75f3cce197
Co-authored-by: isaacmbrown <isaacmbrown@github.com> Co-authored-by: Hector Alfaro <hectorsector@github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: hubwriter <hubwriter@github.com> Co-authored-by: Vanessa <vgrl@github.com> Co-authored-by: Christopher Nguyen <91625426+nguyen-dows@users.noreply.github.com> Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Andrew Eisenberg <aeisenberg@github.com> Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: David Staheli <1767415+davidstaheli@users.noreply.github.com> Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: sunbrye <sunbrye@github.com> Co-authored-by: Tim Rogers <timrogers@github.com> Co-authored-by: Felix Guntrip <stevecat@github.com> Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com> Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: Jules Porter <jules-p@users.noreply.github.com> Co-authored-by: Devraj Mehta <devm33@github.com> Co-authored-by: Kate Studwell <katestud@github.com> Co-authored-by: Katherine Oelsner <49968061+octokatherine@users.noreply.github.com> Co-authored-by: Rachael Sewell <rachmari@github.com> Co-authored-by: Tim Rogers <me@timrogers.co.uk> Co-authored-by: Arfon Smith <arfon@users.noreply.github.com>
81 lines
4.2 KiB
Markdown
81 lines
4.2 KiB
Markdown
---
|
|
title: Assessing your code security risk
|
|
shortTitle: Assess security risk to code
|
|
allowTitleToDifferFromFilename: true
|
|
intro: 'You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action.'
|
|
permissions: '{% data reusables.permissions.security-overview %}'
|
|
type: how_to
|
|
topics:
|
|
- Security overview
|
|
- Advanced Security
|
|
- Alerts
|
|
- Organizations
|
|
- Teams
|
|
versions:
|
|
ghes: '*'
|
|
ghec: '*'
|
|
redirect_from:
|
|
- /code-security/security-overview/viewing-the-security-overview
|
|
---
|
|
|
|
{% data reusables.security-overview.beta-org-risk-coverage %}
|
|
|
|
## Exploring the security risks in your code
|
|
|
|
You can use the different views on your **Security** tab to explore the security risks in your code.
|
|
|
|
* **Overview:** use to explore trends in **Detection**, **Remediation**, and **Prevention** of security alerts.
|
|
* **Risk:** use to explore the current state of repositories, across all alert types.
|
|
* **Alerts views:** use to explore {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %}, or {% data variables.product.prodname_secret_scanning %} alerts in greater detail.
|
|
|
|
These views provide you with the data and filters to:
|
|
|
|
* Assess the landscape of your code security across all your repositories.
|
|
* Identify the highest impact vulnerabilities to address.
|
|
* Monitor your progress in remediating potential vulnerabilities. {% ifversion security-overview-export-data %}
|
|
* Export your current selection of data for further analysis and reporting. {% endif %}
|
|
|
|
{% ifversion security-overview-dashboard %}
|
|
For information about the **Overview**, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."{% endif %}
|
|
|
|
## Viewing organization-level code security risks
|
|
|
|
{% data reusables.organizations.navigate-to-org %}
|
|
{% data reusables.organizations.security-overview %}
|
|
{% data reusables.security-overview.open-security-risk-view %}
|
|
{% data reusables.code-scanning.using-security-overview-risk %}
|
|
|
|
|
|
|
|
{% data reusables.security-overview.unaffected-repositories %}
|
|
|
|
{% data reusables.organizations.security-overview-feature-specific-page %} {% ifversion security-overview-export-data %}
|
|
1. Optionally, use the {% octicon "download" aria-hidden="true" %} **Export CSV** button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)." {% endif %}
|
|
|
|
{% data reusables.security-overview.alert-differences %}
|
|
|
|
## Viewing enterprise-level code security risks
|
|
|
|
You can view data for security alerts across organizations in an enterprise.
|
|
|
|
{% data reusables.security-overview.enterprise-filters-tip %}
|
|
|
|
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
|
|
{% data reusables.code-scanning.click-code-security-enterprise %}
|
|
1. To display the "Security risk" view, in the sidebar, click {% octicon "shield" aria-hidden="true" %} **Risk**.
|
|
{% data reusables.code-scanning.using-security-overview-risk %}
|
|
|
|
|
|
|
|
{% data reusables.security-overview.unaffected-repositories %}
|
|
{% data reusables.organizations.security-overview-feature-specific-page %}
|
|
|
|
{% data reusables.security-overview.alert-differences %}
|
|
|
|
{% ifversion security-campaigns %}
|
|
|
|
## Next steps
|
|
|
|
When you have assessed your code security risks, you are ready to create a security campaign to collaborate with developers to remediate alerts. For information about fixing security alerts at scale, see "[AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-tracking-security-campaigns)" and "[AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale)."
|
|
{% endif %}
|