Skip to content

Explanation overview/progress #50

New issue
New issue
Open
Open
Explanation overview/progress#50
Assignees
FlantoxPh4t3Hubtrick-Git
Labels
DiataxisAll issues related to the diataxis project
@Hubtrick-Git

Description

@Hubtrick-Git
Hubtrick-Git
opened on Jan 10, 2026

Explanation

  • index.mdx # Explanation overview

core-concepts

  • what-is-devguard.mdx # Core mission
  • organizations-projects-assets.mdx # Hierarchy
  • asset-versions.mdx # Branching model
  • artifacts.mdx # Artifact concept
  • vulnerability-types.mdx # Dependency vs. first-party
  • risk-scoring.mdx # Risk calculation
  • sbom-vex-relationship.mdx # SBOM vs VEX

architecture

  • system-overview.mdx # High-level architecture (DIAGRAM)
  • data-flow.mdx # Data flow (DIAGRAM)
  • security-model.mdx # Security architecture (DIAGRAM)
  • database-schema.mdx # Database design
  • authentication-flow.mdx # Auth (Kratos integration)
  • scanner-architecture.mdx # Scanner design
  • scalability.mdx # Horizontal scaling

vulnerability-management

  • vulnerability-lifecycle.mdx # Vuln states
  • risk-assessment-methodology.mdx # CIA + EPSS + CVSS
  • mitigation-strategies.mdx # How to mitigate
  • false-positive-detection.mdx # Why false positives
  • vulnerability-events.mdx # Event system
  • external-vuln-sync.mdx # Third-party sync

dependency-management

  • dependency-resolution.mdx # How deps are resolved
  • dependency-graph.mdx # Graph visualization
  • transitive-dependencies.mdx # Direct vs transitive
  • version-matching.mdx # Semver matching
  • package-ecosystems.mdx # npm, PyPI, Go, Maven, etc.

license-management

  • license-detection.mdx # How licenses are detected
  • license-compatibility.mdx # OSI licenses
  • license-risk-scoring.mdx # Risk assessment
  • license-compliance.mdx # Legal compliance

supply-chain-security

  • what-is-supply-chain-security.mdx # Overview
  • in-toto-framework.mdx # In-toto explained
  • attestations.mdx # Attestation types
  • supply-chain-verification.mdx # Verification process
  • slsa-framework.mdx # SLSA levels
  • provenance-tracking.mdx # Build provenance

compliance (in-progress: Julian)

  • why-compliance-matters.mdx # Business case
  • cyber-resilience-act.mdx # EU CRA explained
  • iso-27001-mapping.mdx # ISO requirements
  • csaf-vex-explained.mdx # CSAF/VEX standards
  • sbom-standards.mdx # CycloneDX vs SPDX
  • audit-trails.mdx # Audit logging

security

  • dependency-proxy-security.mdx # Proxy security model
  • malicious-package-detection.mdx # OSSF DB integration
  • cache-integrity.mdx # SHA256 verification
  • rbac-model.mdx # Casbin RBAC
  • api-security.mdx # API security
  • secrets-management.mdx # PAT handling

integrations

  • integration-architecture.mdx # How integrations work
  • github-integration.mdx # GitHub App design
  • gitlab-integration.mdx # GitLab integration
  • jira-integration.mdx # Jira integration
  • webhook-system.mdx # Webhook design
  • external-entity-providers.mdx # External auth

advanced-topics

  • daemon-pipeline.mdx # Background jobs
  • open-source-insights.mdx # Google OSI integration
  • fixed-version-detection.mdx # Auto-fix detection
  • statistics-calculation.mdx # Risk history
  • multi-tenancy.mdx # Org isolation
  • performance-optimization.mdx # Scaling tips

Metadata

Metadata

Assignees

Labels

DiataxisAll issues related to the diataxis project

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions