diff --git a/doc/user/application_security/continuous_vulnerability_scanning/index.md b/doc/user/application_security/continuous_vulnerability_scanning/index.md
index eefde1105375761a7cb8bea8626f633b44dc6470..79b45104baabb57f1382cb80c3c308728d851e19 100644
--- a/doc/user/application_security/continuous_vulnerability_scanning/index.md
+++ b/doc/user/application_security/continuous_vulnerability_scanning/index.md
@@ -15,16 +15,21 @@ DETAILS:
 > - Continuous Container Scanning [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/435435) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `container_scanning_continuous_vulnerability_scans`. Disabled by default.
 > - Continuous Container Scanning [enabled on GitLab.com, self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/issues/437162) in GitLab 16.10.
 
-Continuous Vulnerability Scanning detects new vulnerabilities outside a pipeline.
-Your projects are automatically scanned whenever advisories are added to the [`GitLab Advisory Database`](https://advisories.gitlab.com/), or [`Trivy DB`](https://github.com/aquasecurity/trivy-db).
-Projects that depend on the affected components have new vulnerabilities automatically created.
-
-Continuous Vulnerability Scanning detects vulnerabilities in the latest CycloneDX SBOM reports for the default branch.
-[Dependency Scanning](../dependency_scanning/index.md) and [Container Scanning](../container_scanning/index.md) are used to generate these reports.
+When advisories are added to either the [GitLab Advisory Database](https://advisories.gitlab.com/) or the
+[Trivy Database](https://github.com/aquasecurity/trivy-db), Continuous Vulnerability Scanning
+triggers a scan on all projects where either Container Scanning, Dependency Scanning, or both, are
+enabled. If a new advisory affects an application or operating system dependency, it creates a
+vulnerability in the project.
+
+NOTE:
+If a new operating system package is added to either the GitLab Advisory Database or Trivy
+Database, and an advisory for it already exists, a vulnerability is **not** created. Support for
+improvements is proposed in [epic 11219](https://gitlab.com/groups/gitlab-org/-/epics/11219) and
+[epic 8026](https://gitlab.com/groups/gitlab-org/-/epics/8026).
 
 ## Supported package types
 
-Components with the following [package URL types](https://github.com/package-url/purl-spec/blob/346589846130317464b677bc4eab30bf5040183a/PURL-TYPES.rst) are supported:
+Continuous Vulnerability Scanning supports components with the following [PURL types](https://github.com/package-url/purl-spec/blob/346589846130317464b677bc4eab30bf5040183a/PURL-TYPES.rst):
 
 - `composer`
 - `conan`