| title | shortTitle | intro | permissions | versions | topics | redirect_from | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Interpreting security findings |
Interpret security data |
You can analyze security data on repositories in your organization to determine if you need to make changes to your security setup. |
{% data reusables.permissions.security-org-enable %} |
|
|
|
After you apply a {% data variables.product.prodname_security_configuration %} to a repository, the enabled security features will likely raise security findings on that repository. These findings may show up as feature-specific alerts, or as automatically generated pull requests designed to keep your repositories secure. You can analyze the findings across the organization and make any necessary adjustments to your {% data variables.product.prodname_security_configuration %}.
To best secure your organization, you should encourage contributors to review and resolve security alerts and pull requests. {% ifversion security-campaigns %}In addition, you can collaborate with contributors to fix historical security alerts, see AUTOTITLE.{% endif %}
{% data reusables.security-overview.information-varies-GHAS %} {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %}
- By default, the overview shows alerts for all native {% data variables.product.github %} tools (filter:
tool:github). To display alerts for a specific tool, replacetool:githubin the filter text box. For example:tool:dependabotto show only alerts for dependencies identified by {% data variables.product.prodname_dependabot %}.tool:secret-scanningto only show alerts for secrets identified by {% data variables.product.prodname_secret_scanning %}.tool:codeqlto show only alerts for potential security vulnerabilities identified by {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}.
- You can add further filters to show only the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see AUTOTITLE. {% data reusables.organizations.security-overview-feature-specific-page %}
{% data reusables.security-configurations.secret-scanning-security-configs-summary %} {% ifversion fpt or ghec %}There are two types of {% data variables.product.prodname_secret_scanning %} alerts:
- {% data variables.secret-scanning.partner_alerts_caps %}, which are sent to the provider who issued the secret
- {% data variables.secret-scanning.user_alerts_caps %}, which appear on {% data variables.product.github %} and can be resolved
{% endif %} You can view {% data variables.product.prodname_secret_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the {% octicon "shield" aria-hidden="true" %} Security tab, then clicking {% octicon "key" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %} in the "Metrics" or "Alerts" section.
- Metrics. To see detailed information on push protection events, see AUTOTITLE.
- Alerts. To see detailed information on Default and Generic alerts for exposed secrets in the organization.
For an introduction to {% data variables.product.prodname_secret_scanning %} alerts, see AUTOTITLE.
To learn how to evaluate {% data variables.product.prodname_secret_scanning %} alerts, see AUTOTITLE.
{% data reusables.code-scanning.about-code-scanning %} These problems are raised as {% data variables.product.prodname_code_scanning %} alerts, which contain detailed information on the vulnerability or error detected.
You can view the {% data variables.product.prodname_code_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the {% octicon "shield" aria-hidden="true" %} Security tab, then clicking:
- {% data variables.product.prodname_codeql %} pull request alerts. To see information on {% data variables.product.prodname_code_scanning %} alerts found and remediated in pull requests.
- {% data variables.product.prodname_code_scanning_caps %}. To see detailed information on alerts for potentially vulnerable code in the organization, see AUTOTITLE.
For an introduction to {% data variables.product.prodname_code_scanning %} alerts, see AUTOTITLE.
To learn how to interpret and resolve {% data variables.product.prodname_code_scanning %} alerts, see AUTOTITLE and AUTOTITLE.
{% data variables.product.prodname_dependabot_alerts %} inform you about vulnerabilities in the dependencies that you use in repositories in your organization. You can view {% data variables.product.prodname_dependabot_alerts %} for an organization by navigating to the main page of that organization, clicking the {% octicon "shield" aria-hidden="true" %} Security tab, then clicking {% octicon "dependabot" aria-hidden="true" %} {% data variables.product.prodname_dependabot %}.
For an introduction to {% data variables.product.prodname_dependabot_alerts %}, see AUTOTITLE.
To learn how to interpret and resolve {% data variables.product.prodname_dependabot_alerts %}, see AUTOTITLE.
Note
If you enabled {% data variables.product.prodname_dependabot_security_updates %}, {% data variables.product.prodname_dependabot %} can also automatically raise pull requests to update the dependencies used in the repositories of the organization. For more information, see AUTOTITLE.
{% ifversion security-configurations-cloud %}
If you are using the {% data variables.product.prodname_github_security_configuration %}, and your findings indicate the security enablement settings are not meeting your needs, you should create a {% data variables.product.prodname_custom_security_configuration %}. To get started, see AUTOTITLE.
{% endif %}
If {% ifversion security-configurations-cloud %}you are using a {% data variables.product.prodname_custom_security_configuration %}, and {% endif %}your findings indicate the security enablement settings are not meeting your needs, you can edit your existing configuration. For more information, see AUTOTITLE.
Lastly, you can also edit your organization-level security settings with {% data variables.product.prodname_global_settings %}. To learn more, see AUTOTITLE.