Edit

Share via

Security overview

  • Article

Security overview provides a single pane of glass to view a summary of your organization's security risk and Advanced Security enablement status.

All organizations, regardless of if they have an Advanced Security-enabled repository or not, are able to see the security overview tab in their organization settings.

GitHub Advanced Security for Azure DevOps works with Azure Repos. If you want to use GitHub Advanced Security with GitHub repositories, see GitHub Advanced Security.

About security overview

Security overview is available to view for all members of the organization who have access to view organization settings. Under the Risk tab, security overview shows you the distribution of total alerts and of alerts by severity across all projects and repositories with Advanced Security enabled under your selected organization. Under the Coverage tab, security overview shows the enablement status and navigation to repository settings to quickly enable Advanced Security for any repository.

Viewing security insights

To access the security overview for your organization, navigate to Organization settings > Security overview. The default view is of the Risk tab, which shows a summary of security alerts across dependency scanning, secret scanning, and code scanning in totality and by severity. In the Risk view, only repositories with Advanced Security enabled appear. The reported alert counts are only for alerts discovered on the default branch for each repository.

Screenshot of Risk tab in security overview for an organization.

Under the Coverage tab, security overview shows all repositories in your enterprise, regardless of their enablement status. For any repositories that have Advanced Security enabled, a breakdown of each tool is also included:

Screenshot of Coverage tab in security overview for an organization.

Dependency scanning, code scanning, and secret scanning alerts are enabled once a SARIF result file has been successfully submitted to Advanced Security. In other words, a successful scan regardless of alert discovery on any branch for a repository lights up coverage for that particular tool and repository. The enablement status doesn't consider recency of the scan.

Hovering on a specific repository and selecting the cog icon directs you to that repository's settings pane where you can enable Advanced Security. For more information about configuring Advanced Security features, see Configure GitHub Advanced Security.

Screenshot of enabling GitHub Advanced Security.