Skip to main content
Мы публикуем частые обновления нашей документации, и перевод этой страницы, возможно, еще выполняется. Актуальные сведения см. в документации на английском языке.
В настоящее время GitHub AE находится в ограниченном выпуске.
All products
Безопасность кода

Assessing your code security risk

В этой статье

You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action.

Кто может использовать эту функцию

Владельцы организации и руководители по безопасности могут получить доступ к обзору безопасности на уровне организации и просматривать оповещения в нескольких организациях с помощью обзора безопасности на уровне предприятия. Владельцы предприятия могут просматривать репозитории и оповещения только для организаций, в которых они добавлены в качестве владельца организации или менеджера безопасности. Участники команды могут просматривать обзор безопасности для репозиториев, для которого у команды есть права администратора.

Обзор безопасности для предприятия и организаций доступен, если вы используете GitHub Advanced Security (предоставляется бесплатно в бета-версии). Дополнительные сведения см. в разделе Сведения о GitHub Advanced Security.

Note: Security overview is currently in beta and subject to change.

About security risks in your code

You can use security overview to see which repositories and teams are free from any security alerts and which have unresolved security alerts. The "Security risk" page shows a summary and detailed information on which repositories in an organization are affected by security alerts, with a breakdown of alert by severity. You can filter the view to show a subset of repositories using the "affected" and "unaffected" links, the links under "Open alerts", the "Teams" dropdown menu, and a search field in the page header. This view is a great way to understand the broader picture for a repository, team, or group of repositories because you can see security alerts of all types in one view.

Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, "Teams" selector, and search field.

Note: It's important to understand that all repositories without open alerts are included in the set of unaffected repositories. That is, unaffected repositories include any repositories where the feature is not enabled, in addition to repositories that have been scanned and any alerts identified have been closed.

Viewing organization-level code security risks

For more information, see "About security overview."

  1. On your enterprise, navigate to the main page of the organization.

  2. Under your organization name, click Security. Organization security button

  3. To view aggregate information about alert types, click Show more.

  4. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the Search repositories field. For more information about the available qualifiers, see "Filtering alerts in security overview." Screenshot showing the dropdown filter menus and "Search repositories" field in security overview.

  5. Optionally, use the sidebar on the left to explore alerts for a specific security feature in greater detail. On each page, you can use filters that are specific to that feature to refine your search. For more information about the available qualifiers, see "Filtering alerts in security overview." Screenshot of the code scanning alerts page on the "Security" tab. Features apart from filters, dropdown menus, and sidebar are grayed out.

Viewing enterprise-level code security risks

  1. Navigate to GitHub.com.

  2. In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.

    "Your enterprises" in drop-down menu for profile photo on GitHub AE

  3. In the list of enterprises, click the enterprise you want to view.

  4. In the left sidebar, click Code Security.

Viewing security overview for a team

  1. In the top right corner of GitHub AE, click your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Click the name of your organization. Organization name in list of organizations

  3. Under your organization name, click Teams.

    Teams tab

  4. Click the name of the team.

  5. At the top of the team's page, click Security.

  6. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the Search repositories field. For more information about the available qualifiers, see "Filtering alerts in security overview." Screenshot showing the dropdown filter menus and "Search repositories" field in security overview.