From 307fcd742bc24a6abb83ae8e9a940958c1ea9a5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lu=C3=ADs=20Ventura?=
 <92308003+lventura-codacy@users.noreply.github.com>
Date: Fri, 18 Oct 2024 09:54:33 +0100
Subject: [PATCH] feat: Add docs for proactive SCA TAROT-2804 (#2232)

* feat: Add docs for proactive SCA

* Apply suggestions from code review

Co-authored-by: Joana Teodoro <joana.teodoro@codacy.com>

---------

Co-authored-by: Joana Teodoro <joana.teodoro@codacy.com>
---
 docs/organizations/managing-security-and-risk.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md
index b1b1005432..e93d0e9899 100644
--- a/docs/organizations/managing-security-and-risk.md
+++ b/docs/organizations/managing-security-and-risk.md
@@ -150,6 +150,19 @@ Codacy closes a finding in either of the following cases:
 !!! important
     Deleting a repository deletes all open findings belonging to that repository.
 
+### How Codacy manages findings detected during software composition analysis (SCA) {: id="opening-and-closing-sca-items"}
+
+!!! note
+    To make sure that Codacy detects dependency issues correctly, [enable code patterns](../repositories-configure/configuring-code-patterns.md) belonging to the Trivy tool. 
+
+Vulnerable dependencies are a specific GIT repository finding. Similarly to other repository findings, Codacy opens an issue whenever a commit is analyzed.
+
+Additionally, Codacy scans your codebase every evening to see if it's affected by any newly discovered vulnerabilities.
+
+!!! important
+    The proactive SCA scanning is a business tier feature. If you are a Codacy Pro customer interested in upgrading to gain access to this feature, reach out to our customer success team.
+
+
 ### How Codacy manages findings detected on Jira {: id="opening-and-closing-jira-items"}
 
 !!! note