About exporting your security overview data
You can download comma-separated values (CSV) files containing data from the "Overview", "Risk", "Coverage" and "CodeQL pull request alerts" pages of your organization's security overview. These files can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets.
The overview page contains data about security alerts across your organization, while the risk and coverage pages contain data about repositories and how they are affected by security alerts or covered by security features. The CodeQL pull request alerts page contains data about CodeQL alerts that were caught in pull requests merged to the default branch.
The CSV file you download will contain data corresponding to the filters you have applied to security overview. For example, if you add the filter dependabot-alerts:enabled
, your file will only contain data for repositories that have enabled Dependabot alerts.
Note
In the "Teams" column of the CSV file, each repository will list a maximum of 20 teams with write access to that repository. If more than 20 teams have write access to a repository, the data will be truncated.
Exporting data from your organization's security overview
-
In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
-
In the "Organizations" section, select the organization for which you would like to download security overview data.
-
Under your organization name, click Security.
-
In the "Security" sidebar, choose the page that you want to export data from by clicking on Overview, Coverage, Risk or CodeQL pull request alerts.
-
Next to the search bar, click Export CSV.
It may take a moment for GitHub Enterprise Cloud to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready. If you are downloading the CSV from the overview page, you will also receive an email when your report is ready, containing a link to download the CSV.
Note
The summary views ("Overview", "Coverage" and "Risk") show data only for default alerts. Code scanning alerts from third-party tools, and secret scanning alerts for non-provider patterns or for ignored directories are all omitted from these views. Consequently, files exported from the summary views do not contain data for these types of alert.