Minor fixes

src/pages/explanations/compliance/iso-27001-mapping.mdx

@@ -92,10 +92,10 @@ For development teams, these controls are particularly relevant as they impact d
 
 </summary>
 
-- Identification and documentation of vulnerabilities in your codebase through [static code analysis](../devsecops/sast.mdx) and [dynamic code analysis](../devsecops/dast.mdx).  
+- Identification and documentation of vulnerabilities in your codebase through [static code analysis](/explanations/devsecops/sast) and [dynamic code analysis](/explanations/devsecops/dast).  
 - Identification and documentation of software components and libraries in your codebase through SBOM (Software Bill of Materials) generation, listing all software components with their versions.  
 - Automatic generation and documentation of an SBOM (Software Bill of Materials) with versions for each new change in the codebase.  
-- Identification and documentation of vulnerabilities in the dependencies of your codebase through dependency scanning with [software composition analysis](../devsecops/software-composition-analysis.mdx) (SCA) and [container images](../devsecops/container-scanning.mdx).  
+- Identification and documentation of vulnerabilities in the dependencies of your codebase through dependency scanning with [software composition analysis](/explanations/devsecops/software-composition-analysis) (SCA) and [container images](/explanations/devsecops/container-scanning).  
 - Verification of available patches for the vulnerabilities in dependencies, along with guidance on how to apply them.  
 - Calculation and documentation of the risk of vulnerabilities in your codebase and dependencies through risk analysis.  
 - Prioritization of vulnerabilities in your codebase and dependencies, enabling you to address the most critical issues first.  
@@ -133,10 +133,10 @@ For development teams, these controls are particularly relevant as they impact d
 
 </summary>
 
-- Identification and documentation of secrets and credentials in your codebase through [secret scanning](../devsecops/secret-scanning.mdx).  
+- Identification and documentation of secrets and credentials in your codebase through [secret scanning](/explanations/devsecops/secret-scanning).  
 - Identification and documentation of software components and libraries in your codebase through SBOM (Software Bill of Materials) generation, listing all software components with their versions.  
 - Automatic generation and documentation of an SBOM with versions for each new change in the codebase.  
-- Identification and documentation of vulnerabilities in the dependencies of your codebase through dependency scanning with [software composition analysis](../devsecops/software-composition-analysis.mdx) (SCA) and [container images](../devsecops/container-scanning.mdx).   
+- Identification and documentation of vulnerabilities in the dependencies of your codebase through dependency scanning with [software composition analysis](/explanations/devsecops/software-composition-analysis) (SCA) and [container images](/explanations/devsecops/container-scanning).   
 - Calculation and documentation of the risk of vulnerabilities in your codebase and dependencies through risk analysis.    
 - Ensuring the integrity of the codebase and protection from unauthorized changes through in-toto.  
 - Prioritization of vulnerabilities in your codebase and dependencies, enabling you to address the most critical issues first.  

src/pages/explanations/compliance/sbom-standards.mdx

@@ -1,6 +1,6 @@
 ---
 title: 'SBOM Standards: CycloneDX and SPDX Compared'
-description: "Compare SBOM standards CycloneDX SPDX — both formats supported by DevGuard — and understand when to use each for software supply chain compliance reporting."
+description: "Compare the SBOM standards CycloneDX and SPDX. Understand when to use each for vulnerability management and license compliance reporting"
 seo:
   robots: index,follow
   og:

src/pages/explanations/supply-chain-security/what-is-supply-chain-security.mdx

@@ -179,7 +179,7 @@ supply chain security focuses on verifying the trust and transparency of everyth
 
 Visibility is the first pillar of supply chain security. You cannot secure what you cannot see. Modern software is rarely written from scratch; it is assembled from hundreds or thousands of open-source libraries and third-party components.
 
-**Visibility** is achieved through a **Software Bill of Materials** ([SBOM](/explanations/compliance/sbom-standards.mdx)). An SBOM is a formal, machine-readable inventory of every dependency,
+**Visibility** is achieved through a **Software Bill of Materials** ([SBOM](/explanations/compliance/sbom-standards)). An SBOM is a formal, machine-readable inventory of every dependency,
 library, and module included in your software. Just as a list of ingredients on a food package allows consumers to avoid allergens, an SBOM allows security teams to rapidly identify
 if they are affected when a major vulnerability is discovered in a widely used component. SBOMs are essential for effective supply chain security.
 
