Adds documentation for autoremediation

Updates docs for MR and Group security dashboard

Adds documentation for autoremediation
Updates docs for MR and Group security dashboard
fcb1466f · Sam Beckham · Achilleas Pipinellis · f31166e2 · fcb1466f · fcb1466f
Commit fcb1466f authored Mar 18, 2019 by Sam Beckham Committed by Achilleas Pipinellis Mar 18, 2019
4 changed files
--- a/doc/user/group/security_dashboard/index.md
+++ b/doc/user/group/security_dashboard/index.md
@@ -88,7 +88,8 @@ If you hover over a row, there will appear some actions you can take:
 Clicking the "More info" button opens a modal with more information about the
 selected vulnerability where you can get a better description, as well as the
 file it came from, and a possible solution. You get access to the
-["Dismiss vulnerability"](#dismissing-a-vulnerability) and
+["Dismiss vulnerability"](#dismissing-a-vulnerability),
+["Create merge request"](#create-a-merge-request-from-a-vulnerability), and
 ["Create issue"](#creating-an-issue-for-a-vulnerability) buttons inside this
 modal as well.

@@ -110,6 +111,21 @@ will now have an associated issue next to the name.
 You can get the same result if you select the **Create issue** button from inside
 the "More info" modal.

+### Create a Merge Request from a vulnerability
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/9224) in
+  [GitLab Ultimate](https://about.gitlab.com/pricing) 11.9.
+
+In certain cases, GitLab will allow you to create a merge request that will
+automatically remediate the vulnerability.
+
+Clicking on the "Create merge request" button inside the more info modal will create
+a merge request onto the default branch, then redirect you to that merge request.
+
+CAUTION: **Warning:** Automatic Patch creation is only available for a subset of
+[Dependency Scanning](../../project/merge_requests/dependency_scanning.md). At the moment only Node.JS projects
+managed with yarn are supported.
+
 ### Dismissing a vulnerability

 You can also dismiss vulnerabilities by clicking the "Dismiss vulnerability" button.

--- a/doc/user/project/merge_requests/img/create-issue-with-list-hover.png
+++ b/doc/user/project/merge_requests/img/create-issue-with-list-hover.png
--- a/doc/user/project/merge_requests/index.md
+++ b/doc/user/project/merge_requests/index.md
@@ -376,6 +376,19 @@ Some Vulnerabilities can be fixed by applying a patch that is automatically gene

 ![Solutions for dependency scanning](img/vulnerability_solution.png)

+### Create a merge request from a vulnerability **[ULTIMATE]**
+
+> Introduced in [GitLab Ultimate][products] 11.9.
+
+CAUTION: **Warning:** Automatic Patch creation is only available for a subset of [Dependency Scanning](dependency_scanning.md). At the moment only Node.JS projects managed with yarn are supported.
+
+Any vulnerability that has a [solution](#solutions-for-dependency-scanning-ultimate) can have a merge request created to automatically solve the issue.
+
+If this action is available there will be a "Create merge request" button in the vulnerability modal.
+Clicking on this button will create a merge request to apply the solution onto the source branch.
+
+![Create merge request from vulnerability](img/create-issue-with-list-hover.png)
+
 ## Live preview with Review Apps

 If you configured [Review Apps](https://about.gitlab.com/features/review-apps/) for your project,

--- a/ee/changelogs/unreleased/10409-documentation-for-auto-remediation.yml
+++ b/ee/changelogs/unreleased/10409-documentation-for-auto-remediation.yml
+---
+title: Adds documentation for autoremediation
+merge_request: 10054
+author:
+type: other