diff options
author | Achilleas Pipinellis <axil@gitlab.com> | 2019-09-10 10:06:45 +0000 |
---|---|---|
committer | Achilleas Pipinellis <axil@gitlab.com> | 2019-09-10 10:06:45 +0000 |
commit | 141e356de1b9351c532695aae7447e79cfe01872 (patch) | |
tree | f16be18ae8e478d40a7f80a5ee2eb0c380bd6278 /doc/user/application_security/index.md | |
parent | 2319892654fb44ea4895dd38795de0f215e49208 (diff) | |
download | gitlab-ce-141e356de1b9351c532695aae7447e79cfe01872.tar.gz |
Refactor the Dependency Scanning docs
Notably:
- Merge the use cases with the opening paragraph of DS
- Add link to the auto-remediation section in the main index page
- Add auto remediation to the title of solutions for better SEO
- Move the JSON reports section below the other more important sections
- Remove Container Scanning from the list of supported scanners in
solutions
- Fix some "introduced in" sentences so that they can be properly parsed
Diffstat (limited to 'doc/user/application_security/index.md')
-rw-r--r-- | doc/user/application_security/index.md | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 69529d7420b..f25d792cb90 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -71,8 +71,7 @@ entry, a detailed information will pop up with different possible options: - [Create issue](#creating-an-issue-for-a-vulnerability): The new issue will have the title and description pre-populated with the information from the vulnerability report and will be created as [confidential](../project/issues/confidential_issues.md) by default. -- [Solution](#solutions-for-vulnerabilities): For some vulnerabilities - ([Dependency Scanning](dependency_scanning/index.md) and [Container Scanning](container_scanning/index.md)) +- [Solution](#solutions-for-vulnerabilities-auto-remediation): For some vulnerabilities, a solution is provided for how to fix the vulnerability. ![Interacting with security reports](img/interactive_reports.png) @@ -109,17 +108,16 @@ the vulnerability will now have an associated issue next to the name. ![Linked issue in the group security dashboard](img/issue.png) -### Solutions for vulnerabilities +### Solutions for vulnerabilities (auto-remediation) -> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing) 11.7. - -CAUTION: **Warning:** -Automatic Patch creation is only available for a subset of -[Dependency Scanning](dependency_scanning/index.md). At the moment only Node.JS -projects managed with yarn are supported. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing) 11.7. Some vulnerabilities can be fixed by applying the solution that GitLab -automatically generates. +automatically generates. The following scanners are supported: + +- [Dependency Scanning](dependency_scanning/index.md): + Automatic Patch creation is only available for Node.JS projects managed with + `yarn`. #### Manually applying the suggested patch @@ -136,13 +134,12 @@ generated by GitLab. To apply the fix: #### Creating a merge request from a vulnerability -> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/9224) in -> [GitLab Ultimate](https://about.gitlab.com/pricing) 11.9. +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing) 11.9. In certain cases, GitLab will allow you to create a merge request that will automatically remediate the vulnerability. Any vulnerability that has a -[solution](#solutions-for-vulnerabilities) can have a merge request created to -automatically solve the issue. +[solution](#solutions-for-vulnerabilities-auto-remediation) can have a merge +request created to automatically solve the issue. If this action is available there will be a **Create merge request** button in the vulnerability modal. Clicking on this button will create a merge request to apply the solution onto the source branch. |