Open bdb-dd opened 10 months ago
@altinnadmin
This is also an relevant analysis https://blog.gitguardian.com/yes-github-copilot-can-leak-secrets/
@bdb-dd Nice issue! :)
First, we should never store secrets in any of our repositores. This is the responsibility of each product team. We've also enabled both secret scanning and push protection across all repos to help avoiding this.
Verify that our repositories are correctly configured to meet our unique file naming conventions.
If there are files with known names with secrets/environment variables, used for local testing, we should configure those at the top level in our github org.
This is also an relevant analysis
Seems like this is only relevant if secrets are hardcoded in a repo, something we should never do.
Seems like this is only relevant if secrets are hardcoded in a repo, something we should never do.
This is relevant also if we store secrets in files inside the repo (but ignored with ‘.gitignore’), because copilot runs in the cloud and obviously needs to transfer parts of your LOCAL repo in order to analyze and provide suggestions. I’m not sure how that data will be used, but it’s a rather obvious problem if your secrets are processed on a server, regardless of how the vendor states they will be used.
Indeed, this issue i meant to cover the sensitive files are excluded from Git, but not yet excluded from Github Copilot. As Ivar mentions, the risk is that all files in the local file system can and will be transferred to Github APIs as a part of the normal operation of Copilot. Given that all content processed by Copilot is subject to some form of content supervision, it is also highly likely that it can be accessed by Github personnel as well.
Interestingly, this exclusion functionality has been rolled back after an initial deploy that didn't go well.
Description
Verify that our repositories are correctly configured to meet our unique file naming conventions.
https://docs.github.com/en/copilot/managing-copilot-business/configuring-content-exclusions-for-github-copilot
Additional Information
No response
Tasks
No response
Acceptance Criterias
No response