Update docs for VM2.0

kcarmichael08 · kcarmichael08 · commit abd3e227f44e · 2024-06-25T15:23:54.000-04:00
diff --git a/modules/understanding-vulnerability-scores.adoc b/modules/understanding-vulnerability-scores.adoc
@@ -3,10 +3,10 @@
 // * operating/examine-images-for-vulnerabilities.adoc
 :_mod-docs-content-type: CONCEPT
 [id="understanding-understanding-vulnerability-scores_{context}"]
-= Understanding vulnerability scores
+= Understanding vulnerability scores in the Dashboard
 
 [role="_abstract"]
-The {product-title} portal shows a single Common Vulnerability Scoring System (CVSS) base score for each vulnerability.
+The Vulnerability Management Dashboard in the {product-title} portal shows a single Common Vulnerability Scoring System (CVSS) base score for each vulnerability.
 {product-title-short} shows the CVSS score based on the following criteria:
 
 * If a CVSS v3 score is available, {product-title-short} shows the score and lists `v3` along with it.
diff --git a/modules/vulnerability-management-asset-assessment.adoc b/modules/vulnerability-management-asset-assessment.adoc
@@ -17,13 +17,13 @@ When you install {product-title} on your Kubernetes or {ocp} cluster, it first a
 Important assets that should be monitored by the organization's vulnerability management process using {product-title-short} include:
 
 * *Components*: Components are software packages that may be used as part of an image or run on a node. Components are the lowest level where vulnerabilities are present. Therefore, organizations must upgrade, modify or remove software components in some way to remediate vulnerabilities.
-* *Image*: A collection of software components and code that create an environment to run an executable portion of code. Images are where you upgrade components to fix vulnerabilities.
+* *Images*: A collection of software components and code that create an environment to run an executable portion of code. Images are where you upgrade components to fix vulnerabilities.
 * *Nodes*: A server used to manage and run applications using OpenShift or Kubernetes and the components that make up the {ocp} or Kubernetes service.
 
-{product-title} groups these assets into the following structures:
+{product-title-short} groups these assets into the following structures:
 
 * *Deployment*: A definition of an application in Kubernetes that may run pods with containers based on one or many images.
 * *Namespace*: A grouping of resources such as Deployments that support and isolate an application.
 * *Cluster*: A group of nodes used to run applications using OpenShift or Kubernetes.
 
-{product-title} scans the assets for known vulnerabilities and uses the Common Vulnerabilities and Exposures (CVE) data to assess the impact of a known vulnerability.
+{product-title-short} scans the assets for known vulnerabilities and uses the Common Vulnerabilities and Exposures (CVE) data to assess the impact of a known vulnerability.
diff --git a/modules/vulnerability-management-view-applications-vulnerability.adoc b/modules/vulnerability-management-view-applications-vulnerability.adoc
@@ -3,14 +3,14 @@
 // * operating/manage-vulnerabilities.adoc
 :_mod-docs-content-type: PROCEDURE
 [id="vulnerability-management-view-applications-vulnerability_{context}"]
-= Viewing application vulnerabilities
+= Viewing application vulnerabilities by using the Dashboard
 
 [role="_abstract"]
-You can view application vulnerabilities in {product-title}.
+You can view application vulnerabilities in {product-title} by using the *Dashboard*.
 
 .Procedure
 
-. In the {product-title-short} portal, go to *Vulnerability Management 1.0* -> *Dashboard*.
+. In the {product-title-short} portal, go to *Vulnerability Management* -> *Dashboard*.
 . On the *Dashboard* view header, select *Application & Infrastructure* -> *Namespaces* or *Deployments*.
 . From the list, search for and select the *Namespace* or *Deployment* you want to review.
 . To get more information about the application, select an entity from *Related entities* on the right.
diff --git a/modules/vulnerability-management-view-image-vulnerability-dashboard.adoc b/modules/vulnerability-management-view-image-vulnerability-dashboard.adoc
@@ -2,15 +2,15 @@
 //
 // * operating/manage-vulnerabilities.adoc
 :_mod-docs-content-type: PROCEDURE
-[id="vulnerability-management-view-image-vulnerability_{context}"]
-= Viewing image vulnerabilities
+[id="vulnerability-management-view-image-vulnerability-dashboard_{context}"]
+= Viewing vulnerabilities by image using the Dashboard
 
