feat: Add docs for proactive SCA TAROT-2804 (#2232)

* feat: Add docs for proactive SCA * Apply suggestions from code review Co-authored-by: Joana Teodoro <[email protected]> --------- Co-authored-by: Joana Teodoro <[email protected]>
codacy · Oct 18, 2024 · 307fcd7 · 307fcd7
1 parent 51d6833
commit 307fcd7
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md
@@ -150,6 +150,19 @@ Codacy closes a finding in either of the following cases:
 !!! important
     Deleting a repository deletes all open findings belonging to that repository.
 
+### How Codacy manages findings detected during software composition analysis (SCA) {: id="opening-and-closing-sca-items"}
+
+!!! note
+    To make sure that Codacy detects dependency issues correctly, [enable code patterns](../repositories-configure/configuring-code-patterns.md) belonging to the Trivy tool. 
+
+Vulnerable dependencies are a specific GIT repository finding. Similarly to other repository findings, Codacy opens an issue whenever a commit is analyzed.
+
+Additionally, Codacy scans your codebase every evening to see if it's affected by any newly discovered vulnerabilities.
+
+!!! important
+    The proactive SCA scanning is a business tier feature. If you are a Codacy Pro customer interested in upgrading to gain access to this feature, reach out to our customer success team.
+
+
 ### How Codacy manages findings detected on Jira {: id="opening-and-closing-jira-items"}
 
 !!! note