From 3f680867e864c9bc81cc29cb43ae2c6f829acde6 Mon Sep 17 00:00:00 2001 From: mark-rln Date: Tue, 16 Jun 2026 13:39:07 +0100 Subject: [PATCH 1/2] Add 'Severity changes' heading to security findings page --- docs/organizations/managing-security-and-risk.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md index 6d2aaf9671..ca33558cf4 100644 --- a/docs/organizations/managing-security-and-risk.md +++ b/docs/organizations/managing-security-and-risk.md @@ -103,6 +103,8 @@ For findings on transitive dependencies, the finding also displays the **depende ![Security and risk management finding dependency chain](images/security-risk-management-finding-dependency-chain.png) +### Severity changes + The same Common Vulnerability and Exposure can be classified with different severities in different sources, like cve.org or NVD, and Trivy uses these and other sources to update their database. As such, there may be situations where the severity attributed to a Finding by Trivy is not in line with a specific source. Subsequent analysis can then close a Finding and re-open it with a different severity, if a Trivy database update occurs. ## Sharing a filtered view of findings {: id="sharing-filtered-view"} From 60d165d88ef8f0678bbb6d6912d93b8ae91dfc05 Mon Sep 17 00:00:00 2001 From: mark-rln Date: Tue, 16 Jun 2026 14:35:46 +0100 Subject: [PATCH 2/2] Add explicit id to 'Severity changes' heading for direct linking --- docs/organizations/managing-security-and-risk.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md index ca33558cf4..7d2cfd1e6a 100644 --- a/docs/organizations/managing-security-and-risk.md +++ b/docs/organizations/managing-security-and-risk.md @@ -103,7 +103,7 @@ For findings on transitive dependencies, the finding also displays the **depende ![Security and risk management finding dependency chain](images/security-risk-management-finding-dependency-chain.png) -### Severity changes +### Severity changes {: id="severity-changes"} The same Common Vulnerability and Exposure can be classified with different severities in different sources, like cve.org or NVD, and Trivy uses these and other sources to update their database. As such, there may be situations where the severity attributed to a Finding by Trivy is not in line with a specific source. Subsequent analysis can then close a Finding and re-open it with a different severity, if a Trivy database update occurs.