Available filters for security overview

This article lists all available filters (qualifiers) for security overview. The available filters vary depending on the specific view and whether you are viewing data at the enterprise or organization level.

For information about how to apply filters, see 보안 개요에서 경고 필터링.

Filter logic for security overview

You can apply filters and use logical operators to display results that meet specific criteria on security overview. By default, if you apply several different filters, you are using AND logic, meaning you will only see results that match every filter you apply. For example, if you add the filter is:public dependabot:enabled, you will only see results from repositories that are public and have Dependabot enabled.

Currently, there are two logical operators that you can apply to your filters on security overview:

• The - operator applies NOT logic, displaying all results except those that match the specified filter. To use the - operator, add it to the beginning of a filter. For example, filtering for -repo:REPOSITORY-NAME will display data from all repositories except REPOSITORY-NAME.
• The , operator applies OR logic, displaying results that match any of the specified values for a single filter. To use the , operator, add it between each listed value for a filter. For example, filtering for is:public,private will display data from all repositories that are public or private. Similarly, if you apply the same filter multiple times with different values, you are using OR logic. For example, is:public is:private is equivalent to is:public,private.

Repository name

Available in: All views

• Free text or keyword search: Display data for all repositories with a name that contains the keyword. For example, search for test to show data for both the "test-repository" and "octocat-testing" repositories.
• repo qualifier: Display data only for the repository that exactly matches the value of the qualifier. For example, search for repo:octocat-testing to show data for only the "octocat-testing" repository.

Repository visibility and status filters

Qualifier	Description	Views
visibility	Display data for all repositories that are public, private, or internal.	"Overview" and metrics
is	Display data for all repositories that are public, private, or internal.	"Risk" and "Coverage"
archived	Display only data for archived (true) or active (false) repositories.	All except "Alerts" views

Team and topic filters

Available in: All views

Qualifier	Description
team	Display data for all repositories that the specified team has write access or admin access to. For more information on repository roles, see 조직의 리포지토리 역할.
topic	Display data for all repositories that are classified with a specific topic. For more information on repository topics, see 토픽을 사용하여 리포지토리 분류.

Custom repository property filters

Available in: Organization-level "Overview" view

Custom repository properties are metadata that organization owners can add to repositories in an organization, providing a way to group repositories by the information you are interested in. For example, you can add custom repository properties for compliance frameworks or data sensitivity. For more information on adding custom repository properties, see 조직의 리포지토리에 대한 사용자 지정 속성 관리.

If you add custom properties to your organization and set values for repositories, you can filter the "Overview" using those custom properties as qualifiers.

Qualifier	Description
props.CUSTOM_PROPERTY_NAME	The qualifier consists of a props. prefix, followed by the name of the custom property. For example, props.data_sensitivity:high displays results for repositories with the data_sensitivity property set to the value high.

Repository owner name and type filters

Available in: Enterprise-level views

You can limit the data to repositories owned by a single organization in your enterprise.

Qualifier	Description	Views
owner	Display data for all repositories owned by one account owner.	Most views
org	Display data for repositories owned by one organization.	Dependabot alerts and code scanning alerts

Security feature enablement filters

Available in: "Risk" and "Coverage" views

Qualifier	Description
code-scanning-alerts	Display repositories that have configured code scanning.
dependabot-alerts	Display repositories that have enabled Dependabot alerts.
secret-scanning-alerts	Display repositories that have enabled 비밀 검사 경고.
any-feature	Display repositories where at least one security feature is enabled.

Extra filters for the "Coverage" view

Qualifier	Description
code-scanning-default-setup	Display data for repositories where code scanning is enabled or not enabled using CodeQL default setup.
code-scanning-pull-request-alerts	Display data for repositories where code scanning is enabled or not enabled to run on pull requests.
dependabot-security-updates	Display data for repositories where Dependabot security updates is enabled or not enabled.
secret-scanning-push-protection	Display data for repositories where push protection for secret scanning is enabled or not enabled.

