Commit a629703f authored by Nicole Schwartz's avatar Nicole Schwartz Committed by Russell Dickenson

Update...

Update doc/user/application_security/img/vulnerability_page_download_patch_button_v13_1.png, doc/user/application_security/img/vulnerability_page_merge_request_button_v13_1.png, doc/user/application_security/img/vulnerability_page_merge_request_button_dropdown_v13_1.png files
parent fd9021f4
......@@ -532,7 +532,7 @@ of the available SAST Analyzers and what data is currently available.
The `remediations` field of the report is an array of remediation objects.
Each remediation describes a patch that can be applied to
[automatically fix](../../user/application_security/#solutions-for-vulnerabilities-auto-remediation)
[automatically fix](../../user/application_security/#automatic-remediation-for-vulnerabilities)
a set of vulnerabilities.
Here is an example of a report that contains remediations.
......
......@@ -95,7 +95,7 @@ and complete an integration with the Secure stage.
- Users can interact with the findings from your artifact within their workflow. They can dismiss the findings or accept them and create a backlog issue.
- To automatically create issues without user interaction, use the [issue API](../../api/issues.md). This will be replaced by [Standalone Vulnerabilities](https://gitlab.com/groups/gitlab-org/-/epics/634) in the future.
1. Optional: Provide auto-remediation steps:
- If you specified `remediations` in your artifact, it is proposed through our [auto-remediation](../../user/application_security/index.md#solutions-for-vulnerabilities-auto-remediation)
- If you specified `remediations` in your artifact, it is proposed through our [auto-remediation](../../user/application_security/index.md#automatic-remediation-for-vulnerabilities)
interface.
1. Demo the integration to GitLab:
- After you have tested and are ready to demo your integration please
......
......@@ -419,7 +419,7 @@ file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/yaml/README.md#g
your `.gitlab-ci.yml` file by following the instructions described in this document's
[overriding the container scanning template](#overriding-the-container-scanning-template) section.
Read more about the [solutions for vulnerabilities](../index.md#solutions-for-vulnerabilities-auto-remediation).
Read more about the [solutions for vulnerabilities](../index.md#automatic-remediation-for-vulnerabilities).
## Troubleshooting
......
......@@ -201,7 +201,7 @@ Once a vulnerability is found, you can interact with it. Read more on how to
Some vulnerabilities can be fixed by applying the solution that GitLab
automatically generates. Read more about the
[solutions for vulnerabilities](../index.md#solutions-for-vulnerabilities-auto-remediation).
[solutions for vulnerabilities](../index.md#automatic-remediation-for-vulnerabilities).
## Security Dashboard
......
......@@ -119,7 +119,7 @@ information with several options:
- [Create issue](#creating-an-issue-for-a-vulnerability): Create a new issue with the title and
description pre-populated with information from the vulnerability report. By default, such issues
are [confidential](../project/issues/confidential_issues.md).
- [Solution](#solutions-for-vulnerabilities-auto-remediation): For some vulnerabilities,
- [Automatic Remediation](#automatic-remediation-for-vulnerabilities): For some vulnerabilities,
a solution is provided for how to fix the vulnerability.
![Interacting with security reports](img/interacting_with_vulnerability_v13_3.png)
......@@ -198,7 +198,24 @@ Pressing the "Dismiss Selected" button will dismiss all the selected vulnerabili
![Multiple vulnerability dismissal](img/multi_select_v12_9.png)
### Solutions for vulnerabilities (auto-remediation)
### Creating an issue for a vulnerability
You can create an issue for a vulnerability by visiting the vulnerability's page and clicking
**Create issue**, which you can find in the **Related issues** section.
![Create issue from vulnerability](img/create_issue_from_vulnerability_v13_3.png)
This creates a [confidential issue](../project/issues/confidential_issues.md) in the project the
vulnerability came from, and pre-populates it with some useful information taken from the vulnerability
report. Once the issue is created, you are redirected to it so you can edit, assign, or comment on
it.
Upon returning to the group security dashboard, the vulnerability now has an associated issue next
to the name.
![Linked issue in the group security dashboard](img/issue.png)
### Automatic remediation for vulnerabilities
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.7.
......@@ -210,26 +227,34 @@ automatically generates. The following scanners are supported:
`yarn`.
- [Container Scanning](container_scanning/index.md)
When an automatic solution is available, the button in the header shows **Resolve with merge request**:
![Resolve with Merge Request button](img/vulnerability_page_merge_request_button_v13_1.png)
Selecting the button creates a merge request with the solution.
#### Manually applying the suggested patch
Some vulnerabilities can be fixed by applying a patch that is automatically
generated by GitLab. To apply the fix:
1. To manually apply the patch that was generated by GitLab for a vulnerability, select the dropdown arrow on the **Resolve
with merge request** button, then select **Download patch to resolve**:
![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png)
1. The button's text changes to **Download patch to resolve**. Click on it to download the patch:
![Download patch button](img/vulnerability_page_download_patch_button_v13_1.png)
1. Click the vulnerability.
1. Download and review the patch file `remediation.patch`.
1. Ensure your local project has the same commit checked out that was used to generate the patch.
1. Run `git apply remediation.patch`.
1. Verify and commit the changes to your branch.
![Apply patch for dependency scanning](img/vulnerability_solution.png)
#### Creating a merge request from a vulnerability
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9.
In certain cases, GitLab allows you to create a merge request that automatically remediates the
vulnerability. Any vulnerability that has a
[solution](#solutions-for-vulnerabilities-auto-remediation) can have a merge
[solution](#automatic-remediation-for-vulnerabilities) can have a merge
request created to automatically solve the issue.
If this action is available, the vulnerability page or modal contains a **Create merge request** button.
......@@ -237,25 +262,6 @@ Click this button to create a merge request to apply the solution onto the sourc
![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png)
### Creating an issue for a vulnerability
You can create an issue for a vulnerability by visiting the vulnerability's page and clicking
**Create issue**, which you can find in the **Related issues** section.
![Create issue from vulnerability](img/create_issue_from_vulnerability_v13_3.png)
This creates a [confidential issue](../project/issues/confidential_issues.md) in the project the
vulnerability came from, and pre-populates it with some useful information taken from the vulnerability
report. Once the issue is created, you are redirected to it so you can edit, assign, or comment on
it. CVE identifiers can be requested from GitLab by clicking the
[_CVE ID Request_ button](cve_id_request.md) that is enabled for maintainers of
public projects on GitLab.com
Upon returning to the group security dashboard, the vulnerability now has an associated issue next
to the name.
![Linked issue in the group security dashboard](img/issue.png)
### Managing related issues for a vulnerability
Issues can be linked to a vulnerability using the related issues block on the vulnerability page.
......@@ -320,7 +326,7 @@ appears:
![Unconfigured Approval Rules](img/unconfigured_security_approval_rules_and_jobs_v13_4.png)
If at least one security scanner is enabled, you will be able to enable the `Vulnerability-Check` approval rule. If a license scanning job is enabled, you will be able to enable the `License-Check` rule.
If at least one security scanner is enabled, you can enable the `Vulnerability-Check` approval rule. If a license scanning job is enabled, you can enable the `License-Check` rule.
![Unconfigured Approval Rules with valid pipeline jobs](img/unconfigured_security_approval_rules_and_enabled_jobs_v13_4.png)
......
......@@ -66,8 +66,7 @@ external links exposed in the UI. These links might not be accessible within an
### Automatic remediation for vulnerabilities
The [automatic remediation for vulnerabilities](../index.md#solutions-for-vulnerabilities-auto-remediation) feature
(auto-remediation) is available for offline Dependency Scanning and Container Scanning, but may not work
The [automatic remediation for vulnerabilities](../index.md#automatic-remediation-for-vulnerabilities) feature is available for offline Dependency Scanning and Container Scanning, but may not work
depending on your instance's configuration. We can only suggest solutions, which are generally more
current versions that have been patched, when we are able to access up-to-date registry services
hosting the latest versions of that dependency or image.
......
......@@ -25,7 +25,7 @@ several different ways:
title and description pre-populated with information from the vulnerability report.
By default, such issues are [confidential](../../project/issues/confidential_issues.md).
- [Link issues](#link-issues-to-the-vulnerability) - Link existing issues to vulnerability.
- [Solution](#automatic-remediation-for-vulnerabilities) - For some vulnerabilities,
- [Automatic remediation](#automatic-remediation-for-vulnerabilities) - For some vulnerabilities,
a solution is provided for how to fix the vulnerability.
## Changing vulnerability status
......@@ -61,4 +61,4 @@ that the resolution of one issue would resolve multiple vulnerabilities.
## Automatic remediation for vulnerabilities
You can fix some vulnerabilities by applying the solution that GitLab automatically
generates for you. [Read more about the automatic remediation for vulnerabilities feature](../index.md#solutions-for-vulnerabilities-auto-remediation).
generates for you. [Read more about the automatic remediation for vulnerabilities feature](../index.md#automatic-remediation-for-vulnerabilities).
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment