Skip to main content
Мы публикуем частые обновления нашей документации, и перевод этой страницы может все еще выполняться. Актуальные сведения см. в документации на английском языке.
All products
Безопасность кода

Оценка риска безопасности кода

Изучение оповещений системы безопасности и управление ими3 из 7 в схеме обучения
Следующая:Управление оповещениями о проверке секретов

В этой статье

Вы можете использовать обзор безопасности, чтобы узнать, на какие команды и репозитории влияют оповещения системы безопасности, и определить репозитории для срочных действий по исправлению.

Кто может использовать эту функцию

Общие сведения о безопасности организации доступны всем участникам организации. Отображаемые представления и данные определяются вашей ролью в организации и вашими разрешениями для отдельных репозиториев в организации. Дополнительные сведения см. в разделе Общие сведения о безопасности.

В обзоре безопасности для предприятия отображаются данные владельцев и менеджеров по безопасности для организаций, к которых у них есть доступ. Владельцы предприятия могут просматривать данные только для организаций, в которых они добавлены в качестве владелец организации или диспетчера безопасности. Дополнительные сведения см. в разделе Управление ролью в организации, принадлежащей предприятию.

Все предприятия и их организации имеют обзор безопасности. Если вы используете функции GitHub Advanced Security , которые бесплатны для общедоступных репозиториев,, вы увидите дополнительные сведения. Дополнительные сведения см. в разделе Сведения о GitHub Advanced Security.

Note: The "Security risk" and "Security coverage" views are currently in beta and subject to change.

About security risks in your code

You can use security overview to see which repositories and teams are free from any security alerts and which have unresolved security alerts. The "Security risk" page shows a summary and detailed information on which repositories in an organization are affected by security alerts, with a breakdown of alert by severity. You can filter the view to show a subset of repositories using the "affected" and "unaffected" links, the links under "Open alerts", the "Teams" dropdown menu, and a search field in the page header. This view is a great way to understand the broader picture for a repository, team, or group of repositories because you can see security alerts of all types in one view.

Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, "Teams" selector, and search field.

Note: It's important to understand that all repositories without open alerts are included in the set of unaffected repositories. That is, unaffected repositories include any repositories where the feature is not enabled, in addition to repositories that have been scanned and any alerts identified have been closed.

Viewing organization-level code security risks

The information shown by security overview will vary according to your access to repositories, and on whether GitHub Advanced Security is used by those repositories. For more information, see "About security overview."

  1. On GitHub.com, navigate to the main page of the organization.

  2. Under your organization name, click Security.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with a shield icon and "Security," is outlined in dark orange.

  3. To display the "Security risk" view, in the sidebar, click Risk.

  4. Use options in the page summary to filter results to show the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see "Filtering alerts in security overview."

    • Use the Teams dropdown to show information only for the repositories owned by one or more teams.
    • Click NUMBER affected or NUMBER unaffected in the header for any feature to show only the repositories with open alerts or no open alerts of that type.
    • Click any of the descriptions of "Open alerts" in the header to show only repositories with alerts of that type and category. For example, 1 critical to show the repository with a critical alert for Dependabot.
    • At the top of the list of repositories, click NUMBER Archived to show only repositories that are archived.
    • Click in the search box to add further filters to the repositories displayed.

    Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, alert severity links, "Teams" selector, archived repositories, and search field.

  5. Optionally, use the sidebar on the left to explore alerts for a specific security feature in greater detail. On each page, you can use filters that are specific to that feature to refine your search. For more information about the available qualifiers, see "Filtering alerts in security overview."

Viewing enterprise-level code security risks

  1. Navigate to GitHub.com.

  2. In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.

  3. In the list of enterprises, click the enterprise you want to view.

  4. In the left sidebar, click Code Security.

  5. Optionally, use the sidebar on the left to explore alerts for a specific security feature in greater detail. On each page, you can use filters that are specific to that feature to refine your search. For more information about the available qualifiers, see "Filtering alerts in security overview."

ПредыдущийОценка внедрения функций безопасности кодаСледующаяУправление оповещениями о проверке секретов