From 56631ae977e83ee09ddcd48f00f67cbf9afa13e8 Mon Sep 17 00:00:00 2001 From: Josh Johanning Date: Fri, 27 Mar 2026 03:27:10 -0500 Subject: [PATCH 1/4] docs: update grouped dependabot security updates example to include required keys (#60491) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../customizing-dependabot-security-prs.md | 5 +++++ .../configuring-dependabot-security-updates.md | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-dependabot-security-prs.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-dependabot-security-prs.md index cc90f17013bf..407a30d46474 100644 --- a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-dependabot-security-prs.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-dependabot-security-prs.md @@ -127,6 +127,11 @@ updates: assignees: - "user-name" - package-ecosystem: "gomod" + directories: + - "**/*" + schedule: + interval: "weekly" + open-pull-requests-limit: 0 groups: # Group security updates for golang dependencies # into a single pull request diff --git a/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates.md b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates.md index b0ad161bf0e0..9fc5524db573 100644 --- a/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates.md +++ b/content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates.md @@ -110,6 +110,11 @@ updates: registries: - example - package-ecosystem: "gomod" + directories: + - "**/*" + schedule: + interval: "weekly" + open-pull-requests-limit: 0 groups: golang: applies-to: security-updates @@ -118,7 +123,7 @@ updates: ``` > [!NOTE] -> In order for {% data variables.product.prodname_dependabot %} to use this configuration for security updates, the `directory` must be the path to the manifest files, and you should not specify a `target-branch`. +> In order for {% data variables.product.prodname_dependabot %} to use this configuration for security updates, the `directory` must be the path to the manifest files (or `directories` must contain paths or glob patterns matching the manifest file locations), and you should not specify a `target-branch`. ## Further reading From bee09d874e951a6ca8dcd4ef37782bf361dd3f54 Mon Sep 17 00:00:00 2001 From: Reggie Montanhani Date: Fri, 27 Mar 2026 04:31:36 -0400 Subject: [PATCH 2/4] Fix: Replace legal language with Privacy Statement link in support bundles article (#60486) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../monitoring-your-instance/about-support-bundles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-support-bundles.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-support-bundles.md index b3ece221833a..a593e217e1bc 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-support-bundles.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-support-bundles.md @@ -72,7 +72,7 @@ Support bundles are designed to help diagnose issues while protecting sensitive * **User data**: Support bundles don't include user profile information beyond what appears in system logs. * **License information**: The bundle includes your organization name and license reference so {% data variables.contact.github_support %} can identify your instance. -When you provide a support bundle to {% data variables.contact.github_support %}, {% data variables.product.company_short %} uses the data only to address your support request. {% data variables.product.company_short %} won't disclose your data to third parties without your explicit consent unless required by law. +When you provide a support bundle to {% data variables.contact.github_support %}, {% data variables.product.company_short %} uses the data only to address your support request. For details on how {% data variables.product.company_short %} handles your data, see the [{% data variables.product.company_short %} Privacy Statement](https://github.com/site/privacy). ## Support bundle size and generation time From 3bc7973da076acbfe5d9566e41bbb036fe8a4231 Mon Sep 17 00:00:00 2001 From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Date: Fri, 27 Mar 2026 10:14:59 +0000 Subject: [PATCH 3/4] Link to custom configuration guide in "Maintain codebase standards" guide (#60460) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../roll-out-at-scale/maintain-codebase-standards.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/copilot/tutorials/roll-out-at-scale/maintain-codebase-standards.md b/content/copilot/tutorials/roll-out-at-scale/maintain-codebase-standards.md index 9bd88ae1d737..f8936d9764b8 100644 --- a/content/copilot/tutorials/roll-out-at-scale/maintain-codebase-standards.md +++ b/content/copilot/tutorials/roll-out-at-scale/maintain-codebase-standards.md @@ -52,8 +52,8 @@ Good DevOps practices ensure that your code is automatically tested before being However, it is good practice to regularly scan all code for vulnerabilities and secrets, and to prevent developers from introducing vulnerabilities in the first place. -1. As a starting point, apply and enforce the **{% data variables.product.github %}-recommended security configuration** on your organizations. This is a collection of enablement settings for security features including {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and secrets push protection. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-in-your-organization). -1. As you learn more about your needs, create custom configurations or apply granular settings at the repository level. +1. As a starting point, apply and enforce a basic **security configuration** on your organizations. This is a collection of enablement settings for security features. We recommend including {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and secrets push protection. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration#creating-a-secret-protection-and-code-security-configuration). +1. As you learn more about your needs, create additional custom configurations or apply granular settings at the repository level. 1. To enforce {% data variables.product.prodname_code_scanning %} on pull requests, go back to your ruleset and enable the **Require {% data variables.product.prodname_code_scanning %} results** rule. ## 4. Create guidelines for {% data variables.product.prodname_copilot_short %} From f2d46a9846eead632d7ca994f87e2f653dc0cc4d Mon Sep 17 00:00:00 2001 From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Date: Fri, 27 Mar 2026 11:52:36 +0000 Subject: [PATCH 4/4] Split out CCA risks and mitigations into new article (#60463) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../agents/coding-agent/about-coding-agent.md | 56 ------------------ .../concepts/agents/coding-agent/index.md | 1 + .../coding-agent/risks-and-mitigations.md | 58 +++++++++++++++++++ 3 files changed, 59 insertions(+), 56 deletions(-) create mode 100644 content/copilot/concepts/agents/coding-agent/risks-and-mitigations.md diff --git a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md index 637f6c864a9c..455c1806068b 100644 --- a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md +++ b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md @@ -130,62 +130,6 @@ You can customize {% data variables.copilot.copilot_coding_agent %} in a number * **Hooks**: Hooks allow you to execute custom shell commands at key points during agent execution, enabling you to add validation, logging, security scanning, or workflow automation. For more information, see [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-hooks). * **Skills**: Skills allow you to enhance the ability of {% data variables.product.prodname_copilot_short %} to perform specialized tasks with instructions, scripts, and resources. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-agent-skills). -## Built-in security protections - -Security is a fundamental consideration when you enable {% data variables.copilot.copilot_coding_agent %}, as with any other AI agent. {% data variables.copilot.copilot_coding_agent %} has a strong base of built-in security protections that you can supplement by following best practice guidance. - -* **Validated for code quality and security issues**: {% data reusables.copilot.coding-agent-validation-tools-intro %} - * **{% data variables.product.prodname_codeql %}** is used to identify code security issues. - * Newly introduced dependencies are checked against the **{% data variables.product.prodname_advisory_database %}** for malware advisories, and for any CVSS-rated High or Critical vulnerabilities. - * **{% data variables.product.prodname_secret_scanning_caps %}** is used to detect sensitive information such as API keys, tokens, and other secrets. - * Details about the analysis performed and the actions taken by {% data variables.copilot.copilot_coding_agent %} can be reviewed in the session log. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). - * Optionally, you can disable one or more of the code quality and security validation tools used by {% data variables.copilot.copilot_coding_agent %}. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/configuring-agent-settings). - * {% data variables.copilot.copilot_coding_agent %}'s security validation **does not require** a {% data variables.product.prodname_GHAS_cs_or_sp %} license. -* **Subject to existing governance**: Organization settings and enterprise policies control availability. Any security policies and practices set up for the organization also apply to {% data variables.copilot.copilot_coding_agent %}. -* **Restricted development environment**: {% data variables.copilot.copilot_coding_agent %} works in a sandbox development environment with internet access controlled by a firewall. It has read-only access to the repository it's assigned to work in. -* **Limited access to branches** - * {% data variables.copilot.copilot_coding_agent %} only has the ability to push to a single branch. When the agent is triggered by mentioning `@copilot` on an existing pull request, {% data variables.product.prodname_copilot_short %} has write access to the pull request's branch. In other cases, a new `copilot/` branch is created for {% data variables.product.prodname_copilot_short %}, and the agent can only push to that branch. - * {% data variables.copilot.copilot_coding_agent %} is subject to any branch protections and required checks for the working repository. -* **Responds only to users with write permissions**: {% data variables.copilot.copilot_coding_agent %} will not respond to feedback from users with lower levels of access. -* **Treated as an outside collaborator** - * Draft pull requests created by {% data variables.copilot.copilot_coding_agent %} must be reviewed and merged by a human. {% data variables.copilot.copilot_coding_agent %} cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request. - * By default, {% data variables.product.prodname_actions %} workflows are not triggered for {% data variables.copilot.copilot_coding_agent %}'s pull requests until a user with write access to the repository clicks the **Approve and run workflows** button. Optionally, you can configure {% data variables.product.prodname_copilot_short %} to allow workflows to run automatically. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs#managing-github-actions-workflow-runs). -* **Tracked for compliance** - * {% data variables.copilot.copilot_coding_agent %}'s commits are authored by {% data variables.product.prodname_copilot_short %}, with the developer who assigned the issue or requested the change to the pull request marked as the co-author. This makes it easier to identify code generated by {% data variables.copilot.copilot_coding_agent %} and who started the task. - * The commit message for each agent-authored commit includes a link to the agent session logs, for code review and auditing. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). - * The developer who asked {% data variables.product.prodname_copilot_short %} to create a pull request cannot approve that pull request. In repositories where an approving review is required, this ensures that at least one independent developer reviews {% data variables.copilot.copilot_coding_agent %}'s work. - -For more information, see: -* [AUTOTITLE](/copilot/tutorials/pilot-copilot-coding-agent#2-secure) (information on how organization owners can further enhance security) -* [AUTOTITLE](/copilot/responsible-use-of-github-copilot-features/responsible-use-of-copilot-coding-agent-on-githubcom) -* [{% data variables.product.prodname_copilot %} Trust Center](https://copilot.github.trust.page/) - -## Risks and mitigations - -{% data variables.copilot.copilot_coding_agent %} is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks. Where possible, {% data variables.product.github %} has applied appropriate mitigations. - -### Risk: {% data variables.copilot.copilot_coding_agent %} can push code changes to your repository - -To mitigate this risk, {% data variables.product.github %}: - -* **Limits who can assign tasks to {% data variables.copilot.copilot_coding_agent %}.** Only users with write access to the repository can trigger {% data variables.copilot.copilot_coding_agent %} to work. Comments from users without write access are never presented to the agent. -* **Limits the branch that {% data variables.copilot.copilot_coding_agent %} can push to.** The agent only has the ability to push to a single branch. When the agent is triggered by mentioning `@copilot` on an existing pull request, {% data variables.product.prodname_copilot_short %} has write access to the pull request's branch. In other cases, a new `copilot/` branch is created for {% data variables.product.prodname_copilot_short %}, and the agent can only push to that branch. -* **Limits {% data variables.copilot.copilot_coding_agent %}'s credentials.** {% data variables.copilot.copilot_coding_agent %} can only perform simple push operations. It cannot directly run `git push` or other Git commands. -* **Restricts {% data variables.product.prodname_actions %} workflow runs.** By default, workflows are not triggered until {% data variables.copilot.copilot_coding_agent %}'s code is reviewed and a user with write access to the repository clicks the **Approve and run workflows** button. Optionally, you can configure {% data variables.product.prodname_copilot_short %} to allow workflows to run automatically. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs#managing-github-actions-workflow-runs). -* **Prevents the user who asked {% data variables.copilot.copilot_coding_agent %} to create a pull request from approving it.** This maintains the expected controls in the "Required approvals" rule and branch protection. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets). - -### Risk: {% data variables.copilot.copilot_coding_agent %} has access to sensitive information - -{% data variables.copilot.copilot_coding_agent %} has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input. To mitigate this risk, {% data variables.product.github %}: - -* **Restricts {% data variables.copilot.copilot_coding_agent %}'s access to the internet.** See [AUTOTITLE](/copilot/customizing-copilot/customizing-or-disabling-the-firewall-for-copilot-coding-agent). - -### Risk: Prompt injection vulnerabilities - -Users can include hidden messages in issues assigned to {% data variables.copilot.copilot_coding_agent %} or comments left for {% data variables.copilot.copilot_coding_agent %} as a form of [prompt injection](https://genai.owasp.org/llmrisk/llm01-prompt-injection/). To mitigate this risk, {% data variables.product.github %}: - -* **Filters hidden characters before passing user input to {% data variables.copilot.copilot_coding_agent %}**: For example, text entered as an HTML comment in an issue or pull request comment is not passed to {% data variables.copilot.copilot_coding_agent %}. - ## Limitations of {% data variables.copilot.copilot_coding_agent %} {% data variables.copilot.copilot_coding_agent %} has certain limitations in its software development workflow and compatibility with other features. diff --git a/content/copilot/concepts/agents/coding-agent/index.md b/content/copilot/concepts/agents/coding-agent/index.md index 1bfc619293ac..c3d8aa246d22 100644 --- a/content/copilot/concepts/agents/coding-agent/index.md +++ b/content/copilot/concepts/agents/coding-agent/index.md @@ -12,6 +12,7 @@ children: - /about-hooks - /access-management - /mcp-and-coding-agent + - /risks-and-mitigations contentType: concepts redirect_from: - /copilot/concepts/coding-agent diff --git a/content/copilot/concepts/agents/coding-agent/risks-and-mitigations.md b/content/copilot/concepts/agents/coding-agent/risks-and-mitigations.md new file mode 100644 index 000000000000..9ad0bb70e961 --- /dev/null +++ b/content/copilot/concepts/agents/coding-agent/risks-and-mitigations.md @@ -0,0 +1,58 @@ +--- +title: Risks and mitigations for GitHub Copilot coding agent +shortTitle: Risks and mitigations +intro: 'How do {% data variables.copilot.copilot_coding_agent %}''s built-in security protections mitigate known risks?' +versions: + feature: copilot +contentType: concepts +category: + - Learn about Copilot + - Manage Copilot for a team + - Roll Copilot out at scale +--- + +{% data variables.copilot.copilot_coding_agent %} is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks. + +Where possible, {% data variables.product.github %} has applied appropriate mitigations. This gives {% data variables.copilot.copilot_coding_agent %} a strong base of built-in security protections that you can supplement by following best practice guidance. + +## Unvalidated code can introduce vulnerabilities + +{% data reusables.copilot.coding-agent-validation-tools-intro %} {% data variables.copilot.copilot_coding_agent %}'s security validation **does not require** a {% data variables.product.prodname_GHAS_cs_or_sp %} license. + +* **{% data variables.product.prodname_codeql %}** is used to identify code security issues. +* Newly introduced dependencies are checked against the **{% data variables.product.prodname_advisory_database %}** for malware advisories, and for any CVSS-rated High or Critical vulnerabilities. +* **{% data variables.product.prodname_secret_scanning_caps %}** is used to detect sensitive information such as API keys, tokens, and other secrets. +* Details about the analysis performed and the actions taken by {% data variables.copilot.copilot_coding_agent %} can be reviewed in the session log. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions). + +Optionally, you can disable one or more of the code quality and security validation tools used by {% data variables.copilot.copilot_coding_agent %}. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/configuring-agent-settings). + +## {% data variables.copilot.copilot_coding_agent %} can push code changes to your repository + +To mitigate this risk, {% data variables.product.github %}: + +* **Limits who can trigger the agent.** Only users with write access to the repository can trigger {% data variables.copilot.copilot_coding_agent %} to work. Comments from users without write access are never presented to the agent. +* **Limits the branch the agent can push to.** {% data variables.copilot.copilot_coding_agent %} only has the ability to push to a single branch. When the agent is triggered by mentioning `@copilot` on an existing pull request, {% data variables.product.prodname_copilot_short %} has write access to the pull request's branch. In other cases, a new `copilot/` branch is created for {% data variables.product.prodname_copilot_short %}, and the agent can only push to that branch. The agent is also subject to any branch protections and required checks for the working repository. +* **Limits the agent's credentials.** {% data variables.copilot.copilot_coding_agent %} can only perform simple push operations. It cannot directly run `git push` or other Git commands. +* **Requires human review before merging.** Draft pull requests created by {% data variables.copilot.copilot_coding_agent %} must be reviewed and merged by a human. {% data variables.copilot.copilot_coding_agent %} cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request. +* **Restricts {% data variables.product.prodname_actions %} workflow runs.** By default, workflows are not triggered until {% data variables.copilot.copilot_coding_agent %}'s code is reviewed and a user with write access to the repository clicks the **Approve and run workflows** button. Optionally, you can configure {% data variables.product.prodname_copilot_short %} to allow workflows to run automatically. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/review-copilot-prs#managing-github-actions-workflow-runs). +* **Prevents the user who asked {% data variables.copilot.copilot_coding_agent %} to create a pull request from approving it.** This maintains the expected controls in the "Required approvals" rule and branch protection. See [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets). + +## {% data variables.copilot.copilot_coding_agent %} has access to sensitive information + +{% data variables.copilot.copilot_coding_agent %} has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input. + +To mitigate this risk, {% data variables.product.github %} **restricts {% data variables.copilot.copilot_coding_agent %}'s access to the internet**. See [AUTOTITLE](/copilot/customizing-copilot/customizing-or-disabling-the-firewall-for-copilot-coding-agent). + +## AI prompts can be vulnerable to injection + +Users can include hidden messages in issues assigned to {% data variables.copilot.copilot_coding_agent %} or comments left for {% data variables.copilot.copilot_coding_agent %} as a form of [prompt injection](https://genai.owasp.org/llmrisk/llm01-prompt-injection/). + +To mitigate this risk, {% data variables.product.github %} **filters hidden characters before passing user input to {% data variables.copilot.copilot_coding_agent %}**: For example, text entered as an HTML comment in an issue or pull request comment is not passed to {% data variables.copilot.copilot_coding_agent %}. + +## Administrators can lose sight of agents' work + +To mitigate this risk, {% data variables.copilot.copilot_coding_agent %} is designed to be auditable and traceable. + +* {% data variables.copilot.copilot_coding_agent %}'s commits are authored by {% data variables.product.prodname_copilot_short %}, with the developer who assigned the issue or requested the change to the pull request marked as the co-author. This makes it easier to identify code generated by {% data variables.copilot.copilot_coding_agent %} and who started the task. +* Session logs and audit log events are available to administrators. +* The commit message for each agent-authored commit includes a link to the agent session logs, for code review and auditing. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions).