Merge branch 'master' into create-pull-request/patch-1780901608

Author: DMarinhoCodacy

docs/organizations/images/security-risk-management-finding-dependency-chain.png

@@ -99,6 +99,10 @@ On the right section, you can view the filtered list of findings. Each finding c
 
 ![Security and risk management finding page](images/security-risk-management-finding-details.png)
 
+For findings on transitive dependencies, the finding also displays the **dependency chain**: the ordered path from a direct (top-level) dependency in your manifest down to the vulnerable package (for example, `direct-package → intermediate-package → vulnerable-package`). This helps you identify which of your direct dependencies you need to update to resolve the finding.
+
+![Security and risk management finding dependency chain](images/security-risk-management-finding-dependency-chain.png)
+
 The same Common Vulnerability and Exposure can be classified with different severities in different sources, like cve.org or NVD, and Trivy uses these and other sources to update their database. As such, there may be situations where the severity attributed to a Finding by Trivy is not in line with a specific source. Subsequent analysis can then close a Finding and re-open it with a different severity, if a Trivy database update occurs.
 
 ## Sharing a filtered view of findings {: id="sharing-filtered-view"}

docs/organizations/managing-security-and-risk.md

@@ -17,7 +17,7 @@ This page covers the following topics:
 ## Creating a coding standard {: id="creating"}
 
 !!! note
-    Codacy currently supports up to 10 coding standards per organization.
+    Codacy currently supports up to 30 coding standards per organization.
 
 To create a coding standard for your organization:
 
@@ -177,7 +177,7 @@ A common strategy is to start with a baseline standard containing fundamental ru
 ![Coding standards strategies](images/coding-standard-strategy.png)
 
 !!! note
-    You can apply up to 10 coding standards to your organization. Standards can overlap, meaning a single repository can follow multiple standards simultaneously.
+    You can apply up to 30 coding standards to your organization. Standards can overlap, meaning a single repository can follow multiple standards simultaneously.
 
 !!! important
     If the same pattern appears in multiple standards, the version from the most recently created and applied standard (with its parameters) takes precedence.

docs/organizations/using-coding-standards.md

@@ -0,0 +1,100 @@
+---
+rss_title: Codacy release notes RSS feed
+rss_href: /feed_rss_created.xml
+description: Release notes for Codacy Cloud May 2026.
+included_jira_versions: ['2026.5']
+codacy_tools_version_old: https://github.com/codacy/codacy-tools/releases/tag/9.1.78
+codacy_tools_version_new: https://github.com/codacy/codacy-tools/releases/tag/9.2.13
+---
+
+# Cloud May 2026
+
+These release notes are for the Codacy Cloud updates during May 2026.
+
+📢 [Visit the Codacy roadmap](https://roadmap.codacy.com) and <span class="skip-vale">let us know</span> your feedback on both new and planned product updates!
+
+## Product enhancements
+
+- **Draft PR AI Review Control:** The PR reviewer no longer runs automatically for draft PRs. Please trigger it manually using the button on the summary if you want a review. (CF-2354)
+
+- **Deprecation of AI Suggestions:** Deprecated AI suggestions in GitHub; please use our PR reviewer instead. (CF-2293)
+
+- **AI Inventory Access Update:** AI Inventory is now only available to Business Tier accounts. (LK-2130)
+
+- **YAML Support for Environment Files:** Codacy now supports `.env`, `.env.production`, `.env.prod`, and `.env.staging` files for the YAML language. All tools running for YAML will be able to scan these files as well. (TCE-1315)
+
+- **Improved Opengrep Secrets Detection:** We improved the rule "hardcoded-passwords" in Opengrep to cover better use cases using keywords like `(api|secret|private|access|aws|ssh|auth|session|encryption|decryption|gcp)-key` or `password|motdepasse|heslo|adgangskode|wachtwoord|salasana|passwort|passord|senha|geslo|clave|losenord|parola|secret|pwd`. (TCE-1496)
+
+- **ESLint v8 Vue Parsing Fix:** We fixed the parsing issues with `.vue` files in ESLint v8. (TCE-1429)
+
+- **Lizard Parameter Count Fix:** We found an issue with the count of parameters within a method in TypeScript files using Lizard. The latest version fixed that issue, and now it's counting correctly. (TCE-1519)
+
+- **Fix for Empty Commit Detection:** Fixed a bug where the AI reviewer would report that a commit is empty, or that certain files did not appear to be altered within the commit (e.g., .txt files). (CF-2449)
+
+- **Improved AI Reviewer Accuracy:** Resolved an issue where the AI reviewer incorrectly flagged updated dependencies or API versions as unrecognized. (CF-2448)
+
+- **Refactored Jira Prompts:** Fixed a bug where the AI reviewer would ask for a Jira ticket, even though the users were not using Jira. (CF-2440)
+
+## Tool versions
+
+-  **Eslint v9** has a new version: **9.39.4** ( updated from 9.38.0 )
+-  **Lizard** has a new version: **1.22.2** ( updated from 1.17.31 )
+-  **Opengrep** has a new version: **1.21.0** ( updated from 1.17.0 )
+-  **AgentLinter**: **0.3.3**
+-  **Aligncheck**: **1.0.0**
+-  **Ameba**: **1.6.4**
+-  **Bandit**: **1.8.3**
+-  **Biomejs**: **2.4.7**
+-  **Brakeman**: **4.3.1**
+-  **Bundler-audit**: **0.9.1**
+-  **Checkov**: **3.2.508**
+-  **Checkstyle**: **10.26.1**
+-  **Clang-tidy**: **10.0.1**
+-  **Codenarc**: **3.6.0**
+-  **Codesniffer**: **3.10.1**
+-  **Coffeelint**: **5.2.11**
+-  **Cppcheck**: **2.18.0**
+-  **Credo**: **1.7.12**
+-  **Csslint**: **1.0.5**
+-  **Dartanalyzer**: **3.9.3**
+-  **Deadcode**: **1.0.0**
+-  **Detekt**: **1.23.8**
+-  **Eslint v8**: **8.57.0**
+-  **Eslint v7**: **7.32.0**
+-  **Faux-pas**: **1.7.2**
+-  **Flawfinder**: **2.0.19**
+-  **Golangci-lint**: **2.7.2**
+-  **Gorevive**: **1.12.0**
+-  **Gosec**: **2.22.7**
+-  **Hadolint**: **2.12.0**
+-  **Jackson-linter**: **2.19.2**
+-  **Jshint**: **2.13.6**
+-  **Markdownlint**: **0.33.0**
+-  **Phpmd**: **2.14.1**
+-  **Pmd v6**: **6.55.0**
+-  **Pmd v7**: **7.16.0**
+-  **Prospector**: **1.18.0**
+-  **Psscriptanalyzer**: **1.24.0**
+-  **Pylint v1**: **1.9.5**
+-  **Pylint**: **4.0.5**
+-  **Reek**: **6.5.0**
+-  **Remark-lint**: **10.0.1**
+-  **Roslyn**: **1.23.0**
+-  **Rubocop**: **1.80.2**
+-  **Ruff**: **0.12.7**
+-  **Scalameta-pro**: **1.4.4**
+-  **Scalastyle**: **1.5.1**
+-  **Shellcheck**: **0.10.0**
+-  **Sonar-csharp**: **9.32**
+-  **Sonar-visual-basic**: **8.13**
+-  **Spectral**: **1.22.0**
+-  **Spotbugs**: **4.8.4**
+-  **Sqlfluff**: **4.1.0**
+-  **Sqlint**: **0.2.1**
+-  **Staticcheck**: **2025.1.1**
+-  **Stylelint**: **16.23.0**
+-  **Swiftlint**: **0.63.2**
+-  **Tailor**: **0.12.0**
+-  **Trivy**: **0.70.0**
+-  **Tslint**: **6.1.3**
+-  **Tsqllint**: **1.16.0**

docs/release-notes/cloud/cloud-2026-05.md

@@ -18,6 +18,7 @@ For product updates that are in progress or planned [visit the Codacy public roa
 
 2026
 
+-   [Cloud May 2026](cloud/cloud-2026-05.md)
 -   [Cloud April 2026](cloud/cloud-2026-04.md)
 -   [Cloud March 2026](cloud/cloud-2026-03.md)
 -   [Changes to GitHub integration settings March, 2026](cloud/cloud-2026-03-github-integration-settings-changes.md)

docs/release-notes/index.md

@@ -692,6 +692,7 @@ nav:
           - release-notes/index.md
           - Cloud:
                 - 2026:
+                      - release-notes/cloud/cloud-2026-05.md
                       - release-notes/cloud/cloud-2026-04.md
                       - release-notes/cloud/cloud-2026-03.md
                       - release-notes/cloud/cloud-2026-03-github-integration-settings-changes.md