Running the code security risk assessment for your organization

Determine your organization's exposure to vulnerabilities by generating a code security risk assessment report.

Who can use this feature?

Organization owners and security managers

Free for organizations on GitHub Team and GitHub Enterprise
Get started with security risk assessments

In this article

Generating an initial code security risk assessment

  1. On GitHub, navigate to the main page of the organization.

  2. Under your organization name, click the Security and quality tab.

  3. In the sidebar, under "Security", click Assessments.

  4. To generate the code security risk assessment, click Scan your organization.

    Note

    If you haven't previously run a security risk assessment, this will also initiate a secret risk assessment.

    If you're an organization owner and you've opted in for email notifications, GitHub will send you an email to let you know when the report is ready to view.

Rerunning the code security risk assessment

You can only generate a code security risk assessment report once every 90 days.

  1. On GitHub, navigate to the main page of the organization.

  2. Under your organization name, click the Security and quality tab.

  3. In the sidebar, under "Security", click Assessments.

  4. Towards the top right side of the existing report, click Rerun scan.

    If you're an organization owner and you've opted in for email notifications, GitHub will send you an email to let you know when the report is ready to view.

Next steps

Now that you've generated a code security risk assessment report for your organization, learn how to interpret the results. See Interpreting code security risk assessment results.