Commit b3d88785 authored by Nick Gaskill's avatar Nick Gaskill

Merge branch...

Merge branch '218794-restructure-documentation-to-consolidate-vulnerability-management-features' into 'master'

Security Dashboard doc improvements

See merge request gitlab-org/gitlab!35558
parents e037c1db 0c2de4bd
...@@ -159,7 +159,7 @@ successfully, you must replicate their data using some other means. ...@@ -159,7 +159,7 @@ successfully, you must replicate their data using some other means.
| [Composer Repository](../../../user/packages/composer_repository/index.md) | **Yes** (13.2) | No | | | [Composer Repository](../../../user/packages/composer_repository/index.md) | **Yes** (13.2) | No | |
| [External merge request diffs](../../merge_request_diffs.md) | [No](https://gitlab.com/gitlab-org/gitlab/-/issues/33817) | No | | | [External merge request diffs](../../merge_request_diffs.md) | [No](https://gitlab.com/gitlab-org/gitlab/-/issues/33817) | No | |
| [Terraform State](../../terraform_state.md) | [No](https://gitlab.com/groups/gitlab-org/-/epics/3112)(*3*) | No | | | [Terraform State](../../terraform_state.md) | [No](https://gitlab.com/groups/gitlab-org/-/epics/3112)(*3*) | No | |
| [Vulnerability Export](../../../user/application_security/security_dashboard/#export-vulnerabilities-1) | [No](https://gitlab.com/groups/gitlab-org/-/epics/3111)(*3*) | No | | | | [Vulnerability Export](../../../user/application_security/security_dashboard/#export-vulnerabilities) | [No](https://gitlab.com/groups/gitlab-org/-/epics/3111)(*3*) | No | | |
| Content in object storage | **Yes** (12.4) | No | | | Content in object storage | **Yes** (12.4) | No | |
- (*1*): The integrity can be verified manually using - (*1*): The integrity can be verified manually using
......
...@@ -12,7 +12,7 @@ vulnerabilities in your groups, projects and pipelines. ...@@ -12,7 +12,7 @@ vulnerabilities in your groups, projects and pipelines.
You can also drill down into a vulnerability and get extra information, see which You can also drill down into a vulnerability and get extra information, see which
project it comes from, the file it's in, and various metadata to help you analyze project it comes from, the file it's in, and various metadata to help you analyze
the risk. You can also action these vulnerabilities by creating an issue for them, the risk. You can also take actions on vulnerabilities by creating an issue for them,
or by dismissing them. or by dismissing them.
To benefit from the Security Dashboard you must first configure one of the To benefit from the Security Dashboard you must first configure one of the
...@@ -54,56 +54,52 @@ A pipeline consists of multiple jobs, including SAST and DAST scanning. If any j ...@@ -54,56 +54,52 @@ A pipeline consists of multiple jobs, including SAST and DAST scanning. If any j
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6165) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.1. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6165) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.1.
At the project level, the Security Dashboard displays the latest security reports for your project. At the project level, the Security Dashboard displays the vulnerabilities merged into your project's
Use it to find and fix vulnerabilities. [default branch](../../project/repository/branches/index.md#default-branch). Access it by navigating
to **Security & Compliance > Security Dashboard**.
![Project Security Dashboard](img/project_security_dashboard_v13_0.png) The Security Dashboard first displays the total number of vulnerabilities by severity (for example,
Critical, High, Medium, Low). Below this, a table displays each vulnerability's status, severity,
and description. Clicking a vulnerability takes you to its [Vulnerability Details](../vulnerabilities)
page to view more information about that vulnerability.
### Export vulnerabilities You can filter the vulnerabilities by:
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/197494) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10. - Status
- Severity
- Report type
You can export all your project's vulnerabilities as CSV by clicking on the export button located at top right of the Project Security Dashboard. This will initiate the process, and once complete, the CSV report will be downloaded. The report will contain all vulnerabilities in the project as filters won't apply. You can also dismiss vulnerabilities in the table:
NOTE: **Note:** 1. Select the checkbox for each vulnerability you want to dismiss.
It may take several minutes for the download to start if your project consists 1. In the menu that appears, select the reason for dismissal and click **Dismiss Selected**.
of thousands of vulnerabilities. Do not close the page until the download finishes.
![CSV Export Button](img/project_security_dashboard_export_csv_v12_10.png) ![Project Security Dashboard](img/project_security_dashboard_v13_2_noNav.png)
## Group Security Dashboard ## Group Security Dashboard
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6709) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.5. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6709) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.5.
The group Security Dashboard gives an overview of the vulnerabilities of all the The group Security Dashboard gives an overview of the vulnerabilities in the default branches of the
projects in a group and its subgroups. projects in a group and its subgroups. Access it by navigating to **Security > Security Dashboard**
for your group.
NOTE: **Note:**
The Security Dashboard only shows projects with [security reports](#supported-reports) enabled in a
group.
First, navigate to the Security Dashboard found under your group's ![Dashboard with action buttons and metrics](img/group_security_dashboard_v13_2_noNav.png)
**Security** tab.
Once you're on the dashboard, at the top you should see a series of filters for: You can filter which vulnerabilities the Security Dashboard displays by:
- Status - Status
- Severity - Severity
- Report type - Report type
- Project
NOTE: **Note:** A table lists the vulnerabilities, sorted by severity. The table shows each vulnerability's status,
The dashboard only shows projects with [security reports](#supported-reports) enabled in a group. severity, and description. Clicking a vulnerability takes you to its [Vulnerability Details](../vulnerabilities)
