More updates: codemods, installation, intro

pixee · Aug 10, 2024 · c82c08f · c82c08f
1 parent 0facc37
commit c82c08f
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 27 deletions.
diff --git a/docs/code-scanning-tools/overview.md b/docs/code-scanning-tools/overview.md
@@ -21,6 +21,8 @@ When triaging and fixing issues detected by code scanning tools, Pixeebot suppor
 
 We are continuously working on expanding our language support. If you need support for a language not listed here, please [contact us](https://pixee.ai/demo-landing-page).
 
+For a list of core codemods that work without code scanning tool integration, see the [Codemods](/codemods/overview) page.
+
 # Supported Tools
 
 - [Sonar, SonarSource, SonarQube](/code-scanning-tools/sonar)

diff --git a/docs/codemods/overview.md b/docs/codemods/overview.md
@@ -4,6 +4,8 @@ sidebar_position: 5
 
 # Core Codemods
 
-Pixeebot currently applies all of the Pixee core codemods for [Java](https://github.com/pixee/codemodder-java/) and [Python](https://github.com/pixee/codemodder-python/), which are maintained as part of the [codemodder project](https://codemodder.io/) to help strengthen your code. More languages are coming soon!
+Pixee uses the open-source [codemodder framework](https://codemodder.io/) to provide automated code improvements. These codemods are continuously updated to ensure Pixee's recommendations align with industry standards and best practices.
 
-This section gives detailed information on those codemods, including how they change the code, how you should consider reviewing their output, and more.
+Pixeebot ships with a set of "core" codemods for [Java](https://github.com/pixee/codemodder-java) and [Python](https://github.com/pixee/codemodder-python) that do not require code scanning tool integration. These core codemods can be applied to your codebase to harden and improve your code in the form of pull requests.
+
+You will get the most value out of Pixee by connecting it to your existing [code scanning tools and services](/code-scanning-tools/overview). This will allow Pixee to provide more accurate and relevant fixes for your codebase and to triage findings from those tools. Tool remediation codemods support a wider set of languages.
diff --git a/docs/installing.md b/docs/installing.md
@@ -9,6 +9,8 @@ We provide a free tier offering that can be installed on any public or private r
 
 To install Pixeebot, visit our [GitHub App page](https://github.com/apps/pixeebot/). From there, click **Install** (or **Configure**) and follow the prompts from GitHub. You'll be directed to your Pixee dashboard once the installation process is complete.
 
+See the [Preferences](/configuring) page for information on how to configure Pixeebot to suit your needs.
+
 ## Pixeebot on Premises
 
 Pixeebot can be deployed on-premises for organizations that require additional security or compliance measures. To learn more about Pixeebot on-premises solutions, please [contact us](https://pixee.ai/demo-landing-page).

diff --git a/docs/intro.md b/docs/intro.md
@@ -4,38 +4,46 @@ sidebar_position: 1
 
 # Introducing Pixeebot 👋
 
-Pixeebot is a [GitHub app](https://github.com/apps/pixeebot/) that automatically improves your code. It acts like a developer on your team by reviewing your code, and recommending changes to enhance code quality, performance, and security. Pixeebot opens merge-ready pull requests (PRs) for each recommendation, so all you have to do is review and merge.
+Pixeebot is your automated product security engineer.
 
-Pixeebot is powered by our open source toolkit [codemodder](https://codemodder.io/), a pluggable framework for building expressive codemods. These codemods help power Pixeebot’s recommendations, and are continuously updated to ensure Pixeebot’s recommendations align with industry standards and best practices.
+Pixeebot triages and fixes issues detected by your [code scanning tools](/code-scanning-tools/overview). It hardens and improves your code in the form of pull requests.
 
-### How does Pixeebot help me?
+Pixeebot is powered by the open-source [codemodder framework](https://codemodder.io/). These codemods power Pixeebot’s fixes, and are continuously updated to ensure Pixeebot’s recommendations align with industry standards and best practices.
 
-Pixeebot monitors your repositories and provides fixes in two different ways:
+### How does Pixeebot help me?
 
-1. :on: **Continuous Improvement:** monitors your default branch and sends you pull requests with fixes.
+1. 🗃️ **Continuous Improvement:** works down your backlog of issues and keeps your codebase secure.
 2. :seedling: **PR Improvement:** checks each new pull request (PR) and recommends improvements.
+3. 🔎 **Triage**: identifies false positives and prioritizes issues that need fixing.
 
