diff options
Diffstat (limited to 'doc/user/application_security/terminology/index.md')
-rw-r--r-- | doc/user/application_security/terminology/index.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/user/application_security/terminology/index.md b/doc/user/application_security/terminology/index.md index e046b18b2a4..1316f1b9644 100644 --- a/doc/user/application_security/terminology/index.md +++ b/doc/user/application_security/terminology/index.md @@ -78,6 +78,8 @@ An asset that has the potential to be vulnerable, identified in a project by an include but are not restricted to source code, binary packages, containers, dependencies, networks, applications, and infrastructure. +Findings are all potential vulnerability items scanners identify in MRs/feature branches. Only after merging to default does a finding become a [vulnerability](#vulnerability). + ### Insignificant finding A legitimate finding that a particular customer doesn't care about. @@ -153,6 +155,8 @@ A flaw that has a negative impact on the security of its environment. Vulnerabil error or weakness, and don't describe where the error is located (see [finding](#finding)). Each vulnerability maps to a unique finding. +Vulnerabilities exist in the default branch. Findings (see [finding](#finding)) are all potential vulnerability items scanners identify in MRs/feature branches. Only after merging to default does a finding become a vulnerability. + ### Vulnerability finding When a [report finding](#report-finding) is stored to the database, it becomes a vulnerability |