From c735ab28a93ed4fb05fe8fdbf3b933fe728ffe9c Mon Sep 17 00:00:00 2001 From: Kerry Carmichael Date: Thu, 25 Jul 2024 12:31:07 -0400 Subject: [PATCH] add missed peer review comments for VM PR --- modules/identify-vulnerabilities-in-nodes-vm20.adoc | 4 ++-- ...ty-management-accept-deferrals-false-positives.adoc | 2 ++ modules/vulnerability-management-review-deferred.adoc | 6 +++--- modules/vulnerability-management20-view-cve.adoc | 4 ++-- .../vulnerability-management20-view-platform-cve.adoc | 10 +++++----- .../common-vuln-management-tasks.adoc | 6 +++--- 6 files changed, 17 insertions(+), 15 deletions(-) diff --git a/modules/identify-vulnerabilities-in-nodes-vm20.adoc b/modules/identify-vulnerabilities-in-nodes-vm20.adoc index b6c96779463d..78cc78a888c3 100644 --- a/modules/identify-vulnerabilities-in-nodes-vm20.adoc +++ b/modules/identify-vulnerabilities-in-nodes-vm20.adoc @@ -18,7 +18,7 @@ For more information about operating systems that {product-title-short} can scan . To view the data, do any of the following tasks: * To view a list of all the CVEs affecting all of your nodes, select * CVEs*. * To view a list of nodes that contain CVEs, select * Nodes*. -. Optional: You can filter CVEs according to entity by using the appropriate filters and attributes. To add more filtering criteria, follow these steps: +. Optional: To filter CVEs according to entity, select the appropriate filters and attributes. To add more filtering criteria, follow these steps: .. Select the entity or attribute from the list. .. Depending on your choices, enter the appropriate information such as text, or select a date or object. .. Click the right arrow icon. @@ -40,7 +40,7 @@ a| |CVE a| * *Name*: The name of the CVE. -* *Discovered time*: The date when the CVE was discovered by {product-title-short}. +* *Discovered time*: The date when {product-title-short} discovered the CVE. * *CVSS*: The severity level for the CVE. You can select from the following options for the severity level: ** *is greater than* ** *is greater than or equal to* diff --git a/modules/vulnerability-management-accept-deferrals-false-positives.adoc b/modules/vulnerability-management-accept-deferrals-false-positives.adoc index 6d6ff99c24a4..342e3222ec38 100644 --- a/modules/vulnerability-management-accept-deferrals-false-positives.adoc +++ b/modules/vulnerability-management-accept-deferrals-false-positives.adoc @@ -28,3 +28,5 @@ Enter a rationale for the approval, and click *Approve*. . To update the deferral time period or rationale for a request that you have created, click *Update request*. You can only update requests that you have created. + After you make changes, click *Submit request*. ++ +You receive a confirmation that you have submitted a request. diff --git a/modules/vulnerability-management-review-deferred.adoc b/modules/vulnerability-management-review-deferred.adoc index 7da290d1ef7a..463cb1dfd230 100644 --- a/modules/vulnerability-management-review-deferred.adoc +++ b/modules/vulnerability-management-review-deferred.adoc @@ -7,10 +7,10 @@ = Viewing deferred and false positive CVEs [role="_abstract"] -You can use the *Workload CVEs* page to view CVEs that have been deferred or marked as false positives. +You can view the CVEs that have been deferred or marked as false positives by using the *Workload CVEs* page. .Procedure -. To see CVEs that have been deferred or marked as false positives, click *Vulnerability Management* -> *Workload CVEs*. Complete any of the following actions: +. To see CVEs that have been deferred or marked as false positives, with the exceptions approved by an approver, click *Vulnerability Management* -> *Workload CVEs*. Complete any of the following actions: * To see CVEs that have been deferred, click the *Deferred* tab. * To see CVEs that have been marked as false positives, click the *False positives* tab. + @@ -18,4 +18,4 @@ You can use the *Workload CVEs* page to view CVEs that have been deferred or mar ==== To approve, deny, or change deferred or false positive CVEs, click *Vulnerability Management* -> *Exception Management*. ==== -. Optional: To view additional information about the deferral or false positive, click *View* under *Request details*. The *Exception Management* page is displayed. +. Optional: To view additional information about the deferral or false positive, click *View* in the *Request details* column. The *Exception Management* page is displayed. diff --git a/modules/vulnerability-management20-view-cve.adoc b/modules/vulnerability-management20-view-cve.adoc index 524cd6118cd9..5f57d80ec0bb 100644 --- a/modules/vulnerability-management20-view-cve.adoc +++ b/modules/vulnerability-management20-view-cve.adoc @@ -23,7 +23,7 @@ The *Vulnerability Management* -> *Workload CVEs* page provides information abou ==== An image that actually contains vulnerabilities can appear in this list inadvertently. For example, if Scanner was able to scan the image and it is known to {product-title-short}, but the scan was not successfully completed, vulnerabilities cannot be detected. This scenario occurs if an image has an operating system that is not supported by the {product-title-short} scanner. Scan errors are displayed when you hover over an image in the image list or click the image name for more information. ==== -. You can filter CVEs by entity by selecting the appropriate filters and attributes. +. To filter CVEs by entity, select the appropriate filters and attributes. + To select multiple entities and attributes, click the right arrow icon to add another criteria. Depending on your choices, enter the appropriate information such as text, or select a date or object. + @@ -44,7 +44,7 @@ a| |CVE a| * *Name*: The name of the CVE. -* *Discovered time*: The date when the CVE was discovered by {product-title-short}. +* *Discovered time*: The date when {product-title-short} discovered the CVE. * *CVSS*: The severity level for the CVE. You can select from the following options for the severity level: ** *is greater than* ** *is greater than or equal to* diff --git a/modules/vulnerability-management20-view-platform-cve.adoc b/modules/vulnerability-management20-view-platform-cve.adoc index 6f89acdda7f3..15eac9ff5a05 100644 --- a/modules/vulnerability-management20-view-platform-cve.adoc +++ b/modules/vulnerability-management20-view-platform-cve.adoc @@ -22,15 +22,15 @@ The platform CVEs page provides information about vulnerabilities in clusters in |Cluster a| -* *Name*: Name of the cluster. -* *Label*: Label for the cluster. +* *Name*: The name of the cluster. +* *Label*: The label for the cluster. * *Type*: The cluster type, for example, OCP. * *Platform type*: The platform type, for example, OpenShift 4 cluster. |CVE a| -* *Name*: CVE name -* *Discovered time*: Date when the CVE was discovered by {product-title-short} -* *CVSS*: Choose the values for the severity level: +* *Name*: The name of the CVE. +* *Discovered time*: The date when {product-title-short} discovered the CVE. +* *CVSS*: The severity level for the CVE. You can select from the following options for the severity level: ** *is greater than* ** *is greater than or equal to* ** *is equal to* diff --git a/operating/manage-vulnerabilities/common-vuln-management-tasks.adoc b/operating/manage-vulnerabilities/common-vuln-management-tasks.adoc index 1db1d83f35bb..87fed428b696 100644 --- a/operating/manage-vulnerabilities/common-vuln-management-tasks.adoc +++ b/operating/manage-vulnerabilities/common-vuln-management-tasks.adoc @@ -34,14 +34,14 @@ include::modules/vulnerability-management20-view-platform-cve.adoc[leveloffset=+ You can exclude or ignore CVEs in {product-title-short} by snoozing node and platform CVEs and deferring or marking node, platform, and image CVEs as false positives. You might want to exclude CVEs if you know that the CVE is a false positive or you have already taken steps to mitigate the CVE. Snoozed CVEs do not appear in vulnerability reports or trigger policy violations. -You can snooze a CVE to globally ignore it for a specified period of time. Snoozing a CVE does not require approval. +You can snooze a CVE to ignore it globally for a specified period of time. Snoozing a CVE does not require approval. [NOTE] ==== -Snoozing node and platform CVEs requires enabling the ROX_VULN_MGMT_LEGACY_SNOOZE environment variable. +Snoozing node and platform CVEs requires that the `ROX_VULN_MGMT_LEGACY_SNOOZE` environment variable is set to `true`. ==== -Deferring or marking a CVE as a false positive is done through the exception management workflow. This workflow provides the ability to view pending, approved, and denied deferral and false positive requests. You can scope the CVE exception to a single image, all tags for a single image, or globally across all images. +Deferring or marking a CVE as a false positive is done through the exception management workflow. This workflow provides the ability to view pending, approved, and denied deferral and false positive requests. You can scope the CVE exception to a single image, all tags for a single image, or globally for all images. When approving or denying a request, you must add a comment. A CVE remains in the observed status until the exception request is approved. A pending request for deferral that is denied by another user is still visible in reports, policy violations, and other places in the system, but is indicated by a *Pending exception* label next to the CVE when visiting *Vulnerability Management* -> *Workload CVEs*.