Агент кодирования Copilot is an autonomous agent that has access to your code and can push changes to your repository. This entails certain risks.
Where possible, GitHub has applied appropriate mitigations. This gives Агент кодирования Copilot a strong base of built-in security protections that you can supplement by following best practice guidance.
Unvalidated code can introduce vulnerabilities
По умолчанию Агент кодирования Copilot проверяет генерируемый им код на предмет вопросов безопасности и получает второе мнение по своему коду с помощью Обзор кода Copilot. Он пытается устранить проблемы, выявленные до завершения pull request. Это повышает качество кода и снижает вероятность того, что код, сгенерированный Агент кодирования Copilot, может привести к проблемам, таким как жёстко закодированные секреты, небезопасные зависимости и другие уязвимости. Агент кодирования Copilot's security validation does not require a GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security license.
- CodeQL is used to identify code security issues.
- Newly introduced dependencies are checked against the GitHub Advisory Database for malware advisories, and for any CVSS-rated High or Critical vulnerabilities.
- Secret scanning is used to detect sensitive information such as API keys, tokens, and other secrets.
- Details about the analysis performed and the actions taken by Агент кодирования Copilot can be reviewed in the session log. See Отслеживание сессий GitHub Copilot.
Optionally, you can disable one or more of the code quality and security validation tools used by Агент кодирования Copilot. See Настройка настроек для агента кодирования GitHub Copilot.
Агент кодирования Copilot can push code changes to your repository
To mitigate this risk, GitHub:
- Limits who can trigger the agent. Only users with write access to the repository can trigger Агент кодирования Copilot to work. Comments from users without write access are never presented to the agent.
- Limits the branch the agent can push to. Агент кодирования Copilot only has the ability to push to a single branch. When the agent is triggered by mentioning
@copiloton an existing pull request, Copilot has write access to the pull request's branch. In other cases, a newcopilot/branch is created for Copilot, and the agent can only push to that branch. The agent is also subject to any branch protections and required checks for the working repository. - Limits the agent's credentials. Агент кодирования Copilot can only perform simple push operations. It cannot directly run
git pushor other Git commands. - Requires human review before merging. Draft pull requests created by Агент кодирования Copilot must be reviewed and merged by a human. Агент кодирования Copilot cannot mark its pull requests as "Ready for review" and cannot approve or merge a pull request.
- Restricts GitHub Actions workflow runs. By default, workflows are not triggered until Агент кодирования Copilot's code is reviewed and a user with write access to the repository clicks the Approve and run workflows button. Optionally, you can configure Copilot to allow workflows to run automatically. See Просмотр pull request, созданного GitHub Copilot.
- Prevents the user who asked Агент кодирования Copilot to create a pull request from approving it. This maintains the expected controls in the "Required approvals" rule and branch protection. See Доступные правила для наборов правил.
Агент кодирования Copilot has access to sensitive information
Агент кодирования Copilot has access to code and other sensitive information, and could leak it, either accidentally or due to malicious user input.
To mitigate this risk, GitHub restricts Агент кодирования Copilot's access to the internet. See Настройка или отключение межсетевого экрана для программистского агента GitHub Copilot.
AI prompts can be vulnerable to injection
Users can include hidden messages in issues assigned to Агент кодирования Copilot or comments left for Агент кодирования Copilot as a form of prompt injection.
To mitigate this risk, GitHub filters hidden characters before passing user input to Агент кодирования Copilot: For example, text entered as an HTML comment in an issue or pull request comment is not passed to Агент кодирования Copilot.
Administrators can lose sight of agents' work
To mitigate this risk, Агент кодирования Copilot is designed to be auditable and traceable.
- Агент кодирования Copilot's commits are authored by Copilot, with the developer who assigned the issue or requested the change to the pull request marked as the co-author. This makes it easier to identify code generated by Агент кодирования Copilot and who started the task.
- Session logs and audit log events are available to administrators.
- The commit message for each agent-authored commit includes a link to the agent session logs, for code review and auditing. See Отслеживание сессий GitHub Copilot.