Merge pull request #2095 from DependencyTrack/docs-tweaks

Docs tweaks

Author: nscuro

docs/architecture/design/notifications.md

@@ -72,7 +72,7 @@ Notifications that have no matching rules are discarded immediately.
 
 The outbox relay is a background process that continuously polls the `NOTIFICATION_OUTBOX` table,
 routes notifications to matching rules, and schedules publishing workflows.
-The polling interval is configurable via [`notification.outbox-relay.poll-interval-ms`](../../reference/configuration/api-server.md#notificationoutbox-relaypoll-interval-ms),
+The polling interval is configurable via [`dt.notification.outbox-relay.poll-interval-ms`](../../reference/configuration/api-server.md#dtnotificationoutbox-relaypoll-interval-ms),
 and defaults to 1 second.
 
 ```mermaid
@@ -103,7 +103,7 @@ sequenceDiagram
 Transaction-level [advisory locks] prevent concurrent relay cycles across multiple API server instances.
 This ensures notifications are relayed in approximately the order they were emitted.
 The lack of concurrency is offset by batch processing. The batch size is configurable
-via [`notification.outbox-relay.batch-size`](../../reference/configuration/api-server.md#notificationoutbox-relaybatch-size)
+via [`dt.notification.outbox-relay.batch-size`](../../reference/configuration/api-server.md#dtnotificationoutbox-relaybatch-size)
 and defaults to 100.
 
 ### Routing

docs/getting-started/changes-over-v4.md

@@ -2,13 +2,19 @@
 
 <!-- TODO: Add more! -->
 
-* New *powerful [CEL]-based policy engine*, providing more flexibility while being more efficient
-than the engine shipped with v4. <!-- TODO: Link to policy docs when ready! -->
-* Ability to automatically audit vulnerabilities across the entire portfolio using [CEL] expressions. <!-- TODO: Link to docs when ready! -->
-* Hash-based *integrity analysis* for components. <!-- TODO: Link to integrity analysis docs when ready! -->
-* The API server now supports *high availability (HA) deployments* in active-active configuration.
-* *Zero downtime deployments* when running API server in HA configuration.
-* *Greatly reduced resource footprint* of the API server.
+* *Designed for high availability*. Horizontal scalability, distributed work queues, and the option to separate
+  web and worker nodes. No single point of failure, and no additional infrastructure requirements outside the 
+  PostgreSQL database you already have.
+* *Resiliency as a first-class citizen*. Durable execution guarantees that background work such as BOM processing,
+  vulnerability analysis, and notifications completes even through node restarts and crashes.
+* *New powerful [CEL]-based policy engine*, providing more flexibility while being more efficient
+  than the engine shipped with v4. Policies can be complex, don't let rigid UI conditions limit you.
+* *Automatic portfolio-wide vulnerability analysis*. Leverage the new policy engine to audit
+  and suppress vulnerabilities before they surface in the UI or trigger notifications.
+* *Component integrity verification*. Detect components whose hashes don't match what's published in package
+  repositories.
+* *Centralized secrets management*. Manage credentials for integrations securely in one place.
+* *Reduced resource footprint*.
 
 ## Architecture / Operations
 

docs/index.md

@@ -5,21 +5,18 @@
 
 ## Introduction
 
-Project *Hyades*, named after [the star cluster closest to earth], is an *incubating* project for decoupling
-responsibilities from [Dependency-Track]'s monolithic API server into separate, scalable™ services.
+Project *Hyades*, named after [the star cluster closest to earth], is the next generation of Dependency-Track,
+rearchitected for scale, resilience, and ease of operation.
 
 The main objectives of Hyades are:
 
-* Enable Dependency-Track to handle portfolios spanning *hundreds of thousands of projects*
-* Improve *resilience* of Dependency-Track, providing *more confidence* when relying on it in critical workflows
-* Improve deployment and configuration management experience for containerized / cloud native tech stacks
+* Enable Dependency-Track to handle portfolios spanning *hundreds of thousands of projects*.
+* Improve *resilience* of Dependency-Track, providing *more confidence* when relying on it in critical workflows.
+* Improve deployment and configuration management experience for containerized / cloud native tech stacks.
 
-Other than separating responsibilities, the API server has been modified to allow for high availability
-(active-active) deployments. Various "hot paths", like processing of uploaded BOMs, have been optimized
-in the existing code. Further optimization is an ongoing effort.
-
-Hyades already is a *superset* of Dependency-Track, as changes up to Dependency-Track v4.11.4 were ported,
-and features made possible by the new architecture have been implemented on top.
+To achieve this, the platform has undergone significant architectural improvements, including [durable execution]
+for reliable background processing, a PostgreSQL-optimized persistence layer, a [new CEL-based policy engine],
+and a modernized [configuration system].
 
 !!! warning
     Hyades is not yet fully production ready, please refer to the
@@ -34,7 +31,7 @@ and features made possible by the new architecture have been implemented on top.
 ??? abstract "tl;dr"
     The architecture of Dependency-Track v4 prevents it from scaling past a certain workload.
 
-Dependency-Track, for the most part, is an event-based system. As a platform for ingesting data (in the form of BOMs),
+Dependency-Track v4, for the most part, is an event-based system. As a platform for ingesting data (in the form of BOMs),
 listening for and itself emitting signals on it, an event-based architecture makes sense conceptually. The majority of
 operations Dependency-Track performs happen asynchronously, without client interaction.
 
@@ -100,8 +97,6 @@ While this architecture works great for small to medium workloads, it presents v
    would be an even bigger problem if the work was shared across multiple application instances, and would require
    distributed locking as a countermeasure, which is [inherently hard to get right](https://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html).
 
-In order to scale Dependency-Track beyond its current capabilities, a distributed messaging service is required.
-
 ### Related Issues
 
 On multiple occasions in the past, the Dependency-Track community raised questions about high availability (HA)
@@ -112,9 +107,10 @@ deployments, and / or how to better scale the platform:
 * <https://github.com/DependencyTrack/dependency-track/issues/1210>
 * <https://github.com/DependencyTrack/dependency-track/issues/1856>
 
-[the star cluster closest to earth]: https://en.wikipedia.org/wiki/Hyades_(star_cluster)
-[Apache Kafka]: https://kafka.apache.org/
 [Changes over v4]: getting-started/changes-over-v4.md
 [Dependency-Track]: https://dependencytrack.org/
 [Migrating from v4]: getting-started/migrating-from-v4.md
-[Redpanda]: https://redpanda.com/
+[configuration system]: operations/configuration/overview.md
+[durable execution]: architecture/design/durable-execution.md
+[new CEL-based policy engine]: usage/policy-compliance/expressions.md
+[the star cluster closest to earth]: https://en.wikipedia.org/wiki/Hyades_(star_cluster)

docs/operations/configuration/datasources.md

@@ -21,7 +21,7 @@ as well as the vast majority of background processing.
 
 Certain features of Dependency-Track can be configured to use
 a different data source than `default`. For example, the 
-[*database* secret management provider](../../usage/secret-management/providers.md#database).
+[*database* secret management provider](../../operations/secret-management/providers.md#database).
 Instead of database connection details, they accept a *data source name*, e.g. via
 [`dt.secret-management.database.datasource.name`](../../reference/configuration/api-server.md#dtsecret-managementdatabasedatasourcename).
 

docs/operations/scaling.md

@@ -201,8 +201,8 @@ Decrease `poll-interval-ms` for lower notification latency.
 
 Configuration:
 
-- [`notification.outbox-relay.poll-interval-ms`](../reference/configuration/api-server.md#notificationoutbox-relaypoll-interval-ms)
-- [`notification.outbox-relay.batch-size`](../reference/configuration/api-server.md#notificationoutbox-relaybatch-size)
+- [`notification.outbox-relay.poll-interval-ms`](../reference/configuration/api-server.md#dtnotificationoutbox-relaypoll-interval-ms)
+- [`notification.outbox-relay.batch-size`](../reference/configuration/api-server.md#dtnotificationoutbox-relaybatch-size)
 
 ## Separate Database for Dex