openshift · kcarmichael08 · Jul 24, 2024 · Jun 25, 2024
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -229,10 +229,14 @@ Topics:
 - Name: Managing vulnerabilities
   Dir: manage-vulnerabilities
   Topics:
-  - Name: Vulnerability management
+  - Name: Vulnerability management overview
     File: vulnerability-management
-  - Name: Common tasks
+  - Name: Viewing and addressing vulnerabilities
     File: common-vuln-management-tasks
+  - Name: Reporting vulnerabilities
+    File: vulnerability-reporting
+  - Name: Using the vulnerability management dashboard (deprecated)
+    File: vulnerability-management-dashboard
   - Name: Scanning RHCOS node hosts
     File: scan-rhcos-node-host
 - Name: Responding to violations

diff --git a/images/workload-cve-search.png b/images/workload-cve-search.png
diff --git a/modules/create-policies-to-block-specific-cves.adoc b/modules/create-policies-to-block-specific-cves.adoc
@@ -1,9 +1,10 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/vulnerability-management-dashboard.adoc
+
 :_mod-docs-content-type: PROCEDURE
 [id="create-policies-to-block-specific-cves_{context}"]
-= Creating policies to block specific CVEs
+= Creating policies to block specific CVEs by using the dashboard
 
 You can create new policies or add specific CVEs to an existing policy from the *Vulnerability Management* view.
 

diff --git a/modules/disable-identify-vulnerabilities-in-nodes.adoc b/modules/disable-identify-vulnerabilities-in-nodes.adoc
@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/common-vuln-management-tasks.adoc
+
 :_mod-docs-content-type: PROCEDURE
 [id="disable-identify-vulnerabilities-in-nodes_{context}"]
 = Disabling identifying vulnerabilities in nodes
@@ -12,5 +13,6 @@ Identifying vulnerabilities in nodes is enabled by default. You can disable it f
 . In the {product-title-short} portal, go to *Platform Configuration* -> *Integrations*.
 . Under *Image Integrations*, select *StackRox Scanner*.
 . From the list of scanners, select *StackRox Scanner* to view its details.
-. Remove the *Node Scanner* option from *Types*.
-. Select *Save*.
+. Click *Edit*.
+. To use only the image scanner and not the node scanner, click *Image Scanner*.
+. Click *Save*.
diff --git a/modules/find-clusters-with-most-kubernetes-and-istio-vulnerabilities.adoc b/modules/find-clusters-with-most-kubernetes-and-istio-vulnerabilities.adoc
@@ -1,19 +1,18 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/vulnerability-management-dashboard.adoc
 
 :_mod-docs-content-type: PROCEDURE
 [id="find-clusters-with-most-kubernetes-and-istio-vulnerabilities_{context}"]
-= Finding clusters with most Kubernetes and Istio vulnerabilities
+= Finding clusters with most Kubernetes and Istio vulnerabilities by using the dashboard
 
 [role="_abstract"]
-Use the *Vulnerability Management (1.0)* view for identifying the clusters with most Kubernetes, {osp}, and Istio vulnerabilities (deprecated) in your environment.
-
-The *Clusters with most orchestrator and Istio vulnerabilities*  widget shows a list of clusters, ranked by the number of Kubernetes, {osp}, and Istio vulnerabilities (deprecated) in each cluster.
-The cluster on top of the list is the cluster with the highest number of vulnerabilities.
+You can identify the clusters with most Kubernetes, {osp}, and Istio vulnerabilities (deprecated) in your environment by using the vulnerability management dashboard.
 
 .Procedure
 
+. In the {product-title-short} portal, click *Vulnerability Management*-> *Dashboard*. The *Clusters with most orchestrator and Istio vulnerabilities*  widget shows a list of clusters, ranked by the number of Kubernetes, {osp}, and Istio vulnerabilities (deprecated) in each cluster.
+The cluster on top of the list is the cluster with the highest number of vulnerabilities.
 . Click on one of the clusters from the list to view details about the cluster.
 The *Cluster* view includes:
 ** *Cluster Summary* section, which shows cluster details and metadata, top risky objects (deployments, namespaces, and images), recently detected vulnerabilities, riskiest images, and deployments with the most severe policy violations.

diff --git a/modules/find-critical-cves-impacting-your-infrastructure.adoc b/modules/find-critical-cves-impacting-your-infrastructure.adoc
diff --git a/modules/find-the-most-vulnerable-image-components.adoc b/modules/find-the-most-vulnerable-image-components.adoc
@@ -1,15 +1,16 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/vulnerability-management-dashboard.adoc
 :_mod-docs-content-type: PROCEDURE
+
 [id="find-the-most-vulnerable-image-components_{context}"]
-= Finding the most vulnerable image components
+= Finding the most vulnerable image components by using the dashboard
 
 [role="_abstract"]
 Use the *Vulnerability Management* view for identifying highly vulnerable image components.
 
 .Procedure
 
-. Go to the {product-title-short} portal and click *Vulnerability Management* from the navigation menu.
-. From the *Vulnerability Management* view header, select *Application & Infrastructure* -> *Components*.
-. In the *Components* view, select the *CVEs* column header to arrange the components in descending order (highest first) based on the CVEs count.
+. Go to the {product-title-short} portal and click *Vulnerability Management* -> *Dashboard* from the navigation menu.
+. From the *Vulnerability Management* view header, select *Application & Infrastructure* -> *Image Components*.
+. In the *Image Components* view, select the *Image CVEs* column header to arrange the components in descending order (highest first) based on the CVEs count.
diff --git a/modules/identify-container-image-layer-that-introduces-vulnerabilities.adoc b/modules/identify-container-image-layer-that-introduces-vulnerabilities.adoc
@@ -1,19 +1,17 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
-// * operating/examine-images-for-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/vulnerability-management-dashboard.adoc
+
 :_mod-docs-content-type: PROCEDURE
 [id="identify-container-image-layer-that-introduces-vulnerabilities_{context}"]
-= Identifying the container image layer that introduces vulnerabilities
+= Identifying the container image layer that introduces vulnerabilities by using the dashboard
 
 [role="_abstract"]
-Use the *Vulnerability Management* view to identify vulnerable components and the image layer they appear in.
+You can use the *Vulnerability Management* dashboard to identify vulnerable components and the image layer they appear in.
 
 .Procedure
 
-. Go to the {product-title-short} portal and click *Vulnerability Management* from the navigation menu.
-. Select an image from either the *Top Riskiest Images* widget or click the *Images* button at the top of the Dashboard and select an image.
+. Go to the {product-title-short} portal and click *Vulnerability Management* -> *Dashboard* from the navigation menu.
+. Select an image from either the *Top Riskiest Images* widget or click the *Images* button at the top of the dashboard and select an image.
 . In the *Image* details view, next to *Dockerfile*, select the expand icon to see a summary of image components.
 . Select the expand icon for specific components to get more details about the CVEs affecting the selected component.
-
-You can also view this information by navigating to *Vulnerability Management (2.0)* -> *Workload CVEs*. See "Viewing workload CVEs in Vulnerability Management (2.0)" in the "Additional Resources" section for more information.
diff --git a/modules/identify-deployments-with-most-severe-policy-violations.adoc b/modules/identify-deployments-with-most-severe-policy-violations.adoc
diff --git a/modules/identify-dockerfile-line-component-cve.adoc b/modules/identify-dockerfile-line-component-cve.adoc
@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
-// * operating/examine-images-for-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/common-vuln-management-tasks.adoc
+
 :_mod-docs-content-type: PROCEDURE
 [id="identify-dockerfile-line-component-cve_{context}"]
 = Identifying Dockerfile lines in images that introduced components with CVEs
@@ -13,12 +13,12 @@ You can identify specific Dockerfile lines in an image that introduced component
 
 To view a problematic line:
 
-. Go to the {product-title-short} portal and click *Vulnerability Management* from the navigation menu.
-. Select an image from either the *Top Riskiest Images* widget or click the *Images* button at the top of the Dashboard and select an image.
-. In the *Image* details view, under *Image Findings*, CVEs are listed in the *Observed CVEs*, *Deferred CVEs*, and *False positive CVEs* tabs.
-. Locate the CVE you want to examine further. In the *Affected Components* column, click on the *<number> Components* link to view a list of components affected by the CVE. You can perform the following actions in this window:
-* Click the expand icon next to a specific component to view the Dockerfile line in the image that introduced the CVE. To address the CVE, you need to change this line in the Dockerfile; for example, you can upgrade the component.
-* Click the name of the component to go to the *Component Summary* page and view more information about the component.
+. In the {product-title-short} portal, click *Vulnerability Management* -> *Workload CVEs*.
+. Click the tab to view the type of CVEs. The following tabs are available:
+* *Observed*
+* *Deferred*
+* *False positives*
+. In the list of CVEs, click the CVE name to open the page containing the CVE details. The *Affected components* column lists the components that include the CVE.
+. Expand the CVE to display additional information, including the Dockerfile line that introduced the component.
 
-You can also view this information by navigating to *Vulnerability Management (2.0)* -> *Workload CVEs*. See "Viewing workload CVEs in Vulnerability Management (2.0)" in the "Additional Resources" section for more information.
 
diff --git a/modules/identify-operating-system-of-the-base-image.adoc b/modules/identify-operating-system-of-the-base-image.adoc
@@ -1,17 +1,17 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
-// * operating/examine-images-for-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/vulnerability-management-dashboard.adoc
+
 :_mod-docs-content-type: PROCEDURE
 [id="identify-operating-system-of-the-base-image_{context}"]
-= Identifying the operating system of the base image
+= Identifying the operating system of the base image by using the dashboard
 
 [role="_abstract"]
 Use the *Vulnerability Management* view to identify the operating system of the base image.
 
 .Procedure
 
-. Go to the {product-title-short} portal and click *Vulnerability Management* from the navigation menu.
+. Go to the {product-title-short} portal and click *Vulnerability Management* -> *Dashboard* from the navigation menu.
 . From the *Vulnerability Management* view header, select *Images*.
 . View the base operating system (OS) and OS version for all images under the *Image OS* column.
 //TODO: Add link to local page filtering
@@ -27,5 +27,3 @@ The base operating system is also available under the *Image Summary* -> *Detail
 
 Docker Trusted Registry, Google Container Registry, and Anchore do not provide this information.
 ====
-
-You can also view this information by navigating to *Vulnerability Management (2.0)* -> *Workload CVEs*. See "Viewing workload CVEs in Vulnerability Management (2.0)" in the "Additional Resources" section for more information.
diff --git a/modules/identify-top-risky-objects.adoc b/modules/identify-top-risky-objects.adoc
@@ -1,17 +1,18 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/vulnerability-management-dashboard.adoc
+
 :_mod-docs-content-type: PROCEDURE
 [id="top-risky-objects_{context}"]
-= Identifying top risky objects
+= Identifying top risky objects by using the dashboard
 
 Use the *Vulnerability Management* view for identifying the top risky objects in your environment.
 The *Top Risky* widget displays information about the top risky images, deployments, clusters, and namespaces in your environment.
 The risk is determined based on the number of vulnerabilities and their CVSS scores.
 
 .Procedure
 
-. Go to the {product-title-short} portal and click *Vulnerability Management* from the navigation menu.
+. Go to the {product-title-short} portal and click *Vulnerability Management* -> *Dashboard* from the navigation menu.
 . Select the *Top Risky* widget header to choose between riskiest images, deployments, clusters, and namespaces.
 +
 The small circles on the chart represent the chosen object (image, deployment, cluster, namespace).

diff --git a/modules/identify-vulnerabilities-in-nodes-vm20.adoc b/modules/identify-vulnerabilities-in-nodes-vm20.adoc
@@ -0,0 +1,65 @@
+// Module included in the following assemblies:
+//
+// * operating/manage-vulnerabilities/common-vuln-management-tasks.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="identify-vulnerabilities-in-nodes-vm20_{context}"]
+= Viewing Node CVEs
+
+You can identify vulnerabilities in your nodes by using {product-title-short}. The vulnerabilities that are identified include the following:
+
+* Vulnerabilities in core Kubernetes components
+* Vulnerabilities in container runtimes such as Docker, CRI-O, runC, and containerd
+
+For more information about operating systems that {product-title-short} can scan, see "Supported operating systems".
+
+.Procedure
+. In the {product-title-short} portal, click *Vulnerability Management* -> *Node CVEs*.
+. To view the data, do any of the following tasks:
+* To view a list of all the CVEs affecting all of your nodes, select *<number> CVEs*.
+* To view a list of nodes that contain CVEs, select *<number> Nodes*.
+. Optional: You can filter CVEs according to entity by using the appropriate filters and attributes. To add more filtering criteria, follow these steps:
+.. Select the entity or attribute from the list.
+.. Depending on your choices, enter the appropriate information such as text, or select a date or object.
+.. Click the right arrow icon.
+.. Optional: Select additional entities and attributes, and then click the right arrow icon to add them.
+The filter entities and attributes are listed in the following table.
++
+.CVE filtering
+[cols="2",options="header"]
+|===
+|Entity|Attributes
+
+|Node
+a|
+* *Name*: The name of the node.
+* *Operating system*: The operating system of the node, for example, {op-system-base-full}.
+* *Label*: The label of the node.
+* *Annotation*: The annotation for the node.
+* *Scan time*: The scan date of the node.
+|CVE
+a|
+* *Name*: The name of the CVE.
+* *Discovered time*: The date when the CVE was discovered by {product-title-short}.
+* *CVSS*: The severity level for the CVE. You can select from the following options for the severity level:
+** *is greater than*
+** *is greater than or equal to*
+** *is equal to*
+** *is less than or equal to*
+** *is less than*
+|Node Component
+a|
+* *Name*: The name of the component.
+* *Version*: The version of the component, for example, `4.15.0-2024`. You can use this to search for a specific version of a component, for example, in conjunction with a component name.
+|Cluster
+a|
+* *Name*: The name of the cluster.
+* *Label*: The label for the cluster.
+* *Type*: The type of cluster, for example, OCP.
+* *Platform type*: The type of platform, for example, OpenShift 4 cluster.
+|===
+. Optional: To refine the list of results, do any of the following tasks:
+* Click *CVE severity*, and then select one or more levels.
+* Click *CVE status*, and then select *Fixable* or *Not fixable*.
+. Optional: To view the details of the node and information about the CVEs according to the CVSS score and fixable CVEs for that node, click a node name in the list of nodes.
+
diff --git a/modules/identify-vulnerabilities-in-nodes.adoc b/modules/identify-vulnerabilities-in-nodes.adoc
@@ -1,31 +1,17 @@
 // Module included in the following assemblies:
 //
-// * operating/manage-vulnerabilities.adoc
+// * operating/manage-vulnerabilities/vulnerability-management-dashboard.adoc
+
 :_mod-docs-content-type: PROCEDURE
 [id="identify-vulnerabilities-in-nodes_{context}"]
-= Identifying vulnerabilities in nodes
+= Identifying vulnerabilities in nodes by using the dashboard
 
 You can use the *Vulnerability Management* view to identify vulnerabilities in your nodes.
-The identified vulnerabilities include vulnerabilities in:
-
-* Core Kubernetes components.
-* Container runtimes (Docker, CRI-O, runC, and containerd).
-+
-[NOTE]
-====
-* {product-title} can identify vulnerabilities in the following operating systems:
-** Amazon Linux 2
-** CentOS
-** Debian
-** Garden Linux (Debian 11)
-** {op-system-first}
-** {op-system-base-full}
-** Ubuntu (AWS, Microsoft Azure, GCP, and GKE specific versions)
-====
+The identified vulnerabilities include vulnerabilities in core Kubernetes components and container runtimes such as Docker, CRI-O, runC, and containerd. For more information on operating systems that {product-title-short} can scan, see "Supported operating systems".
 
 .Procedure
 . In the {product-title-short} portal, go to *Vulnerability Management* -> *Dashboard*.
-. Select *Nodes* on the *Dashboard* view header to view a list of all the CVEs affecting your nodes.
+. Select *Nodes* on the header to view a list of all the CVEs affecting your nodes.
 . Select a node from the list to view details of all CVEs affecting that node.
 .. When you select a node, the *Node* details panel opens for the selected node.
 The *Node* view shows in-depth details of the node and includes information about CVEs by CVSS score and fixable CVEs for that node.