docs: rewrite user docs, fix modal scroll, webhook URL, and sccache

Rewrite all public documentation to be user-facing only: - Remove deployment, configuration, and self-hosting sections - Add guide pages for SBOM, issues, webhooks & PR reviews - Add reference pages for glossary and tools/scanners - Add 12 screenshots from live dashboard - Explain MCP, LLM triage, false positives, human-in-the-loop Fix edit repository modal not scrollable (max-height + overflow-y). Show full webhook URL using window.location.origin instead of path. Unset RUSTC_WRAPPER in agent cargo commands to avoid sccache errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 14:17:46 +01:00
parent 689daa0f49
commit c253e4ef5e
40 changed files with 872 additions and 1334 deletions
--- a/docs/guide/issues.md
+++ b/docs/guide/issues.md
@@ -0,0 +1,56 @@
+# Issues & Tracking
+
+Certifai automatically creates issues in your existing issue trackers when new security findings are discovered. This integrates security into your development workflow without requiring teams to check a separate tool.
+
+## How Issues Are Created
+
+When a scan discovers new findings, the following happens automatically:
+
+1. Each new finding is checked against existing issues using its fingerprint
+2. If no matching issue exists, a new issue is created in the configured tracker
+3. The issue includes the finding title, severity, vulnerability details, file location, and a link back to the finding in Certifai
+4. The finding is updated with a link to the external issue
+
+This means every actionable finding gets tracked in the same system your developers already use.
+
+## Issues List
+
+Navigate to **Issues** in the sidebar to see all tracker issues across your repositories.
+
+![Issues list showing tracker issues](/screenshots/issues-list.png)
+
+The issues table shows:
+
+| Column | Description |
+|--------|-------------|
+| Tracker | Badge showing GitHub, GitLab, Gitea, or Jira |
+| External ID | Issue number in the external system |
+| Title | Issue title |
+| Status | Open, Closed, or tracker-specific status |
+| Created | When the issue was created |
+| Link | Direct link to the issue in the external tracker |
+
+Click the link to go directly to the issue in your tracker.
+
+## Supported Trackers
+
+| Tracker | How to Configure |
+|---------|-----------------|
+| **GitHub Issues** | Set up in the repository's issue tracker settings with your GitHub API token |
+| **GitLab Issues** | Set up with your GitLab project ID, instance URL, and API token |
+| **Gitea Issues** | Set up with your Gitea repository details, instance URL, and API token |
+| **Jira** | Set up with your Jira project key, instance URL, email, and API token |
+
+Issue tracker configuration is per-repository. You set it up when [adding or editing a repository](/guide/repositories#configuring-an-issue-tracker).
+
+## Deduplication
+
+Issues are deduplicated using the same fingerprint hash that deduplicates findings. This means:
+
+- If the same vulnerability appears in consecutive scans, only one issue is created
+- If a finding is resolved and then reappears, the platform recognizes it and can reopen the existing issue rather than creating a duplicate
+- Different findings (even if similar) get separate issues because their fingerprints differ based on file path, line number, and vulnerability type
+
+## Linked Issues in Finding Detail
+
+When viewing a [finding's detail page](/guide/findings#finding-detail), you will see a **Linked Issue** section if an issue was created for that finding. This provides a direct link to the external tracker issue, making it easy to jump between the security context in Certifai and the development workflow in your tracker.