github
/
docs
зеркало из https://github.com/github/docs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Reorganize security overview articles (#35768) 

Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
Co-authored-by: Kelly Arwine <kellyarwine@github.com>
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
This commit is contained in:
Felicity Chapman 2023-03-30 19:12:40 +01:00 коммит произвёл GitHub
Родитель 9062d9a98a
Коммит 3776281948
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
40 изменённых файлов: 354 добавлений и 263 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

Двоичные данные
assets/images/help/security-overview/security-coverage-view-highlights.png Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 216 KiB

Двоичные данные
assets/images/help/security-overview/security-coverage-view-summary.png Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 213 KiB

Двоичные данные
assets/images/help/security-overview/security-risk-view-highlights.png Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 198 KiB

Двоичные данные
assets/images/help/security-overview/security-risk-view-summary.png Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 195 KiB

2
content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md
Просмотреть файл

@ -32,7 +32,7 @@ Once {% data variables.product.prodname_github_connect %} is configured, you can
1. From an enterprise owner account on {% data variables.product.product_name %}, navigate to the repository you want to delete from the *actions* organization (in this example `checkout`).
1. By default, site administrators are not owners of the bundled *actions* organization. To get the access required to delete the `checkout` repository, you must use the site admin tools. Click {% octicon "rocket" aria-hidden="true" %} in the upper-right corner of any page in that repository.
1. Click {% octicon "shield-lock" aria-hidden="true" %} **Security** to see the security overview for the repository.
1. Click {% octicon "shield-lock" aria-hidden="true" %} **Security** to see an overview of the security for the repository.
![Screenshot of the site admin details for a repository. The "Security" link is highlighted with an orange outline.](/assets/images/enterprise/site-admin-settings/access-repo-security-info.png)
1. Under "Privileged access", click **Unlock**.

2
content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md
Просмотреть файл

@ -62,7 +62,7 @@ Once you have decided on the secret types, you can do the following:
2. When you have created the process that teams will follow for revoking credentials, you can collate information about the types of secrets and other metadata associated with the leaked secrets so you can discern who to communicate the new process to.
{% ifversion not ghae %}
You can use the security overview to collect this information. For more information about using the security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-the-security-overview)."{% endif %}
You can use security overview to collect this information. For more information about using security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."{% endif %}
Some information you may want to collect includes:

2
content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale.md
Просмотреть файл

@ -60,7 +60,7 @@ The security coverage page, part of security overview, makes it easy to filter t
{%- endif %}
- `code-scanning-default-setup:not-eligible` shows repositories that either have advanced setup configured already, or where the languages not are suitable for default setup.
For more information about the security coverage page, see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview#security-coverage-view)."
For more information about the security coverage page, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)."
{% endif %}

6
content/code-security/getting-started/auditing-security-alerts.md
Просмотреть файл

@ -30,11 +30,11 @@ Many of the events in the timeline also create an event in the audit log, which
## Security overview page
Security overview consolidates information about security alerts and provides high-level summaries of the security status of an enterprise, organization, or team.
Security overview consolidates information about security alerts and provides high-level summaries of the security status of your enterprise or organization.
In security overview you can see repositories with open security alerts{% ifversion security-overview-org-risk-coverage %}, as well as which repositories have enabled specific security features{% endif %}. You can also use the security overview to filter and sort security alerts using interactive views.
In security overview you can see repositories with open security alerts{% ifversion security-overview-org-risk-coverage %}, as well as which repositories have enabled specific security features{% endif %}. You can also use security overview to filter and sort security alerts using interactive views.
For more information, see "[About the security overview](/code-security/security-overview/about-the-security-overview)."
For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
## Audit log

6
content/code-security/getting-started/github-security-features.md
Просмотреть файл

@ -63,11 +63,11 @@ You can find the dependency graph on the **Insights** tab for your repository. F
{% ifversion security-overview-displayed-alerts %}
### Security overview
The security overview allows you to review security configurations and alerts, making it easy to identify the repositories and organizations at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)."
Security overview allows you to review security configurations and alerts, making it easy to identify the repositories and organizations at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
{% else %}
### Security overview for repositories
The security overview shows which security features are enabled for the repository, and offers you the option of configuring any available security features that are not already enabled.
Security overview shows which security features are enabled for the repository, and lets you configure any available security features that are not already enabled.
{% endif %}
@ -114,7 +114,7 @@ Show the full impact of changes to dependencies and see details of any vulnerabl
{% else %}
### Security overview for organizations{% ifversion ghes > 3.4 or ghae > 3.4 %}, enterprises,{% endif %} and teams
Review the security configuration and alerts for your organization and identify the repositories at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)."
Review the security configuration and alerts for your organization and identify the repositories at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
{% endif %}
## Further reading

2
content/code-security/getting-started/securing-your-organization.md
Просмотреть файл

@ -153,7 +153,7 @@ You can also monitor responses to security alerts within your organization. For
{% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/about-repository-security-advisories)" and "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory)."
{% endif %}
{% ifversion ghes or ghec or ghae %}You{% elsif fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% endif %} can view, filter, and sort security alerts for repositories owned by {% ifversion ghes or ghec or ghae %}your{% elsif fpt %}their{% endif %} organization in the security overview. For more information, see{% ifversion ghes or ghec or ghae %} "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)."{% elsif fpt %} "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/about-the-security-overview)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
{% ifversion ghes or ghec or ghae %}You{% elsif fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% endif %} can view, filter, and sort security alerts for repositories owned by {% ifversion ghes or ghec or ghae %}your{% elsif fpt %}their{% endif %} organization in security overview. For more information, see{% ifversion ghes or ghec or ghae %} "[AUTOTITLE](/code-security/security-overview/about-security-overview)."{% elsif fpt %} "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/about-security-overview)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
{% ifversion ghec %}
## Further reading