-### What types of recommendations does Pixeebot make?
+### What types of issues can Pixeebot triage and fix?
 
-Pixeebot is built to find and fix a variety of problems, whether they are performance and quality issues or known security vulnerabilities. Here are a few of the most common issues Pixeebot resolves:
+Pixeebot can triage and fix a wide range of security issues detected by code scanning tools. Many of these issues are common across tools and languages, such as:
 
-- NullPointerExceptions
-- Cross Site Scripting (XSS) and XML External Entity (XXE) attack vulnerabilities
-- Denial of Service (DoS) attack vulnerabilities
-- SQL injection vulnerailities
-- Removal of unnecessary F-strings
+- SQL Injection
+- Cross-Site Scripting (XSS)
+- Insecure Deserialization
+- Insecure Randomness
+- Unsafe XML Parsing
+- Insecure Cookie Handling
+- Command Injection
+- Insecure Configuration
 
 ### How can I test Pixeebot?
 
-Pixeebot is quick to install and starts working immediately upon activation. While Pixeebot is designed for repositories of all sizes, it is most effective at identifying vulnerabilities in active medium to large-sized projects.
+Pixeebot is available as a GitHub App on the [GitHub Marketplace](https://github.com/apps/pixeebot/). We provide a free tier offering that can be installed on any public or private repository. This is a great way to get started with Pixeebot and see how it can help to harden and secure your code.
 
 If you need a repository to test with, we recommend trying Pixeebot out with a deliberately insecure application. Template repositories containing Java and Python test applications are available in PixeeSandbox: [https://github.com/PixeeSandbox](https://github.com/PixeeSandbox)
 
 Testing with these deliberately insecure applications can give you an idea of how Pixeebot works, before installing it directly on your personal or professional repositories.
 
+For additional details, see the [Installation](/installing) page.
+
+Pixeebot also supports on-premises deployment for organizations that require additional security or compliance measures. To learn more about Pixeebot on-premises solutions, please [contact us](https://pixee.ai/demo-landing-page).
+
 ### What environment & languages does Pixeebot support?
 
-Pixeebot is currently available for Java and Python repositories on GitHub, with support for additional languages coming soon. Have a language you’d like to see supported? Let us know in an email to [[email protected]](mailto:[email protected]). We’d love to hear from you!
+Pixeebot supports a wide variety of languages and code scanning tools. For a full list of supported languages, tools, and rules, see the [Code Scanning Tools](/code-scanning-tools/overview) page.
 
 ### What does Pixeebot cost?
 

diff --git a/src/components/HomepageFeatures/index.js b/src/components/HomepageFeatures/index.js
@@ -30,10 +30,11 @@ export default function HomepageFeatures() {
             👋 <span>Introduction</span>
           </h1>
           <p>
-            Welcome to Pixeebot! Learn how Pixeebot can: <ul>
-             <li>Fix security issues reported by your tools</li>
-             <li>Triage security tool findings</li>
-             <li>Harden your code</li>
+            Welcome to Pixeebot! Learn how Pixeebot can:{" "}
+            <ul>
+              <li>Fix security issues reported by your tools</li>
+              <li>Triage security tool findings</li>
+              <li>Harden your code</li>
             </ul>
           </p>
         </div>
@@ -47,14 +48,16 @@ export default function HomepageFeatures() {
           </p>
         </div>
         <div className={styles.item} onClick={() => navigateToDocs(3)}>
-           <h1>
+          <h1>
             ⬇ <span>Get Started</span>
-           </h1>
-           <p>
-             Pixeebot is available as a{" "}
-             <Link to="https://github.com/apps/pixeebot">GitHub App</Link>.
-             Install it for free to try it out, or <Link to="https://www.pixee.ai/demo-landing-page">contact us</Link> for a demo and on-prem support.
-           </p>
+          </h1>
+          <p>
+            Pixeebot is available as a{" "}
+            <Link to="https://github.com/apps/pixeebot">GitHub App</Link>.
+            Install it for free to try it out, or{" "}
+            <Link to="https://www.pixee.ai/demo-landing-page">contact us</Link>{" "}
+            for a demo and on-prem support.
+          </p>
         </div>
         <div className={styles.item} onClick={() => navigateToDocs(6)}>
           <h1>