page to view more information about that vulnerability.
![Dashboard with action buttons and metrics](img/group_security_dashboard_v13_2.png)
Selecting one or more filters will filter the results in this page.
The main section is a list of all the vulnerabilities in the group, sorted by severity.
In that list, you can see the severity of the vulnerability, its name, its
confidence (likelihood of the vulnerability to be a positive one), and the project
it's from.
If you hover over a row, the following actions appear:
- More info
- Create issue
- Dismiss vulnerability
Next to the list is a timeline chart that shows how many open Next to the list is a timeline chart that shows how many open
vulnerabilities your projects had at various points in time. You can filter among 30, 60, and vulnerabilities your projects had at various points in time. You can filter among 30, 60, and
...@@ -123,28 +119,14 @@ vulnerabilities are not included either. ...@@ -123,28 +119,14 @@ vulnerabilities are not included either.
Read more on how to [interact with the vulnerabilities](../index.md#interacting-with-the-vulnerabilities). Read more on how to [interact with the vulnerabilities](../index.md#interacting-with-the-vulnerabilities).
### Export vulnerabilities
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213013) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.
You can export all your vulnerabilities as CSV by clicking the **{upload}** **Export** button
located at the top right of the **Group Security Dashboard**. After the report builds, the CSV
report downloads to your local machine. The report contains all vulnerabilities for the projects
defined in the **Group Security Dashboard**, as filters don't apply to the export function.
NOTE: **Note:**
It may take several minutes for the download to start if your project contains thousands of
vulnerabilities. Don't close the page until the download finishes.
![CSV Export Button](img/group_security_dashboard_export_csv_v13_1.png)
## Instance Security Dashboard ## Instance Security Dashboard
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6953) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.8. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6953) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.8.
At the instance level, the Security Dashboard displays the vulnerabilities At the instance level, the Security Dashboard displays the vulnerabilities present in the default
present in all of the projects that you have added to it. It includes all branches of all the projects you configure to display on the dashboard. It includes all the
of the features of the [group security dashboard](#group-security-dashboard). [group Security Dashboard's](#group-security-dashboard)
features.
You can access the Instance Security Dashboard from the menu You can access the Instance Security Dashboard from the menu
bar at the top of the page. Under **More**, select **Security**. bar at the top of the page. Under **More**, select **Security**.
...@@ -159,27 +141,25 @@ To add projects to the dashboard: ...@@ -159,27 +141,25 @@ To add projects to the dashboard:
1. Search for and add one or more projects using the **Search your projects** field. 1. Search for and add one or more projects using the **Search your projects** field.
1. Click the **Add projects** button. 1. Click the **Add projects** button.
Once added, the dashboard will display the vulnerabilities found in your chosen Once added, the Security Dashboard displays the vulnerabilities found in your chosen projects'
projects. default branches.
![Instance Security Dashboard with projects](img/instance_security_dashboard_with_projects_v13_2.png) ![Instance Security Dashboard with projects](img/instance_security_dashboard_with_projects_v13_2_sm.png)
### Export vulnerabilities ## Export vulnerabilities
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213014) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213014) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10.
You can export all your vulnerabilities as CSV by clicking the **{upload}** **Export** You can export all your vulnerabilities in CSV format by clicking the **{upload}** **Export**
button located at top right of the **Instance Security Dashboard**. After the report button located at top right of the **Security Dashboard**. After the report
is built, the CSV report downloads to your local machine. The report contains all is built, the CSV report downloads to your local machine. The report contains all
vulnerabilities for the projects defined in the **Instance Security Dashboard**, vulnerabilities for the projects defined in the **Security Dashboard**,
as filters don't apply to the export function. as filters don't apply to the export function.
NOTE: **Note:** NOTE: **Note:**
It may take several minutes for the download to start if your project contains It may take several minutes for the download to start if your project contains
thousands of vulnerabilities. Do not close the page until the download finishes. thousands of vulnerabilities. Do not close the page until the download finishes.
![CSV Export Button](img/instance_security_dashboard_export_csv_v13_0.png)
## Keeping the dashboards up to date ## Keeping the dashboards up to date
The Security Dashboard displays information from the results of the most recent The Security Dashboard displays information from the results of the most recent
...@@ -205,7 +185,8 @@ to configure daily security scans. ...@@ -205,7 +185,8 @@ to configure daily security scans.
## Vulnerability list ## Vulnerability list
Each dashboard's vulnerability list contains new vulnerabilities discovered in the latest scans. Each dashboard's vulnerability list contains vulnerabilities from the latest scans that were merged
into the default branch.
Click any vulnerability in the table to see more information on that vulnerability. To create an Click any vulnerability in the table to see more information on that vulnerability. To create an
issue associated with the vulnerability, click the **Create Issue** button. issue associated with the vulnerability, click the **Create Issue** button.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment