github · docs-bot · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
diff --git a/content/copilot/concepts/agents/coding-agent/about-coding-agent.md b/content/copilot/concepts/agents/coding-agent/about-coding-agent.md
@@ -133,10 +133,12 @@ You can customize {% data variables.copilot.copilot_coding_agent %} in a number
 
 Security is a fundamental consideration when you enable {% data variables.copilot.copilot_coding_agent %}, as with any other AI agent. {% data variables.copilot.copilot_coding_agent %} has a strong base of built-in security protections that you can supplement by following best practice guidance.
 
-* **Validated for security issues**: {% data variables.product.prodname_copilot_short %} analyzes the code created by {% data variables.copilot.copilot_coding_agent %} for security issues and attempts to resolve them prior to completing the pull request. This reduces the likelihood of the code generated by {% data variables.copilot.copilot_coding_agent %} introducing problems such as hardcoded secrets, insecure dependencies, and other vulnerabilities. Details about the analysis performed and the actions taken by {% data variables.copilot.copilot_coding_agent %} can be reviewed in the session log. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions).
+* **Validated for code quality and security issues**: {% data reusables.copilot.coding-agent-validation-tools-intro %}
   * **{% data variables.product.prodname_codeql %}** is used to identify code security issues.
   * Newly introduced dependencies are checked against the **{% data variables.product.prodname_advisory_database %}** for malware advisories, and for any CVSS-rated High or Critical vulnerabilities.
   * **{% data variables.product.prodname_secret_scanning_caps %}** is used to detect sensitive information such as API keys, tokens, and other secrets.
+  * Details about the analysis performed and the actions taken by {% data variables.copilot.copilot_coding_agent %} can be reviewed in the session log. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/track-copilot-sessions).
+  * Optionally, you can disable one or more of the code quality and security validation tools used by {% data variables.copilot.copilot_coding_agent %}. See [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/configuring-agent-settings).
   * {% data variables.copilot.copilot_coding_agent %}'s security validation **does not require** a {% data variables.product.prodname_GHAS_cs_or_sp %} license.
 * **Subject to existing governance**: Organization settings and enterprise policies control availability. Any security policies and practices set up for the organization also apply to {% data variables.copilot.copilot_coding_agent %}.
 * **Restricted development environment**: {% data variables.copilot.copilot_coding_agent %} works in a sandbox development environment with internet access controlled by a firewall. It has read-only access to the repository it's assigned to work in.

diff --git a/content/copilot/get-started/resources-for-approval.md b/content/copilot/get-started/resources-for-approval.md
@@ -1,7 +1,7 @@
 ---
 title: Resources for getting approval of GitHub Copilot
 shortTitle: Resources for approval
-intro: 'Get ready to adopt {% data variables.product.prodname_copilot_short %} by sending resources to legal and security teams in your company.'
+intro: 'Get ready to adopt {% data variables.product.prodname_copilot_short %} by sending resources to legal and security teams in your company.'
 versions:
   feature: copilot
 contentType: get-started
@@ -50,7 +50,7 @@ If your company is not already using {% data variables.product.prodname_enterpri
 These teams need to know how {% data variables.product.prodname_copilot_short %} will work with your company's corporate network, authentication systems, and software distribution processes. They may need to learn about:
 
 * The allowlist required for a firewall or proxy to ensure {% data variables.product.prodname_copilot_short %} works as expected. See [AUTOTITLE](/copilot/reference/copilot-allowlist-reference).
-* The network protocol that {% data variables.product.prodname_copilot_short %} operates on by default, and your company's options for routing traffic through a proxy server and intercepting traffic. See [AUTOTITLE](/copilot/concepts/network-settings).
+* The network protocol that {% data variables.product.prodname_copilot_short %} operates on by default, and your company's options for routing traffic through a proxy server and intercepting traffic. See [AUTOTITLE](/copilot/concepts/network-settings).
 * The clients where users will be using {% data variables.product.prodname_copilot_short %}.
   * Your enterprise can enable or disable {% data variables.product.prodname_copilot_short %} in IDEs, on {% data variables.product.prodname_mobile %}, in the CLI, and on the {% data variables.product.github %} website.
   * If your company distributes approved software for users, IT teams may need to approve the supported versions of IDEs. See [AUTOTITLE](/copilot/reference/copilot-feature-matrix).

diff --git a/...t/copilot/how-tos/use-copilot-agents/coding-agent/configuring-agent-settings.md b/...t/copilot/how-tos/use-copilot-agents/coding-agent/configuring-agent-settings.md
@@ -9,13 +9,28 @@ category:
   - Configure Copilot
 ---
 
+## Enabling or disabling built-in code quality and security validation tools
+
+{% data reusables.copilot.coding-agent-validation-tools-intro %}
+
+Optionally, you can choose to disable these tools to help {% data variables.product.prodname_copilot_short %} work faster or avoid conflicts with other code quality or security products you're using.
+
+You must be a repository administrator to configure these settings.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short_cap_c %}**.
+1. In the "Validation tools" section, toggle the tool, or tools, you want to enable or disable.
+
 ## Allowing {% data variables.product.prodname_actions %} workflows to run automatically when {% data variables.product.prodname_copilot_short %} pushes
 
 {% data reusables.copilot.coding-agent-workflow-run-approval-default %}
 
 > [!WARNING] Allowing {% data variables.product.prodname_actions %} workflows to run without approval may allow unreviewed code written by {% data variables.product.prodname_copilot_short %} to gain write access to your repository or access your {% data variables.product.prodname_actions %} secrets.
 
+You must be a repository administrator to configure these settings.
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short %}**.
-1. In the "Actions workflow approval" section, disable the **Require approval for workflow runs** setting.
+1. In the "Actions workflow approval" section, disable the **Require approval for workflow runs** setting.
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md
@@ -20,10 +20,10 @@ children:
   - /integrate-coding-agent-with-linear
   - /integrate-coding-agent-with-azure-boards
   - /changing-the-ai-model
+  - /configuring-agent-settings
   - /customize-the-agent-environment
   - /customize-the-agent-firewall
   - /use-hooks
-  - /configuring-agent-settings
   - /troubleshoot-coding-agent
 redirect_from:
   - /copilot/using-github-copilot/using-copilot-coding-agent-to-work-on-tasks

diff --git a/content/rest/copilot/copilot-coding-agent-management.md b/content/rest/copilot/copilot-coding-agent-management.md
@@ -0,0 +1,16 @@
+---
+title: REST API endpoints for Copilot coding agent management
+shortTitle: Copilot coding agent management
+intro: Use the REST API to manage settings for {% data variables.copilot.copilot_coding_agent %}.
+versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+  fpt: '*'
+  ghec: '*'
+topics:
+  - API
+autogenerated: rest
+allowTitleToDifferFromFilename: true
+---
+
+<!-- Content after this section is automatically generated -->
+
+
diff --git a/content/rest/copilot/index.md b/content/rest/copilot/index.md
@@ -7,6 +7,7 @@ intro: >-
 autogenerated: rest
 allowTitleToDifferFromFilename: true
 children:
+  - /copilot-coding-agent-management
   - /copilot-content-exclusion-management
   - /copilot-custom-agents
   - /copilot-metrics

diff --git a/data/reusables/copilot/coding-agent-validation-tools-intro.md b/data/reusables/copilot/coding-agent-validation-tools-intro.md
@@ -0,0 +1 @@
+By default, {% data variables.copilot.copilot_coding_agent %} checks code it generates for security issues and gets a second opinion on its code with {% data variables.copilot.copilot_code-review_short %}. It attempts to resolve issues identified prior to completing the pull request. This improves code quality and reduces the likelihood of the code generated by {% data variables.copilot.copilot_coding_agent %} introducing problems such as hardcoded secrets, insecure dependencies, and other vulnerabilities.
diff --git a/src/article-api/liquid-renderers/rest-tags.ts b/src/article-api/liquid-renderers/rest-tags.ts
@@ -150,8 +150,6 @@ export class RestStatusCode {
       if (description.trim()) {
         lines.push(`  ${description.trim()}`)
       }
-    } else if (statusCode.httpStatusMessage) {
-      lines.push(`- **${statusCode.httpStatusCode}** - ${statusCode.httpStatusMessage}`)
     } else {
       lines.push(`- **${statusCode.httpStatusCode}**`)
     }

diff --git a/src/audit-logs/data/fpt/organization.json b/src/audit-logs/data/fpt/organization.json
@@ -515,6 +515,172 @@
     ],
     "docs_reference_titles": "Managing your payment and billing information"
   },
+  {
+    "action": "billing.cost_center_create",
+    "description": "A cost center was created for a business or organization.",
+    "docs_reference_links": "N/A",
+    "fields": [
+      "@timestamp",
+      "_document_id",
+      "action",
+      "actor",
+      "actor_id",
+      "business",
+      "business_id",
+      "hashed_token",
+      "org",
+      "org_id",
+      "programmatic_access_type",
+      "repo",
+      "repo_id",
+      "repository",
+      "repository_id",
+      "request_access_security_header",
+      "request_id",
+      "token_id",
+      "token_scopes",
+      "user",
+      "user_id",
+      "user_agent",
+      "name",
+      "created_at",
+      "operation_type"
+    ]
+  },
+  {
+    "action": "billing.cost_center_delete",
+    "description": "A cost center was deleted from a business or organization.",
+    "docs_reference_links": "N/A",
+    "fields": [
+      "@timestamp",
+      "_document_id",
+      "action",
+      "actor",
+      "actor_id",
+      "business",
+      "business_id",
+      "hashed_token",
+      "org",
+      "org_id",
+      "programmatic_access_type",
+      "repo",
+      "repo_id",
+      "repository",
+      "repository_id",
+      "request_access_security_header",
+      "request_id",
+      "token_id",
+      "token_scopes",
+      "user",
+      "user_id",
+      "user_agent",
+      "created_at",
+      "operation_type"
+    ]
+  },
+  {
+    "action": "billing.cost_center_resource_added",
+    "description": "A resource was added to a cost center for a business or organization.",
+    "docs_reference_links": "N/A",
+    "fields": [
+      "@timestamp",
+      "_document_id",
+      "action",
+      "actor",
+      "actor_id",
+      "business",
+      "business_id",
+      "hashed_token",
+      "org",
+      "org_id",
+      "programmatic_access_type",
+      "repo",
+      "repo_id",
+      "repository",
+      "repository_id",
+      "request_access_security_header",
+      "request_id",
+      "token_id",
+      "token_scopes",
+      "user",
+      "user_id",
+      "user_agent",
+      "name",
+      "resource_id",
+      "resource_type",
+      "created_at",
+      "operation_type",
+      "actor_is_bot"
+    ]
+  },
+  {
+    "action": "billing.cost_center_resource_removed",
+    "description": "A resource was removed from a cost center for a business or organization.",
+    "docs_reference_links": "N/A",
+    "fields": [
+      "@timestamp",
+      "_document_id",
+      "action",
+      "actor",
+      "actor_id",
+      "business",
+      "business_id",
+      "hashed_token",
+      "org",
+      "org_id",
+      "programmatic_access_type",
+      "repo",
+      "repo_id",
+      "repository",
+      "repository_id",
+      "request_access_security_header",
+      "request_id",
+      "token_id",
+      "token_scopes",
+      "user",
+      "user_id",
+      "user_agent",
+      "name",
+      "resource_id",
+      "resource_type",
+      "created_at",
+      "operation_type",
+      "actor_is_bot"
+    ]
+  },
+  {
+    "action": "billing.cost_center_update",
+    "description": "A cost center was updated for a business or organization.",
+    "docs_reference_links": "N/A",
+    "fields": [
+      "@timestamp",
+      "_document_id",
+      "action",
+      "actor",
+      "actor_id",
+      "business",
+      "business_id",
+      "hashed_token",
+      "org",
+      "org_id",
+      "programmatic_access_type",
+      "repo",
+      "repo_id",
+      "repository",
+      "repository_id",
+      "request_access_security_header",
+      "request_id",
+      "token_id",
+      "token_scopes",
+      "user",
+      "user_id",
+      "user_agent",
+      "name",
+      "created_at",
+      "operation_type",
+      "actor_is_bot"
+    ]
+  },
   {
     "action": "billing_customer.azure_subscription_linked",
     "description": "Azure subscription has been linked on this account.",
@@ -23630,7 +23796,8 @@
       "security_configuration_code_scanning_delegated_alert_dismissal",
       "security_configuration_code_security_sku_enabled",
       "security_configuration_secret_protection_sku_enabled",
-      "security_configuration_dependabot_delegated_alert_dismissal"
+      "security_configuration_dependabot_delegated_alert_dismissal",
+      "security_configuration_secret_scanning_extended_metadata"
     ]
   },
   {
@@ -23754,7 +23921,8 @@
       "security_configuration_code_scanning_delegated_alert_dismissal",
       "security_configuration_code_security_sku_enabled",
       "security_configuration_secret_protection_sku_enabled",
-      "security_configuration_dependabot_delegated_alert_dismissal"
+      "security_configuration_dependabot_delegated_alert_dismissal",
+      "security_configuration_secret_scanning_extended_metadata"
     ]
   },
   {
@@ -23842,7 +24010,8 @@
       "security_configuration_code_scanning_delegated_alert_dismissal",
       "security_configuration_code_security_sku_enabled",
       "security_configuration_secret_protection_sku_enabled",
-      "security_configuration_dependabot_delegated_alert_dismissal"
+      "security_configuration_dependabot_delegated_alert_dismissal",
+      "security_configuration_secret_scanning_extended_metadata"
     ]
   },
   {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		By default, {% data variables.copilot.copilot_coding_agent %} checks code it generates for security issues and gets a second opinion on its code with {% data variables.copilot.copilot_code-review_short %}. It attempts to resolve issues identified prior to completing the pull request. This improves code quality and reduces the likelihood of the code generated by {% data variables.copilot.copilot_coding_agent %} introducing problems such as hardcoded secrets, insecure dependencies, and other vulnerabilities.