GitHub Community
Workspace-level Enable setting removed in Copilot extension causing security and usability issues #193048
Replies: 3 comments 1 reply
-
|
💬 Your Product Feedback Has Been Submitted 🎉 Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users. Here's what you can expect moving forward ⏩
Where to look to see what's shipping 👀
What you can do in the meantime 💻
As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities. Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐ |
Beta Was this translation helpful? Give feedback.
-
|
Hi @kamehamefaaa 👋 This is a valid and important concern. The recent change in the GitHub Copilot extension — where you can now only disable Copilot per workspace instead of enabling it — shifts from an allowlist to a blocklist model. This indeed increases the risk of accidentally exposing sensitive data (e.g., customer info, secrets) if you forget to disable it in a workspace. Current Best Practices for Sensitive Data:
Many enterprise users share the same feedback: restoring a workspace-level "Enable" option would be much safer and more user-friendly than the current disable-only approach. Your request for clarification and a possible revert/ improvement has been noted. In the meantime, upvoting this discussion and adding your use case helps prioritize it with the Copilot team. If you have more details about your setup (e.g., enterprise vs individual), feel free to share. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @asaddevx, Thank you for your confirmation and response. This case is related to enterprise use. Unfortunately, I’m unable to provide further details due to NDA and similar restrictions. What we are trying to achieve is simply to prevent situations where the use of GitHub Copilot is unintentionally allowed due to human error. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Product Feedback
Body
Hello,
I would like to raise a concern regarding recent changes to the GitHub Copilot extension in VS Code.
Previously, it was possible to enable Copilot on a per-workspace basis. However, after a recent update, this behavior appears to have changed, and now Copilot must be disabled per workspace instead.
This change introduces several practical and security challenges:
1. Increased risk when handling sensitive data
In directories containing sensitive information (e.g., customer data), Copilot must not be allowed to read or process files.
With the current behavior, I now need to manually set "Disable (Workspace)" every time I open such a directory. This creates a risk of human error—if I forget to disable Copilot, it may unintentionally access sensitive data via Copilot Chat.
2. Configuration overhead
To mitigate this, I would need to disable Copilot across all parent directories (e.g., from
/orC:down to specific folders) to ensure there is no misrecognition of the active workspace.This is not practical and significantly increases configuration complexity.
3. Workarounds are cumbersome
As a workaround, I have considered running development environments inside Docker containers and mounting only safe directories, thereby limiting what Copilot can access.
However, this approach introduces substantial overhead and negatively impacts the development experience.
In large enterprise environments, using virtual machines is also not a simple alternative due to additional security configuration requirements.
4. Request
Given these challenges, could you please:
This functionality was very helpful for maintaining both usability and security, and its removal has made workflows significantly more difficult.
Thank you for your consideration.
Beta Was this translation helpful? Give feedback.
All reactions