Docs: Refactor Dependency Scanning documentation to support multiple workflows
Problem to solve
As the Dependency Scanning feature has expanded to cover several workflows, we should restructure the documentation to better organize it. This will allow to clarify the various options offered and their specificities.
This will also be particularly usefull to clarify which workflows are supported and which ones are deprecated.
Proposal
Similarly to what we've done for Secret Detection and DAST, we could use the following organization:
- Retain the existing Dependency Scanning documentation page.
- Reduce it to contain only the introduction of Dependency Scanning, including a brief description of the various scanning methods available:
- Dependency Scanning with Gemnasium. This is a new page to add (name TBC). It's content will be a good amount of what's currently on the main page. This will be deprecated in 17.9.
- Dependency Scanning using SBOM
- Continuous Dependency Scanning. This is a new page to add. It's content will be the DS part extracted from the Continuous Vulnerability Scanning page. This is ongoing work tracked in Restructure continuous scanning (!176758)
- Analyze dependency for behaviors (Libbehave)
- Reduce it to contain only the introduction of Dependency Scanning, including a brief description of the various scanning methods available:
TODO: we might possibly want to further decouple the dependency detection and SBOM genaration (the Dependency Scanning analyzer) from the SBOM based scanning feature?
Who can address the issue
Other links/references
Edited by Olivier Gonzalez