Assessing adoption of security features

About adoption of features for secure coding

You can use security overview to see which repositories and teams have already enabled each security feature, and where people need more encouragement to adopt these features. The "Security coverage" view shows a summary and detailed information on feature enablement for an organization. You can filter the view to show a subset of repositories using the "enabled" and "not enabled" links, the "Teams" dropdown menu, and a search field in the page header.

Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization.

注意

"Pull request alerts" are reported as enabled only when code scanning has analyzed at least one pull request since alerts were enabled for the repository.

You can use the "Enablement trends" view to see enablement status and enablement status trends over time for Dependabot, code scanning, or secret scanning for repositories in an organization, or across organizations in an enterprise. For each of these features, you can view a graph visualizing the percentage of repositories that have the feature enabled, as well as a detailed table with enablement percentages for different points in time. For more information, see Viewing enablement trends for an organization and Viewing enablement trends for an enterprise.

Viewing the enablement of security features for an organization

You can view data to assess the enablement of features for secure coding across repositories in an organization.

在 GitHub 上，导航到组织的主页面。
在组织名称下，单击“ Security”****。
To display the "Security coverage" view, in the sidebar, click Coverage.
使用页面摘要中的选项筛选结果以显示要评估的存储库。页面上显示的存储库和指标列表会自动更新，以匹配当前选择。有关筛选的详细信息，请参阅 Filtering alerts in security overview。
- 使用“团队”下拉菜单以仅显示由一个或多个团队拥有的存储库的信息。有关详细信息，请参阅“管理团队对组织仓库的访问”。
- 单击任何功能的标头中的“已启用的编号”或“未启用的编号”，以仅显示已启用或未启用该功能的存储库。
- 在存储库列表顶部，单击“已存档的编号”，以仅显示已存档的存储库。
- 单击搜索框以向显示的存储库添加更多筛选器。

In the list of repositories, a "Paused" label under "Dependabot" indicates repositories for which Dependabot updates are paused. For information about inactivity criteria, see 关于 Dependabot 安全更新 and 关于 Dependabot 版本更新, for security and version updates, respectively.

Viewing the enablement of features for secure coding in an enterprise

You can view data to assess the enablement of security features across organizations in an enterprise.

在 GitHub Enterprise Server 的右上角，单击你的个人资料头像，然后单击“Enterprise settings”****。
在页面左侧的企业帐户边栏中，单击“ Code Security”********。
To display the "Security coverage" view, in the sidebar, click Coverage.
使用页面摘要中的选项筛选结果以显示要评估的存储库。页面上显示的存储库和指标列表会自动更新，以匹配当前选择。有关筛选的详细信息，请参阅 Filtering alerts in security overview。
- 使用“团队”下拉菜单以仅显示由一个或多个团队拥有的存储库的信息。有关详细信息，请参阅“管理团队对组织仓库的访问”。
- 单击任何功能的标头中的“已启用的编号”或“未启用的编号”，以仅显示已启用或未启用该功能的存储库。
- 在存储库列表顶部，单击“已存档的编号”，以仅显示已存档的存储库。
- 单击搜索框以向显示的存储库添加更多筛选器。
提示

可以使用搜索字段中的 owner 筛选器按组织筛选数据。有关详细信息，请参阅“Filtering alerts in security overview”。

Viewing enablement trends for an organization

You can view data to assess the enablement status and enablement status trends of security features for an organization.

在 GitHub 上，导航到组织的主页面。
在组织名称下，单击“ Security”****。
In the sidebar, under "Metrics," click Enablement trends.
Click on one of the tabs for "Dependabot," "Code scanning," or "Secret scanning" to view enablement trends and the percentage of repositories in your organization with that feature enabled. This data is displayed as a graph and a detailed table.
Optionally, use the options at the top of the "Enablement trends" view page to filter the group of repositories you want to see enablement trends for.
- Use the date picker to set the time range that you want to view enablement trends for.
- Click in the search box to add further filters on the enablement trends displayed. The filters you can apply are the same as those for the "Overview" dashboard view. For more information, see Filtering alerts in security overview.

Viewing enablement trends for an enterprise

You can view data to assess the enablement status and enablement status trends of security features across organizations in an enterprise.

在 GitHub Enterprise Server 的右上角，单击你的个人资料头像，然后单击“Enterprise settings”****。
在页面左侧的企业帐户边栏中，单击“ Code Security”********。
To display the "Enablement trends" view, in the sidebar, click Enablement trends.
Click on one of the tabs for "Dependabot," "Code scanning," or "Secret scanning" to view enablement trends and the percentage of repositories across organizations in your enterprise with that feature enabled. This data is displayed as a graph and a detailed table.
Optionally, use the options at the top of the "Enablement trends" view page to filter the group of repositories you want to see enablement trends for.
- Use the date picker to set the time range that you want to view enablement trends for.
- Click in the search box to add further filters on the enablement trends displayed. For more information, see Filtering alerts in security overview.

提示

You can use the owner: filter in the search field to filter the data by organization. For more information, see Filtering alerts in security overview.

Interpreting and acting on the enablement data

Some security features can and should be enabled on all repositories. For example, 机密扫描警报 and push protection reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see 配置组织安全性.

Other features are not suitable for use in all repositories. For example, there would be no point in enabling Dependabot for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.

Your enterprise may also have configured policies to limit the use of some security features. For more information, see 强制实施企业的代码安全性和分析策略.

谁可以使用此功能？

本文内容