diff options
Diffstat (limited to 'doc/user/application_security/vulnerabilities/index.md')
-rw-r--r-- | doc/user/application_security/vulnerabilities/index.md | 34 |
1 files changed, 7 insertions, 27 deletions
diff --git a/doc/user/application_security/vulnerabilities/index.md b/doc/user/application_security/vulnerabilities/index.md index ffec4bf336d..ff383fdf553 100644 --- a/doc/user/application_security/vulnerabilities/index.md +++ b/doc/user/application_security/vulnerabilities/index.md @@ -9,10 +9,11 @@ info: To determine the technical writer assigned to the Stage/Group associated w > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0. -Each security vulnerability in the [Security Dashboard](../security_dashboard/index.md#project-security-dashboard) has its own standalone -page. +Each security vulnerability in a project's [Security Dashboard](../security_dashboard/index.md#project-security-dashboard) has an individual page which includes: -![Vulnerability page](img/vulnerability_page_v13_1.png) +- Details of the vulnerability. +- The status of the vulnerability within the project. +- Available actions for the vulnerability. On the vulnerability page, you can interact with the vulnerability in several different ways: @@ -22,7 +23,7 @@ several different ways: - [Create issue](#creating-an-issue-for-a-vulnerability) - Create a new issue with the title and description pre-populated with information from the vulnerability report. By default, such issues are [confidential](../../project/issues/confidential_issues.md). -- [Solution](#automatic-remediation-solutions-for-vulnerabilities) - For some vulnerabilities, +- [Solution](#automatic-remediation-for-vulnerabilities) - For some vulnerabilities, a solution is provided for how to fix the vulnerability. ## Changing vulnerability status @@ -46,28 +47,7 @@ project the vulnerability came from, and pre-populates it with useful informatio the vulnerability report. After the issue is created, GitLab redirects you to the issue page so you can edit, assign, or comment on the issue. -## Automatic remediation solutions for vulnerabilities +## Automatic remediation for vulnerabilities You can fix some vulnerabilities by applying the solution that GitLab automatically -generates for you. GitLab supports the following scanners: - -- [Dependency Scanning](../dependency_scanning/index.md): Automatic Patch creation - is only available for Node.js projects managed with `yarn`. -- [Container Scanning](../container_scanning/index.md). - -When an automatic solution is available, the button in the header will show "Resolve with merge request": - -![Resolve with Merge Request button](img/vulnerability_page_merge_request_button_v13_1.png) - -Selecting the button will create a merge request with the automatic solution. - -### Manually applying a suggested patch - -To manually apply the patch that was generated by GitLab for a vulnerability, select the dropdown arrow on the "Resolve -with merge request" button, then select the "Download patch to resolve" option: - -![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png) - -This will change the button text to "Download patch to resolve". Click on it to download the patch: - -![Download patch button](img/vulnerability_page_download_patch_button_v13_1.png) +generates for you. [Read more about the automatic remediation for vulnerabilities feature](../index.md#solutions-for-vulnerabilities-auto-remediation). |