Merge branch '259255-create-activity-filter' into 'master'

Documentation updates for new Activity filter on Vulnerability Reports

See merge request gitlab-org/gitlab!53787

doc/user/application_security/vulnerability_report/index.md

@@ -12,7 +12,7 @@ Each vulnerability report contains vulnerabilities from the scans of the most re
 The vulnerability reports display the total number of vulnerabilities by severity (for example,
 Critical, High, Medium, Low, Info, Unknown). Below this, a table shows each vulnerability's detected date, status, severity, description, identifier, the scanner where it was detected, and activity (including related issues or available solutions). By default, the vulnerability report is filtered to display all detected and confirmed vulnerabilities.
 
-![Vulnerability Report](img/group_vulnerability_report_v13_7.png)
+![Vulnerability Report](img/group_vulnerability_report_v13_9.png)
 
 You can filter which vulnerabilities display by:
 
@@ -22,6 +22,17 @@ You can filter which vulnerabilities display by:
 | Severity | Critical, High, Medium, Low, Info, Unknown |
 | Scanner | [Available Scanners](../index.md#security-scanning-tools) |
 | Project | Projects configured in the Security Center settings, or all projects in the group for the group level report. This filter is not displayed on the project level vulnerability report |
+| Activity | Vulnerabilities with issues and vulnerabilities that are no longer detected in the default branch |
+
+The Activity filter behaves differently from the other Vulnerability Report filters. The other filter options all OR together to show results from any vulnerability matching one of the filter criteria. With the Activity filter, the selected values form mutually exclusive sets to allow for precisely locating the desired vulnerability records. Additionally, not all options can be selected in combination. Selection behavior when using the Activity filter:
+
+| Activity Selection | Results Displayed |
+| --- | --- |
+|  All | Vulnerabilities with any Activity status (same as ignoring this filter). Selecting this will deselect any other Activity filter options. |
+|  No activity | Only vulnerabilities without either an associated Issue or that are no longer detected. Selecting this will deselect any other Activity filter options. |
+|  With issues | Only vulnerabilities with one or more associated issues. Does not include vulnerabilities that also are no longer detected. |
+|  No longer detected | Only vulnerabilities that are no longer detected in the latest pipeline scan of the `default` branch. Does not include vulnerabilities with one or more associated issues. |
+|  With issues and No longer detected | Only vulnerabilities that have one or more associated issues and also are no longer detected in the latest pipeline scan of the `default` branch. |
 
 Clicking any vulnerability in the table takes you to its
 [vulnerability details](../vulnerabilities) page to see more information on that vulnerability.
@@ -35,7 +46,7 @@ After you create the issue, the linked issue icon in the vulnerability list:
 - Indicates that an issue has been created for that vulnerability.
 - Shows a tooltip that contains a link to the issue.
 
-![Display attached issues](img/vulnerability_list_table_v13_4.png)
+![Display attached issues](img/vulnerability_list_table_v13_9.png)
 
 Contents of the unfiltered vulnerability report can be exported using our [export feature](#export-vulnerabilities)
 
@@ -44,7 +55,7 @@ You can also dismiss vulnerabilities in the table:
 1. Select the checkbox for each vulnerability you want to dismiss.
 1. In the menu that appears, select the reason for dismissal and click **Dismiss Selected**.
 
-![Project Vulnerability Report](img/project_security_dashboard_dismissal_v13_4.png)
+![Project Vulnerability Report](img/project_security_dashboard_dismissal_v13_9.png)
 
 ## Project Vulnerability Report
 
@@ -59,7 +70,7 @@ default branch. There's also a link to view this in more detail. In the case of
 the number of failures is indicated. The failure notification takes you directly to
 the **Failed jobs** tab of the pipeline page.
 
-![Project Vulnerability Report](img/project_security_dashboard_v13_5.png)
+![Project Vulnerability Report](img/project_security_dashboard_v13_9.png)
 
 ## Export vulnerabilities
 
@@ -88,5 +99,3 @@ The fields in the export include:
 - [CVE](https://cve.mitre.org/) (Common Vulnerabilities and Exposures)
 - [CWE](https://cwe.mitre.org/) (Common Weakness Enumeration)
 - Other Identifiers
-
-![Export vulnerabilities](img/instance_security_dashboard_export_csv_v13_4.png)