Add documentation about the vulnerabilities notification system #106

Signed-off-by: tdruez <[email protected]>

dje/tests/test_user.py

@@ -417,7 +417,9 @@ def test_user_admin_form_scope_homepage_layout_choices(self):
         self.assertNotContains(response, card_layout_other.name)
 
     def test_user_model_send_internal_notification(self):
-        notification = self.nexb_user.send_internal_notification(verb="Updated", description="details")
+        notification = self.nexb_user.send_internal_notification(
+            verb="Updated", description="details"
+        )
         self.assertEqual("Updated", notification.verb)
         self.assertEqual("details", notification.description)
         self.assertEqual("dejacodeuser", notification.actor_content_type.model)

docs/reference-vulnerability-management.rst

@@ -237,28 +237,51 @@ attention, while still providing access to less urgent issues for deeper analysi
 7. Notifications
 -----------------
 
-DejaCode provides a notification system to alert users about vulnerabilities that
-exceed a **predefined risk threshold**. This ensures timely awareness of critical issues
-that may impact the security of your software products.
+DejaCode provides a robust notification system to alert users about vulnerabilities,
+ensuring timely awareness of critical issues that may impact the security of your
+software products.
+
+**Triggered Alerts**
+Notifications are automatically sent whenever new vulnerabilities are discovered.
+
+**Delivery Channels**
+Notifications are displayed in the user interface and can be integrated into external
+workflows using the Webhook system.
+
+Internal Notifications
+^^^^^^^^^^^^^^^^^^^^^^
+
+To receive internal notifications about vulnerability data, a new user-specific field,
+**"Vulnerability Impact Notification"**, has been introduced.
+
+.. image:: images/reference-vulnerability-management/notification-vulnerability-impact-field.jpg
+   :width: 300
+
+- Users with this flag activated will receive notifications each time new
+  vulnerabilities are identified during the daily data update process.
+- These notifications include links to:
+
+  - **Vulnerabilities View**: A filtered list of vulnerabilities affecting the user's
+    monitored packages.
+  - **Package List View**: A filtered list of packages impacted by these
+    vulnerabilities.
+
+.. image:: images/reference-vulnerability-management/notification-internal.jpg
 
-Notification Behavior:
 
-- **Triggered Alerts**:
-  Notifications are sent automatically when vulnerabilities have a
-  **risk score greater than or equal to the configured threshold**.
-  This threshold can be adjusted globally or per Product, as described in the
-  :ref:`vulnerabilities_risk_threshold` section.
+Webhook Notifications
+^^^^^^^^^^^^^^^^^^^^^
 
-- **Delivery Channels**:
-  Notifications are displayed in the user interface and can also be integrated into
-  external workflows or email alerts, depending on the system's configuration.
+A dedicated event, ``vulnerability.data_update``, is available in Webhook system.
+This event is triggered each time the vulnerability data update process is completed.
 
-- **Exclusions**:
-  Vulnerabilities with a risk score below the threshold do not trigger notifications by
-  default, ensuring that only the most significant issues demand immediate attention.
+- DejaCode administrators can define Webhooks, such as a Slack notification or other
+  integrations, to be executed when this event occurs.
+- This integration allows organizations to incorporate DejaCode notifications into
+  their external workflows for enhanced vulnerability management.
 
-Notifications are a key component of the vulnerability management workflow, enabling
-users to monitor and respond to potential threats effectively.
+.. image:: images/reference-vulnerability-management/notification-webhook.jpg
+   :width: 400
 
 8. CycloneDX and CSAF VEX Outputs
 ---------------------------------