Viewing metrics for pull request alerts

You can use security overview to see how CodeQL is performing in pull requests for repositories across your organizations, and to identify repositories where you may need to take action.

¿Quién puede utilizar esta característica?

El acceso requiere:

  • Vistas de la organización: acceso de escritura a repositorios de la organización
  • Vistas de la empresa: propietarios de la organización y administradores de seguridad

Organizaciones que pertenecen a una cuenta de GitHub Team con GitHub Code Security, o a una cuenta de GitHub Enterprise con GitHub Code Security

En este artículo

About CodeQL pull request alerts metrics

The metrics overview for CodeQL pull request alerts helps you to understand how well CodeQL is preventing vulnerabilities in your organizations. You can use the metrics to assess how CodeQL is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks.

The overview shows you a summary of how many vulnerabilities prevented by CodeQL have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organizations.

You can also find more granular metrics, such as how many alerts were fixed with and without Autocorrección de Copilot suggestions, how many were unresolved and merged, and how many were dismissed as false positive or as risk accepted.

You can also view:

  • The rules that are causing the most alerts, and how many alerts each rule is associated with.

  • The number of alerts that were merged into the default branch without resolution, and the number of alerts dismissed as an acceptable risk.

  • The number of alerts that were fixed with an accepted Autocorrección de Copilot suggestion, displayed as a fraction of how many total Autocorrección de Copilot suggestions were available.

  • Remediation rates, in a graph showing the percentage of alerts that were remediated with an available Autocorrección de Copilot suggestion, and the percentage of alerts that were remediated without a Autocorrección de Copilot suggestion.

  • Mean time to remediate, in a graph showing the average age of closed alerts that were remediated with an available Autocorrección de Copilot suggestion, and the average age of closed alerts that were remediated without a Autocorrección de Copilot suggestion.

You can apply filters to the data. The metrics are based on activity from the default period or your selected period.

Nota:

Metrics for Autocorrección de Copilot will be shown only for repositories where Autocorrección de Copilot is enabled.

Viewing CodeQL pull request alerts metrics for an organization

  1. En GitHub, navega a la página principal de tu organización.

  2. Debajo del nombre de la organización, haz clic en Security.

    Captura de pantalla de la barra de navegación horizontal de una organización. Una pestaña, etiquetada con un icono de escudo y "Seguridad", está resaltado en naranja oscuro.

  3. In the sidebar, under "Metrics", click CodeQL pull request alerts.

  4. Optionally, use the date picker to set the time range. The date picker will show data based on the pull request alerts' creation dates.

  5. Optionally, apply filters in the search box at the top of the page.

  6. Alternatively, you can open the advanced filter dialog:

    • At the top of the page, next to the search box, click Filter.
    • Click Add a filter, then select a filter from the dropdown menu.
    • To search for repositories matching the selected filter, fill out the available fields for that filter, then click Apply. You can repeat this process to add as many filters as you would like to your search.
    • Optionally, to remove a filter from your search, click Filter. In the row of the filter you want to remove, click , then click Apply.

  7. You can use the Export CSV button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see Exporting data from security overview.

Viewing CodeQL pull request alerts metrics for your enterprise

You can also view metrics for CodeQL alerts in pull requests across organizations in your enterprise.

  1. Vaya a GitHub Enterprise Cloud.
  2. En la esquina superior derecha de GitHub, haz clic en la fotografía de perfil.
  3. En función de su entorno, haga clic en Enterprise o en Empresas y, a continuación, haga clic en la empresa que desea ver.
  4. En la parte superior de la página, haz clic en Security.
  5. In the sidebar, under "Metrics", click CodeQL pull request alerts.

Sugerencia

Puedes usar el filtro owner en el campo de búsqueda para filtrar los datos por organización. Si es propietario de un empresa con usuarios administrados, puede usar el filtro owner-type para filtrar los datos por el tipo de propietario del repositorio, de modo que pueda ver datos de repositorios propiedad de la organización o repositorios propiedad del usuario. Para obtener más información, consulta Filtrar alertas en la información general sobre seguridad.