Security Dashboard page description

Overview

With the new Security Dashboard initiative, we will be introducing a lot of new features and functionality compared to our existing dashboards, and could use the page description to explain anything that might be confusing. For example, in &17413 (comment 2629926389) I proposed adding something in the page description about the "click to pin" functionality for chart tooltips.

The goal of this issue is to decide on what information to include in the page description. Some ideas:

  • Click to pin the chart tooltips in order to interact with any links in the tooltips
  • A Learn more link to the docs for more information
  • That "open" vulnerabilities refer to those with statuses of "Needs triage" and "Confirmed", whereas "closed" refers those with statuses of "Dismissed" and "Resolved".

Current copy:

  • Project-level dashboard:

    Historical view of open vulnerabilities in the default branch. Excludes vulnerabilities that were resolved or dismissed. Learn more.

    • Note: This will no longer be true for the new dashboard because it will include current open vulns AND historical ones.

  • Group-level dashboard: none

Proposal

V1

Panels that categorize vulnerabilities as open include those with Needs triage or Confirmed status. To interact with a link in a chart popover, click to pin the popover first. To unstick it, click outside the popover. Learn more

V2

Many of the panels categorize vulnerabilities as open (Needs triage or Confirmed status) or closed (Dismissed or Resolved status). All of the currently open vulnerabilities are still detected, meaning that are were found by the latest scan on the default branch. To interact with a link in a chart popover, click to pin the popover first, and then click again outside the popover to unstick it. Learn more.

Edited by Lorenz van Herwaarden