Skip to content
Snippets Groups Projects
Commit a991081e authored by Russell Dickenson's avatar Russell Dickenson
Browse files

Merge branch 'schwartz-vulnerability-vs-finding-terminology' into 'master' 

Update terms for clarity

See merge request gitlab-org/gitlab!60863
parents f07f3af5 12e4b788
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
doc/user/application_security/terminology/index.md
+ 4
0
View file @ a991081e
@@ -78,6 +78,8 @@ An asset that has the potential to be vulnerable, identified in a project by an
include but are not restricted to source code, binary packages, containers, dependencies, networks,
applications, and infrastructure.
 
Findings are all potential vulnerability items scanners identify in MRs/feature branches. Only after merging to default does a finding become a [vulnerability](#vulnerability).
### Insignificant finding
 
A legitimate finding that a particular customer doesn't care about.
@@ -153,6 +155,8 @@ A flaw that has a negative impact on the security of its environment. Vulnerabil
error or weakness, and don't describe where the error is located (see [finding](#finding)).
Each vulnerability maps to a unique finding.
 
Vulnerabilities exist in the default branch. Findings (see [finding](#finding)) are all potential vulnerability items scanners identify in MRs/feature branches. Only after merging to default does a finding become a vulnerability.
### Vulnerability finding
 
When a [report finding](#report-finding) is stored to the database, it becomes a vulnerability
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment