Domain 6: Configure Privacy, Content Exclusions, and Safeguards (10โ15%) โ
โ Domain 5 ยท Cheatsheet โ
Exam Tip
This domain is about admin-level configuration โ knowing how to prevent sensitive code from being used as Copilot context and how to enable safeguards that protect code quality and license compliance.
Content Exclusions โ
Content exclusions prevent GitHub Copilot from using specific files or directories as context for suggestions.
What They Do โ
- Excluded files: Copilot will NOT use them as context (even if open in the editor)
- Excluded files: Copilot will NOT suggest code from them to other users
- Applies to: suggestions, Copilot Chat, pull request summaries
What They Don't Do โ
- Exclusions do NOT prevent users from manually pasting excluded content into a chat
- Exclusions are not a full data loss prevention (DLP) solution โ they reduce exposure, not eliminate it
Configuring Content Exclusions โ
Repository-level (in /.github/copilot-instructions.md or repository settings):
# .github/copilot_exclusions.yml (via repo settings UI)
- path: "src/sensitive/**"
- path: "config/secrets.yaml"Organization-level: Set in Org Settings โ Copilot โ Content Exclusions (Copilot Business/Enterprise required)
Output Ownership and Limitations โ
- You own the output: Code generated by Copilot is considered your work under GitHub's terms of service
- No copyright assignment: GitHub does not claim copyright over Copilot-generated code
- License risk: Generated code may resemble public open source code โ duplication detection mitigates this
- Disclosure: Some organizations require disclosure when AI tools are used to generate production code
Duplication Detection โ
Duplication detection is a safeguard that filters Copilot suggestions when they match code in public GitHub repositories.
How It Works โ
- Copilot compares suggestions against an index of public GitHub code
- If a suggestion matches a public repository verbatim (or near-verbatim), it is filtered out
- The filter is configurable: show a warning with the match, or block outright
Enabling Duplication Detection โ
- Individual: User Settings โ GitHub Copilot โ Suggestions matching public code
- Business/Enterprise: Org Settings โ Copilot โ Policies โ Suggestions matching public code
Limitations โ
- Duplication detection only matches public GitHub repos โ it does not scan npm, PyPI, or other registries
- It catches verbatim matches, not paraphrased or structurally similar code
- It is a risk mitigation tool, not a legal guarantee
Security Warnings โ
Copilot can detect and flag suggestions that contain patterns associated with known security vulnerabilities.
What It Flags โ
- Hardcoded credentials (API keys, passwords)
- SQL injection patterns
- Cross-site scripting (XSS) patterns
- Insecure cryptography usage
- Path traversal vulnerabilities
Enabling Security Warnings โ
- Individual: User Settings โ GitHub Copilot โ Enable security warnings
- Business/Enterprise: Org Settings โ Copilot โ Policies โ Enable security warnings
How to Respond to a Warning โ
- Review the flagged suggestion carefully
- If genuinely insecure: reject the suggestion and write a safer implementation
- If a false positive: understand why Copilot flagged it before accepting
Resolving Issues with Suggestions and Exclusions โ
| Problem | Cause | Fix |
|---|---|---|
| Copilot suggests code from a sensitive file | Content exclusions not configured | Add file/path to content exclusions |
| Exclusions configured but Copilot still uses the file | Incorrect path pattern in exclusion config | Verify path syntax matches your repo structure |
| No suggestions appearing | File type may not be supported | Check that the language is enabled in Copilot settings |
| Suggestions look like public repo code | Duplication detection disabled | Enable in settings |
| Security warning on valid code | False positive from pattern matching | Review the code; accept if genuinely safe |
Domain 6 Quick Quiz
What do content exclusions prevent Copilot from doing?
(Click to reveal)