Affichage des mesures pour la protection par poussée de l'analyse secrète

Vous pouvez utiliser la vue d’ensemble de la sécurité pour voir comment la protection de la transmission de type push secret scanning s’exécute dans les référentiels de votre organisation, et pour identifier les référentiels dans lesquels vous devrez peut-être prendre des mesures.

Qui peut utiliser cette fonctionnalité ?

L’accès nécessite :

Vues de l’organisation : accès en écriture aux référentiels de l’organisation
Vues d’entreprise : propriétaires et responsables de la sécurité de l’organisation

Dans cet article

Note

Secret scanning metrics for push protection is currently in beta and subject to change.

About metrics for secret scanning push protection

The metrics overview for secret scanning push protection helps you to understand how well you are preventing security leaks in your organization. You can use the metrics to assess how push protection is performing, and to easily identify the repositories where you may need to take action in order to prevent leaks of sensitive information.

The overview shows you a summary of how many pushes containing secrets have been successfully blocked by push protection, as well as how many times push protection was bypassed.

You can also find more granular metrics, such as:

The secret types that have been blocked or bypassed the most
The repositories that have had the most pushes blocked
The repositories that are bypassing push protection the most
The percentage distribution of reasons that users give when they bypass the protection

Use the date picker to set the time range that you want to view alert activity and metrics for, and click in the search box to add further filters on the alerts and metrics displayed. For more information, see "Filtering alerts in security overview."

You can see secret scanning metrics if you have:

The admin role for the repository.
A custom repository role with the "View secret scanning results" fine-grained permissions for the repository. For more information, see "About custom repository roles."
Access to alerts for the repository. For more information, see "Managing security and analysis settings for your repository."

The metrics are based on activity from the default period or your selected period.

Screenshot of the top section of the "Metrics" view for secret scanning on the "Security" tab for an organization.

Viewing metrics for secret scanning push protection for an organization

On GitHub, navigate to the main page of the organization.
Under your organization name, click Security.
In the sidebar, under "Metrics", click Secret scanning.
Click on an individual secret type or repository to see the associated secret scanning alerts for your organization.
You can use the options at the top of the page to filter the group of repositories that you want to see secret scanning metrics for.
- Use the date picker to set the time range that you want to view metrics for. Note that the date used by the date picker corresponds to the date a secret was bypassed on.
- Click in the search box to add further filters on the secret scanning metrics displayed. For more information, see "Filtering alerts in security overview."