From ba69a1532ba9d1f327eccb68271ee324c8cb8713 Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Fri, 23 Jan 2026 15:49:08 -0800
Subject: [PATCH 01/11] new pages added

---
 docs/references/feature-definitions.md        |  32 ++++
 docs/references/language-maturity-levels.md   |  61 ++++++
 docs/semgrep-code/language-support.md         |  23 +++
 docs/semgrep-supply-chain/feature-support.md  | 136 +++++++++++++
 docs/semgrep-supply-chain/language-support.md | 178 ++++++++++++++++++
 .../package-manager-support.md                | 142 ++++++++++++++
 docs/supported-languages.md                   |  88 +--------
 sidebars.js                                   |   6 +
 8 files changed, 583 insertions(+), 83 deletions(-)
 create mode 100644 docs/references/feature-definitions.md
 create mode 100644 docs/references/language-maturity-levels.md
 create mode 100644 docs/semgrep-code/language-support.md
 create mode 100644 docs/semgrep-supply-chain/feature-support.md
 create mode 100644 docs/semgrep-supply-chain/language-support.md
 create mode 100644 docs/semgrep-supply-chain/package-manager-support.md

diff --git a/docs/references/feature-definitions.md b/docs/references/feature-definitions.md
new file mode 100644
index 000000000..95f7b43ce
--- /dev/null
+++ b/docs/references/feature-definitions.md
@@ -0,0 +1,32 @@
+---
+slug: feature-definitions
+append_help_link: true
+title: Feature definitions
+hide_title: true
+description: Definitions for Semgrep Code and Supply Chain analysis features.
+tags:
+  - Reference
+---
+
+import DefCrossFile from "/src/components/concept/_def-cross-file.mdx"
+import DefCrossFunction from "/src/components/concept/_def-cross-function.mdx"
+import DefReachability from "/src/components/concept/_def-reachability.md"
+
+# Feature definitions
+
+Use these definitions to understand the analysis features referenced in language
+support pages.
+
+## Cross-file dataflow analysis
+
+<DefCrossFile />
+
+Languages with cross-file support also include cross-function support.
+
+## Cross-function dataflow analysis
+
+<DefCrossFunction />
+
+## Reachability analysis
+
+<DefReachability />
diff --git a/docs/references/language-maturity-levels.md b/docs/references/language-maturity-levels.md
new file mode 100644
index 000000000..77b8d239c
--- /dev/null
+++ b/docs/references/language-maturity-levels.md
@@ -0,0 +1,61 @@
+---
+slug: language-maturity-levels
+append_help_link: true
+title: Language maturity levels
+hide_title: true
+description: Definitions for language maturity levels across Semgrep products.
+tags:
+  - Reference
+---
+
+import LanguageMaturityCode from '/src/components/reference/_language-maturity-code.md'
+
+# Language maturity levels
+
+Use these definitions to understand the maturity levels shown on language support
+pages.
+
+## Semgrep Code
+
+Semgrep Code languages can be classified into four maturity levels:
+
+- Generally available (GA)
+- Beta
+- Experimental
+- Community supported\*
+
+\*Community supported languages meet the parse rate and syntax requirements of
+**Experimental** languages. Users can still access community rules or write their
+own rules.
+
+<LanguageMaturityCode />
+
+## Semgrep Supply Chain
+
+Semgrep Supply Chain has two language maturity levels:
+
+- Generally available
+- Beta
+
+<table>
+  <tr>
+    <td><strong>Feature</strong></td>
+    <td><strong>Generally available</strong></td>
+    <td><strong>Beta</strong></td>
+  </tr>
+  <tr>
+    <td>Number of reachability rules</td>
+    <td>As defined by <a href="/semgrep-supply-chain/feature-support#cve-coverage">CVE coverage</a>.</td>
+    <td>All critical severity CVEs from <a href="/semgrep-supply-chain/feature-support#supported-sources">supported sources</a> starting 2022 onwards, for packages used by customers with an active, paid subscription.</td>
+  </tr>
+  <tr>
+    <td>Semgrep, Inc. rule-writing support</td>
+    <td>Quickly support CVE coverage with reachability analysis for all critical and high vulnerabilities based on the latest <a href="https://nvd.nist.gov/vuln">security advisories</a>.</td>
+    <td>Coverage for CVEs but without reachability analysis.</td>
+  </tr>
+  <tr>
+    <td>Semgrep Community Edition (CE) <a href='/supported-languages#semgrep-oss-language-support'>language support</a></td>
+    <td>Semgrep CE support is GA.</td>
+    <td>Semgrep CE support is at least Beta.</td>
+  </tr>
+</table>
diff --git a/docs/semgrep-code/language-support.md b/docs/semgrep-code/language-support.md
new file mode 100644
index 000000000..8bdc7fa8c
--- /dev/null
