Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@ updates:
ignore:
# Because this is so dependent on the remote server we use
- dependency-name: '@elastic/elasticsearch'
# Because whatever we have needs to match what @primer/react also uses
- dependency-name: 'styled-components'
- dependency-name: '*'
update-types:
['version-update:semver-patch', 'version-update:semver-minor']
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,6 @@ If you have confirmed you need `pull_request_target`, apply these controls to li

* **Ensure the underlying compute is isolated and ephemeral.** If self-hosted runners are used, you must confirm that the runner environment is properly restricted from internal resources and is not reused across {% data variables.product.prodname_actions %} runs. For more information, see [AUTOTITLE](/actions/reference/security/secure-use#hardening-for-self-hosted-runners).

* **Gate runs behind approval.** `pull_request_target` workflows can be gated behind a required `label` that only users with write access can add. This is detailed in the {% data variables.product.prodname_security %} [guidance on preventing pwn requests](https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/#preventing-pwn-requests).

* **Enforce {% data variables.product.prodname_actions %} security best practices.** In addition to the specific risks of pwn requests, other common vulnerabilities, such as command injection, can exist and impact the code executed in this privileged event. For more information, see [Keeping your GitHub Actions and workflows secure: Untrusted input](https://securitylab.github.com/resources/github-actions-untrusted-input/) from the {% data variables.product.prodname_security %}. To identify and proactively protect against common {% data variables.product.prodname_actions %} vulnerabilities, enable {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_actions %}. For more information, see [AUTOTITLE](/code-security/how-tos/find-and-fix-code-vulnerabilities/configure-code-scanning/configure-code-scanning).

## Opting out of built-in protections
Expand All @@ -81,6 +79,10 @@ If you have worked through the questions above and confirmed your workflow requi

This protection only covers fork pull request refs. Checking out other untrusted code, such as an unrelated third-party repository, fetching code with `git fetch` or `gh pr checkout`, or running a downloaded artifact, is not covered by the `actions/checkout` checks.

{% ifversion fpt or ghec %}

## Restricting the use of pull_request_target

Repository, organization, and enterprise administrators can use Workflow execution protections to control which events and actors can trigger workflows. If a repository has no legitimate use for `pull_request_target`, restricting it removes the risk regardless of how individual workflows are written.
If a repository has no legitimate use for `pull_request_target`, restricting the event removes the risk regardless of how individual workflows are written. Administrators can use workflow execution protections to control which events and actors can trigger workflows. For more information, see the workflow execution protections documentation for repositories ([AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/actions-policies/workflow-execution-protections)){% ifversion ghec %}, organizations ([AUTOTITLE](/organizations/managing-organization-settings/actions-policies/workflow-execution-protections)), and across your enterprise ([AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/actions-policies/workflow-execution-protections)){% else %} and organizations ([AUTOTITLE](/organizations/managing-organization-settings/actions-policies/workflow-execution-protections)){% endif %}.

{% endif %}
4 changes: 2 additions & 2 deletions content/copilot/concepts/about-cloud-and-local-sandboxes.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ Once enabled, commands that {% data variables.product.prodname_copilot_short %}

### Cross-platform support

Local sandboxing is available across macOS, Linux, and Windows, delivering a consistent isolation experience regardless of your operating system.
Local sandboxing is available on macOS and Linux. Sandboxing support and isolation behavior vary by platform because each operating system uses a different sandboxing backend. Windows is supported on Windows Insiders builds. For details on current limitations, see [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/configuring-local-sandbox-settings).

### Enterprise policy enforcement

Expand Down Expand Up @@ -111,5 +111,5 @@ For more information about how cloud sandbox usage is measured and billed, see [
## Further reading

* [AUTOTITLE](/copilot/concepts/agents/copilot-cli/about-copilot-cli)
* [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization)
* [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-sandboxes-for-your-organization)
* [AUTOTITLE](/copilot/how-tos/set-up/install-copilot-cli)
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ category:
- Manage Copilot for a team
---

{% data reusables.copilot.byok-intro %} {% data reusables.copilot.byok-no-subscription-required %}
{% data reusables.copilot.byok-intro %}

> [!NOTE]
> This article covers custom models configured by enterprise owners. {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %} users can also use their own LLM keys locally. See [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/use-byok-models) and [Add a model from a built in provider](https://code.visualstudio.com/docs/agent-customization/language-models#_add-a-model-from-a-built-in-provider) in the {% data variables.product.prodname_vscode_shortname %} documentation.

## Why bring your own API keys?

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ category:
- Manage Copilot for a team
---

{% data reusables.copilot.byok-intro %} {% data reusables.copilot.byok-no-subscription-required %}
{% data reusables.copilot.byok-intro %}

> [!NOTE]
> This article covers custom models configured by organization owners. {% data variables.copilot.copilot_cli_short %} and {% data variables.product.prodname_vscode_shortname %} users can also configure their own LLM provider locally, without any administrator setup. See [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/use-byok-models) and [Add a model from a built in provider](https://code.visualstudio.com/docs/agent-customization/language-models#_add-a-model-from-a-built-in-provider) in the {% data variables.product.prodname_vscode_shortname %} documentation.

## Why bring your own API keys?

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,11 @@ docsTeamMetrics:
- copilot-cli
---

{% data reusables.cli.public-preview-sandbox %}
{% data reusables.cli.public-preview-sandbox %}

> [!IMPORTANT]
> Local sandboxing on Windows requires a Windows Insiders build.


## About local sandbox configuration

Expand Down Expand Up @@ -40,7 +44,7 @@ The **General** tab controls the top-level sandbox behavior.

## Configuring filesystem settings

The **Filesystem** tab controls which directories and files the sandboxed process can access. By default, the sandbox restricts filesystem access to prevent unintended reads or writes outside your project.
The **Filesystem** tab controls which directories and files the sandboxed process can access. By default, the sandbox restricts writes outside your working directory.

| Setting | Description |
| --- | --- |
Expand Down Expand Up @@ -68,7 +72,15 @@ The **Network** tab controls whether sandboxed processes can make network connec

### Adding network host rules

You can add specific host rules to allow or block access to individual hosts when outbound connections are otherwise restricted.
> [!WARNING]
> Per-host network filtering with `allowedHosts` and `blockedHosts` is currently not reliable across platforms. Do not rely on host rules to enforce network isolation.

The `/sandbox` UI allows you to add host rules, but these rules have known platform limitations:

* **macOS**: `allowedHosts` rules silently degrade to unrestricted outbound access, and `blockedHosts` rules are not supported.
* **Linux**: Host rules are not a reliable way to allow selected hosts when outbound connections are disabled.

If the UI presents host rule options, you can add them using the steps below, but they are not suitable for security enforcement.

1. In the **Network** tab, press <kbd>A</kbd> to add a new host rule.
1. Enter the hostname.
Expand All @@ -88,5 +100,5 @@ These commands change the **Sandboxing enabled** setting on the **General** tab.
## Further reading

* [AUTOTITLE](/copilot/concepts/about-cloud-and-local-sandboxes)
* [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization)
* [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-sandboxes-for-your-organization)
* [AUTOTITLE](/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli)
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
---
title: Enabling or disabling {% data variables.copilot.sandbox %} for your organization
shortTitle: Enable or disable sandboxes
title: Enabling or disabling cloud sandboxes for your organization
shortTitle: Enable or disable cloud sandboxes
allowTitleToDifferFromFilename: true
intro: 'You can control whether members of your organization can use {% data variables.copilot.sandbox %} by managing the sandbox access policy in your organization settings.'
intro: 'You can control whether members of your organization can use cloud sandboxes by managing the sandbox access policy in your organization settings.'
permissions: Organization owners
redirect_from:
- /copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization
versions:
feature: copilot
contentType: how-tos
Expand All @@ -13,15 +15,15 @@ category:

{% data reusables.cli.public-preview-sandbox %}

## About enabling and disabling {% data variables.copilot.sandbox %}
## About enabling and disabling cloud sandboxes

Organization owners can control whether members of their organization have access to {% data variables.copilot.sandbox %} by configuring the sandbox access policy. By default, sandbox access is disabled for organization members.
Organization owners can control whether members of their organization have access to cloud sandboxes by configuring the sandbox access policy. By default, sandbox access is disabled for organization members.

When sandbox access is **Disabled**, sandboxes are not available for any organization members. When sandbox access is **Enabled for all members**, all organization members can use {% data variables.copilot.sandbox_short %}.
When cloud sandbox access is **Disabled**, cloud sandboxes are not available for any organization members. When cloud sandbox access is **Enabled for all members**, all organization members can use cloud sandboxes.

For more information about {% data variables.copilot.sandbox %}, see [AUTOTITLE](/copilot/concepts/about-cloud-and-local-sandboxes).
For more information about cloud sandboxes, see [AUTOTITLE](/copilot/concepts/about-cloud-and-local-sandboxes).

## Enabling or disabling {% data variables.copilot.sandbox %}
## Enabling or disabling cloud sandboxes

{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
Expand Down
2 changes: 1 addition & 1 deletion content/copilot/how-tos/cloud-and-local-sandboxes/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ intro: 'Manage {% data variables.copilot.sandbox %} for your organization.'
versions:
feature: copilot
children:
- /enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization
- /enabling-or-disabling-cloud-sandboxes-for-your-organization
- /configuring-local-sandbox-settings
contentType: how-tos
---
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ You can enable or disable {% data variables.copilot.copilot_cli_short %} at the

Users can only access AI models that are enabled at the enterprise level. When you enable or disable models in your enterprise settings, those changes are reflected in {% data variables.copilot.copilot_cli_short %}. Users can view which models are available to them using the `/model` command.

