Note
You do not need a subscription to GitHub Copilot to use GitHub Copilot Autofix. Copilot Autofix is available to all public repositories on GitHub.com, as well as internal or private repositories owned by organizations and enterprises that have a license for GitHub Code Security.
Disabling Copilot Autofix at any level will close all open Copilot Autofix suggestions that were added as comments on code scanning alerts in pull requests. If Copilot Autofix is later re-enabled, suggestions will only be generated for pull requests opened after that point, or after re-running code scanning security analysis on existing pull requests.
Note
Copilot Autofix is an integral part of GitHub Code Quality and will continue to run on code quality results even when it is disabled for code security results.
For more information about Copilot Autofix, see About Copilot Autofix for code scanning.
Blocking use of Copilot Autofix for an enterprise
Enterprise administrators can disallow Copilot Autofix for security results in their enterprise. If you disallow Copilot Autofix for an enterprise, Copilot Autofix cannot be enabled for any organizations or repositories within the enterprise.
Allowing Copilot Autofix for an enterprise does not enforce enablement of Copilot Autofix, but means that organization and repository administrators will have the option to enable or disable Copilot Autofix for security results.
Disallowing Copilot Autofix at the enterprise level will remove all open Copilot Autofix suggestions that were added as comments on code scanning alerts in pull requests across all repositories of all organizations within the enterprise.
- Navigate to your enterprise. For example, from the Enterprises page on GitHub.com.
- At the top of the page, click Policies.
- Under "Policies", click Advanced Security.
- Under "Copilot Autofix", use the dropdown menu to choose "Not allowed."
Disabling Copilot Autofix for an organization
If Copilot Autofix is allowed at the enterprise level, organization administrators have the option to disable Copilot Autofix for an organization. If you disable Copilot Autofix for an organization, Copilot Autofix cannot be enabled for any repositories within the organization.
Disabling Copilot Autofix at the organization level will remove all open Copilot Autofix suggestions that were added as comments on code scanning alerts in pull requests across all repositories in the organization.
- In the upper-right corner of GitHub, click your profile picture, then click Organizations.
- Next to the organization, click Settings.
- In the "Security" section of the sidebar, click Advanced Security then Global settings.
- Under the "Code scanning" section, deselect Copilot Autofix.
For more information about configuring global code scanning settings, see Configuring global security settings for your organization.
Disabling Copilot Autofix for a repository
If Copilot Autofix is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable Copilot Autofix for a repository. Disabling Copilot Autofix at the repository level will remove all open Copilot Autofix suggestions that were added as comments on code scanning alerts in pull requests across the repository.
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Advanced Security.
-
In the "Code Security" section, deselect Copilot Autofix.
