higher direct costs (licenses)
- More friction (learning, permissions, governance)
- More ops (broken integrations, hand-offs)
- More human errors
A unified Intelligent Observability platform — which correlates vulnerabilities, brings visibility into PRs, and maps architecture/ownership — reduces that burden. The new New Relic + GitHub integrations push in this direction: automating where it hurts and providing context where the team works.
Availability and context
New Relic will showcase these capabilities at GitHub Universe 2025 (#403 booth in San Francisco) along with a detailed technical blog. As with all roadmaps, the company reminds that the announcement includes forward-looking statements and that features and timings may change.
Best practices for getting started from day one
- Activate Security RX with Copilot on a representative application and measure MTTR (mean time to resolution) before and after.
- Include the instrumentation assistant in your PR template: ensure any PR touching code brings observability.
- Import GitHub metadata into Service Architecture Intelligence to normalize ownership and release cycles.
- Define policies: which vulnerabilities are automatically fixed (and with what tests), which require review, and how to approve PRs generated by Copilot.
- Close the loop: use Change Tracking during deployments to correlate releases with metrics and errors. Visibility is the best antidote to “it works in staging”.
Quick keys
- AI + Security RX integration: correlates vulnerabilities between GitHub and New Relic with runtime context, creates Issues with remediation plans, and generates PRs with Copilot.
- Instrumentation assistant: detects and fixes missing instrumentation in deployment; adds APM, custom attributes, Change Tracking, and Browser agent in PR.
- Architecture and ownership: Service Architecture Intelligence + GitHub to import metadata and auto-configure.
- Goal: fewer tool sprawl, less toil, less downtime; more automation, more context, and more developer velocity in the same workflow.
Frequently asked questions
How does New Relic decide which vulnerabilities to remediate automatically with GitHub Copilot?
The Security RX integration correlates findings from GitHub and New Relic with runtime context to prioritize what’s exposed in production. From there, it generates an Issue with impact, tests, and acceptance criteria, and proposes a Copilot PR. Each team can govern which vulnerability types are fixed automatically and which need review.
What exactly does the instrumentation assistant do in PR and what does it add?
When it detects blind spots in observability, it invokes GitHub Copilot to instrument the full stack within the PR: APM for backend, custom attributes for business logic, a Change Tracking GitHub Action with New Relic, and the Browser agent for front-end visibility.
How does Service Architecture Intelligence integration with GitHub support governance?
It allows importing metadata from GitHub (releases, ownership, relationships) directly into New Relic, speeding up responsibility assignment, adopting best practices, and onboarding. With Change Tracking, it facilitates correlating releases with metrics and errors.
How does all this relate to the goal of “eliminating tool sprawl and developer toil”?
By bringing intelligent observability into GitHub, automating triage and remediation, and closing instrumentation gaps in PRs, teams reduce context switching, avoid repetitive tasks, and focus on delivering value. Fewer tabs, more flow.
via: newrelic