.copilotignore
GitHub Copilot can be told to ignore files via content exclusions; some setups also use a .copilotignore file.
This week: 0% of 499 scanned repos had .copilotignore.See Radar #4 →
What it is
Copilot content exclusions define files and paths that Copilot should not use as context or for suggestions. They are configured in repository or organization settings, and some community tooling reads a .copilotignore file.
Why use it
Excluding secrets and sensitive paths keeps them out of Copilot suggestions and context. It is the supported way to limit what Copilot can see in a repository.
How to set it up
For official content exclusions, configure them in your repository or organization settings under Copilot. Where supported, add a .copilotignore with gitignore-style patterns.
.env
.env.*
*.pem
*.key
secrets/What to exclude
Common sensitive categories worth adding to .copilotignore:
FAQ
- Is .copilotignore an official file?
- Official exclusions are configured in GitHub settings (content exclusions). A .copilotignore file is used by some community tools — check what your setup supports.
Check your own project
158 of 499 repos this week exposed sensitive paths to AI tools. Check yours in seconds:
Run the same local check with Offsend CLI:
brew install --cask offsend/tap/offsend-cli
offsend show
offsend prepare --dry-runEverything runs locally. No file contents are uploaded.