This article lists all available filters (qualifiers) for security overview. The available filters vary depending on the specific view and whether you are viewing data at the enterprise or organization level.
For information about how to apply filters, see Filtern von Warnungen in der Sicherheitsübersicht.
Hinweis
Die über die Sicherheitsübersicht angezeigten Informationen variieren je nach deinem Zugriff auf Repositorys und Organisationen und je nachdem, ob Advanced Security-Features von diesen Repositorys und Organisationen verwendet werden. Weitere Informationen finden Sie unter Sicherheitsübersicht.
Filter logic for security overview
You can apply filters and use logical operators to display results that meet specific criteria on security overview. By default, if you apply several different filters, you are using AND logic, meaning you will only see results that match every filter you apply. For example, if you add the filter is:public dependabot:enabled, you will only see results from repositories that are public and have Dependabot enabled.
Currently, there are two logical operators that you can apply to your filters on security overview:
- The
-operator applies NOT logic, displaying all results except those that match the specified filter. To use the-operator, add it to the beginning of a filter. For example, filtering for-repo:REPOSITORY-NAMEwill display data from all repositories exceptREPOSITORY-NAME. - The
,operator applies OR logic, displaying results that match any of the specified values for a single filter. To use the,operator, add it between each listed value for a filter. For example, filtering foris:public,privatewill display data from all repositories that are public or private. Similarly, if you apply the same filter multiple times with different values, you are using OR logic. For example,is:public is:privateis equivalent tois:public,private.
Repository name
Available in: All views
- Free text or keyword search: Display data for all repositories with a name that contains the keyword. For example, search for
testto show data for both the "test-repository" and "octocat-testing" repositories. repoqualifier: Display data only for the repository that exactly matches the value of the qualifier. For example, search forrepo:octocat-testingto show data for only the "octocat-testing" repository.
Repository visibility and status filters
| Qualifier | Description | Views |
|---|---|---|
visibility | Display data for all repositories that are public, private, or internal. | "Overview" and metrics |
is | Display data for all repositories that are public, private, or internal. | "Risk" and "Coverage" |
archived | Display only data for archived (true) or active (false) repositories. | All except "Alerts" views |
Team and topic filters
Available in: All views
| Qualifier | Description |
|---|---|
team | Display data for all repositories that the specified team has write access or admin access to. For more information on repository roles, see Repositoryrollen für eine Organisation. |
topic | Display data for all repositories that are classified with a specific topic. For more information on repository topics, see Dein Repository mit Themen klassifizieren. |
Custom repository property filters
Available in: Organization-level "Overview" view
Hinweis
Repository properties are in Öffentliche Vorschau and subject to change.
Custom repository properties are metadata that organization owners can add to repositories in an organization, providing a way to group repositories by the information you are interested in. For example, you can add custom repository properties for compliance frameworks or data sensitivity. For more information on adding custom repository properties, see Verwalten von benutzerdefinierten Eigenschaften für Repositorys in Ihrer Organisation.
If you add custom properties to your organization and set values for repositories, you can filter the "Overview" using those custom properties as qualifiers.
| Qualifier | Description |
|---|---|
props.CUSTOM_PROPERTY_NAME | The qualifier consists of a props. prefix, followed by the name of the custom property. For example, props.data_sensitivity:high displays results for repositories with the data_sensitivity property set to the value high. |
Repository owner filters
Available in: Enterprise-level views
| Qualifier | Description |
|---|---|
org | Display data for repositories owned by one organization. |
Security feature enablement filters
Available in: "Risk" and "Coverage" views
| Qualifier | Description |
|---|---|
code-scanning-alerts | Display repositories that have configured code scanning. |
dependabot-alerts | Display repositories that have enabled Dependabot alerts. |
secret-scanning-alerts | Display repositories that have enabled Warnungen zur Geheimnisüberprüfung. |
any-feature | Display repositories where at least one security feature is enabled. |
Extra filters for the "Coverage" view
| Qualifier | Description |
|---|---|
code-scanning-default-setup | Display data for repositories where code scanning is enabled or not enabled using CodeQL default setup. |
code-scanning-pull-request-alerts | Display data for repositories where code scanning is enabled or not enabled to run on pull requests. |
dependabot-security-updates | Display data for repositories where Dependabot security updates is enabled or not enabled. |
secret-scanning-push-protection | Display data for repositories where push protection for secret scanning is enabled or not enabled. |
Alert number filters
Available in: "Risk" view
