aboutcode-org
CRAVEX: Create tutorials documentation
Take the user from an example discovery (notification) point through the resolution in the context of a product.
New tutorial added in https://github.com/aboutcode-org/dejacode/pull/217 Available at https://dejacode.readthedocs.io/en/latest/tutorial-4-vulnerabilities.html
Consider creating a How-To regarding the DejaCode Tools/Vulnerabilities form and how to take advantage of the various sorts/filters, with an explanation of the Notification system that we have now, along with an explanation of the Vulnerability impact notification setting on the DejaCode User definition and maybe the Workflow email notification setting as well.
Oops, never mind, we already cover all that in https://dejacode.readthedocs.io/en/latest/reference-vulnerability-management.html
Consider a tutorial to create a Report (query, column template) called something like Product Packages with Vulnerabilities that guides the user through creating a Query that uses weighted_risk_score (perhaps greater than or equal to 3) to find Product Packages with Vulnerabilities (perhaps also with a review_status not equal to Approved) I created a new Report in nexB called 2-Product Packages with Vulnerabilities to illustrate how the finished Report would look
Consider expanding the “Load Scan Results to your Product” section of the Tutorial 4 - Managing Product Vulnerabilities to load an SBOM as well, especially if we provide a sample SBOM roughly equivalent to the sample scan results that we have already provided.