The Week Security Got Runtime Context This week GitHub shipped something I didn't expect to see this fast: code-to-cloud correlation at GA. Microsoft Defender for Cloud integration is now generally available, connecting your source code to what's actually running in production. That's not just another security dashboard—it's runtime-aware filtering across GitHub Advanced Security alerts. But the bigger news for most teams is billing. Starting June 1, GitHub Copilot code review will consume Actions minutes from your org's plan. If you've been treating code review as "free" beyond your Copilot subscription, that assumption just expired. Code-to-Cloud Correlation: What Actually Shipped The Microsoft Defender integration does something genuinely useful: it correlates container images running in your cloud environments back to the GitHub repos that built them. Defender uses signals like GitHub artifact attestations plus its own runtime intelligence to map deployed workloads to source code.…