See Dependabot alerts for whole organization

[glye]

Select Topic Area

Product Feedback

Body

Dependabot is a great feature. But when one has many repos it is difficult to keep an overview. I can't see any way to see all Dependabot alerts for a whole organization on one page. The API supports it though:
https://docs.github.com/en/rest/dependabot/alerts?apiVersion=2022-11-28#list-dependabot-alerts-for-an-organization

So I made a script for it. But it would be better if the GitHub web UI included such an overview, accessible from the organisation page, with statistics and and filtering options.

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐

[carogalvin]

You should be able to access this by going to the Organization > Security > Dependabot. We can't put all the alerts on a single page or that page would take forever to load, but there are some filters there that you can use. If you use GHAS, you can also see some trends and statistics in the Security Overview page.

[glye]

Thanks, this is the answer - with the caveat that github advanced security is required to access it.

[glye]

@carogalvin Hi! I see no link like you describe. There is my_organisation -> Settings -> Security, but no dependabot link here. There is "Code security" -> "Global settings", but what's there is not what I'm asking for. Can you please provide an example link to the page you are talking about?

Page load time is an easily solvable problem with caching. Generate the data from each repo (as is already done today), save it in a usable format, and load it from a new org-wide dependabot page, with indicators for how old the cache is. It doesn't have to be realtime, some cache lag is fine for an overview page. It could list all repos that have alerts and show the number of alerts per repo, and then we could click a repo to expand it in the same view and list all alerts.

[carogalvin]

My mistake, it seems the page I was referring to is only available if you have our paid GitHub Advanced Security (GHAS) Product. In which case I think the only solution is your API workaround :/

[glye]

@carogalvin Good to know that it exists, then! If you can, please point me to documentation for this feature, so I know exactly what I'm missing and can consider upgrading.

[glye]

Nevermind, I found it. "Security Overview" is what I'm missing. Screenshots would have been nice, but there are textual descriptions:
https://docs.github.com/en/enterprise-cloud@latest/code-security/security-overview/about-security-overview
https://docs.github.com/en/enterprise-cloud@latest/code-security/security-overview/filtering-alerts-in-security-overview