6
content/code-security/guides.md
Просмотреть файл

@ -67,9 +67,9 @@ includeGuides:
- /code-security/security-advisories/guidance-on-reporting-and-writing/best-practices-for-writing-repository-security-advisories
- /code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
- /code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities
- /code-security/security-overview/about-the-security-overview
- /code-security/security-overview/filtering-alerts-in-the-security-overview
- /code-security/security-overview/viewing-the-security-overview
- /code-security/security-overview/about-security-overview
- /code-security/security-overview/filtering-alerts-in-security-overview
- /code-security/security-overview/assessing-code-security-risk
- /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
- /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
- /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

2
content/code-security/secret-scanning/about-secret-scanning.md
Просмотреть файл

@ -99,7 +99,7 @@ For more information on how to configure notifications for {% data variables.sec
Repository administrators and organization owners can grant users and teams access to {% data variables.secret-scanning.alerts %}. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
{% ifversion ghec or ghes or ghae > 3.4 %}
You can use the security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-the-security-overview)."
You can use security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
{% endif %}
You can also use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories{% ifversion ghes %} or your organization{% endif %}. For more information about API endpoints, see "[AUTOTITLE](/rest/secret-scanning)."

136
content/code-security/security-overview/about-security-overview.md Normal file
Просмотреть файл

@ -0,0 +1,136 @@
---
title: About security overview
intro: 'You can view summaries of alerts for repositories owned by your organization and identify areas of high security risk. {% ifversion security-overview-org-risk-coverage %}You can also monitor adoption of code security features across your organization.{% endif %}'
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
redirect_from:
- /code-security/security-overview/exploring-security-alerts
- /code-security/security-overview/about-the-security-overview
versions:
fpt: '*'
ghae: '*'
ghes: '*'
ghec: '*'
type: how_to
topics:
- Security overview
- Advanced Security
- Alerts
- Code scanning
- Dependabot
- Organizations
- Secret scanning
- Teams
shortTitle: Security overview
---
{% ifversion ghes < 3.5 or ghae %}
{% data reusables.security-overview.beta %}
{% endif %}
## About security overview
{% data reusables.security-overview.about-security-overview %} {% ifversion fpt %}For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/security-overview/about-security-overview).{% endif %}
{% ifversion ghec or ghes or ghae %}
Security overview shows which security features are enabled for repositories, and includes repository and alert-focused views so you can quickly investigate security issues and take action to remediate them.
- Risk and coverage information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories.
- Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.
For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies) and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
The views are interactive with filters that allow you to look at the aggregated data in detail and identify sources of high risk or low feature coverage. As you apply multiple filters to focus on narrower areas of interest, all data and metrics across the view change to reflect your current selection. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
{% ifversion security-overview-alert-views %}
There are also dedicated views for each type of security alert that you can use to limit your analysis to a specific set of alerts, and then narrow the results further with a range of filters specific to each view. For example, in the {% data variables.product.prodname_secret_scanning %} alert view, you can use the "Secret type" filter to view only {% data variables.secret-scanning.alerts %} for a specific secret, like a {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic %}.
{% endif %}
{% note %}
**Note:** Security overview displays active alerts raised by security features. If there are no alerts shown in security overview for a repository, undetected security vulnerabilities or code errors may still exist or the feature may not be enabled for that repository.
{% endnote %}
## About security overview for organizations
The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %}For example, the team can use the "Security coverage" page to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Security risk" page to identify repositories with more than five open {% data variables.secret-scanning.alerts %}.{% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %}
You can find security overview on the **Security** tab for any organization that's owned by an enterprise. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
{% ifversion security-overview-org-risk-coverage %}
Security overview has multiple views that provide different ways to explore enablement and alert data.
- Use "Security coverage" to assess the adoption of code security features across repositories in the organization.
- Use "Security risk" to assess the risk from security alerts of all types for one or more repositories in the organization.
- Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.
For more information about these views, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
{% else %}
### Understanding the main security overview
![Screenshot of security overview for an organization](/assets/images/help/security-overview/security-overview-org-legacy.png)
Each repository is shown in security overview with an indicator for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the indicator for that feature will be grayed out. In addition, a risk score is calculated for each repository based on its code scanning, Dependabot and secret scanning alerts. This score is in beta and should be used with caution. Its algorithm and approach is subject to change.
| Indicator | Meaning |
| -------- | -------- |
| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)." |
| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." |
| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." |
| {% octicon "check" aria-label="Enabled" %} | The security feature is enabled, but does not raise alerts in this repository. |
| {% octicon "x" aria-label="Not supported" %} | The security feature is not supported in this repository. |
{% endif %}
{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}
## About security overview for enterprises
You can find security overview on the **Code Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise. You can view repositories owned by your enterprise that have security alerts, view all security alerts, or security feature-specific alerts from across your enterprise.
Enterprise owners can view alerts for organizations that they are an owner or a security manager of.{% ifversion ghec or ghes > 3.5 or ghae > 3.5 %} Enterprise owners will need to join an organization as an organization owner to see all of its alerts in the enterprise-level security overview. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."{% endif %}
{% endif %}
{% ifversion ghes < 3.8 or ghae < 3.8 %}
## About security overview for teams
You can find security overview on the **Security** tab for any team in an organization that's owned by an enterprise.
At the team level, security overview displays repository-specific security information for repositories that the team has admin privileges for. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)."
{% endif %}
{% ifversion security-overview-org-risk-coverage %}
## Permission to view data in security overview
If you are an owner or security manager for an organization, you will see data for all the repositories in the organization in all views.
If you are an organization member, you will see data only where you have access to that data at the repository level.
{% rowheaders %}
| Organization member with | Risk and alerts views | Coverage view |
|--------------------|-------------|---------------------|
| `admin` access for one or more repositories | View data for those repositories | View data for those repositories |
| `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access for those repositories |
| Security alert access for one or more repositories | View all security alert data for those repositories | No access for those repositories
| Custom organization role with permission to view one or more types of security alert | View allowed alert data for all repositories in all views | No access |
{% endrowheaders %}
For more information about access to security alerts and related views, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-repository-roles#security)."
{% endif %}
## Further reading
- "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"
- "[AUTOTITLE](/code-security/getting-started/securing-your-organization)"
- "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)"
{% endif %}

