openshift · agantony · Nov 4, 2024 · Oct 23, 2024
diff --git a/modules/identify-vulnerabilities-in-nodes-vm20.adoc b/modules/identify-vulnerabilities-in-nodes-vm20.adoc
@@ -41,7 +41,10 @@ a|
 a|
 * *Name*: The name of the CVE.
 * *Discovered time*: The date when {product-title-short} discovered the CVE.
-* *CVSS*: The severity level for the CVE. You can select from the following options for the severity level:
+* *CVSS*: The severity level for the CVE. 
++
+The following values are associated with the severity level for the CVE:
++
 ** *is greater than*
 ** *is greater than or equal to*
 ** *is equal to*
@@ -61,5 +64,4 @@ a|
 . Optional: To refine the list of results, do any of the following tasks:
 * Click *CVE severity*, and then select one or more levels.
 * Click *CVE status*, and then select *Fixable* or *Not fixable*.
-. Optional: To view the details of the node and information about the CVEs according to the CVSS score and fixable CVEs for that node, click a node name in the list of nodes.
-
+. Optional: To view the details of the node and information about the CVEs according to the CVSS score and fixable CVEs for that node, click a node name in the list of nodes.
diff --git a/modules/vulnerability-management20-creating-report.adoc b/modules/vulnerability-management20-creating-report.adoc
@@ -12,18 +12,34 @@
 .Procedure
 . In the {product-title-short} portal, click *Vulnerability Management* -> *Vulnerability Reporting*.
 . Click *Create report*.
-. Enter a name for your report configuration in the *Report name* field.
-. Optional: Enter text describing the report configuration in the *Report description* field.
-. In the *CVE severity* field, select the severity of common vulnerabilities and exposures (CVEs) that you want to include in the report configuration.
-. Select the *CVE status*. You can select *Fixable*, *Unfixable*, or both.
-. In the *Image type* field, select whether you want to include CVEs from deployed images, watched images, or both.
-. In the *CVEs discovered since* field, select the time period for which you want CVEs to be included in the report configuration.
-. In the *Configure collection included* field, you must configure at least one collection. Complete any of the following actions:
-* Select an existing collection to include. To view the collection information, edit the collection, and get a preview of collection results, click *View*. When viewing the collection, entering text in the field searches for collections matching that text string.
-* Click *Create collection* to create a new collection.
+. In the *Configure report parameters* page, provide the following information:
+** *Report name*: Enter a name for your report configuration.
+** *Report description*: Enter a text describing the report configuration. This is optional.
+** *CVE severity*: Select the severity of common vulnerabilities and exposures (CVEs) that you want to include in the report configuration.
+** *CVE status*: Select one or more CVE statuses. 
++
+The following values are associated with the CVE status:
++
+*** *Fixable*
+*** *Unfixable*
+** *Image type*: Select one or more image types. 
++
+The following values are associated with image types:
++
+*** *Deployed images*
+*** *Watched images*
+** *CVEs discovered since*: Select the time period for which you want to include the CVEs in the report configuration.
+** Optional: Select the *Include NVD CVSS* checkbox, if you want to include the NVD CVSS column in the report configuration.
+** *Configure collection included*: To configure at least one collection, do any of the following tasks:
+*** Select an existing collection that you want to include. 
++
+To view the collection information, edit the collection, and get a preview of collection results, click *View*. 
++
+When viewing the collection, entering text in the field searches for collections matching that text string.
+*** To create a new collection, click *Create collection*.
 +
 [NOTE]
 ====
-For more information about collections, see "Creating and using deployment collections" in the "Additional resources" section.
+For more information about collections, see "Creating and using deployment collections".
 ====
-. Click *Next* to configure the delivery destinations and optionally set up a schedule for delivery.
+. To configure the delivery destinations and optionally set up a schedule for delivery, click *Next*.
diff --git a/modules/vulnerability-management20-view-cve.adoc b/modules/vulnerability-management20-view-cve.adoc
@@ -45,12 +45,18 @@ a|
 a|
 * *Name*: The name of the CVE.
 * *Discovered time*: The date when {product-title-short} discovered the CVE.
-* *CVSS*: The severity level for the CVE. You can select from the following options for the severity level:
+* *CVSS*: The severity level for the CVE.
++
+The following values are associated with the severity level for the CVE:
++
 ** *is greater than*
 ** *is greater than or equal to*
 ** *is equal to*
 ** *is less than or equal to*
 ** *is less than*
+* *NVD CVSS*: The National Vulnerability Database (NVD) provides a CVSS score between `0` to `10` for a CVE based on the severity of the vulnerability.
++
+For more information, see link:https://nvd.nist.gov/vuln-metrics/cvss[Vulnerability Metrics].
 |Image Component
 a|