+++ b/docs/semgrep-code/language-support.md
@@ -0,0 +1,23 @@
+---
+slug: code-language-support
+append_help_link: true
+title: Language support
+hide_title: true
+description: Learn which languages Semgrep Code supports and the level of support available for each language
+tags:
+  - Semgrep Code
+  - Semgrep AppSec Platform
+---
+
+# Semgrep Code supported languages
+
+Semgrep Code supports a broad set of languages, with different analysis capabilities and maturity levels for each language. 
+
+This page describes the level of language support available in Semgrep Code. For Supply Chain language support, see ==[Semgrep Supply Chain feature support](/supported-languages#semgrep-supply-chain-feature-support)==.
+
+For the complete, up-to-date list of supported languages and analysis features, see
+[Supported languages](/supported-languages). 
+
+See [Language maturity levels](/references/language-maturity-levels) for the
+definitions used on this page, and [Feature definitions](/references/feature-definitions)
+for analysis terminology.
diff --git a/docs/semgrep-supply-chain/feature-support.md b/docs/semgrep-supply-chain/feature-support.md
new file mode 100644
index 000000000..08a8d08bd
--- /dev/null
+++ b/docs/semgrep-supply-chain/feature-support.md
@@ -0,0 +1,136 @@
+---
+slug: sca-feature-support
+append_help_link: true
+title: Feature support
+hide_title: true
+description: Feature coverage for Semgrep Supply Chain across supported languages.
+tags:
+  - Semgrep Supply Chain
+---
+
+import SscIntro from "/src/components/concept/_ssc-intro.md"
+
+# Supply Chain feature support
+
+<SscIntro/>
+
+The following table lists all Supply Chain features for each language. Languages
+with **reachability** support are listed first.
+
+<table>
+<thead>
+<tr>
+<th>Language</th>
+<th align="center">Reachability<br />(see <a href="#cve-coverage">CVE coverage</a>)</th>
+<th><a href="/docs/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta">Scan without lockfiles (beta)</a></th>
+<th>License detection</th>
+<th>Malicious dependency<br />detection</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>C#</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+</tr>
+<tr>
+<td>Go</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+</tr>
+<tr>
+<td>Java</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+</tr>
+<tr>
+<td>JavaScript or TypeScript</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+</tr>
+<tr>
+<td>Kotlin</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+</tr>
+<tr>
+<td>Python</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+<td align="center">✅<br /> For PyPi only</td>
+<td align="center">✅</td>
+</tr>
+<tr>
+<td>Ruby</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+</tr>
+<tr>
+<td>Scala</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+</tr>
+<tr>
+<td>Swift</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+<td align="center">✅†</td>
+<td align="center">--</td>
+</tr>
+<tr>
+<td>PHP</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+<td align="center">✅</td>
+<td align="center">--</td>
+</tr>
+<tr>
+<td>Rust</td>
+<td align="center" width="180px" rowspan="3">No reachability analysis. However, Semgrep can compare a package's version against a list of versions with known vulnerabilities.</td>
+<td align="center">--</td>
+<td align="center">✅</td>
+<td align="center">✅</td>
+</tr>
+<tr>
+<td>Dart</td>
+<td align="center">--</td>
+<td align="center">--</td>
+<td align="center">--</td>
+</tr>
+<tr>
+<td>Elixir</td>
+<td align="center">--</td>
+<td align="center">--</td>
+<td align="center">--</td>
+</tr>
+</tbody>
+</table>
+
+_<strong>†</strong>License detection for new packages is asynchronous and processed
+after the initial scan. Policies aren't applied on first detection, but are enforced
+in subsequent scans._
+
+## CVE coverage
+
+For customers with an active paid subscription, Semgrep’s reachability analysis
+covers all **critical and high severity** CVEs from [supported sources](#supported-sources)
+starting in 2017 across all supported languages.
+
+### Supported sources
+
+- [<i class="fas fa-external-link fa-xs" /> Reviewed GitHub Security Advisories](https://github.com/advisories?query=type%3Areviewed)
+- [<i class="fas fa-external-link fa-xs" /> Electron release notes](https://releases.electronjs.org/releases/stable)
diff --git a/docs/semgrep-supply-chain/language-support.md b/docs/semgrep-supply-chain/language-support.md
new file mode 100644
index 000000000..7276c45da
--- /dev/null
+++ b/docs/semgrep-supply-chain/language-support.md
