From a46a7c8a3d6dc0621752bd7ba3614a5ca650fbe2 Mon Sep 17 00:00:00 2001
From: Victor Zagorodny <vzagorodny@gitlab.com>
Date: Tue, 18 Jun 2019 11:34:36 +0000
Subject: Fix typos, grammar and wording for SAST and DS report JSON docs

---
 doc/user/application_security/dependency_scanning/index.md | 8 ++++----
 doc/user/application_security/sast/index.md                | 7 +++----
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index b220d7197f4..34d4507210e 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -218,7 +218,7 @@ dependency_scanning:
 CAUTION: **Caution:**
 The JSON report artifacts are not a public API of Dependency Scanning and their format may change in future.
 
-The Dependency Scanning tool emits a JSON report file. Here is an example of a structure for a report will all important parts of
+The Dependency Scanning tool emits a JSON report file. Here is an example of the report structure with all important parts of
 it highlighted:
 
 ```json-doc
@@ -343,10 +343,10 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].severity`                         | How much the vulnerability impacts the software. Possible values: `Undefined` (an analyzer has not provided this info), `Info`, `Unknown`, `Low`, `Medium`, `High`, `Critical`. |
 | `vulnerabilities[].confidence`                       | How reliable the vulnerability's assessment is. Possible values: `Undefined` (an analyzer has not provided this info), `Ignore`, `Unknown`, `Experimental`, `Low`, `Medium`, `High`, `Confirmed`. |
 | `vulnerabilities[].solution`                         | Explanation of how to fix the vulnerability. Optional. |
-| `vulnerabilities[].scanner`                          | A node that describes the analyzer used find this vulnerability. |
+| `vulnerabilities[].scanner`                          | A node that describes the analyzer used to find this vulnerability. |
 | `vulnerabilities[].scanner.id`                       | Id of the scanner as a snake_case string. |
 | `vulnerabilities[].scanner.name`                     | Name of the scanner, for display purposes. |
-| `vulnerabilities[].location`                         | A node that tells which class and/or method is affected by the vulnerability. | 
+| `vulnerabilities[].location`                         | A node that tells where the vulnerability is located. | 
 | `vulnerabilities[].location.file`                    | Path to the dependencies file (e.g., `yarn.lock`). Optional. |
 | `vulnerabilities[].location.dependency`              | A node that describes the dependency of a project where the vulnerability is located. |
 | `vulnerabilities[].location.dependency.package`      | A node that provides the information on the package where the vulnerability is located. |
@@ -360,7 +360,7 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].links`                            | An array of references to external documentation pieces or articles that describe the vulnerability further. Optional. |
 | `vulnerabilities[].links[].name`                     | Name of the vulnerability details link. Optional. |
 | `vulnerabilities[].links[].url`                      | URL of the vulnerability details document. Optional. |
-| `remediations`                                       | An array of objects containing information on cured vulnerabilities along with patch diffs to apply. |
+| `remediations`                                       | An array of objects containing information on cured vulnerabilities along with patch diffs to apply. Empty if no remediations provided by an underlying analyzer. |
 | `remediations[].fixes`                               | An array of strings that represent references to vulnerabilities fixed by this particular remediation. |
 | `remediations[].fixes[].cve`                         | A string value that describes a fixed vulnerability occurrence in the same format as `vulnerabilities[].cve`. |
 | `remediations[].summary`                             | Overview of how the vulnerabilities have been fixed. |
diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md
index 11361f8ad89..ec3f7fbde76 100644
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -226,7 +226,7 @@ sast:
 CAUTION: **Caution:**
 The JSON report artifacts are not a public API of SAST and their format may change in the future.
 
-The SAST tool emits a JSON report report file. Here is an example of a structure for a report will all important parts of
+The SAST tool emits a JSON report report file. Here is an example of the report structure with all important parts of
 it highlighted:
 
 ```json-doc
@@ -272,7 +272,6 @@ it highlighted:
     },   
     {
       "category": "sast",
-      // "name" may be omitted because it could be not reported by a particular analyzer
       "message": "Probable insecure usage of temp file/directory.",
       "cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
       "severity": "Medium",
@@ -318,10 +317,10 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
 | `vulnerabilities[].severity`            | How much the vulnerability impacts the software. Possible values: `Undefined` (an analyzer has not provided this info), `Info`, `Unknown`, `Low`, `Medium`, `High`, `Critical`. |
 | `vulnerabilities[].confidence`          | How reliable the vulnerability's assessment is. Possible values: `Undefined` (an analyzer has not provided this info), `Ignore`, `Unknown`, `Experimental`, `Low`, `Medium`, `High`, `Confirmed`. |
 | `vulnerabilities[].solution`            | Explanation of how to fix the vulnerability. Optional. |
-| `vulnerabilities[].scanner`             | A node that describes the analyzer used find this vulnerability. |
+| `vulnerabilities[].scanner`             | A node that describes the analyzer used to find this vulnerability. |
 | `vulnerabilities[].scanner.id`          | Id of the scanner as a snake_case string. |
 | `vulnerabilities[].scanner.name`        | Name of the scanner, for display purposes. |
-| `vulnerabilities[].location`            | A node that tells which class and/or method is affected by the vulnerability. | 
+| `vulnerabilities[].location`            | A node that tells where the vulnerability is located. | 
 | `vulnerabilities[].location.file`       | Path to the file where the vulnerability is located. Optional. |
 | `vulnerabilities[].location.start_line` | The first line of the code affected by the vulnerability. Optional. |
 | `vulnerabilities[].location.end_line`   | The last line of the code affected by the vulnerability. Optional. |
-- 
cgit v1.2.1