Nota: El resumen de seguridad se encuentra actualmente en beta y está sujeto a cambios.
About the security overview
You can use the security overview for a high-level view of the security status of your organization or to identify problematic repositories that require intervention. At the organization-level, the security overview displays aggregate and repository-specific security information for repositories owned by your organization. At the team-level, the security overview displays repository-specific security information for repositories that the team has admin privileges for. For more information, see "Managing team access to an organization repository."
The security overview indicates whether security features are enabled for repositories owned by your organization and consolidates alerts for each feature. Security features include GitHub Advanced Security features, such as escaneo de código and escaneo de secretos, as well as Las alertas del dependabot. For more information about GitHub Advanced Security features, see "About GitHub Advanced Security." For more information about Las alertas del dependabot, see "About alerts for vulnerable dependencies."
For more information about securing your code at the repository and organization levels, see "Securing your repository" and "Securing your organization."
In the security overview, you can view, sort, and filter alerts to understand the security risks in your organization and in specific repositories. You can apply multiple filters to focus on areas of interest. For example, you can identify private repositories that have a high number of Las alertas del dependabot or repositories that have no escaneo de código alerts.
For each repository in the security overview, you will see icons for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the icon for that feature will be grayed out.
| Icon | Meaning |
|---|---|
| Escaneo de código alerts. For more information, see "About escaneo de código." | |
| Escaneo de secretos alerts. For more information, see "About escaneo de secretos." | |
| Las alertas del dependabot. For more information, see "About alerts for vulnerable dependencies." | |
| The security feature is enabled, but does not raise alerts in this repository. | |
| The security feature is not supported in this repository. |
By default, archived repositories are excluded from the security overview for an organization. You can apply filters to view archived repositories in the security overview. For more information, see "Filtering the list of alerts."
The security overview displays active alerts raised by security features. If there are no alerts in the security overview for a repository, undetected security vulnerabilities or code errors may still exist.
Viewing the security overview for an organization
Organization owners can view the security overview for an organization.
- En GitHub.com, navega hasta la página principal de la organización.
- Debajo del nombre de tu organización, haz clic en Seguridad.
- To view aggregate information about alert types, click Show more.
- Opcionalmente, filtra la lista de alertas. Puedes hacer clic en varios filtros de los menús desplegables de filtros para especificar tu búsqueda. También puedes teclear calificadores de búsqueda en el campo Buscar repositorios. Para obtener más información sobre los calificadores disponibles, consulta la sección "Filtrar la lista de alertas".
Viewing the security overview for a team
Members of a team can see the security overview for repositories that the team has admin privileges for.
- En la esquina superior derecha de GitHub.com, haz clic en tu foto de perfil y luego en Tus organizaciones.
- Haz clic en el nombre de tu organización.
- Debajo del nombre de tu organización, da clic en
Equipos.
- En la pestaña de Equipos, da clic en el nombre del equipo.
- En la parte superior de la página del equipo, haz clic en Seguridad.
- Opcionalmente, filtra la lista de alertas. Puedes hacer clic en varios filtros de los menús desplegables de filtros para especificar tu búsqueda. También puedes teclear calificadores de búsqueda en el campo Buscar repositorios. Para obtener más información sobre los calificadores disponibles, consulta la sección "Filtrar la lista de alertas".
Filtering the list of alerts
Filter by level of risk for repositories
The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.
| Qualifier | Description |
|---|---|
risk:high | Display repositories that are at high risk. |
risk:medium | Display repositories that are at medium risk. |
risk:low | Display repositories that are at low risk. |
risk:unknown | Display repositories that are at an unknown level of risk. |
risk:clear | Display repositories that have no detected level of risk. |
Filter by number of alerts
| Qualifier | Description |
|---|---|
code-scanning-alerts:n | Display repositories that have n escaneo de código alerts. This qualifier can use > and < comparison operators. |
secret-scanning-alerts:n | Display repositories that have n escaneo de secretos alerts. This qualifier can use > and < comparison operators. |
dependabot-alerts:n | Display repositories that have n Las alertas del dependabot. This qualifier can use > and < comparison operators. |
Filter by whether security features are enabled
| Qualifier | Description |
|---|---|
enabled:code-scanning | Display repositories that have escaneo de código enabled. |
not-enabled:code-scanning | Display repositories that do not have escaneo de código enabled. |
enabled:secret-scanning | Display repositories that have escaneo de secretos enabled. |
not-enabled:secret-scanning | Display repositories that have escaneo de secretos enabled. |
enabled:dependabot-alerts | Display repositories that have Las alertas del dependabot enabled. |
not-enabled:dependabot-alerts | Display repositories that do not have Las alertas del dependabot enabled. |
Filter by repository type
| Qualifier | Description |
|---|---|
is:public | Display public repositories. |
| is:private | Display private repositories. |
| archived:true | Display archived repositories. |
| archived:true | Display archived repositories. |
Filter by team
| Qualifier | Description |
|---|---|
team:TEAM-NAME | Displays repositories that TEAM-NAME has admin privileges for. |
Filter by topic
| Qualifier | Description |
|---|---|
topic:TOPIC-NAME | Displays repositories that are classified with TOPIC-NAME. |
Sort the list of alerts
| Qualifier | Description |
|---|---|
sort:risk | Sorts the repositories in your security overview by risk. |
sort:repos | Sorts the repositories in your security overview alphabetically by name. |
sort:code-scanning-alerts | Sorts the repositories in your security overview by number of escaneo de código alerts. |
sort:secret-scanning-alerts | Sorts the repositories in your security overview by number of escaneo de secretos alerts. |
sort:dependabot-alerts | Sorts the repositories in your security overview by number of Las alertas del dependabot. |