SAST vulnerabilities summary now available on the security overview dashboard

Now you can better manage and mitigate your security vulnerabilities with a new SAST vulnerabilities summary table, available directly on the security overview dashboard. This feature highlights your top 10 CodeQL and third-party open alerts by count, grouped by vulnerability type.

The SAST vulnerabilities table on the Detection tab of the overview dashboard

When prioritizing which alerts to address first, it’s crucial to consider various factors. One significant factor is the number of instances of a vulnerability across your codebase. The more areas of code affected by a vulnerability, the higher the potential risk for exploitation.

To access the new SAST vulnerabilities table, click your profile photo in the top-right corner of GitHub.com and select the organization or enterprise you want to view. For organizations, go to the Security tab and scroll to the bottom of the Detection view on the Overview dashboard. For enterprises, click Code Security in the sidebar, then select Overview and scroll to the bottom of the Detection view.

The SAST vulnerabilities summary is now generally available on GitHub Enterprise Cloud and will be available in GitHub Enterprise Server 3.16.

Learn more about security overview insights and join the discussion within the GitHub Community

Today, Actions Performance Metrics is now in public preview for all users of GitHub Actions. Actions Performance Metrics is an observability UI that gives you insights into your workflow or job performance for your organizations or repositories. To access the feature, on your organization home page, select Insights near the top of the page, and then select ‘Actions Performance Metrics’ on the left side of the page.

Performance metrics can help you answer these commonly asked questions about your Actions workflow runs:

  • How long does it take for my workflows or jobs to complete?
  • How long are my workflows or jobs waiting to run?
  • Which of my workflows or jobs are consistently failing?
  • Where are my longest running workflows or jobs originating from?

Actions Performance metrics dashboard job view

GitHub Actions Metrics for Free, Pro, and Team plans

We are also pleased to announce that with today’s release, GitHub Actions Metrics are now available to Free, Pro, and Team plans. Previously, this feature was only available to those on the GitHub Enterprise Cloud plan.

To learn more about GitHub Actions Metrics, check out our public documentation or head to our community discussion to ask questions and provide feedback.

See more

We’re excited to announce the GA release of the GitHub Copilot Metrics API, available to all customers of GitHub Copilot Business and GitHub Copilot Enterprise.

What is the Copilot Metrics API?

The GitHub Copilot Metrics API is designed to supply you with information about Copilot’s usage within your GitHub enterprise, organizations, and teams. The data from the API is intended to be consumed and combined with your organization’s own data to create greater visibility into how Copilot fits into the bigger picture of your software development cycle. It offers visibility into utilization of individual Copilot features and the volume of daily active users.

What’s included in the GA release?

  • New metrics for Pull Request summaries.
  • New metrics for Copilot Chat in GitHub.com.
  • Improved clarity for code completions and Copilot Chat in IDE metrics.
  • Daily summary of total engaged users.
  • Built in support for slicing data on custom models, arriving shortly after release.
  • Aggregation by GitHub enterprise, organization, and team.
  • Up to 28 days of history is available.
  • Metrics are loaded end of day UTC, and are summarized by day.
  • Terminology alignment with the User Management API.

Will my current reporting be impacted?

The GA release of the Copilot Metrics API introduces a newly revised schema. To ensure that your existing reports are not interrupted, the Beta route will remain online through the end of the calendar year.

Documentation and Resources

  • Docs: Explore detailed API documentation, including schema and metrics definitions here.
  • Questions or suggestions? Join the community conversation.
See more