Merge branch 'russell/improve-vuln-report-docs' into 'master'

Improve vulnerability report docs See merge request gitlab-org/gitlab!55455

Merge branch 'russell/improve-vuln-report-docs' into 'master'
Improve vulnerability report docs See merge request gitlab-org/gitlab!55455
fb6f11dd · Evan Read · 363669db · b634e8da · fb6f11dd · fb6f11dd
Commit fb6f11dd authored Mar 05, 2021 by Evan Read
3 changed files
--- a/doc/administration/geo/replication/datatypes.md
+++ b/doc/administration/geo/replication/datatypes.md
@@ -201,4 +201,4 @@ successfully, you must replicate their data using some other means.
 | [GitLab Pages](../../pages/index.md)                                                                           | [No](https://gitlab.com/groups/gitlab-org/-/epics/589)                             | No                                                        | No                                                                                   |                                                                                                                                                                                                                                                                                                                            |
 | [CI Pipeline Artifacts](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/models/ci/pipeline_artifact.rb) | [No](https://gitlab.com/gitlab-org/gitlab/-/issues/238464)                         | No                                                        | Via Object Storage provider if supported. Native Geo support (Beta).                 | Persists additional artifacts after a pipeline completes                                                                                                                                                                                                                                                                   |
 | [Dependency proxy images](../../../user/packages/dependency_proxy/index.md)                                    | [No](https://gitlab.com/gitlab-org/gitlab/-/issues/259694)                         | No                                                        | No                                                                                   | Blocked on [Geo: Secondary Mimicry](https://gitlab.com/groups/gitlab-org/-/epics/1528). Note that replication of this cache is not needed for Disaster Recovery purposes because it can be recreated from external sources.                                                                                                |
-| [Vulnerability Export](../../../user/application_security/vulnerability_report/#export-vulnerabilities)          | [Not planned](https://gitlab.com/groups/gitlab-org/-/epics/3111)                   | No                                                        | Via Object Storage provider if supported. Native Geo support (Beta).                 | Not planned because they are ephemeral and sensitive. They can be regenerated on demand.                                                                                                                                                                                                                                   |
+| [Vulnerability Export](../../../user/application_security/vulnerability_report/#export-vulnerability-details)          | [Not planned](https://gitlab.com/groups/gitlab-org/-/epics/3111)                   | No                                                        | Via Object Storage provider if supported. Native Geo support (Beta).                 | Not planned because they are ephemeral and sensitive. They can be regenerated on demand.                                                                                                                                                                                                                                   |
--- a/doc/development/export_csv.md
+++ b/doc/development/export_csv.md
@@ -14,7 +14,7 @@ This document lists the different implementations of CSV export in GitLab codeba
 | Downloading | - Query and write data in batches to a temporary file.<br>- Loads the file into memory.<br>- Sends the file to the client. | - Report available immediately. | - Large amount of data might cause request timeout.<br>- Memory intensive.<br>- Request expires when user navigates to a different page. | [Export Chain of Custody Report](../user/compliance/compliance_dashboard/#chain-of-custody-report) |
 | As email attachment | - Asynchronously process the query with background job.<br>- Email uses the export as an attachment. | - Asynchronous processing. | - Requires users use a different app (email) to download the CSV.<br>- Email providers may limit attachment size. | - [Export Issues](../user/project/issues/csv_export.md)<br>- [Export Merge Requests](../user/project/merge_requests/csv_export.md) |
 | As downloadable link in email (*) | - Asynchronously process the query with background job.<br>- Email uses an export link. | - Asynchronous processing.<br>- Bypasses email provider attachment size limit. | - Requires users use a different app (email).<br>- Requires additional storage and cleanup. | [Export User Permissions](https://gitlab.com/gitlab-org/gitlab/-/issues/1772) |
-| Polling (non-persistent state) | - Asynchronously processes the query with the background job.<br>- Frontend(FE) polls every few seconds to check if CSV file is ready. | - Asynchronous processing.<br>- Automatically downloads to local machine on completion.<br>- In-app solution. | - Non-persistable request - request expires when user navigates to a different page.<br>- API is processed for each polling request. | [Export Vulnerabilities](../user/application_security/vulnerability_report/#export-vulnerabilities) |
+| Polling (non-persistent state) | - Asynchronously processes the query with the background job.<br>- Frontend(FE) polls every few seconds to check if CSV file is ready. | - Asynchronous processing.<br>- Automatically downloads to local machine on completion.<br>- In-app solution. | - Non-persistable request - request expires when user navigates to a different page.<br>- API is processed for each polling request. | [Export Vulnerabilities](../user/application_security/vulnerability_report/#export-vulnerability-details) |
 | Polling (persistent state) (*) | - Asynchronously processes the query with background job.<br>- Backend (BE) maintains the export state<br>- FE polls every few seconds to check status.<br>- FE shows 'Download link' when export is ready.<br>- User can download or regenerate a new report. | - Asynchronous processing.<br>- No database calls made during the polling requests (HTTP 304 status is returned until export status changes).<br>- Does not require user to stay on page until export is complete.<br>- In-app solution.<br>- Can be expanded into a generic CSV feature (such as dashboard / CSV API). | - Requires to maintain export states in DB.<br>- Does not automatically download the CSV export to local machine, requires users to click 'Download' button. | [Export Merge Commits Report](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43055) |

