Viewing metrics for pull request alerts

You can use security overview to see how CodeQL is performing in pull requests for repositories across your organization, and to identify repositories where you may need to take action.

누가 이 기능을 사용할 수 있나요?

조직의 모든 구성원이 조직의 보안 개요를 사용할 수 있습니다. 표시되는 보기 및 데이터는 조직의 역할 및 조직 내의 개별 리포지토리에 대한 사용 권한에 따라 결정됩니다. 자세한 내용은 "보안 개요"을 참조하세요.

엔터프라이즈의 보안 개요는 액세스 권한이 있는 조직의 조직 소유자 및 보안 관리자 데이터를 보여 줍니다. 엔터프라이즈 소유자는 조직 소유자 또는 보안 관리자로 추가된 조직의 데이터만 볼 수 있습니다. 자세한 내용은 "엔터프라이즈가 소유한 조직 내 역할 관리"을 참조하세요.

All enterprises and their organizations have a security overview. If you use GitHub Advanced Security features, which are free for public repositories, you will see additional information. For more information, see "About GitHub Advanced Security."

이 문서의 내용

About CodeQL pull request alerts metrics for an organization

The metrics overview for CodeQL pull request alerts helps you to understand how well CodeQL is preventing vulnerabilities in your organization. You can use the metrics to assess how CodeQL is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks.

The overview shows you a summary of how many vulnerabilities prevented by CodeQL have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organization.

You can also find more granular metrics, such as how many alerts were fixed with and without Copilot Autofix suggestions, how many were unresolved and merged, and how many were dismissed as false positive or as risk accepted.

You can also view:

  • The rules that are causing the most alerts in your organization, and how many alerts each rule is associated with.

  • The number of alerts that were fixed with an accepted Copilot Autofix suggestion, displayed as a fraction of how many total Copilot Autofix suggestions were available.

  • Remediation rates, in a graph showing the percentage of alerts that were remediated with an available Copilot Autofix suggestion, and the percentage of alerts that were remediated without a Copilot Autofix suggestion.

You can apply filters to the data. The metrics are based on activity from the default period or your selected period.

Screenshot of the "CodeQL pull request alerts" view for an organization, showing status and trends over 90 days.

Viewing CodeQL pull request alerts metrics for an organization

  1. GitHub.com에서 조직의 기본 페이지로 이동합니다.

  2. 조직 이름에서 보안을 클릭합니다.

    조직의 가로 탐색 모음 스크린샷 방패 아이콘과 "보안"이라는 레이블이 지정된 탭이 진한 주황색 윤곽선으로 표시되어 있습니다.

  3. In the sidebar, under "Metrics", click CodeQL pull request alerts.

  4. Optionally, use the date picker to set the time range. The date picker will show data based on the pull request alerts' creation dates.

  5. Optionally, apply filters in the search box at the top of the page.

  6. Alternatively, you can open the advanced filter dialog:

    • At the top of the page, next to the search box, click Filter.
    • Click Add a filter, then select a filter from the dropdown menu.
    • To search for repositories matching the selected filter, fill out the available fields for that filter, then click Apply. You can repeat this process to add as many filters as you would like to your search.
    • Optionally, to remove a filter from your search, click Filter. In the row of the filter you want to remove, click , then click Apply.