diff --git a/doc/user/application_security/dependency_scanning/dependency_scanning_sbom/index.md b/doc/user/application_security/dependency_scanning/dependency_scanning_sbom/index.md
index aac5d8db3dafcaa38d1e9780110f45b961898d71..8f40d314cb1364b76c3d1279449f61a102be012d 100644
--- a/doc/user/application_security/dependency_scanning/dependency_scanning_sbom/index.md
+++ b/doc/user/application_security/dependency_scanning/dependency_scanning_sbom/index.md
@@ -23,8 +23,7 @@ This feature uses an experimental scanner.
 This feature is available for testing, but not ready for production use.
 
 Dependency scanning using CycloneDX SBOM analyzes your application's dependencies for known
-vulnerabilities. All dependencies are scanned, including transitive dependencies, also known as
-nested dependencies.
+vulnerabilities. All dependencies are scanned, [including transitive dependencies](../index.md).
 
 Dependency scanning is often considered part of Software Composition Analysis (SCA). SCA can contain
 aspects of inspecting the items your code uses. These items typically include application and system
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index b7a8510b0692e133e7a3e16bec9484214bac05de..69bf210742b90d42a2930e2ac17f37410b5502e1 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -320,19 +320,15 @@ analyzers. We recommend not specifying the analyzers so you automatically use th
 best coverage, avoiding the need to make adjustments when there are deprecations or removals.
 However, you can override the selection using the variable `DS_EXCLUDED_ANALYZERS`.
 
-The language detection relies on CI job [`rules`](../../../ci/yaml/index.md#rules) and searches a
-maximum of two directory levels from the repository's root. For example, the
-`gemnasium-dependency_scanning` job is enabled if a repository contains either `Gemfile`,
-`api/Gemfile`, or `api/client/Gemfile`, but not if the only supported dependency file is
-`api/v1/client/Gemfile`.
+The language detection relies on CI job [`rules`](../../../ci/yaml/index.md#rules) to detect
+[supported dependency file](#how-analyzers-are-triggered)
 
 For Java and Python, when a supported dependency file is detected, Dependency Scanning attempts to
 build the project and execute some Java or Python commands to get the list of dependencies. For all
 other projects, the lock file is parsed to obtain the list of dependencies without needing to build
 the project first.
 
-When a supported dependency file is detected, all dependencies, including transitive dependencies
-are analyzed. There is no limit to the depth of nested or transitive dependencies that are analyzed.
+All direct and transitive dependencies are analyzed, without a limit to the depth of transitive dependencies.
 
 ### Analyzers
 
@@ -635,11 +631,10 @@ To support the following package managers, the GitLab analyzers proceed in two s
 
 GitLab relies on [`rules:exists`](../../../ci/yaml/index.md#rulesexists) to start the relevant analyzers for the languages detected by the presence of the
 `Supported files` in the repository as shown in the [table above](#supported-languages-and-package-managers).
-
-The current detection logic limits the maximum search depth to two levels. For example, the `gemnasium-dependency_scanning` job is enabled if
-a repository contains either a `Gemfile.lock`, `api/Gemfile.lock`, or `api/client/Gemfile.lock`, but not if the only supported dependency file is `api/v1/client/Gemfile.lock`.
-
-When a supported dependency file is detected, all dependencies, including transitive dependencies are analyzed. There is no limit to the depth of nested or transitive dependencies that are analyzed.
+A maximum of two directory levels from the repository's root is searched. For example, the
+`gemnasium-dependency_scanning` job is enabled if a repository contains either `Gemfile`,
+`api/Gemfile`, or `api/client/Gemfile`, but not if the only supported dependency file is
+`api/v1/client/Gemfile`.
 
 ### How multiple files are processed
 
diff --git a/doc/user/application_security/get-started-security.md b/doc/user/application_security/get-started-security.md
index 750f64fbc089e9b9abc8e79ac6f4479288098e5e..258ade194e26da7b973e33a4e80b5d860f9c034f 100644
--- a/doc/user/application_security/get-started-security.md
+++ b/doc/user/application_security/get-started-security.md
@@ -33,8 +33,8 @@ This process is part of a larger workflow:
 Secret Detection scans your repository to help prevent your secrets from being exposed.
 It works with all programming languages.
 
-Dependency Scanning analyzes your application's dependencies for known vulnerabilities. All
-dependencies are scanned, including transitive dependencies, also known as nested dependencies.
+Dependency Scanning analyzes your application's dependencies for known vulnerabilities.
+It works with certain languages and package managers.
 
 For more information, see: