Note: Security overview is currently in beta and subject to change.
About filtering security overview
You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view.
Filter by repository
Security overview supports free text search for repositories. With free text search, you can search for a keyword, and repositories with names containing that keyword will be displayed. For example, if you search for "test", your search results would include both "test-repository" and "octocat-testing".
To perform an exact search for a single repository, use the repo
qualifier. If you do not type the name of the repository exactly as it appears, the repository will not be found.
Qualifier | Description |
---|---|
repo:REPOSITORY-NAME | Displays data for the specified repository. |
Filter by whether security features are enabled
In the examples below, replace :enabled
with :not-enabled
to see repositories where security features are not enabled. These qualifiers are available in the main summary views.
Qualifier | Description |
---|---|
code-scanning:enabled | Display repositories that have configured code scanning. |
dependabot:enabled | Display repositories that have enabled Dependabot alerts. |
secret-scanning:enabled | Display repositories that have enabled secret scanning alerts. |
not-enabled:any | Display repositories with at least one security feature that is not enabled. |
Filter by repository type
These qualifiers are available in the main summary views.
Qualifier | Description |
---|---|
is:public | Display public repositories. |
is:internal | Display internal repositories. |
is:private | Display private repositories. |
archived:true | Display archived repositories. |
archived:false | Omit archived repositories. |
Filter by level of risk for repositories
The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.
Qualifier | Description |
---|---|
risk:high | Display repositories that are at high risk. |
risk:medium | Display repositories that are at medium risk. |
risk:low | Display repositories that are at low risk. |
risk:unknown | Display repositories that are at an unknown level of risk. |
risk:clear | Display repositories that have no detected level of risk. |
Filter by number of alerts
These qualifiers are available in the main summary views.
Qualifier | Description |
---|---|
code-scanning-alerts:NUMBER | Display repositories that have NUMBER code scanning alerts. This qualifier can use = , > and < comparison operators. |
secret-scanning-alerts:NUMBER | Display repositories that have NUMBER secret scanning alerts. This qualifier can use = , > and < comparison operators. |
dependabot-alerts:NUMBER | Display repositories that have NUMBER Dependabot alerts. This qualifier can use = , > and < comparison operators. |
Filter by team
These qualifiers are available in the main summary views.
Qualifier | Description |
---|---|
team:TEAM-NAME | Displays repositories that TEAM-NAME has admin access to. |
Filter by topic
These qualifiers are available in the main summary views.
Qualifier | Description |
---|---|
topic:TOPIC-NAME | Displays repositories that are classified with TOPIC-NAME. For more information on repository topics, see "Classifying your repository with topics." |
Additional filters for Dependabot alert views
You can filter the view to show Dependabot alerts that are ready to fix or where additional information about exposure is available. You can click any result to see full details of the alert.
Qualifier | Description |
---|---|
ecosystem:ECOSYSTEM-NAME | Displays Dependabot alerts detected in the specified ecosystem. |
is:open | Displays open Dependabot alerts. |
is:closed | Displays closed Dependabot alerts. |
package:PACKAGE-NAME | Displays Dependabot alerts detected in the specified package. |
sort:manifest-path | Displays Dependabot alerts grouped by the manifest file path the alerts point to. |
sort:most-important | Displays Dependabot alerts from most important to least important, as determined by CVSS score, vulnerability impact, relevancy, and actionability. |
sort:newest | Displays Dependabot alerts from newest to oldest. |
sort:oldest | Displays Dependabot alerts from oldest to newest. |
sort:package-name | Displays Dependabot alerts grouped by the package in which the alert was detected. |
sort:severity | Displays Dependabot alerts from most to least severe. |