[DO NOT MERGE] November 8–9: GitHub Universe 2023 megabranch (#44245)

Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Courtney Claessens <courtneycl@github.com> Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com> Co-authored-by: Steve Guntrip <stevecat@github.com> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> Co-authored-by: Jules Porter <jules-p@users.noreply.github.com> Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: hubwriter <hubwriter@github.com> Co-authored-by: Melissa Xie <mxie@users.noreply.github.com> Co-authored-by: Andy Feller <andyfeller@github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Kelly Arwine <kellyarwine@github.com> Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com> Co-authored-by: Tiferet Gazit <tiferet@github.com> Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> Co-authored-by: Andrew Eisenberg <aeisenberg@github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: Annelisa Stephan <meowius@github.com> Co-authored-by: Vanessa <vgrl@github.com> Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: isaacmbrown <isaacmbrown@github.com> Co-authored-by: Greg Padak <gpadak@github.com>
2025-12-19 18:10:59 -05:00 · 2023-11-08 17:35:45 +01:00
parent 8cb0aa1998
commit 60b71c4e24
174 changed files with 2712 additions and 435 deletions
--- a/content/code-security/security-overview/about-security-overview.md
+++ b/content/code-security/security-overview/about-security-overview.md
@@ -1,6 +1,6 @@
 ---
 title: About security overview
-intro: 'You can view summaries of alerts for repositories owned by your organization and identify areas of high security risk. {% ifversion security-overview-org-risk-coverage %}You can also monitor adoption of code security features across your organization.{% endif %}'
+intro: 'You can gain insights into the overall security landscape of your organization and view summaries of alerts for repositories owned by your organization. {% ifversion security-overview-org-risk-coverage %}You can also monitor adoption of code security features across your organization.{% endif %}'
 permissions: '{% data reusables.security-overview.permissions %}'
 product: '{% data reusables.gated-features.security-overview %}'
 redirect_from:
@@ -30,10 +30,18 @@ topics:
 {% data reusables.security-overview.about-security-overview %} {% ifversion fpt %}For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/security-overview/about-security-overview).{% endif %}

 {% ifversion ghec or ghes or ghae %}
-Security overview shows which security features are enabled for repositories, and includes repository and alert-focused views so you can quickly investigate security issues and take action to remediate them.
+
+{% note %}
+
+**Note:** Security overview shows information and metrics for the default branches of an organization's repositories.
+  
+{% endnote %}
+
+Security overview shows which security features are enabled for repositories and includes repository and alert-focused views so you can quickly investigate security issues and take action to remediate them.

 - Risk and coverage information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories.
- Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.
+- Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.{% ifversion security-overview-dashboard %}
+- An organization-level dashboard of insights from security features is shown for enterprise-owned organizations that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.{% endif %}

 For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies)" and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."

@@ -55,7 +63,7 @@ There are also dedicated views for each type of security alert that you can use

 ## About security overview for organizations

-The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, the team can use the "Security coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Security risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}
+The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view (beta) to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}

 You can find security overview on the **Security** tab for any organization that's owned by an enterprise. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."

@@ -63,11 +71,13 @@ You can find security overview on the **Security** tab for any organization that

 Security overview has multiple views that provide different ways to explore enablement and alert data.

- Use "Security coverage" to assess the adoption of code security features across repositories in the organization.
- Use "Security risk" to assess the risk from security alerts of all types for one or more repositories in the organization.
+{% ifversion security-overview-dashboard %}
+- Use "Overview" to view insights about your organization's security landscape and progress.{% endif %}
+- Use "Coverage" to assess the adoption of code security features across repositories in the organization.
+- Use "Risk" to assess the risk from security alerts of all types for one or more repositories in the organization.
 - Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.

-For more information about these views, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
+For more information about these views, see {% ifversion security-overview-dashboard %}"[AUTOTITLE](/code-security/security-overview/viewing-security-insights-for-your-organization),"{% endif %}"[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."

 {% else %}

@@ -75,7 +85,7 @@ For more information about these views, see "[AUTOTITLE](/code-security/security

 ![Screenshot of security overview for an organization.](/assets/images/help/security-overview/security-overview-org-legacy.png)

-Each repository is shown in security overview with an indicator for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the indicator for that feature will be grayed out. In addition, a risk score is calculated for each repository based on its code scanning, Dependabot and secret scanning alerts. This score is in beta and should be used with caution. Its algorithm and approach is subject to change.
+Each repository is shown in security overview with an indicator for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the indicator for that feature will be grayed out. In addition, a risk score is calculated for each repository based on its {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %} and {% data variables.secret-scanning.alerts %}. This score is in beta and should be used with caution. Its algorithm and approach is subject to change.

 | Indicator | Meaning |
 | -------- | -------- |
@@ -95,8 +105,8 @@ You can find security overview on the **Code Security** tab for your enterprise.

