diff options
Diffstat (limited to 'doc/user/application_security/vulnerabilities/index.md')
-rw-r--r-- | doc/user/application_security/vulnerabilities/index.md | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/user/application_security/vulnerabilities/index.md b/doc/user/application_security/vulnerabilities/index.md index f5b1192269d..f0ac01000ef 100644 --- a/doc/user/application_security/vulnerabilities/index.md +++ b/doc/user/application_security/vulnerabilities/index.md @@ -153,7 +153,7 @@ The following scanners are supported by this feature: - [Dependency Scanning](../dependency_scanning/index.md). Automatic Patch creation is only available for Node.js projects managed with - `yarn`. + `yarn` when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is disabled. - [Container Scanning](../container_scanning/index.md). To resolve a vulnerability, you can either: @@ -206,7 +206,12 @@ To enable security training for vulnerabilities in your project: > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/6176) in GitLab 14.9. -If security training is enabled, the vulnerability page includes a training link relevant to the detected vulnerability. +The vulnerability page may include a training link relevant to the detected vulnerability if security training is enabled. +The availability of training depends on whether the enabled training vendor has content matching the particular vulnerability. +Training content is requested based on the [vulnerability identifiers](../../../development/integrations/secure.md#identifiers). +The identifier given to a vulnerability will vary from one vulnerability to the next. The available training +content varies between vendors. This means some vulnerabilities will display no training content. +Vulnerabilities with a CWE are most likely to return a training result. To view the security training for a vulnerability: |