Skip to main content
Мы публикуем частые обновления нашей документации, и перевод этой страницы может все еще выполняться. Актуальные сведения см. в документации на английском языке.
All products
Безопасность кода

Оценка риска безопасности кода

В этой статье

Вы можете использовать обзор безопасности, чтобы узнать, на какие команды и репозитории влияют оповещения системы безопасности, и определить репозитории для срочных действий по исправлению.

Кто может использовать эту функцию

Общие сведения о безопасности организации доступны всем участникам организации. Отображаемые представления и данные определяются вашей ролью в организации и вашими разрешениями для отдельных репозиториев в организации.

В обзоре безопасности для предприятия отображаются данные владельцев и менеджеров по безопасности для организаций, к которых у них есть доступ. Владельцы предприятия могут просматривать данные только для организаций, в которых они добавлены в качестве владелец организации или диспетчера безопасности. Дополнительные сведения см. в разделе Управление ролью в организации, принадлежащей предприятию.

Общие сведения о безопасности для вашей организации доступны, если у вас есть лицензия на GitHub Advanced Security. Дополнительные сведения см. в разделе Сведения о GitHub Advanced Security.

About security risks in your code

You can use security overview to see which repositories and teams are free from any security alerts and which have unresolved security alerts. The "Security risk" page shows a summary and detailed information on which repositories in an organization are affected by security alerts, with a breakdown of alert by severity. You can filter the view to show a subset of repositories using the "affected" and "unaffected" links, the links under "Open alerts", the "Teams" dropdown menu, and a search field in the page header. This view is a great way to understand the broader picture for a repository, team, or group of repositories because you can see security alerts of all types in one view.

Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, "Teams" selector, and search field.

Note: It's important to understand that all repositories without open alerts are included in the set of unaffected repositories. That is, unaffected repositories include any repositories where the feature is not enabled, in addition to repositories that have been scanned and any alerts identified have been closed.

Viewing organization-level code security risks

For more information, see "About security overview."

  1. On your GitHub Enterprise Server instance, navigate to the main page of the organization.

  2. Under your organization name, click Security.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with a shield icon and "Security," is outlined in dark orange.

  3. To view aggregate information about alert types, click Show more.

  4. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the Search repositories field. For more information about the available qualifiers, see "Filtering alerts in security overview." Screenshot showing the dropdown filter menus and "Search repositories" field in security overview.

  5. Optionally, use the sidebar on the left to explore alerts for a specific security feature in greater detail. On each page, you can use filters that are specific to that feature to refine your search. For more information about the available qualifiers, see "Filtering alerts in security overview." Screenshot of the code scanning alerts page on the "Security" tab. Features apart from filters, dropdown menus, and sidebar are grayed out.

Viewing enterprise-level code security risks

  1. Navigate to GitHub.com.

  2. In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.

  3. In the list of enterprises, click the enterprise you want to view.

  4. In the left sidebar, click Code Security.

Viewing security overview for a team

  1. In the top right corner of GitHub Enterprise Server, click your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Click the name of your organization.

  3. Under your organization name, click Teams.

    Screenshot of the horizontal navigation bar for an organization. A tab, labeled with the people icon and "Teams," is outlined in dark orange.

  4. Click the name of the team.

  5. At the top of the team's page, click Security.

  6. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the Search repositories field. For more information about the available qualifiers, see "Filtering alerts in security overview." Screenshot showing the dropdown filter menus and "Search repositories" field in security overview.