Skip to main content

Exporting data from the risk and coverage pages

You can export CSV files of your risk and coverage data from security overview.

Who can use this feature?

Security overview for an organization is available to all members of the organization. The views and data displayed are determined by your role in the organization, and by your permissions for individual repositories within the organization. For more information, see "About security overview."

Security overview for an enterprise shows organization owners and security managers data for the organizations they have access to. Enterprise owners can only view data for organizations where they are added as an organization owner or security manager. For more information, see "Managing your role in an organization owned by your enterprise."

All enterprises and their organizations have a security overview. If you use GitHub Advanced Security features, which are free for public repositories, you will see additional information. For more information, see "About GitHub Advanced Security."

About exporting your risk and coverage data

You can download comma-separated values (CSV) files containing data from the risk and coverage pages of security overview. These files can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets.

The CSV file you download will contain data corresponding to the filters you have applied to security overview. For example, if you add the filter dependabot-alerts:enabled, your file will only contain data for repositories that have enabled Dependabot alerts.

Note: In the "Teams" column of the CSV file, each repository will list a maximum of 20 teams with write access to that repository. If more than 20 teams have write access to a repository, the data will be truncated.

Exporting risk or coverage data from your organization's security overview

  1. In the upper-right corner of GitHub.com, select your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. In the "Organizations" section, select the organization for which you would like to download risk and/or coverage data.

  3. Under your organization name, click Security.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with a shield icon and "Security," is outlined in dark orange. By default, you will see the risk page of your organization's security overview.

  4. If you would instead like to download coverage data for your organization, in the "Security" sidebar, click Coverage.

  5. Next to the search bar, click Export CSV.

    It may take a moment for GitHub Enterprise Cloud to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready.

Note: The summary views ("Overview", "Coverage" and "Risk") show data only for high-confidence alerts. Code scanning alerts from third-party tools, and secret scanning alerts for non-provider patterns or for ignored directories are all omitted from these views. Consequently, files exported from the summary views do not contain data for these types of alert.