75f3cce197
Co-authored-by: isaacmbrown <isaacmbrown@github.com> Co-authored-by: Hector Alfaro <hectorsector@github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: hubwriter <hubwriter@github.com> Co-authored-by: Vanessa <vgrl@github.com> Co-authored-by: Christopher Nguyen <91625426+nguyen-dows@users.noreply.github.com> Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Andrew Eisenberg <aeisenberg@github.com> Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: David Staheli <1767415+davidstaheli@users.noreply.github.com> Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: sunbrye <sunbrye@github.com> Co-authored-by: Tim Rogers <timrogers@github.com> Co-authored-by: Felix Guntrip <stevecat@github.com> Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com> Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: Jules Porter <jules-p@users.noreply.github.com> Co-authored-by: Devraj Mehta <devm33@github.com> Co-authored-by: Kate Studwell <katestud@github.com> Co-authored-by: Katherine Oelsner <49968061+octokatherine@users.noreply.github.com> Co-authored-by: Rachael Sewell <rachmari@github.com> Co-authored-by: Tim Rogers <me@timrogers.co.uk> Co-authored-by: Arfon Smith <arfon@users.noreply.github.com>
4.2 KiB
title, shortTitle, allowTitleToDifferFromFilename, intro, permissions, type, topics, versions, redirect_from
| title | shortTitle | allowTitleToDifferFromFilename | intro | permissions | type | topics | versions | redirect_from | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Assessing your code security risk | Assess security risk to code | true | You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action. | {% data reusables.permissions.security-overview %} | how_to |
|
|
|
{% data reusables.security-overview.beta-org-risk-coverage %}
Exploring the security risks in your code
You can use the different views on your Security tab to explore the security risks in your code.
- Overview: use to explore trends in Detection, Remediation, and Prevention of security alerts.
- Risk: use to explore the current state of repositories, across all alert types.
- Alerts views: use to explore {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %}, or {% data variables.product.prodname_secret_scanning %} alerts in greater detail.
These views provide you with the data and filters to:
- Assess the landscape of your code security across all your repositories.
- Identify the highest impact vulnerabilities to address.
- Monitor your progress in remediating potential vulnerabilities. {% ifversion security-overview-export-data %}
- Export your current selection of data for further analysis and reporting. {% endif %}
{% ifversion security-overview-dashboard %} For information about the Overview, see "AUTOTITLE."{% endif %}
Viewing organization-level code security risks
{% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} {% data reusables.security-overview.open-security-risk-view %} {% data reusables.code-scanning.using-security-overview-risk %}
{% data reusables.security-overview.unaffected-repositories %}
{% data reusables.organizations.security-overview-feature-specific-page %} {% ifversion security-overview-export-data %}
- Optionally, use the {% octicon "download" aria-hidden="true" %} Export CSV button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see "AUTOTITLE." {% endif %}
{% data reusables.security-overview.alert-differences %}
Viewing enterprise-level code security risks
You can view data for security alerts across organizations in an enterprise.
{% data reusables.security-overview.enterprise-filters-tip %}
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} {% data reusables.code-scanning.click-code-security-enterprise %}
-
To display the "Security risk" view, in the sidebar, click {% octicon "shield" aria-hidden="true" %} Risk. {% data reusables.code-scanning.using-security-overview-risk %}
{% data reusables.security-overview.unaffected-repositories %} {% data reusables.organizations.security-overview-feature-specific-page %}
{% data reusables.security-overview.alert-differences %}
{% ifversion security-campaigns %}
Next steps
When you have assessed your code security risks, you are ready to create a security campaign to collaborate with developers to remediate alerts. For information about fixing security alerts at scale, see "AUTOTITLE" and "AUTOTITLE." {% endif %}