docs: Update vet website docs

docs: Update vet website docs

docs: Set draft mode for unused docs

docs: Update reporting doc

docs/README.md

@@ -27,7 +27,7 @@ npm install
 - Start the development server
 
 ```bash
-yarn start
+npm start
 ```
 
 - Navigate to [http://localhost:3000](http://localhost:3000) for accessing the `vet` documentation locally

docs/docs/advanced/allow-list-deny-list.md

@@ -1,6 +1,7 @@
 ---
 sidebar_position: 6
 title: 🚫 Allow & Deny List
+draft: true
 ---
 
 # 🚫 Vet - Allow & Deny List

docs/docs/configure.md

@@ -1,54 +1,13 @@
 ---
 sidebar_position: 4
 title: 🧩 Configuration
+draft: true
 ---
 
 # 🧩 Configuring Vet
 
 `vet` comes with super powers 🚀, this section will help you to understand and explore some of them so that you can take your open source security to next level 😎
 
-![vet command](/img/vet/vet-command.png)
-
-## API Key
-
-`vet` uses control plane API for the insights required to enrich the information of dependencies, and its information.
-
-### Generating an API key
-
-- You can run the following command with your email address to receive an API key. After running the following command, you will receive an email with the API key.
-
-```bash
-vet auth trial --email [email protected]
-```
-
-![vet register trial](/img/vet/vet-register-trial.png)
-
-### Configuring an API key
-
-- You can configure the api key using the following command
-
-```bash
-vet auth configure
-```
-
-![vet configure](/img/vet/vet-configure.png)
-
-- You can also pass the API key through environment variable using the variable `VET_API_KEY`
-
-### Renewing an API key
-
-- To renew an API key, you can re-register using the email. Even reach out to us at [[email protected]](mailto:[email protected]) and we would be happy to work with you
-
-## Using Community Mode
-
-- You can use community endpoint for Insights API without API key
-
-```bash
-vet auth configure --community
-```
-
-- For CI job, set environment variable `VET_COMMUNITY_MODE=true` to enable community runtime mode
-
 ## Scanning
 
 ### Scanning Directories

docs/docs/ecosystem/artifactory.md

@@ -1,3 +1,7 @@
+---
+draft: true
+---
+
 # Artifactory Systems
 
 🚧 Work-in-Progress (WIP)

docs/docs/ecosystem/developer-tooling.md

@@ -1,3 +1,7 @@
+---
+draft: true
+---
+
 # Developer Tooling
 
 🚧 Work-in-Progress (WIP)

docs/docs/ecosystem/gateways.md

@@ -1,3 +1,8 @@
+---
+draft: true
+---
+
+
 # Gateways
 
 🚧 Work-in-Progress (WIP)

docs/docs/ecosystem/ide.md

@@ -1,3 +1,7 @@
+---
+draft: true
+---
+
 # IDE
 
 🚧 Work-in-Progress (WIP)

docs/docs/ecosystem/integrations.md

@@ -1,3 +1,7 @@
+---
+draft: true
+---
+
 # Integrations
 
 🚧 Work-in-Progress (WIP)

docs/docs/ecosystem/logging.md

@@ -1,3 +1,7 @@
+---
+draft: true
+---
+
 # Logging & Monitoring Systems
 
 🚧 Work-in-Progress (WIP)

docs/docs/ecosystem/serivce-mesh.md

@@ -1,3 +1,7 @@
+---
+draft: true
+---
+
 # Service Mesh
 
 🚧 Work-in-Progress (WIP)

docs/docs/ecosystem/systems.md

@@ -1,3 +1,7 @@
+---
+draft: true
+---
+
 # Systems & Solutions
 
 🚧 Work-in-Progress (WIP)

docs/docs/faq.md

@@ -9,15 +9,6 @@ title: 🙋 FAQ
 
 - Set environment variable `VET_DISABLE_BANNER=1`
 
-### Can I use this tool without an API Key for Insight Service?
-
-- Probably no. All useful data (enrichments) for a detected package comes from
-a backend service. The service is rate limited with quotas to prevent abuse.
-
-- Look at `api/insights-v1.yml`. It contains the contract expected for Insights
-API. You can perhaps consider rolling out your own to avoid dependency with our
-backend.
-
 ### Something is wrong! How do I debug this thing?
 
 - Run without the eye candy UI and enable log to file or to `stdout`.

docs/docs/guides/dependency-cost.md

@@ -1 +1,5 @@
+---
+draft: true
+---
+
 # Dependency Cost

docs/docs/guides/dependency-inventory.md

@@ -1 +1,5 @@
+---
+draft: true
+---
+
 # Dependency Inventory

docs/docs/guides/dependency-scanning.md

@@ -1 +1,5 @@
+---
+draft: true
+---
+
 # Dependency Scanning

docs/docs/guides/drift-analysis.md

@@ -1 +1,5 @@
+---
+draft: true
+---
+
 # Drift Analysis

docs/docs/guides/github-code-scanning.md

@@ -0,0 +1,63 @@
+---
+sidebar_position: 1
+title: 🧪 GitHub Code Scanning
+---
+
+# GitHub Code Scanning Integration
+
+GitHub supports [uploading SARIF](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning)
+reports to enable repository and organization-wide visibility of security
+events across different tools. `vet` supports exporting policy violation
+reports as [SARIF](#) which can be uploaded to GitHub.
+
+## Using SARIF Reports
+
+To generate a SARIF report, use the `vet` command with the `--report-sarif` flag:
+
+```shell
+vet scan -D /path/to/project --report-sarif /path/to/report.sarif
+```
+
+## GitHub Action
+
+`vet` has a GitHub Action to easy integration. Refer to [vet GitHub
+Action](../integrations/github-actions.md) for more details. The action
+produces a SARIF report which can be uploaded to GitHub.
+
+Invoke `vet-action` to run `vet` in GitHub
+
+```yaml
+- name: Run vet
+  id: vet
+  permissions:
+    contents: read
+    issues: write
+    pull-requests: write
+  uses: safedep/vet-action@v1
+  env:
+    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+```
+
+Upload the SARIF report to GitHub
+
+```yaml
+- name: Upload SARIF
+  uses: github/codeql-action/upload-sarif@v3
+  with:
+    sarif_file: ${{ steps.vet.outputs.report }}
+    category: vet
+```
+
+[Full Example](https://github.com/safedep/vet-action/blob/main/example/vet-ci.yml)
+
+**Note:** `vet` will only include policy violations in the SARIF report.
+A policy must be provided to `vet` using `--filter` or `--filter-suite` flag
+during scan. This is automatically included if you are using `vet-action`.
+
+## GitHub Code Scanning Alerts
+
+Once the SARIF report is uploaded to GitHub, policy violations will be
+available in the GitHub Security tab. This provides a centralized view of
+policy violations across different repositories.
+
+![GitHub Code Scanning Alerts](/img/vet-github-code-scanning-alerts.png)

docs/docs/guides/health-status.md

@@ -1 +1,5 @@
+---
+draft: true
+---
+
 # Health Status

docs/docs/guides/licenses-scanning.md

@@ -1 +1,5 @@
+---
+draft: true
+---
+
 # License Scanning

docs/docs/index.md

@@ -12,56 +12,24 @@ title: 👋 Welcome
 
 `vet` is a tool for identifying risks in open source software supply chain. It helps engineering and security teams to identify potential issues in their open source dependencies and evaluate them against organizational policies.
 
-```bash
- ❯ vet 
-
- .----------------.  .----------------.  .----------------.
-| .--------------. || .--------------. || .--------------. |
-| | ____   ____  | || |  _________   | || |  _________   | |
-| ||_  _| |_  _| | || | |_   ___  |  | || | |  _   _  |  | |
-| |  \ \   / /   | || |   | |_  \_|  | || | |_/ | | \_|  | |
-| |   \ \ / /    | || |   |  _|  _   | || |     | |      | |
-| |    \ ' /     | || |  _| |___/ |  | || |    _| |_     | |
-| |     \_/      | || | |_________|  | || |   |_____|    | |
-| |              | || |              | || |              | |
-| '--------------' || '--------------' || '--------------' |
- '----------------'  '----------------'  '----------------'
-
-[ Establish trust in open source software supply chain ]
-
-Usage:
-  vet [OPTIONS] COMMAND [ARG...] [flags]
-  vet [command]
-
-Available Commands:
-  auth        Configure and verify Insights API authentication
-  completion  Generate the autocompletion script for the specified shell
-  help        Help about any command
-  query       Query JSON dump and run filters or render reports
-  scan        Scan and analyse package manifests
-  version     Show version and build information
-
-Flags:
-  -d, --debug               Show debug logs
-  -e, --exceptions string   Load exceptions from file
-  -h, --help                help for vet
-  -l, --log string          Write command logs to file
-  -v, --verbose             Show verbose logs
-
-Use "vet [command] --help" for more information about a command.
-```
-
 ## 🤔 Why vet?
 
-> It has been estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any given piece of modern  software solutions.
+> It has been estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any given piece of modern software solutions.
+> [Source](https://www.linuxfoundation.org/blog/blog/a-summary-of-census-ii-open-source-software-application-libraries-the-world-depends-on)
+
+Industry dependency on OSS will only increase. We need better tooling to help
+engineering and security teams to safely consume OSS components.
 
 ### 👉 Problem space
-Product security practices target software developed and deployed internally. They do not cover software consumed from external sources in form of libraries from the Open Source ecosystem. The growing risk of vulnerable, unmaintained and malicious dependencies establishes the need for product security teams to vet 3rd party dependencies before consumption.
+
+Product security practices secure software developed and deployed internally. They do not cover software consumed from external sources in form of libraries from the Open Source ecosystem. The growing risk of vulnerable, unmaintained and malicious dependencies establishes the need for product security teams to vet 3rd party dependencies before consumption.
 
 ### 👉 Current state
+
 Vetting open source packages is largely a manual and opinionated process involving engineering teams as the requester and security teams as the service provider. A typical OSS vetting process involves auditing dependencies to ensure security, popularity, license compliance, trusted publisher etc. The manual nature of this activity increases cycle time and slows down engineering  velocity, especially for evolving products.
 
 ### 🚀 What vet aims to solve
+
 `vet` solves the problem of OSS dependency vetting by providing a policy driven automated analysis of libraries. It can be seamlessly integrated with any CI tool or used in developer / security engineer's local environment.
 
 ## 🤩 Vet in Action

docs/docs/installation.mdx

@@ -1,7 +1,7 @@
 ---
 sidebar_position: 3
 slug: /installation
-title: ⚡ Installation
+title: ⚡Installation
 ---
 
 # ⚡ Installing Vet
@@ -28,25 +28,25 @@ import TabItem from '@theme/TabItem';
 
 <TabItem value="linux">
   <code>
-    curl -L https://github.com/safedep/vet/releases/download/v1.5.8/vet_Linux_x86_64.tar.gz -o vet.tar.gz
+    curl -L https://github.com/safedep/vet/releases/download/v1.6.0/vet_Linux_x86_64.tar.gz -o vet.tar.gz
   </code>
 </TabItem>
 
 <TabItem value="macm">
   <code>
-    curl -L https://github.com/safedep/vet/releases/download/v1.5.8/vet_Darwin_arm64.tar.gz -o vet.tar.gz
+    curl -L https://github.com/safedep/vet/releases/download/v1.6.0/vet_Darwin_arm64.tar.gz -o vet.tar.gz
   </code>
 </TabItem>
 
 <TabItem value="maci">
   <code>
-    curl -L https://github.com/safedep/vet/releases/download/v1.5.8/vet_Darwin_x86_64.tar.gz -o vet.tar.gz
+    curl -L https://github.com/safedep/vet/releases/download/v1.6.0/vet_Darwin_x86_64.tar.gz -o vet.tar.gz
   </code>
 </TabItem>
 
 <TabItem value="windows">
   <code>
-    TBD
+    go install github.com/safedep/vet@latest
   </code>
 </TabItem>
 

docs/docs/integrations/aws-codebuild.md

@@ -1,6 +1,7 @@
 ---
 sidebar_position: 6
 title: 🔁 AWS CodeBuild
+draft: true
 ---
 
 # 🔁 AWS CodeBuild Workflow - Vet

docs/docs/integrations/bitbucket-pipelines.md

@@ -1,6 +1,7 @@
 ---
 sidebar_position: 5
 title: 🔁 Bitbucket Pipelines
+draft: true
 ---
 
 # 🔁 Bitbucket Pipelines Workflow - Vet

docs/docs/integrations/circle-ci.md

@@ -1,6 +1,7 @@
 ---
 sidebar_position: 3
 title: 🔁 Circle CI
+draft: true
 ---
 
 # 🔁 Circle CI Workflow - Vet