About the security overview

You can view, filter, and sort security alerts for repositories owned by your organization or team in one place: the Security Overview page.

组织的安全概览在您拥有 GitHub Advanced Security 的许可证时可用。 更多信息请参阅“关于 GitHub Advanced Security”。

注意:安全概览目前处于测试阶段,可能会更改。

About the security overview

You can use the security overview for a high-level view of the security status of your organization or to identify problematic repositories that require intervention. At the organization-level, the security overview displays aggregate and repository-specific security information for repositories owned by your organization. At the team-level, the security overview displays repository-specific security information for repositories that the team has admin privileges for. For more information, see "Managing team access to an organization repository."

The security overview indicates whether security features are enabled for repositories owned by your organization and consolidates alerts for each feature. Security features include GitHub Advanced Security features, such as 代码扫描 and 秘密扫描, as well as Dependabot 警报. For more information about GitHub Advanced Security features, see "About GitHub Advanced Security." For more information about Dependabot 警报, see "About alerts for vulnerable dependencies."

For more information about securing your code at the repository and organization levels, see "Securing your repository" and "Securing your organization."

In the security overview, you can view, sort, and filter alerts to understand the security risks in your organization and in specific repositories. You can apply multiple filters to focus on areas of interest. For example, you can identify private repositories that have a high number of Dependabot 警报 or repositories that have no 代码扫描 alerts.

The security overview for an organization

For each repository in the security overview, you will see icons for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the icon for that feature will be grayed out.

Icons in the security overview

IconMeaning
代码扫描 alerts. For more information, see "About 代码扫描."
秘密扫描 alerts. For more information, see "About 秘密扫描."
Dependabot 警报. For more information, see "About alerts for vulnerable dependencies."
The security feature is enabled, but does not raise alerts in this repository.
The security feature is not supported in this repository.

By default, archived repositories are excluded from the security overview for an organization. You can apply filters to view archived repositories in the security overview. For more information, see "Filtering the list of alerts."

The security overview displays active alerts raised by security features. If there are no alerts in the security overview for a repository, undetected security vulnerabilities or code errors may still exist.

Viewing the security overview for an organization

Organization owners can view the security overview for an organization.

  1. 在 GitHub.com 上,导航到组织的主页面。
  2. 在组织名称下,单击 Security(安全性)组织安全性按钮
  3. To view aggregate information about alert types, click Show more. Show more button
  4. (可选)过滤警报列表。 您可以单击下拉过滤菜单中的多个过滤器以缩小搜索范围。 您也可以在 Search repositories(搜索仓库)字段中输入搜索限定符。 有关可用限定符的更多信息,请参阅“筛选警报列表”。 安全概览中的下拉过滤菜单和搜索仓库字段

Viewing the security overview for a team

Members of a team can see the security overview for repositories that the team has admin privileges for.

  1. In the top right corner of GitHub.com, click your profile photo, then click Your organizations. 个人资料菜单中的组织
  2. 单击您的组织名称。 组织列表中的组织名称
  3. 在组织名称下,单击 团队团队选项卡
  4. 在 Teams(团队)选项卡上,单击团队名称。 组织的团队列表
  5. 在团队页面顶部,单击 Security(安全性)团队安全概览
  6. (可选)过滤警报列表。 您可以单击下拉过滤菜单中的多个过滤器以缩小搜索范围。 您也可以在 Search repositories(搜索仓库)字段中输入搜索限定符。 有关可用限定符的更多信息,请参阅“筛选警报列表”。 安全概览中的下拉过滤菜单和搜索仓库字段

Filtering the list of alerts

Filter by level of risk for repositories

The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.

QualifierDescription
risk:highDisplay repositories that are at high risk.
risk:mediumDisplay repositories that are at medium risk.
risk:lowDisplay repositories that are at low risk.
risk:unknownDisplay repositories that are at an unknown level of risk.
risk:clearDisplay repositories that have no detected level of risk.

Filter by number of alerts

QualifierDescription
code-scanning-alerts:nDisplay repositories that have n 代码扫描 alerts. This qualifier can use > and < comparison operators.
secret-scanning-alerts:nDisplay repositories that have n 秘密扫描 alerts. This qualifier can use > and < comparison operators.
dependabot-alerts:nDisplay repositories that have n Dependabot 警报. This qualifier can use > and < comparison operators.

Filter by whether security features are enabled

QualifierDescription
enabled:code-scanningDisplay repositories that have 代码扫描 enabled.
not-enabled:code-scanningDisplay repositories that do not have 代码扫描 enabled.
enabled:secret-scanningDisplay repositories that have 秘密扫描 enabled.
not-enabled:secret-scanningDisplay repositories that have 秘密扫描 enabled.
enabled:dependabot-alertsDisplay repositories that have Dependabot 警报 enabled.
not-enabled:dependabot-alertsDisplay repositories that do not have Dependabot 警报 enabled.

Filter by repository type

QualifierDescription
is:publicDisplay public repositories.

| is:private | Display private repositories. | | archived:true | Display archived repositories. | | archived:true | Display archived repositories. |

Filter by team

QualifierDescription
team:TEAM-NAMEDisplays repositories that TEAM-NAME has admin privileges for.

Filter by topic

QualifierDescription
topic:TOPIC-NAMEDisplays repositories that are classified with TOPIC-NAME.

Sort the list of alerts

QualifierDescription
sort:riskSorts the repositories in your security overview by risk.
sort:reposSorts the repositories in your security overview alphabetically by name.
sort:code-scanning-alertsSorts the repositories in your security overview by number of 代码扫描 alerts.
sort:secret-scanning-alertsSorts the repositories in your security overview by number of 秘密扫描 alerts.
sort:dependabot-alertsSorts the repositories in your security overview by number of Dependabot 警报.

此文档对您有帮助吗?

隐私政策

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或者, 了解如何参与。