Enterprise Server 3.20 目前作为发布候选版本提供。

Security overview dashboard metrics

Detailed explanations of metrics, calculations, and data visualizations on the overview page of your security overview.

在本文中

Dashboard metrics

The overview dashboard of security overview displays security alert metrics for your organization or enterprise.

Trend indicators show percentage change compared to the previous period. For example:

  • 10 alerts this week vs. 20 alerts last week = 50% decrease
  • An average alert age of 15 days vs. 5 days = 200% increase

Alert severity filtering: The dashboard only includes alerts with security severity levels: Critical, High, Medium, or Low. Non-security alerts (Error, Warning, or Note) are excluded. This may cause the dashboard count to differ from code scanning alert totals. For more information, see 关于代码扫描警报.

Dashboard structure

The Detection tab includes information on:

  • Alert status and age
  • Secrets blocked or bypassed
  • High-risk repositories and vulnerabilities

The Remediation tab includes information on:

  • How alerts are resolved
  • Alert activity over time

The Prevention tab includes information on:

  • Vulnerabilities prevented and fixed in pull requests
  • CodeQL alerts in merged pull requests (not on the default branch)

Detection metrics

Track the current state of security alerts.

Open alerts over time

Shows the number of open alerts over time.

Included

  • New alerts (shown on creation date)
  • Existing open alerts (shown at start of period)

Excluded

  • Remediated or dismissed alerts

Default grouping: Alert severity

Age of alerts

Average age of alerts still open at the end of the time period.

Formula: (Period end date - Alert creation date) averaged across all open alerts

Note: Reopened alerts use the original creation date, not the reopen date

Reopened alerts

Total open alerts that were reopened during the time period.

Counted if:

  • Closed before the period and still open at period end
  • Created, closed, and reopened during the period
  • Open at period start, closed, then reopened during the period

Requirement: Must be open at the end of the reporting period.

Secrets bypassed or blocked

Ratio of secrets bypassed to total secrets blocked by push protection.

Metrics

  • Bypassed: Detected secrets that were committed anyway
  • Successfully blocked: Total blocked minus bypassed

View details: Click to see the secret scanning report with matching filters.

For more information, see 查看机密扫描推送保护功能的度量指标.

Impact analysis table

Shows repositories and vulnerabilities with the highest security risk.

Repositories tab

  • Top 10 repositories by open alert count
  • Total alerts and severity breakdown

Advisories tab

  • Top 10 CVE advisories by alert count
  • Dependabot alerts only

SAST vulnerabilities tab

  • Top 10 Static Application Security Testing (SAST) vulnerabilities
  • Dependabot alerts only

Remediation metrics

Track how quickly and effectively alerts are resolved.

Closed alerts over time

Graph showing the number of closed alerts over time.

Included

  • Alerts closed during period (shown on close date)
  • Alerts closed before period (shown at start of period)

Default grouping: Alert severity

Mean time to remediate

Average age of alerts remediated or dismissed during the time period.

Formula: (Alert close date - Alert creation date) averaged across all closed alerts

Excluded: Alerts closed as "false positive"

注意

Reopened alerts use the original creation date, not the reopen date.

Net resolve rate

Rate at which alerts are being closed (measures resolution velocity).

Formula: Closed alerts (that stayed closed) ÷ New alerts created

Important: Uses all new and closed alerts in the period. These may be different alert populations.

Excluded: Alerts reopened and re-closed during the period.

Alert activity graph

Shows alert inflows and outflows over time.

Visual key

  • Green bars: New alerts created
  • Purple bars: Alerts closed
  • Blue line: Net activity (new minus closed)

Prevention metrics

Track vulnerabilities caught and fixed before reaching production.

Data source: CodeQL alerts in merged pull requests (not on the default branch)

Introduced versus prevented

Cumulative vulnerabilities caught versus introduced.

Prevented

  • Pull request alerts fixed before merge
  • Detected by CodeQL
  • Dates based on fix date

Introduced

  • New pull request alerts dismissed as "Risk accepted" or unresolved at merge
  • Detected by CodeQL
  • Dates based on creation date

Vulnerabilities fixed in pull requests

Count of pull request alerts with close reason "Fixed" in merged pull requests.

Alert types: CodeQL or secret scanning