docs: document dependency chain for transitive SCA findings

[andrzej-janczak]

What

Adds one paragraph to the SCA findings section of Managing security and risk documenting the new dependency chain display for transitive dependency findings.

The finding now shows the ordered path from a direct (top-level) dependency in the manifest down to the vulnerable transitive package — e.g. npm/@codacy/codacy-mcp@0.6.19 → npm/@modelcontextprotocol/sdk@1.25.2 → npm/ajv-formats@3.0.1 → npm/ajv@8.17.1 → npm/fast-uri@3.1.0 — so users can identify which direct dependency to update.

Scope

• Single file: docs/organizations/managing-security-and-risk.md
• 2 lines added in the section How Codacy manages findings detected during software composition analysis (SCA) — the precise spot, kept minimal.

Note

No screenshot was embedded. The reference screenshot for the feature was not available as a file in this environment. If the dependency-chain UI should be shown with an image, point me at the PNG and I'll add it.

🤖 Generated with Claude Code

[gemini-code-assist]

Code Review

This pull request updates the documentation in docs/organizations/managing-security-and-risk.md to explain how Codacy displays the dependency chain for transitive dependency findings. The reviewer suggested adding a concrete inline example of a dependency chain to make the explanation clearer and more actionable for users.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[github-actions]

Overall readability score: 54.21 (🟢 +0)

File	Readability
managing-security-and-risk.md	58.03 (🔴 -0.04)

View detailed metrics

🟢 - Shows an increase in readability
🔴 - Shows a decrease in readability

File	Readability	FRE	GF	ARI	CLI	DCRS
managing-security-and-risk.md	58.03	36.59	9.91	12.9	12.82	6.5
	🔴 -0.04	🔴 -0.1	🔴 -0.03	🟢 +0	🟢 +0	🟢 +0.01

Averages:

	Readability	FRE	GF	ARI	CLI	DCRS
Average	54.21	43.1	10.91	12.31	12.24	8.01
	🟢 +0	🟢 +0	🟢 +0	🟢 +0	🟢 +0	🟢 +0

View metric targets

Metric	Range	Ideal score
Flesch Reading Ease	100 (very easy read) to 0 (extremely difficult read)	60
Gunning Fog	6 (very easy read) to 17 (extremely difficult read)	8 or less
Auto. Read. Index	6 (very easy read) to 14 (extremely difficult read)	8 or less
Coleman Liau Index	6 (very easy read) to 17 (extremely difficult read)	8 or less
Dale-Chall Readability	4.9 (very easy read) to 9.9 (extremely difficult read)	6.9 or less

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

This PR documents the Software Composition Analysis (SCA) dependency chain feature, which allows users to trace transitive vulnerabilities back to their direct dependencies. The documentation meets all defined acceptance criteria and aligns with Codacy quality standards. No blocking issues were found, and the PR is ready for merge following a minor documentation suggestion.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}