Security overview provides insights into the security of code stored in repositories in your organization.
- All organizations on GitHub Team can use the free secret risk assessment to evaluate the exposure of their organization to leaked secrets, see セキュリティ リスク評価レポートの表示.
- GitHub Team accounts that purchase GitHub Secret Protection or GitHub Code Security have access to views with additional insights.
The information below describes the views available to organizations with GitHub Secret Protection or GitHub Code Security that you can use to identify trends in detection, remediation, and prevention of security alerts and dig deep into the current state of your repositories.
About the views
メモ
All views show information and metrics for the default branches of the repositories you have permission to view in an organization or enterprise.
The views are interactive with filters that allow you to look at the aggregated data in detail and identify sources of high risk, see security trends, and see the impact of pull request analysis on blocking security vulnerabilities entering your code. As you apply multiple filters to focus on narrower areas of interest, all data and metrics across the view change to reflect your current selection. For more information, see セキュリティの概要でアラートをフィルター処理する.
Organization または Enterprise のセキュリティの概要のいくつかのページから、データを含むコンマ区切り値 (CSV) ファイルをダウンロードできます。 これらのファイルは、セキュリティ調査や詳細なデータ分析などの作業に使用でき、外部データセットと簡単に統合できます。 For more information, see Exporting data from security overview.
There are dedicated views for each type of security alert. You can limit your analysis to a specific type of alert, and then narrow the results further with a range of filters specific to each view. For example, in the secret scanning view, you can use the "Secret type" filter to view only シークレット スキャンニング アラート for a specific secret, like a GitHub personal access token.
メモ
Security overview displays active alerts raised by security features. If there are no alerts shown in security overview for a repository, undetected security vulnerabilities or code errors may still exist or the feature may not be enabled for that repository.
About security overview for organizations
The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. For example, the team can use the "Overview" dashboard view to track your organization's security landscape and progression.
You can find security overview on the Security and quality tab for any organization. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected.
Security overview has multiple views that provide different ways to explore enablement and alert data.
- Overview: visualize trends in Detection, Remediation, and Prevention of security alerts. For information about accessing and using the dashboard, see セキュリティの分析情報の表示. For detailed explanations of metrics and calculations, see Security overview dashboard metrics.
- Risk: explore the risk from security alerts of all types or focus on a single alert type and identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets, see コードのセキュリティ リスクを評価する.
- Coverage: assess the adoption of security features across repositories in the organization, see セキュリティ機能の導入を評価する.
- Assessments: regardless of the enablement status of Advanced Security features, organizations on GitHub Team and GitHub Enterprise can run a free report to scan the code in the organization for leaked secrets, see Secret security with GitHub.
- Campaigns: coordinate and measure targeted remediation efforts, grouping related security tasks across repositories, assigning owners, and tracking progress toward defined risk‑reduction goals.
- Enablement: see how quickly different teams are adopting security features.
- CodeQL pull requests: assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see pull request アラートのメトリックの表示.
- Dependabot: prioritize and track critical vulnerabilities by identifying, remediating, and measuring security improvements across repositories.
- Secret scanning: find out which types of secret are blocked by push protection and which teams are bypassing push protection, see secret scanning プッシュ保護のメトリックの表示 and Reviewing requests to bypass push protection.
You also create and manage security campaigns to remediate alerts from security overview, see セキュリティ キャンペーンの作成と管理 and 大規模なアラートを修正するためのセキュリティ キャンペーンの実行.
About security overview for enterprises
You can find security overview on the Security and quality tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise.
Security overview for enterprises has multiple views that provide different ways to explore data, including an overview dashboard that visualizes alert trends. For information about the dashboard, see セキュリティの分析情報の表示 and Security overview dashboard metrics.
Access to data in security overview
What you can see in security overview depends on your role and permissions in the organization or enterprise.
In general:
- Organization owners and security managers can view security data across all repositories in their organization.
- Organization members can view data only for repositories where they have access to security alerts.
- Enterprise owners can view aggregated security data in the enterprise-level security overview for organizations where they are an organization owner or security manager. To see repository-level details, they must have the appropriate role within the organization.
Security overview displays data only for repositories you have permission to view, and some views or actions may be limited based on your role.
For detailed, role-by-role permission information, including which views are available and how repository access affects visibility, see Security overview permissions.
Understanding dashboard data accuracy
The overview dashboard displays metrics based on the current state of your repositories and the historical state of security alerts. This data model has important implications for data consistency:
Data changes over time: Dashboard metrics can change for the same historical time period when viewed at different times. This occurs when repositories are deleted, security advisories are modified, or other changes affect the underlying data. If you need consistent data for compliance reports or auditing purposes, use the audit log instead. See Auditing security alerts.
Alert data is historical; repository attributes are current: The dashboard tracks security alerts based on their historical state during the selected time period. However, repository filters (such as archived/active status) reflect the current state of repositories.
For example, if you archive a repository today, any open alerts in that repository are automatically closed. If you then view the overview dashboard for last week:
- The repository only appears when you filter to show archived repositories (its current state)
- The alerts from that repository appear as open (their state during last week)
This design ensures alert trends accurately reflect security activity during the time period you're analyzing, while repository filters help you focus on your current repository structure.