@@ -0,0 +1,178 @@
+---
+slug: sca-language-support
+append_help_link: true
+title: Supported languages
+hide_title: true
+description: Learn which languages Semgrep Supply Chain supports and the
+    features available for each language.
+tags:
+  - Semgrep Supply Chain
+---
+
+import SscIntro from "/src/components/concept/_ssc-intro.md"
+
+# Semgrep Supply Chain supported languages
+
+Semgrep Supply Chain (SCA) supports a broad set of languages, with different
+feature coverage across each language.
+
+For Semgrep Code language support, see
+[Semgrep Code supported languages](/semgrep-code/code-language-support).
+
+## Language maturity levels
+
+Semgrep Supply Chain has two language maturity levels:
+
+* Generally available
+* Beta
+
+::::tip
+See [Supported languages](/supported-languages) for the complete, up-to-date list
+of supported languages and coverage details.
+::::
+
+## Semgrep Supply Chain feature support
+
+<SscIntro/>
+
+For projects with lockfiles, Semgrep parses lockfiles for dependencies, then scans
+your codebase for reachable findings based on the lockfiles. For a lockfile to be
+scanned by Semgrep Supply Chain, it must have one of the supported lockfile names.
+
+For some languages, a lockfile or manifest file is parsed to determine
+[transitivity](/semgrep-supply-chain/glossary/#transitive-or-indirect-dependency).
+See
+[Transitive dependencies and reachability analysis](/semgrep-supply-chain/overview/#transitive-dependencies-and-reachability-analysis)
+for more information.
+
+Additionally, Semgrep offers beta support for the scanning of projects written in
+the following languages **without lockfiles**:
+
+- C#
+- Java
+- Kotlin
+- Python
+- Ruby
+
+### Package manager support
+
+The following table lists all Semgrep-supported package managers for each language.
+Languages with **reachability** support are listed first.
+
+<div class="language-support-table">
+
+<table>
+<thead><tr>
+    <th>Language</th>
+    <th>Supported package managers</th>
+    <th>Manifest file or lockfile</th>
+</tr></thead>
+<tbody>
+<tr>
+   <td>C#</td>
+   <td>NuGet</td>
+   <td><code>packages.lock.json</code></td>
+</tr>
+<tr>
+   <td>Go</td>
+   <td>Go modules (<code>go mod</code>)</td>
+   <td><code>go.mod</code></td>
+</tr>
+<tr rowspan="2">
+   <td rowspan="2">Java</td>
+   <td>Gradle</td>
+   <td><code>gradle.lockfile</code></td>
+  </tr>
+  <tr>
+   <td>Maven</td>
+   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
+  </tr>
+  <tr>
+   <td rowspan="3">JavaScript or TypeScript</td>
+   <td>npm</td>
+   <td><code>package-lock.json</code></td>
+  </tr>
+  <tr>
+   <td>Yarn</td>
+   <td><code>yarn.lock</code></td>
+  </tr>
+  <tr>
+   <td>pnpm</td>
+   <td><code>pnpm-lock.yaml</code></td>
+  </tr>
+  <tr>
+   <td rowspan="2">Kotlin</td>
+   <td>Gradle</td>
+   <td><code>gradle.lockfile</code></td>
+</tr>
+<tr>
+   <td>Maven</td>
+   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
+</tr>
+  <tr>
+   <td rowspan="5">Python</td>
+   <td>pip</td>
+   <td rowspan="2">Any of the following: <ul><li>`*requirement*.txt` or `*requirement*.pip`</li><li>Any manifest file in a requirements folder, such as `**/requirements/*.txt` or `**/requirements/*.pip`</li></ul> The file must be generated automatically and have values set to exact versions (pinned dependencies).</td>
+  </tr>
+  <tr>
+   <td>pip-tools</td>
+  </tr>
+  <tr>
+   <td>Pipenv</td>
+   <td><code>Pipfile.lock</code></td>
+  </tr>
+  <tr>
+   <td>Poetry</td>
+   <td><code>poetry.lock</code></td>
+  </tr>
+  <tr>
+   <td>uv</td>
+   <td><code>uv.lock</code></td>
+  </tr>
+  <tr>
+   <td>Ruby</td>
+   <td>RubyGems</td>
+   <td><code>Gemfile.lock</code></td>
+  </tr>
+<tr>
+   <td>Scala</td>
+   <td>Maven</td>
+   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
+</tr>
+<tr>
+   <td>Swift</td>
+   <td>SwiftPM</td>
+   <td><code>Package.swift</code> file and Swift-generated <code>Package.resolved</code> file. (See <a href="https://www.swift.org/documentation/package-manager/">Swift documentation </a> for instructions.)</td>
+</tr>
+  <tr>
+   <td>Rust</td>
+   <td>Cargo*</td>
+   <td><code>cargo.lock</code></td>
+</tr>
+<tr>
+   <td>Dart</td>
+   <td>Pub</td>
+   <td><code>pubspec.lock</code></td>
+</tr>
+<tr>
+   <td>Elixir</td>
+   <td>Hex</td>
+   <td><code>mix.lock</code></td>
+</tr>
+<tr>
+   <td>PHP</td>
+   <td>Composer</td>
+   <td><code>composer.lock</code></td>
+</tr>
+  </tbody>
+</table>
+</div>
+
+_<strong>*</strong>Supply Chain does not analyze the transitivity of packages for
