This week: 0% of 499 scanned repos had .copilotignore.See Radar #4 →

What it is

Copilot content exclusions define files and paths that Copilot should not use as context or for suggestions. They are configured in repository or organization settings, and some community tooling reads a .copilotignore file.

Why use it

Excluding secrets and sensitive paths keeps them out of Copilot suggestions and context. It is the supported way to limit what Copilot can see in a repository.

How to set it up

For official content exclusions, configure them in your repository or organization settings under Copilot. Where supported, add a .copilotignore with gitignore-style patterns.

Example .copilotignore
.env
.env.*
*.pem
*.key
secrets/

Official GitHub Copilot docs →

What to exclude

Common sensitive categories worth adding to .copilotignore:

FAQ

Is .copilotignore an official file?
Official exclusions are configured in GitHub settings (content exclusions). A .copilotignore file is used by some community tools — check what your setup supports.

Check your own project

158 of 499 repos this week exposed sensitive paths to AI tools. Check yours in seconds:

Run the same local check with Offsend CLI:

brew install --cask offsend/tap/offsend-cli
offsend show
offsend prepare --dry-run

Everything runs locally. No file contents are uploaded.