зеркало из https://github.com/github/docs.git
GHES 3.15 minor updates for security features: versioning and enterprise CodeQL PR alerts view (#52905)
Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> Co-authored-by: Pallavi <96553709+pallsama@users.noreply.github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: isaacmbrown <isaacmbrown@github.com> Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com> Co-authored-by: docs-bot <77750099+docs-bot@users.noreply.github.com> Co-authored-by: Hector Alfaro <hectorsector@github.com> Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>
This commit is contained in:
Родитель
26372cfc77
Коммит
970b66a956
|
@ -2,7 +2,7 @@
|
||||||
title: Viewing metrics for pull request alerts
|
title: Viewing metrics for pull request alerts
|
||||||
shortTitle: View PR alert metrics
|
shortTitle: View PR alert metrics
|
||||||
allowTitleToDifferFromFilename: true
|
allowTitleToDifferFromFilename: true
|
||||||
intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organization, and to identify repositories where you may need to take action.'
|
intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organizations, and to identify repositories where you may need to take action.'
|
||||||
permissions: '{% data reusables.permissions.security-overview %}'
|
permissions: '{% data reusables.permissions.security-overview %}'
|
||||||
type: how_to
|
type: how_to
|
||||||
topics:
|
topics:
|
||||||
|
@ -16,26 +16,36 @@ versions:
|
||||||
feature: security-overview-org-codeql-pr-alerts
|
feature: security-overview-org-codeql-pr-alerts
|
||||||
---
|
---
|
||||||
|
|
||||||
## About {% data variables.product.prodname_codeql %} pull request alerts metrics for an organization
|
## About {% data variables.product.prodname_codeql %} pull request alerts metrics
|
||||||
|
|
||||||
The metrics overview for {% data variables.product.prodname_codeql %} pull request alerts helps you to understand how well {% data variables.product.prodname_codeql %} is preventing vulnerabilities in your organization. You can use the metrics to assess how {% data variables.product.prodname_codeql %} is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks.
|
The metrics overview for {% data variables.product.prodname_codeql %} pull request alerts helps you to understand how well {% data variables.product.prodname_codeql %} is preventing vulnerabilities in your organizations. You can use the metrics to assess how {% data variables.product.prodname_codeql %} is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks.
|
||||||
|
|
||||||
The overview shows you a summary of how many vulnerabilities prevented by {% data variables.product.prodname_codeql %} have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organization.
|
The overview shows you a summary of how many vulnerabilities prevented by {% data variables.product.prodname_codeql %} have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organizations.
|
||||||
|
|
||||||
You can also find more granular metrics, such as how many alerts were fixed with and without {% data variables.product.prodname_copilot_autofix_short %} suggestions, how many were unresolved and merged, and how many were dismissed as false positive or as risk accepted.
|
You can also find more granular metrics, such as how many alerts were fixed{% ifversion code-scanning-autofix %} with and without {% data variables.product.prodname_copilot_autofix_short %} suggestions{% endif %}, how many were unresolved and merged, and how many were dismissed as false positive or as risk accepted.
|
||||||
|
|
||||||
You can also view:
|
You can also view:
|
||||||
|
|
||||||
* The rules that are causing the most alerts in your organization, and how many alerts each rule is associated with.
|
* The rules that are causing the most alerts, and how many alerts each rule is associated with.
|
||||||
|
|
||||||
|
* The number of alerts that were merged into the default branch without resolution, and the number of alerts dismissed as an acceptable risk.
|
||||||
|
|
||||||
|
{% ifversion code-scanning-autofix %}
|
||||||
* The number of alerts that were fixed with an accepted {% data variables.product.prodname_copilot_autofix_short %} suggestion, displayed as a fraction of how many total {% data variables.product.prodname_copilot_autofix_short %} suggestions were available.
|
* The number of alerts that were fixed with an accepted {% data variables.product.prodname_copilot_autofix_short %} suggestion, displayed as a fraction of how many total {% data variables.product.prodname_copilot_autofix_short %} suggestions were available.
|
||||||
|
|
||||||
* Remediation rates, in a graph showing the percentage of alerts that were remediated with an available {% data variables.product.prodname_copilot_autofix_short %} suggestion, and the percentage of alerts that were remediated without a {% data variables.product.prodname_copilot_autofix_short %} suggestion.
|
* Remediation rates, in a graph showing the percentage of alerts that were remediated with an available {% data variables.product.prodname_copilot_autofix_short %} suggestion, and the percentage of alerts that were remediated without a {% data variables.product.prodname_copilot_autofix_short %} suggestion.
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
You can apply filters to the data. The metrics are based on activity from the default period or your selected period.
|
You can apply filters to the data. The metrics are based on activity from the default period or your selected period.
|
||||||
|
|
||||||
![Screenshot of the "CodeQL pull request alerts" view for an organization, showing status and trends over 90 days.](/assets/images/help/security-overview/security-overview-codeql-pull-requests-alerts-report.png)
|
![Screenshot of the "CodeQL pull request alerts" view for an organization, showing status and trends over 90 days.](/assets/images/help/security-overview/security-overview-codeql-pull-requests-alerts-report.png)
|
||||||
|
|
||||||
|
{% ifversion code-scanning-autofix %}
|
||||||
|
> [!NOTE] Metrics for {% data variables.product.prodname_copilot_autofix_short %} will be shown only for repositories where {% data variables.product.prodname_copilot_autofix_short %} is enabled.
|
||||||
|
{% else %}
|
||||||
|
> [!NOTE] Metrics for {% data variables.product.prodname_copilot_autofix_short %} are omitted because {% data variables.product.prodname_copilot_autofix_short %} is available only on {% data variables.product.github %} cloud platforms.
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
## Viewing {% data variables.product.prodname_codeql %} pull request alerts metrics for an organization
|
## Viewing {% data variables.product.prodname_codeql %} pull request alerts metrics for an organization
|
||||||
|
|
||||||
{% data reusables.organizations.navigate-to-org %}
|
{% data reusables.organizations.navigate-to-org %}
|
||||||
|
@ -49,3 +59,17 @@ You can apply filters to the data. The metrics are based on activity from the de
|
||||||
* To search for repositories matching the selected filter, fill out the available fields for that filter, then click **Apply**. You can repeat this process to add as many filters as you would like to your search.
|
* To search for repositories matching the selected filter, fill out the available fields for that filter, then click **Apply**. You can repeat this process to add as many filters as you would like to your search.
|
||||||
* Optionally, to remove a filter from your search, click {% octicon "filter" aria-hidden="true" %} **Filter**. In the row of the filter you want to remove, click {% octicon "x" aria-label="Delete FILTER-NUMBER: FILTER-PROPERTIES" %}, then click **Apply**.{% ifversion security-overview-export-data %}
|
* Optionally, to remove a filter from your search, click {% octicon "filter" aria-hidden="true" %} **Filter**. In the row of the filter you want to remove, click {% octicon "x" aria-label="Delete FILTER-NUMBER: FILTER-PROPERTIES" %}, then click **Apply**.{% ifversion security-overview-export-data %}
|
||||||
1. You can use the {% octicon "download" aria-hidden="true" %} **Export CSV** button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)." {% endif %}
|
1. You can use the {% octicon "download" aria-hidden="true" %} **Export CSV** button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)." {% endif %}
|
||||||
|
|
||||||
|
{% ifversion security-overview-enterprise-codeql-pr-alerts %}
|
||||||
|
|
||||||
|
## Viewing {% data variables.product.prodname_codeql %} pull request alerts metrics for your enterprise
|
||||||
|
|
||||||
|
You can also view metrics for {% data variables.product.prodname_codeql %} alerts in pull requests across organizations in your enterprise.
|
||||||
|
|
||||||
|
{% data reusables.security-overview.enterprise-filters-tip %}
|
||||||
|
|
||||||
|
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
|
||||||
|
{% data reusables.code-scanning.click-code-security-enterprise %}
|
||||||
|
1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_codeql %} pull request alerts**.
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -2,4 +2,4 @@
|
||||||
versions:
|
versions:
|
||||||
fpt: '*'
|
fpt: '*'
|
||||||
ghec: '*'
|
ghec: '*'
|
||||||
ghes: '>= 3.14'
|
ghes: '>= 3.15'
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
# Reference: #14348
|
||||||
|
# Documentation for enterprise-level CodeQL PR alerts report
|
||||||
|
versions:
|
||||||
|
ghes: '> 3.14'
|
||||||
|
ghec: '*'
|
|
@ -1,4 +1,4 @@
|
||||||
# Reference: #4347
|
# Reference: #14347
|
||||||
# Documentation for org-level CodeQL PR alerts report
|
# Documentation for org-level CodeQL PR alerts report
|
||||||
versions:
|
versions:
|
||||||
ghes: '> 3.14'
|
ghes: '> 3.14'
|
||||||
|
|
Загрузка…
Ссылка в новой задаче