 [role="_abstract"]
-You can view image vulnerabilities in {product-title}.
+You can view image vulnerabilities in {product-title} by using the *Dashboard*.
 
 .Procedure
-. In the {product-title-short} portal, go to *Vulnerability Management 1.0* -> *Dashboard*.
-. On the *Dashboard* view header, select *Images*.
+. In the {product-title-short} portal, go to *Vulnerability Management* -> *Dashboard*.
+. On the *Dashboard* view header, select *<number> Images*.
 . From the list of images, select the image you want to investigate. You can also filter the list by performing one of the following steps:
 .. Enter *Image* in the search bar and then select the *Image* attribute.
 .. Enter the image name in the search bar.
diff --git a/modules/vulnerability-management20-view-cve.adoc b/modules/vulnerability-management20-view-cve.adoc
@@ -3,28 +3,109 @@
 // * operating/manage-vulnerabilities/vulnerability-management.adoc
 :_mod-docs-content-type: PROCEDURE
 [id="vulnerability-management20-view-workload-cve_{context}"]
-= Viewing workload CVEs in Vulnerability Management (2.0)
+= Viewing workload CVEs
 
 [role="_abstract"]
-You can view a comprehensive list of vulnerabilities, or CVEs, in {product-title-short} across images and deployments. You can use the search filter bar to select specific CVEs, images, deployments, namespaces, or clusters.
+
+You can view vulnerabilities across images and deployments found by {product-title} in the *Vulnerability Management* -> *Workload CVEs* page.
+
+From the *View image vulnerabilities* menu, you can select from the following choices:
+
+* Image vulnerabilities: Displays images and deployments in which {product-title-short} has discovered CVEs.
+* Images without CVEs: Displays images that meet the following conditions:
+** Images that do not have CVEs
+** Images that report a scanner error that may result in a false negative of no CVEs
+** Images that have all known CVEs marked as *Deferred* or *False positive*
++
+[NOTE]
+====
+An image that actually contains vulnerabilities can appear in this list by mistake. For example, if the {product-title-short} scanner was able to scan the image and it is known to {product-title-short}, but the scan did not successfully complete, vulnerabilities would not be detected. This scenario can occur if an image has an operating system that is not supported by the {product-title-short} scanner. Scan errors are displayed when you hover over an image in the image list or click the image name for more information.
+====
 