Enterprise and organization owners can provide keys for custom models. Users can select these like any other model: with the {% data variables.copilot.copilot_cli_short %} model selector, the `--model` flag, or environment variables. See [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys).

Separately, users can also provide their own LLM keys locally. This is not controlled by enterprise policies. See [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/use-byok-models).

### Custom agents

Enterprise-configured custom agents are available to use with {% data variables.copilot.copilot_cli_short %}.
Expand All @@ -63,7 +67,6 @@ All other controls do **not** affect {% data variables.copilot.copilot_cli_short

* **IDE-specific policies**: Policies configured for specific IDEs or editor extensions
* **Content exclusions**: File path-based content exclusions
* **User-configured model providers (BYOK)**: Users can configure {% data variables.copilot.copilot_cli_short %} to use their own model providers via environment variables. This is configured at the _user level_ and cannot be controlled by enterprise policies.

## Why can't my developers access {% data variables.copilot.copilot_cli_short %}?

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ docsTeamMetrics:

You can configure {% data variables.copilot.copilot_cli_short %} to use your own LLM provider, also called BYOK (Bring Your Own Key), instead of {% data variables.product.github %}-hosted models. This lets you connect to OpenAI-compatible endpoints, Azure OpenAI, or Anthropic, including locally running models such as Ollama.

> [!NOTE]
> This article is for users who want to configure their own LLM provider API key on their local machine. To set up custom models for users in an enterprise, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for-enterprise/use-your-own-api-keys).

## Prerequisites

* {% data variables.copilot.copilot_cli_short %} is installed. See [AUTOTITLE](/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli).
Expand Down Expand Up @@ -82,7 +85,7 @@ Use the following steps if you are connecting to OpenAI, Ollama, vLLM, Foundry L
export COPILOT_PROVIDER_API_KEY=YOUR-AZURE-API-KEY
export COPILOT_MODEL=YOUR-DEPLOYMENT-NAME
```

Replace the following placeholders:

* `YOUR-RESOURCE-NAME`: your Azure OpenAI resource name
Expand Down Expand Up @@ -110,7 +113,7 @@ Use the following steps if you are connecting to OpenAI, Ollama, vLLM, Foundry L

You can run {% data variables.copilot.copilot_cli_short %} in offline mode to prevent it from contacting {% data variables.product.github %}'s servers. This is designed for isolated environments where the CLI should communicate only with your local or on-premises model provider.

> [!IMPORTANT]
> [!IMPORTANT]
> Offline mode only guarantees full network isolation if your provider is also local or within the same isolated environment. If `COPILOT_PROVIDER_BASE_URL` points to a remote endpoint, your prompts and code context are still sent over the network to that provider.

1. Configure your provider environment variables as described in Configuring your provider.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ A dedicated policy exists to enable or disable each supported feature or surface
| --- | --- | --- | --- | --- | --- | --- | --- |
| Editor preview features | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
| {% data variables.product.prodname_copilot_short %} can search the web | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Enable custom models | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Enable custom models | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Suggestions matching public code | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}[^1] | {% octicon "check" aria-label="Supported" %}[^1] | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
| MCP servers in {% data variables.product.prodname_copilot_short %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| Restrict MCP access to registry servers | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
Expand Down
1 change: 0 additions & 1 deletion data/reusables/copilot/byok-why.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,3 @@
* **Cost management:** Align with your existing payment methods, contracts, credits, or negotiated rates, and avoid usage overages.
* **Visibility and control:** Manage which models your team can access, and monitor usage through your provider's existing dashboards and billing.
* **Flexibility:** Support custom or specialized models that your organization already uses.
* **Air-gapped environments:** Use {% data variables.product.prodname_copilot_short %} in isolated networks without any dependency on {% data variables.product.github %}'s REST API in either {% data variables.product.prodname_vscode_shortname %} or {% data variables.copilot.copilot_cli_short %}.
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* Mentions of users, teams, and organizations in pull request, issue, release, and comment bodies (the username originally mentioned is retained)
* Packages in {% data variables.product.prodname_registry %}
* {% data variables.product.prodname_projects_v2 %} (the new projects experience)
* Reciprocal links from mentions of issues, pull requests, discussions, teams, or milestones
* References between pull requests and issues in different repositories (see [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/autolinked-references-and-urls))
* Remediation states of {% data variables.product.prodname_secret_scanning %} results
* Repositories owned by user accounts
Expand Down
Loading
Loading