KodeKloud Notes

Learn how to configure content exclusion in GitHub Copilot to safeguard sensitive data. By specifying files or directories to ignore, you can prevent accidental exposure of proprietary code, customer data, and credentials.

Content exclusion offers three key benefits:

No code completions in excluded files
Excluded content has zero influence on suggestions in other files
Copilot Chat will not reference excluded content

The image outlines "Content Exclusion" with three points: no code completions, no suggestions, and no chat data, explaining how excluded content affects these areas.

Who Can Configure Exclusions?

Different roles can manage content exclusion at various scopes:

Role	Scope	Permissions
Repository Administrator	Individual repo	Create, update, and remove exclusion rules
Organization Owner	All organization	Define patterns for every Copilot user
Maintainer	Individual repo	View settings; cannot modify

The image explains who can configure content exclusion, detailing roles such as Repository Administrators, Organization Owners, and those with a "Maintain" role, along with their specific permissions.

Warning

Content exclusion is available only to GitHub Copilot Business and Enterprise subscribers. It is not included in individual plans.

Repository-Level Exclusion

Exclude sensitive directories or files within a single repository:

Navigate to Settings → Copilot → Content Exclusion.
Add fnmatch patterns (wildcards supported).
Click Save to apply immediately.

The image shows a code editor with a file directory on the left and JavaScript code on the right. There's also a section titled "Repository-Level Exclusion" with instructions on specifying a pattern for exclusion.

Example: Exclude a config/ directory and its contents.

# Patterns in the repository-level settings
config/**
*.secret.js

// src/App.js
import { useState } from 'react';
// This file is processed by Copilot since it's not excluded.
function App() {
  const [image, setImage] = useState(null);
  // ...
  return <div>App Component</div>;
}

Note

Use fnmatch patterns to fine-tune exclusions. For details, see the fnmatch documentation.

Organization-Level Exclusion

Enforce rules across all repos and file paths in your organization:

Go to Organization Settings → Copilot → Content Exclusion.
Choose scope: Git repositories or file system.
Define fnmatch patterns and save.

The image is a flowchart titled "Organization-Level Exclusion," detailing steps for accessing settings, defining scope, and applying patterns for file exclusion in Git repositories.

With this approach, privacy rules remain consistent organization-wide.

Pattern-Matching Techniques

Use these common fnmatch-style patterns to exclude content:

Pattern	Description
`secrets.json`	Excludes any file named exactly `secrets.json`.
`*.cfg`	Excludes all `.cfg` files.
`*/scripts/.js`	Excludes every `.js` in a `scripts` folder anywhere.
`!allowed/*.cfg`	Negates a previous pattern to allow specific files.

Combine patterns for granular control—exclude .env globally but allow /.env.local.

Real-World Applications

Proprietary algorithms and secret business logic
Customer PII and personal data
API keys, tokens, and system credentials

Limitations and Benefits

Aspect	Details
Limitations	IDEs might still index excluded files for semantic features; visual indicators only hint at exclusion.
Benefits	Stronger data protection, regulatory compliance, and confidence in AI suggestions.

Exam Relevance

Mastering content exclusion is essential for GitHub Copilot certification. It demonstrates best practices for balancing productivity with security in modern development workflows.

The image is a slide titled "Exam Relevance" with two points: the importance of GitHub Copilot certification and balancing productivity with security needs.

Links and References

Watch Video

Watch video content