Copilot, agent de codage is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks.
Where possible, GitHub has applied appropriate mitigations. This gives Copilot, agent de codage a strong base of built-in security protections that you can supplement by following best practice guidance.
Unvalidated code can introduce vulnerabilities
Par défaut, Copilot, agent de codage vérifie le code qu’il génère pour les problèmes de sécurité et obtient un deuxième avis sur son code avec révision du code Copilot. Il cherche à résoudre les problèmes identifiés avant de finaliser la pull request. Cela améliore la qualité du code et réduit la probabilité que le code généré par Copilot, agent de codage introduise des problèmes tels que des secrets codés en dur, des dépendances non sécurisées et d’autres vulnérabilités. Copilot, agent de codage's security validation does not require a GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security license.
- CodeQL is used to identify code security issues.
- Newly introduced dependencies are checked against the GitHub Advisory Database for malware advisories, and for any CVSS-rated High or Critical vulnerabilities.
- Secret scanning is used to detect sensitive information such as API keys, tokens, and other secrets.
- Details about the analysis performed and the actions taken by Copilot, agent de codage can be reviewed in the session log. See Suivi des sessions GitHub Copilot.
Optionally, you can disable one or more of the code quality and security validation tools used by Copilot, agent de codage. See Configuration des paramètres pour l’agent de codage Copilot GitHub.
Copilot, agent de codage can push code changes to your repository
To mitigate this risk, GitHub:
- Limits who can trigger the agent. Only users with write access to the repository can trigger Copilot, agent de codage to work. Comments from users without write access are never presented to the agent.
- Limits the branch the agent can push to. Copilot, agent de codage only has the ability to push to a single branch. When the agent is triggered by mentioning
@copiloton an existing pull request, Copilot has write access to the pull request's branch. In other cases, a newcopilot/branch is created for Copilot, and the agent can only push to that branch. The agent is also subject to any branch protections and required checks for the working repository. - Limits the agent's credentials. Copilot, agent de codage can only perform simple push operations. It cannot directly run
git pushor other Git commands. - Requires human review before merging. Draft pull requests created by Copilot, agent de codage must be reviewed and merged by a human. Copilot, agent de codage cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request.
- Restricts GitHub Actions workflow runs. By default, workflows are not triggered until Copilot, agent de codage's code is reviewed and a user with write access to the repository clicks the Approve and run workflows button. Optionally, you can configure Copilot to allow workflows to run automatically. See Revue d'une pull request créée par GitHub Copilot.
- Prevents the user who asked Copilot, agent de codage to create a pull request from approving it. This maintains the expected controls in the "Required approvals" rule and branch protection. See Règles disponibles pour les ensembles de règles.
Copilot, agent de codage has access to sensitive information
Copilot, agent de codage has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input.
To mitigate this risk, GitHub restricts Copilot, agent de codage's access to the internet. See Personnalisation ou désactivation du pare-feu pour GitHub Agent de codage Copilot.
AI prompts can be vulnerable to injection
Users can include hidden messages in issues assigned to Copilot, agent de codage or comments left for Copilot, agent de codage as a form of prompt injection.
To mitigate this risk, GitHub filters hidden characters before passing user input to Copilot, agent de codage: For example, text entered as an HTML comment in an issue or pull request comment is not passed to Copilot, agent de codage.
Administrators can lose sight of agents' work
To mitigate this risk, Copilot, agent de codage is designed to be auditable and traceable.
- Copilot, agent de codage's commits are authored by Copilot, with the developer who assigned the issue or requested the change to the pull request marked as the co-author. This makes it easier to identify code generated by Copilot, agent de codage and who started the task.
- Session logs and audit log events are available to administrators.
- The commit message for each agent-authored commit includes a link to the agent session logs, for code review and auditing. See Suivi des sessions GitHub Copilot.