Skip to main content

GitHub Copilot–3 misconceptions why people don’t use it

As more as I’m motivating my teams to adopt and integrate GitHub Copilot in their development processes, the more I get push back with reasons why they cannot use it. This resistance often stems from misconceptions rather than Copilot's actual limitations. In this post, I'll address three common misconceptions I've encountered and share strategies for overcoming them. 

Misconception 1: "Copilot produces low-quality and insecure code"

One of the most persistent concerns I hear is that Copilot generates code that's either functionally deficient or contains security vulnerabilities.

While it's true that Copilot isn't perfect, this concern often overestimates the risks while underestimating both Copilot's capabilities and the developer's role in the process:

  • Copilot isn't designed to replace code review or testing practices
  • The tool works best as a pair-programming assistant, not an autonomous coder
  • Recent studies show that developers using Copilot actually complete tasks with fewer security vulnerabilities compared to those not using AI assistance. In case that possible vulnerabilities are still identified in suggested or generated code, Copilot gives a clear warning:

To address this, I would recommend to

  • Experiment with different models: Copilot gives you access to a wide range of models. Experiment and try different models to compare the results. I noticed big differences in the quality of the result depending on the context and model used. (Github Copilot–New models added)
  • Give the model context: Finetune your Copilot experience by providing specific instructions that takes your specific context into account. Our own experiments showed a major increase in acceptance of the suggestions after taking the time to define a good set of instructions. (GitHub Copilot - Custom Instructions)

Misconception 2: "Using Copilot creates Intellectual Property and licensing risks"

Many teams worry that code generated by Copilot might inadvertently incorporate copyrighted code or create legal complications around ownership.

GitHub has significantly evolved Copilot's approach to IP concerns, offers IP indemnification and doesn't use your private code to train the model when using Copilot for Business.

Copilot actively gives you warning

If you want to further minimize the risk, you can

  • Block suggestions matching public code: Copilot includes an option to either allow or block code suggestions that match publicly available code. If you choose to block suggestions matching public code, GitHub Copilot will check potential code suggestions and the surrounding code of about 150 characters against public code on GitHub. If there is a match, or a near match, the suggestion is not shown. (GitHub Copilot–Code referencing)


  • Use content exclusions:  You can use content exclusions to configure Copilot to ignore certain files. When you exclude content from Copilot, content of the affected files will not be used in any way in Copilot.

 


Remark: There is still a general discussion going on if these language models are trained on IP protected content. 

Misconception 3: "Learning to use Copilot takes too much time"

This one I hear the most. Some developers resist Copilot because they believe the learning curve will slow them down initially, negating any potential productivity gains.

While there is a learning curve with any new tool, Copilot's adoption doesn't require a steep learning curve. The basic functionality works out-of-the-box with minimal configuration (It is just autocomplete on steroids).

Some things we did that helped:

  • Develop a library of prompts: Setup your own repository of example prompts or provide a default prompt in your repo (GitHub Copilot– Reusable prompts files).
  • Create a Copilot newsletter: Share and demonstrate new features on a regular basis through short tutorial videos or documentation showing specific examples of how Copilot can help with your codebase.

More information

Github Copilot–New models added

GitHub Copilot–Code referencing

GitHub Copilot - Custom Instructions

GitHub Copilot– Reusable prompts files

Popular posts from this blog

.NET 8–Keyed/Named Services

A feature that a lot of IoC container libraries support but that was missing in the default DI container provided by Microsoft is the support for Keyed or Named Services. This feature allows you to register the same type multiple times using different names, allowing you to resolve a specific instance based on the circumstances. Although there is some controversy if supporting this feature is a good idea or not, it certainly can be handy. To support this feature a new interface IKeyedServiceProvider got introduced in .NET 8 providing 2 new methods on our ServiceProvider instance: object? GetKeyedService(Type serviceType, object? serviceKey); object GetRequiredKeyedService(Type serviceType, object? serviceKey); To use it, we need to register our service using one of the new extension methods: Resolving the service can be done either through the FromKeyedServices attribute: or by injecting the IKeyedServiceProvider interface and calling the GetRequiredKeyedServic...

Azure DevOps/ GitHub emoji

I’m really bad at remembering emoji’s. So here is cheat sheet with all emoji’s that can be used in tools that support the github emoji markdown markup: All credits go to rcaviers who created this list.

Kubernetes–Limit your environmental impact

Reducing the carbon footprint and CO2 emission of our (cloud) workloads, is a responsibility of all of us. If you are running a Kubernetes cluster, have a look at Kube-Green . kube-green is a simple Kubernetes operator that automatically shuts down (some of) your pods when you don't need them. A single pod produces about 11 Kg CO2eq per year( here the calculation). Reason enough to give it a try! Installing kube-green in your cluster The easiest way to install the operator in your cluster is through kubectl. We first need to install a cert-manager: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml Remark: Wait a minute before you continue as it can take some time before the cert-manager is up & running inside your cluster. Now we can install the kube-green operator: kubectl apply -f https://github.com/kube-green/kube-green/releases/latest/download/kube-green.yaml Now in the namespace where we want t...