Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.

Exploring security alerts

You can view, filter, and sort security alerts for repositories owned by your organization or team in one place.

The security overview for your organization is available if you have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

En este artículo

Note: The security overview is currently in beta and subject to change.

About the security overview

You can use the security overview for a high-level view of the security status of your organization or to identify problematic repositories that require intervention. At the organization-level, the security overview displays aggregate and repository-specific security information for repositories owned by your organization. At the team-level, the security overview displays repository-specific security information for repositories that the team has admin privileges for. For more information, see "Managing team access to an organization repository."

The security overview indicates whether GitHub Advanced Security features are enabled for repositories owned by your organization and consolidates alerts from Advanced Security features, including escaneo de código alerts, Alertas del Dependabot de GitHub, and escaneo de secretos alerts. For more information, see "About securing your repository."

In the security overview, you can view, sort, and filter alerts to understand the security risks in your organization and in specific repositories. You can apply multiple filters to focus on areas of interest. For example, you can identify private repositories that have a high number of Alertas del Dependabot de GitHub or repositories that have no escaneo de código alerts.

The security overview for an organization

For each repository in the security overview, you will see icons for each type of Advanced Security feature and how many alerts there are of each type. If an Advanced Security feature is not enabled for a repository, the icon for that feature will be grayed out.

Icons in the security overview

IconMeaning
Escaneo de código alerts. For more information, see "About escaneo de código."
Escaneo de secretos alerts. For more information, see "About escaneo de secretos."
Alertas del Dependabot de GitHub. For more information, see "About alerts for vulnerable dependencies."
The Advanced Security feature is enabled, but does not raise alerts in this repository.
The Advanced Security feature is not supported in this repository.

By default, archived repositories are excluded from the security overview for an organization. You can apply filters to view archived repositories in the security overview. For more information, see "Filtering the list of alerts."

The security overview displays active alerts raised by GitHub Advanced Security features. If there are no alerts in the security overview for a repository, undetected security vulnerabilities or code errors may still exist.

Viewing the security overview for an organization

Organization owners can view the security overview for an organization.

  1. En GitHub, navega hasta la página principal de la organización.
  2. Under your organization name, click Security. Organization security button
  3. To view aggregate information about alert types, click Show more. Show more button
  4. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the Search repositories field. For more information about the available qualifiers, see "Filtering the list of alerts." The drop-down filter menus and Search repositories field in the security overview

Viewing the security overview for a team

Members of a team can see the security overview for repositories that the team has admin privileges for.

  1. En la esquina superior derecha de GitHub, da clic en tu foto de perfil, posteriormente, da clic en Tu perfil. Foto de perfil
  2. En la parte izquierda de tu página de perfil, debajo de "Organizaciones", da clic en el icono de tu organización. iconos de organización
  3. Debajo de tu nombre de organización, da clic en Equipos. Pestaña de equipos
  4. En la pestaña de Equipos, da clic en el nombre del equipo. Lista de los equipos de la organización
  5. At the top of the team's page, click Security. Team security overview
  6. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the Search repositories field. For more information about the available qualifiers, see "Filtering the list of alerts." The drop-down filter menus and Search repositories field in the security overview

Filtering the list of alerts

Filter by level of risk for repositories

The level of risk for a repository is determined by the number and severity of alerts from Advanced Security features. If one or more Advanced Security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by Advanced Security features, the repository will have a clear level of risk.

QualifierDescription
risk:highDisplay repositories that are at high risk.
risk:mediumDisplay repositories that are at medium risk.
risk:lowDisplay repositories that are at low risk.
risk:unknownDisplay repositories that are at an unknown level of risk.
risk:clearDisplay repositories that have no detected level of risk.

Filter by number of alerts

QualifierDescription
code-scanning-alerts:nDisplay repositories that have n escaneo de código alerts. This qualifier can use > and < comparison operators.
secret-scanning-alerts:nDisplay repositories that have n escaneo de secretos alerts. This qualifier can use > and < comparison operators.
dependabot-alerts:nDisplay repositories that have n Alertas del Dependabot de GitHub. This qualifier can use > and < comparison operators.

Filter by whether Advanced Security features are enabled

QualifierDescription
enabled:code-scanningDisplay repositories that have escaneo de código enabled.
not-enabled:code-scanningDisplay repositories that do not have escaneo de código enabled.
enabled:secret-scanningDisplay repositories that have escaneo de secretos enabled.
not-enabled:secret-scanningDisplay repositories that have escaneo de secretos enabled.
enabled:dependabot-alertsDisplay repositories that have Alertas del Dependabot de GitHub enabled.
not-enabled:dependabot-alertsDisplay repositories that do not have Alertas del Dependabot de GitHub enabled.

Filter by repository type

QualifierDescription
is:publicDisplay public repositories.
is:internalDisplay internal repositories.
is:privateDisplay private repositories.
archived:trueDisplay archived repositories.

Filter by team

QualifierDescription
team:TEAM-NAMEDisplays repositories that TEAM-NAME has admin privileges for.

Filter by topic

QualifierDescription
topic:TOPIC-NAMEDisplays repositories that are classified with TOPIC-NAME.

Sort the list of alerts

QualifierDescription
sort:riskSorts the repositories in your security overview by risk.
sort:reposSorts the repositories in your security overview alphabetically by name.
sort:code-scanning-alertsSorts the repositories in your security overview by number of escaneo de código alerts.
sort:secret-scanning-alertsSorts the repositories in your security overview by number of escaneo de secretos alerts.
sort:dependabot-alertsSorts the repositories in your security overview by number of Alertas del Dependabot de GitHub.

¿Te ayudó este documento?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.