diff --git a/doc/user/application_security/vulnerability_report/index.md b/doc/user/application_security/vulnerability_report/index.md index 397163de142b893be112b172679ba5ce53a0bb04..8e61dd18b643797702365c73da3e286363bc9f23 100644 --- a/doc/user/application_security/vulnerability_report/index.md +++ b/doc/user/application_security/vulnerability_report/index.md @@ -164,6 +164,42 @@ Selection behavior when using the activity filter: - **Has a solution**: Vulnerabilities with an available solution. - **Does not have a solution**: Vulnerabilities without an available solution. +## Grouping vulnerabilities + +> - Project-level grouping of vulnerabilities[introduced](https://gitlab.com/groups/gitlab-org/-/epics/10164) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `vulnerability_report_grouping`. Disabled by default. +> - Project-level grouping of vulnerabilities [enabled on self-managed and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134073) in GitLab 16.5. +> - Project-level grouping of vulnerabilities [generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/422509) in GitLab 16.6. Feature flag `vulnerability_report_grouping` removed. +> - Group-level grouping of vulnerabilities [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137778) in GitLab 16.7 with a flag named [`group_level_vulnerability_report_grouping`](https://gitlab.com/gitlab-org/gitlab/-/issues/432778). Disabled by default. +> - Group-level grouping of vulnerabilities [enabled on GitLab.com, self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157949) in GitLab 17.2. + +You can group vulnerabilities on the vulnerability report page to more efficiently triage them. + +You can group by: + +- Status +- Severity +- Tool +- OWASP top 10 2017 (project-level only, group-level implementation is tracked in [issue 437253](https://gitlab.com/gitlab-org/gitlab/-/issues/437253).) + +WARNING: +Support for grouping by OWASP top 10 2017 was +[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/458835) in GitLab 17.0 and is planned for +removal in 17.3. Support for grouping by OWASP top 10 2021 is proposed in [issue 440182](https://gitlab.com/gitlab-org/gitlab/-/issues/440182) for GitLab 17.3. + +### Group vulnerabilities + +Group vulnerabilities on the vulnerability report page to more efficiently triage them. + +To group vulnerabilities: + +1. On the left sidebar, select **Search or go to** and find your project or group. +1. Select **Secure > Vulnerability report**. +1. From the **Group By** dropdown list, select an attribute. + +Vulnerabilities are grouped according to the attribute you selected. Each group is collapsed, with +the total number of vulnerabilities per group displayed beside their name. To see the +vulnerabilities in each group, select the group's name. + ## View details of a vulnerability To view more details of a vulnerability, select the vulnerability's **Description**. The @@ -287,38 +323,6 @@ To add a vulnerability manually: The newly-created vulnerability's detail page is opened. -## Group vulnerabilities - -> - Project-level grouping of vulnerabilities[introduced](https://gitlab.com/groups/gitlab-org/-/epics/10164) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `vulnerability_report_grouping`. Disabled by default. -> - Project-level grouping of vulnerabilities [enabled on self-managed and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134073) in GitLab 16.5. -> - Project-level grouping of vulnerabilities [generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/422509) in GitLab 16.6. Feature flag `vulnerability_report_grouping` removed. -> - Group-level grouping of vulnerabilities [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137778) in GitLab 16.7 with a flag named [`group_level_vulnerability_report_grouping`](https://gitlab.com/gitlab-org/gitlab/-/issues/432778). Disabled by default. -> - Group-level grouping of vulnerabilities [enabled on GitLab.com, self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157949) in GitLab 17.2. - -You can group vulnerabilities on the vulnerability report page to more efficiently triage them. - -To group vulnerabilities: - -1. On the left sidebar, select **Search or go to** and find your project or group. -1. Select **Secure > Vulnerability report**. -1. From the **Group By** dropdown list, select a group. - -Vulnerabilities are grouped according to the attribute you selected. Each group is collapsed, with -the total number of vulnerabilities per group displayed beside their name. To see the vulnerabilities in each group, select the group's -name. - -You can group by: - -- Status -- Severity -- Tool -- OWASP top 10 2017 (project-level only, group-level implementation is tracked in [issue 437253](https://gitlab.com/gitlab-org/gitlab/-/issues/437253).) - -WARNING: -Support for grouping by OWASP top 10 2017 was -[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/458835) in GitLab 17.0 and is planned for -removal in 17.3. Support for grouping by OWASP top 10 2021 is proposed in [issue 440182](https://gitlab.com/gitlab-org/gitlab/-/issues/440182) for GitLab 17.3. - ## Operational vulnerabilities The **Operational vulnerabilities** tab lists vulnerabilities found by [Operational container scanning](../../clusters/agent/vulnerabilities.md).