Understand Dashboard Metrics
Why Metrics Matter
Optimize Security Investments Security metrics provide a clear view of risk exposure, remediation efficiency, and the business value of security initiatives, helping you ensure that security resources are allocated efficiently and sustainably.
Enable Data-Driven Security Decisions By tracking vulnerabilities, remediation rates, and cost savings, security leaders can make informed decisions about tooling, staffing, and process improvements.
Spot Security Gaps or Overload Identify teams or repositories at risk of breaches or those with excess capacity, so you can rebalance security efforts proactively.
How to Apply Dashboard Filters
The Basic, Hierarchy, Vendor, and Geolocation filters cannot be used simultaneously. Only one filter type can be active at a time.
To locate and apply filters in your dashboard:
Look for a yellow arrow on the top-right corner.
Click on this to expand the filters.
Basic Filters: Shows selection for GitHub Organization and Teams.
Repository: Choose the required repositories. This filter lets you select which specific GitHub project you want the dashboard data and analytics to focus on.
Hierarchy Filters Filter data by user roles in your organization’s leadership hierarchy. Click the dropdown under a role and select the GitHub users tagged with that role (e.g., "John- SVP").
Vendor Filters Filter data based on third-party vendors integrated with GitHub. Click the dropdown and select vendors to view associated organizations or teams.
Geolocation Filters Filter data by geographic regions to compare usage across regions (e.g., "North America," "Europe-APAC"). Click the dropdown and select locations tied to repositories or users.
How to Measure the Metrics
First Level of Security metrics
The GitHub Security Dashboard tracks four key metrics: code scanning alerts, secret detection, dependency alerts, impacted repositories, and protected repositories. Each metric displays a trend percentage, indicating the change compared to the previous month, along with an upward or downward trend arrow.
Code Scanning Alerts: The number of open and closed alerts from code scanning tools for the selected time period.
Secret Detection: Instances of sensitive information found within the codebase for the selected time period.
Dependency Alerts: The number of vulnerabilities found in third-party libraries or packages the project depends on for the selected time period.
Second Level of Security metrics
This section provides more in-depth security metrics, focusing on key areas of code security and overall project health. These metrics are essential for identifying and mitigating potential vulnerabilities, ensuring that your codebase remains robust and secure. By clicking on each metric, you can access detailed charts and information that will help you understand the specific security risks facing your project and take appropriate action to mitigate them.
Code Scan
Code Scan metrics
Total Alerts: Refers to the overall quantity of security alerts found in the codebase from the beginning up to the present timeframe. It also displays the percentage change in the alert count compared to the previous month and a trend indicator, which uses green for a positive change and red for a negative change.
Total Closed Alerts: Indicates the number of alerts that have been resolved or dismissed after review, from the beginning up to the present timeframe.
Closed Alerts: Indicates alerts that were resolved, within the chosen timeframe.
Code Scan Drill Down Charts
KPI Name
Function
The chart visualizes the trends in code scanning alerts over a specified timeframe. It helps developers and security teams understand the dynamics of alert management, including how many alerts are being generated, resolved, and remain open.A high number of newly created alerts alongside a low number of closed alerts may suggest a backlog or inefficiency in addressing security concerns.
Chart Components
Closed Alerts: Represents the total number of alerts that have been successfully addressed and closed within the selected timeframe.
Closed Alerts (Opened in Same Timeframe): Tracks the alerts that were both opened and closed within the same timeframe.
Newly Created Alerts: Tracks the number of new alerts generated during the specified period.
MTTR BY Alert Severity Chart
The chart illustrates the duration required to resolve security alerts based on their severity classifications. The x-axis indicates the different levels of severity, and the y-axis shows the hours spent resolving these alerts. This offers essential insights into how effectively various types of security alerts are managed.
View detailed info for each alert, open/closed for the chosen timeframe.
Alert ID: This is a unique identifier assigned to each alert.
Alert Title: This provides a brief description or title of the alert, summarizing the nature of the issue detected in the code.
Rule Tag: This indicates the specific rule or guideline that was violated, leading to the generation of the alert.
Severity Level: Alerts are categorized based on their severity, which can range from low to critical.
