Merge branch 'main' into sara/tec-46-revamp-and-redesign-docs-homepag…

…elanding-page

docs/deployment/add-semgrep-to-ci.md

@@ -131,8 +131,12 @@ When running in CI, Semgrep runs fully in the CI build environment. Unless you h
 
 Branches with the following names are recognized as **default branch** names (also known as mainline or trunk branches). When you add a Semgrep CI job to your repository for the first time, Semgrep performs a full scan on these default branches.
 
+Within Semgrep, default branches are also known as **primary** branches.
+
 <DefaultBranches />
 
+You can also [set the primary branch name](/deployment/primary-branch). This is useful for repositories with unique names. This lets Semgrep know what branch to prioritize and perform full scans on.
+
 ## Next steps
 
 <NextStepsComments opening_phrase="For Jenkins users: Set up a separate CI job for diff-aware scans for"/>

docs/deployment/managed-scanning.md

@@ -109,7 +109,9 @@ Repositories must be accessible to both the public Semgrep GitHub app and the pr
 You can immediately add any existing project to Managed Scans.
 
 1. Follow the steps in [Add a repository](#add-a-repository-to-semgrep-managed-scans).
-1. Delete the `/.github/workflows/semgrep.yml` file in your GitHub repository.
+1. Delete the `/.github/workflows/semgrep.yml` file in your GitHub repository if appropriate.
+
+If you plan to continue running some scans in GitHub Actions (for example, using Managed Scans to run weekly full scans but GitHub Actions for diff-aware scans) you can leave the workflow file in place, and edit it to reflect your desired configuration.
 
 :::tip
 Semgrep preserves your findings, scans, and triage history.

docs/deployment/primary-branch.md

@@ -69,7 +69,7 @@ You can also send a `patch` request to the following endpoint: [Deployment > Pro
 
 You can view a total count of findings in the **Projects** page for all Semgrep products.
 
-- For Code and Supply Chain, this total count is computed from the **latest scanned branch**, not the primary branch.
+- For Code and Supply Chain, this total count is computed from the **primary branch**.
 - For Secrets, this total count is computed from deduplicated findings across all branches.
 
 This means that the count of findings in your Code, Secrets, or Supply Chain page may differ from the counts in your Projects page.

docs/deployment/sso.md

@@ -21,6 +21,10 @@ This article walks you through single-sign on (SSO) configuration. Semgrep suppo
 
 ## OpenID Connect / OAuth 2.0
 
+:::warning
+Semgrep AppSec Platform does not support using OpenID with Microsoft Entra ID. Follow the instructions for [setting up SAML SSO with Microsoft Entra ID](#set-up-saml-sso-with-microsoft-entra-id) instead.
+:::
+
 To set up SSO in Semgrep AppSec Platform:
 
 1. Sign in to Semgrep AppSec Platform.
@@ -150,4 +154,4 @@ If you have SSO enabled, you can turn off login using GitHub or GitLab credentia
 
 :::warning
 Ensure that you have at least one user who can log in through SSO before disabling sign in with GitHub or GitLab.
-:::
+:::

