Problem: Customers/dev crews have a lot of pages within the various playbooks talking about different scanning techniques, tools, and implementations. But there's no single location which ties all of the types of scanning together and explains where you would use them.
Solution: Create a "Scanning" page explaining the various types, when you would use them, why you would use them, etc. Try to pull info from each of the different scanning pages so that you're not writing a bunch of content from scratch. Link to as many pages as you can for what is public.
Alternatives considered: today we have a lot of different types of scanning pages, but it feels like a jumble. Got feedback from Dan M. that we should have an all-up page.
Problem: Customers/dev crews have a lot of pages within the various playbooks talking about different scanning techniques, tools, and implementations. But there's no single location which ties all of the types of scanning together and explains where you would use them.
Solution: Create a "Scanning" page explaining the various types, when you would use them, why you would use them, etc. Try to pull info from each of the different scanning pages so that you're not writing a bunch of content from scratch. Link to as many pages as you can for what is public.
Alternatives considered: today we have a lot of different types of scanning pages, but it feels like a jumble. Got feedback from Dan M. that we should have an all-up page.
Update navigation according to: https://github.com/microsoft/code-with-engineering-playbook/issues/1004
Also, take a look at this page (https://preview.ms-playbook.com/code-with-engineering/continuous-integration/dev-sec-ops/dependency-container-scanning/dependency_container_scanning/) and determine if the content should be retired in favor of a full capability page for dependency scanning and a full capability page on container scanning in DSO.