137
content/code-security/security-overview/about-the-security-overview.md
Просмотреть файл

@ -1,137 +0,0 @@
---
title: About the security overview
intro: 'You can view, filter, and sort security alerts for repositories owned by your organization or team in the security overview pages.'
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
redirect_from:
- /code-security/security-overview/exploring-security-alerts
versions:
fpt: '*'
ghae: '*'
ghes: '*'
ghec: '*'
type: how_to
topics:
- Security overview
- Advanced Security
- Alerts
- Dependabot
- Dependencies
- Organizations
- Teams
shortTitle: About the security overview
---
{% ifversion ghes < 3.5 or ghae %}
{% data reusables.security-overview.beta %}
{% endif %}
## About the security overview
{% data reusables.security-overview.about-the-security-overview %} {% ifversion fpt %}For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/security-overview/about-the-security-overview).{% endif %}
{% ifversion ghec or ghes or ghae %}
The security overview shows which security features are enabled for repositories and consolidate alerts for each feature.
- Risk and coverage information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories. {% ifversion ghes or ghae %}
- Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %} and for public repositories.
{% endif %}
For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies){% ifversion ghes or ghae %}" and{% elsif ghec %}," "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)" and{% endif %} "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
## About filtering and sorting alerts
The security overview provides a powerful way to understand the security of a group of repositories. The views are interactive with filters that allow you to drill into the aggregated data and identify sources of high risk or low feature coverage. As you apply multiple filters to focus on narrower areas of interest, the data across the view changes to reflect your selection. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-the-security-overview)."
{% ifversion security-overview-alert-views %}
There are also dedicated views for each type of security alert that you can use to limit your analysis to a specific set of alerts, and then narrow the results further with a range of filters specific to each view. For example, in the {% data variables.product.prodname_secret_scanning %} alert view, you can use the `Secret type` filter to view only {% data variables.secret-scanning.alerts %} for a specific secret, like a GitHub {% data variables.product.pat_generic %}.
{% endif %}
{% note %}
**Note:** The security overview displays active alerts raised by security features. If there are no alerts in the security overview for a repository, undetected security vulnerabilities or code errors may still exist.
{% endnote %}
## About the organization-level security overview
{% data reusables.security-overview.beta-org-risk-coverage %}
You can find the security overview on the **Security** tab for any organization that's owned by an enterprise. Each view shows aggregated data that you can drill down into, as you add each filter, the data is updated to reflect the repositories or alerts that you've selected.
The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %}For example, the team can use the "Security Coverage" page to monitor the adoption of features across your organization or by a specific team as you rollout {% data variables.product.prodname_GH_advanced_security %}, or use the "Security Risk" page to identify repositories with more than five open {% data variables.secret-scanning.alerts %}.{% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you rollout {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %}
Organization owners and security managers for organizations have access to the security overview for their organizations. {% ifversion ghec or ghes > 3.6 or ghae > 3.6 %}Organization members can also access the organization-level security overview to view results for repositories where they have admin privileges or have been granted access to security alerts. For more information on managing security alert access, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)."{% endif %}
{% ifversion security-overview-org-risk-coverage %}
### Security Risk view
This view shows data about the repositories affected by different types of security alert.
- Use the **Teams** dropdown menu to show information only for the repositories owned by one or more teams.
- Click **NUMBER affected** or **NUMBER unaffected** in the header for any type of alert to show only the repositories with or without alerts of that type.
- Click any of the descriptions of "Open alerts" in the header to show only repositories with alerts of that type and category. For example, **1 critical** to show the repository with a critical alert for {% data variables.product.prodname_dependabot %}.
- Click **NUMBER Archived** to show only repositories that are archived.
- Click in the search box to show a list of the full set of available filters.
![Screenshot of the "Security Risk" view on the "Security" tab for an organization. Illustrates information and filter options available in the view.](/assets/images/help/security-overview/security-risk-interactive-header.png)
### Security Coverage view
This view shows data about which security features are used by repositories in the organization. You can filter the view to show the repositories of interest using links, a dropdown menu, and a search field.
- Use the **Teams** dropdown to show information only for the repositories owned by one or more teams.
- Click **NUMBER enabled** or **NUMBER not enabled** in the header for any feature to show only the repositories with that feature enabled or not enabled.
- Click **NUMBER Archived** to show only repositories that are archived.
- Click in the search box to show a list of the full set of available filters.
In addition, you can click **{% octicon "gear" aria-hidden="true" %} Security settings** for any repository to enable the security features that have a one-click setup.
![Screenshot of the "Security Coverage" view on the "Security" tab for an organization. Illustrates information and filter options available in view.](/assets/images/help/security-overview/security-coverage-view-single-repo-enablement.png)
{% data reusables.code-scanning.beta-org-enable-all %}
{% else %}
### Understanding the main security overview
![Screenshot of the security overview for an organization](/assets/images/help/security-overview/security-overview-org-legacy.png)
Each repository in the security overview includes an indicator for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the indicator for that feature will be grayed out. In addition, a risk score is calculated for each repository based on its code scanning, Dependabot and secret scanning alerts. This score is in beta and should be used with caution. Its algorithm and approach is subject to change.
| Indicator | Meaning |
| -------- | -------- |
| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)." |
| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." |
| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." |
| {% octicon "check" aria-label="Enabled" %} | The security feature is enabled, but does not raise alerts in this repository. |
| {% octicon "x" aria-label="Not supported" %} | The security feature is not supported in this repository. |
{% endif %}
{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}
## About the enterprise-level security overview
You can find the security overview on the **Code Security** tab for your enterprise. Each overview displays aggregated and repository-specific security information for your enterprise. You can view repositories owned by your enterprise that have security alerts, view all security alerts, or security feature-specific alerts from across your enterprise.
Enterprise owners can view alerts for organizations that they are an owner or a security manager of.{% ifversion ghec or ghes > 3.5 or ghae > 3.5 %} Enterprise owners can join an organization as an organization owner to see all of its alerts in the enterprise-level security overview. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."{% endif %}
Organization owners and security managers for organizations in an enterprise have access to the enterprise-level security overview. They can view repositories and alerts for the organizations that they have full access to.
{% endif %}
{% ifversion ghes < 3.7 or ghae < 3.7 %}
## About the team-level security overview
You can find the security overview on the **Security** tab for any team in an organization that's owned by an enterprise.
At the team-level, the security overview displays repository-specific security information for repositories that the team has admin privileges for. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)."
{% endif %}
## Further reading
- "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"
- "[AUTOTITLE](/code-security/getting-started/securing-your-organization)"
- "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)"
{% endif %}

50
content/code-security/security-overview/assessing-adoption-code-security.md Normal file
Просмотреть файл

@ -0,0 +1,50 @@
---
title: Assessing adoption of code security features
shortTitle: Assess adoption of features
allowTitleToDifferFromFilename: true
intro: 'You can use security overview to see which teams and repositories have already enabled code security features, and identify any that are not yet protected.'
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
type: how_to
topics:
- Security overview
- Advanced Security
- 'Set up'
- Organizations
- Teams
versions:
feature: security-overview-org-risk-coverage
---
{% data reusables.security-overview.beta-org-risk-coverage %}
## About adoption of code security features
You can use security overview to see which repositories and teams have already enabled each code security feature, and where people need more encouragement to adopt these features. The "Security coverage" page shows a summary and detailed information on feature enablement for an organization. You can filter the view to show a subset of repositories using the "enabled" and "not enabled" links, the "Teams" dropdown menu, and a search field in the page header.
![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, and search field.](/assets/images/help/security-overview/security-coverage-view-summary.png)
## Viewing the enablement of code security features across repositories
{% data reusables.security-overview.information-varies-GHAS %} For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**.
1. Use options in the page summary to filter results to show the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
- Use the **Teams** dropdown to show information only for the repositories owned by one or more teams. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)."
- Click **NUMBER enabled** or **NUMBER not enabled** in the header for any feature to show only the repositories with that feature enabled or not enabled.
- At the top of the list of repositories, click **NUMBER Archived** to show only repositories that are archived.
- Click in the search box to add further filters to the repositories displayed.
![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights.png)
1. Optionally, click **{% octicon "gear" aria-hidden="true" %} Security settings** to enable code security features for a repository and click **Save security settings** to confirm the changes. If a feature is not shown, it has more complex configuration requirements and you need to use the repository settings dialog. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)."
## Interpreting and acting on the enablement data
Some code security features can and should be enabled on all repositories. For example, secret scanning alerts and push protection. These features reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
Other features are not available for use in all repositories. For example, there would be no point in enabling Dependabot or code scanning for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
Your enterprise may also have configured policies to limit the use of some code security features. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."

96
content/code-security/security-overview/assessing-code-security-risk.md Normal file
Просмотреть файл

