From 970b66a9567572f5020efa70385bbf5e2a3e436b Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Tue, 12 Nov 2024 21:09:28 +0000 Subject: [PATCH] GHES 3.15 minor updates for security features: versioning and enterprise CodeQL PR alerts view (#52905) Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> Co-authored-by: Pallavi <96553709+pallsama@users.noreply.github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: isaacmbrown Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: Jules <19994093+jules-p@users.noreply.github.com> Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com> Co-authored-by: docs-bot <77750099+docs-bot@users.noreply.github.com> Co-authored-by: Hector Alfaro Co-authored-by: Kevin Heis --- ...viewing-metrics-for-pull-request-alerts.md | 36 +++++++++++++++---- .../enforce-security-configurations.yml | 2 +- ...y-overview-enterprise-codeql-pr-alerts.yml | 5 +++ ...security-overview-org-codeql-pr-alerts.yml | 2 +- 4 files changed, 37 insertions(+), 8 deletions(-) create mode 100644 data/features/security-overview-enterprise-codeql-pr-alerts.yml diff --git a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md index 53a2ec3626d5..a5aaf8acddf6 100644 --- a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md +++ b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md @@ -2,7 +2,7 @@ title: Viewing metrics for pull request alerts shortTitle: View PR alert metrics allowTitleToDifferFromFilename: true -intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organization, and to identify repositories where you may need to take action.' +intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organizations, and to identify repositories where you may need to take action.' permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: @@ -16,26 +16,36 @@ versions: feature: security-overview-org-codeql-pr-alerts --- -## About {% data variables.product.prodname_codeql %} pull request alerts metrics for an organization +## About {% data variables.product.prodname_codeql %} pull request alerts metrics -The metrics overview for {% data variables.product.prodname_codeql %} pull request alerts helps you to understand how well {% data variables.product.prodname_codeql %} is preventing vulnerabilities in your organization. You can use the metrics to assess how {% data variables.product.prodname_codeql %} is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks. +The metrics overview for {% data variables.product.prodname_codeql %} pull request alerts helps you to understand how well {% data variables.product.prodname_codeql %} is preventing vulnerabilities in your organizations. You can use the metrics to assess how {% data variables.product.prodname_codeql %} is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks. -The overview shows you a summary of how many vulnerabilities prevented by {% data variables.product.prodname_codeql %} have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organization. +The overview shows you a summary of how many vulnerabilities prevented by {% data variables.product.prodname_codeql %} have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organizations. -You can also find more granular metrics, such as how many alerts were fixed with and without {% data variables.product.prodname_copilot_autofix_short %} suggestions, how many were unresolved and merged, and how many were dismissed as false positive or as risk accepted. +You can also find more granular metrics, such as how many alerts were fixed{% ifversion code-scanning-autofix %} with and without {% data variables.product.prodname_copilot_autofix_short %} suggestions{% endif %}, how many were unresolved and merged, and how many were dismissed as false positive or as risk accepted. You can also view: -* The rules that are causing the most alerts in your organization, and how many alerts each rule is associated with. +* The rules that are causing the most alerts, and how many alerts each rule is associated with. +* The number of alerts that were merged into the default branch without resolution, and the number of alerts dismissed as an acceptable risk. + +{% ifversion code-scanning-autofix %} * The number of alerts that were fixed with an accepted {% data variables.product.prodname_copilot_autofix_short %} suggestion, displayed as a fraction of how many total {% data variables.product.prodname_copilot_autofix_short %} suggestions were available. * Remediation rates, in a graph showing the percentage of alerts that were remediated with an available {% data variables.product.prodname_copilot_autofix_short %} suggestion, and the percentage of alerts that were remediated without a {% data variables.product.prodname_copilot_autofix_short %} suggestion. +{% endif %} You can apply filters to the data. The metrics are based on activity from the default period or your selected period. ![Screenshot of the "CodeQL pull request alerts" view for an organization, showing status and trends over 90 days.](/assets/images/help/security-overview/security-overview-codeql-pull-requests-alerts-report.png) +{% ifversion code-scanning-autofix %} +> [!NOTE] Metrics for {% data variables.product.prodname_copilot_autofix_short %} will be shown only for repositories where {% data variables.product.prodname_copilot_autofix_short %} is enabled. +{% else %} +> [!NOTE] Metrics for {% data variables.product.prodname_copilot_autofix_short %} are omitted because {% data variables.product.prodname_copilot_autofix_short %} is available only on {% data variables.product.github %} cloud platforms. +{% endif %} + ## Viewing {% data variables.product.prodname_codeql %} pull request alerts metrics for an organization {% data reusables.organizations.navigate-to-org %} @@ -49,3 +59,17 @@ You can apply filters to the data. The metrics are based on activity from the de * To search for repositories matching the selected filter, fill out the available fields for that filter, then click **Apply**. You can repeat this process to add as many filters as you would like to your search. * Optionally, to remove a filter from your search, click {% octicon "filter" aria-hidden="true" %} **Filter**. In the row of the filter you want to remove, click {% octicon "x" aria-label="Delete FILTER-NUMBER: FILTER-PROPERTIES" %}, then click **Apply**.{% ifversion security-overview-export-data %} 1. You can use the {% octicon "download" aria-hidden="true" %} **Export CSV** button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)." {% endif %} + +{% ifversion security-overview-enterprise-codeql-pr-alerts %} + +## Viewing {% data variables.product.prodname_codeql %} pull request alerts metrics for your enterprise + +You can also view metrics for {% data variables.product.prodname_codeql %} alerts in pull requests across organizations in your enterprise. + +{% data reusables.security-overview.enterprise-filters-tip %} + +{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} +{% data reusables.code-scanning.click-code-security-enterprise %} +1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_codeql %} pull request alerts**. + +{% endif %} diff --git a/data/features/enforce-security-configurations.yml b/data/features/enforce-security-configurations.yml index f802279abeb1..3652d0eb79c6 100644 --- a/data/features/enforce-security-configurations.yml +++ b/data/features/enforce-security-configurations.yml @@ -2,4 +2,4 @@ versions: fpt: '*' ghec: '*' - ghes: '>= 3.14' + ghes: '>= 3.15' diff --git a/data/features/security-overview-enterprise-codeql-pr-alerts.yml b/data/features/security-overview-enterprise-codeql-pr-alerts.yml new file mode 100644 index 000000000000..6ec450cc8d97 --- /dev/null +++ b/data/features/security-overview-enterprise-codeql-pr-alerts.yml @@ -0,0 +1,5 @@ +# Reference: #14348 +# Documentation for enterprise-level CodeQL PR alerts report +versions: + ghes: '> 3.14' + ghec: '*' diff --git a/data/features/security-overview-org-codeql-pr-alerts.yml b/data/features/security-overview-org-codeql-pr-alerts.yml index 33c7d3e229a7..b0ae1fd5c850 100644 --- a/data/features/security-overview-org-codeql-pr-alerts.yml +++ b/data/features/security-overview-org-codeql-pr-alerts.yml @@ -1,4 +1,4 @@ -# Reference: #4347 +# Reference: #14347 # Documentation for org-level CodeQL PR alerts report versions: ghes: '> 3.14'