Merge pull request #89484 from openshift-cherrypick-robot/cherry-pick-88841-to-rhacs-docs-4.7

[rhacs-docs-4.7] ROX:27773: Update docs for Vuln Mgt changes

Author: kcarmichael08

modules/analyze-images-and-deployments-with-observed-cves.adoc

@@ -2,18 +2,94 @@
 //
 // * operating/manage-vulnerabilities/common-vuln-management-tasks.adoc
 
-:_mod-docs-content-type: CONCEPT
+:_mod-docs-content-type: PROCEDURE
 [id="analyze-images-and-deployments-without-observed-cves_{context}"]
 = Analyze images and deployments without observed CVEs
 
-When you select *Images without vulnerabilities*, the *Workload CVEs* page shows the images that meet at least one of the following conditions:
+When you view the list of images without vulnerabilities, {product-title-short} shows the images that meet at least one of the following conditions:
 
 ** Images that do not have CVEs
 ** Images that report a scanner error that may result in a false negative of no CVEs
 
 [NOTE]
 ====
-An image that actually contains vulnerabilities can appear in this list inadvertently. For example, if Scanner was able to scan the image and it is known to {rh-rhacs-first}, but the scan was not successfully completed, {product-title-short} cannot detect vulnerabilities. 
+An image that actually contains vulnerabilities can appear in this list inadvertently. For example, if Scanner was able to scan the image and it is known to {rh-rhacs-first}, but the scan was not successfully completed, {product-title-short} cannot detect vulnerabilities.
 
 This scenario occurs if an image has an operating system that {product-title-short} Scanner does not support. {product-title-short} displays scan errors when you hover over an image in the image list or click the image name for more information.
-====
+====
+
+.Procedure
+
+. In the {product-title-short} portal, go to *Vulnerability Management* -> *Results*.
+. Click *More Views* and select *Images without CVEs*.
+. To filter the list of results by entity, for example, to search for a specific image, select the appropriate filters and attributes.
++
+To select multiple entities and attributes, click the right arrow icon to add another criteria. Depending on your choices, enter the appropriate information such as text, or select a date or object.
++
+The filter entities and attributes are listed in the following table.
++
+[NOTE]
+====
+The *Filtered view* icon indicates that the displayed results were filtered based on the criteria that you selected. You can click *Clear filters* to remove all filters, or remove individual filters by clicking on them.
+====
++
+.Filter options
+[cols="2",options="header"]
+|===
+|Entity|Attributes
+
+|Image
+a|
+* *Name*: The name of the image.
+* *Operating system*: The operating system of the image.
+* *Tag*: The tag for the image.
+* *Label*: The label for the image.
+* *Registry*: The registry where the image is located.
+
+|Image Component
+a|
+
+* *Name*: The name of the image component, for example, `activerecord-sql-server-adapter`
+* *Source*:
+** OS
+** Python
+** Java
+** Ruby
+** Node.js
+** Go
+** Dotnet Core Runtime
+** Infrastructure
+
+* *Version*: Version of the image component; for example, `3.4.21`. You can use this to search for a specific version of a component, for example, in conjunction with a component name.
+|Deployment
+a|
+* *Name*: Name of the deployment.
+* *Label*: Label for the deployment.
+* *Annotation*: The annotation for the deployment.
+* *Status*: Whether the deployment is inactive or active.
+|Namespace
+a|
+* *ID*: The `metadata.uid` of the namespace that is created by Kubernetes.
+* *Name*: The name of the namespace.
+* *Label*: The label for the namespace.
+* *Annotation*: The annotation for the namespace.
+|Cluster
+a|
+* *ID*: The alphanumeric ID for the cluster. This is an internal identifier that {product-title-short} assigns for tracking purposes.
+* *Name*: The name of the cluster.
+* *Label*: The label for the cluster.
+* *Type*: The cluster type, for example, OCP.
+* *Platform type*: The platform type, for example, OpenShift 4 cluster.
+|===
+. Click one of the following tabs to view the data that you want:
+* *<number> Images*: Displays images that contain discovered vulnerabilities.
+* *<number> Deployments*: Displays deployments that contain discovered vulnerabilities.
+. Optional: Choose the appropriate method to re-organize the information in the page:
+* To select the categories that you want to display in the table, perform the following steps:
+.. Click *Columns*.
+.. Choose the appropriate method to manage the columns:
+*** To view all the categories, click *Select all*.
+*** To reset to the default categories, click *Reset to default*.
+*** To view only the selected categories, select the one or more categories that you want to view, and then click *Save*.
+*** To sort the table in ascending or descending order, select a column heading.
+. In the list of results, click an image name or deployment name to view more information about the item.

modules/analyze-images-and-deployments-without-observed-cves.adoc

@@ -17,6 +17,7 @@ The CVEs view organizes information into the following groups:
 ====
 You can see the *Top NVD CVSS* column only if you have enabled Scanner V4.
 ====
+* *EPSS probability*: The likelihood that the vulnerability will be exploited according to the link:https://www.first.org/epss/model[Exploit Prediction Scoring System (EPSS)]. This EPSS data provides a percentage estimate of the probability that exploitation of this vulnerability will be observed in the next 30 days. The EPSS collects data of observed exploitation activity from partners, and exploitation activity does not mean that an attempted exploitation was successful. The EPSS score should be used as a single data point _along with other information_, such as the age of the CVE, to help you prioritize the vulnerabilities to address. For more information, see link:https://access.redhat.com/articles/7106599[{product-title-short} and EPSS].
 * *Affected images*: Displays the number of container images affected by specific CVEs to assess the scope of vulnerabilities.
 * *First discovered*: Shows the date each vulnerability was first discovered in the environment to measure the duration of its exposure.
 * *Published*: Indicates when the CVE was publicly disclosed.

modules/cves-tab.adoc

@@ -13,7 +13,8 @@ You can identify specific Dockerfile lines in an image that introduced component
 
 To view a problematic line:
 
-. In the {product-title-short} portal, click *Vulnerability Management* -> *Workload CVEs*.
+. In the {product-title-short} portal, click *Vulnerability Management* -> *Results*.
+. Click *User Workloads*.
 . Click the tab to view the type of CVEs. The following tabs are available:
 * *Observed*
 * *Deferred*

modules/identify-dockerfile-line-component-cve.adoc

@@ -11,28 +11,34 @@ By understanding the namespace conditions for platform components, you can ident
 .Namespace conditions for platform components
 [cols="1,3", options="header"]
 |===
-|Platform component            
+|Platform component
 |Namespace condition
 
-|{ocp}                 
+|{ocp}
 a| * Namespace starts with `openshift-`
 * Namespace starts with `kube-`
 
-|Layered products    
+|Layered products
 a| * namespace = `stackrox`
 * Namespace starts with `rhacs-operator`
 * Namespace starts with `open-cluster-management`
 * namespace = `multicluster-engine`
 * namespace = `aap`
 * namespace = `hive`
 
-|Third party partners  
+|Third party partners
 a| * namespace = `nvidia-gpu-operator`
 |===
 
-{rh-rhacs-first} identifies the workloads belonging to platform components by using the following regex pattern: 
+{rh-rhacs-first} identifies the workloads belonging to platform components by using the following regex pattern:
 
 [source,text]
 ----
 ^kube-.*|^openshift-.*|^stackrox$|^rhacs-operator$|^open-cluster-management$|^multicluster-engine$|^aap$|^hive$|^nvidia-gpu-operator$
-----
+----
+
+The platform definition is not yet customizable. You can see the impact of the definition in your environment by using the global search. To do a global search, follow these steps:
+
+. Click *Search*.
+. Select *Show Orchestrator Components*.
+. Apply the filter `Platform Component: true`.

modules/namespace-conditions-for-platform-components.adoc

@@ -13,7 +13,8 @@ You can also configure {product-title-short} to scan inactive (not deployed) ima
 
 .Procedure
 
-. In the {product-title-short} portal, click *Vulnerability Management* -> *Workload CVEs*.
+. In the {product-title-short} portal, click *Vulnerability Management* -> *Results*.
+. Click *More Views* -> *Inactive images*.
 . Click *Manage watched images*.
 . In the *Image name* field, enter the fully-qualified image name that begins with the registry and ends with the image tag, for example, `docker.io/library/nginx:latest`.
 . Click *Add image to watch list*.
@@ -25,4 +26,4 @@ In the {product-title-short} portal, click *Platform Configuration* -> *System C
 
 All the data related to the image removed from the watched image list continues to appear in the {product-title-short} portal for the number of days mentioned on the *System Configuration* page and is only removed after that period is over.
 ====
-. Click *Close* to return to the *Workload CVEs* page.
+. Click *Close* to return to the *Inactive images* page.

modules/prioritizing-and-managing-scanned-cves-across-images-and-deployments.adoc

@@ -4,7 +4,7 @@
 
 :_mod-docs-content-type: PROCEDURE
 [id="viewing-node-cves_{context}"]
-= Viewing Node CVEs
+= Viewing vulnerabilities in nodes
 
 You can identify vulnerabilities in your nodes by using {product-title-short}. The vulnerabilities that are identified include the following:
 
@@ -13,19 +13,21 @@ You can identify vulnerabilities in your nodes by using {product-title-short}. T
 
 For more information about operating systems that {product-title-short} can scan, see "Supported operating systems".
 
+{product-title-short} currently supports scanning nodes with the StackRox scanner and Scanner V4. Depending on which scanner is configured, different results might appear in the list of vulnerabilities. For more information, see "Understanding differences in scanning results between the StackRox Scanner and Scanner V4".
+
 .Procedure
-. In the {product-title-short} portal, click *Vulnerability Management* -> *Node CVEs*.
-. To view the data, do any of the following tasks:
-* To view a list of all the CVEs affecting all of your nodes, select *<number> CVEs*.
-* To view a list of nodes that contain CVEs, select *<number> Nodes*.
+
+. In the {product-title-short} portal, go to *Vulnerability Management* -> *Results*.
+. Select the *Nodes* tab.
+. Optional: The page defaults to a list of observed CVEs. Click *Show snoozed CVEs* to view them.
 . Optional: To filter CVEs according to entity, select the appropriate filters and attributes. To add more filtering criteria, follow these steps:
 .. Select the entity or attribute from the list.
 .. Depending on your choices, enter the appropriate information such as text, or select a date or object.
 .. Click the right arrow icon.
 .. Optional: Select additional entities and attributes, and then click the right arrow icon to add them.
 The filter entities and attributes are listed in the following table.
 +
-.CVE filtering
+.Filter options
 [cols="2",options="header"]
 |===
 |Entity|Attributes
@@ -41,7 +43,7 @@ a|
 a|
 * *Name*: The name of the CVE.
 * *Discovered time*: The date when {product-title-short} discovered the CVE.
-* *CVSS*: The severity level for the CVE. 
+* *CVSS*: The severity level for the CVE.
 +
 The following values are associated with the severity level for the CVE:
 +
@@ -56,6 +58,7 @@ a|
 * *Version*: The version of the component, for example, `4.15.0-2024`. You can use this to search for a specific version of a component, for example, in conjunction with a component name.
 |Cluster
 a|
+* *ID*: The alphanumeric ID for the cluster. This is an internal identifier that {product-title-short} assigns for tracking purposes.
 * *Name*: The name of the cluster.
 * *Label*: The label for the cluster.
 * *Type*: The type of cluster, for example, OCP.
@@ -64,4 +67,7 @@ a|
 . Optional: To refine the list of results, do any of the following tasks:
 * Click *CVE severity*, and then select one or more levels.
 * Click *CVE status*, and then select *Fixable* or *Not fixable*.
-. Optional: To view the details of the node and information about the CVEs according to the CVSS score and fixable CVEs for that node, click a node name in the list of nodes.
+. To view the data, click one of the following tabs:
+* *<number> CVEs*: Displays a list of all the CVEs affecting all of your nodes.
+* *<number> Nodes*: Displays a list of nodes that contain CVEs.
+. To view the details of the node and information about the CVEs according to the CVSS score and fixable CVEs for that node, click a node name in the list of nodes.