Before you can roll out a tool like GitHub Copilot in your company, you will likely need signoff from legal, compliance, and cybersecurity teams.
Your company's requirements depend on your industry and location, but common queries include:
- How does Copilot use my company's data?
- Which compliance standards does Copilot meet?
- Will I need to adjust my corporate network for Copilot?
This article collects resources that you can send to teams in your company to accelerate the signoff process. These resources apply to the Copilot业务 and Copilot Enterprise plans.
Legal and privacy teams
These teams need to know the terms that will govern your company's purchase of Copilot.
- If you purchase directly from GitHub, you'll be governed by the GitHub Generative AI Services Terms.
- If you purchase through Microsoft, you'll be governed by Microsoft's Product Terms. This includes both the Microsoft Generative AI Service terms, and terms specifically for GitHub Offerings.
- Copilot also falls under the GitHub Data Protection Agreement. This applies to all generally available (GA) Copilot features and to the preview features listed in GitHub DPA-Covered Previews.
Compliance teams
These teams need to know that Copilot meets your company's regulatory requirements.
The GitHub Enterprise Trust Center answers common compliance questions in its FAQ, and lists attestations for compliance standards in the "Resources" section.
Compliance teams may also want to know about the administrative features available to govern Copilot, such as:
- Policies for managing access to features and models
- Audit logs for monitoring changes to access and settings
- The ability to exclude sensitive content from Copilot's view
For an overview of these features, see GitHub Copilot 功能.
For new GitHub Enterprise customers
If your company is not already using GitHub Enterprise, compliance teams may also want an overview of GitHub's general governance features for things like protecting branches or preventing leaked secrets. See 为企业建立治理框架.
Cybersecurity and IT teams
These teams need to know how Copilot will work with your company's corporate network, authentication systems, and software distribution processes. They may need to learn about:
- The allowlist required for a firewall or proxy to ensure Copilot works as expected. See Copilot 允许列表参考.
- The network protocol that Copilot operates on by default, and your company's options for routing traffic through a proxy server and intercepting traffic. See GitHub Copilot 的网络设置.
- The clients where users will be using Copilot.
- Your enterprise can enable or disable Copilot in IDEs, on GitHub Mobile, in the CLI, and on the GitHub website.
- If your company distributes approved software for users, IT teams may need to approve the supported versions of IDEs. See Copilot 特征矩阵.
For new GitHub Enterprise customers
If your company is not already using GitHub Enterprise, cybersecurity teams may also need to learn about networking and authentication options on GitHub as a whole:
- The full list of IP addresses that will need to be allowed by your network. You can get a list of these from a public API. See 关于GitHub的 IP 地址.
- Options for integrating with an identity provider and enforcing single sign-on for users. See 标识和访问管理基础知识.
- Enterprise network features. Enterprises can enforce IP allow lists and, for Enterprise Managed Users, prevent developers from using their personal account on your corporate network. See 使用 IP 允许列表限制企业网络的流入流量 and 使用公司代理限制对 GitHub.com 的访问.
Even if you're only using GitHub to grant access to Copilot, developers will need to authenticate to GitHub to use their Copilot license.
Further questions
If teams have questions that aren't addressed by these resources, contact your account manager or GitHub 的销售团队.
Next steps
Once teams have signed off on Copilot, you can choose a plan for your enterprise. See 为您的企业选择 GitHub Copilot 计划.