docs/getting-started/quickstart-sms.md

@@ -0,0 +1,61 @@
+---
+slug: quickstart-managed-scans
+append_help_link: true
+title: "Quickstart: Managed Scans"
+hide_title: true
+description: Set up Semgrep Managed Scans when you sign in to Semgrep for the first time.
+tags:
+  - Quickstart
+  - Semgrep AppSec Platform
+---
+
+# Quickstart for Semgrep Managed Scans
+
+Semgrep Managed Scans (beta) is the fastest method to scan repositories at scale with Semgrep. Instead of adding Semgrep to your CI/CD pipeline, which requires a configuration file for each repository, Semgrep handles the scan process for all of the repositories you add.
+
+## Supported source code managers
+
+Semgrep Managed Scans is available for **GitHub-hosted (github.com) and GitHub Enterprise Server** plans.
+
+## Requirements
+
+To enable and use this feature, you must grant Semgrep **Read access** to your code. Steps are provided in [Add repositories to Semgrep Managed Scans](#add-repositories-to-semgrep-managed-scans).
+
+Read access is permitted through a private Semgrep app that you create and register yourself. See [Managed Scans > Security](/deployment/managed-scanning#security) for more information on how Semgrep handles your code.
+
+## Prerequisites
+
+- Admin access to your GitHub organization.
+
+## Add repositories to Semgrep Managed Scans
+
+<!-- vale off -->
+<!-- Our in-product text reads "repos" -->
+
+1. Navigate to [Semgrep AppSec Platform](https://semgrep.dev/login), and sign up by clicking on **Sign in with GitHub**. Follow the on-screen prompts to [grant Semgrep the necessary permissions](/deployment/checklist/#permissions) and proceed.
+1. Provide the **Organization display name** you'd like to use, then click **Create new organization**.
+1. When asked **Where do you want to scan?** click **GitHub**.
+1. Follow the steps in the **Connect GitHub to Semgrep** page. These steps install a public GitHub app, which handles PR comments, and a private GitHub app, which handles code access. You are able to select which repositories these apps have access to, and have full control over removing them or revoking their permissions.
+1. Click **Set up projects**. You are taken to the **Enable Managed Scans for GitHub repos** page.
+1. Select all the repositories you want to add to Semgrep Managed Scans for scanning.
+1. Click **Enable Managed Scans**. You are taken to the **Projects** page as your scans begin.
+
+<!-- vale on -->
+
+You have finished setting up a Semgrep managed scan.
+
+Here are some behaviors and characteristics of a managed scan:
+
+- After enabling Managed Scans, Semgrep performs a full scan in batches on all the repositories that have been added to it.
+- Once a repository has been added to Semgrep AppSec Platform, it becomes a **project**. A project in Semgrep AppSec Platform includes all the findings, history, and scan metadata of that repository.
+- Projects scanned through Managed Scans are tagged with `managed-scan`.
+
+## Next steps
+
+Once a scan has finished, you can view your findings by clicking any of the following on the navigation menu:
+
+- [<i class="fas fa-external-link fa-xs"></i>  Code](https://semgrep.dev/orgs/-/findings?tab=open&primary=true) for SAST findings
+- [<i class="fas fa-external-link fa-xs"></i> Secrets](https://semgrep.dev/orgs/-/secrets?tab=open&validation_state=confirmed_valid,validation_error,no_validator) for secrets findings
+- [<i class="fas fa-external-link fa-xs"></i> Supply Chain](https://semgrep.dev/orgs/-/supply-chain/vulnerabilities?primary=true&tab=open) for SCA findings
+
+To learn more about how Semgrep manages your scans, read the in-depth [Semgrep Managed Scans documentation](/deployment/managed-scanning).

docs/getting-started/quickstart.md

@@ -19,11 +19,10 @@ Learn how to set up Semgrep, scan your first project for security issues, and vi
 You must have Python 3.8 or later installed on the machine where the Semgrep CLI is running.
 :::
 
-1. Navigate to [Semgrep AppSec Platform](https://semgrep.dev/login), and sign up by clicking on **Sign in with GitHub** or **Sign in with GitLab**. Follow the on-screen prompts to [grant Semgrep the needed permissions](/deployment/checklist/#permissions) and proceed.
-
-2. Provide the **Organization display name** you'd like to use, then click **Create new organization**.
-
-3. Launch your CLI, and follow the instructions on the [**Scan a project on your machine**](https://semgrep.dev/onboarding/scan) page. For your convenience, the same information is presented below, along with instructions for Windows users.
+1. Navigate to [Semgrep AppSec Platform](https://semgrep.dev/login), and sign up by clicking on **Sign in with GitHub** or **Sign in with GitLab**. Follow the on-screen prompts to [grant Semgrep the necessary permissions](/deployment/checklist/#permissions) and proceed.
+1. Provide the **Organization display name** you'd like to use, then click **Create new organization**.
+1. When asked **Where do you want to scan?** click **Run on CLI**.
+1. Launch your CLI, and follow the instructions on the [**Scan a project on your machine**](https://semgrep.dev/onboarding/scan) page. For your convenience, the same information is presented below, along with instructions for Windows users.
 
     <Tabs
         defaultValue="macOS"

docs/kb/rules/understand-severities.md

@@ -1,20 +1,26 @@
 ---
 description: Understand how rule severity is determined.
 tags:
-  - Rules
-  - Semgrep Registry
+ - Rules
+ - Semgrep Registry
 ---
 
 # How does Semgrep assign severity levels to rules?
 
 ## Semgrep Code and Secrets
 
-Semgrep Code and Secrets rules have one of three severity levels: `ERROR` (High), `WARNING` (Medium), or `INFO` (Low). The severity indicates how critical the issues are that a rule potentially detects.
+Semgrep Code and Secrets rules have one of three severity levels: `ERROR` (High), `WARNING` (Medium), or `INFO` (Low). The severity indicates how critical the issues that a rule potentially detects are.
 
-The rule author assigns the rule severity. For custom and third-party rules, their severity assignment is the source of truth.
+The rule author assigns the rule severity. The severity assignment of custom and third-party rules is the source of truth.
 
 As a best practice, severity for Semgrep Registry rules in the `security` category should be assigned by evaluating the combination of [likelihood](/docs/contributing/contributing-to-semgrep-rules-repository/#likelihood) and [impact](/docs/contributing/contributing-to-semgrep-rules-repository/#impact). 
 
 ## Semgrep Supply Chain 
 
-Semgrep Supply Chain rules have one of four severity levels: Critical, High, Medium or Low. The score assigned to the CVE using the [Common Vulnerability Scoring System (CVSS) score](https://nvd.nist.gov/vuln-metrics/cvss), or the severity value set by the GitHub Advisory Database, determines the severity in Semgrep Supply Chain. For example, if a vulnerability is given a CVSS score of 9.0 or higher it is assigned Critical.
+Semgrep Supply Chain rules have one of four severity levels: Critical, High, Medium, or Low. The score assigned to the CVE using the [Common Vulnerability Scoring System (CVSS) score](https://nvd.nist.gov/vuln-metrics/cvss), or the severity value set by the GitHub Advisory Database, determines the severity in Semgrep Supply Chain. For example, a vulnerability is assigned Critical if it is given a CVSS score of 9.0 or higher.
+
+In addition to severity, Supply Chain displays an [Exploit prediction scoring system (EPSS) probability](https://www.first.org/epss/) for findings. The EPSS score represents the likelihood that the vulnerability will be exploited in the wild in the next 30 days. Its values range from 0% to 100%. The higher the score, the greater the probability the vulnerability will be exploited. Semgrep groups probabilities as follows:
+
+* <b>High</b>: 50 - 100%
+* <b>Medium</b>: 10 - &#60;50%
+* <b>Low</b>: &#60;10%

docs/release-notes/july-2024.md

@@ -15,7 +15,7 @@ tags:
 
 ### Added
 
-- A new **dashboard** focused on secure guardrails adoption is now in private beta. Find out what percent of findings are fixed before they enter your default or primary branch. To join the private beta, reach out to your Technical Account Manager or Account Executive. See the [Dashboard beta documentation](/semgrep-appsec-platform/dashboard-beta) for more information.
+- A new **dashboard** focused on secure guardrails adoption is now in private beta. Find out what percent of findings are fixed before they enter your default or primary branch. To join the private beta, reach out to your Technical Account Manager or Account Executive. See the [Dashboard documentation](/semgrep-appsec-platform/dashboard) for more information.
   ![Dashboard (beta) page](/img/dashboard-fold.png)
 - Added support for the following source code managers (SCMs):
   - Azure DevOps