Exploring security alerts

About the security overview

You can use the security overview for a high-level view of the security status of your organization or to identify problematic repositories that require intervention. At the organization-level, the security overview displays aggregate and repository-specific security information for repositories owned by your organization. At the team-level, the security overview displays repository-specific security information for repositories that the team has admin privileges for. 詳しい情報については「OrganizationリポジトリへのTeamのアクセス管理」を参照してください。

The security overview indicates whether GitHub Advanced Security features are enabled for repositories owned by your organization and consolidates alerts from Advanced Security features, including code scanning alerts, Dependabotアラート, and secret scanning alerts. For more information, see "Securing your repository" and "Securing your organization."

In the security overview, you can view, sort, and filter alerts to understand the security risks in your organization and in specific repositories. You can apply multiple filters to focus on areas of interest. For example, you can identify private repositories that have a high number of Dependabotアラート or repositories that have no code scanning alerts.

For each repository in the security overview, you will see icons for each type of Advanced Security feature and how many alerts there are of each type. If an Advanced Security feature is not enabled for a repository, the icon for that feature will be grayed out.

Icon	Meaning
	Code scanning アラート. 詳しい情報については「code scanningについて」を参照してください。
	Secret scanning アラート. 詳しい情報については「secret scanningについて」を参照してください。
	Dependabotアラートについて受ける方法は、カスタマイズできます。 詳しい情報については、「脆弱性のある依存関係に対するアラートについて」を参照してください。
	The Advanced Security feature is enabled, but does not raise alerts in this repository.
	The Advanced Security feature is not supported in this repository.

By default, archived repositories are excluded from the security overview for an organization. You can apply filters to view archived repositories in the security overview. For more information, see "Filtering the list of alerts."

The security overview displays active alerts raised by GitHub Advanced Security features. If there are no alerts in the security overview for a repository, undetected security vulnerabilities or code errors may still exist.

Viewing the security overview for an organization

Organization owners can view the security overview for an organization.

1. GitHubで、Organizationのメインページにアクセスしてください。
2. Organization名の下で、Security（セキュリティ）をクリックしてください。
3. To view aggregate information about alert types, click Show more.
4. あるいは、アラートのリストをフィルタしてください。 検索を絞り込むために、ドロップダウンのフィルタメニュー内で複数のフィルタをクリックできます。 また、Search repositories（リポジトリを検索）フィールドに、検索修飾子を入力することもできます。 利用可能な修飾子に関する詳しい情報については「アラートのリストのフィルタリング」を参照してください。

Viewing the security overview for a team

Members of a team can see the security overview for repositories that the team has admin privileges for.

1. GitHubの右上で、プロフィール写真をクリックし、続いてYour organizations（あなたのOrganization）をクリックしてください。
2. Organizationの名前をクリックしてください。
3. Organization名の下で、 Teamsをクリックしてください。
4. Teamsタブで、Teamの名前をクリックしてください。
5. Teamのページの上部でSecurity（セキュリティ）をクリックしてください。
6. あるいは、アラートのリストをフィルタしてください。 検索を絞り込むために、ドロップダウンのフィルタメニュー内で複数のフィルタをクリックできます。 また、Search repositories（リポジトリを検索）フィールドに、検索修飾子を入力することもできます。 利用可能な修飾子に関する詳しい情報については「アラートのリストのフィルタリング」を参照してください。

Filtering the list of alerts

Filter by level of risk for repositories

The level of risk for a repository is determined by the number and severity of alerts from Advanced Security features. If one or more Advanced Security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by Advanced Security features, the repository will have a clear level of risk.

修飾子	説明
risk:high	Display repositories that are at high risk.
risk:medium	Display repositories that are at medium risk.
risk:low	Display repositories that are at low risk.
risk:unknown	Display repositories that are at an unknown level of risk.
risk:clear	Display repositories that have no detected level of risk.

Filter by number of alerts

修飾子	説明
code-scanning-alerts:n	Display repositories that have n code scanning alerts. This qualifier can use > and < comparison operators.
secret-scanning-alerts:n	Display repositories that have n secret scanning alerts. This qualifier can use > and < comparison operators.
dependabot-alerts:n	Display repositories that have n Dependabotアラート. This qualifier can use > and < comparison operators.

Filter by whether Advanced Security features are enabled

修飾子	説明
enabled:code-scanning	Display repositories that have code scanning enabled.
not-enabled:code-scanning	Display repositories that do not have code scanning enabled.
enabled:secret-scanning	Display repositories that have secret scanning enabled.
not-enabled:secret-scanning	Display repositories that have secret scanning enabled.
enabled:dependabot-alerts	Display repositories that have Dependabotアラート enabled.
not-enabled:dependabot-alerts	Display repositories that do not have Dependabotアラート enabled.

Filter by repository type

修飾子	説明
is:public	Display public repositories.
is:internal	Display internal repositories.
is:private	Display private repositories.
archived:true	Display archived repositories.

Filter by team

修飾子	説明
team:TEAM-NAME	Displays repositories that TEAM-NAME has admin privileges for.

Filter by topic

修飾子	説明
topic:TOPIC-NAME	Displays repositories that are classified with TOPIC-NAME.

Sort the list of alerts

修飾子	説明
sort:risk	Sorts the repositories in your security overview by risk.
sort:repos	Sorts the repositories in your security overview alphabetically by name.
sort:code-scanning-alerts	Sorts the repositories in your security overview by number of code scanning alerts.
sort:secret-scanning-alerts	Sorts the repositories in your security overview by number of secret scanning alerts.
sort:dependabot-alerts	Sorts the repositories in your security overview by number of Dependabotアラート.