Update documentation for both Klar and the new Container-scanning

doc/topics/autodevops/stages.md

@@ -208,9 +208,9 @@ documentation.
 
 ## Auto Container Scanning **(ULTIMATE)**
 
-Vulnerability Static Analysis for containers uses [Clair](https://github.com/quay/clair)
-to check for potential security issues on Docker images. The Auto Container Scanning
-stage is skipped on licenses other than [Ultimate](https://about.gitlab.com/pricing/).
+Vulnerability Static Analysis for containers uses either [Clair](https://github.com/quay/clair)
+or [Trivy](https://aquasecurity.github.io/trivy/latest/) to check for potential security issues in
+Docker images. The Auto Container Scanning stage is skipped on licenses other than [Ultimate](https://about.gitlab.com/pricing/).
 
 After creating the report, it's uploaded as an artifact which you can later download and
 check out. The merge request displays any detected security issues.

doc/user/application_security/vulnerabilities/severities.md

@@ -64,6 +64,7 @@ the following tables:
 | GitLab analyzer                                                        | Outputs severity levels? | Native severity level type | Native severity level example                                |
 |------------------------------------------------------------------------|--------------------------|----------------------------|--------------------------------------------------------------|
 | [`klar`](https://gitlab.com/gitlab-org/security-products/analyzers/klar) | **{check-circle}** Yes   | String                     | `Negligible`, `Low`, `Medium`, `High`, `Critical`, `Defcon1` |
+| [`container-scanning`](https://gitlab.com/gitlab-org/security-products/analyzers/container-scanning)| **{check-circle}** Yes | String | `Unknown`, `Low`, `Medium`, `High`, `Critical` |
 
 ## Fuzz Testing