Merge pull request #94221 from agantony/ROX29347-rhacs-docs-main

agantony · web-flow · commit 4194ce5271de · 2025-06-19T14:13:33.000+05:30
[RHACS] [Docs] ROX-29347: Adding docs to report CVE and RHSA data
diff --git a/modules/scan-inactive-images.adoc b/modules/scan-inactive-images.adoc
@@ -15,6 +15,36 @@ You can also configure {product-title-short} to scan inactive (not deployed) ima
 
 . In the {product-title-short} portal, click *Vulnerability Management* -> *Results*.
 . Click *More Views* -> *Inactive images*.
+. Optional: Choose the appropriate method to view the component and advisory data associated with a CVE:
+** To view the component and advisory data associated with a CVE from the list of CVEs, complete the following steps:
+... Click the *<number> CVEs* tab.
+... In the list of CVEs, click a CVE to do any of the following tasks:
+**** To view the component and advisory data associated with an image:
+..... Click the *<number> Images* tab.
+..... Expand the image.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+**** To view the component and advisory data associated with a deployment:
+..... Click the *<number> Deployments* tab.
+..... Expand the deployment.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+** To view the component and advisory data associated with a CVE from the list of images, complete the following steps:
+... Click the *<number> Images* tab.
+... In the list of images, click an image.
+... To view the component and advisory data associated with a CVE, expand the CVE.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+** To view the component and advisory data associated with a CVE from the list of deployments, complete the following steps:
+... Click the *<number> Deployments* tab.
+... In the list of deployments, click a deployment.
+... To view the component and advisory data associated with a CVE, expand the CVE.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
 . Click *Manage watched images*.
 . In the *Image name* field, enter the fully-qualified image name that begins with the registry and ends with the image tag, for example, `docker.io/library/nginx:latest`.
 . Click *Add image to watch list*.
diff --git a/modules/understanding-vulnerability-scores.adoc b/modules/understanding-vulnerability-scores.adoc
@@ -22,6 +22,4 @@ CVSS v3 scores are only available if you are using the StackRox Scanner version
 For example, `6.5`.
 
 You can use the API to get the CVSS scores.
-If CVSS v3 information is available for a vulnerability, the response might include both CVSS v3 and CVSS v2 information.
-
-For a Red{nbsp}Hat Security Advisory (RHSA), the CVSS score is set to the highest CVSS score among all the related CVEs. One RHSA can contain multiple CVEs, and Red{nbsp}Hat sometimes assigns a different score based on how a vulnerability affects other Red{nbsp}Hat products.
+If CVSS v3 information is available for a vulnerability, the response might include both CVSS v3 and CVSS v2 information.
diff --git a/modules/vulnerability-management-more-views-all-vuln-images.adoc b/modules/vulnerability-management-more-views-all-vuln-images.adoc
@@ -23,6 +23,36 @@ You can view a list of vulnerabilities for user workloads, platform vulnerabilit
 * *<number> CVEs*: Displays vulnerabilities organized by CVE
 * *<number> Images*: Displays images that contain discovered vulnerabilities.
 * *<number> Deployments*: Displays deployments that contain discovered vulnerabilities.
+. Optional: Choose the appropriate method to view the component and advisory data associated with a CVE:
+** To view the component and advisory data associated with a CVE from the list of CVEs, complete the following steps:
+... Click the *<number> CVEs* tab.
+... In the list of CVEs, click a CVE to do any of the following tasks:
+**** To view the component and advisory data associated with an image:
+..... Click the *<number> Images* tab.
+..... Expand the image.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+**** To view the component and advisory data associated with a deployment:
+..... Click the *<number> Deployments* tab.
+..... Expand the deployment.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+** To view the component and advisory data associated with a CVE from the list of images, complete the following steps:
+... Click the *<number> Images* tab.
+... In the list of images, click an image.
+... To view the component and advisory data associated with a CVE, expand the CVE.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+** To view the component and advisory data associated with a CVE from the list of deployments, complete the following steps:
+... Click the *<number> Deployments* tab.
+... In the list of deployments, click a deployment.
+... To view the component and advisory data associated with a CVE, expand the CVE.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
 . Optional: Choose the appropriate method to re-organize the information in the *User Workloads* tab:
 ** To sort the table in ascending or descending order, select a column heading.
 ** To filter the table, use the filter bar.
diff --git a/modules/vulnerability-management20-creating-report.adoc b/modules/vulnerability-management20-creating-report.adoc
@@ -29,7 +29,16 @@ The following values are associated with image types:
 *** *Deployed images*
 *** *Watched images*
 ** *CVEs discovered since*: Select the time period for which you want to include the CVEs in the report configuration.
-** Optional: Select the *Include NVD CVSS* checkbox, if you want to include the NVD CVSS column in the report configuration.
+** Optional: Choose the appropriate column that you want to include in the vulnerability report:
++
+[NOTE]
+====
+You can select one or more columns to include in the report configuration.
+====
++
+*** Select the *Include NVD CVSS* checkbox, if you want to include the NVD CVSS column in the report configuration.
+*** Select the *Include EPSS probability* checkbox, if you want to include the EPSS probability column in the report configuration.
+*** Select the *Include advisory name and link* checkbox, if you want to include the advisory name and link column in the report configuration.
 ** *Configure collection included*: To configure at least one collection, do any of the following tasks:
 *** Select an existing collection that you want to include. 
 +
diff --git a/modules/vulnerability-management20-view-platform-cve.adoc b/modules/vulnerability-management20-view-platform-cve.adoc
@@ -99,6 +99,36 @@ a|
 * *<number> CVEs*: Displays vulnerabilities organized by CVE
 * *<number> Images*: Displays images that contain discovered vulnerabilities.
 * *<number> Deployments*: Displays deployments that contain discovered vulnerabilities.
+. Optional: Choose the appropriate method to view the component and advisory data associated with a CVE:
+** To view the component and advisory data associated with a CVE from the list of CVEs, complete the following steps:
+... Click the *<number> CVEs* tab.
+... In the list of CVEs, click a CVE to do any of the following tasks:
+**** To view the component and advisory data associated with an image:
+..... Click the *<number> Images* tab.
+..... Expand the image.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+**** To view the component and advisory data associated with a deployment:
+..... Click the *<number> Deployments* tab.
+..... Expand the deployment.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+** To view the component and advisory data associated with a CVE from the list of images, complete the following steps:
+... Click the *<number> Images* tab.
+... In the list of images, click an image.
+... To view the component and advisory data associated with a CVE, expand the CVE.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+** To view the component and advisory data associated with a CVE from the list of deployments, complete the following steps:
+... Click the *<number> Deployments* tab.
+... In the list of deployments, click a deployment.
+... To view the component and advisory data associated with a CVE, expand the CVE.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
 . Optional: Choose the appropriate method to re-organize the information in the *User Workloads* tab:
 ** To sort the table in ascending or descending order, select a column heading.
 ** To select the categories that you want to display in the table, perform the following steps:
diff --git a/modules/vulnerability-management20-view-workload-cve.adoc b/modules/vulnerability-management20-view-workload-cve.adoc
@@ -101,6 +101,36 @@ a|
 * *<number> CVEs*: Displays vulnerabilities organized by CVE
 * *<number> Images*: Displays images that contain discovered vulnerabilities.
 * *<number> Deployments*: Displays deployments that contain discovered vulnerabilities.
+. Optional: Choose the appropriate method to view the component and advisory data associated with a CVE:
+** To view the component and advisory data associated with a CVE from the list of CVEs, complete the following steps:
+... Click the *<number> CVEs* tab.
+... In the list of CVEs, click a CVE to do any of the following tasks:
+**** To view the component and advisory data associated with an image:
+..... Click the *<number> Images* tab.
+..... Expand the image.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+**** To view the component and advisory data associated with a deployment:
+..... Click the *<number> Deployments* tab.
+..... Expand the deployment.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+** To view the component and advisory data associated with a CVE from the list of images, complete the following steps:
+... Click the *<number> Images* tab.
+... In the list of images, click an image.
+... To view the component and advisory data associated with a CVE, expand the CVE.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
+** To view the component and advisory data associated with a CVE from the list of deployments, complete the following steps:
+... Click the *<number> Deployments* tab.
+... In the list of deployments, click a deployment.
+... To view the component and advisory data associated with a CVE, expand the CVE.
++
+You can find the component data in the *Component* column, and
+you can find the advisory data in the *Advisory* column.
 . Optional: Choose the appropriate method to re-organize the information in the *User Workloads* tab:
 ** To sort the table in ascending or descending order, select a column heading.
 ** To select the categories that you want to display in the table, perform the following steps:
