From c624f5f1186600c4f5a2fcb7ab83605271166ed6 Mon Sep 17 00:00:00 2001 From: Philipp Schoenbach Date: Wed, 3 Jun 2026 18:30:17 +0200 Subject: [PATCH 1/4] fix sbom standards meta description --- src/pages/explanations/compliance/sbom-standards.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/explanations/compliance/sbom-standards.mdx b/src/pages/explanations/compliance/sbom-standards.mdx index 1e907ab..bdb270f 100644 --- a/src/pages/explanations/compliance/sbom-standards.mdx +++ b/src/pages/explanations/compliance/sbom-standards.mdx @@ -1,6 +1,6 @@ --- -title: 'SBOM Standards: CycloneDX and SPDX Compared' -description: "Compare SBOM standards CycloneDX SPDX — both formats supported by DevGuard — and understand when to use each for software supply chain compliance reporting." +title: 'SBOM Standards: CycloneDX and SPDX Compared'. +description: "Compare the SBOM standards CycloneDX and SPDX. Understand when to use each for vulnerability management and license compliance reporting" seo: robots: index,follow og: From ecdd2e9ca139f56175af9089138f420e8fa361c7 Mon Sep 17 00:00:00 2001 From: Philipp Schoenbach Date: Tue, 23 Jun 2026 21:00:49 +0200 Subject: [PATCH 2/4] fix missing sidebar meta.ts entries and dead links due to DWT not handling .mdx endings in URLs --- .../compliance/iso-27001-mapping.mdx | 8 +++---- .../what-is-supply-chain-security.mdx | 6 +++--- src/pages/how-to-guides/compliance/_meta.ts | 4 ++++ .../compliance/attestation-policies.mdx | 12 +++++------ .../how-to-guides/compliance/audit-logs.mdx | 21 +++++++++---------- .../compliance/compliance-dashboards.mdx | 8 +++---- .../how-to-guides/compliance/export-sbom.mdx | 8 +++---- .../compliance/generate-csaf-reports.mdx | 6 +++--- .../compliance/generate-vex-documents.mdx | 6 +++--- .../component-search.mdx | 6 +++--- .../find-vulnerable-deps.mdx | 6 +++--- .../license-compliance.mdx | 6 +++--- .../override-license-decisions.mdx | 7 +++---- .../security/access-control/api-tokens.mdx | 6 +++--- .../vulnerability-management/_meta.ts | 3 +++ 15 files changed, 59 insertions(+), 54 deletions(-) diff --git a/src/pages/explanations/compliance/iso-27001-mapping.mdx b/src/pages/explanations/compliance/iso-27001-mapping.mdx index 3f9c8cb..1c69905 100644 --- a/src/pages/explanations/compliance/iso-27001-mapping.mdx +++ b/src/pages/explanations/compliance/iso-27001-mapping.mdx @@ -92,10 +92,10 @@ For development teams, these controls are particularly relevant as they impact d -- Identification and documentation of vulnerabilities in your codebase through [static code analysis](../devsecops/sast.mdx) and [dynamic code analysis](../devsecops/dast.mdx). +- Identification and documentation of vulnerabilities in your codebase through [static code analysis](/explanations/devsecops/sast) and [dynamic code analysis](/explanations/devsecops/dast). - Identification and documentation of software components and libraries in your codebase through SBOM (Software Bill of Materials) generation, listing all software components with their versions. - Automatic generation and documentation of an SBOM (Software Bill of Materials) with versions for each new change in the codebase. -- Identification and documentation of vulnerabilities in the dependencies of your codebase through dependency scanning with [software composition analysis](../devsecops/software-composition-analysis.mdx) (SCA) and [container images](../devsecops/container-scanning.mdx). +- Identification and documentation of vulnerabilities in the dependencies of your codebase through dependency scanning with [software composition analysis](/explanations/devsecops/software-composition-analysis) (SCA) and [container images](/explanations/devsecops/container-scanning). - Verification of available patches for the vulnerabilities in dependencies, along with guidance on how to apply them. - Calculation and documentation of the risk of vulnerabilities in your codebase and dependencies through risk analysis. - Prioritization of vulnerabilities in your codebase and dependencies, enabling you to address the most critical issues first. @@ -133,10 +133,10 @@ For development teams, these controls are particularly relevant as they impact d -- Identification and documentation of secrets and credentials in your codebase through [secret scanning](../devsecops/secret-scanning.mdx). +- Identification and documentation of secrets and credentials in your codebase through [secret scanning](/explanations/devsecops/secret-scanning). - Identification and documentation of software components and libraries in your codebase through SBOM (Software Bill of Materials) generation, listing all software components with their versions. - Automatic generation and documentation of an SBOM with versions for each new change in the codebase. -- Identification and documentation of vulnerabilities in the dependencies of your codebase through dependency scanning with [software composition analysis](../devsecops/software-composition-analysis.mdx) (SCA) and [container images](../devsecops/container-scanning.mdx). +- Identification and documentation of vulnerabilities in the dependencies of your codebase through dependency scanning with [software composition analysis](/explanations/devsecops/software-composition-analysis) (SCA) and [container images](/explanations/devsecops/container-scanning). - Calculation and documentation of the risk of vulnerabilities in your codebase and dependencies through risk analysis. - Ensuring the integrity of the codebase and protection from unauthorized changes through in-toto. - Prioritization of vulnerabilities in your codebase and dependencies, enabling you to address the most critical issues first. diff --git a/src/pages/explanations/supply-chain-security/what-is-supply-chain-security.mdx b/src/pages/explanations/supply-chain-security/what-is-supply-chain-security.mdx index d1e0ab9..a096138 100644 --- a/src/pages/explanations/supply-chain-security/what-is-supply-chain-security.mdx +++ b/src/pages/explanations/supply-chain-security/what-is-supply-chain-security.mdx @@ -179,7 +179,7 @@ supply chain security focuses on verifying the trust and transparency of everyth Visibility is the first pillar of supply chain security. You cannot secure what you cannot see. Modern software is rarely written from scratch; it is assembled from hundreds or thousands of open-source libraries and third-party components. -**Visibility** is achieved through a **Software Bill of Materials** ([SBOM](/explanations/compliance/sbom-standards.mdx)). An SBOM is a formal, machine-readable inventory of every dependency, +**Visibility** is achieved through a **Software Bill of Materials** ([SBOM](/explanations/compliance/sbom-standards)). An SBOM is a formal, machine-readable inventory of every dependency, library, and module included in your software. Just as a list of ingredients on a food package allows consumers to avoid allergens, an SBOM allows security teams to rapidly identify if they are affected when a major vulnerability is discovered in a widely used component. SBOMs are essential for effective supply chain security. @@ -253,7 +253,7 @@ In short, SSDF mandates that an organization has a secure process and a trained ### SLSA (The Artifact Standard) -[**Supply-chain Levels for Software Artifacts (SLSA)**](/explanations/supply-chain-security/slsa-framework.mdx) is a supply chain security framework specifically designed to guarantee the integrity of the final software output. +[**Supply-chain Levels for Software Artifacts (SLSA)**](/explanations/supply-chain-security/slsa-framework) is a supply chain security framework specifically designed to guarantee the integrity of the final software output. Its fundamental concept is Provenance: metadata that describes exactly how an artifact was created, including the source code version, the build platform, and external parameters used. SLSA relies on the [in-toto framework](/explanations/supply-chain-security/in-toto-framework) to provide the standard format for this metadata. @@ -333,7 +333,7 @@ By shifting left, supply chain security becomes an integrated part of the develo Supply chain security is no longer optional in an era of automated, multi-layered software delivery. Implementing supply chain security requires moving beyond simple vulnerability scanning and into the realm of **provenance and integrity**. By understanding the flow of code from source to production, and by demanding cryptographic proof of every transformation, organizations can significantly reduce the risk of sophisticated supply chain attacks. Investing in supply chain security today protects your organization from tomorrow's threats. -In the following sections, we will explore the specific frameworks **DevGuard** uses to implement these concepts and frameworks, including [In-toto](/explanations/supply-chain-security/in-toto-framework.mdx) and [SLSA](/explanations/supply-chain-security/slsa-framework.mdx). +In the following sections, we will explore the specific frameworks **DevGuard** uses to implement these concepts and frameworks, including [In-toto](/explanations/supply-chain-security/in-toto-framework) and [SLSA](/explanations/supply-chain-security/slsa-framework). *** diff --git a/src/pages/how-to-guides/compliance/_meta.ts b/src/pages/how-to-guides/compliance/_meta.ts index 0541f3a..3717881 100644 --- a/src/pages/how-to-guides/compliance/_meta.ts +++ b/src/pages/how-to-guides/compliance/_meta.ts @@ -1,3 +1,7 @@ export default { 'compliance-dashboards': { title: 'View Compliance Dashboards' }, + 'audit-logs': { title: 'Audit Logs' }, + 'export-sbom': { title: 'Export SBOM' }, + 'generate-csaf-reports': { title: 'Generate CSAF Reports' }, + 'generate-vex-documents': { title: 'Generate VEX Documents' } } diff --git a/src/pages/how-to-guides/compliance/attestation-policies.mdx b/src/pages/how-to-guides/compliance/attestation-policies.mdx index d8db8b6..c644e98 100644 --- a/src/pages/how-to-guides/compliance/attestation-policies.mdx +++ b/src/pages/how-to-guides/compliance/attestation-policies.mdx @@ -99,13 +99,13 @@ Navigate to **Organization** → **Compliance** → **Policies** ## Next Steps -- [View Compliance Dashboards](./compliance-dashboards.mdx) - Monitor all policy results -- [Generate VEX Documents](./generate-vex-documents.mdx) - Document vulnerability assessments +- [View Compliance Dashboards](/how-to-guides/compliance-dashboards) - Monitor all policy results +- [Generate VEX Documents](/how-to-guides/generate-vex-documents) - Document vulnerability assessments - [Understand Compliance Frameworks](/explanations/compliance/iso-27001-mapping) - Learn ISO 27001 requirements -- [Generate CSAF Reports](./generate-csaf-reports.mdx) - Create compliance-focused security advisories -- [Generate VEX Documents](./generate-vex-documents.mdx) - Document vulnerability assessments -- [Export SBOMs](./export-sbom.mdx) - Download component inventories for audit purposes -- [Manage Attestations](../security/supply-chain/manage-attestations.mdx) - Ensure required attestations exist +- [Generate CSAF Reports](/how-to-guides/generate-csaf-reports) - Create compliance-focused security advisories +- [Generate VEX Documents](/how-to-guides/generate-vex-documents) - Document vulnerability assessments +- [Export SBOMs](/how-to-guides/export-sbom) - Download component inventories for audit purposes +- [Manage Attestations](/how-to-guides/security/supply-chain/manage-attestations) - Ensure required attestations exist ## Related Documentation diff --git a/src/pages/how-to-guides/compliance/audit-logs.mdx b/src/pages/how-to-guides/compliance/audit-logs.mdx index c01a495..892757e 100644 --- a/src/pages/how-to-guides/compliance/audit-logs.mdx +++ b/src/pages/how-to-guides/compliance/audit-logs.mdx @@ -35,7 +35,7 @@ Before you begin, ensure you have: ## View Event Details Across Assets -For organization-wide compliance tracking, see [Compliance Dashboards](./compliance-dashboards.mdx) for vulnerability metrics and trends that reflect the cumulative impact of these vulnerability events. +For organization-wide compliance tracking, see [Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) for vulnerability metrics and trends that reflect the cumulative impact of these vulnerability events. ### Generate PDF Reports for audits @@ -44,22 +44,21 @@ For organization-wide compliance tracking, see [Compliance Dashboards](./complia ![Download PDF-Report](../../../assets/downloading-pdf-report.png) -[PDF Example]("https://main.devguard.org/l3montree-cybersecurity/projects/devguard/assets/devguard/refs/main/vulnerability-report.pdf?artifact=pkg%3Aoci%2Fdevguard%3Frepository_url%3Dghcr.io%2Fl3montree-dev%2Fdevguard") - +{/* [PDF Example](https://main.devguard.org/l3montree-cybersecurity/projects/devguard/assets/devguard/refs/main/vulnerability-report.pdf?artifact=pkg%3Aoci%2Fdevguard%3Frepository_url%3Dghcr.io%2Fl3montree-dev%2Fdevguard) +*/} ### Exporting for Audits To include vulnerability event history in compliance documentation: -1. Generate [CSAF Reports](./generate-csaf-reports.mdx) that include event justifications -2. Generate [VEX Documents](./generate-vex-documents.mdx) that document vulnerability status decisions +1. Generate [CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) that include event justifications +2. Generate [VEX Documents](/how-to-guides/compliance/generate-vex-documents) that document vulnerability status decisions These reports can be downloaded and provided to auditors as evidence of your vulnerability management process. ## Related Documentation -- [Create Vulnerability Events](../vulnerability-management/create-vuln-events.mdx) - Add and manage events -- [Compliance Audit Trails](../../explanations/compliance/audit-trails.mdx) - Understand audit logging concepts -- [Generate CSAF Reports](./generate-csaf-reports.mdx) - Export event justifications -- [Vulnerability Lifecycle](/explanations/vulnerability-management/vulnerability-lifecycle.mdx) - Understand decision workflows -- [Compliance Audit Trails](/explanations/compliance/audit-trails) -- [Compliance How-To Guides](/how-to-guides/compliance) +- [Create Vulnerability Events](/how-to-guides/vulnerability-management/create-vuln-events) - Add and manage events +- [Compliance Audit Trails](/explanations/compliance/audit-trails) - Understand audit logging concepts +- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Export event justifications +- [Vulnerability Lifecycle](/explanations/vulnerability-management/vulnerability-lifecycle) - Understand decision workflows +- [Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) - View compliance control evaluations and policy violations diff --git a/src/pages/how-to-guides/compliance/compliance-dashboards.mdx b/src/pages/how-to-guides/compliance/compliance-dashboards.mdx index a697ad7..28b8bd1 100644 --- a/src/pages/how-to-guides/compliance/compliance-dashboards.mdx +++ b/src/pages/how-to-guides/compliance/compliance-dashboards.mdx @@ -84,10 +84,10 @@ More information on how to write your own compliance policies with metadata can ## Next Steps -- [Generate CSAF Reports](./generate-csaf-reports.mdx) - Create compliance-focused security advisories -- [Export SBOMs](./export-sbom.mdx) - Download component inventories for audit purposes -- [Manage Attestations](../security/supply-chain/manage-attestations.mdx) - Ensure required attestations exist -- [Create Attestation Policies](./attestation-policies.mdx) - Learn how policies evaluate your repositories +- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create compliance-focused security advisories +- [Export SBOMs](/how-to-guides/compliance/export-sbom) - Download component inventories for audit purposes +- [Manage Attestations](/how-to-guides/security/supply-chain/manage-attestations) - Ensure required attestations exist +- [Create Attestation Policies](/how-to-guides/compliance/attestation-policies) - Learn how policies evaluate your repositories ## Related Documentation diff --git a/src/pages/how-to-guides/compliance/export-sbom.mdx b/src/pages/how-to-guides/compliance/export-sbom.mdx index 434e3e0..c7c52b1 100644 --- a/src/pages/how-to-guides/compliance/export-sbom.mdx +++ b/src/pages/how-to-guides/compliance/export-sbom.mdx @@ -50,11 +50,11 @@ Export your component inventory: ![Select your SBOM format and options](../../../assets/sbom-download-menu.png) -for more information on what an SBOM contains, see the [Explaining SBOMs](../../explanations/explaining-sboms.mdx) section. +for more information on what an SBOM contains, see the [Explaining SBOMs](/explanations/explaining-sboms) section. -- [Generate VEX Documents](./generate-vex-documents.mdx) - Add vulnerability assessments to SBOM -- [Generate CSAF Reports](./generate-csaf-reports.mdx) - Create security advisories -- [View Compliance Dashboards](./compliance-dashboards.mdx) - Monitor overall compliance +- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Add vulnerability assessments to SBOM +- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create security advisories +- [View Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) - Monitor overall compliance ## Related Documentation diff --git a/src/pages/how-to-guides/compliance/generate-csaf-reports.mdx b/src/pages/how-to-guides/compliance/generate-csaf-reports.mdx index a4d674f..6f9f057 100644 --- a/src/pages/how-to-guides/compliance/generate-csaf-reports.mdx +++ b/src/pages/how-to-guides/compliance/generate-csaf-reports.mdx @@ -46,9 +46,9 @@ This will allow external parties to access vulnerability data for this repositor ## Next Steps -- [Generate VEX Documents](./generate-vex-documents.mdx) - Export vulnerability exceptions -- [Export SBOM](./export-sbom.mdx) - Download component inventory -- [View Compliance Dashboards](./compliance-dashboards.mdx) - Monitor all vulnerabilities +- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Export vulnerability exceptions +- [Export SBOM](/how-to-guides/compliance/export-sbom) - Download component inventory +- [View Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) - Monitor policy violations ## Related Documentation diff --git a/src/pages/how-to-guides/compliance/generate-vex-documents.mdx b/src/pages/how-to-guides/compliance/generate-vex-documents.mdx index 31a7286..a7efd14 100644 --- a/src/pages/how-to-guides/compliance/generate-vex-documents.mdx +++ b/src/pages/how-to-guides/compliance/generate-vex-documents.mdx @@ -80,6 +80,6 @@ DevGuard also supports OpenVEX (separate format): ## Next Steps -- [Manage License Compliance](/how-to-guides/dependency-management/license-compliance.mdx) - Expand compliance beyond vulnerabilities -- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports.mdx) - Create security advisories -- [Track Fix Progress](/how-to-guides/vulnerability-management/track-fix-progress.mdx) - Monitor remediation +- [Manage License Compliance](/how-to-guides/dependency-management/license-compliance) - Expand compliance beyond vulnerabilities +- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create security advisories +- [Track Fix Progress](/how-to-guides/vulnerability-management/track-fix-progress) - Monitor remediation diff --git a/src/pages/how-to-guides/dependency-management/component-search.mdx b/src/pages/how-to-guides/dependency-management/component-search.mdx index 9f1480f..ef9e1ae 100644 --- a/src/pages/how-to-guides/dependency-management/component-search.mdx +++ b/src/pages/how-to-guides/dependency-management/component-search.mdx @@ -273,9 +273,9 @@ Decision: Evaluate implications or replace ## Next Steps -- [Find Vulnerable Dependencies](./find-vulnerable-deps.mdx) - Security-focused component analysis -- [View Dependency Tree](./view-dependency-tree.mdx) - See how components relate -- [License Compliance](./license-compliance.mdx) - Review component licenses +- [Find Vulnerable Dependencies](/how-to-guides/dependency-management/find-vulnerable-deps) - Security-focused component analysis +- [View Dependency Tree](/how-to-guides/dependency-management/view-dependency-tree) - See how components relate +- [License Compliance](/how-to-guides/dependency-management/license-compliance) - Review component licenses ## Related Documentation diff --git a/src/pages/how-to-guides/dependency-management/find-vulnerable-deps.mdx b/src/pages/how-to-guides/dependency-management/find-vulnerable-deps.mdx index 81f56ba..c959d2a 100644 --- a/src/pages/how-to-guides/dependency-management/find-vulnerable-deps.mdx +++ b/src/pages/how-to-guides/dependency-management/find-vulnerable-deps.mdx @@ -203,6 +203,6 @@ Download vulnerability data for reports or external tools: ## Next Steps -- [Track Fix Progress](/how-to-guides/vulnerability-management/track-fix-progress.mdx) - Monitor remediation efforts -- [View Dependency Tree](./view-dependency-tree.mdx) - Explore dependency relationships -- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents.mdx) - Document vulnerability decisions +- [Track Fix Progress](/how-to-guides/vulnerability-management/track-fix-progress) - Monitor remediation efforts +- [View Dependency Tree](/how-to-guides/dependency-management/view-dependency-tree) - Explore dependency relationships +- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Document vulnerability decisions diff --git a/src/pages/how-to-guides/dependency-management/license-compliance.mdx b/src/pages/how-to-guides/dependency-management/license-compliance.mdx index 10d10b6..a05c002 100644 --- a/src/pages/how-to-guides/dependency-management/license-compliance.mdx +++ b/src/pages/how-to-guides/dependency-management/license-compliance.mdx @@ -208,9 +208,9 @@ Download license information for reporting: ## Next Steps -- [Override License Decisions](./override-license-decisions.mdx) - Change detected licenses -- [Find Vulnerable Dependencies](./find-vulnerable-deps.mdx) - Check security alongside licenses -- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents.mdx) - Include license decisions in VEX +- [Override License Decisions](/how-to-guides/dependency-management/override-license-decisions) - Change detected licenses +- [Find Vulnerable Dependencies](/how-to-guides/dependency-management/find-vulnerable-deps) - Check security alongside licenses +- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Include license decisions in VEX ## Related Documentation diff --git a/src/pages/how-to-guides/dependency-management/override-license-decisions.mdx b/src/pages/how-to-guides/dependency-management/override-license-decisions.mdx index 6c79c09..a8495d1 100644 --- a/src/pages/how-to-guides/dependency-management/override-license-decisions.mdx +++ b/src/pages/how-to-guides/dependency-management/override-license-decisions.mdx @@ -216,10 +216,9 @@ Best practices for accuracy: ## Next Steps -- [License Compliance Management](./license-compliance.mdx) - Overall license strategy -- [Export SBOM](../compliance/export-sbom.mdx) - Export with corrected licenses -- [Manage Component Search](./component-search.mdx) - Find all uses of a component - +- [License Compliance Management](/how-to-guides/dependency-management/license-compliance) - Overall license strategy +- [Export SBOM](/how-to-guides/compliance/export-sbom) - Export with corrected licenses +- [Manage Component Search](/how-to-guides/dependency-management/component-search) - Find all uses of a component ## Related Documentation - [Getting Started with DevGuard](/getting-started) diff --git a/src/pages/how-to-guides/security/access-control/api-tokens.mdx b/src/pages/how-to-guides/security/access-control/api-tokens.mdx index b5703d5..edad0d9 100644 --- a/src/pages/how-to-guides/security/access-control/api-tokens.mdx +++ b/src/pages/how-to-guides/security/access-control/api-tokens.mdx @@ -46,9 +46,9 @@ Following the Onboarding process, DevGuard can create an API token for you with ## Next Steps -- [Authenticate with API](../../api-usage/authenticate-with-api.mdx) - API authentication methods -- [Query Vulnerabilities](../../api-usage/query-vulnerabilities.mdx) - Fetch vulnerability data -- [Upload Scan Results](../../api-usage/upload-scan-results.mdx) - Submit scan data +- [Authenticate with API](/how-to-guides/api-usage/authenticate-with-api) - API authentication methods +- [Query Vulnerabilities](/how-to-guides/api-usage/query-vulnerabilities) - Fetch vulnerability data +- [Upload Scan Results](/how-to-guides/api-usage/upload-scan-results) - Submit scan data ## Related Documentation diff --git a/src/pages/how-to-guides/vulnerability-management/_meta.ts b/src/pages/how-to-guides/vulnerability-management/_meta.ts index fec05b0..eac5abd 100644 --- a/src/pages/how-to-guides/vulnerability-management/_meta.ts +++ b/src/pages/how-to-guides/vulnerability-management/_meta.ts @@ -5,4 +5,7 @@ export default { 'sync-external-data': { title: 'Sync External Vulnerability Data (VeX Ingestion)', }, + 'customize-risk-scores': { title: 'Customize Risk Scores', }, + 'create-vuln-events': { title: 'Create Vulnerability Events', }, + 'track-fix-progress': { title: 'Track Fix Progress', }, } From 0e51dd35a0e47e5d701c82e1cfd95ab9efc59424 Mon Sep 17 00:00:00 2001 From: Philipp Schoenbach Date: Wed, 24 Jun 2026 14:03:21 +0200 Subject: [PATCH 3/4] fix typo that fails seo check --- src/pages/explanations/compliance/sbom-standards.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/explanations/compliance/sbom-standards.mdx b/src/pages/explanations/compliance/sbom-standards.mdx index bdb270f..6848c45 100644 --- a/src/pages/explanations/compliance/sbom-standards.mdx +++ b/src/pages/explanations/compliance/sbom-standards.mdx @@ -1,5 +1,5 @@ --- -title: 'SBOM Standards: CycloneDX and SPDX Compared'. +title: 'SBOM Standards: CycloneDX and SPDX Compared' description: "Compare the SBOM standards CycloneDX and SPDX. Understand when to use each for vulnerability management and license compliance reporting" seo: robots: index,follow From 3c22e29eb72630d7b8c5742ac0f6212df30e8c9e Mon Sep 17 00:00:00 2001 From: Philipp Schoenbach Date: Wed, 24 Jun 2026 14:27:43 +0200 Subject: [PATCH 4/4] fixes for seo check --- src/pages/how-to-guides/compliance/_meta.ts | 3 ++- .../how-to-guides/compliance/attestation-policies.mdx | 11 +++++------ .../compliance/compliance-dashboards.mdx | 1 - 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/src/pages/how-to-guides/compliance/_meta.ts b/src/pages/how-to-guides/compliance/_meta.ts index 3717881..f217799 100644 --- a/src/pages/how-to-guides/compliance/_meta.ts +++ b/src/pages/how-to-guides/compliance/_meta.ts @@ -3,5 +3,6 @@ export default { 'audit-logs': { title: 'Audit Logs' }, 'export-sbom': { title: 'Export SBOM' }, 'generate-csaf-reports': { title: 'Generate CSAF Reports' }, - 'generate-vex-documents': { title: 'Generate VEX Documents' } + 'generate-vex-documents': { title: 'Generate VEX Documents' }, + 'attestation-policies': { title: 'Manage Compliance & Attestation Policies' } } diff --git a/src/pages/how-to-guides/compliance/attestation-policies.mdx b/src/pages/how-to-guides/compliance/attestation-policies.mdx index c644e98..3cf8330 100644 --- a/src/pages/how-to-guides/compliance/attestation-policies.mdx +++ b/src/pages/how-to-guides/compliance/attestation-policies.mdx @@ -99,13 +99,12 @@ Navigate to **Organization** → **Compliance** → **Policies** ## Next Steps -- [View Compliance Dashboards](/how-to-guides/compliance-dashboards) - Monitor all policy results -- [Generate VEX Documents](/how-to-guides/generate-vex-documents) - Document vulnerability assessments +- [View Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) - Monitor all policy results +- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Document vulnerability assessments - [Understand Compliance Frameworks](/explanations/compliance/iso-27001-mapping) - Learn ISO 27001 requirements -- [Generate CSAF Reports](/how-to-guides/generate-csaf-reports) - Create compliance-focused security advisories -- [Generate VEX Documents](/how-to-guides/generate-vex-documents) - Document vulnerability assessments -- [Export SBOMs](/how-to-guides/export-sbom) - Download component inventories for audit purposes -- [Manage Attestations](/how-to-guides/security/supply-chain/manage-attestations) - Ensure required attestations exist +- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create compliance-focused security advisories +- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Document vulnerability assessments +- [Export SBOMs](/how-to-guides/compliance/export-sbom) - Download component inventories for audit purposes ## Related Documentation diff --git a/src/pages/how-to-guides/compliance/compliance-dashboards.mdx b/src/pages/how-to-guides/compliance/compliance-dashboards.mdx index 28b8bd1..5f8b177 100644 --- a/src/pages/how-to-guides/compliance/compliance-dashboards.mdx +++ b/src/pages/how-to-guides/compliance/compliance-dashboards.mdx @@ -86,7 +86,6 @@ More information on how to write your own compliance policies with metadata can - [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create compliance-focused security advisories - [Export SBOMs](/how-to-guides/compliance/export-sbom) - Download component inventories for audit purposes -- [Manage Attestations](/how-to-guides/security/supply-chain/manage-attestations) - Ensure required attestations exist - [Create Attestation Policies](/how-to-guides/compliance/attestation-policies) - Learn how policies evaluate your repositories ## Related Documentation