Merge branch 'update-ar-docs-as' into 'master'

Replace "solution" with "automatic remediation" See merge request gitlab-org/gitlab!41380

Merge branch 'update-ar-docs-as' into 'master'
Replace "solution" with "automatic remediation" See merge request gitlab-org/gitlab!41380
5be4c49d · Russell Dickenson · fd9021f4 · a629703f · 5be4c49d · 5be4c49d
Commit 5be4c49d authored Oct 22, 2020 by Russell Dickenson
10 changed files
--- a/doc/development/integrations/secure.md
+++ b/doc/development/integrations/secure.md
@@ -532,7 +532,7 @@ of the available SAST Analyzers and what data is currently available.

 The `remediations` field of the report is an array of remediation objects.
 Each remediation describes a patch that can be applied to
-[automatically fix](../../user/application_security/#solutions-for-vulnerabilities-auto-remediation)
+[automatically fix](../../user/application_security/#automatic-remediation-for-vulnerabilities)
 a set of vulnerabilities.

 Here is an example of a report that contains remediations.

--- a/doc/development/integrations/secure_partner_integration.md
+++ b/doc/development/integrations/secure_partner_integration.md
@@ -95,7 +95,7 @@ and complete an integration with the Secure stage.
   - Users can interact with the findings from your artifact within their workflow. They can dismiss the findings or accept them and create a backlog issue.
   - To automatically create issues without user interaction, use the [issue API](../../api/issues.md). This will be replaced by [Standalone Vulnerabilities](https://gitlab.com/groups/gitlab-org/-/epics/634) in the future.
 1. Optional: Provide auto-remediation steps:
-   - If you specified `remediations` in your artifact, it is proposed through our [auto-remediation](../../user/application_security/index.md#solutions-for-vulnerabilities-auto-remediation)
+   - If you specified `remediations` in your artifact, it is proposed through our [auto-remediation](../../user/application_security/index.md#automatic-remediation-for-vulnerabilities)
     interface.
 1. Demo the integration to GitLab:
   - After you have tested and are ready to demo your integration please

--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -419,7 +419,7 @@ file, it's necessary to set [`GIT_STRATEGY: fetch`](../../../ci/yaml/README.md#g
 your `.gitlab-ci.yml` file by following the instructions described in this document's
 [overriding the container scanning template](#overriding-the-container-scanning-template) section.

-Read more about the [solutions for vulnerabilities](../index.md#solutions-for-vulnerabilities-auto-remediation).
+Read more about the [solutions for vulnerabilities](../index.md#automatic-remediation-for-vulnerabilities).

 ## Troubleshooting


--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -201,7 +201,7 @@ Once a vulnerability is found, you can interact with it. Read more on how to

 Some vulnerabilities can be fixed by applying the solution that GitLab
 automatically generates. Read more about the
-[solutions for vulnerabilities](../index.md#solutions-for-vulnerabilities-auto-remediation).
+[solutions for vulnerabilities](../index.md#automatic-remediation-for-vulnerabilities).

 ## Security Dashboard


--- a/doc/user/application_security/img/vulnerability_page_download_patch_button_v13_1.png
+++ b/doc/user/application_security/img/vulnerability_page_download_patch_button_v13_1.png
--- a/doc/user/application_security/img/vulnerability_page_merge_request_button_dropdown_v13_1.png
+++ b/doc/user/application_security/img/vulnerability_page_merge_request_button_dropdown_v13_1.png
--- a/doc/user/application_security/img/vulnerability_page_merge_request_button_v13_1.png
+++ b/doc/user/application_security/img/vulnerability_page_merge_request_button_v13_1.png
--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -119,7 +119,7 @@ information with several options:
 - [Create issue](#creating-an-issue-for-a-vulnerability): Create a new issue with the title and
  description pre-populated with information from the vulnerability report. By default, such issues
  are [confidential](../project/issues/confidential_issues.md).
- [Solution](#solutions-for-vulnerabilities-auto-remediation): For some vulnerabilities,
+- [Automatic Remediation](#automatic-remediation-for-vulnerabilities): For some vulnerabilities,
  a solution is provided for how to fix the vulnerability.

 ![Interacting with security reports](img/interacting_with_vulnerability_v13_3.png)
@@ -198,7 +198,24 @@ Pressing the "Dismiss Selected" button will dismiss all the selected vulnerabili

 ![Multiple vulnerability dismissal](img/multi_select_v12_9.png)

-### Solutions for vulnerabilities (auto-remediation)
+### Creating an issue for a vulnerability
+
+You can create an issue for a vulnerability by visiting the vulnerability's page and clicking
+**Create issue**, which you can find in the **Related issues** section.
+
+![Create issue from vulnerability](img/create_issue_from_vulnerability_v13_3.png)
+
+This creates a [confidential issue](../project/issues/confidential_issues.md) in the project the
+vulnerability came from, and pre-populates it with some useful information taken from the vulnerability
+report. Once the issue is created, you are redirected to it so you can edit, assign, or comment on
+it.
+
+Upon returning to the group security dashboard, the vulnerability now has an associated issue next
+to the name.
+
+![Linked issue in the group security dashboard](img/issue.png)
+
+### Automatic remediation for vulnerabilities

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5656) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.7.

@@ -210,26 +227,34 @@ automatically generates. The following scanners are supported:
  `yarn`.
 - [Container Scanning](container_scanning/index.md)

+When an automatic solution is available, the button in the header shows **Resolve with merge request**:
+
+![Resolve with Merge Request button](img/vulnerability_page_merge_request_button_v13_1.png)
+
+Selecting the button creates a merge request with the solution.
+
 #### Manually applying the suggested patch

-Some vulnerabilities can be fixed by applying a patch that is automatically
-generated by GitLab. To apply the fix:
+1. To manually apply the patch that was generated by GitLab for a vulnerability, select the dropdown arrow on the **Resolve
+with merge request** button, then select **Download patch to resolve**:
+
+![Resolve with Merge Request button dropdown](img/vulnerability_page_merge_request_button_dropdown_v13_1.png)
+
+1. The button's text changes to **Download patch to resolve**. Click on it to download the patch:
+
+![Download patch button](img/vulnerability_page_download_patch_button_v13_1.png)

-1. Click the vulnerability.
-1. Download and review the patch file `remediation.patch`.
 1. Ensure your local project has the same commit checked out that was used to generate the patch.
 1. Run `git apply remediation.patch`.
 1. Verify and commit the changes to your branch.

-![Apply patch for dependency scanning](img/vulnerability_solution.png)
-
 #### Creating a merge request from a vulnerability

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9224) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 11.9.

 In certain cases, GitLab allows you to create a merge request that automatically remediates the
 vulnerability. Any vulnerability that has a
-[solution](#solutions-for-vulnerabilities-auto-remediation) can have a merge
+[solution](#automatic-remediation-for-vulnerabilities) can have a merge
 request created to automatically solve the issue.

 If this action is available, the vulnerability page or modal contains a **Create merge request** button.
@@ -237,25 +262,6 @@ Click this button to create a merge request to apply the solution onto the sourc

 ![Create merge request from vulnerability](img/create_mr_from_vulnerability_v13_4.png)

-### Creating an issue for a vulnerability
-
-You can create an issue for a vulnerability by visiting the vulnerability's page and clicking
-**Create issue**, which you can find in the **Related issues** section.
-
-![Create issue from vulnerability](img/create_issue_from_vulnerability_v13_3.png)
-
-This creates a [confidential issue](../project/issues/confidential_issues.md) in the project the
-vulnerability came from, and pre-populates it with some useful information taken from the vulnerability
-report. Once the issue is created, you are redirected to it so you can edit, assign, or comment on
-it. CVE identifiers can be requested from GitLab by clicking the
-[_CVE ID Request_ button](cve_id_request.md) that is enabled for maintainers of
-public projects on GitLab.com
-
-Upon returning to the group security dashboard, the vulnerability now has an associated issue next
-to the name.
-
-![Linked issue in the group security dashboard](img/issue.png)
-
 ### Managing related issues for a vulnerability

 Issues can be linked to a vulnerability using the related issues block on the vulnerability page.
@@ -320,7 +326,7 @@ appears:

 ![Unconfigured Approval Rules](img/unconfigured_security_approval_rules_and_jobs_v13_4.png)

-If at least one security scanner is enabled, you will be able to enable the `Vulnerability-Check` approval rule. If a license scanning job is enabled, you will be able to enable the `License-Check` rule.
+If at least one security scanner is enabled, you can enable the `Vulnerability-Check` approval rule. If a license scanning job is enabled, you can enable the `License-Check` rule.

 ![Unconfigured Approval Rules with valid pipeline jobs](img/unconfigured_security_approval_rules_and_enabled_jobs_v13_4.png)


--- a/doc/user/application_security/offline_deployments/index.md
+++ b/doc/user/application_security/offline_deployments/index.md
@@ -66,8 +66,7 @@ external links exposed in the UI. These links might not be accessible within an

 ### Automatic remediation for vulnerabilities

-The [automatic remediation for vulnerabilities](../index.md#solutions-for-vulnerabilities-auto-remediation) feature
-(auto-remediation) is available for offline Dependency Scanning and Container Scanning, but may not work
+The [automatic remediation for vulnerabilities](../index.md#automatic-remediation-for-vulnerabilities) feature is available for offline Dependency Scanning and Container Scanning, but may not work
 depending on your instance's configuration. We can only suggest solutions, which are generally more
 current versions that have been patched, when we are able to access up-to-date registry services
 hosting the latest versions of that dependency or image.

--- a/doc/user/application_security/vulnerabilities/index.md
+++ b/doc/user/application_security/vulnerabilities/index.md
@@ -25,7 +25,7 @@ several different ways:
  title and description pre-populated with information from the vulnerability report.
  By default, such issues are [confidential](../../project/issues/confidential_issues.md).
 - [Link issues](#link-issues-to-the-vulnerability) - Link existing issues to vulnerability.
- [Solution](#automatic-remediation-for-vulnerabilities) - For some vulnerabilities,
+- [Automatic remediation](#automatic-remediation-for-vulnerabilities) - For some vulnerabilities,
  a solution is provided for how to fix the vulnerability.

 ## Changing vulnerability status
@@ -61,4 +61,4 @@ that the resolution of one issue would resolve multiple vulnerabilities.
 ## Automatic remediation for vulnerabilities

 You can fix some vulnerabilities by applying the solution that GitLab automatically
-generates for you. [Read more about the automatic remediation for vulnerabilities feature](../index.md#solutions-for-vulnerabilities-auto-remediation).
+generates for you. [Read more about the automatic remediation for vulnerabilities feature](../index.md#automatic-remediation-for-vulnerabilities).