Alert number filters

Available in: "Risk" view

Qualifier	Description
code-scanning-alerts	Display data for repositories that have exactly (=), more than (>) or fewer than (<) a specific number of code scanning alerts. For example: code-scanning-alerts:>100 for repositories with more than 100 alerts.
dependabot-alerts	Display data for repositories that have a specific number (=), more than (>) or fewer than (<) a specific number of Dependabot alerts. For example: dependabot-alerts:<=10 for repositories with fewer than or equal to 10 alerts.
secret-scanning-alerts	Display data for repositories that have a specific number (=), more than (>) or fewer than (<) a specific number of 비밀 검사 경고. For example: secret-scanning-alerts:=10 for repositories with exactly 10 alerts.

Alert type and property filters

Available in: "Overview" view

Alert type filters

Qualifier	Description
tool:codeql	Show data only for code scanning alerts generated using CodeQL.
tool:dependabot	Show data only for Dependabot alerts.
tool:secret-scanning	Show data only for 비밀 검사 경고.
tool:github	Show data for all types of alerts generated by GitHub tools.
tool:third-party	Show data for all types of alerts generated by third-party tools.
tool:TOOL-NAME	Show data for all alerts generated by a third-party tool for code scanning.

Alert property filters

Qualifier	Description
codeql.rule	Display data only for code scanning identified by a specific rule for CodeQL.
dependabot.ecosystem	Display data only for Dependabot alerts for a specific ecosystem, for example: npm.
dependabot.package	Display data only for Dependabot alerts for a specific package, for example: tensorflow.
dependabot.scope	Display data only for Dependabot alerts with a runtime or development scope.
secret-scanning.bypassed	Display data only for 비밀 검사 경고 where push protection was bypassed (true) or not bypassed (false).
secret-scanning.provider	Display data only for 비밀 검사 경고 issued by a specific provider, for example: secret-scanning.provider:adafruit.
secret-scanning.secret-type	Display data only for 비밀 검사 경고 for a specific type of secret, for example: secret-scanning.secret-type:adafruit_io_key.
secret-scanning.validity	Display data only for 비밀 검사 경고 for a specific validity (active, inactive, or unknown).
severity	Display data only for alerts of a specific severity (critical, high, medium, or low).
third-party.rule	Display data only for code scanning identified by a specific rule for a tool developed by a third party. For example, third-party.rule:CVE-2021-26291-maven-artifact shows only results for the CVE-2021-26291-maven-artifact rule of a third-party code scanning tool.

Dependabot view filters

Available in:

• Dependabot view

Qualifier	Description
assignee	Display alerts by assignee username or team, for example: assignee:@octocat, assignee:@copilot, or assignee:@github/security-team.
ecosystem	Display Dependabot alerts detected in a specified ecosystem, for example: ecosystem:Maven.
epss_percentage	Display Dependabot alerts whose EPSS score meets the defined criteria, for example: epss_percentage:>=0.01
has	Display Dependabot alerts for vulnerabilities where either a secure version is already available (patch) or where at least one call from the repository to a vulnerable function is detected (vulnerable-calls). For more information, see Dependabot 경고 보기 및 업데이트.
is	Display Dependabot alerts that are open (open) or closed (closed).
package	Display Dependabot alerts detected in the specified package, for example: package:semver.
props	Display Dependabot alerts for repositories with a specific custom property set. For example, props.data_sensitivity:high displays results for repositories with the data_sensitivity property set to the value high.
relationship	Display Dependabot alerts detected in direct (relationship:direct) or indirect dependencies (relationship:transitive).
repo	Display Dependabot alerts detected in a specified repository, for example: repo:octo-repository.
resolution	Display Dependabot alerts closed as "auto-dismissed" (auto-dismissed), "a fix has already been started" (fix-started), "fixed" (fixed), "this alert is inaccurate or incorrect" (inaccurate), "no bandwidth to fix this" (no-bandwidth), "vulnerable code is not actually used" (not-used), or "risk is tolerable to this project" (tolerable-risk).
scope	Display Dependabot alerts from the development dependency (development) or from the runtime dependency (runtime).
severity	Display Dependabot alerts of the specified severity, for example: severity:critical.
sort	Groups Dependabot alerts by the manifest file path the alerts point to (manifest-path) or by the name of the package where the alert was detected (package-name). Alternatively, displays alerts from most important to least important, as determined by CVSS score, vulnerability impact, relevancy, and actionability (most-important), from newest to oldest (newest), from oldest to newest (oldest), or from most to least severe (severity).
team	Display Dependabot alerts owned by members of the specified team, for example: team:octocat-dependabot-team.
topic	Display Dependabot alerts with the matching repository topic, for example: topic:asdf.