Category: This column categorizes alerts into broader groups.
Current Status: This indicates whether an alert has been resolved, is still open, or requires further investigation.
Created At: This timestamp shows when the alert was generated.
Project Repo: This indicates the specific project repository to which the alert belongs.
Export: Click the Export button, to download the report for further analysis.
This chart visually compares the performance of teams based on code scan alerts. It categorizes alerts into opened and closed, showing the total number of scan alerts each for high-performing and low-performing teams over a designated time period.
Opened: Illustrates the total number of unresolved code scan alerts.
Closed: Illustrates the total number of resolved code scan alerts.
Performance Comparison: Highlights differences in alert management between high and low-performing teams, to assess team performance.
Secret Scan
Total Default Open Secrets: Refers to the number of secrets that are accessible without any specific restrictions by default. This metric indicates potential vulnerabilities within your system. A high number of default open secrets may suggest that sensitive information is exposed, which could be exploited by unauthorized users.
Total Generic Open Secrets: Reflects the total count of generic secrets that can be accessed without specific restrictions.
Revoked Secrets: Indicates the number of secrets that have been invalidated or revoked due to various reasons such as expiration, compromise, or policy changes. Tracking revoked secrets is essential for maintaining an up-to-date security posture.
KPI NAME
FUNCTION
Secret Detection Trends
This chart visualizes the trends in secret detection alerts over a specified timeframe. It provides insights into how many alerts have been generated and revoked this period. A rising trend in newly created alerts may indicate an increase in potential security issues or improved detection capabilities.
Chart Components:
Total Default Open Secrets: Indicates the total number of secrets that are open by default within your system. Total Generic Open Secrets: Reflects the total count of generic secrets that are accessible without specific restrictions. Revoked Secrets: Indicates the number of secrets that have been revoked or invalidated.
MTTR by Secret Validity
The chart illustrates the average time taken to resolve issues based on the validity status of detected secrets. The validity for Secrets can be "Unknown", "Active" or "Inactive ".
Push Protection Bypassed Secrets Widget
Push Protection bypassed Secrets: Shows the total number of times developers bypassed push protection for secrets in the selected time range.
Most Push Protection bypassed Project: Identifies the repository with the highest count of bypassed pushes.
Most bypassed Secret Type: Lists the secret type that is most frequently allowed through after a push protection warning.
Push Protection bypassed Secrets Trend chart
The trend chart plots the number of bypassed secrets over time so you can see whether developer behavior is improving or worsening after policy or training changes.
X‑axis: Groups bypass events into time windows such as weeks or months; the date corresponds to when the bypass occurred, not when the alert was later resolved.
Y‑axis (bypassed secrets count): Shows how many bypass events occurred in each time window. Click the "table" icon to view the following details:
Alert ID: A unique identifier for each secret scanning alert so you can reference or track it across systems.
Secret Type: The kind of credential that was detected.
Severity Level: Risk level assigned to the alert (such as High or Critical).
Category: The detection category. For example, “Secret Scanning,” indicates that the alert came from GitHub’s secret scanning engine rather than another security feature.
Current Status: Workflow state of the alert.
Created At: The date and time when GitHub first raised the alert for the discovered secret.
Resolved At: The timestamp when the alert was marked resolved.
Secret Pattern Type: The detection rule or pattern used to find the secret.
Author: The user associated with the commit where the secret was found.
Project Repository: The repository containing the secret, which helps you locate affected code.
Alert ID: This is a unique identifier assigned to each alert.
Secret Type: The category of the secret.
Severity Level: The severity of the secret.
Category: This column categorizes secrets into broader groups.
Current Status: This indicates whether a secret has been resolved, is still open, or requires further investigation.
Created At: This timestamp shows when the secret was generated.
Publicly Leaked: Indicates if the secret has been publicly leaked.
Secret Pattern Type: Specifies if the secret is classified as default or generic.
Validity: Indicates the current validity status of the secret.
Project Repo: This indicates the specific project repository to which the secret belongs.
Repo URL: A link to the repository for quick access.
Export: Click the Export button, to download the report for further analysis.
To enhance usability, you can filter the displayed results based on the following criteria.
Secret Pattern: Narrow down results by selecting a specific type of secret.
Validity: Filter results to show only those secrets that match a particular validity status.
Team Comparison
This chart visually compares the performance of teams based on security scan alerts. It categorizes alerts into opened and closed, showing the total number of security scan alerts each for high-performing and low-performing teams over a designated time period.
Opened: Illustrates the total number of secrets that have been detected but not removed.
Closed: Illustrates the total number of secrets that have been closed successfully.
Performance Comparison: Highlights differences in security scan management between high and low-performing teams to assess team performance.
Dependency Review
Total Open Alerts:Indicates the number of open alerts present in the dependencies used within a project, from the beginning to the current timeframe.
Total Closed Alerts: Indicates the number dependencies that have been updated to their latest secure versions, from the beginning to the current timeframe. The change percentage of the count compared to last month is shown, along with a trend indicator, which is green to represent a positive change, and red to represent a negative change.
Closed Alerts: Indicates the number dependencies that have been updated to their latest secure versions, for the chosen timeframe.
Dependency Vulnerability Trends
The chart visualizes the trends in security score over a specified timeframe by comparing various categories of issues related to security. Understand the trends to allocate resources and prioritize actions to enhance your overall security posture.
Chart Components
Closed Issues: This line represents the total number of security issues that have been resolved and closed within the selected timeframe.
Closed Issues (Opened in Same Timeframe): This line shows the number of issues that were both opened and closed within the same timeframe.
Newly Created Issues:This line tracks the number of new security issues that have been reported during the specified period.
MTTR BY DEPENDENCY SEVERITY
The chart displays the time required to address vulnerable dependencies, categorized by the severity of the dependency. The horizontal axis shows the various levels of secret severity, and the vertical axis represents the number of hours taken to remediate them.
Dependency Vulnerability Trends Remediations
Alert ID: This is a unique identifier assigned to each alert.
Alert Title: A description for the alert.
Severity Level: Alerts are categorized based on their severity, which can range from low to critical.
Category: This column categorizes dependency into broader groups.
Current Status: This indicates whether an alert has been resolved, is still open, or requires further investigation.
Created At: This timestamp shows when the alert was generated.
Project Repo: This indicates the specific project repository to which the alert belongs.
Export: Click the Export button, to download the report for further analysis.
Team Comparison Chart for Dependency Review
This chart visually compares the performance of teams based on dependency review alerts. It categorizes alerts into opened and closed, showing the total number of dependency review alerts each for high-performing and low-performing teams over a designated time period.
Opened: Illustrates the total number of unresolved alerts.
Closed: Illustrates the total number of resolved alerts.
Performance Comparison: Highlights differences in dependency review alerts between high and low-performing teams to assess team performance.
Overall Security
This metric reflects the strength of a system's security posture and provides insight into the overall security performance.
Total Issues: The total number of identified issues from Code Scan, Secret Scan, and dependency review.
Closed Issues: The total number of closed issues from Code Scan, Secret Scan, and dependency review, since the project began.
Total Closed Alerts: Indicates the total number of issues (from Code Scan, Secret Scan, and Dependency Review) that have been closed, either resolved or dismissed within the selected timeframe.
KPI Name
Function
Security Score Trends
The chart visualizes the trends in security score over a specified timeframe by comparing various categories of issues related to security. Understand the trends to allocate resources and prioritize actions to enhance your overall security posture.
Chart Components
Closed Issues: This line represents the total number of security issues that have been resolved and closed within the selected timeframe.
Closed Issues (Opened in Same Timeframe): This line shows the number of issues that were both opened and closed within the same timeframe.
Newly Created Issues:This line tracks the number of new security issues that have been reported during the specified period.
MTTR by Security Score
The graph displays the time taken to address security vulnerabilities, categorized by type. The horizontal axis shows the different categories, while the vertical axis represents the number of hours needed to resolve them.
Security Posture Trends Remediation
Alert ID: This is a unique identifier assigned to each alert.
Category: This column categorizes alerts into broader groups.
Current Status: This indicates whether an alert has been resolved, is still open, or requires further investigation.
Created At: This timestamp shows when the alert was generated.
Export: Click the Export button, to download the report for further analysis.Team Comparison Chart
Team Comparison Chart
This chart visually compares the performance of teams based on the overall security alerts. It categorizes alerts into opened and closed, showing the total number of security alerts each for high-performing and low-performing teams over a designated time period.
Opened: Illustrates the total number of unresolved issues.
Closed: Illustrates the total number of resolved issues.
Performance Comparison: Highlights differences in security alerts between high and low-performing teams to assess team performance.
7. Cost Analysis
Estimates the financial benefits and risk reduction from using GitHub Advanced Security.
How it is calculated:
Time Savings: (Manual discovery time + manual fix time) - (GHAS discovery time + GHAS fix time).
Manual Discovery Time: (Critical vulnerabilities × 4 hours) + (Medium vulnerabilities × 1 hour).
Manual Fix Time: (Critical vulnerabilities × 8 hours) + (Medium vulnerabilities × 2 hours).
GHAS Time: Manual time × 0.5 (assuming 50% efficiency gain).
Cost Savings: Time saved × hourly developer rate × number of developers.
Risk Value: (Critical vulnerabilities × cost per critical) + (Medium vulnerabilities × cost per medium).
Risk Reduction: Equals risk value, as mitigated by GHAS.
Value delivered:
Consolidated Business Value Insights
All relevant business-value data—like scan type, average discovery time, and average dismiss time—are grouped under the business value section, providing a holistic view of security findings and their impact.
Standardized Discovery Time Calculation
No more manual entries: the dashboard now automatically calculates discovery time by averaging the intervals between scans, eliminating user error and ensuring consistency across analyses.
Fractional Hour Support Time-based calculations now allow fractional hours (e.g., 3.5 hours), giving you more precise ROI metrics for time spent on security activities.
How Opsera Helps
Real-Time Updates Dashboards update automatically as new data is ingested from your integrated tools.
Flexible Filters Slice metrics by team, repository, or time window to focus on what matters most.
Drill-Down Links Click any data point to jump to detailed views, such as specific alerts, teams, or cost breakdowns.
Actionable Insights Highlight areas of high risk, slow remediation, or cost savings so you can intervene early.
Best Practices
Monitor Security Trends Regularly Review alert trends, MTTR, and remediation rates at least monthly.
Prioritize Critical Issues Use MTTR by severity to focus on high-risk vulnerabilities.
Benchmark Teams Leverage team comparison charts to share best practices and allocate resources.
Quantify Value Use cost analysis to justify security investments and demonstrate business impact.
Filter by Team, Region, or Vendor Customize views to focus on specific areas of interest or concern.
FAQs
What is the GitHub Advanced Security Dashboard? The dashboard provides a unified, real-time view of security metrics across your GitHub repositories, including code scanning, secret detection, and dependency vulnerability alerts, enabling proactive risk management and compliance.
How often are security metrics updated on the dashboard? Metrics are updated automatically as soon as new data is available from your connected tools, typically within minutes of a new scan or alert.
Can I filter dashboard data by team, repository, or time period? Yes, you can filter metrics by team, repository, metadata, time period, and specific security tools for focused analysis.
What types of security issues does the dashboard track? The dashboard tracks code scanning alerts (SAST), secret detection, dependency vulnerabilities (SCA), and more, giving a holistic view of your codebase security.
How is mean time to remediate (MTTR) calculated? MTTR is calculated as the average time taken to resolve security alerts, usually broken down by severity level, from alert creation to closure.
Can I export security metrics and reports from the dashboard? Yes, you can export data or schedule reports for sharing with stakeholders or for audit purposes.
How does the dashboard help with cost analysis and ROI? The dashboard estimates time and cost savings from using GitHub Advanced Security, comparing automated remediation to manual processes, and projects risk reduction and financial impact.
What are “impacted” and “protected” repositories? “Impacted” repositories have open security alerts, while “protected” repositories have security features (like code scanning or push protection) enabled.
How do I know if my team is using GitHub Advanced Security effectively? The dashboard provides team comparison charts and trend analysis, allowing you to benchmark performance and identify areas for improvement.
Last updated