 As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore enablement and alert data.

- Use the "Security coverage" view to assess the adoption of code security features across organizations in the enterprise.
- Use the "Security risk" view to assess the risk from security alerts of all types across organizations in the enterprise.
+- Use the "Coverage" view to assess the adoption of code security features across organizations in the enterprise.
+- Use the "Risk" view to assess the risk from security alerts of all types across organizations in the enterprise.
 - Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.{% else %}You can view repositories owned by your enterprise that have security alerts, view all security alerts, or view security feature-specific alerts from across your enterprise.{% endif %}

 For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
@@ -123,6 +133,24 @@ If you are an owner or security manager for an organization, you can see data fo

 If you are an organization member, you can view security overview for the organization and see data for repositories where you have access.{% ifversion security-overview-org-risk-coverage-enterprise %} You can view this data in the organization-level overview, but you cannot access the enterprise-level overview.{% endif %}

+{% note %}
+
+**Note:** To ensure a consistent and responsive experience, for organization members, the organization-level security overview pages will only display results from the most recently updated 3,000 repositories. If your results have been restricted, a notification will appear at the top of the page. Organization owners and security managers will see results from all repositories.
+
+{% endnote %}
+
+{% ifversion security-overview-dashboard %}
+{% rowheaders %}
+
+| Organization member with | Overview dashboard (beta) view | Risk and alerts views | Coverage view |
+|--------------------|-------------|---------------------|---------|
+| `admin` access for one or more repositories | View data for those repositories | View data for those repositories |  View data for those repositories |
+| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access for those repositories |
+| Security alert access for one or more repositories | View all security alert data for those repositories | View all security alert data for those repositories | No access for those repositories
+| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories |  View allowed alert data for all repositories in all views  | No access |
+
+{% endrowheaders %}
+{% else %}
 {% rowheaders %}

 | Organization member with | Risk and alerts views | Coverage view |
@@ -133,6 +161,7 @@ If you are an organization member, you can view security overview for the organi
 | Custom organization role with permission to view one or more types of security alert |  View allowed alert data for all repositories in all views  | No access |

 {% endrowheaders %}
+{% endif %}

 For more information about access to security alerts and related views, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles#security)."

--- a/content/code-security/security-overview/assessing-adoption-code-security.md
+++ b/content/code-security/security-overview/assessing-adoption-code-security.md
@@ -34,7 +34,7 @@ You can download a CSV file of the data displayed on the "Security coverage" pag

 {% ifversion dependabot-updates-paused-enterprise-orgs %}

-In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot %} updates are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %}
+In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot_updates %} are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %}

 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.security-overview %}
@@ -80,8 +80,8 @@ In the enterprise-level view, you can view data about the enablement of features

 ## Interpreting and acting on the enablement data

-Some code security features can and should be enabled on all repositories. For example, secret scanning alerts and push protection. These features reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+Some code security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection. These features reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."

-Other features are not available for use in all repositories. For example, there would be no point in enabling Dependabot or code scanning for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
+Other features are not available for use in all repositories. For example, there would be no point in enabling {% data variables.product.prodname_dependabot %} or {% data variables.product.prodname_code_scanning %} for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.

 Your enterprise may also have configured policies to limit the use of some code security features. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."
--- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md
+++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md
@@ -58,7 +58,7 @@ In the enterprise-level views, you can filter the data by organization.

 ## Filter by whether security features are enabled

-In the examples below, replace `:enabled` with `:not-enabled` to see repositories where security features are not enabled. These qualifiers are available in the main summary views.
+In the examples below, replace `:enabled` with `:not-enabled` to see repositories where security features are not enabled. These qualifiers are available in the "Security risk" and "Security coverage" views.

 | Qualifier | Description |
 | -------- | -------- |
@@ -77,13 +77,13 @@ The organization-level "Security coverage" view includes extra filters.
 | -------- | -------- | {% ifversion ghec or ghes > 3.8 %}
 | `advanced-security:enabled` | Display repositories that have enabled {% data variables.product.prodname_GH_advanced_security %}. | {% endif %}
 | `code-scanning-pull-request-alerts:enabled`| Display repositories that have configured {% data variables.product.prodname_code_scanning %} to run on pull requests. |
-| `dependabot-security-updates:enabled` | Display repositories that have enabled {% data variables.product.prodname_dependabot %} security updates.  |
+| `dependabot-security-updates:enabled` | Display repositories that have enabled {% data variables.product.prodname_dependabot_security_updates %}.  |
 | `secret-scanning-push-protection:enabled` | Display repositories that have enabled push protection for {% data variables.product.prodname_secret_scanning %}. |
 {% endif %}

