update ssc policies with note on default behavior (#1925)

* update with default behavior

* refine

Author: s-santillan

docs/semgrep-supply-chain/getting-started.md

@@ -138,7 +138,7 @@ Semgrep Supply Chain supports the scanning of monorepos. As outlined in [Project
 
 Semgrep can help block pull requests (PRs) or merge requests (MRs) when it matches a blocking finding. When one or more findings is blocking, Semgrep returns exit code `1`, and you can use this result to set up additional checks to enforce a block in your CI/CD pipeline, such as not allowing merge of the PR/MR. This action applies to full and [diff-aware scans](/semgrep-code/glossary#diff-aware-scan).
 
-Semgrep Supply Chain versions **v0.122.0** and earlier automatically aided in blocking pull/merge requests if it discovered reachable findings in the code, but later versions do not do this. You can, however, configure Semgrep Supply Chain to help block scans whenever all of the following conditions are met:
+You can configure Semgrep Supply Chain to help block scans whenever all of the following conditions are met:
 
 * It detects reachable findings in direct dependencies
 * The reachable findings are of critical or high severity
@@ -151,3 +151,7 @@ To enable **Scan Blocking**:
 3. Click **<i class="fa-solid fa-toggle-large-on"></i> Scan Blocking**.
 
 Alternatively, you can configure your version control system to prevent merging if Semgrep Supply Chain identifies reachable findings.
+
+:::tip
+Policies for Semgrep Supply Chain is now in private beta. See [Manage policies](/semgrep-supply-chain/policies) for more information.
+:::

docs/semgrep-supply-chain/policies.md

@@ -10,7 +10,9 @@ tags:
 
 # Manage policies (beta)
 
-Use Supply Chain policies to define the conditions in which developers are **notified** of a finding through a comment, or potentially **blocked** from merging their pull or merge request (PR or MR). This feature helps you manage noise and ensures that developers are only notified or potentially blocked based on the conditions you set.
+By default, Semgrep AppSec Platform collects Supply Chain findings without notifying developers, similar to the [**Monitor** mode](/semgrep-code/policies#block-a-pr-or-mr-through-rule-modes) in Semgrep Code. This prevents developers from receiving notifications while you evaluate the tool.
+
+Once you are ready to to notify developers through a **comment**, or potentially **block** them from merging a pull or merge request (PR or MR), define a **Supply Chain policy**. This feature helps you manage noise and ensures that developers are only notified or potentially blocked based on the conditions you set.
 
 This feature enables you to configure the following: