You can use security overview to see how CodeQL is performing in pull requests for repositories across your organizations, and to identify repositories where you may need to take action.
Who can use this feature?Access requires:
Organizations owned by a GitHub Team account with GitHub Code Security, or owned by a GitHub Enterprise account with GitHub Code Security
About CodeQL pull request alerts metricsThe metrics overview for CodeQL pull request alerts helps you to understand how well CodeQL is preventing vulnerabilities in your organizations. You can use the metrics to assess how CodeQL is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks.
The overview shows you a summary of how many vulnerabilities prevented by CodeQL have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organizations.
You can also find more granular metrics, such as how many alerts were fixed with and without Copilot Autofix suggestions, how many were unresolved and merged, and how many were dismissed as false positive or as risk accepted.
You can also view:
The rules that are causing the most alerts, and how many alerts each rule is associated with.
The number of alerts that were merged into the default branch without resolution, and the number of alerts dismissed as an acceptable risk.
The number of alerts that were fixed with an accepted Copilot Autofix suggestion, displayed as a fraction of how many total Copilot Autofix suggestions were available.
Remediation rates, in a graph showing the percentage of alerts that were remediated with an available Copilot Autofix suggestion, and the percentage of alerts that were remediated without a Copilot Autofix suggestion.
Mean time to remediate, in a graph showing the average age of closed alerts that were remediated with an available Copilot Autofix suggestion, and the average age of closed alerts that were remediated without a Copilot Autofix suggestion.
You can apply filters to the data. The metrics are based on activity from the default period or your selected period.
Note
Metrics for Copilot Autofix will be shown only for repositories where Copilot Autofix is enabled.
Viewing CodeQL pull request alerts metrics for an organizationOn GitHub, navigate to the main page of the organization.
Under your organization name, click Security.
In the sidebar, under "Metrics", click CodeQL pull request alerts.
Optionally, use the date picker to set the time range. The date picker will show data based on the pull request alerts' creation dates.
Optionally, apply filters in the search box at the top of the page.
Alternatively, you can open the advanced filter dialog:
You can use the Export CSV button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see Exporting data from security overview.
You can also view metrics for CodeQL alerts in pull requests across organizations in your enterprise.
Navigate to GitHub Enterprise Cloud.
In the top-right corner of GitHub, click your profile picture, then click Your enterprises.
In the list of enterprises, click the enterprise you want to view.
At the top of the page, click Security.
In the sidebar, under "Metrics", click CodeQL pull request alerts.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4