From e5692d5eb09a93d67481daa5f13b38d111c5311e Mon Sep 17 00:00:00 2001
From: Charlie Kroon <ckroon@gitlab.com>
Date: Tue, 4 Mar 2025 22:03:40 +0100
Subject: [PATCH] Update file _index.md

---
 .../sast/evaluation_guide.md                  |  2 +-
 .../vulnerability_report/_index.md            | 39 +++++++------------
 2 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/doc/user/application_security/sast/evaluation_guide.md b/doc/user/application_security/sast/evaluation_guide.md
index 81ed1eb6cb5f9..4be04329f25e7 100644
--- a/doc/user/application_security/sast/evaluation_guide.md
+++ b/doc/user/application_security/sast/evaluation_guide.md
@@ -95,7 +95,7 @@ After you choose a codebase to test with, you're ready to conduct the test. You
    - Be sure to set the CI/CD variable to [enable GitLab Advanced SAST](gitlab_advanced_sast.md#enable-gitlab-advanced-sast-scanning) for more accurate results.
 1. Merge the MR to the repository's default branch.
 1. Open the [Vulnerability Report](../vulnerability_report/_index.md) to see the vulnerabilities found on the default branch.
-   - If you're using GitLab Advanced SAST, you can use the [Tool filter](../vulnerability_report/_index.md#tool-filter) to show results only from that scanner.
+   - If you're using GitLab Advanced SAST, you can use the [Scanner filter](../vulnerability_report/_index.md#scanner-filter) to show results only from that scanner.
 1. Review vulnerability results.
    - Check the [code flow view](../vulnerabilities/_index.md#vulnerability-code-flow) for GitLab Advanced SAST vulnerabilities that involve tainted user input, like SQL injection or path traversal.
    - If you have GitLab Duo Enterprise, [explain](../vulnerabilities/_index.md#explaining-a-vulnerability) or [resolve](../vulnerabilities/_index.md#resolve-a-vulnerability) a vulnerability.
diff --git a/doc/user/application_security/vulnerability_report/_index.md b/doc/user/application_security/vulnerability_report/_index.md
index 11287edf03d91..552e08191e76f 100644
--- a/doc/user/application_security/vulnerability_report/_index.md
+++ b/doc/user/application_security/vulnerability_report/_index.md
@@ -27,7 +27,7 @@ For more information, see the history.
 {{< /alert >}}
 
 The Vulnerability Report provides a consolidated view of security vulnerabilities found in your codebase.
-Sort vulnerabilities by severity, tool, and other attributes to determine which issues need attention first.
+Sort vulnerabilities by severity, report type, scanner (for projects only), and other attributes to determine which issues need attention first.
 Track vulnerabilities through their lifecycle with status indicators and activity icons that show
 remediation progress.
 
@@ -115,7 +115,8 @@ You can filter by:
   Dismissed vulnerabilities can be filtered together or individually by the reason they were
   dismissed.
 - **Severity**: Critical, high, medium, low, info, unknown.
-- **Tool**: For more details, see [Tool filter](#tool-filter).
+-**Report Type**: For more details, see [Report Type filter](#report-type-filter)
+-**Scanner**: For more details, see [Scanner filter](#scanner-filter)
 - **Activity**: For more details, see [Activity filter](#activity-filter).
 - **Identifier**: Filter by the vulnerability's identifier (available only for projects, support for groups is proposed in [issue 508713](https://gitlab.com/gitlab-org/gitlab/-/issues/508713)).
 - **Project**: Filter vulnerabilities in specific projects (available only for groups).
@@ -147,33 +148,18 @@ To filter the list of vulnerabilities:
 1. To filter by multiple attributes, repeat the three previous steps. Multiple attributes are joined
    by a logical AND.
 
-### Tool filter
+### Report type filter
 
-{{< history >}}
-
-- [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/11237) for projects in GitLab 16.6.
-
-{{< /history >}}
-
-You can filter vulnerabilities by the tool that detected them. By default, the vulnerability report
-lists vulnerabilities from all tools. For details of each of the available tools, see
-[Security scanning tools](../detect/_index.md).
+You can filter vulnerabilities based on the type of report that detected them. By default, the vulnerability report
+lists vulnerabilities from all report types.
 
 Use the **Manually added** attribute to filter vulnerabilities that were added manually.
 
-In GitLab 17.1 and later, the tool filter's content is different between groups and projects:
-
-- For groups, the tool filter lists the individual tools.
-- For projects, the tool filter groups the tools by scanning category.
-
-In GitLab 16.6 to 17.0, the tool filter's content is different between groups and projects:
+### Scanner filter
 
-- For groups, the tool filter lists the individual tools.
-- For projects, the tool filter lists the individual tools if there are no third-party tools. If
-  there are third-party tools, the tool filter groups the tools by scanning category.
-
-In GitLab 16.5 and earlier, the tool filter groups the tools by vendor.
-If only GitLab analyzers are enabled, only those analyzers are listed.
+For projects, you can filter vulnerabilities based on the scanner that detected them. By default, the vulnerability report
+lists vulnerabilities from all scanners. For details of each of the available scanners, see
+[Security scanning tools](../detect/_index.md).
 
 ### Project filter
 
@@ -255,7 +241,8 @@ You can group by:
 
 - Status
 - Severity
-- Tool
+- Report Type
+- Scanner
 - OWASP top 10 2017
 
 ### Group vulnerabilities
@@ -375,7 +362,7 @@ Fields included are:
 - Status (See the following table for details of how the status value is exported.)
 - Group name
 - Project name
-- Tool
+- Report type
 - Scanner name
 - Vulnerability
 - Basic details
-- 
GitLab