Disabling Copilot Autofix for code scanning security alerts

About disabling Copilot Autofix for code scanning

GitHub Copilot Autofix is a GitHub Copilot-powered expansion of code scanning. It provides users with targeted recommendations to help them fix code scanning alerts (including CodeQL alerts) so they can avoid introducing new security vulnerabilities. To learn more about Copilot Autofix for code scanning, see Verantwortungsbewusste Nutzung von Copilot Autofix für das Scannen von Code.

Copilot Autofix is allowed by default and enabled for every repository that uses CodeQL, regardless of whether it uses default or advanced setup for code scanning. Administrators at the enterprise, organization and repository levels can choose to opt out and disable Copilot Autofix for security alerts.

Note that disabling Copilot Autofix at any level will close all open Copilot Autofix suggestions on security comments. If Copilot Autofix is disabled and then subsequently enabled, Copilot Autofix won't automatically suggest fixes for any pull requests that are already open. The suggestions will only be generated for any pull requests that are opened after Copilot Autofix is enabled, or after re-running code scanning security analysis on existing pull requests.

Blocking use of Copilot Autofix for an enterprise

Enterprise administrators can disallow Copilot Autofix for security results in their enterprise. If you disallow Copilot Autofix for an enterprise, Copilot Autofix cannot be enabled for any organizations or repositories within the enterprise.

Note that allowing Copilot Autofix for an enterprise does not enforce enablement of Copilot Autofix, but means that organization and repository administrators will have the option to enable or disable Copilot Autofix for security results.

Disallowing Copilot Autofix at the enterprise level will remove all open Copilot Autofix suggestions on security comments across all repositories of all organizations within the enterprise.

1. Klicke oben auf der Seite auf Policies.
2. Klicke unter „Policies“ auf Advanced Security.
3. Under "Copilot Autofix", use the dropdown menu to choose "Not allowed."

Disabling Copilot Autofix for an organization

If Copilot Autofix is allowed at the enterprise level, organization administrators have the option to disable Copilot Autofix for an organization. If you disable Copilot Autofix for an organization, Copilot Autofix cannot be enabled for any repositories within the organization.

Note that disabling Copilot Autofix at the organization level will remove all open Copilot Autofix suggestions on security comments across all repositories in the organization.

1. Klicke in der rechten oberen Ecke von GitHub auf dein Profilbild und dann auf Your organizations.
2. Klicke neben der Organisation auf Einstellungen.
3. Klicke im Abschnitt „Security“ der Randleiste auf Advanced Security und anschließend auf Global settings.
4. Under the "Code scanning" section, deselect Copilot Autofix.

For more information about configuring global code scanning settings, see Konfigurieren globaler Sicherheitseinstellungen für Ihre Organisation.

Disabling Copilot Autofix for a repository

If Copilot Autofix is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable Copilot Autofix for a repository. Disabling Copilot Autofix at the repository level will remove all open Copilot Autofix suggestions on security comments across the repository.

1. Navigieren Sie auf GitHub zur Hauptseite des Repositorys.

2. Klicke unter dem Repositorynamen auf Settings. Wenn die Registerkarte „Einstellungen“ nicht angezeigt wird, wähle im Dropdownmenü die Option Einstellungen aus.

   

3. Klicke im Abschnitt „Security“ der Randleiste auf Advanced Security.

4. In the "Code Security" section, deselect Copilot Autofix.