update existing documentation about possible values for Severity to denote depreciation of Undefined and document the mapping for each analyzer
Problem to solve
Today we use a similar vocabulary for communicating Severity and Confidence. This leads to a confusing experience, especially where the two labels appear near to one another.
Epic:Security reports: Remodel severity levels
Epic:Security reports: Remodel severity and confidence
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
Further details
Proposal
update existing documentation about depreciation of Undefined, and all possible values for Severity mapping for each analyzer
Implementation plan
-
remove all mentions of Undefined
in all our documentation or merge content withUnknown
when relevant.- https://docs.gitlab.com/ee/api/vulnerability_findings.html#list-project-vulnerability-findings
- https://docs.gitlab.com/ee/user/application_security/container_scanning/#reports-json-format
- https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#reports-json-format
- https://docs.gitlab.com/ee/user/application_security/sast/#reports-json-format
Documentation
Check if any screen shots or other elements of related documentation need updates
Availability & Testing
Verify if tests pass or need updates as a result
Links / references
Edited by Nicole Schwartz