From 701098e1e7206a2412f1f2e09eb073852af9a0b7 Mon Sep 17 00:00:00 2001 From: Luis Ventura Date: Tue, 15 Oct 2024 09:12:22 +0100 Subject: [PATCH 1/2] feat: Add docs for proactive SCA --- docs/organizations/managing-security-and-risk.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md index b1b1005432..efce5f2625 100644 --- a/docs/organizations/managing-security-and-risk.md +++ b/docs/organizations/managing-security-and-risk.md @@ -150,6 +150,21 @@ Codacy closes a finding in either of the following cases: !!! important Deleting a repository deletes all open findings belonging to that repository. +### How Codacy manages findings detected during software composition analysis (SCA) {: id="opening-and-closing-sca-items"} + +!!! note + To make sure that Codacy detects dependency issues correctly: + + - [Enable code patterns](../repositories-configure/configuring-code-patterns.md) belonging to the Trivy tool. + +Vulnerable dependencies are a specific GIT repository finding. Similarly to other repository findings, Codacy opens an issue whenever a commit is analyzed. + +Additionaly, Codacy scans your codebase every evening to see if it is affected by any newly discovered vulnerabilities. + +!!! important + The proactive SCA scanning is a business tier feature. If you are a Codacy Pro customer interested in upgrading to gain access to this feature, reach out to our customer success team. + + ### How Codacy manages findings detected on Jira {: id="opening-and-closing-jira-items"} !!! note From bf9d0d9a503d0e6eb117d6cf6f5d882fc59fa737 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Ventura?= <92308003+lventura-codacy@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:45:53 +0100 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Joana Teodoro --- docs/organizations/managing-security-and-risk.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md index efce5f2625..e93d0e9899 100644 --- a/docs/organizations/managing-security-and-risk.md +++ b/docs/organizations/managing-security-and-risk.md @@ -153,13 +153,11 @@ Codacy closes a finding in either of the following cases: ### How Codacy manages findings detected during software composition analysis (SCA) {: id="opening-and-closing-sca-items"} !!! note - To make sure that Codacy detects dependency issues correctly: - - - [Enable code patterns](../repositories-configure/configuring-code-patterns.md) belonging to the Trivy tool. + To make sure that Codacy detects dependency issues correctly, [enable code patterns](../repositories-configure/configuring-code-patterns.md) belonging to the Trivy tool. Vulnerable dependencies are a specific GIT repository finding. Similarly to other repository findings, Codacy opens an issue whenever a commit is analyzed. -Additionaly, Codacy scans your codebase every evening to see if it is affected by any newly discovered vulnerabilities. +Additionally, Codacy scans your codebase every evening to see if it's affected by any newly discovered vulnerabilities. !!! important The proactive SCA scanning is a business tier feature. If you are a Codacy Pro customer interested in upgrading to gain access to this feature, reach out to our customer success team.