Viewing metrics for secret scanning push protection

You can use security overview to see how secret scanning push protection is performing in repositories across your organization or enterprise, and to identify repositories where you may need to take action.

谁可以使用此功能?

访问需要:

  • 组织视图:对组织中的存储库的写入访问权限
  • 企业视图:组织所有者和安全经理

本文内容

注意

Secret scanning 推送保护指标目前为 公共预览版,可能会有变动。

About metrics for secret scanning push protection

The metrics overview for secret scanning push protection helps you to understand how well you are preventing security leaks in your organization or across organizations in your enterprise. You can use the metrics to assess how push protection is performing, and to easily identify the repositories where you may need to take action in order to prevent leaks of sensitive information.

The overview shows you a summary of how many pushes containing secrets have been successfully blocked by push protection, as well as how many times push protection was bypassed.

You can also find more granular metrics, such as:

  • The secret types that have been blocked or bypassed the most
  • The repositories that have had the most pushes blocked
  • The repositories that are bypassing push protection the most
  • The percentage distribution of reasons that users give when they bypass the protection

Use the date picker to set the time range that you want to view alert activity and metrics for, and click in the search box to add further filters on the alerts and metrics displayed. For more information, see Filtering alerts in security overview.

You can see secret scanning metrics if you have:

The metrics are based on activity from the default period or your selected period.

Viewing metrics for secret scanning push protection for an organization

  1. 在 GitHub 上,导航到组织的主页面。

  2. 在组织名称下,单击“ Security”****。

    组织的水平导航栏的屏幕截图。 标有盾牌图标和“安全”字样的选项卡以深橙色轮廓标出。

  3. In the sidebar, under "Metrics", click Secret scanning.

  4. Click on an individual secret type or repository to see the associated 机密扫描警报 for your organization.

  5. 可以使用页面顶部的选项来筛选要查看其 secret scanning 指标的存储库组。

    • 使用日期选取器设置要查看其指标的时间范围。 请注意,日期选取器使用的日期与绕过机密的日期相对应。
    • 在搜索框中单击,在显示的 secret scanning 指标上添加更多筛选器。 有关详细信息,请参阅“Filtering alerts in security overview”。

Viewing metrics for secret scanning push protection for an enterprise

You can view metrics for secret scanning push protection across organizations in an enterprise. 安全概览显示的信息根据你对仓库和组织的访问权限而有所不同,也根据这些仓库和组织是否使用 Advanced Security 功能而有所不同。 有关详细信息,请参阅“关于安全概述”。

  1. 导航至 GitHub Enterprise Cloud。
  2. 在 GitHub 的右上角,单击你的个人资料图片。
  3. 根据环境,单击“ 企业”,或单击“ 企业 ”,然后单击要查看的企业。
  4. 在页面顶部,单击“ Security”。
  5. In the sidebar, click Secret scanning metrics.
  6. Click on an individual secret type or repository to see the associated 机密扫描警报 for your enterprise.
  7. 可以使用页面顶部的选项来筛选要查看其 secret scanning 指标的存储库组。
    • 使用日期选取器设置要查看其指标的时间范围。 请注意,日期选取器使用的日期与绕过机密的日期相对应。
    • 在搜索框中单击,在显示的 secret scanning 指标上添加更多筛选器。 有关详细信息,请参阅“Filtering alerts in security overview”。

提示

可以使用搜索字段中的 owner 筛选器按组织筛选数据。 如果是 具有托管用户的企业 的所有者,则可以使用 owner-type 筛选器按存储库所有者的类型筛选数据,以便可以查看组织拥有的存储库或用户拥有的存储库中的数据。 有关详细信息,请参阅“Filtering alerts in security overview”。