+these language and manifest file or lockfile combinations. All dependencies are
+listed as **No Reachability Analysis.**_<br />
+
+### Feature support
+
+For feature coverage across supported languages, see
+[Supply Chain feature support](/semgrep-supply-chain/feature-support).
diff --git a/docs/semgrep-supply-chain/package-manager-support.md b/docs/semgrep-supply-chain/package-manager-support.md
new file mode 100644
index 000000000..a1adb476d
--- /dev/null
+++ b/docs/semgrep-supply-chain/package-manager-support.md
@@ -0,0 +1,142 @@
+---
+slug: sca-package-manager-support
+append_help_link: true
+title: Package manager support
+hide_title: true
+description: Supported package managers and lockfiles for Semgrep Supply Chain
+    scans.
+tags:
+  - Semgrep Supply Chain
+---
+
+# Package manager support
+
+Semgrep Supply Chain (SCA) scans dependencies by parsing manifest files or
+lockfiles. This page lists the supported package managers and file types.
+
+For language-level coverage and feature maturity, see
+[Supported languages](/semgrep-supply-chain/sca-language-support).
+
+For some languages, a lockfile or manifest file is parsed to determine
+[transitivity](/semgrep-supply-chain/glossary/#transitive-or-indirect-dependency).
+See
+[Transitive dependencies and reachability analysis](/semgrep-supply-chain/overview/#transitive-dependencies-and-reachability-analysis)
+for more information.
+
+## Package manager support
+
+The following table lists all Semgrep-supported package managers for each language.
+Languages with **reachability** support are listed first.
+
+<div class="language-support-table">
+
+<table>
+<thead><tr>
+    <th>Language</th>
+    <th>Supported package managers</th>
+    <th>Manifest file or lockfile</th>
+</tr></thead>
+<tbody>
+<tr>
+   <td>C#</td>
+   <td>NuGet</td>
+   <td><code>packages.lock.json</code></td>
+</tr>
+<tr>
+   <td>Go</td>
+   <td>Go modules (<code>go mod</code>)</td>
+   <td><code>go.mod</code></td>
+</tr>
+<tr rowspan="2">
+   <td rowspan="2">Java</td>
+   <td>Gradle</td>
+   <td><code>gradle.lockfile</code></td>
+  </tr>
+  <tr>
+   <td>Maven</td>
+   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
+  </tr>
+  <tr>
+   <td rowspan="3">JavaScript or TypeScript</td>
+   <td>npm</td>
+   <td><code>package-lock.json</code></td>
+  </tr>
+  <tr>
+   <td>Yarn</td>
+   <td><code>yarn.lock</code></td>
+  </tr>
+  <tr>
+   <td>pnpm</td>
+   <td><code>pnpm-lock.yaml</code></td>
+  </tr>
+  <tr>
+   <td rowspan="2">Kotlin</td>
+   <td>Gradle</td>
+   <td><code>gradle.lockfile</code></td>
+</tr>
+<tr>
+   <td>Maven</td>
+   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
+</tr>
+  <tr>
+   <td rowspan="5">Python</td>
+   <td>pip</td>
+   <td rowspan="2">Any of the following: <ul><li>`*requirement*.txt` or `*requirement*.pip`</li><li>Any manifest file in a requirements folder, such as `**/requirements/*.txt` or `**/requirements/*.pip`</li></ul> The file must be generated automatically and have values set to exact versions (pinned dependencies).</td>
+  </tr>
+  <tr>
+   <td>pip-tools</td>
+  </tr>
+  <tr>
+   <td>Pipenv</td>
+   <td><code>Pipfile.lock</code></td>
+  </tr>
+  <tr>
+   <td>Poetry</td>
+   <td><code>poetry.lock</code></td>
+  </tr>
+  <tr>
+   <td>uv</td>
+   <td><code>uv.lock</code></td>
+  </tr>
+  <tr>
+   <td>Ruby</td>
+   <td>RubyGems</td>
+   <td><code>Gemfile.lock</code></td>
+  </tr>
+<tr>
+   <td>Scala</td>
+   <td>Maven</td>
+   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
+</tr>
+<tr>
+   <td>Swift</td>
+   <td>SwiftPM</td>
+   <td><code>Package.swift</code> file and Swift-generated <code>Package.resolved</code> file. (See <a href="https://www.swift.org/documentation/package-manager/">Swift documentation </a> for instructions.)</td>
+</tr>
+  <tr>
+   <td>Rust</td>
+   <td>Cargo*</td>
+   <td><code>cargo.lock</code></td>
+</tr>
+<tr>
+   <td>Dart</td>
+   <td>Pub</td>
+   <td><code>pubspec.lock</code></td>
+</tr>
+<tr>
+   <td>Elixir</td>
+   <td>Hex</td>
+   <td><code>mix.lock</code></td>
+</tr>
+<tr>
+   <td>PHP</td>
+   <td>Composer</td>
+   <td><code>composer.lock</code></td>
+</tr>
+  </tbody>
+</table>
+</div>
+
+_<strong>*</strong>Supply Chain does not analyze the transitivity of packages for
+these language and manifest file or lockfile combinations. All dependencies are
+listed as **No Reachability Analysis.**_<br />
diff --git a/docs/supported-languages.md b/docs/supported-languages.md
index 4178607f5..3dc8c34fd 100644
--- a/docs/supported-languages.md
+++ b/docs/supported-languages.md
@@ -12,15 +12,12 @@ title: Supported languages
 
 import SupportedLanguagesTable from '/src/components/reference/_supported-languages-table.mdx'
 import SscIntro from "/src/components/concept/_ssc-intro.md"
-import LanguageMaturityCode from '/src/components/reference/_language-maturity-code.md'
 import SemgrepProEngineIntroduction from "/src/components/concept/_semgrep-pro-engine-introduction.mdx"
-import DefCrossFile from "/src/components/concept/_def-cross-file.mdx"
-import DefCrossFunction from "/src/components/concept/_def-cross-function.mdx"
-import DefReachability from "/src/components/concept/_def-reachability.md"
 
 # Supported languages
 
-This document provides information about supported languages and language maturity definitions for the following products:
+This document provides information about supported languages and links to language
+maturity definitions for the following products:
 
 * **Semgrep Code (SAST)** - a static application security testing (SAST) solution designed to detect complex security vulnerabilities. 
 * **Semgrep Supply Chain (SCA)** - a software composition analysis (SCA) tool that detects security vulnerabilities in your codebase introduced by open source dependencies.
@@ -31,7 +28,7 @@ Semgrep Code and Semgrep Supply Chain are free for [small teams](https://semgrep
 
 The following table lists all **Generally available (GA)** and **Beta** languages for Semgrep Code and Semgrep Supply Chain.
 