@ -0,0 +1,96 @@
---
title: Assessing your code security risk
shortTitle: Assess security risk to code
allowTitleToDifferFromFilename: true
intro: 'You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action.'
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
type: how_to
topics:
- Security overview
- Advanced Security
- Alerts
- Organizations
- Teams
versions:
ghae: '*'
ghes: '*'
ghec: '*'
redirect_from:
- /code-security/security-overview/viewing-the-security-overview
---
{% ifversion ghes < 3.5 or ghae %}
{% data reusables.security-overview.beta %}
{% endif %}
{% data reusables.security-overview.beta-org-risk-coverage %}
## About security risks in your code
You can use security overview to see which repositories and teams are free from any security alerts and which have unresolved security alerts. The "Security risk" page shows a summary and detailed information on which repositories in an organization are affected by security alerts, with a breakdown of alert by severity. You can filter the view to show a subset of repositories using the "affected" and "unaffected" links, the links under "Open alerts", the "Teams" dropdown menu, and a search field in the page header. This view is a great way to understand the broader picture for a repository, team, or group of repositories because you can see security alerts of all types in one view.
![Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, "Teams" selector, and search field.](/assets/images/help/security-overview/security-risk-view-summary.png)
{% note %}
**Note:** It's important to understand that all repositories without open alerts are included in the set of unaffected repositories. That is, unaffected repositories include any repositories where the feature is not enabled, in addition to repositories that have been scanned and any alerts identified have been closed.
{% endnote %}
## Viewing organization-level code security risks
{% data reusables.security-overview.information-varies-GHAS %} For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
{% ifversion security-overview-org-risk-coverage %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
1. To display the "Security risk" view, in the sidebar, click **{% octicon "shield" aria-hidden="true" %} Risk**.
1. Use options in the page summary to filter results to show the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
- Use the **Teams** dropdown to show information only for the repositories owned by one or more teams.
- Click **NUMBER affected** or **NUMBER unaffected** in the header for any feature to show only the repositories with open alerts or no open alerts of that type.
- Click any of the descriptions of "Open alerts" in the header to show only repositories with alerts of that type and category. For example, **1 critical** to show the repository with a critical alert for {% data variables.product.prodname_dependabot %}.
- At the top of the list of repositories, click **NUMBER Archived** to show only repositories that are archived.
- Click in the search box to add further filters to the repositories displayed.
![Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, alert severity links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-risk-view-highlights.png)
{% data reusables.organizations.security-overview-feature-specific-page %}
{% else %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
1. To view aggregate information about alert types, click **Show more**.
{% data reusables.organizations.filter-security-overview %}
{% ifversion security-overview-alert-views %}
{% data reusables.organizations.security-overview-feature-specific-page %}
![Screenshot of the {% data variables.product.prodname_code_scanning %} alerts page on the "Security" tab. Features apart from filters, dropdown menus, and sidebar are grayed out.](/assets/images/help/security-overview/security-overview-code-scanning-alerts.png)
{% endif %}
{% endif %}
{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}
## Viewing enterprise-level code security risks
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
1. In the left sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**.
{% ifversion security-overview-feature-specific-alert-page %}
{% data reusables.organizations.security-overview-feature-specific-page %}
{% endif %}
{% endif %}
{% ifversion ghes < 3.7 or ghae < 3.7 %}
## Viewing security overview for a team
{% data reusables.profile.access_org %}
{% data reusables.user-settings.access_org %}
{% data reusables.organizations.specific_team %}
{% data reusables.organizations.team-security-overview %}
{% data reusables.organizations.filter-security-overview %}
{% endif %}

14
content/code-security/security-overview/filtering-alerts-in-the-security-overview.md → content/code-security/security-overview/filtering-alerts-in-security-overview.md
Просмотреть файл

@ -1,5 +1,5 @@
---
title: Filtering alerts in the security overview
title: Filtering alerts in security overview
intro: Use filters to view specific categories of alerts
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
@ -15,16 +15,18 @@ topics:
- Alerts
- Organizations
- Teams
shortTitle: Filtering the security overview
shortTitle: Filtering security overview
redirect_from:
- /code-security/security-overview/filtering-alerts-in-the-security-overview
---
{% ifversion ghes < 3.5 or ghae %}
{% data reusables.security-overview.beta %}
{% endif %}
## About filtering the security overview
## About filtering security overview
You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %} and whether you are viewing data at the enterpise or organization level{% endif %}.
You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %} and whether you are viewing data at the enterprise or organization level{% endif %}.
{% ifversion security-overview-displayed-alerts %}
{% note %}
@ -51,7 +53,7 @@ In the examples below, replace `:enabled` with `:not-enabled` to see repositorie
| `not-enabled:any` | Display repositories with at least one security feature that is not enabled. |{% endif %}
{% ifversion security-overview-org-risk-coverage %}
The organization-level Security Coverage view includes extra filters.
The organization-level "Security coverage" view includes extra filters.
{% data reusables.security-overview.beta-org-risk-coverage %}
@ -97,7 +99,7 @@ These qualifiers are available in the enterprise-level view.
## Filter by number of alerts
{% ifversion security-overview-org-risk-coverage %}These qualifiers are available in the enterprise-level Overview and in the organization-level Security Risk view.{% else %}These qualifiers are available in the main summary views.{% endif %}
{% ifversion security-overview-org-risk-coverage %}These qualifiers are available in the enterprise-level "Overview" and in the organization-level "Security risk" view.{% else %}These qualifiers are available in the main summary views.{% endif %}
| Qualifier | Description |
| -------- | -------- |

8
content/code-security/security-overview/index.md
Просмотреть файл

@ -12,8 +12,8 @@ topics:
- Security overview
- Advanced Security
children:
- /about-the-security-overview
- /viewing-the-security-overview
- /filtering-alerts-in-the-security-overview
- /about-security-overview
- /assessing-adoption-code-security
- /assessing-code-security-risk
- /filtering-alerts-in-security-overview
---

75
content/code-security/security-overview/viewing-the-security-overview.md
Просмотреть файл

@ -1,75 +0,0 @@
---
title: Viewing the security overview
intro: Navigate to the different views available in the security overview
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
allowTitleToDifferFromFilename: true
versions:
ghae: '>= 3.4'
ghes: '*'
ghec: '*'
type: how_to
topics:
- Security overview
- Advanced Security
- Alerts
- Organizations
- Teams
shortTitle: View the security overview
---
{% ifversion ghes < 3.5 or ghae %}
{% data reusables.security-overview.beta %}
{% endif %}
{% data reusables.security-overview.information-varies-GHAS %}
## Viewing the security overview for an organization
{% data reusables.security-overview.beta-org-risk-coverage %}
{% ifversion security-overview-org-risk-coverage %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
1. To display a summary view, in the sidebar, click **{% octicon "shield" %} Risk** or **{% octicon "meter" %} Coverage**.
1. Optionally, to focus on the information of greatest interest, select the **Teams** dropdown filter and search box.
1. Optionally, use links in the "{% data variables.product.prodname_dependabot %}", "{% data variables.product.prodname_code_scanning %}", and "{% data variables.product.prodname_secret_scanning %}" header summaries to filter results further.
![Screenshot of the "Security Risk" view on the "Security" tab for an organization. Illustrates information and filter options available in the view.](/assets/images/help/security-overview/security-risk-interactive-header.png)
{% data reusables.organizations.security-overview-feature-specific-page %}
{% else %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
1. To view aggregate information about alert types, click **Show more**.
{% data reusables.organizations.filter-security-overview %}
{% ifversion security-overview-alert-views %}
{% data reusables.organizations.security-overview-feature-specific-page %}
![Screenshot of the {% data variables.product.prodname_code_scanning %} alerts page on the "Security" tab. Features apart from filters, dropdown menus, and sidebar are grayed out.](/assets/images/help/security-overview/security-overview-code-scanning-alerts.png)
{% endif %}
{% endif %}
{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}
## Viewing the security overview for an enterprise
{% data reusables.security-overview.security-coverage-single-repo-enablement %}
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
1. In the left sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**.
{% ifversion security-overview-feature-specific-alert-page %}
{% data reusables.organizations.security-overview-feature-specific-page %}
{% endif %}
{% endif %}
{% ifversion ghes < 3.7 or ghae < 3.7 %}
## Viewing the security overview for a team
{% data reusables.profile.access_org %}
{% data reusables.user-settings.access_org %}
{% data reusables.organizations.specific_team %}
{% data reusables.organizations.team-security-overview %}
{% data reusables.organizations.filter-security-overview %}
{% endif %}

2
content/get-started/learning-about-github/about-github-advanced-security.md
Просмотреть файл

@ -32,7 +32,7 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
{% ifversion ghes < 3.7 or ghae %}
<!-- Ref: ghae > 3.6 remove GHAE versioning from this section when the `security-overview-displayed-alerts` flag is toggled for GHAE -->
- **Security overview** - Review the security configuration and alerts for an organization and identify the repositories at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)."
- **Security overview** - Review the security configuration and alerts for an organization and identify the repositories at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
{% endif %}
{% ifversion fpt or ghec %}

4
content/organizations/collaborating-with-groups-in-organizations/best-practices-for-organizations.md
Просмотреть файл

@ -29,7 +29,7 @@ We highly recommend managing team membership through your identity provider (IdP
We recommend keeping teams visible whenever possible and reserving secret teams for sensitive situations. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/changing-team-visibility)."
{% ifversion ghec or ghes or ghae %}
## Use the security overview
## Use security overview
{% data reusables.security-overview.about-the-security-overview %} For more information, see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)."
{% data reusables.security-overview.about-security-overview %} For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
{% endif %}

2
content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md
Просмотреть файл

@ -120,7 +120,7 @@ Some of the features listed below are limited to organizations using {% data var
| Attribute your sponsorships to another organization (see "[AUTOTITLE](/sponsors/sponsoring-open-source-contributors/attributing-sponsorships-to-your-organization)" for details ) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Manage the publication of {% data variables.product.prodname_pages %} sites from repositories in the organization (see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Manage security and analysis settings (see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
| View the security overview for the organization (see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion ghec %}
| View security overview for the organization (see "[AUTOTITLE](/code-security/security-overview/about-security-overview)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion ghec %}
| Enable and enforce [SAML single sign-on](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| [Manage a user's SAML access to your organization](/organizations/granting-access-to-your-organization-with-saml-single-sign-on/viewing-and-managing-a-members-saml-access-to-your-organization) | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |
| Manage an organization's SSH certificate authorities (see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)") | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} |{% endif %}

2
data/features/security-overview-alert-views.yml
Просмотреть файл

@ -1,5 +1,5 @@
# Reference: #5503.
# Documentation for the security overview individual views for each type of security alert
# Documentation for security overview individual views for each type of security alert
versions:
ghes: '> 3.4'
ghae: '>= 3.5'

2
data/features/security-overview-team-write-access.yml
Просмотреть файл

@ -1,5 +1,5 @@
# Reference: #8973
# Documentation for tweaks to the results of the team filter on the "Security Risk" and "Security Coverage" views
# Documentation for tweaks to the results of the team filter on the "Security risk" and "Security coverage" views
versions:
ghec: '*'
ghes: '> 3.8'

8
data/learning-tracks/code-security.yml
Просмотреть файл

@ -139,10 +139,14 @@ security_alerts:
guides:
- >-
{% ifversion ghec or ghes
%}/code-security/security-overview/about-the-security-overview {% endif %}
%}/code-security/security-overview/about-security-overview {% endif %}
- >-
{% ifversion ghec or ghes
%}/code-security/security-overview/viewing-the-security-overview {% endif
%}/code-security/security-overview/assessing-adoption-code-security {% endif
%}
- >-
{% ifversion ghec or ghes
%}/code-security/security-overview/assessing-code-security-risk {% endif
%}
- >-
{% ifversion ghec or ghes

2
data/reusables/dependabot/dependabot-alerts-filters.md
Просмотреть файл

@ -8,7 +8,7 @@ You can sort and filter {% data variables.product.prodname_dependabot_alerts %}
| `manifest` | Displays alerts for the selected manifest | Use `manifest:webwolf/pom.xml` to show alerts on the pom.xml file of the webwolf application |
| `package` | Displays alerts for the selected package | Use `package:django` to show alerts for django |
| `resolution` | Displays alerts of the selected resolution status | Use `resolution:no-bandwidth` to show alerts previously parked due to lack of resources or time to fix them |
| `repo` | Displays alerts based on the repository they relate to</br>Note that this filter is only available on the security overview. For more information, see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview)" | Use `repo:octocat-repo` to show alerts in the repository called `octocat-repo` |{%- ifversion dependabot-alerts-development-label %}
| `repo` | Displays alerts based on the repository they relate to</br>Note that this filter is only available for security overview. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)" | Use `repo:octocat-repo` to show alerts in the repository called `octocat-repo` |{%- ifversion dependabot-alerts-development-label %}
| `scope` | Displays alerts based on the scope of the dependency they relate to | Use `scope:development` to show alerts for dependencies that are only used during development |{% endif %}
| `severity` | Displays alerts based on their level of severity | Use `severity:high` to show alerts with a severity of High |{%- ifversion dependabot-most-important-sort-option %}
| `sort` | Displays alerts according to the selected sort order | The default sorting option for alerts is `sort:most-important`, which ranks alerts by importance</br>Use `sort:newest` to show the latest alerts reported by {% data variables.product.prodname_dependabot %} |{% endif %}

1
data/reusables/enterprise-accounts/access-enterprise-on-dotcom.md
Просмотреть файл

@ -1,6 +1,7 @@
1. Navigate to {% data variables.product.prodname_dotcom_the_website %}.
1. In the top-right corner of {% data variables.product.prodname_dotcom_the_website %}, click your profile photo, then click **Your enterprises**.
!["Your enterprises" in drop-down menu for profile photo on {% data variables.product.product_name %}](/assets/images/help/enterprises/your-enterprises.png)
1. In the list of enterprises, click the enterprise you want to view.

4
data/reusables/gated-features/security-overview.md
Просмотреть файл

@ -1,9 +1,9 @@
{% ifversion fpt %}
The security overview is available for organizations that use {% data variables.product.prodname_enterprise %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-products)."
Security overview is available for organizations that use {% data variables.product.prodname_enterprise %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-products)."
{% elsif security-overview-displayed-alerts %}
All organizations and enterprises have a security overview. If you use {% data variables.product.prodname_GH_advanced_security %} features{% ifversion ghae %}, which are free during the beta release,{% elsif ghec %}, which are free for public repositories,{% endif %} you will see additional information. {% data reusables.advanced-security.more-info-ghas %}
{% elsif ghes < 3.7 %}
The security overview for your organization is available if you have a license for {% data variables.product.prodname_GH_advanced_security %}. {% data reusables.advanced-security.more-info-ghas %}
Security overview for your organization is available if you have a license for {% data variables.product.prodname_GH_advanced_security %}. {% data reusables.advanced-security.more-info-ghas %}
{% elsif ghae %}
A security overview for your enterprise and for organizations is available if you use {% data variables.product.prodname_GH_advanced_security %}, which is free during the beta release. {% data reusables.advanced-security.more-info-ghas %}
{% endif %}

4
data/reusables/organizations/filter-security-overview.md
Просмотреть файл

@ -1,2 +1,2 @@
1. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the **Search repositories** field. For more information about the available qualifiers, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-the-security-overview)."
![Screenshot showing the dropdown filter menus and "Search repositories" field in the security overview.](/assets/images/help/security-overview/security-overview-filter-alerts.png)
1. Optionally, filter the list of alerts. You can click multiple filters in the drop-down filter menus to narrow your search. You can also type search qualifiers in the **Search repositories** field. For more information about the available qualifiers, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
![Screenshot showing the dropdown filter menus and "Search repositories" field in security overview.](/assets/images/help/security-overview/security-overview-filter-alerts.png)

2
data/reusables/organizations/security-overview-feature-specific-page.md
Просмотреть файл

@ -1 +1 @@
1. Optionally, use the sidebar on the left to explore alerts for a specific security feature in greater detail. On each page, you can use filters that are specific to that feature to fine-tune your search. For more information about the available qualifiers, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-the-security-overview)."
1. Optionally, use the sidebar on the left to explore alerts for a specific security feature in greater detail. On each page, you can use filters that are specific to that feature to refine your search. For more information about the available qualifiers, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."

2
data/reusables/organizations/security-overview.md
Просмотреть файл

@ -1,2 +1,2 @@
1. Under your organization name, click {% octicon "shield" aria-label="The Security shield" %} **Security**.
1. Under your organization name, click **{% octicon "shield" aria-hidden="true" %} Security**.
![Organization security button](/assets/images/help/organizations/organization-security-tab.png)

6
data/reusables/repositories/sidebar-dependabot-alerts.md
Просмотреть файл

@ -1,4 +1,4 @@
1. In the "Vulnerability alerts" sidebar of the Security overview page, click **{% data variables.product.prodname_dependabot %}**. If this option is missing, it means you don't have access to security alerts and need to be given access. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."{% ifversion fpt or ghec %}
1. In the "Vulnerability alerts" sidebar of security overview, click **{% data variables.product.prodname_dependabot %}**. If this option is missing, it means you don't have access to security alerts and need to be given access. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."{% ifversion fpt or ghec %}
![Screenshot of the security overview page, with the "Dependabot" tab highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-tab.png){% else %}
![Screenshot of the security overview page, with the "Dependabot" tab highlighted with a dark orange outline.](/assets/images/enterprise/repository/dependabot-alerts-tab.png){% endif %}
![Screenshot of security overview, with the "Dependabot" tab highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-tab.png){% else %}
![Screenshot of security overview, with the "Dependabot" tab highlighted with a dark orange outline.](/assets/images/enterprise/repository/dependabot-alerts-tab.png){% endif %}

1
data/reusables/security-overview/about-security-overview.md Normal file
Просмотреть файл

@ -0,0 +1 @@
Security overview provides high-level summaries of the security status of an organization or enterprise and makes it easy to identify repositories that require intervention. You can also use security overview to see which repositories have enabled specific security features and to configure any available security features that are not currently in use.

1
data/reusables/security-overview/about-the-security-overview.md
Просмотреть файл

@ -1 +0,0 @@
The security overview provides high-level summaries of the security status of an organization or enterprise and make it easy to identify problematic repositories that require intervention. You can also use the security overview to see which repositories have enabled specific security features and to configure any available security features that are not currently in use.

2
data/reusables/security-overview/beta-org-risk-coverage.md
Просмотреть файл

@ -1,7 +1,7 @@
{% ifversion security-overview-org-risk-coverage %}
{% note %}
**Note:** The "Security Risk" and "Security Coverage" views are currently in beta and subject to change.
**Note:** The "Security risk" and "Security coverage" views are currently in beta and subject to change.
{% endnote %}
{% endif %}

2
data/reusables/security-overview/beta.md
Просмотреть файл

@ -1,5 +1,5 @@
{% note %}
**Note:** The security overview is currently in beta and subject to change.
**Note:** Security overview is currently in beta and subject to change.
{% endnote %}

2
data/reusables/security-overview/information-varies-GHAS.md
Просмотреть файл

@ -1,3 +1,3 @@
{% ifversion security-overview-displayed-alerts %}
The information shown in the security overview will vary according to your access to repositories, and on whether {% data variables.product.prodname_GH_advanced_security %} is used by those repositories.
The information shown by security overview will vary according to your access to repositories, and on whether {% data variables.product.prodname_GH_advanced_security %} is used by those repositories.
{% endif %}

10
data/reusables/security-overview/permissions.md
Просмотреть файл

@ -1 +1,9 @@
{% ifversion not fpt %}Organization owners and security managers can access the organization-level security overview{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %} and view alerts across multiple organizations via the enterprise-level security overview. Enterprise owners can only view repositories and alerts for organizations where they are added as an organization owner or security manager{% endif %}. {% ifversion ghec or ghes > 3.6 or ghae > 3.6 %}Organization members can access the organization-level security overview to view results for repositories where they have admin privileges or have been granted access to security alerts.{% else %}Members of a team can see the security overview for repositories that the team has admin privileges for.{% endif %}{% endif %}
{% ifversion not fpt %}
Security overview for an organization is available to all members of the organization. The views and data displayed are determined by your role in the organization, and by your permissions for individual repositories within the organization. {% ifversion security-overview-org-risk-coverage %}For more information, see "[Permission to view data in security overview](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."{% endif %}
{% ifversion ghec or ghes > 3.4 or ghae %}
Security overview for an enterprise shows organization owners and security managers data for the organizations they have access to. Enterprise owners can only view data for organizations where they are added as an organization owner or security manager. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."
{% endif %}
{% endif %}

2
data/reusables/security-overview/security-coverage-single-repo-enablement.md
Просмотреть файл

@ -1,5 +1,5 @@
{% note %}
**Note:** You can enable or disable security features that have a one-click setup directly from the Security Coverage view. For more information, see "[AUTOTITLE](/code-security/security-overview/about-the-security-overview#security-coverage-view)."
**Note:** You can enable or disable security features that have a one-click setup directly from the "Security coverage" view. For more information, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)."
{% endnote %}

12
tests/fixtures/versionless-redirects.txt поставляемый
Просмотреть файл

@ -427,10 +427,16 @@
- /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization
/enterprise-cloud@latest/code-security/security-overview/viewing-the-security-overview
- /code-security/security-overview/viewing-the-security-overview
- /code-security/security-overview/assessing-code-security-risk
/enterprise-cloud@latest/code-security/security-overview/filtering-alerts-in-the-security-overview
- /code-security/security-overview/filtering-alerts-in-the-security-overview
/enterprise-cloud@latest/code-security/security-overview/assessing-code-security-risk
- /code-security/security-overview/assessing-code-security-risk
/enterprise-cloud@latest/code-security/security-overview/assessing-adoption-code-security
- /code-security/security-overview/assessing-adoption-code-security
/enterprise-cloud@latest/code-security/security-overview/filtering-alerts-in-security-overview
- /code-security/security-overview/filtering-alerts-in-security-overview
/enterprise-cloud@latest/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization
- /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization