Security overview dashboards, secret scanning metrics and enablement trends reports are now generally available

Today, we’re excited to announce the general availability of our new organization and enterprise-level security overview dashboards, alongside enhanced secret scanning metrics and the enablement trends reports. These features are designed to provide comprehensive insights, improved prioritization, and advanced filtering options to streamline your security improvements.

Code security insights

Organization-level overview dashboard on the security tab

Our new security overview dashboard, available at both the organization and enterprise levels, integrates security into the core of the development lifecycle. This empowers you to proactively identify and address vulnerabilities. Key features include:

  • Track security improvements: Monitor trends over time by age, severity, and security tool, simplifying prioritization with top 10 lists focused on repositories and advisories.
  • Autofix impact: Understand how autofix, powered by GitHub Copilot, is influencing your enterprise’s security remediation efforts.
  • Advanced filtering: Customize data focus with filters by attributes such as team, repository metadata (i.e., custom repository properties), and security tool-specific filters:
    • Dependabot: Filter by ecosystem, package, and dependency scope.
    • CodeQL/Third-Party: Filter by specific rules.
    • Secret Scanning: Filter by secret type, provider, push protection status, and validity.

Organization-level enablement trends report

Monitor the enablement trends of all security tools with detailed insights into the activation status of Dependabot alerts, Dependabot security updates, code scanning, secret scanning alerts, and secret scanning push protection, giving you at-a-glance oversight of your security coverage.

Push protection insights for secret scanning

Organization-level secret scanning metrics page

Gain insights into how push protection is functioning throughout your enterprise. Monitor the number of pushes containing secrets that have been successfully blocked, as well as instances where push protection was bypassed. Detailed insights by secret type, repository, and reasons for bypassing are also available.

To access these features, navigate to your profile photo in the top-right corner of GitHub.com and select the organization or enterprise you wish to view. For organizations, click on the Security tab. For enterprises, click Code Security in the enterprise account sidebar.

These features are generally available on GitHub.com today and will be generally available in GitHub Enterprise Server 3.14.

Learn more about the security overview dashboard, the secret scanning metrics report and the enablement trends report

Code security configurations are supported in the audit log

GitHub Enterprise Cloud customers can now see code security configurations data in audit log events.

Code security configurations simplify the rollout of GitHub security products at scale by defining collections of security settings and helping you apply those settings to groups of repositories. Configurations help you change the settings for important features like code scanning, secret scanning, and Dependabot.

With the addition of configurations data in the audit log, organization and enterprise owners have easy visibility into why the settings on certain repositories may have changed.

Audit log events now include:
– Name of the configuration applied to a repository
– When the configuration application fails
– When a configuration is removed from a repository
– When configurations are created, updated, or deleted
– When configurations become enforced
– When the default configuration for new repositories changes

Code security configurations are now available in public beta on GitHub.com and will be available in GitHub Enterprise Server 3.15. You can learn more about code security configurations or send us your feedback.

See more

Code security configurations API now includes validity checks, enforcement, and removal

The REST API now supports the following code security configuration actions for organizations:
Detach configurations from repositories
Enforce configurations
Enable validity checks for secret scanning in a configuration

The API is now available on GitHub Enterprise Cloud and will be available in GitHub Enterprise Server 3.15.0. You can learn more about security configurations, the REST API, or send us your feedback.

See more
View all changes