Merge branch 'update_cvs_documentation' into 'master'

Update CVS related documentation See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161571 Merged-by: Russell Dickenson <rdickenson@gitlab.com> Approved-by: Russell Dickenson <rdickenson@gitlab.com> Co-authored-by: Zamir Martins Filho <zfilho@gitlab.com>

Merge branch 'update_cvs_documentation' into 'master'
b910c083 · Russell Dickenson · GitLab · 14a81796 · 46f93972 · b910c083
--- a/doc/user/application_security/continuous_vulnerability_scanning/index.md
+++ b/doc/user/application_security/continuous_vulnerability_scanning/index.md
@@ -15,6 +15,7 @@ DETAILS:
 > - Continuous container scanning [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/435435) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `container_scanning_continuous_vulnerability_scans`. Disabled by default.
 > - Continuous container scanning [enabled on self-managed, and GitLab Dedicated](https://gitlab.com/gitlab-org/gitlab/-/issues/437162) in GitLab 16.10.
 > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/443712) in GitLab 17.0. Feature flag `container_scanning_continuous_vulnerability_scans` removed.
+> - CVS triggering on new components has been [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/464575) in GitLab 17.3 [with a flag](../../../administration/feature_flags.md) named `dependency_scanning_using_sbom_reports`. Disabled by default.

 Continuous Vulnerability Scanning looks for security vulnerabilities in your project's dependencies by comparing their component names and versions against information in the latest [security advisories](#security-advisories).

@@ -30,7 +31,7 @@ In contrast to CI-based security scans, Continuous Vulnerability Scanning is exe
 - [Security advisories](#security-advisories) synchronized to the GitLab instance.

 NOTE:
-If a new component is detected, and an advisory for it already exists, a vulnerability is **not** created. Support for
+If a new component is detected, and an advisory for it already exists, a vulnerability is **only** created if the [feature flag](../../../administration/feature_flags.md) `dependency_scanning_using_sbom_reports` is enabled. Support for
 this feature can be tracked in [epic 8026](https://gitlab.com/groups/gitlab-org/-/epics/8026).

 ## Supported package types