Enabling a project
Before CoPilot can analyze your project you must enable it.
- Click here to open your GitHub Groups page. Select the correct group from the left panel
- Click the toggle switch next to the repository you want to enable.
- The repository is now enabled. Click the Finish Setting Up button to proceed to the instructions for preparing the repository (also shown below).
Configuring builds to trigger analysis
To have your project analyzed and get results, you need to configure your Continuous Integration platform to send information to CoPilot when builds run. The chat wizard below will walk you through the appropriate steps. The same instructions can also be found on your project's landing page when you first enable it.
Hi, I'll help you finish setting up CoPilot on this repository.
CoPilot works by finding your third-party dependencies. If your project does not use a dependency manager CoPilot will show no results.
We also require that your project build on a Continuous Integration (or CI) platform.
Do you currently use CI in your project?
Great, this should be quick. What CI platform does your project use?
CI is the process of automatically running builds, test, and more whenever changes are committed to a repository. We can help you set up a simple CI build that includes CoPilot security results.
What programming language is your project written in?
My CI Platform is not listed
We're sorry to hear that, please click the button below and tell us what platform you use. If you check the box to let us contact you about your feedback we'll keep you informed on the state of support for that platform.
My project's language is not listed
We're sorry to hear that, please click the button below and tell us what language you use. If you check the box to let us contact you about your feedback we'll keep you informed on the state of support for that language.
Copy the following snippet into your file. Once you commit the change and your next build succeeds, you will find your results on this page! Please note that your build must be passing in order for CoPilot to generate results.
One last thing – in order to to see which components were added or removed in pull requests, your CI needs to be running branch builds. This is enabled by default on most CI systems but if you have disabled it we recommend re-enabling.
Here is a list of CI platforms that build projects. Any of them will work with CoPilot, please select one.
's website (Click Here
), sign in, and enable this repository. Then create a file in your repository called
with the following contents:
Add Azure Pipelines to your project from the GitHub Marketplace (Click Here
). Sign into Azure Pipelines with your Microsoft account and follow their setup process for your repository. This will create a file in your repository called
and run a build. Once it succeeds, add the following content to
Once you commit the change, will start building your project. If it fails, check the FAQ for next steps. If it succeeds, come back here to see your results!
A quick note for Azure Pipelines, it will not automatically build branches besides master. To build other branches, follow the instructions here