 ## Filter by repository type

-These qualifiers are available in the main summary views.
+All of these qualifiers are available in the "Security risk" and "Security coverage" views. {% ifversion security-overview-dashboard %}For the "Overview" dashboard (beta) view, only the `archived:` filter is available.{% endif %}

 | Qualifier | Description |
 | -------- | -------- |
@@ -148,6 +148,25 @@ These qualifiers are available in the main summary views{% ifversion security-ov
 | -------- | -------- |
 | `topic:TOPIC-NAME` | Displays repositories that are classified with TOPIC-NAME. For more information on repository topics, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics)." |

+{% ifversion security-overview-dashboard %}
+
+## Additional filters for security overview dashboard (beta)
+
+{% data reusables.security-overview.beta %}
+
+You can filter the "Overview" dashboard (beta) to narrow the scope of the metrics shown, so that you can view trends for specific repository or alert types. For more information on the overview dashboard, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights-for-your-organization)."
+
+| Qualifier | Description |
+| -------- | -------- |
+|`visibility:public`|Displays metrics only for public repositories.|
+|`visibility:internal`|Displays metrics only for internal repositories.|
+|`visibility:private`|Displays metrics only for private repositories.|
+|`tool:codeql`|Displays metrics for {% data variables.product.prodname_code_scanning %} alerts generated using {% data variables.product.prodname_codeql %} analysis.|
+|`tool:dependabot`|Displays metrics for {% data variables.product.prodname_dependabot_alerts %}.|
+|`tool:secret-scanning`|Displays metrics for {% data variables.product.prodname_secret_scanning %} alerts.|
+
+{% endif %}
+
 {% ifversion security-overview-dependabot-acv %}

 ## Additional filters for {% data variables.product.prodname_dependabot %} alert views
@@ -157,8 +176,8 @@ You can filter the view to show {% data variables.product.prodname_dependabot_al
 | Qualifier | Description |
 | -------- | -------- |
 {% ifversion dependabot-alerts-vulnerable-calls or ghes or ghae -%}
-|`has:patch`|Displays {% data variables.product.prodname_dependabot %} alerts for vulnerabilities where a secure version is already available.|
-|`has:vulnerable-calls`|Displays {% data variables.product.prodname_dependabot %} alerts where at least one call from the repository to a vulnerable function is detected. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#about-the-detection-of-calls-to-vulnerable-functions)."|
+|`has:patch`|Displays {% data variables.product.prodname_dependabot_alerts %} for vulnerabilities where a secure version is already available.|
+|`has:vulnerable-calls`|Displays {% data variables.product.prodname_dependabot_alerts %} where at least one call from the repository to a vulnerable function is detected. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#about-the-detection-of-calls-to-vulnerable-functions)."|
 {% endif -%}
 |`ecosystem:ECOSYSTEM-NAME`|Displays {% data variables.product.prodname_dependabot_alerts %} detected in the specified ecosystem.|
 |`is:open`|Displays open {% data variables.product.prodname_dependabot_alerts %}.|
@@ -187,7 +206,7 @@ You can filter the view to show {% data variables.product.prodname_dependabot_al

 ## Additional filters for {% data variables.product.prodname_code_scanning %} alert views

-All code scanning alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.
+All {% data variables.product.prodname_code_scanning %} alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.

 | Qualifier | Description |
 | -------- | -------- |
@@ -218,18 +237,18 @@ All code scanning alerts have one of the categories shown below. You can click a
 |`provider:PROVIDER-NAME` | Displays alerts for all secrets issues by the specified provider.  |
 | `secret-type:PROVIDER-PATTERN` | Displays alerts for the specified secret and provider. |
 | `secret-type:CUSTOM-PATTERN` | Displays alerts for secrets matching the specified custom pattern.  |
-|`is:open`|Displays open {% data variables.product.prodname_secret_scanning %} alerts.|
-|`is:closed`|Displays closed {% data variables.product.prodname_secret_scanning %} alerts.|
-|`resolution:false-positive`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "false positive."|
-|`resolution:pattern-deleted`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "pattern deleted."|
-|`resolution:pattern-edited`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "pattern edited."|
-|`resolution:revoked`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "revoked."|
-|`resolution:used-in-tests`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "used in tests."|
-|`resolution:wont-fix`|Displays {% data variables.product.prodname_secret_scanning %} alerts closed as "won't fix."|
-|`sort:created-desc`|Displays {% data variables.product.prodname_secret_scanning %} alerts from newest to oldest.|
-|`sort:created-asc`|Displays {% data variables.product.prodname_secret_scanning %} alerts from oldest to newest.|
-|`sort:updated-desc`|Displays {% data variables.product.prodname_secret_scanning %} alerts from most recently updated to least recently updated.|
-|`sort:updated-asc`|Displays {% data variables.product.prodname_secret_scanning %} alerts from least recently updated to most recently updated.|
+|`is:open`|Displays open {% data variables.secret-scanning.alerts %}.|
+|`is:closed`|Displays closed {% data variables.secret-scanning.alerts %}.|
+|`resolution:false-positive`|Displays {% data variables.secret-scanning.alerts %} closed as "false positive."|
+|`resolution:pattern-deleted`|Displays {% data variables.secret-scanning.alerts %} closed as "pattern deleted."|
+|`resolution:pattern-edited`|Displays {% data variables.secret-scanning.alerts %} closed as "pattern edited."|
+|`resolution:revoked`|Displays {% data variables.secret-scanning.alerts %} closed as "revoked."|
+|`resolution:used-in-tests`|Displays {% data variables.secret-scanning.alerts %} closed as "used in tests."|
+|`resolution:wont-fix`|Displays {% data variables.secret-scanning.alerts %} closed as "won't fix."|
+|`sort:created-desc`|Displays {% data variables.secret-scanning.alerts %} from newest to oldest.|
+|`sort:created-asc`|Displays {% data variables.secret-scanning.alerts %} from oldest to newest.|
+|`sort:updated-desc`|Displays {% data variables.secret-scanning.alerts %} from most recently updated to least recently updated.|
+|`sort:updated-asc`|Displays {% data variables.secret-scanning.alerts %} from least recently updated to most recently updated.|

 For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns)."
 {% endif %}
--- a/content/code-security/security-overview/index.md
+++ b/content/code-security/security-overview/index.md
@@ -14,6 +14,7 @@ topics:
  - Advanced Security
 children:
  - /about-security-overview
+  - /viewing-security-insights-for-your-organization
  - /assessing-adoption-code-security
  - /assessing-code-security-risk
  - /filtering-alerts-in-security-overview
--- a/content/code-security/security-overview/viewing-security-insights-for-your-organization.md
+++ b/content/code-security/security-overview/viewing-security-insights-for-your-organization.md
@@ -0,0 +1,112 @@
+---
+title: Viewing security insights for your organization
+shortTitle: Viewing security insights
+intro: 'You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization.'
+permissions: '{% data reusables.security-overview.permissions %}'
+product: '{% data reusables.gated-features.security-overview %}'
+versions:
+  feature: security-overview-dashboard
+type: how_to
+topics:
+  - Security overview
+  - Advanced Security
+  - Alerts
+  - Organizations
+---
+
+{% data reusables.security-overview.beta-overview-dashboard %}
+
+## About organization-level security insights
+
+The overview page in security overview is a consolidated dashboard of insights about your organization's security landscape and progress. You can use the dashboard to monitor the health of your application security program, collaborate with engineering teams, and gather data for benchmarking purposes.
+
+You can view a variety of metrics about the security alerts in your organization. The dashboard displays trending data that tracks alert counts and activity over time, as well as snapshot data that reflects the current state.
+
+- The top section of the dashboard shows information about the status and age of alerts in your organization, as well as data about secrets that have been blocked or bypassed.
+- The "Remediation" section shows information about how alerts are resolved and alert activity over time.
+- The "Impact analysis" section shows the repositories that pose the highest potential security risk in your organization.
+
+You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+
+Enterprise members can access the overview page for organizations in their enterprise. The metrics you see will depend on your role and repository permissions. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
+
+### Limitations
+
+The data that populates the overview page can and will change over time due to various factors, such as repository deletion or modifications to a security advisory. This means that the overview metrics for the same time period could vary if viewed at two different times. For compliance reports or other scenarios where data consistency is crucial, we recommend that you source data from the audit log. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)."
+  
+Keep in mind that the overview page tracks changes over time for security alert data only. If you filter the page by non-alert attributes, such as repository status, the data you see will reflect the current state of those attributes, instead of the historical state. For example, consider that you archived a repository that contains open security alerts, an action which closes the alerts. If you then view the overview page for the week before you archived the repository, the alert data for the repository will only appear when you filter to show data from archived repositories, because the current state of the repository is archived. However, the alerts will appear as open, since they were open during that time period and the overview page tracks the historical state of alerts.
+
+## Viewing the security overview dashboard
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+1. The overview page is the primary view that you will see after clicking on the "Security" tab. To get to the dashboard from another security overview page, in the sidebar, click **{% octicon "graph" aria-hidden="true"  %} Overview**.
+1. Use the options at the top of the overview page to filter the group of alerts you want to see metrics for. All of the data and metrics on the page will change as you adjust the filters.
+   - Use the date picker to set the time range that you want to view alert activity and metrics for.
+   - Click in the search box to add further filters on the alerts and metrics displayed.
+  
+    ![Screenshot of the overview page in security overview for an organization. The options for filtering are outlined in dark orange, including the date picker and search field.](/assets/images/help/security-overview/security-overview-dashboard-filters.png)
+
+1. For the alert trends graph at the top of the page, you can click **{% octicon "shield" aria-hidden="true"  %} Open alerts** or **{% octicon "shield-x" aria-hidden="true"  %} Closed alerts** to toggle between showing the trends for open or closed alerts. The toggle will only affect the alert trends graph. For more information, see "[Alert trends graph](#alert-trends-graph)."
+
+## Understanding the overview dashboard
+
+- [Alert trends graph](#alert-trends-graph)
+- [Age of alerts](#age-of-alerts)
+- [Secrets bypassed or blocked](#secrets-bypassed-or-blocked)
+- [Mean time to remediate](#mean-time-to-remediate)
+- [Net resolve rate](#net-resolve-rate)
+- [Alert activity graph](#alert-activity-graph)
+- [Impact analysis for repositories](#impact-analysis-for-repositories)
+  
+### Alert trends graph
+
+The alert trends graph shows the change in the number of alerts in your organization over the time period you have chosen. Alerts are grouped by severity. You can toggle the graph between open and closed alerts.
+
+Open alerts include both newly created and existing open security alerts. New alerts are represented on their creation date, while alerts that existed before the chosen time period are represented at the start of the period. Once an alert is remediated or dismissed, it is not included in the graph. Instead, the alert will move to the closed alerts graph.
+
+Closed alerts include security alerts that have been successfully remediated or dismissed prior to or during the chosen time period. Alerts closed during the time period are represented on the graph on their closed date, while alerts remediated or dismissed before the chosen time period are represented at the start of the period.
+
+### Age of alerts
+
+The "Age of alerts" metric is the average age of all alerts that are still open at the end of the chosen time period.
+
+The age of each open alert is calculated by subtracting the date the alert was created from the date that the chosen time period ends. For reopened alerts, the age is calculated by subtracting the original created date rather than the date the alert was reopened.
+
+### Secrets bypassed or blocked
+
+The "Secrets bypassed / blocked" metric shows the ratio of secrets bypassed to the total secrets blocked by push protection.
+
+You can also see how many secrets were successfully blocked, which is calculated by subtracting the number of secrets bypassed from the total number of secrets blocked by push protection. A secret is considered to have been successfully blocked when it has been corrected, and not committed to the repository.
+
+For more information on secret scanning push protection metrics, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization)."
+
+### Mean time to remediate
+
+The "Mean time to remediate" metric is the average age of all alerts that were remediated or dismissed in the chosen time period. Alerts that were closed as "false positive" are excluded.
+
+The age of each closed alert is calculated by subtracting the date the alert was created from the the date that the alert was last closed during the chosen time period. For reopened alerts, the age is calculated by subtracting the original created date rather than the date the alert was reopened.
+
+### Net resolve rate
+
+The "Net resolve rate" metric is the rate at which alerts are being closed. This metric is similar to measuring "developer velocity", reflecting the speed and efficiency with which alerts are resolved.
+
+The rate is calculated by dividing the number of alerts that were closed and remained closed during the chosen time period, by the number of alerts created during the time period.
+
+{% note %}
+
+**Note:** The net resolve rate takes into account any new and any closed alerts during the chosen time period. This means that the set of new alerts and set of closed alerts used for the calculation do not necessarily correspond, since they may represent different populations of alerts.
+  
+{% endnote %}
+
+Alerts that are reopened and re-closed during the chosen time period are ignored.
+
+### Alert activity graph
+
+Expanding on the alert trends graph, the alert activity graph shows you alert inflows and outflows over your chosen time period.
+
+Green bars represent the number of new alerts created during the segmented time period. Purple bars represent the number of alerts that were closed during the segmented time period. The blue dotted line represents the net alert activity, which is the difference between new and closed alerts.
+
+### Impact analysis for repositories
+
+The impact analysis table shows the top 10 repositories with the most open alerts as of the end of the chosen time period, ranked by the total number of open alerts. For each repository, the total number of open alerts is shown alongside a breakdown by severity.