Commit b03c6a68 authored by Matt Wilson's avatar Matt Wilson Committed by Nick Gaskill

Changing Security Dashboard to Security Center

parent 946bb702
...@@ -295,7 +295,7 @@ The following documentation relates to the DevOps **Secure** stage: ...@@ -295,7 +295,7 @@ The following documentation relates to the DevOps **Secure** stage:
| [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. | | [Dependency Scanning](user/application_security/dependency_scanning/index.md) **(ULTIMATE)** | Analyze your dependencies for known vulnerabilities. |
| [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. | | [Dynamic Application Security Testing (DAST)](user/application_security/dast/index.md) **(ULTIMATE)** | Analyze running web applications for known vulnerabilities. |
| [Group Security Dashboard](user/application_security/security_dashboard/index.md#group-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. | | [Group Security Dashboard](user/application_security/security_dashboard/index.md#group-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects in a group and its subgroups. |
| [Instance Security Dashboard](user/application_security/security_dashboard/index.md#instance-security-dashboard) **(ULTIMATE)** | View vulnerabilities in all the projects you're interested in. | | [Instance Security Center](user/application_security/security_dashboard/index.md#instance-security-center) **(ULTIMATE)** | View vulnerabilities in all the projects you're interested in. |
| [License Compliance](user/compliance/license_compliance/index.md) **(ULTIMATE)** | Search your project's dependencies for their licenses. | | [License Compliance](user/compliance/license_compliance/index.md) **(ULTIMATE)** | Search your project's dependencies for their licenses. |
| [Pipeline Security](user/application_security/security_dashboard/index.md#pipeline-security) **(ULTIMATE)** | View the security reports for your project's pipelines. | | [Pipeline Security](user/application_security/security_dashboard/index.md#pipeline-security) **(ULTIMATE)** | View the security reports for your project's pipelines. |
| [Project Security Dashboard](user/application_security/security_dashboard/index.md#project-security-dashboard) **(ULTIMATE)** | View the latest security reports for your project. | | [Project Security Dashboard](user/application_security/security_dashboard/index.md#project-security-dashboard) **(ULTIMATE)** | View the latest security reports for your project. |
......
...@@ -44,7 +44,7 @@ best place to integrate your own product and its results into GitLab. ...@@ -44,7 +44,7 @@ best place to integrate your own product and its results into GitLab.
- If certain policies (such as [merge request approvals](../../user/project/merge_requests/merge_request_approvals.md)) - If certain policies (such as [merge request approvals](../../user/project/merge_requests/merge_request_approvals.md))
are in place for a project, developers must resolve specific findings or get are in place for a project, developers must resolve specific findings or get
an approval from a specific list of people. an approval from a specific list of people.
- The [security dashboard](../../user/application_security/security_dashboard/index.md#gitlab-security-dashboard) - The [security dashboard](../../user/application_security/security_dashboard/index.md)
also shows results which can developers can use to quickly see all the also shows results which can developers can use to quickly see all the
vulnerabilities that need to be addressed in the code. vulnerabilities that need to be addressed in the code.
- When the developer reads the details about a vulnerability, they are - When the developer reads the details about a vulnerability, they are
......
...@@ -5,21 +5,26 @@ group: Threat Insights ...@@ -5,21 +5,26 @@ group: Threat Insights
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
--- ---
# GitLab Security Dashboard **(ULTIMATE)** # GitLab Security Dashboard, Security Center, and Vulnerability Reports **(ULTIMATE)**
The Security Dashboard is a good place to get an overview of all the security GitLab provides a comprehensive set of features for viewing and managing vulnerabilities:
vulnerabilities in your groups, projects, and pipelines.
- Security dashboards: An overview of the security status in your instance, groups, and projects.
- Vulnerability reports: Detailed lists of all vulnerabilities for the instance, group, project, or
pipeline. This is where you triage and manage vulnerabilities.
- Security Center: A dedicated area for vulnerability management at the instance level. This
includes a security dashboard, vulnerability report, and settings.
You can also drill down into a vulnerability and get extra information. This includes the project it You can also drill down into a vulnerability and get extra information. This includes the project it
comes from, any related file(s), and metadata that helps you analyze the risk it poses. You can also comes from, any related file(s), and metadata that helps you analyze the risk it poses. You can also
dismiss a vulnerability or create an issue for it. dismiss a vulnerability or create an issue for it.
To benefit from the Security Dashboard you must first configure one of the To benefit from these features, you must first configure one of the
[security scanners](../index.md). [security scanners](../index.md).
