About filtering the security overview
You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view and whether you are viewing data at the enterpise or organization level.
The information shown in the security overview will vary according to your access to repositories, and on whether GitHub Advanced Security is used by those repositories.
Filter by repository
| Qualifier | Description |
|---|---|
repo:REPOSITORY-NAME | Displays data for the specified repository. |
Filter by whether security features are enabled
In the examples below, replace :enabled with :not-enabled to see repositories where security features are not enabled. These qualifiers are available in the main summary views.
| Qualifier | Description |
|---|---|
code-scanning:enabled | Display repositories that have configured code scanning. |
dependabot:enabled | Display repositories that have enabled Dependabot alerts. |
secret-scanning:enabled | Display repositories that have enabled secret scanning alerts. |
any-feature:enabled | Display repositories where at least one security feature is enabled. |
The organization-level Security Coverage view includes extra filters.
Note: The "Security Risk" and "Security Coverage" views are currently in beta and subject to change.
| Qualifier | Description |
|---|---|
advanced-security:enabled | Display repositories that have enabled GitHub Advanced Security. |
code-scanning-pull-request-alerts:enabled | Display repositories that have configured code scanning to run on pull requests. |
dependabot-security-updates:enabled | Display repositories that have enabled Dependabot security updates. |
secret-scanning-push-protection:enabled | Display repositories that have enabled push protection for secret scanning. |
Filter by repository type
These qualifiers are available in the main summary views.
| Qualifier | Description |
|---|---|
is:public | Display public repositories. |
is:internal | Display internal repositories. |
is:private | Display private repositories. |
archived:true | Display archived repositories. |
archived:false | Omit archived repositories. |
Filter by level of risk for repositories
The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.
These qualifiers are available in the enterprise-level view.
| Qualifier | Description |
|---|---|
risk:high | Display repositories that are at high risk. |
risk:medium | Display repositories that are at medium risk. |
risk:low | Display repositories that are at low risk. |
risk:unknown | Display repositories that are at an unknown level of risk. |
risk:clear | Display repositories that have no detected level of risk. |
Filter by number of alerts
These qualifiers are available in the enterprise-level Overview and in the organization-level Security Risk view.
| Qualifier | Description |
|---|---|
code-scanning:NUMBER | Display repositories that have NUMBER code scanning alerts. This qualifier can use =, > and < comparison operators. |
secret-scanning:NUMBER | Display repositories that have NUMBER secret scanning alerts. This qualifier can use =, > and < comparison operators. |
dependabot:NUMBER | Display repositories that have NUMBER Dependabot alerts. This qualifier can use =, > and < comparison operators. |
Filter by team
These qualifiers are available in the main summary views.
| Qualifier | Description |
|---|---|
team:TEAM-NAME | Displays repositories that TEAM-NAME has write access or admin access to. |
Filter by topic
These qualifiers are available in the main summary views.
| Qualifier | Description |
|---|---|
topic:TOPIC-NAME | Displays repositories that are classified with TOPIC-NAME. |
Additional filters for code scanning alert views
All code scanning alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.
| Qualifier | Description |
|---|---|
severity:critical | Displays code scanning alerts categorized as critical. |
severity:high | Displays code scanning alerts categorized as high. |
severity:medium | Displays code scanning alerts categorized as medium. |
severity:low | Displays code scanning alerts categorized as low. |
severity:error | Displays code scanning alerts categorized as errors. |
severity:warning | Displays code scanning alerts categorized as warnings. |
severity:note | Displays code scanning alerts categorized as notes. |
Additional filters for Dependabot alert views
You can filter the view to show Dependabot alerts that are ready to fix or where additional information about exposure is available. You can click any result to see full details of the alert.
| Qualifier | Description |
|---|---|
has:patch | Displays Dependabot alerts for vulnerabilities where a secure version is already available. |
has:vulnerable-calls | Displays Dependabot alerts where at least one call from the repository to a vulnerable function is detected. For more information, see "Viewing and updating Dependabot alerts." |
Additional filters for secret scanning alert views
| Qualifier | Description |
|---|---|
provider:PROVIDER_NAME | Displays alerts for all secrets issues by the specified provider. |
secret-type:SERVICE_PROVIDER | Displays alerts for the specified secret and provider. |
secret-type:CUSTOM-PATTERN | Displays alerts for secrets matching the specified custom pattern. |
For more information, see "Secret scanning patterns."