| Qualifier | Description |
|---|---|
code-scanning-alerts | Display data for repositories that have exactly (=), more than (>) or fewer than (<) a specific number of code scanning alerts. For example: code-scanning-alerts:>100 for repositories with more than 100 alerts. |
dependabot-alerts | Display data for repositories that have a specific number (=), more than (>) or fewer than (<) a specific number of Dependabot alerts. For example: dependabot-alerts:<=10 for repositories with fewer than or equal to 10 alerts. |
secret-scanning-alerts | Display data for repositories that have a specific number (=), more than (>) or fewer than (<) a specific number of Warnungen zur Geheimnisüberprüfung. For example: secret-scanning-alerts:=10 for repositories with exactly 10 alerts. |
Alert type and property filters
Available in: "Overview" view
Alert type filters
| Qualifier | Description |
|---|---|
tool:codeql | Show data only for code scanning alerts generated using CodeQL. |
tool:dependabot | Show data only for Dependabot alerts. |
tool:secret-scanning | Show data only for Warnungen zur Geheimnisüberprüfung. |
tool:github | Show data for all types of alerts generated by GitHub tools. |
tool:third-party | Show data for all types of alerts generated by third-party tools. |
tool:TOOL-NAME | Show data for all alerts generated by a third-party tool for code scanning. |
Alert property filters
| Qualifier | Description |
|---|---|
codeql.rule | Display data only for code scanning identified by a specific rule for CodeQL. |
dependabot.ecosystem | Display data only for Dependabot alerts for a specific ecosystem, for example: npm. |
dependabot.package | Display data only for Dependabot alerts for a specific package, for example: tensorflow. |
dependabot.scope | Display data only for Dependabot alerts with a runtime or development scope. |
secret-scanning.bypassed | Display data only for Warnungen zur Geheimnisüberprüfung where push protection was bypassed (true) or not bypassed (false). |
secret-scanning.provider | Display data only for Warnungen zur Geheimnisüberprüfung issued by a specific provider, for example: secret-scanning.provider:adafruit. |
secret-scanning.secret-type | Display data only for Warnungen zur Geheimnisüberprüfung for a specific type of secret, for example: secret-scanning.secret-type:adafruit_io_key. |
secret-scanning.validity | Display data only for Warnungen zur Geheimnisüberprüfung for a specific validity (active, inactive, or unknown). |
severity | Display data only for alerts of a specific severity (critical, high, medium, or low). |
third-party.rule | Display data only for code scanning identified by a specific rule for a tool developed by a third party. For example, third-party.rule:CVE-2021-26291-maven-artifact shows only results for the CVE-2021-26291-maven-artifact rule of a third-party code scanning tool. |
Production context filters
Available in: Dependabot and code scanning views
Hinweis
Die Integration mit Microsoft Defender for Cloud ist in Öffentliche Vorschau und kann geändert werden.
For more information about production context, see Priorisieren von Dependabot- und Codeüberprüfungswarnungen mithilfe des Produktionskontexts.
| Qualifier | Description |
|---|---|
artifact-registry or artifact-registry-url | Defines the name or location of the artifact registry used by the repository. For example: artifact-registry:jfrog-artifactory or artifact-registry-url:my-registry.example.com.Uses metadata from the Storage Record API. |
has: deployment | Limits alerts to those reported as in deployment. Uses metadata from the Deployment Record API. |
runtime-risk | Limits alerts to those reported as presenting a specific type of runtime risk. For example: runtime-risk:internet-exposedUses metadata from the Deployment Record API. |
Dependabot view filters
Available in:
- Dependabot view
- Dependabot malware alerts view
| Qualifier | Description |
|---|---|
assignee | Display alerts by assignee username or team, for example: assignee:@octocat, assignee:@copilot, or assignee:@github/security-team. |
ecosystem | Display Dependabot alerts detected in a specified ecosystem, for example: ecosystem:Maven. |
epss_percentage | Display Dependabot alerts whose EPSS score meets the defined criteria, for example: epss_percentage:>=0.01 |
has | Display Dependabot alerts for vulnerabilities where either a secure version is already available (patch) or where at least one call from the repository to a vulnerable function is detected (vulnerable-calls). For more information, see Anzeigen und Aktualisieren von Dependabot-Warnungen. |
is | Display Dependabot alerts that are open (open) or closed (closed). |
package | Display Dependabot alerts detected in the specified package, for example: package:semver. |
props | Display Dependabot alerts for repositories with a specific custom property set. For example, props.data_sensitivity:high displays results for repositories with the data_sensitivity property set to the value high. |
relationship | Display Dependabot alerts detected in direct (relationship:direct) or indirect dependencies (relationship:transitive). |
repo | Display Dependabot alerts detected in a specified repository, for example: repo:octo-repository. |
resolution | Display Dependabot alerts closed as "auto-dismissed" (auto-dismissed), "a fix has already been started" (fix-started), "fixed" (fixed), "this alert is inaccurate or incorrect" (inaccurate), "no bandwidth to fix this" (no-bandwidth), "vulnerable code is not actually used" (not-used), or "risk is tolerable to this project" (tolerable-risk). |
