Skip to content

Security and Data Privacy

Security and Privacy Considerations

Unlike the pro version, both the business and enterprise tiers ensure that your code from private repositories is not used. There is no code snippet collection.

Best practices for Secure Coding with GitHub Copilot

  • Review Generated Code: Always review the code generated by GitHub Copilot. It's an AI and can make mistakes. It's also not aware of your specific security policies or requirements.
  • Avoid Sensitive Information: Never ask Copilot to generate code that includes sensitive information like passwords, API keys, or other secrets. It doesn't have access to such data, but it's a good practice to avoid even the possibility.
  • Use Private Repositories: If you're working on proprietary or sensitive code, use private repositories. GitHub Copilot is trained on public code, so using private repositories ensures your code isn't inadvertently exposed.
  • Update Dependencies: If Copilot suggests code that includes dependencies, make sure to keep those dependencies updated. Outdated dependencies can have known security vulnerabilities.
  • Secure Coding Standards: Ensure that the code generated by Copilot adheres to your organization's secure coding standards. This includes things like input validation, proper error handling, and secure use of cryptography.
  • Security Scanning Tools: Use automated security scanning tools to check the code generated by Copilot. This can help catch potential security issues that might be missed during manual code review.
  • Training: Train your developers on how to use Copilot securely. This includes understanding its limitations and potential risks.

How is my data being used when interacting with Copilot?

As an enterprise user of GitHub Copilot, your data is used in the following ways:

  • Training Data: GitHub Copilot is trained on a dataset of public code from GitHub. It does not use your private code to improve its suggestions.
  • Code Suggestions: When you use GitHub Copilot, it uses your current code context to provide relevant suggestions. This data is sent to GitHub's servers for processing, but it is not used to improve the model.
  • Data Storage: The code you write while using GitHub Copilot is stored locally on your machine. GitHub does not store the code you write or the suggestions Copilot makes.
  • Privacy: GitHub takes privacy seriously. They have strict policies and procedures in place to protect your data.

For more detailed information, you should refer to GitHub's privacy policy and the documentation for GitHub Copilot.

If you have any concerns about private code showing up for other users, that code is likely a coincidence. The AI model generates code based on patterns it learned during training, and it's possible for it to generate similar or even identical code snippets to those in your private repositories simply because similar patterns exist in the public code it was trained on. However, if you believe there has been a breach of privacy, you should contact GitHub support immediately. They can investigate the issue and take appropriate action if necessary.