Skip to main content

Esta versión de GitHub Enterprise Server se discontinuó el 2024-07-09. No se realizarán lanzamientos de patch, ni siquiera para problemas de seguridad críticos. Para obtener rendimiento mejorado, seguridad mejorada y nuevas características, actualice a la versión más reciente de GitHub Enterprise Server. Para obtener ayuda con la actualización, póngase en contacto con el soporte técnico de GitHub Enterprise.

Filtrar alertas en la información general sobre seguridad

Uso de filtros para ver categorías específicas de alertas

¿Quién puede utilizar esta característica?

La información general de seguridad de una organización está disponible para todos los miembros de la organización. Las vistas y los datos que se muestran están determinados por su rol en la organización y por sus permisos para repositorios individuales dentro de la organización. Para más información, consulta "Información general sobre seguridad".

La información general sobre la seguridad de una empresa muestra a los propietarios de la organización y a los administradores de seguridad los datos de las organizaciones a las que tienen acceso. Los propietarios de empresas solo pueden ver datos para las organizaciones en las que se agregan como propietarios de la organización o administradores de seguridad. Para más información, consulta "Administración del rol en una organización que pertenece a la empresa".

All enterprises and their organizations have a security overview. If you use GitHub Advanced Security features you will see additional information. For more information, see "About GitHub Advanced Security."

About filtering security overview

You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view, and whether you are viewing data at the enterprise or organization level.

The information shown by security overview varies according to your access to repositories, and according to whether GitHub Advanced Security is used by those repositories . For more information, see "About security overview."

Filter logic for security overview

You can apply filters and use logical operators to display results that meet specific criteria on security overview. By default, if you apply several different filters, you are using AND logic, meaning you will only see results that match every filter you apply. For example, if you add the filter is:public dependabot:enabled, you will only see results from repositories that are public and have Dependabot enabled.

Currently, there are two logical operators that you can apply to your filters on security overview:

  • The - operator applies NOT logic, displaying all results except those that match the specified filter. To use the - operator, add it to the beginning of a filter. For example, filtering for -repo:REPOSITORY-NAME will display data from all repositories except REPOSITORY-NAME.
  • The , operator applies OR logic, displaying results that match any of the specified values for a single filter. To use the , operator, add it between each listed value for a filter. For example, filtering for is:public,private will display data from all repositories that are public or private. Similarly, if you apply the same filter multiple times with different values, you are using OR logic. For example, is:public is:private is equivalent to is:public,private.

Filter methods

All security views have features to help you define filters. These provide an easy way to set up filters and understand the options available.

  • Interactive search text box. When you click in the search box and press the keyboard "Space" key, a pop-up text box shows the filter options available in that view. You can use the mouse or keyboard arrow keys to select the options you want in the text box before pressing the keyboard "Return" key to add the filter. Supported for all views.
  • Dropdown selectors and toggles. Shown at the end of the "Search text box" or in the header of the data table. As you choose the data to view, the filters shown in the search text box are updated accordingly. Supported on the alert views.

Repository name, visibility, and status filters

In all views, there are two methods for filtering results by repository name.

  • Free text or keyword search. Display data for all repositories with a name that contains the keyword. For example, search for test to show data for both the "test-repository" and "octocat-testing" repositories.
  • repo qualifier. Display data only for the repository that exactly matches the value of the qualifier. For example, search for repo:octocat-testing to show data for only the "octocat-testing" repository.

You can also filter by repository visibility (internal, private, or public) and archive status.

QualifierDescriptionViews
isDisplay data for all repositories that are public, private, or internal."Risk" and "Coverage"
archivedDisplay only data for archived (true) or active (false) repositories.All except "Alerts" views

Team and topic filters

These qualifiers are available in all views.

QualifierDescription
teamDisplay data for all repositories that the specified team has write access or admin access to. For more information on repository roles, see "Repository roles for an organization".
topicDisplay data for all repositories that are classified with a specific topic. For more information on repository topics, see "Classifying your repository with topics."

Security feature enablement filters

In the "Risk" and "Coverage" views, you can show data only for repositories where security features are enabled (enabled), or not enabled (not-enabled).

QualifierDescription
code-scanning-alertsDisplay repositories that have configured code scanning.
dependabot-alertsDisplay repositories that have enabled Dependabot alerts.
secret-scanning-alertsDisplay repositories that have enabled secret scanning alerts.
any-featureDisplay repositories where at least one security feature is enabled.

Extra filters for the "Coverage" view

Note: The "Security risk" and "Security coverage" views are currently in beta and subject to change.

