Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/user/application_security/vulnerability_report/pipeline.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/application_security/vulnerability_report/pipeline.md')
-rw-r--r--doc/user/application_security/vulnerability_report/pipeline.md10
1 files changed, 6 insertions, 4 deletions
diff --git a/doc/user/application_security/vulnerability_report/pipeline.md b/doc/user/application_security/vulnerability_report/pipeline.md
index 7a414e9a4ae..ef66925b9c9 100644
--- a/doc/user/application_security/vulnerability_report/pipeline.md
+++ b/doc/user/application_security/vulnerability_report/pipeline.md
@@ -11,7 +11,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
To view vulnerabilities in a pipeline:
-1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project.
+1. On the left sidebar, select **Search or go to** and find your project.
1. Select **Build > Pipelines**.
1. From the list, select the pipeline you want to check for vulnerabilities.
1. Select the **Security** tab.
@@ -25,9 +25,11 @@ For example, if a pipeline contains DAST and SAST jobs, but the DAST job fails b
[exit code](../../../development/integrations/secure.md#exit-code), the report doesn't show DAST results.
The pipeline vulnerability report only shows results contained in the security report artifacts. This report differs from
-the [Vulnerability Report](index.md), which contains cumulative results of all successful jobs, and from the merge request
-[security widget](../index.md#view-security-scan-information-in-merge-requests), which combines the branch results with
-cumulative results.
+the [vulnerability report](index.md), which contains cumulative results of all successful jobs, and from the merge request
+[security widget](../index.md#merge-request), which contains new vulnerability findings that don't already exist on the default branch.
+
+NOTE:
+If a new advisory is added to our advisory database and the last pipeline for the default branch is stale, the resulting vulnerability may appear in the MR widget as "New" when it is already in the default branch. This will be resolved by [Continuous Vulnerability Scans](https://gitlab.com/groups/gitlab-org/-/epics/7886).
The pipeline vulnerability report only displays after the pipeline is complete. If the pipeline has a [blocking manual job](../../../ci/jobs/job_control.md#types-of-manual-jobs), the pipeline waits for the manual job and the vulnerabilities cannot be displayed if the blocking manual job did not run.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 07:13:58 +0300