diff --git a/docs/organizations/images/security-risk-management-dependencies-list.png b/docs/organizations/images/security-risk-management-dependencies-list.png new file mode 100644 index 0000000000..e839114b88 Binary files /dev/null and b/docs/organizations/images/security-risk-management-dependencies-list.png differ diff --git a/docs/organizations/images/security-risk-management-dependencies-single.png b/docs/organizations/images/security-risk-management-dependencies-single.png new file mode 100644 index 0000000000..88df106411 Binary files /dev/null and b/docs/organizations/images/security-risk-management-dependencies-single.png differ diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md index 88c2f5a8f6..59271423ee 100644 --- a/docs/organizations/managing-security-and-risk.md +++ b/docs/organizations/managing-security-and-risk.md @@ -6,6 +6,7 @@ Under Security and risk management, you can find the following pages to help you - [Overview](#dashboard) - [Findings](#item-list) +- [Dependencies](#dependencies-list) In addition, on these pages, you can [share filtered views of findings](#sharing-filtered-view), [export findings as a CSV file](#exporting-the-security-item-list), and [review severity rules and integration settings](#reviewing-settings) @@ -514,6 +515,27 @@ Security and risk management supports checking the languages and infrastructure- +## Dependencies {: id="dependencu-list"} + +The **Security and risk management dependencies** page displays a unified view of all dependencies used by your repositories. + +To access the dependencies page, access the [overview page](#dashboard) and click the **Findings** tab. + +![Security and risk management dependencies page](images/security-risk-management-dependencies-list.png) + +When viewing dependencies, you'll be presented with a list of the dependencies used by all repositories in your organization. For each dependency you'll be able to see how many repositories are making use of it, how many different versions you are using accross all repositories, as well as how many security findings were found due to the presence of that dependency. + +You're also able to click any dependency to find out more information about it. + +![Security and risk management dependency page](images/security-risk-management-dependencies-single.png) + + The dependency overview page offers a quick birds-eye view of that particular dependency. You'll be able to see all different versions that are being used, including which repository is using them, the oldest and most recent versions you're leveraging, as well as the highest criticaliy of security issues and the license applied to any particular version of that dependency. + +!!! important + The dependency explorer is a timed business-tier feature! We'll be releasing it to every Pro user in the near future, but if in the meanwhile you want to learn about it, and other business features we're offereing or have planned [get in touch with us](https://www.codacy.com/pricing)! + + + 1: Semgrep supports additional security rules when signing up for [Semgrep Pro](https://semgrep.dev/pricing/). 2: Currently, Trivy only supports scanning YAML files on this platform. 3: Supported as a [client-side tool](../repositories-configure/local-analysis/client-side-tools.md). diff --git a/submodules/chart b/submodules/chart deleted file mode 160000 index 6b68419f18..0000000000 --- a/submodules/chart +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 6b68419f18e99128420ec030786465b1c71c9e1f diff --git a/submodules/codacy-mkdocs-material b/submodules/codacy-mkdocs-material deleted file mode 160000 index 954b29eabb..0000000000 --- a/submodules/codacy-mkdocs-material +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 954b29eabbe8cc4a350889a46836ba2ddb669634