rearchitect Supply Chain docs

docs/semgrep-supply-chain/advisories.md

@@ -1,7 +1,7 @@
 ---
 slug: advisories
 append_help_link: true
-title: Advisories
+title: Advisories and related findings
 displayed_sidebar: scanSidebar
 hide_title: true
 description: "View the advisories related to your organization and search for relevant findings."

docs/semgrep-supply-chain/dependency-path.md

@@ -0,0 +1,65 @@
+---
+slug: dependency-path
+append_help_link: true
+title: Dependency paths (beta)
+hide_title: true
+description: "View dependency paths for your transitive dependencies."
+tags:
+  - Semgrep Supply Chain
+  - Semgrep AppSec Platform
+---
+
+# Dependency paths (beta)
+
+:::info
+This feature is currently in invite-only beta. Please contact [Semgrep Support](/support) for more information.
+:::
+
+The %%Dependency|dependency%% paths feature allows you to view dependency paths for all transitive dependencies introduced in a project, up to seven layers of depth. With this information, you can understand:
+
+- How a transitive dependency was introduced
+- How deeply the transitive dependency is nested in the dependency tree.
+
+## Supported languages
+
+Semgrep generates dependency paths for most C#, Java, JavaScript, Kotlin, and Python projects.
+
+### C#
+
+Semgrep generates dependency paths for C# projects using NuGet.
+
+### Java
+
+Semgrep generates dependency paths for Java projects that include a `maven_dep_tree.txt` file whenever you invoke a scan using `semgrep ci`.
+
+Semgrep can also generate dependency paths for Java projects with lockfiles and Java projects **without lockfiles** if they're built using Maven or Gradle with the help of the Gradle Wrapper. %%Dependency|dependency%% paths for such projects are available when [scanning without lockfiles](/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta).
+
+### JavaScript
+
+Semgrep generates dependency paths for JavaScript projects that use `npm`, `yarn`, or `pnpm` and include a lockfile whenever you invoke a scan using `semgrep ci`.
+
+### Kotlin
+
+Semgrep generates dependency paths for Kotlin projects built using Maven when a `maven_dep_tree.txt` file is present, and for Maven or Gradle when [scanning without lockfiles](/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta).
+
+### Python
+
+Semgrep generates dependency paths for Python projects that use the following package managers:
+
+- `poetry` and `poetry.lock` file
+- `uv` (requires Semgrep version `1.127.0` or later)
+
+Semgrep also generates dependency paths for Python projects that use the following package managers:
+
+- `Pipenv`
+- `piptools`
+- `pip` with `requirements.txt`
+
+when [scanning without lockfiles](/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta).
+
+## View the dependency path
+
+Once [Semgrep Support](/support) has added you to the %%Dependency|dependency%% paths beta program and a new scan has completed on one of your projects, you can view dependency paths in Semgrep AppSec Platform using one of the following two methods:
+
+- Go to the [**Supply Chain** findings page](https://semgrep.dev/orgs/-/supply-chain), and used the **Transitivity > Transitive** filter to show transitive findings. Click the finding to open its **finding details** page. Click **Dependency path**.
+- Go to the **Supply Chain > Dependencies** tab. Filter for **Transitive** dependencies. Click the dependency's **Transitive** link to proceed.

docs/semgrep-supply-chain/dependency-search.md

@@ -1,7 +1,7 @@
 ---
 slug: dependency-search
 append_help_link: true
-title: View and search for dependencies
+title: Dependency search
 hide_title: true
 description: "View and search through all your dependencies in all your onboarded repositories at any time."
 tags:
@@ -12,7 +12,7 @@ tags:
 # View and search for dependencies
 
 :::info Prerequisite
-At least one project (a repository or subfolder in a monorepo) that scans for dependencies through Semgrep Supply Chain. See [Scan third-party dependencies](/semgrep-supply-chain/getting-started).
+At least one project (a repository or subfolder in a monorepo) that scans for dependencies through Semgrep Supply Chain. See [Supply Chain configuration](/semgrep-supply-chain/getting-started).
 :::
 
 Semgrep Supply Chain's dependency search feature allows you to view and query for any dependency in your project at any time. This feature detects all transitive and direct dependencies across all of your projects in Semgrep AppSec Platform. %%Dependency|dependency%% search lists all the versions of a dependency, as well as the projects that use the dependency.
@@ -28,8 +28,7 @@ To search your dependencies:
 1. Click <i class="fa-solid fa-toggle-large-on"></i> **%%Dependency|dependency%% search** if it's not already enabled.
 2. Navigate to **Supply Chain > Dependencies**.
 
-
-At this point, Semgrep displays the manifest files or lockfiles that it has used to determine dependency information and the dependencies included in each of the manifest files or lockfiles.
+At this point, Semgrep displays the manifest files or lockfiles that it has used to determine dependency information and the dependencies included in each of these files. You can view this information in Semgrep AppSec Platform by going to [Supply Chain > Dependencies](https://semgrep.dev/orgs/-/supply-chain/t/dependencies).
 
 ### View additional manifest files or lockfiles
 
@@ -81,61 +80,6 @@ You can search for multiple packages simultaneously.
 | License | The dependency's license type. |
 | Language | The language of the dependency. |
 
-## Dependency paths (beta)
-
-:::info
-This feature is currently in invite-only beta. Please contact [Semgrep Support](/support) for more information.
-:::
-
-The %%Dependency|dependency%% paths feature allows you to view dependency paths for all transitive dependencies introduced in a project, up to seven layers of depth. With this information, you can understand:
-
-- How a transitive dependency was introduced
-- How deeply the transitive dependency is nested in the dependency tree.
-
-### Supported languages
-
-Semgrep generates dependency paths for most C#, Java, JavaScript, Kotlin, and Python projects.
-
-#### C#
-
-Semgrep generates dependency paths for C# projects using NuGet.
-
-#### Java
-
-Semgrep generates dependency paths for Java projects that include a `maven_dep_tree.txt` file whenever you invoke a scan using `semgrep ci`.
-
-Semgrep can also generate dependency paths for Java projects with lockfiles and Java projects **without lockfiles** if they're built using Maven or Gradle with the help of the Gradle Wrapper. %%Dependency|dependency%% paths for such projects are available when [scanning without lockfiles](/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta).
-
-#### JavaScript
-
-Semgrep generates dependency paths for JavaScript projects that use `npm`, `yarn`, or `pnpm` and include a lockfile whenever you invoke a scan using `semgrep ci`.
-
-#### Kotlin
-
-Semgrep generates dependency paths for Kotlin projects built using Maven when a `maven_dep_tree.txt` file is present, and for Maven or Gradle when [scanning without lockfiles](/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta).
-
-#### Python
-
-Semgrep generates dependency paths for Python projects that use the following package managers:
-
-- `poetry` and `poetry.lock` file
-- `uv` (requires Semgrep version `1.127.0` or later)
-
-Semgrep also generates dependency paths for Python projects that use the following package managers:
-
-- `Pipenv`
-- `piptools`
-- `pip` with `requirements.txt`
-
-when [scanning without lockfiles](/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta).
-
-### View the dependency path
-
-After you have been added to the %%Dependency|dependency%% paths beta and a new scan completes on a repository, view the dependency paths in Semgrep AppSec Platform on:
-
-- The **%%Finding|finding%% Details** page for a transitive finding
-- The **Supply Chain > Dependencies** tab when you view a transitive dependency; click **Transitive** to see the dependency path
-
 ## Troubleshooting: no dependencies appear on the Dependencies page
 
 If you don't see any results on the Dependencies page, ensure that: