Add vulnerability overrides

_data/toc.yaml

@@ -2405,6 +2405,8 @@ manuals:
           title: Delete images
         - path: /ee/dtr/user/manage-images/scan-images-for-vulnerabilities/
           title: Scan images for vulnerabilities
+        - title: Override a vulnerability
+          path: /ee/dtr/user/manage-images/override-a-vulnerability/
         - path: /ee/dtr/user/manage-images/prevent-tags-from-being-overwritten/
           title: Prevent tags from being overwritten
         - sectiontitle: Sign images

ee/dtr/release-notes.md

@@ -27,27 +27,28 @@ to upgrade your installation to the latest release.
 users push to a repository in their personal namespace that doesn't exist yet.
 This makes the behavior of DTR consistent with Docker Hub. By default this
 setting is disabled, so that DTR continues behaving the same way after an upgrade.
-[Learn about creating repositories on push](https://beta.docs.docker.com/ee/dtr/admin/configure/allow-creation-on-push/).
+[Learn about creating repositories on push](admin/configure/allow-creation-on-push.md).
 * You can create push mirroring policies to automatically push an image to
 another DTR deployment or Docker Hub, when the image complies with a policy
 of your choice.
-[Learn about push mirroring](https://beta.docs.docker.com/ee/dtr/user/promotion-policies/push-mirror/).
+[Learn about push mirroring](user/promotion-policies/push-mirror.md).
 * You can configure a repository in a DTR deployment to mirror a repository
 in a different DTR deployment by constantly monitoring it and pulling new
 images when they are available.
-[Learn about pull mirroring](https://beta.docs.docker.com/ee/dtr/user/promotion-policies/pull-mirror/).
+[Learn about pull mirroring](user/promotion-policies/pull-mirror.md).
 * Added the `emergency-repair` command to the DTR CLI tool. This allows you to
 recover your DTR cluster from a loss of quorum and is an alternative to
 restoring from a backup.
-[Learn about the emergency-repair command](https://beta.docs.docker.com/ee/dtr/admin/disaster-recovery/repair-a-cluster/).
+[Learn about the emergency-repair command](admin/disaster-recovery/repair-a-cluster.md).
 * Users can now create access tokens that can be used to authenticate in the
 DTR API without providing their credentials.
-[Learn about access tokens](https://beta.docs.docker.com/ee/dtr/user/access-tokens/).
+[Learn about access tokens](user/access-tokens.md).
 * You can now configure DTR to run garbage collection jobs without putting DTR
 in read-only mode. This is still experimental.
-[Learn about garbage collection](https://beta.docs.docker.com/ee/dtr/admin/configure/garbage-collection/).
+[Learn about garbage collection](admin/configure/garbage-collection.md).
 * Administrators can hide vulnerabilities in given image layers if they
 know that the vulnerability has been fixed.
+[Learn how to override vulnerability reports](user/manage-images/override-a-vulnerability.md)
 * You can now connect one DTR deployment to multiple UCPs, allowing you to
 use Docker Content Trust in a seamless way between multiple UCPs.
 * Added new endpoints to the DTR API to query the results of the Vulnerability

ee/dtr/user/manage-images/override-a-vulnerability.md

@@ -0,0 +1,37 @@
+---
+title: Override a vulnerability
+description: Learn how to dismiss a vulnerability reported by the security
+  scanner, when you know it has been addressed
+keywords: registry, security scanner
+ui_tabs:
+  - version: dtr-2.5
+---
+
+{% if include.version=="dtr-2.5" %}
+
+DTR scans your images for vulnerabilities but sometimes it can report that
+your image has vulnerabilities you know have been fixed. If that happens you
+can dismiss the warning.
+
+In the **DTR web UI**, navigate to the repository that has been scanned.
+
+![Tag list](../../images/override-vulnerability-1.png){: .with-border}
+
+Click **View details** for the image you want to see the scan results, and
+and choose **Components** to see the vulnerabilities for each component packaged
+in the image.
+
+Select the component with the vulnerability you want to ignore, navigate to the
+vulnerability, and click **hide**.
+
+![Vulnerability list](../../images/override-vulnerability-2.png){: .with-border}
+
+The vulnerability is hidden for the particular image and component. If this
+vulnerability shows up in other images, it is still reported.
+
+After dismissing a vulnerability, DTR won't re-evaluate the promotion policies
+you have set up for the repository.
+If you want the promotion policy to be re-evaluated for the image after hiding
+a particular vulnerability, click **Promote**.
+
+{% endif %}