-Languages are arranged by feature completeness from most to least. **Cross-file (interfile)** analysis for Semgrep Code and **reachability** analysis for Semgrep Supply Chain are the most advanced analyses that Semgrep provides; see [Feature definitions](#feature-definitions) for more details.
+Languages are arranged by feature completeness from most to least. **Cross-file (interfile)** analysis for Semgrep Code and **reachability** analysis for Semgrep Supply Chain are the most advanced analyses that Semgrep provides; see [Feature definitions](/references/feature-definitions) for more details.
 
 <!-- *************************************************************************
 ARE YOU EDITING THE SUPPORTED LANGUAGES IN ANY WAY? ADDING A FEATURE? ETC?
@@ -44,87 +41,12 @@ Don't forget to update:
 
 <SupportedLanguagesTable />
 
-### Language maturity levels
 
-#### Semgrep Code
 
-Semgrep Code languages can be classified into four maturity levels:
 
-* Generally available (GA)
-* Beta
-* Experimental
-* Community supported\*
 
-\*Community supported languages meet the parse rate and syntax requirements of **Experimental** languages. Users can still access community rules or write their own rules.
-
-<details>
-<summary>Click to view table of definitions.</summary>
-
-<LanguageMaturityCode />
-
-</details>
-
-#### Semgrep Supply Chain
-
-Semgrep Supply Chain has two language maturity levels:
-
-* Generally available
-* Beta
-
-
-<details>
-<summary>Click to view table of definitions.</summary>
-
-<table>
-  <tr>
-   <td><strong>Feature</strong></td>
-   <td><strong>Generally available</strong></td>
-   <td><strong>Beta</strong></td>
-  </tr>
-  <tr>
-   <td>Number of reachability rules</td>
-   <td>As defined by <a href="#cve-coverage">CVE coverage</a>.</td>
-   <td>All critical severity CVEs from <a href="#supported-sources">supported sources</a> starting 2022 onwards, for packages used by customers with an active, paid subscription.</td>
-  </tr>
-  <tr>
-   <td>Semgrep, Inc. rule-writing support</td>
-   <td>Quickly support CVE coverage with reachability analysis for all critical and high vulnerabilities based on the latest <a href="https://nvd.nist.gov/vuln">security advisories</a>.</td>
-   <td>Coverage for CVEs but without reachability analysis.</td>
-  </tr>
-  <tr>
-   <td>Semgrep Community Edition (CE) <a href='/supported-languages#semgrep-oss-language-support'>language support</a></td>
-   <td>Semgrep CE support is GA.</td>
-   <td>Semgrep CE support is at least Beta.</td>
-  </tr>
-</table>
-
-</details>
-
-### Feature definitions
-
-<details>
-<summary>Cross-file dataflow analysis</summary>
-
-<DefCrossFile />
-
-Languages with cross-file support also include cross-function support.
-
-</details>
-
-<details>
-<summary>Cross-function dataflow analysis</summary>
-<DefCrossFunction />
-</details>
-
-<details>
-<summary>Reachability analysis</summary>
-<DefReachability />
-
-</details>
-
-:::tip
-See [Language maturity levels](#language-maturity-levels) to learn which features define GA or beta language support.
-:::
+See [Language maturity levels](/references/language-maturity-levels) for the
+definitions used on this page.
 
 ## Semgrep Supply Chain feature support
 
diff --git a/sidebars.js b/sidebars.js
index a526a843d..8718acd8d 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -268,6 +268,7 @@ module.exports = {
             label: 'SAST (Code)',
             items: [
                 'semgrep-code/overview',
+                'semgrep-code/language-support',
                 {
                     type: 'category',
                     collapsible: true,
@@ -306,6 +307,9 @@ module.exports = {
             label: 'SCA (Supply Chain)',
             items: [
                 'semgrep-supply-chain/overview',
+                'semgrep-supply-chain/language-support',
+                'semgrep-supply-chain/package-manager-support',
+                'semgrep-supply-chain/feature-support',
                 {
                   type: 'category',
                   collapsible: true,
@@ -470,6 +474,8 @@ module.exports = {
                 'semgrep-supply-chain/glossary'
             ]
         },
+        'references/language-maturity-levels',
+        'references/feature-definitions',
         'semgrepignore-v2-reference',
         'cli-reference',
         'semgrep-appsec-platform/json-and-sarif'