@@ -253,7 +253,7 @@ In short, SSDF mandates that an organization has a secure process and a trained
 
 ### SLSA (The Artifact Standard)
 
-[**Supply-chain Levels for Software Artifacts (SLSA)**](/explanations/supply-chain-security/slsa-framework.mdx) is a supply chain security framework specifically designed to guarantee the integrity of the final software output.
+[**Supply-chain Levels for Software Artifacts (SLSA)**](/explanations/supply-chain-security/slsa-framework) is a supply chain security framework specifically designed to guarantee the integrity of the final software output.
 
 Its fundamental concept is Provenance: metadata that describes exactly how an artifact was created, including the source code version, the build platform, and external parameters used.
 SLSA relies on the [in-toto framework](/explanations/supply-chain-security/in-toto-framework) to provide the standard format for this metadata.
@@ -333,7 +333,7 @@ By shifting left, supply chain security becomes an integrated part of the develo
 Supply chain security is no longer optional in an era of automated, multi-layered software delivery. Implementing supply chain security requires moving beyond simple vulnerability scanning and into the realm of **provenance and integrity**.
 By understanding the flow of code from source to production, and by demanding cryptographic proof of every transformation, organizations can significantly reduce the risk of sophisticated supply chain attacks. Investing in supply chain security today protects your organization from tomorrow's threats.
 
-In the following sections, we will explore the specific frameworks **DevGuard** uses to implement these concepts and frameworks, including [In-toto](/explanations/supply-chain-security/in-toto-framework.mdx) and [SLSA](/explanations/supply-chain-security/slsa-framework.mdx).
+In the following sections, we will explore the specific frameworks **DevGuard** uses to implement these concepts and frameworks, including [In-toto](/explanations/supply-chain-security/in-toto-framework) and [SLSA](/explanations/supply-chain-security/slsa-framework).
 
 ***
 

src/pages/how-to-guides/compliance/_meta.ts

@@ -1,3 +1,8 @@
 export default {
     'compliance-dashboards': { title: 'View Compliance Dashboards' },
+    'audit-logs': { title: 'Audit Logs' },
+    'export-sbom': { title: 'Export SBOM' },
+    'generate-csaf-reports': { title: 'Generate CSAF Reports' },
+    'generate-vex-documents': { title: 'Generate VEX Documents' },
+    'attestation-policies': { title: 'Manage Compliance & Attestation Policies' }
 }

src/pages/how-to-guides/compliance/attestation-policies.mdx

@@ -99,13 +99,12 @@ Navigate to **Organization** → **Compliance** → **Policies**
 
 ## Next Steps
 
-- [View Compliance Dashboards](./compliance-dashboards.mdx) - Monitor all policy results
-- [Generate VEX Documents](./generate-vex-documents.mdx) - Document vulnerability assessments
+- [View Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) - Monitor all policy results
+- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Document vulnerability assessments
 - [Understand Compliance Frameworks](/explanations/compliance/iso-27001-mapping) - Learn ISO 27001 requirements
-- [Generate CSAF Reports](./generate-csaf-reports.mdx) - Create compliance-focused security advisories
-- [Generate VEX Documents](./generate-vex-documents.mdx) - Document vulnerability assessments
-- [Export SBOMs](./export-sbom.mdx) - Download component inventories for audit purposes
-- [Manage Attestations](../security/supply-chain/manage-attestations.mdx) - Ensure required attestations exist
+- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create compliance-focused security advisories
+- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Document vulnerability assessments
+- [Export SBOMs](/how-to-guides/compliance/export-sbom) - Download component inventories for audit purposes
 
 ## Related Documentation
 

src/pages/how-to-guides/compliance/audit-logs.mdx

@@ -35,7 +35,7 @@ Before you begin, ensure you have:
 
 ## View Event Details Across Assets
 
-For organization-wide compliance tracking, see [Compliance Dashboards](./compliance-dashboards.mdx) for vulnerability metrics and trends that reflect the cumulative impact of these vulnerability events.
+For organization-wide compliance tracking, see [Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) for vulnerability metrics and trends that reflect the cumulative impact of these vulnerability events.
 
 ### Generate PDF Reports for audits
 
@@ -44,22 +44,21 @@ For organization-wide compliance tracking, see [Compliance Dashboards](./complia
 
 ![Download PDF-Report](../../../assets/downloading-pdf-report.png)
 
-[PDF Example]("https://main.devguard.org/l3montree-cybersecurity/projects/devguard/assets/devguard/refs/main/vulnerability-report.pdf?artifact=pkg%3Aoci%2Fdevguard%3Frepository_url%3Dghcr.io%2Fl3montree-dev%2Fdevguard")
-
+{/* [PDF Example](https://main.devguard.org/l3montree-cybersecurity/projects/devguard/assets/devguard/refs/main/vulnerability-report.pdf?artifact=pkg%3Aoci%2Fdevguard%3Frepository_url%3Dghcr.io%2Fl3montree-dev%2Fdevguard)
+*/}
 ### Exporting for Audits
 
 To include vulnerability event history in compliance documentation:
 
-1. Generate [CSAF Reports](./generate-csaf-reports.mdx) that include event justifications
-2. Generate [VEX Documents](./generate-vex-documents.mdx) that document vulnerability status decisions
+1. Generate [CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) that include event justifications
+2. Generate [VEX Documents](/how-to-guides/compliance/generate-vex-documents) that document vulnerability status decisions
 
 These reports can be downloaded and provided to auditors as evidence of your vulnerability management process.
 
 ## Related Documentation
 
-- [Create Vulnerability Events](../vulnerability-management/create-vuln-events.mdx) - Add and manage events
-- [Compliance Audit Trails](../../explanations/compliance/audit-trails.mdx) - Understand audit logging concepts
-- [Generate CSAF Reports](./generate-csaf-reports.mdx) - Export event justifications
-- [Vulnerability Lifecycle](/explanations/vulnerability-management/vulnerability-lifecycle.mdx) - Understand decision workflows
-- [Compliance Audit Trails](/explanations/compliance/audit-trails)
-- [Compliance How-To Guides](/how-to-guides/compliance)
+- [Create Vulnerability Events](/how-to-guides/vulnerability-management/create-vuln-events) - Add and manage events
+- [Compliance Audit Trails](/explanations/compliance/audit-trails) - Understand audit logging concepts
+- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Export event justifications
+- [Vulnerability Lifecycle](/explanations/vulnerability-management/vulnerability-lifecycle) - Understand decision workflows
+- [Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) - View compliance control evaluations and policy violations

src/pages/how-to-guides/compliance/compliance-dashboards.mdx

@@ -84,10 +84,9 @@ More information on how to write your own compliance policies with metadata can
 
 ## Next Steps
 
-- [Generate CSAF Reports](./generate-csaf-reports.mdx) - Create compliance-focused security advisories
-- [Export SBOMs](./export-sbom.mdx) - Download component inventories for audit purposes
-- [Manage Attestations](../security/supply-chain/manage-attestations.mdx) - Ensure required attestations exist
-- [Create Attestation Policies](./attestation-policies.mdx) - Learn how policies evaluate your repositories
+- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create compliance-focused security advisories
+- [Export SBOMs](/how-to-guides/compliance/export-sbom) - Download component inventories for audit purposes
+- [Create Attestation Policies](/how-to-guides/compliance/attestation-policies) - Learn how policies evaluate your repositories
 
 ## Related Documentation
 

src/pages/how-to-guides/compliance/export-sbom.mdx

@@ -50,11 +50,11 @@ Export your component inventory:
 
 ![Select your SBOM format and options](../../../assets/sbom-download-menu.png)
 
-for more information on what an SBOM contains, see the [Explaining SBOMs](../../explanations/explaining-sboms.mdx) section.
+for more information on what an SBOM contains, see the [Explaining SBOMs](/explanations/explaining-sboms) section.
 
-- [Generate VEX Documents](./generate-vex-documents.mdx) - Add vulnerability assessments to SBOM
-- [Generate CSAF Reports](./generate-csaf-reports.mdx) - Create security advisories
-- [View Compliance Dashboards](./compliance-dashboards.mdx) - Monitor overall compliance
+- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Add vulnerability assessments to SBOM
+- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create security advisories
+- [View Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) - Monitor overall compliance
 
 ## Related Documentation
 

src/pages/how-to-guides/compliance/generate-csaf-reports.mdx

@@ -46,9 +46,9 @@ This will allow external parties to access vulnerability data for this repositor
 
 ## Next Steps
 
-- [Generate VEX Documents](./generate-vex-documents.mdx) - Export vulnerability exceptions
-- [Export SBOM](./export-sbom.mdx) - Download component inventory
-- [View Compliance Dashboards](./compliance-dashboards.mdx) - Monitor all vulnerabilities
+- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Export vulnerability exceptions
+- [Export SBOM](/how-to-guides/compliance/export-sbom) - Download component inventory
+- [View Compliance Dashboards](/how-to-guides/compliance/compliance-dashboards) - Monitor policy violations
 
 ## Related Documentation
 

src/pages/how-to-guides/compliance/generate-vex-documents.mdx

@@ -80,6 +80,6 @@ DevGuard also supports OpenVEX (separate format):
 
 ## Next Steps
 
-- [Manage License Compliance](/how-to-guides/dependency-management/license-compliance.mdx) - Expand compliance beyond vulnerabilities
-- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports.mdx) - Create security advisories
-- [Track Fix Progress](/how-to-guides/vulnerability-management/track-fix-progress.mdx) - Monitor remediation
+- [Manage License Compliance](/how-to-guides/dependency-management/license-compliance) - Expand compliance beyond vulnerabilities
+- [Generate CSAF Reports](/how-to-guides/compliance/generate-csaf-reports) - Create security advisories
+- [Track Fix Progress](/how-to-guides/vulnerability-management/track-fix-progress) - Monitor remediation

src/pages/how-to-guides/dependency-management/component-search.mdx

@@ -273,9 +273,9 @@ Decision: Evaluate implications or replace
 
 ## Next Steps
 
-- [Find Vulnerable Dependencies](./find-vulnerable-deps.mdx) - Security-focused component analysis
-- [View Dependency Tree](./view-dependency-tree.mdx) - See how components relate
-- [License Compliance](./license-compliance.mdx) - Review component licenses
+- [Find Vulnerable Dependencies](/how-to-guides/dependency-management/find-vulnerable-deps) - Security-focused component analysis
+- [View Dependency Tree](/how-to-guides/dependency-management/view-dependency-tree) - See how components relate
+- [License Compliance](/how-to-guides/dependency-management/license-compliance) - Review component licenses
 
 ## Related Documentation
 

src/pages/how-to-guides/dependency-management/find-vulnerable-deps.mdx

@@ -203,6 +203,6 @@ Download vulnerability data for reports or external tools:
 
 ## Next Steps
 
-- [Track Fix Progress](/how-to-guides/vulnerability-management/track-fix-progress.mdx) - Monitor remediation efforts
-- [View Dependency Tree](./view-dependency-tree.mdx) - Explore dependency relationships
-- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents.mdx) - Document vulnerability decisions
+- [Track Fix Progress](/how-to-guides/vulnerability-management/track-fix-progress) - Monitor remediation efforts
+- [View Dependency Tree](/how-to-guides/dependency-management/view-dependency-tree) - Explore dependency relationships
+- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Document vulnerability decisions

src/pages/how-to-guides/dependency-management/license-compliance.mdx

@@ -208,9 +208,9 @@ Download license information for reporting:
 
 ## Next Steps
 
-- [Override License Decisions](./override-license-decisions.mdx) - Change detected licenses
-- [Find Vulnerable Dependencies](./find-vulnerable-deps.mdx) - Check security alongside licenses
-- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents.mdx) - Include license decisions in VEX
+- [Override License Decisions](/how-to-guides/dependency-management/override-license-decisions) - Change detected licenses
+- [Find Vulnerable Dependencies](/how-to-guides/dependency-management/find-vulnerable-deps) - Check security alongside licenses
+- [Generate VEX Documents](/how-to-guides/compliance/generate-vex-documents) - Include license decisions in VEX
 
 ## Related Documentation
 

src/pages/how-to-guides/dependency-management/override-license-decisions.mdx

@@ -216,10 +216,9 @@ Best practices for accuracy:
 
 ## Next Steps
 
-- [License Compliance Management](./license-compliance.mdx) - Overall license strategy
-- [Export SBOM](../compliance/export-sbom.mdx) - Export with corrected licenses
-- [Manage Component Search](./component-search.mdx) - Find all uses of a component
-
+- [License Compliance Management](/how-to-guides/dependency-management/license-compliance) - Overall license strategy
+- [Export SBOM](/how-to-guides/compliance/export-sbom) - Export with corrected licenses
+- [Manage Component Search](/how-to-guides/dependency-management/component-search) - Find all uses of a component
 ## Related Documentation
 
 - [Getting Started with DevGuard](/getting-started)

src/pages/how-to-guides/vulnerability-management/_meta.ts

@@ -5,4 +5,7 @@ export default {
     'sync-external-data': {
         title: 'Sync External Vulnerability Data (VeX Ingestion)',
     },
+    'customize-risk-scores': { title: 'Customize Risk Scores', },
+    'create-vuln-events': { title: 'Create Vulnerability Events', },
+    'track-fix-progress': { title: 'Track Fix Progress', },
 }