Skip to content

Commit 612811a

Browse files
committed
improved grammar and readibility at some places. Added a direct linkt to the mentioned cloud deployment
1 parent 4430797 commit 612811a

1 file changed

Lines changed: 14 additions & 14 deletions

File tree

src/pages/explanations/core-concepts/what-is-devguard.mdx

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -10,21 +10,21 @@ DevGuard is an open-source vulnerability management platform built by developers
1010

1111
**Developer-Centric Security**: Security tools shouldn't disrupt development workflows. DevGuard fits naturally into existing CI/CD pipelines, providing vulnerability intelligence where developers already work.
1212

13-
**Transparency Over Obscurity**: Modern software development demands full visibility into dependencies and vulnerabilities. DevGuard provides complete transparency through automated <Tooltip><TooltipTrigger asChild><span className="underline decoration-dotted decoration-yellow-400 decoration-1 underline-offset-4 cursor-pointer">SBOM</span></TooltipTrigger><TooltipContent><p>Software Bill of Materials - Comprehensive inventory of software components</p></TooltipContent></Tooltip> generation and dependency graphs.
13+
**Transparency over Obscurity**: Modern software development demands full visibility into dependencies and vulnerabilities. DevGuard provides complete transparency through automated <Tooltip><TooltipTrigger asChild><span className="underline decoration-dotted decoration-yellow-400 decoration-1 underline-offset-4 cursor-pointer">SBOM</span></TooltipTrigger><TooltipContent><p>Software Bill of Materials - Comprehensive inventory of software components</p></TooltipContent></Tooltip> generation and dependency graphs.
1414

15-
**Risk-Based Prioritization**: Not all vulnerabilities are equally critical. DevGuard enhances <Tooltip><TooltipTrigger asChild><span className="underline decoration-dotted decoration-yellow-400 decoration-1 underline-offset-4 cursor-pointer">CVSS</span></TooltipTrigger><TooltipContent><p>Common Vulnerability Scoring System - Technical severity rating</p></TooltipContent></Tooltip> scores with exploitability data, organizational context, and attack surface analysis—ensuring the most important issues come first.
15+
**Risk-Based Prioritization**: Not all vulnerabilities are equally impactful. DevGuard enhances existing <Tooltip><TooltipTrigger asChild><span className="underline decoration-dotted decoration-yellow-400 decoration-1 underline-offset-4 cursor-pointer">CVSS</span></TooltipTrigger><TooltipContent><p>Common Vulnerability Scoring System - Technical severity rating</p></TooltipContent></Tooltip> scores with exploitability data, organizational context, and attack surface analysis—ensuring the most important vulnerabilities are handled first.
1616

1717
**Compliance Made Manageable**: Technical compliance with security frameworks (ISO 27001, CRA, BSI IT-Grundschutz) shouldn't be a burden. DevGuard automates compliance documentation, audit trails, and evidence generation.
1818

1919
<Callout type="info" emoji="🎯">
20-
DevGuard practices what it preaches—the platform scans and manages its own vulnerabilities, publicly sharing SBOM and <Tooltip><TooltipTrigger asChild><span className="underline decoration-dotted decoration-yellow-400 decoration-1 underline-offset-4 cursor-pointer">VEX</span></TooltipTrigger><TooltipContent><p>Vulnerability Exploitability eXchange - Vulnerability impact assessments</p></TooltipContent></Tooltip> documents as examples of transparent security practices.
20+
DevGuard practices what it preaches—the platform scans and manages its own vulnerabilities, publicly sharing SBOM and <Tooltip><TooltipTrigger asChild><span className="underline decoration-dotted decoration-yellow-400 decoration-1 underline-offset-4 cursor-pointer">VEX</span></TooltipTrigger><TooltipContent><p>Vulnerability Exploitability eXchange - Vulnerability impact assessments</p></TooltipContent></Tooltip> documents as an example of transparent security practices.
2121
</Callout>
2222

2323
## The Challenge
2424

25-
In 2023 alone, cyberattacks caused approximately €206 billion in damage in Germany, with many exploiting software vulnerabilities. Developers face security issues without proper training or tools fitting their workflows. Meanwhile, vulnerability scanners generate overwhelming findings—often 50-80% false positives—creating alert fatigue and obscuring genuine threats.
25+
In 2023 alone, cyberattacks caused approximately €206 billion in damage in Germany alone, with many exploiting software vulnerabilities. Developers face security issues without proper training or tools fitting their workflows. Meanwhile, common vulnerability scanners generate overwhelming findings—often 50-80% false positives—creating alert fatigue and obscuring genuine threats.
2626

