From 571c0d62a69b4018be65b98818d9697d1efb0df1 Mon Sep 17 00:00:00 2001
From: Russell Dickenson <rdickenson@gitlab.com>
Date: Wed, 3 Apr 2024 09:28:07 +0000
Subject: [PATCH] Improve intro of continuous vulnerability scanning

---
 .../index.md                                  | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/doc/user/application_security/continuous_vulnerability_scanning/index.md b/doc/user/application_security/continuous_vulnerability_scanning/index.md
index eefde11053757..79b45104baabb 100644
--- a/doc/user/application_security/continuous_vulnerability_scanning/index.md
+++ b/doc/user/application_security/continuous_vulnerability_scanning/index.md
@@ -15,16 +15,21 @@ DETAILS:
 > - Continuous Container Scanning [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/435435) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `container_scanning_continuous_vulnerability_scans`. Disabled by default.
 > - Continuous Container Scanning [enabled on GitLab.com, self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/issues/437162) in GitLab 16.10.
 
-Continuous Vulnerability Scanning detects new vulnerabilities outside a pipeline.
-Your projects are automatically scanned whenever advisories are added to the [`GitLab Advisory Database`](https://advisories.gitlab.com/), or [`Trivy DB`](https://github.com/aquasecurity/trivy-db).
-Projects that depend on the affected components have new vulnerabilities automatically created.
-
-Continuous Vulnerability Scanning detects vulnerabilities in the latest CycloneDX SBOM reports for the default branch.
-[Dependency Scanning](../dependency_scanning/index.md) and [Container Scanning](../container_scanning/index.md) are used to generate these reports.
+When advisories are added to either the [GitLab Advisory Database](https://advisories.gitlab.com/) or the
+[Trivy Database](https://github.com/aquasecurity/trivy-db), Continuous Vulnerability Scanning
+triggers a scan on all projects where either Container Scanning, Dependency Scanning, or both, are
+enabled. If a new advisory affects an application or operating system dependency, it creates a
+vulnerability in the project.
+
+NOTE:
+If a new operating system package is added to either the GitLab Advisory Database or Trivy
+Database, and an advisory for it already exists, a vulnerability is **not** created. Support for
+improvements is proposed in [epic 11219](https://gitlab.com/groups/gitlab-org/-/epics/11219) and
+[epic 8026](https://gitlab.com/groups/gitlab-org/-/epics/8026).
 
 ## Supported package types
 
-Components with the following [package URL types](https://github.com/package-url/purl-spec/blob/346589846130317464b677bc4eab30bf5040183a/PURL-TYPES.rst) are supported:
+Continuous Vulnerability Scanning supports components with the following [PURL types](https://github.com/package-url/purl-spec/blob/346589846130317464b677bc4eab30bf5040183a/PURL-TYPES.rst):
 
 - `composer`
 - `conan`
-- 
GitLab