diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md index 2306af2310c7..26e0f8035658 100644 --- a/content/code-security/security-overview/viewing-security-insights.md +++ b/content/code-security/security-overview/viewing-security-insights.md @@ -47,7 +47,7 @@ The dashboard is divided into three tabs, each focused around a different securi * The "Impact analysis" section shows the repositories that pose the highest potential security risk in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}. {% endif %} -You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. {% ifversion security-overview-additional-tools %}By default, the dashboard displays all alerts from {% data variables.product.prodname_dotcom %} tools, but you can use the tool filter to show alerts from a specific tool ({% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, a specific third-party tool) or all third-party {% data variables.product.prodname_code_scanning %} tools.{% endif %} For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." +You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. By default, the dashboard displays all alerts from {% data variables.product.prodname_dotcom %} tools, but you can use the tool filter to show alerts from a specific tool ({% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, a specific third-party tool) or all third-party {% data variables.product.prodname_code_scanning %} tools. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." {% ifversion security-overview-export-dashboard-data %} You can download a CSV file of the overview dashboard data for your organization. This data file can integrate easily with external datasets, so you may find it useful for security research, data analysis, and more. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)." @@ -87,6 +87,7 @@ Keep in mind that the overview page tracks changes over time for security alert ## Understanding the overview dashboard {% ifversion security-overview-3-tab-dashboard %} + * [Detection tab](#detection-tab) * [Remediation tab](#remediation-tab) @@ -137,12 +138,14 @@ For more information on {% data variables.product.prodname_secret_scanning %} pu #### Impact analysis table -The impact analysis table has separate tabs showing data for: "Repositories" and "Advisories". +The impact analysis table has separate tabs showing data for: "Repositories", "Advisories", and "SAST vulnerabilities". * The "Repositories" tab shows the top 10 repositories with the most open alerts at the end of the chosen time period, ranked by the total number of open alerts. For each repository, the total number of open alerts is shown alongside a breakdown by severity. * The "Advisories" tab shows the 10 CVE advisories that triggered the most {% data variables.product.prodname_dependabot %} alerts at the end of the chosen time period, ranked by the total number of open alerts. For each advisory, the total number of open alerts is shown alongside a severity rating. +* The "SAST vulnerabilities" tab shows the 10 static application security testing (SAST) vulnerabilities that triggered the most {% data variables.product.prodname_code_scanning %} alerts, ranked by the total number of open alerts. For each vulnerability, the total number of open alerts is shown alongside a severity rating. + ### Remediation tab * [Closed alerts over time](#closed-alerts-over-time) @@ -208,21 +211,18 @@ The "Pull request alerts fixed with autofix suggestions" metric shows the ratio {% endif %} {% else %} + * [Alert trends graph](#alert-trends-graph) * [Age of alerts](#age-of-alerts) * [Secrets bypassed or blocked](#secrets-bypassed-or-blocked) * [Mean time to remediate](#mean-time-to-remediate) * [Net resolve rate](#net-resolve-rate) -* [Alert activity graph](#alert-activity-graph){% ifversion security-overview-additional-tools %} +* [Alert activity graph](#alert-activity-graph) * [Impact analysis table](#impact-analysis-table) -* [Reopened alerts](#reopened-alerts){% else %} -* [Impact analysis for repositories](#impact-analysis-for-repositories) -{% endif %} +* [Reopened alerts](#reopened-alerts) -{% ifversion security-overview-additional-tools %} Some metrics in the security overview dashboard include a trend indicator, which shows the percentage gain or loss for the chosen time period relative to previous period. For example, when you select a week with 10 alerts, if the previous week had 20 alerts, the trend indicator reports that the metric has dropped by 50%. If the average age of the open alerts is 15 days, and for the previous period it was 5 days, the trend indicator reports that the metric has risen by 200%. -{% endif %} >[!NOTE] > The number of alerts shown on the security overview dashboard may not match the number of {% data variables.product.prodname_code_scanning %} alerts. The security overview dashboard focuses on the security posture of your organization, and only includes alerts with a security severity ("Critical", "High", "Medium", or "Low"), but {% data variables.product.prodname_codeql %} and third-party tools may separately produce alerts with a level of "Error", "Warning", or "Note". For more information about alert severity and security severity levels in {% data variables.product.prodname_code_scanning %}, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)." @@ -241,8 +241,6 @@ The "Age of alerts" metric is the average age of all alerts that are still open The age of each open alert is calculated by subtracting the date the alert was created from the date that the chosen time period ends. For reopened alerts, the age is calculated by subtracting the original created date rather than the date the alert was reopened. -{% ifversion security-overview-additional-tools %} - ### Reopened alerts The "Reopened alerts" metric is the total open alerts that were reopened during the chosen time period. Only alerts that are open at the end of the reporting period are reported. This includes: @@ -251,15 +249,13 @@ The "Reopened alerts" metric is the total open alerts that were reopened during * Newly created alerts that were closed, and then reopened, during the chosen time period. * Alerts that were open at the start of the chosen time period, but closed and then reopened within the same period. -{% endif %} - ### Secrets bypassed or blocked The "Secrets bypassed / blocked" metric shows the ratio of secrets bypassed to the total secrets blocked by push protection. You can also see how many secrets were successfully blocked, which is calculated by subtracting the number of secrets bypassed from the total number of secrets blocked by push protection. A secret is considered to have been successfully blocked when it has been corrected, and not committed to the repository. -{% ifversion security-overview-additional-tools %}You can click **View details** to view the {% data variables.product.prodname_secret_scanning %} report with the same filters and time period selected.{% endif %} +You can click **View details** to view the {% data variables.product.prodname_secret_scanning %} report with the same filters and time period selected. For more information on secret scanning push protection metrics, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection)." @@ -295,8 +291,6 @@ Expanding on the alert trends graph, the alert activity graph shows you alert in Green bars represent the number of new alerts created during the segmented time period. Purple bars represent the number of alerts that were closed during the segmented time period. The blue dotted line represents the net alert activity, which is the difference between new and closed alerts. -{% ifversion security-overview-additional-tools %} - ### Impact analysis table The impact analysis table has separate tabs showing data for: "Repositories" and "Advisories". @@ -305,12 +299,4 @@ The impact analysis table has separate tabs showing data for: "Repositories" and * The "Advisories" tab shows the 10 CVE advisories that triggered the most {% data variables.product.prodname_dependabot %} alerts at the end of the chosen time period, ranked by the total number of open alerts. For each advisory, the total number of open alerts is shown alongside a severity rating. -{% else %} - -### Impact analysis for repositories - -The impact analysis table shows the top 10 repositories with the most open alerts as of the end of the chosen time period, ranked by the total number of open alerts. For each repository, the total number of open alerts is shown alongside a breakdown by severity. - -{% endif %} - {% endif %}