2020-04-22 19:07:51 +05:30
---
type: reference, howto
2020-06-23 00:09:42 +05:30
stage: Secure
group: Vulnerability Research
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
2020-04-22 19:07:51 +05:30
---
# Standalone Vulnerability pages
2020-06-23 00:09:42 +05:30
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0.
2020-04-22 19:07:51 +05:30
Each security vulnerability in the [Vulnerability List ](../dependency_list/index.md ) has its own standalone
page.
![Standalone vulnerability page ](img/standalone_vulnerability_page_v12_10.png )
On the standalone vulnerability page, you can interact with the vulnerability in
several different ways:
- [Change the Vulnerability Status ](#changing-vulnerability-status ) - You can change the
status of a vulnerability to **Detected** , **Confirmed** , **Dismissed** , or **Resolved** .
- [Create issue ](#creating-an-issue-for-a-vulnerability ) - Create a new issue with the
2020-06-23 00:09:42 +05:30
title and description pre-populated with information from the vulnerability report.
2020-04-22 19:07:51 +05:30
By default, such issues are [confidential ](../../project/issues/confidential_issues.md ).
- [Solution ](#automatic-remediation-solutions-for-vulnerabilities ) - For some vulnerabilities,
a solution is provided for how to fix the vulnerability.
## Changing vulnerability status
You can switch the status of a vulnerability using the **Status** dropdown to one of
the following values:
| State | Description |
|-----------|-------------------------------------------------------------------|
| Detected | The default state for a newly discovered vulnerability |
| Confirmed | A user has seen this vulnerability and confirmed it to be real |
| Dismissed | A user has seen this vulnerability and dismissed it |
| Resolved | The vulnerability has been fixed and is no longer in the codebase |
## Creating an issue for a vulnerability
You can create an issue for a vulnerability by selecting the **Create issue** button.
This creates a [confidential issue ](../../project/issues/confidential_issues.md ) in the
2020-06-23 00:09:42 +05:30
project the vulnerability came from, and pre-populates it with useful information from
2020-04-22 19:07:51 +05:30
the vulnerability report. After the issue is created, GitLab redirects you to the
issue page so you can edit, assign, or comment on the issue.
## Automatic remediation solutions for vulnerabilities
You can fix some vulnerabilities by applying the solution that GitLab automatically
generates for you. GitLab supports the following scanners:
- [Dependency Scanning ](../dependency_scanning/index.md ): Automatic Patch creation
is only available for Node.js projects managed with `yarn` .
- [Container Scanning ](../container_scanning/index.md ).
2020-06-23 00:09:42 +05:30
When an automatic solution is available, the button in the header will show "Resolve with merge request":
![Resolve with Merge Request button ](img/standalone_vulnerability_page_merge_request_button_v13_1.png )
Selecting the button will create a merge request with the automatic solution.
2020-04-22 19:07:51 +05:30
### Manually applying a suggested patch
2020-06-23 00:09:42 +05:30
To manually apply the patch that was generated by GitLab for a vulnerability, select the dropdown arrow on the "Resolve
with merge request" button, then select the "Download patch to resolve" option:
![Resolve with Merge Request button dropdown ](img/standalone_vulnerability_page_merge_request_button_dropdown_v13_1.png )
2020-04-22 19:07:51 +05:30
2020-06-23 00:09:42 +05:30
This will change the button text to "Download patch to resolve". Click on it to download the patch:
2020-04-22 19:07:51 +05:30
2020-06-23 00:09:42 +05:30
![Download patch button ](img/standalone_vulnerability_page_download_patch_button_v13_1.png )