 NOTE:

--- a/doc/user/application_security/vulnerability_report/index.md
+++ b/doc/user/application_security/vulnerability_report/index.md
@@ -5,42 +5,80 @@ group: Threat Insights
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---

-# GitLab Vulnerability Reports **(ULTIMATE)**
+# Vulnerability Report **(ULTIMATE)**

-Each vulnerability report contains vulnerabilities from the scans of the most recent branch merged into the default branch.
+The Vulnerability Report provides information about vulnerabilities from scans of the branch most
+recently merged into the default branch. It is available at the instance, group, and project level.

-The vulnerability reports display the total number of vulnerabilities by severity (for example,
-Critical, High, Medium, Low, Info, Unknown). Below this, a table shows each vulnerability's detected date, status, severity, description, identifier, the scanner where it was detected, and activity (including related issues or available solutions). By default, the vulnerability report is filtered to display all detected and confirmed vulnerabilities.
+The Vulnerability Report contains:

-![Vulnerability Report](img/group_vulnerability_report_v13_9.png)
+- Totals of vulnerabilities per severity level.
+- Filters for common vulnerability attributes.
+- Details of each vulnerability, presented in tabular layout.

-Clicking any vulnerability in the table takes you to its
-[vulnerability details](../vulnerabilities) page to see more information on that vulnerability.
+The project-level Vulnerability Report also contains:

-The **Activity** column indicates the number of issues that have been created for the vulnerability.
-Hover over an **Activity** entry and select a link go to that issue.
+- A time stamp showing when it was updated, including a link to the latest pipeline.
+- The number of failures that occurred in the most recent pipeline. Select the failure
+  notification to view the **Failed jobs** tab of the pipeline's page.

-![Display attached issues](img/vulnerability_list_table_v13_9.png)
+![Vulnerability Report](img/group_vulnerability_report_v13_9.png)

-## Filter options
+From the Vulnerability Report you can:

-You can filter which vulnerabilities display by:
+- [Filter the list of vulnerabilities](#filter-the-list-of-vulnerabilities).
+- [View more details about a vulnerability](#view-details-of-a-vulnerability).
+- [View an issue raised for a vulnerability](#view-issues-raised-for-a-vulnerability).
+- [Change the status of vulnerabilities](#change-status-of-vulnerabilities).
+- [Export details of vulnerabilities](#export-vulnerability-details).

-| Filter   | Available options |
+## Vulnerability filters
+
+You can filter the vulnerabilities table by:
+
+| Filter  | Available options |
 |:---------|:------------------|
-| Status   | Detected, Confirmed, Dismissed, Resolved |
-| Severity | Critical, High, Medium, Low, Info, Unknown |
+| Status   | Detected, Confirmed, Dismissed, Resolved. |
+| Severity | Critical, High, Medium, Low, Info, Unknown. |
 | Scanner  | [Available scanners](../index.md#security-scanning-tools). |
-| Project  | Projects configured in the Security Center settings, or all projects in the group for the group level report. This filter is not displayed on the project level vulnerability report. |
-| Activity | Vulnerabilities with issues and vulnerabilities that are no longer detected in the default branch. |
+| Project  | For more details, see [Project filter](#project-filter). |
+| Activity | For more details, see [Activity filter](#activity-filter). |
+
+### Filter the list of vulnerabilities
+
+To filter the list of vulnerabilities:
+
+1. Select a filter.
+1. Select values from the dropdown.
+1. Repeat the above steps for each desired filter.
+
+The vulnerability table is applied immediately. The vulnerability severity totals are also updated.
+
+The filters' criteria are combined to show only vulnerabilities matching all criteria.
+An exception to this behavior is the Activity filter. For more details about how it works, see
+[Activity filter](#activity-filter).
+
+### Project filter
+
+The content of the Project filter depends on the current level:
+
+| Level          | Content of the Project filter |
+|:---------------|:------------------------------|
+| Instance level | Only projects you've [added to the instance-level Security Center](../security_dashboard/index.md#adding-projects-to-the-security-center). |
+| Group level    | All projects in the group. |
+| Project level  | Not applicable. |

 ### Activity filter

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/259255) in GitLab 13.9

-The Activity filter behaves differently from the other Vulnerability Report filters. The other filter options all OR together to show results from any vulnerability matching one of the filter criteria. With the Activity filter, the selected values form mutually exclusive sets to allow for precisely locating the desired vulnerability records. Additionally, not all options can be selected in combination. Selection behavior when using the Activity filter:
+The Activity filter behaves differently from the other filters. The selected values form mutually
+exclusive sets to allow for precisely locating the desired vulnerability records. Additionally, not
+all options can be selected in combination.
+
+Selection behavior when using the Activity filter:

-| Activity Selection                  | Results Displayed |
+| Activity selection                  | Results displayed |
 |:------------------------------------|:------------------|
 |  All                                | Vulnerabilities with any Activity status (same as ignoring this filter). Selecting this will deselect any other Activity filter options. |
 |  No activity                        | Only vulnerabilities without either an associated Issue or that are no longer detected. Selecting this will deselect any other Activity filter options. |
@@ -48,9 +86,21 @@ The Activity filter behaves differently from the other Vulnerability Report filt
 |  No longer detected                 | Only vulnerabilities that are no longer detected in the latest pipeline scan of the `default` branch. Does not include vulnerabilities with one or more associated issues. |
 |  With issues and No longer detected | Only vulnerabilities that have one or more associated issues and also are no longer detected in the latest pipeline scan of the `default` branch. |

-Contents of the unfiltered vulnerability report can be exported using our [export feature](#export-vulnerabilities).
+## View details of a vulnerability

-You can also change the status of vulnerabilities in the table:
+To view more details of a vulnerability, select the vulnerability's **Description**. The
+[vulnerability's details](../vulnerabilities) page is opened.
+
+## View issues raised for a vulnerability
+
+The **Activity** column indicates the number of issues that have been created for the vulnerability.
+Hover over an **Activity** entry and select a link go to that issue.
+
+![Display attached issues](img/vulnerability_list_table_v13_9.png)
+
+## Change status of vulnerabilities
+
+To change the status of vulnerabilities in the table:

 1. Select the checkbox for each vulnerability you want to update the status of.
 1. In the dropdown that appears select the desired status, then select **Change status**.
@@ -72,31 +122,37 @@ the **Failed jobs** tab of the pipeline page.

 ![Project Vulnerability Report](img/project_security_dashboard_v13_9.png)

-## Export vulnerabilities
+## Export vulnerability details

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213014) in the Security Center (previously known as the Instance Security Dashboard) and project-level Vulnerability Report (previously known as the Project Security Dashboard) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0.
 > - [Added](https://gitlab.com/gitlab-org/gitlab/-/issues/213013) to the group-level Vulnerability Report in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.

-You can export all your vulnerabilities in CSV (comma separated values) format by clicking the
-**{upload}** **Export** button located at top right of the Security Dashboard. When the report is
-ready, the CSV report downloads to your local machine. The report contains all vulnerabilities for
-the projects defined in the Security Dashboard, as filters don't apply to the export function.
+You can export details of the vulnerabilities listed in the Vulnerability Report. The export format
+is CSV (comma separated values). Note that all vulnerabilities are included because filters don't
+apply to the export.

-NOTE:
-It may take several minutes for the download to start if your project contains
-thousands of vulnerabilities. Don't close the page until the download finishes.
+Fields included are:

-The fields in the export include:
-
- Group Name
- Project Name
- Scanner Type
- Scanner Name
+- Group name
+- Project name
+- Scanner type
+- Scanner name
 - Status
 - Vulnerability
 - Details
- Additional Information
+- Additional information
 - Severity
 - [CVE](https://cve.mitre.org/) (Common Vulnerabilities and Exposures)
 - [CWE](https://cwe.mitre.org/) (Common Weakness Enumeration)
- Other Identifiers
+- Other identifiers
+
+### Export details in CSV format
+
+To export details of all vulnerabilities listed in the Vulnerability Report, select **Export**.
+
+The details are retrieved from the database, then the CSV file is downloaded to your local
+computer.
+
+NOTE:
+It may take several minutes for the download to start if your project contains
+thousands of vulnerabilities. Don't close the page until the download finishes.