## Supported reports ## Supported reports
The Security Dashboard displays vulnerabilities detected by scanners such as: The vulnerability report displays vulnerabilities detected by scanners such as:
- [Container Scanning](../container_scanning/index.md) - [Container Scanning](../container_scanning/index.md)
- [Dynamic Application Security Testing](../dast/index.md) - [Dynamic Application Security Testing](../dast/index.md)
...@@ -29,7 +34,7 @@ The Security Dashboard displays vulnerabilities detected by scanners such as: ...@@ -29,7 +34,7 @@ The Security Dashboard displays vulnerabilities detected by scanners such as:
## Requirements ## Requirements
To use the instance, group, project, or pipeline security dashboard: To use the security dashboards and vulnerability reports:
1. At least one project inside a group must be configured with at least one of 1. At least one project inside a group must be configured with at least one of
the [supported reports](#supported-reports). the [supported reports](#supported-reports).
...@@ -112,38 +117,43 @@ Next to the timeline chart is a list of projects, grouped and sorted by the seve ...@@ -112,38 +117,43 @@ Next to the timeline chart is a list of projects, grouped and sorted by the seve
Projects with no vulnerability tests configured will not appear in the list. Additionally, dismissed Projects with no vulnerability tests configured will not appear in the list. Additionally, dismissed
vulnerabilities are excluded. vulnerabilities are excluded.
Navigate to the group's [Vulnerability Report](#vulnerability-list) to view the vulnerabilities found. Navigate to the group's [vulnerability report](#vulnerability-report) to view the vulnerabilities found.
## Instance Security Center
## Instance Security Dashboard > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3426) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.4.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/6953) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.8. The Security Center is where you manage vulnerabilities for your instance. It displays the
vulnerabilities present in the default branches of all the projects you configure. It includes the
following:
At the instance level, the Security Dashboard displays the vulnerabilities present in the default - The [group security dashboard's](#group-security-dashboard) features.
branches of all the projects you configure to display on the dashboard. It includes all the - A [vulnerability report](#vulnerability-report).
[group Security Dashboard's](#group-security-dashboard) - A dedicated settings area to configure which projects to display.
features.
![Instance Security Dashboard with projects](img/instance_security_dashboard_v13_4.png) ![Instance Security Dashboard with projects](img/instance_security_dashboard_v13_4.png)
You can access the Instance Security Dashboard from the menu You can access the Instance Security Center from the menu
bar at the top of the page. Under **More**, select **Security**. bar at the top of the page. Under **More**, select **Security**.
![Instance Security Dashboard navigation link](img/instance_security_dashboard_link_v12_4.png) ![Instance Security Center navigation link](img/instance_security_dashboard_link_v12_4.png)
The dashboard is empty before you add projects to it. The dashboard and vulnerability report are empty before you add projects.
![Uninitialized Instance Security Dashboard](img/instance_security_dashboard_empty_v13_4.png) ![Uninitialized Instance Security Center](img/instance_security_dashboard_empty_v13_4.png)
### Adding projects to the dashboard ### Adding projects to the Security Center
To add projects to the dashboard: To add projects to the Security Center:
1. Click **Settings** in the left navigation bar or click the **Add projects** button. 1. Click **Settings** in the left navigation bar or click the **Add projects** button.
1. Search for and add one or more projects using the **Search your projects** field. 1. Search for and add one or more projects using the **Search your projects** field.
1. Click the **Add projects** button. 1. Click the **Add projects** button.
After you add projects, the Security Dashboard displays the vulnerabilities found in those projects' ![Adding projects to Instance Security Center](img/instance_security_center_settings_v13_4.png)
default branches.
After you add projects, the security dashboard and vulnerability report display the vulnerabilities
found in those projects' default branches.
## Export vulnerabilities ## Export vulnerabilities
...@@ -192,14 +202,14 @@ When using [Auto DevOps](../../../topics/autodevops/index.md), use ...@@ -192,14 +202,14 @@ When using [Auto DevOps](../../../topics/autodevops/index.md), use
[special environment variables](../../../topics/autodevops/customize.md#environment-variables) [special environment variables](../../../topics/autodevops/customize.md#environment-variables)
to configure daily security scans. to configure daily security scans.
## Vulnerability list ## Vulnerability report
Each dashboard's vulnerability list contains vulnerabilities from the latest scans that were merged Each vulnerability report contains vulnerabilities from the latest scans that were merged
into the default branch. into the default branch.
![Vulnerability Report](img/group_vulnerability_report_v13_4.png) ![Vulnerability Report](img/group_vulnerability_report_v13_4.png)
You can filter which vulnerabilities the Security Dashboard displays by: You can filter which vulnerabilities the vulnerability report displays by:
- Status - Status
- Severity - Severity
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment