From 170006fcde367f95ccda6125da068c021e7ed0c0 Mon Sep 17 00:00:00 2001 From: mark-rln Date: Tue, 16 Jun 2026 11:53:05 +0100 Subject: [PATCH 1/2] Add 'Dependency chain' heading to security findings page --- docs/organizations/managing-security-and-risk.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md index 6d2aaf9671..c3d4352449 100644 --- a/docs/organizations/managing-security-and-risk.md +++ b/docs/organizations/managing-security-and-risk.md @@ -99,6 +99,8 @@ On the right section, you can view the filtered list of findings. Each finding c ![Security and risk management finding page](images/security-risk-management-finding-details.png) +### Dependency chain + For findings on transitive dependencies, the finding also displays the **dependency chain**: the ordered path from a direct (top-level) dependency in your manifest down to the vulnerable package (for example, `direct-package → intermediate-package → vulnerable-package`). This helps you identify which of your direct dependencies you need to update to resolve the finding. ![Security and risk management finding dependency chain](images/security-risk-management-finding-dependency-chain.png) From bca51897cf4c409a11213adbdc21b951a4596397 Mon Sep 17 00:00:00 2001 From: mark-rln Date: Tue, 16 Jun 2026 12:14:04 +0100 Subject: [PATCH 2/2] Update docs/organizations/managing-security-and-risk.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- docs/organizations/managing-security-and-risk.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md index c3d4352449..8dce9d23e1 100644 --- a/docs/organizations/managing-security-and-risk.md +++ b/docs/organizations/managing-security-and-risk.md @@ -99,7 +99,7 @@ On the right section, you can view the filtered list of findings. Each finding c ![Security and risk management finding page](images/security-risk-management-finding-details.png) -### Dependency chain +### Dependency chain {: id="dependency-chain"} For findings on transitive dependencies, the finding also displays the **dependency chain**: the ordered path from a direct (top-level) dependency in your manifest down to the vulnerable package (for example, `direct-package → intermediate-package → vulnerable-package`). This helps you identify which of your direct dependencies you need to update to resolve the finding.