Copilot编程助理 is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks.
Where possible, GitHub has applied appropriate mitigations. This gives Copilot编程助理 a strong base of built-in security protections that you can supplement by following best practice guidance.
Unvalidated code can introduce vulnerabilities
默认情况下,Copilot编程助理 会检查其生成的代码是否存在安全问题,并使用 Copilot代码审查 来获取其代码的第二意见。 它尝试解决在完成拉取请求之前识别的问题。 这提高了代码质量,并降低了 Copilot编程助理 生成的代码引入硬编码机密、不安全依赖项和其他漏洞等问题的可能性。 Copilot编程助理's security validation does not require a GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security license.
- CodeQL is used to identify code security issues.
- Newly introduced dependencies are checked against the GitHub Advisory Database for malware advisories, and for any CVSS-rated High or Critical vulnerabilities.
- Secret scanning is used to detect sensitive information such as API keys, tokens, and other secrets.
- Details about the analysis performed and the actions taken by Copilot编程助理 can be reviewed in the session log. See 跟踪GitHub Copilot 的会话.
Optionally, you can disable one or more of the code quality and security validation tools used by Copilot编程助理. See 配置 GitHub Copilot 编码代理的设置.
Copilot编程助理 can push code changes to your repository
To mitigate this risk, GitHub:
- Limits who can trigger the agent. Only users with write access to the repository can trigger Copilot编程助理 to work. Comments from users without write access are never presented to the agent.
- Limits the branch the agent can push to. Copilot编程助理 only has the ability to push to a single branch. When the agent is triggered by mentioning
@copiloton an existing pull request, Copilot has write access to the pull request's branch. In other cases, a newcopilot/branch is created for Copilot, and the agent can only push to that branch. The agent is also subject to any branch protections and required checks for the working repository. - Limits the agent's credentials. Copilot编程助理 can only perform simple push operations. It cannot directly run
git pushor other Git commands. - Requires human review before merging. Draft pull requests created by Copilot编程助理 must be reviewed and merged by a human. Copilot编程助理 cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request.
- Restricts GitHub Actions workflow runs. By default, workflows are not triggered until Copilot编程助理's code is reviewed and a user with write access to the repository clicks the Approve and run workflows button. Optionally, you can configure Copilot to allow workflows to run automatically. See 审查 GitHub Copilot 创建的拉取请求.
- Prevents the user who asked Copilot编程助理 to create a pull request from approving it. This maintains the expected controls in the "Required approvals" rule and branch protection. See 规则集的可用规则.
Copilot编程助理 has access to sensitive information
Copilot编程助理 has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input.
To mitigate this risk, GitHub restricts Copilot编程助理's access to the internet. See 为 GitHub Copilot 编码代理自定义或禁用防火墙.
AI prompts can be vulnerable to injection
Users can include hidden messages in issues assigned to Copilot编程助理 or comments left for Copilot编程助理 as a form of prompt injection.
To mitigate this risk, GitHub filters hidden characters before passing user input to Copilot编程助理: For example, text entered as an HTML comment in an issue or pull request comment is not passed to Copilot编程助理.
Administrators can lose sight of agents' work
To mitigate this risk, Copilot编程助理 is designed to be auditable and traceable.
- Copilot编程助理's commits are authored by Copilot, with the developer who assigned the issue or requested the change to the pull request marked as the co-author. This makes it easier to identify code generated by Copilot编程助理 and who started the task.
- Session logs and audit log events are available to administrators.
- The commit message for each agent-authored commit includes a link to the agent session logs, for code review and auditing. See 跟踪GitHub Copilot 的会话.