jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity
Files
8c62486a96baf5ee9b4771b28deaff6978375b18
docs/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md
Felicity Chapman 8c62486a96 Docs for new Secret risk assessment, GHAS SKU unbundling, and expansion to Team plan - ships 1st April (UK morning) (#54748) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Co-authored-by: Hector Alfaro <hectorsector@github.com>
Co-authored-by: Vanessa <vgrl@github.com>
Co-authored-by: Erin Havens <erinhav@github.com>
Co-authored-by: Aaron Waggener <73763104+aaronwaggener@users.noreply.github.com>
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
Co-authored-by: Sarah Schneider <sarahs@users.noreply.github.com>
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
2025-04-01 10:29:37 +00:00

61 lines
6.3 KiB
Markdown
Raw Blame History

---
title: Disabling Copilot Autofix for code scanning
shortTitle: Disable Copilot Autofix
allowTitleToDifferFromFilename: true
intro: You can choose to disallow {% data variables.product.prodname_copilot_autofix %} for an enterprise or disable {% data variables.product.prodname_copilot_autofix %} at the organization and repository level.
product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
versions:
feature: code-scanning-autofix
type: how_to
topics:
- Code Security
- Code scanning
- CodeQL
- AI
---
## About disabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}
{% data variables.product.prodname_copilot_autofix %} is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %}. It provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts (including {% data variables.product.prodname_codeql %} alerts) so they can avoid introducing new security vulnerabilities. To learn more about {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning).
{% data reusables.rai.code-scanning.copilot-autofix-note %}
{% data variables.product.prodname_copilot_autofix_short %} is allowed by default and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt out and disable {% data variables.product.prodname_copilot_autofix_short %}.
Note that disabling {% data variables.product.prodname_copilot_autofix_short %} at any level will close all open {% data variables.product.prodname_copilot_autofix_short %} comments. If {% data variables.product.prodname_copilot_autofix_short %} is disabled and then subsequently enabled, {% data variables.product.prodname_copilot_autofix_short %} won't automatically suggest fixes for any pull requests that are already open. The suggestions will only be generated for any pull requests that are opened after {% data variables.product.prodname_copilot_autofix_short %} is enabled, or after re-running {% data variables.product.prodname_code_scanning %} analysis on existing pull requests.
## Blocking use of {% data variables.product.prodname_copilot_autofix_short %} for an enterprise
Enterprise administrators can disallow {% data variables.product.prodname_copilot_autofix_short %} for their enterprise. If you disallow {% data variables.product.prodname_copilot_autofix_short %} for an enterprise, {% data variables.product.prodname_copilot_autofix_short %} cannot be enabled for any organizations or repositories within the enterprise.
Note that allowing {% data variables.product.prodname_copilot_autofix_short %} for an enterprise does not enforce enablement of {% data variables.product.prodname_copilot_autofix_short %}, but means that organization and repository administrators will have the option to enable or disable {% data variables.product.prodname_copilot_autofix_short %}.
Disallowing {% data variables.product.prodname_copilot_autofix_short %} at the enterprise level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across all repositories of all organizations within the enterprise.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
1. Under "{% data variables.product.prodname_copilot_autofix_short %}", use the dropdown menu to choose "Not allowed."
## Disabling {% data variables.product.prodname_copilot_autofix_short %} for an organization
If {% data variables.product.prodname_copilot_autofix_short %} is allowed at the enterprise level, organization administrators have the option to disable {% data variables.product.prodname_copilot_autofix_short %} for an organization. If you disable {% data variables.product.prodname_copilot_autofix_short %} for an organization, {% data variables.product.prodname_copilot_autofix_short %} cannot be enabled for any repositories within the organization.
Note that disabling {% data variables.product.prodname_copilot_autofix_short %} at the organization level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across all repositories in the organization.
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.security-configurations.display-global-settings %}
1. Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}** or **{% data variables.product.prodname_copilot_autofix_short %} for third-party tools**.
For more information about configuring global {% data variables.product.prodname_code_scanning %} settings, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#configuring-global-code-scanning-settings).
## Disabling {% data variables.product.prodname_copilot_autofix_short %} for a repository
If {% data variables.product.prodname_copilot_autofix_short %} is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable {% data variables.product.prodname_copilot_autofix_short %} for a repository. Disabling {% data variables.product.prodname_copilot_autofix_short %} at the repository level will remove all open {% data variables.product.prodname_copilot_autofix_short %} comments across the repository.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-code-security-and-analysis %}
1. In the "{% data variables.product.UI_code_security_scanning %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}** or **{% data variables.product.prodname_copilot_autofix_short %} for third-party tools**.
Reference in New Issue View Git Blame Copy Permalink