Skip to main content
설명서에 자주 업데이트를 게시하며 이 페이지의 번역이 계속 진행 중일 수 있습니다. 최신 정보는 영어 설명서를 참조하세요.
GitHub AE는 현재 제한된 릴리스에 있습니다.

보안에서 경고 필터링 개요

필터를 사용하여 경고의 특정 범주 보기

이 기능을 사용할 수 있는 사용자

organization 대한 보안 개요는 organization 모든 멤버가 사용할 수 있습니다. 표시되는 보기 및 데이터는 organization 역할과 organization 내의 개별 리포지토리에 대한 권한에 따라 결정됩니다.

엔터프라이즈에 대한 보안 개요는 액세스 권한이 있는 조직의 organization 소유자 및 보안 관리자 데이터를 보여줍니다. 엔터프라이즈 소유자는 조직 소유자 또는 보안 관리자로 추가된 조직의 데이터만 볼 수 있습니다. 자세한 내용은 "AUTOTITLE"을 참조하세요.

베타 릴리스 중에 무료인 GitHub Advanced Security을(를) 사용하는 경우 엔터프라이즈와 조직에 대한 보안 개요를 사용할 수 있습니다. 자세한 내용은 "GitHub Advanced Security 정보"을 참조하세요.

Note: Security overview is currently in beta and subject to change.

About filtering security overview

You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view and whether you are viewing data at the enterprise or organization level.

Filter by repository

QualifierDescription
repo:REPOSITORY-NAMEDisplays data for the specified repository.

Filter by whether security features are enabled

In the examples below, replace :enabled with :not-enabled to see repositories where security features are not enabled. These qualifiers are available in the main summary views.

QualifierDescription
code-scanning:enabledDisplay repositories that have configured code scanning.
dependabot:enabledDisplay repositories that have enabled Dependabot alerts.
secret-scanning:enabledDisplay repositories that have enabled secret scanning alerts.
not-enabled:anyDisplay repositories with at least one security feature that is not enabled.

Filter by repository type

These qualifiers are available in the main summary views.

QualifierDescription
is:internalDisplay internal repositories.
is:privateDisplay private repositories.
archived:trueDisplay archived repositories.
archived:falseOmit archived repositories.

Filter by level of risk for repositories

The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.

QualifierDescription
risk:highDisplay repositories that are at high risk.
risk:mediumDisplay repositories that are at medium risk.
risk:lowDisplay repositories that are at low risk.
risk:unknownDisplay repositories that are at an unknown level of risk.
risk:clearDisplay repositories that have no detected level of risk.

Filter by number of alerts

These qualifiers are available in the main summary views.

QualifierDescription
code-scanning:NUMBERDisplay repositories that have NUMBER code scanning alerts. This qualifier can use =, > and < comparison operators.
secret-scanning:NUMBERDisplay repositories that have NUMBER secret scanning alerts. This qualifier can use =, > and < comparison operators.
dependabot:NUMBERDisplay repositories that have NUMBER Dependabot alerts. This qualifier can use =, > and < comparison operators.

Filter by team

These qualifiers are available in the main summary views.

QualifierDescription
team:TEAM-NAMEDisplays repositories that TEAM-NAME has admin access to.

Filter by topic

These qualifiers are available in the main summary views.

QualifierDescription
topic:TOPIC-NAMEDisplays repositories that are classified with TOPIC-NAME. For more information on repository topics, see "Classifying your repository with topics."

Additional filters for code scanning alert views

All code scanning alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.

QualifierDescription
severity:criticalDisplays code scanning alerts categorized as critical.
severity:highDisplays code scanning alerts categorized as high.
severity:mediumDisplays code scanning alerts categorized as medium.
severity:lowDisplays code scanning alerts categorized as low.
severity:errorDisplays code scanning alerts categorized as errors.
severity:warningDisplays code scanning alerts categorized as warnings.
severity:noteDisplays code scanning alerts categorized as notes.

Additional filters for secret scanning alert views

QualifierDescription
provider:PROVIDER_NAMEDisplays alerts for all secrets issues by the specified provider.
secret-type:SERVICE_PROVIDERDisplays alerts for the specified secret and provider.
secret-type:CUSTOM-PATTERNDisplays alerts for secrets matching the specified custom pattern.

For more information, see "Secret scanning patterns."