DependencyTrack · nscuro · Apr 25, 2026 · Apr 25, 2026
diff --git a/docs/concepts/vulnerability-policies.md b/docs/concepts/vulnerability-policies.md
@@ -1,7 +1,7 @@
 # About vulnerability policies
 
 Vulnerability policies let organisations encode how specific vulnerabilities should be triaged across
-the portfolio. Where a [standard policy](../reference/vulnerability-policies.md) raises violations, a vulnerability policy acts
+the portfolio. Where a [standard policy](../reference/policies/index.md) raises violations, a vulnerability policy acts
 on the finding itself. It applies an analysis (state, justification, vendor response, details),
 optionally overrides the vulnerability's ratings, and can suppress the finding altogether.
 
@@ -65,7 +65,7 @@ time-bounded policies for temporary suppressions, embargoes, or phased rollouts.
 ### Operation Modes
 
 Every policy has an operation mode that determines what happens when its condition matches.
-Refer to the [operation modes reference](../reference/vulnerability-policies.md#operation-modes)
+Refer to the [operation modes reference](../reference/policies/index.md#operation-modes)
 for the full list.
 
 *Log* mode is particularly useful when introducing a new policy. It lets you observe how often a
@@ -74,7 +74,7 @@ to *Apply*.
 
 ## Further Reading
 
-* [Vulnerability policies reference](../reference/vulnerability-policies.md) for field
+* [Vulnerability policies reference](../reference/policies/index.md) for field
   definitions, condition variables, the bundle YAML schema, and sync rules.
 * [Managing vulnerability policies](../guides/user/managing-vulnerability-policies.md)
   for step-by-step procedures.

diff --git a/docs/guides/user/managing-vulnerability-policies.md b/docs/guides/user/managing-vulnerability-policies.md
@@ -6,7 +6,7 @@ permission is `POLICY_MANAGEMENT`, or one of the finer-grained `POLICY_MANAGEMEN
 
 For background on what vulnerability policies are and how they work, see the
 [concepts page](../../concepts/vulnerability-policies.md). For field definitions and the bundle YAML
-schema, see the [reference page](../../reference/vulnerability-policies.md).
+schema, see the [reference page](../../reference/policies/index.md).
 
 ![Vulnerability policy list](./images/managing-vulnerability-policies/vuln-policies_list.png)
 
@@ -38,7 +38,7 @@ read-only and must be changed at the bundle source.
 ## Configuring the Bundle Source
 
 Configure the bundle URL and (optionally) credentials on the API server. Refer to the
-[bundle configuration properties](../../reference/vulnerability-policies.md#bundle-configuration)
+[bundle configuration properties](../../reference/policies/index.md#bundle-configuration)
 for the full list.
 
 Once the URL is configured, Dependency-Track fetches the bundle on the configured schedule. A bundle

diff --git a/docs/reference/.pages b/docs/reference/.pages
@@ -7,7 +7,7 @@ nav:
   - Notifications: notifications
   - Vulnerability analysis:
     - Vulnerability analyzers: analyzers.md
-    - Vulnerability policies: vulnerability-policies.md
+    - Vulnerability policies: policies
   - CEL expressions: cel-expressions.md
   - Access control:
     - Permissions: permissions.md