Security overview contains focused views where you can explore trends in detection, remediation, and prevention of security alerts and dig deep into the current state of your codebases.
All organizations on GitHub Enterprise can use Dependabot data to evaluate the security of their supply chain in all repositories.
In addition, data for Advanced Security features, such as code scanning and secret scanning, is shown for organizations and enterprises that use GitHub Advanced Security, see About Dependabot alerts and About GitHub Advanced Security.
About the views
Hinweis
All views show information and metrics for the default branches of the repositories you have permission to view in an organization or enterprise.
The views are interactive with filters that allow you to look at the aggregated data in detail and identify sources of high risk, see security trends, and see the impact of pull request analysis on blocking security vulnerabilities entering your code. As you apply multiple filters to focus on narrower areas of interest, all data and metrics across the view change to reflect your current selection. For more information, see Filtering alerts in security overview.
There are dedicated views for each type of security alert. You can limit your analysis to a specific type of alert, and then narrow the results further with a range of filters specific to each view. For example, in the secret scanning alert view, you can use the "Secret type" filter to view only secret scanning alerts for a specific secret, like a GitHub personal access token.
Hinweis
Security overview displays active alerts raised by security features. If there are no alerts shown in security overview for a repository, undetected security vulnerabilities or code errors may still exist or the feature may not be enabled for that repository.
About security overview for organizations
The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. For example, the team can use the "Overview" dashboard view to track your organization's security landscape and progression.
You can find security overview on the Security tab for any organization. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected.
Security overview has multiple views that provide different ways to explore enablement and alert data.
- Overview: visualize trends in Detection, Remediation, and Prevention of security alerts, see Viewing security insights.
- Risk and Alert views: explore the risk from security alerts of all types or focus on a single alert type and identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets, see Assessing the security risk of your code.
- Coverage: assess the adoption of security features across repositories in the organization, see Assessing adoption of security features.
- Enablement trends: see how quickly different teams are adopting security features.
- CodeQL pull request alerts: assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see Viewing metrics for pull request alerts.
- Secret scanning insights: find out which types of secret are blocked by push protection and which teams are bypassing push protection, see Viewing metrics for secret scanning push protection and Reviewing requests to bypass push protection.
About security overview for enterprises
You can find security overview on the Security tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise.
As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore data.
Access to data in security overview
What you can see in security overview depends on your role and permissions in the organization or enterprise.
In general:
- Organization owners and security managers can view security data across all repositories in their organization.
- Organization members can view data only for repositories where they have access to security alerts.
- Enterprise owners can view aggregated security data in the enterprise-level security overview for organizations where they are an organization owner or security manager. To see repository-level details, they must have the appropriate role within the organization.
Security overview displays data only for repositories you have permission to view, and some views or actions may be limited based on your role.
For detailed, role-by-role permission information, including which views are available and how repository access affects visibility, see Security overview permissions.