scope | Display Dependabot alerts from the development dependency (development) or from the runtime dependency (runtime). |
severity | Display Dependabot alerts of the specified severity, for example: severity:critical. |
sort | Groups Dependabot alerts by the manifest file path the alerts point to (manifest-path) or by the name of the package where the alert was detected (package-name). Alternatively, displays alerts from most important to least important, as determined by CVSS score, vulnerability impact, relevancy, and actionability (most-important), from newest to oldest (newest), from oldest to newest (oldest), or from most to least severe (severity). |
team | Display Dependabot alerts owned by members of the specified team, for example: team:octocat-dependabot-team. |
topic | Display Dependabot alerts with the matching repository topic, for example: topic:asdf. |
Dependabot dashboard filters
Available in: Dependabot dashboard view
| Qualifizierer | Beschreibung |
|---|---|
repo | Anzeigen von Dependabot alerts, die in einem angegebenen Repository erkannt wurden, z. B.: repo:octo-repository. |
topic | Zeige Dependabot alerts mit dem entsprechenden Repositorythema an, z. B.: topic:asdf. |
team | Anzeigen von Dependabot alerts, die Mitgliedern des angegebenen Teams gehören, z. B.: team:octocat-dependabot-team. |
visibility | Anzeigen von Dependabot alerts, die in Repositorys der angegebenen Sichtbarkeit erkannt wurden, z. B.: visibility:private. |
archived | Anzeigen von Dependabot alerts, die in komplett archivierten oder komplett nicht archivierten Repositorys erkannt wurden, z. B.: archived:true. |
state | Anzeigen von Dependabot alerts des angegebenen Zustands, z. B.: state:unresolved. |
severity | Anzeigen von Dependabot alerts des angegebenen Schweregrads, z. B.: severity:critical. |
scope | Zeigen Sie Dependabot alerts aus der Entwicklungsabhängigkeit (development) oder aus der Runtime-Abhängigkeit (runtime) an. |
package | Zeigen Sie Dependabot alerts an, die im angegebenen Paket erkannt wurden, z. B.: package:lodash. |
ecosystem | Zeigen Sie Dependabot alerts an, die in einem angegebenen Ökosystem erkannt wurden, z. B.: ecosystem:Maven. |
relationship | Anzeigen von Dependabot alerts der angegebenen Beziehung, z. B.: relationship:indirect. |
epss_percentage | Anzeigen von Dependabot alerts, deren EPSS-Score die definierten Kriterien erfüllt, z. B.: epss_percentage:>=0.01 |
exclude <QUALIFIER> | Gilt für alle verfügbaren Qualifizierer. Anzeigen von Benachrichtigungen, die nicht mit dem ausgewählten Qualifizierer aus der Liste der Dependabot alerts übereinstimmen |
Alternatively, you can use complex filters by clicking Filter and build custom filters to suit your needs.
Code scanning view filters
Available in: code scanning view
You can click any result to see full details of the relevant query and the line of code that triggered the alert.
| Qualifier | Description |
|---|---|
is | Display code scanning alerts that are open (open) or closed (closed). |
resolution | Display code scanning alerts closed as "false positive" (false-positive), "fixed" (fixed), "used in tests" (used-in-tests), or "won't fix" (wont-fix). |
rule | Display code scanning alerts identified by the specified rule. |
severity | Display code scanning alerts categorized as critical, high, medium, or low security alerts. Alternatively, displays code scanning alerts categorized as error, warning, note problems. |
sort | Display alerts from newest to oldest (created-desc), oldest to newest (created-asc), most recently updated (updated-desc), or least recently updated (updated-asc). |
tool | Display code scanning alerts detected by the specified tool, for example: tool:CodeQL for alerts created using the CodeQL application in GitHub. |
Secret scanning view filters
Available in: secret scanning view
| Qualifier | Description |
|---|---|
bypassed | Display Warnungen zur Geheimnisüberprüfung where push protection was bypassed (true) or not bypassed (false). |
is | Display Warnungen zur Geheimnisüberprüfung that are open (open), closed (closed), publicly leaked (publicly-leaked), or multi-repository (multi-repository). |
props | Display alerts for repositories with a specific custom property set. For example, props.data_sensitivity:high displays results for repositories with the data_sensitivity property set to the value high. |
provider | Display alerts for all secrets issued by a specified provider, for example: adafruit. |
repo | Display alerts detected in a specified repository, for example: repo:octo-repository. |
resolution | Display Warnungen zur Geheimnisüberprüfung closed as "false positive" (false-positive), "hidden by config" (hidden-by-config), "pattern deleted" (pattern-deleted), "pattern edited" (pattern-edited), "revoked" (revoked), "used in tests" (used-in-tests), or "won't fix" (wont-fix). |
results | Display default (default) or generic (generic) Warnungen zur Geheimnisüberprüfung. |
secret-type | Display alerts for the specified secret and provider (provider-pattern) or custom pattern (custom-pattern). |
sort | Display alerts from newest to oldest (created-desc), oldest to newest (created-asc), most recently updated (updated-desc), or least recently updated (updated-asc). |
team | Display alerts owned by members of the specified team, for example: team:octocat-dependabot-team. |
topic | Display alerts with the matching repository topic, for example: topic:asdf. |
validity | Display alerts for a specific validity (active, inactive, or unknown). |