关于安全概述

You can view, filter, and sort security alerts for repositories owned by your organization or team in one place: the Security Overview page.

Organization owners and security managers can access the security overview for organizations. Members of a team can see the security overview for repositories that the team has admin privileges for.

组织的安全概览在您拥有 GitHub Advanced Security 的许可证时可用。 更多信息请参阅“关于 GitHub Advanced Security”。

注意:安全概览目前处于测试阶段,可能会更改。

关于安全概述

您可以使用安全概述来简要了解组织的安全状态,或识别需要干预的问题仓库。

  • 在组织级别,安全概述显示组织拥有的仓库的聚合和仓库特定安全信息。
  • 在团队级别,安全概述显示团队拥有管理权限的仓库特定安全信息。 For more information, see "Managing team access to an organization repository."
  • At the repository-level, the security overview shows which security features are enabled for the repository, and offers the option to configure any available security features not currently in use.

The security overview indicates whether security features are enabled for repositories owned by your organization and consolidates alerts for each feature. Security features include GitHub Advanced Security features, such as 代码扫描 and 秘密扫描, as well as Dependabot 警报. For more information about GitHub Advanced Security features, see "About GitHub Advanced Security." For more information about Dependabot 警报, see "About alerts for vulnerable dependencies."

For more information about securing your code at the repository and organization levels, see "Securing your repository" and "Securing your organization."

The application security team at your company can use the security overview for both broad and specific analyses of your organization's security status. For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you rollout GitHub Advanced Security to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.

About filtering and sorting alerts

在安全概述中,您可以查看、排序和筛选警报,以了解组织和特定仓库中的安全风险。 The security summary is highly interactive, allowing you to investigate specific categories of information, based on qualifiers like alert risk level, alert type, and feature enablement. You can also apply multiple filters to focus on narrower areas of interest. 例如,您可以识别具有大量 Dependabot 警报 的私有仓库或者没有 代码扫描 警报的仓库。 For more information, see "Filtering alerts in the security overview."

组织的安全概述

For each repository in the security overview, you will see icons for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the icon for that feature will be grayed out.

安全概述中的图标

图标含义
代码扫描 警报. 更多信息请参阅“关于 代码扫描”。
秘密扫描 警报. 更多信息请参阅“关于 秘密扫描”。
Dependabot 警报 的通知。 更多信息请参阅“关于易受攻击的依赖项的警报”。
The security feature is enabled, but does not raise alerts in this repository.
The security feature is not supported in this repository.

默认情况下,存档的仓库被排除在组织的安全概览之外。 您可以应用筛选来查看安全概述中存档的仓库。 For more information, see "Filtering alerts in the security overview."

The security overview displays active alerts raised by security features. 如果仓库的安全概述中没有警报,则可能仍然存在未检测到的安全漏洞或代码错误。

此文档对您有帮助吗?

隐私政策

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或者, 了解如何参与。