Deprecate 3.12 (#55505)
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Sarah Schneider <sarahs@github.com>
This commit is contained in:
Kevin Heis
@@ -65,18 +65,17 @@ There are dedicated views for each type of security alert. You can limit your an
|
||||
|
||||
## About security overview for organizations
|
||||
|
||||
The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GHAS %} features, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% ifversion pre-security-configurations %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).{% endif %}
|
||||
The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. For example, the team can use the "Overview" dashboard view to track your organization's security landscape and progression. {% ifversion pre-security-configurations %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).{% endif %}
|
||||
|
||||
You can find security overview on the **Security** tab for any organization. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see [Permission to view data in security overview](#permission-to-view-data-in-security-overview).
|
||||
|
||||
Security overview has multiple views that provide different ways to explore enablement and alert data.
|
||||
|
||||
{% ifversion security-overview-dashboard %}
|
||||
* **Overview:** visualize trends in **Detection**, **Remediation**, and **Prevention** of security alerts, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).{% endif %}
|
||||
* **Overview:** visualize trends in **Detection**, **Remediation**, and **Prevention** of security alerts, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
|
||||
* **Risk and Alert views:** explore the risk from security alerts of all types or focus on a single alert type and identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk).
|
||||
* **Coverage:** assess the adoption of security features across repositories in the organization, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security).{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
|
||||
* **Assessments:** regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% endif %}{% ifversion security-overview-tool-adoption %}
|
||||
* **Enablement trends:** see how quickly different teams are adopting security features.{% endif %}{% ifversion security-overview-org-codeql-pr-alerts %}
|
||||
* **Assessments:** regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% endif %}
|
||||
* **Enablement trends:** see how quickly different teams are adopting security features.{% ifversion security-overview-org-codeql-pr-alerts %}
|
||||
* **CodeQL pull request alerts:** assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).{% endif %}
|
||||
* **Secret scanning:** find out which types of secret are blocked by push protection{% ifversion security-overview-delegated-bypass-requests %} and which teams are bypassing push protection{% endif %}, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection){% ifversion security-overview-delegated-bypass-requests %} and [AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection){% endif %}.
|
||||
|
||||
@@ -106,7 +105,6 @@ If you are an **organization or team member**, you can view security overview fo
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion security-overview-dashboard %}
|
||||
{% rowheaders %}
|
||||
|
||||
| Organization or team member with | Overview dashboard view | Risk and alerts views | Coverage view |
|
||||
@@ -118,19 +116,6 @@ If you are an **organization or team member**, you can view security overview fo
|
||||
| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories | View allowed alert data for all repositories in all views | No access |
|
||||
|
||||
{% endrowheaders %}
|
||||
{% else %}
|
||||
{% rowheaders %}
|
||||
|
||||
| Organization or team member with | Risk and alerts views | Coverage view |
|
||||
|--------------------|-------------|---------------------|
|
||||
| `admin` access for one or more repositories | View data for those repositories | View data for those repositories, and enable and disable security features |
|
||||
| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access |
|
||||
| `read` or `triage` access for one or more repositories | No access | No access |
|
||||
| Security alert access for one or more repositories | View all security alert data for those repositories | No access |
|
||||
| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories in all views | No access |
|
||||
|
||||
{% endrowheaders %}
|
||||
{% endif %}
|
||||
|
||||
> [!NOTE]
|
||||
> To ensure a consistent and responsive experience, for organization members, the organization-level security overview pages will only display results from the most recently updated 3,000 repositories. If your results have been restricted, a notification will appear at the top of the page. Organization owners and security managers will see results from all repositories.
|
||||
|
||||
@@ -36,12 +36,8 @@ You can use security overview to see which repositories and teams have already e
|
||||
You can download a CSV file of the data displayed on the "Security coverage" page. This data file can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets. For more information, see [AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview).
|
||||
{% endif %}
|
||||
|
||||
{% ifversion security-overview-tool-adoption %}
|
||||
|
||||
You can use the "Enablement trends" view to see enablement status and enablement status trends over time for {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %}, or {% data variables.product.prodname_secret_scanning %} for repositories in an organization{% ifversion security-overview-enterprise-enablement-report %}, or across organizations in an enterprise{% endif %}. For each of these features, you can view a graph visualizing the percentage of repositories that have the feature enabled, as well as a detailed table with enablement percentages for different points in time. For more information, see [Viewing enablement trends for an organization](#viewing-enablement-trends-for-an-organization){% ifversion security-overview-enterprise-enablement-report %} and [Viewing enablement trends for an enterprise](#viewing-enablement-trends-for-an-enterprise){% endif %}.
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Viewing the enablement of security features for an organization
|
||||
|
||||
You can view data to assess the enablement of features for secure coding across repositories in an organization.
|
||||
@@ -78,8 +74,6 @@ In the enterprise-level view, you can view data about the enablement of features
|
||||
|
||||
{% data reusables.security-overview.enterprise-filters-tip %}
|
||||
|
||||
{% ifversion security-overview-tool-adoption %}
|
||||
|
||||
## Viewing enablement trends for an organization
|
||||
|
||||
{% ifversion ghes < 3.15 %}
|
||||
@@ -100,8 +94,6 @@ You can view data to assess the enablement status and enablement status trends o
|
||||
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion security-overview-enterprise-enablement-report %}
|
||||
|
||||
## Viewing enablement trends for an enterprise
|
||||
@@ -130,6 +122,6 @@ You can view data to assess the enablement status and enablement status trends o
|
||||
|
||||
Some security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see {% ifversion security-configurations %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization){% else %}[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization){% endif %}.
|
||||
|
||||
Other features are not suitable for use in all repositories. For example, there would be no point in enabling {% data variables.product.prodname_dependabot %}{% ifversion default-setup-pre-enablement %}{% else %} or {% data variables.product.prodname_code_scanning %}{% endif %} for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
|
||||
Other features are not suitable for use in all repositories. For example, there would be no point in enabling {% data variables.product.prodname_dependabot %} for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
|
||||
|
||||
Your enterprise may also have configured policies to limit the use of some security features. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise).
|
||||
|
||||
@@ -38,8 +38,7 @@ These views provide you with the data and filters to:
|
||||
* Understand how your organization is affected by secret leaks and exposures.{% endif %}{% ifversion security-overview-export-data %}
|
||||
* Export your current selection of data for further analysis and reporting. {% endif %}
|
||||
|
||||
{% ifversion security-overview-dashboard %}
|
||||
For information about the **Overview**, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).{% endif %}
|
||||
For information about the **Overview**, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
|
||||
|
||||
## Viewing organization-level security risks in code
|
||||
|
||||
|
||||
@@ -24,8 +24,8 @@ You can use checkboxes to select which repositories you want to include, or use
|
||||
|
||||
* To exclude certain repositories from the selection, you can assign a topic such as `test` to these repositories, then exclude them from the results with a search like `-topic:test`. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics).
|
||||
* If a team uses repositories that all require a certain feature, you can use the `team:` filter to search for repositories where a team has write access.
|
||||
* If you're enabling {% data variables.product.prodname_code_scanning %}, you can see which repositories are eligible for default setup with the search `code-scanning-default-setup:eligible`. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale).{% ifversion security-overview-repository-properties %}
|
||||
* You can use custom repository properties to filter security overview to show results from specific groups of repositories. Custom properties are metadata that organization owners can add and set for repositories in an organization. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization).{% endif %}
|
||||
* If you're enabling {% data variables.product.prodname_code_scanning %}, you can see which repositories are eligible for default setup with the search `code-scanning-default-setup:eligible`. For more information, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale).
|
||||
* You can use custom repository properties to filter security overview to show results from specific groups of repositories. Custom properties are metadata that organization owners can add and set for repositories in an organization. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization).
|
||||
|
||||
For more information on filters you can use in different parts of security overview, see [AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview).
|
||||
|
||||
|
||||
@@ -42,8 +42,8 @@ Currently, there are two logical operators that you can apply to your filters on
|
||||
All security views have features to help you define filters. These provide an easy way to set up filters and understand the options available.
|
||||
|
||||
* **Interactive search text box.** When you click in the search box and press the keyboard "Space" key, a pop-up text box shows the filter options available in that view. You can use the mouse or keyboard arrow keys to select the options you want in the text box before pressing the keyboard "Return" key to add the filter. Supported for all views.
|
||||
* **Dropdown selectors and toggles.** Shown at the end of the "Search text box" or in the header of the data table. As you choose the data to view, the filters shown in the search text box are updated accordingly. Supported on the alert views.{% ifversion security-overview-3-13-overview %}
|
||||
* **Advanced filters dialog.** When you click the **{% octicon "filter" aria-hidden="true" %} Filter** button, you can use dropdown lists to select the "Qualifier", "Operator", and "Values" for each filter. Supported on the "Overview" and metric views.{% endif %}
|
||||
* **Dropdown selectors and toggles.** Shown at the end of the "Search text box" or in the header of the data table. As you choose the data to view, the filters shown in the search text box are updated accordingly. Supported on the alert views.
|
||||
* **Advanced filters dialog.** When you click the **{% octicon "filter" aria-hidden="true" %} Filter** button, you can use dropdown lists to select the "Qualifier", "Operator", and "Values" for each filter. Supported on the "Overview" and metric views.
|
||||
|
||||
## Repository name, visibility, and status filters
|
||||
|
||||
@@ -56,9 +56,7 @@ You can also filter by repository visibility (internal, private, or public) and
|
||||
|
||||
| Qualifier | Description | Views |
|
||||
|--------|--------|------|
|
||||
| {% ifversion security-overview-dashboard %} |
|
||||
| `visibility` | Display data for all repositories that are `public`, `private`, or `internal`. | "Overview" and metrics |
|
||||
| {% endif %} |
|
||||
| `is` | Display data for all repositories that are `public`, `private`, or `internal`. | "Risk" and "Coverage" |
|
||||
| `archived` | Display only data for archived (`true`) or active (`false`) repositories. | All except "Alerts" views |
|
||||
|
||||
@@ -71,8 +69,6 @@ These qualifiers are available in all views.
|
||||
| `team` | Display data for all repositories that the specified team has write access or admin access to. For more information on repository roles, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization). |
|
||||
| `topic` | Display data for all repositories that are classified with a specific topic. For more information on repository topics, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics). |
|
||||
|
||||
{% ifversion security-overview-repository-properties %}
|
||||
|
||||
## Custom repository property filters
|
||||
|
||||
> [!NOTE]
|
||||
@@ -84,8 +80,6 @@ If you add custom properties to your organization and set values for repositorie
|
||||
|
||||
* **`props.CUSTOM_PROPERTY_NAME` qualifier.** The qualifier consists of a `props.` prefix, followed by the name of the custom property. For example, `props.data_sensitivity:high` displays results for repositories with the `data_sensitivity` property set to the value `high`. |
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion security-overview-dashboard-enterprise %}
|
||||
|
||||
## Repository owner name and type filters
|
||||
@@ -139,8 +133,6 @@ In the "Risk" view, you can filter repositories by the number of alerts they hav
|
||||
| `dependabot-alerts` | Display data for repositories that have a specific number (`=`), more than (`>`) or fewer than (`<`) a specific number of {% data variables.product.prodname_dependabot_alerts %}. For example: `dependabot-alerts:<=10` for repositories with fewer than or equal to 10 alerts.|
|
||||
| `secret-scanning-alerts` | Display data for repositories that have a specific number (`=`), more than (`>`) or fewer than (`<`) a specific number of {% data variables.secret-scanning.alerts %}. For example: `secret-scanning-alerts:=10` for repositories with exactly 10 alerts.|
|
||||
|
||||
{% ifversion security-overview-dashboard %}
|
||||
|
||||
## Alert type and property filters
|
||||
|
||||
You can filter the "Overview" view by the type{% ifversion security-overview-3-14-overview %} and property{% endif %} of alerts. Use the `tool` qualifier to display only data for alerts generated by a specific tool{% ifversion security-overview-3-14-overview %} or type of tool{% endif %}.
|
||||
@@ -170,8 +162,6 @@ You can also filter the "Overview" view by properties of alerts.
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
## {% data variables.product.prodname_dependabot %} alert view filters
|
||||
|
||||
You can filter the view to show {% data variables.product.prodname_dependabot_alerts %} that are ready to fix or where additional information about exposure is available. You can click any result to see full details of the alert.
|
||||
|
||||
@@ -34,7 +34,7 @@ You can also find more granular metrics, such as:
|
||||
* The repositories that are bypassing push protection the most
|
||||
* The percentage distribution of reasons that users give when they bypass the protection
|
||||
|
||||
{% ifversion security-overview-additional-tools %}Use the date picker to set the time range that you want to view alert activity and metrics for, and click in the search box to add further filters on the alerts and metrics displayed. For more information, see [AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview#additional-filters-for-secret-scanning-alert-views).
|
||||
Use the date picker to set the time range that you want to view alert activity and metrics for, and click in the search box to add further filters on the alerts and metrics displayed. For more information, see [AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview#additional-filters-for-secret-scanning-alert-views).
|
||||
|
||||
You can see {% data variables.product.prodname_secret_scanning %} metrics if you have:
|
||||
|
||||
@@ -44,12 +44,6 @@ You can see {% data variables.product.prodname_secret_scanning %} metrics if you
|
||||
|
||||
The metrics are based on activity from the default period or your selected period.
|
||||
|
||||
{% else %}
|
||||
|
||||
The metrics are based on activity from the default period or your selected period.
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Viewing metrics for {% data variables.product.prodname_secret_scanning %} push protection for an organization
|
||||
|
||||
{% data reusables.organizations.navigate-to-org %}
|
||||
|
||||
@@ -5,7 +5,9 @@ intro: 'You can use the overview dashboard in security overview to monitor the s
|
||||
permissions: '{% data reusables.permissions.security-overview %}'
|
||||
product: '{% data reusables.gated-features.security-overview-fpt-both %}'
|
||||
versions:
|
||||
feature: security-overview-dashboard
|
||||
fpt: '*'
|
||||
ghec: '*'
|
||||
ghes: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security overview
|
||||
@@ -237,7 +239,7 @@ Some metrics in the security overview dashboard include a trend indicator, which
|
||||
|
||||
### Alert trends graph
|
||||
|
||||
The alert trends graph shows the change in the number of alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %} over the time period you have chosen. {% ifversion security-overview-3-13-overview %}By default, alerts{% else %}Alerts{% endif %} are grouped by severity. You can toggle the graph between open and closed alerts{% ifversion security-overview-3-13-overview %} and change the way alerts are grouped{% endif %}.
|
||||
The alert trends graph shows the change in the number of alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %} over the time period you have chosen. By default, alerts are grouped by severity. You can toggle the graph between open and closed alerts and change the way alerts are grouped.
|
||||
|
||||
Open alerts include both newly created and existing open security alerts. New alerts are represented on their creation date, while alerts that existed before the chosen time period are represented at the start of the period. Once an alert is remediated or dismissed, it is not included in the graph. Instead, the alert will move to the closed alerts graph.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user