Skip to main content

This version of GitHub Enterprise was discontinued on 2023-03-15. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Filtering alerts in security overview

Use filters to view specific categories of alerts

Who can use this feature

Security overview for an organization is available to all members of the organization. The views and data displayed are determined by your role in the organization, and by your permissions for individual repositories within the organization.

Security overview for your organization is available if you have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

Note: Security overview is currently in beta and subject to change.

About filtering security overview

You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view.

Filter by repository

Security overview supports free text search for repositories. With free text search, you can search for a keyword, and repositories with names containing that keyword will be displayed. For example, if you search for "test", your search results would include both "test-repository" and "octocat-testing".

To perform an exact search for a single repository, use the repo qualifier. If you do not type the name of the repository exactly as it appears, the repository will not be found.

QualifierDescription
repo:REPOSITORY-NAMEDisplays data for the specified repository.

Filter by whether security features are enabled

In the examples below, replace :enabled with :not-enabled to see repositories where security features are not enabled. These qualifiers are available in the main summary views.

QualifierDescription
code-scanning:enabledDisplay repositories that have configured code scanning.
dependabot:enabledDisplay repositories that have enabled Dependabot alerts.
secret-scanning:enabledDisplay repositories that have enabled secret scanning alerts.
not-enabled:anyDisplay repositories with at least one security feature that is not enabled.

Filter by repository type

These qualifiers are available in the main summary views.

QualifierDescription
is:publicDisplay public repositories.
is:internalDisplay internal repositories.
is:privateDisplay private repositories.
archived:trueDisplay archived repositories.
archived:falseOmit archived repositories.

Filter by level of risk for repositories

The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.

QualifierDescription
risk:highDisplay repositories that are at high risk.
risk:mediumDisplay repositories that are at medium risk.
risk:lowDisplay repositories that are at low risk.
risk:unknownDisplay repositories that are at an unknown level of risk.
risk:clearDisplay repositories that have no detected level of risk.

Filter by number of alerts

These qualifiers are available in the main summary views.

QualifierDescription
code-scanning-alerts:NUMBERDisplay repositories that have NUMBER code scanning alerts. This qualifier can use =, > and < comparison operators.
secret-scanning-alerts:NUMBERDisplay repositories that have NUMBER secret scanning alerts. This qualifier can use =, > and < comparison operators.
dependabot-alerts:NUMBERDisplay repositories that have NUMBER Dependabot alerts. This qualifier can use =, > and < comparison operators.

Filter by team

These qualifiers are available in the main summary views.

QualifierDescription
team:TEAM-NAMEDisplays repositories that TEAM-NAME has admin access to.

Filter by topic

These qualifiers are available in the main summary views.

QualifierDescription
topic:TOPIC-NAMEDisplays repositories that are classified with TOPIC-NAME. For more information on repository topics, see "Classifying your repository with topics."

Additional filters for Dependabot alert views

You can filter the view to show Dependabot alerts that are ready to fix or where additional information about exposure is available. You can click any result to see full details of the alert.

QualifierDescription
ecosystem:ECOSYSTEM-NAMEDisplays Dependabot alerts detected in the specified ecosystem.
is:openDisplays open Dependabot alerts.
is:closedDisplays closed Dependabot alerts.
package:PACKAGE-NAMEDisplays Dependabot alerts detected in the specified package.
sort:manifest-pathDisplays Dependabot alerts grouped by the manifest file path the alerts point to.
sort:most-importantDisplays Dependabot alerts from most important to least important, as determined by CVSS score, vulnerability impact, relevancy, and actionability.
sort:newestDisplays Dependabot alerts from newest to oldest.
sort:oldestDisplays Dependabot alerts from oldest to newest.
sort:package-nameDisplays Dependabot alerts grouped by the package in which the alert was detected.
sort:severityDisplays Dependabot alerts from most to least severe.