Merge branch 'explain-unknown-severity' into 'master'

Clarify unknown severity in docs See merge request gitlab-org/gitlab!32064

Merge branch 'explain-unknown-severity' into 'master'
Clarify unknown severity in docs See merge request gitlab-org/gitlab!32064
93ad0fcc · Nick Gaskill · 01c3cdfc · d7ae9097 · 93ad0fcc
Commit 93ad0fcc authored May 14, 2020 by Nick Gaskill
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 3 deletions

doc/user/application_security/index.md doc/user/application_security/index.md +13 -3

No files found.
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -201,9 +201,19 @@ security team when a merge request would introduce one of the following security
 - A security vulnerability
 - A software license compliance violation

-This threshold is defined as `high`, `critical`, or `unknown` severity. When any vulnerabilities are
-present within a merge request, an approval is required from the `Vulnerability-Check` approver
-group.
+The security vulnerability threshold is defined as `high`, `critical`, or `unknown` severity. The
+`Vulnerability-Check` approver group must approve merge requests that contain vulnerabilities.
+
+When GitLab can assess vulnerability severity, the rating can be one of the following:
+
+- `unknown`
+- `low`
+- `medium`
+- `high`
+- `critical`
+
+The rating `unknown` indicates that the underlying scanner doesn't contain or provide a severity
+rating.

 ### Enabling Security Approvals within a project