QualifierDescription
advanced-securityDisplay data for repositories where GitHub Advanced Security is enabled or not enabled.
code-scanning-default-setupDisplay data for repositories where code scanning is enabled or not enabled using CodeQL default setup.
code-scanning-pull-request-alertsDisplay data for repositories where code scanning is enabled or not enabled to run on pull requests.
dependabot-security-updatesDisplay data for repositories where Dependabot security updates is enabled or not enabled.
secret-scanning-push-protectionDisplay data for repositories where push protection for secret scanning is enabled or not enabled.

Repository risk-level filtering

The level of risk for a repository is determined by the number and severity of alerts from security features. You can filter on the level of risk using the risk qualifier.

  • The level of risk can be one of high, medium, or low.
  • If one or more security features are not enabled for a repository, the repository has an unknown level of risk.
  • If all security features are enabled and no alerts are report, the repository has a clear level of risk.

Alert number filters

These qualifiers are available in the enterprise-level "Overview" and in the organization-level "Security risk" view.

QualifierDescription
code-scanning-alertsDisplay data for repositories that have exactly (=), more than (>) or fewer than (<) a specific number of code scanning alerts. For example: code-scanning-alerts:>100 for repositories with more than 100 alerts.
dependabot-alertsDisplay data for repositories that have a specific number (=), more than (>) or fewer than (<) a specific number of Dependabot alerts. For example: dependabot-alerts:<=10 for repositories with fewer than or equal to 10 alerts.
secret-scanning-alertsDisplay data for repositories that have a specific number (=), more than (>) or fewer than (<) a specific number of secret scanning alerts. For example: secret-scanning-alerts:=10 for repositories with exactly 10 alerts.

Dependabot alert view filters

You can filter the view to show Dependabot alerts that are ready to fix or where additional information about exposure is available. You can click any result to see full details of the alert.

QualifierDescription
ecosystemDisplay Dependabot alerts detected in a specified ecosystem, for example: ecosystem:Maven.
hasDisplay Dependabot alerts for vulnerabilities where either a secure version is already available (patch) or where at least one call from the repository to a vulnerable function is detected (vulnerable-calls). For more information, see "Viewing and updating Dependabot alerts."
isDisplay Dependabot alerts that are open (open) or closed (closed).
packageDisplay Dependabot alerts detected in the specified package, for example: package:semver.
resolutionDisplay Dependabot alerts closed as "auto-dismissed" (auto-dismissed), "a fix has already been started" (fix-started), "fixed" (fixed), "this alert is inaccurate or incorrect" (inaccurate), "no bandwidth to fix this" (no-bandwidth), "vulnerable code is not actually used" (not-used), or "risk is tolerable to this project" (tolerable-risk).
scopeDisplay Dependabot alerts from the development dependency (development) or from the runtime dependency (runtime).
sortGroups Dependabot alerts by the manifest file path the alerts point to (manifest-path) or by the name of the package where the alert was detected (package-name). Alternatively, displays alerts from most important to least important, as determined by CVSS score, vulnerability impact, relevancy, and actionability (most-important), from newest to oldest (newest), from oldest to newest (oldest), or from most to least severe (severity).

Code scanning alert view filters

All code scanning alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.

QualifierDescription
isDisplay code scanning alerts that are open (open) or closed (closed).
resolutionDisplay code scanning alerts closed as "false positive" (false-postive), "fixed" (fixed), "used in tests" (used-in-tests), or "won't fix" (wont-fix).
ruleDisplay code scanning alerts identified by the specified rule.
severityDisplay code scanning alerts categorized as critical, high, medium, or low security alerts. Alternatively, displays code scanning alerts categorized as error, warning, note problems.
sortDisplay alerts from newest to oldest (created-desc), oldest to newest (created-asc), most recently updated (updated-desc), or least recently updated (updated-asc).
toolDisplay code scanning alerts detected by the specified tool, for example: tool:CodeQL for alerts created using the CodeQL application in GitHub.

Secret scanning alert view filters

QualifierDescription
bypassedDisplay secret scanning alerts where push protection was bypassed (true) or not bypassed (false).
confidenceDisplay secret scanning alerts of high (high) or other (other) confidence.
isDisplay secret scanning alerts that are open (open) or closed (closed).
providerDisplay alerts for all secrets issued by a specified provider, for example: adafruit.
resolutionDisplay secret scanning alerts closed as "false positive" (false-positive), "pattern deleted" (pattern-deleted), "pattern edited' (pattern-edited), "revoked" (revoked) "used in tests" (used-in-tests), or "won't fix" (wont-fix).
sortDisplay alerts from newest to oldest (created-desc), oldest to newest (created-asc), most recently updated (updated-desc), or least recently updated (updated-asc).
secret-typeDisplay alerts for the specified secret and provider (provider-pattern) or custom pattern (custom-pattern).