27-
Traditional security tools treat vulnerability management as separate from development, creating friction. Developers need security integrated into their existing workflows, not parallel processes demanding context switching.
27+
Traditional security tools treat vulnerability management as separate from development, creating friction and unnecessary overhead. Developers need security integrated into their existing workflows, not as parallel processes demanding context switching.
2828

2929
## The Solution
3030

@@ -36,40 +36,40 @@ DevGuard bridges this gap through:
3636

3737
**Supply Chain Transparency**: Automated SBOM and VEX generation providing complete dependency visibility. Dependency graphs visualize complex relationships, enabling informed decisions about component risks.
3838

39-
**Bring Your Own Scanner**: Already using Trivy, Grype, Semgrep, or other tools? DevGuard ingests SBOM and SARIF format data for unified risk visibility across scanners.
39+
**Bring Your Own Scanner**: Already using Trivy, Grype, Semgrep, or other tools? DevGuard ingests SBOM and SARIF reports for unified risk visibility across scanners.
4040

41-
**Issue Tracker Integration**: Automatically create tickets in GitHub Issues, GitLab Issues, or Jira for identified vulnerabilities. Bidirectional synchronization keeps security work visible in normal development workflows.
41+
**Issue Tracker Integration**: Automatically create tickets in GitHub Issues, GitLab Issues, or Jira to track identified vulnerabilities. Bidirectional synchronization keeps security work visible in normal development workflows.
4242

4343
**Automated Compliance**: Generate audit trails, compliance reports, and documentation automatically. Map vulnerability handling to ISO 27001, CRA, and other framework requirements without manual documentation overhead.
4444

4545
## Open Source & Community
4646

47-
**AGPL-3.0 License**: Full transparency and no vendor lock-in. Self-host on-premise or use cloud deployments.
47+
**AGPL-3.0 License**: Full transparency and no vendor lock-in. Self-host on-premise or use [existing cloud deployments](https://app.devguard.org/).
4848

4949
**OWASP Incubating Project**: Community-driven development following OWASP principles and standards.
5050

51-
**Made in Germany**: Developed by L3montree with focus on data sovereignty, privacy, and European compliance requirements.
51+
**Made in Germany**: Developed by L3montree with a focus on data sovereignty, privacy, and European compliance requirements.
5252

53-
**Active Development**: Continuously evolving with community contributions. Public roadmap and transparent issue tracking on GitHub.
53+
**Active Development**: Continuously evolving with community contributions, a public roadmap, and transparent issue tracking on GitHub.
5454

5555
<Callout type="info" emoji="🌍">
56-
DevGuard supports the OWASP DevSecOps pipeline with simplified CLI wrappers around widely-used open source tools, enabling security at scale without reinventing ecosystems.
56+
DevGuard supports the OWASP DevSecOps pipeline with simplified CLI wrappers around widely used open-source tools, enabling security at scale without reinventing ecosystems.
5757
</Callout>
5858

5959
## Key Differentiators
6060

6161
**Dynamic VEX**: VEX information shared via links rather than static files—what's risk-free today may be affected by CVEs tomorrow. Live VEX endpoints ensure assessments stay current.
6262

63-
**Attestation-Based Compliance**: Support for in-toto attestations and SLSA compliance monitoring, securing supply chain integrity.
63+
**Attestation-based Compliance**: Support for in-toto attestations and SLSA compliance monitoring and securing supply chain integrity.
6464

65-
**Developer Experience**: Built by developers understanding actual workflows. Minimally invasive integration preserving development velocity while improving security posture.
65+
**Developer Experience**: Built by developers who understand actual workflows. Minimally invasive integration preserving development velocity while improving security posture.
6666

6767
**Pragmatic Automation**: Automate what can be automated (scanning, SBOM generation, risk scoring) while preserving human judgment for strategic decisions (risk acceptance, mitigation approaches).
6868

6969
---
7070

7171
## Related Documentation
7272

73-
- [Vulnerability Lifecycle](/explanations/vulnerability-management/vulnerability-lifecycle) - Understanding vulnerability management process
73+
- [Vulnerability Lifecycle](/explanations/vulnerability-management/vulnerability-lifecycle) - Understanding the vulnerability management process
7474
- [Vulnerability Risk Assessment](/explanations/vulnerability-management/risk-assessment-methodology) - How DevGuard calculates risk scores
7575
- [Why Compliance Matters](/explanations/compliance/why-compliance-matters) - Business case for integrated security

0 commit comments

Comments
 (0)