Skip to main content

Visão geral da filtragem de alertas na segurança

Use filtros para exibir categorias específicas de alertas

Who can use this feature?

A visão geral de segurança de uma organização está disponível para todos os membros da organização. As exibições e os dados exibidos são determinados por sua função na organização e por suas permissões para repositórios individuais dentro da organização. Para obter mais informações, confira "Sobre a visão geral de segurança."

A visão geral de segurança de uma empresa mostra aos proprietários e aos gerentes de segurança os dados das organizações às quais eles têm acesso. Os proprietários de empresas só podem exibir dados para organizações em que são adicionados como proprietário da organização ou gerente de segurança. Para saber mais, confira "Gerenciando sua função em uma organização pertencente à sua empresa."

Todas as empresas e suas organizações têm uma visão geral de segurança. Se você usar os recursos do GitHub Advanced Security verá informações adicionais. Para obter mais informações, confira "Sobre a Segurança Avançada do GitHub".

About filtering security overview

You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view and whether you are viewing data at the enterprise or organization level.

The information shown by security overview varies according to your access to repositories, and according to whether GitHub Advanced Security is used by those repositories . For more information, see "About security overview."

Filter by repository

Security overview supports free text search for repositories. With free text search, you can search for a keyword, and repositories with names containing that keyword will be displayed. For example, if you search for "test", your search results would include both "test-repository" and "octocat-testing".

To perform an exact search for a single repository, use the repo qualifier. If you do not type the name of the repository exactly as it appears, the repository will not be found.

QualifierDescription
repo:REPOSITORY-NAMEDisplays data for the specified repository.

Filter by whether security features are enabled

In the examples below, replace :enabled with :not-enabled to see repositories where security features are not enabled. These qualifiers are available in the "Security risk" and "Security coverage" views.

QualifierDescription
code-scanning:enabledDisplay repositories that have configured code scanning.
dependabot:enabledDisplay repositories that have enabled Dependabot alerts.
secret-scanning:enabledDisplay repositories that have enabled secret scanning alerts.
any-feature:enabledDisplay repositories where at least one security feature is enabled.

The organization-level "Security coverage" view includes extra filters.

Note: The "Security risk" and "Security coverage" views are currently in beta and subject to change.

QualifierDescription
advanced-security:enabledDisplay repositories that have enabled GitHub Advanced Security.
code-scanning-pull-request-alerts:enabledDisplay repositories that have configured code scanning to run on pull requests.
dependabot-security-updates:enabledDisplay repositories that have enabled Dependabot security updates.
secret-scanning-push-protection:enabledDisplay repositories that have enabled push protection for secret scanning.

Filter by repository type

All of these qualifiers are available in the "Security risk" and "Security coverage" views.

QualifierDescription
is:publicDisplay public repositories.
is:internalDisplay internal repositories.
is:privateDisplay private repositories.
archived:trueDisplay archived repositories.
archived:falseOmit archived repositories.

Filter by level of risk for repositories

The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.

These qualifiers are available in the enterprise-level view.

QualifierDescription
risk:highDisplay repositories that are at high risk.
risk:mediumDisplay repositories that are at medium risk.
risk:lowDisplay repositories that are at low risk.
risk:unknownDisplay repositories that are at an unknown level of risk.
risk:clearDisplay repositories that have no detected level of risk.

Filter by number of alerts

These qualifiers are available in the enterprise-level "Overview" and in the organization-level "Security risk" view.

QualifierDescription
code-scanning-alerts:NUMBERDisplay repositories that have NUMBER code scanning alerts. This qualifier can use =, > and < comparison operators.
secret-scanning-alerts:NUMBERDisplay repositories that have NUMBER secret scanning alerts. This qualifier can use =, > and < comparison operators.
dependabot-alerts:NUMBERDisplay repositories that have NUMBER Dependabot alerts. This qualifier can use =, > and < comparison operators.

Filter by team

These qualifiers are available in the main summary views and the alert-centric views for Dependabot, code scanning, and secret scanning.

QualifierDescription
team:TEAM-NAMEDisplays repositories that TEAM-NAME has write access or admin access to.

Filter by topic

These qualifiers are available in the main summary views and the alert-centric views for Dependabot, code scanning, and secret scanning.

QualifierDescription
topic:TOPIC-NAMEDisplays repositories that are classified with TOPIC-NAME. For more information on repository topics, see "Classifying your repository with topics."

Additional filters for Dependabot alert views

You can filter the view to show Dependabot alerts that are ready to fix or where additional information about exposure is available. You can click any result to see full details of the alert.

QualifierDescription
has:patchDisplays Dependabot alerts for vulnerabilities where a secure version is already available.
has:vulnerable-callsDisplays Dependabot alerts where at least one call from the repository to a vulnerable function is detected. For more information, see "Viewing and updating Dependabot alerts."
ecosystem:ECOSYSTEM-NAMEDisplays Dependabot alerts detected in the specified ecosystem.
is:openDisplays open Dependabot alerts.
is:closedDisplays closed Dependabot alerts.
package:PACKAGE-NAMEDisplays Dependabot alerts detected in the specified package.
resolution:auto-dismissedDisplays Dependabot alerts closed as "auto-dismissed."
resolution:fix-startedDisplays Dependabot alerts closed as "a fix has already been started."
resolution:fixedDisplays Dependabot alerts closed as "fixed."
resolution:inaccurateDisplays Dependabot alerts closed as "this alert is inaccurate or incorrect."
resolution:no-bandwidthDisplays Dependabot alerts closed as "no bandwidth to fix this."
resolution:not-usedDisplays Dependabot alerts closed as "vulnerable code is not actually used."
resolution:tolerable-riskDisplays Dependabot alerts closed as "risk is tolerable to this project."
scope:developmentDisplays Dependabot alerts from the development dependency.
scope:runtimeDisplays Dependabot alerts from the runtime dependency.
sort:manifest-pathDisplays Dependabot alerts grouped by the manifest file path the alerts point to.
sort:most-importantDisplays Dependabot alerts from most important to least important, as determined by CVSS score, vulnerability impact, relevancy, and actionability.
sort:newestDisplays Dependabot alerts from newest to oldest.
sort:oldestDisplays Dependabot alerts from oldest to newest.
sort:package-nameDisplays Dependabot alerts grouped by the package in which the alert was detected.
sort:severityDisplays Dependabot alerts from most to least severe.

Additional filters for code scanning alert views

All code scanning alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.

QualifierDescription
is:openDisplays open code scanning alerts.
is:closedDisplays closed code scanning alerts.
resolution:false-positiveDisplays code scanning alerts closed as "false positive."
resolution:fixedDisplays code scanning alerts closed as "fixed."
resolution:used-in-testsDisplays code scanning alerts closed as "used in tests."
resolution:wont-fixDisplays code scanning alerts closed as "won't fix."
rule:RULE-NAMEDisplays code scanning alerts opened for the specified rule.
severity:criticalDisplays code scanning alerts categorized as critical.
severity:highDisplays code scanning alerts categorized as high.
severity:mediumDisplays code scanning alerts categorized as medium.
severity:lowDisplays code scanning alerts categorized as low.
severity:errorDisplays code scanning alerts categorized as errors.
severity:warningDisplays code scanning alerts categorized as warnings.
severity:noteDisplays code scanning alerts categorized as notes.
sort:created-descDisplays code scanning alerts from newest to oldest.
sort:created-ascDisplays code scanning alerts from oldest to newest.
sort:updated-descDisplays code scanning alerts from most recently updated to least recently updated.
sort:updated-ascDisplays code scanning alerts from least recently updated to most recently updated.
tool:TOOL-NAMEDisplays code scanning alerts detected by the specified tool.

Additional filters for secret scanning alert views

QualifierDescription
provider:PROVIDER-NAMEDisplays alerts for all secrets issues by the specified provider.
secret-type:PROVIDER-PATTERNDisplays alerts for the specified secret and provider.
secret-type:CUSTOM-PATTERNDisplays alerts for secrets matching the specified custom pattern.
is:openDisplays open secret scanning alerts.
is:closedDisplays closed secret scanning alerts.
resolution:false-positiveDisplays secret scanning alerts closed as "false positive."
resolution:pattern-deletedDisplays secret scanning alerts closed as "pattern deleted."
resolution:pattern-editedDisplays secret scanning alerts closed as "pattern edited."
resolution:revokedDisplays secret scanning alerts closed as "revoked."
resolution:used-in-testsDisplays secret scanning alerts closed as "used in tests."
resolution:wont-fixDisplays secret scanning alerts closed as "won't fix."
sort:created-descDisplays secret scanning alerts from newest to oldest.
sort:created-ascDisplays secret scanning alerts from oldest to newest.
sort:updated-descDisplays secret scanning alerts from most recently updated to least recently updated.
sort:updated-ascDisplays secret scanning alerts from least recently updated to most recently updated.

For more information, see "Secret scanning patterns."