73 lines
3.6 KiB
Markdown
73 lines
3.6 KiB
Markdown
---
|
|
type: reference, howto
|
|
stage: Secure
|
|
group: Threat Insights
|
|
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
|
|
---
|
|
|
|
# Standalone Vulnerability pages
|
|
|
|
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.0.
|
|
|
|
Each security vulnerability in the [Security Dashboard](../security_dashboard/index.md#project-security-dashboard) has its own standalone
|
|
page.
|
|
|
|
|
|
|
|
On the standalone vulnerability page, you can interact with the vulnerability in
|
|
several different ways:
|
|
|
|
- [Change the Vulnerability Status](#changing-vulnerability-status) - You can change the
|
|
status of a vulnerability to **Detected**, **Confirmed**, **Dismissed**, or **Resolved**.
|
|
- [Create issue](#creating-an-issue-for-a-vulnerability) - Create a new issue with the
|
|
title and description pre-populated with information from the vulnerability report.
|
|
By default, such issues are [confidential](../../project/issues/confidential_issues.md).
|
|
- [Solution](#automatic-remediation-solutions-for-vulnerabilities) - For some vulnerabilities,
|
|
a solution is provided for how to fix the vulnerability.
|
|
|
|
## Changing vulnerability status
|
|
|
|
You can switch the status of a vulnerability using the **Status** dropdown to one of
|
|
the following values:
|
|
|
|
| Status | Description |
|
|
|-----------|-------------------------------------------------------------------|
|
|
| Detected | The default state for a newly discovered vulnerability |
|
|
| Confirmed | A user has seen this vulnerability and confirmed it to be real |
|
|
| Dismissed | A user has seen this vulnerability and dismissed it |
|
|
| Resolved | The vulnerability has been fixed and is no longer in the codebase |
|
|
|
|
## Creating an issue for a vulnerability
|
|
|
|
You can create an issue for a vulnerability by selecting the **Create issue** button.
|
|
|
|
This creates a [confidential issue](../../project/issues/confidential_issues.md) in the
|
|
project the vulnerability came from, and pre-populates it with useful information from
|
|
the vulnerability report. After the issue is created, GitLab redirects you to the
|
|
issue page so you can edit, assign, or comment on the issue.
|
|
|
|
## Automatic remediation solutions for vulnerabilities
|
|
|
|
You can fix some vulnerabilities by applying the solution that GitLab automatically
|
|
generates for you. GitLab supports the following scanners:
|
|
|
|
- [Dependency Scanning](../dependency_scanning/index.md): Automatic Patch creation
|
|
is only available for Node.js projects managed with `yarn`.
|
|
- [Container Scanning](../container_scanning/index.md).
|
|
|
|
When an automatic solution is available, the button in the header will show "Resolve with merge request":
|
|
|
|
|
|
|
|
Selecting the button will create a merge request with the automatic solution.
|
|
|
|
### Manually applying a suggested patch
|
|
|
|
To manually apply the patch that was generated by GitLab for a vulnerability, select the dropdown arrow on the "Resolve
|
|
with merge request" button, then select the "Download patch to resolve" option:
|
|
|
|
|
|
|
|
This will change the button text to "Download patch to resolve". Click on it to download the patch:
|
|
|
|
|