 .Procedure
-. In the {product-title-short} portal, go to *Vulnerability Management (2.0)* -> *Workload CVEs*.
-. From the drop-down list, select the search criteria you want to use. You can select an item type, such as a cluster, from the list, and then select the specific name of the item. You can add additional items to the filter by selecting another item from the list and selecting the specific name of the new item. For example, you can select a specific image and a specific cluster to limit results to those selections. You can filter on the following items:
-* CVE
-* Image
-* Deployment
-* Namespace
-* Cluster
-* Component
-* Component source
-. Optional: Use the *CVE severity* list to select the severities of the CVEs that you want to display.
-. Click the relevant button to view a list of vulnerabilities, images, or deployments in the system.
+
+. To show all CVEs across all images, click *View image vulnerabilities* -> *Image vulnerabilities*.
+. You can filter CVEs by entity by selecting the appropriate filters and attributes. You can choose multiple entities and attributes by clicking the right arrow to add another criteria. Depending on your choices, enter the appropriate information such as text, or select a date or object. The filter entities and attributes are listed in the following table.
 +
+.CVE filtering
+
+|===
+|Entity|Attributes
+
+|Image
+a|
+
+* Name
+* Operating system
+* Tag
+* CVSS
+* Label
+* Created Time
+* Scan Time
+|Registry|
+|Deployment|
+|Namespace|
+|Cluster|
+|Node
+a|
+
+* CVSS
+** is greater than
+** is greater than
+** is greater than or equal to
+** is equal to
+** is less than or equal to
+** is less than
+
+a|Image CVE|
+
+* ID
+* Discovered Time
+** calendar input
+* CVSS
+** is greater than
+** is greater than
+** is greater than or equal to
+** is equal to
+** is less than or equal to
+** is less than
+* Type
+
+|Node CVE
+a|
+
+* ID
+* Discovered Time
+* CVSS
+* Snoozed
+
+|Platform CVE|
+|Image Component
+a|
+
+* Name
+* Source
+** OS
+** Python
+** Java
+** Ruby
+** Node.js
+** Dotnet Core Runtime
+** Infrastructure
+
+* Version
+|Node Component|Name: Select from the list, or begin entering text to use autocomplete
+|===
+
+. To filter by severity, click *CVE severity* and select one or more levels.
+. To filter by CVE status, click *CVE status* and select *Fixable* or *Not fixable*.
+. To ???????, click *Prioritize by namespace view*.
+
 [NOTE]
 ====
 The *Filtered view* icon indicates that the displayed results were filtered based on the criteria that you selected. You can click *Clear filters* to remove all filters, or remove individual filters by clicking on them.
 ====
+
 . In the list of results, click a CVE, image name, or deployment name to view more information about the item. For example, depending on the item type, you can view the following information:
 +
 * Whether a CVE is fixable
diff --git a/operating/manage-vulnerabilities/vulnerability-management.adoc b/operating/manage-vulnerabilities/vulnerability-management.adoc
@@ -17,14 +17,17 @@ include::modules/vulnerability-management-asset-assessment.adoc[leveloffset=+2]
 [id="viewing-vulnerabilities"]
 == Viewing vulnerabilities
 
-{product-title-short} provides the following methods to view vulnerabilities discovered in your system:
+{product-title-short} provides two ways to view vulnerabilities discovered in your system.
 
-* To view application vulnerabilities by namespace or deployment, or to view vulnerabilities in an image, in the {product-title-short} web portal, go to *Vulnerability Management (1.0)* -> *Dashboard*.
-* To view vulnerabilities in applications running on clusters in your system, go to *Vulnerability Management (2.0)* -> *Workload CVEs*. You can filter vulnerabilities by image, deployment, namespace, and cluster.
+The *Vulnerability Management Dashboard* provides information about vulnerabilities. You can view vulnerabilities by image, node, or platform. You can further view vulnerabilities by clusters, namespaces, deployments, node components, and image components. To access the dashboard, go to *Vulnerability Management* -> *Dashboard*.
 
-include::modules/vulnerability-management-view-applications-vulnerability.adoc[leveloffset=+2]
+The *Workload CVEs* page provides information about vulnerabilities in applications running on clusters in your system. You can view vulnerability information across images and deployments. The Workload CVEs page provides more advanced capabilities than the Dashboard for filtering, including the ability to view images and deployments with vulnerabilities and filter by image, deployment, namespace, cluster, CVE, component, and component source. To access the Workload CVEs page, go to *Vulnerability Management* -> *Workload CVEs*.
 
-include::modules/vulnerability-management-view-image-vulnerability.adoc[leveloffset=+2]
+[id="using-the-vm-dashboard"]
+=== Using the Dashboard
+
+include::modules/vulnerability-management-view-applications-vulnerability.adoc[leveloffset=+3]
+include::modules/vulnerability-management-view-image-vulnerability-dashboard.adoc[leveloffset=+3]
 
 [role="additional-resources"]
 .Additional resources