Dependabot dashboard filters

Available in: Dependabot dashboard view

한정자	설명
repo	특정 리포지토리에서 감지된 Dependabot alerts를 표시합니다(예: repo:octo-repository).
topic	리포지토리 항목과 일치하는 Dependabot alerts를 표시합니다(예: topic:asdf).
team	지정된 팀의 구성원이 소유한 Dependabot alerts를 표시합니다(예: team:octocat-dependabot-team).
visibility	지정된 가시성의 리포지토리에서 감지된 Dependabot alerts를 표시합니다(예: visibility:private).
archived	보관되었거나 보관되지 않은 리포지토리에서 감지된 Dependabot alerts를 표시합니다(예: archived:true).
state	지정된 상태의 Dependabot alerts를 표시합니다(예: state:unresolved).
severity	지정된 심각도의 Dependabot alerts를 표시합니다(예: severity:critical).
scope	개발 종속성(development) 또는 런타임 종속성(runtime)에서 Dependabot alerts를 표시합니다.
package	특정 패키지에서 감지된 Dependabot alerts를 표시합니다. 예: package:lodash.
ecosystem	특정 에코시스템에서 감지된 Dependabot alerts를 표시합니다. 예: ecosystem:Maven.
relationship	지정된 관계의 Dependabot alerts를 표시합니다(예: relationship:indirect).
epss_percentage	정의된 기준을 충족하는 EPSS 점수를 가진 Dependabot alerts를 표시합니다(예: epss_percentage:>=0.01).
exclude <QUALIFIER>	사용 가능한 모든 한정자에 적용됩니다. Dependabot alerts 목록에서 선택한 한정자와 일치하지 않는 경고를 표시합니다.

Alternatively, you can use complex filters by clicking Filter and build custom filters to suit your needs.

Code scanning view filters

Available in: code scanning view

You can click any result to see full details of the relevant query and the line of code that triggered the alert.

Qualifier	Description
is	Display code scanning alerts that are open (open) or closed (closed).
resolution	Display code scanning alerts closed as "false positive" (false-positive), "fixed" (fixed), "used in tests" (used-in-tests), or "won't fix" (wont-fix).
rule	Display code scanning alerts identified by the specified rule.
severity	Display code scanning alerts categorized as critical, high, medium, or low security alerts. Alternatively, displays code scanning alerts categorized as error, warning, note problems.
sort	Display alerts from newest to oldest (created-desc), oldest to newest (created-asc), most recently updated (updated-desc), or least recently updated (updated-asc).
tool	Display code scanning alerts detected by the specified tool, for example: tool:CodeQL for alerts created using the CodeQL application in GitHub.

Secret scanning view filters

Available in: secret scanning view

Qualifier	Description
bypassed	Display 비밀 검사 경고 where push protection was bypassed (true) or not bypassed (false).
is	Display 비밀 검사 경고 that are open (open), closed (closed), publicly leaked (publicly-leaked), or multi-repository (multi-repository).
props	Display alerts for repositories with a specific custom property set. For example, props.data_sensitivity:high displays results for repositories with the data_sensitivity property set to the value high.
provider	Display alerts for all secrets issued by a specified provider, for example: adafruit.
repo	Display alerts detected in a specified repository, for example: repo:octo-repository.
resolution	Display 비밀 검사 경고 closed as "false positive" (false-positive), "hidden by config" (hidden-by-config), "pattern deleted" (pattern-deleted), "pattern edited" (pattern-edited), "revoked" (revoked), "used in tests" (used-in-tests), or "won't fix" (wont-fix).
results	Display default (default) or generic (generic) 비밀 검사 경고.
secret-type	Display alerts for the specified secret and provider (provider-pattern) or custom pattern (custom-pattern).
sort	Display alerts from newest to oldest (created-desc), oldest to newest (created-asc), most recently updated (updated-desc), or least recently updated (updated-asc).
team	Display alerts owned by members of the specified team, for example: team:octocat-dependabot-team.
topic	Display alerts with the matching repository topic, for example: topic:asdf.
validity	Display alerts for a specific validity (active, inactive, or unknown).