From f92b5299c67fa7a0ade6a5107cc8bc4787323960 Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Mon, 26 Jan 2026 13:51:22 -0800
Subject: [PATCH 02/11] supported languages rearrange 2

---
 docs/semgrep-code/language-support.md         |  23 --
 docs/semgrep-code/overview.md                 |  11 +
 docs/semgrep-supply-chain/feature-support.md  |  29 +-
 docs/semgrep-supply-chain/language-support.md | 178 -----------
 docs/semgrep-supply-chain/overview.md         |  14 +
 docs/supported-languages.md                   | 286 +-----------------
 sidebars.js                                   |  13 +-
 7 files changed, 63 insertions(+), 491 deletions(-)
 delete mode 100644 docs/semgrep-code/language-support.md
 delete mode 100644 docs/semgrep-supply-chain/language-support.md

diff --git a/docs/semgrep-code/language-support.md b/docs/semgrep-code/language-support.md
deleted file mode 100644
index 8bdc7fa8c..000000000
--- a/docs/semgrep-code/language-support.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-slug: code-language-support
-append_help_link: true
-title: Language support
-hide_title: true
-description: Learn which languages Semgrep Code supports and the level of support available for each language
-tags:
-  - Semgrep Code
-  - Semgrep AppSec Platform
----
-
-# Semgrep Code supported languages
-
-Semgrep Code supports a broad set of languages, with different analysis capabilities and maturity levels for each language. 
-
-This page describes the level of language support available in Semgrep Code. For Supply Chain language support, see ==[Semgrep Supply Chain feature support](/supported-languages#semgrep-supply-chain-feature-support)==.
-
-For the complete, up-to-date list of supported languages and analysis features, see
-[Supported languages](/supported-languages). 
-
-See [Language maturity levels](/references/language-maturity-levels) for the
-definitions used on this page, and [Feature definitions](/references/feature-definitions)
-for analysis terminology.
diff --git a/docs/semgrep-code/overview.md b/docs/semgrep-code/overview.md
index b0e946e08..7ec267766 100644
--- a/docs/semgrep-code/overview.md
+++ b/docs/semgrep-code/overview.md
@@ -11,6 +11,7 @@ tags:
 
 
 import SemgrepScan from "/src/components/concept/_semgrep-scan.mdx"
+import SupportedLanguagesTable from '/src/components/reference/_supported-languages-table.mdx'
 
 # Semgrep Code overview
 
@@ -35,6 +36,16 @@ Semgrep AppSec Platform displays Semgrep Code's findings. Additionally, the plat
 * Customize how Semgrep Code scans your repositories
 * Manage your users and facilitate team collaboration in remediating security issues
 
+## Language support and integrations
+
+Semgrep Code supports a [broad set of programming languages](/docs/supported-languages), with varying levels of analysis capabilities and language maturity. For definitions of language maturity levels, see [Language maturity levels](/references/language-maturity-levels).
+
+Semgrep Code analyzes source code directly and does not require package manager metadata. For dependency and package analysis, see [Semgrep Supply Chain package manager support](/semgrep-supply-chain/package-manager-support).
+
+Semgrep Code scans repositories connected through a supported source code manager. For supported options and setup instructions, see [SCM support](/getting-started/scm-support) and [Connect a source code manager](/deployment/connect-scm).
+
+For analysis terminology and advanced dataflow capabilities, see [Feature definitions](/references/feature-definitions) and [Semgrep Code cross-file analysis](/semgrep-code/semgrep-pro-engine-intro).
+
 ## Semgrep Community Edition (CE) versus Semgrep Code analysis
 
 By default, Semgrep Code can analyze interactions beyond a single function but within a single file, a process known as **cross-function or interprocedural analysis**. This smaller scope of analysis makes it faster and easier to integrate into developer workflows.
diff --git a/docs/semgrep-supply-chain/feature-support.md b/docs/semgrep-supply-chain/feature-support.md
index 08a8d08bd..ea2261711 100644
--- a/docs/semgrep-supply-chain/feature-support.md
+++ b/docs/semgrep-supply-chain/feature-support.md
@@ -13,9 +13,29 @@ import SscIntro from "/src/components/concept/_ssc-intro.md"
 # Supply Chain feature support
 
 <SscIntro/>
+For projects with lockfiles, Semgrep parses lockfiles for dependencies, then scans your codebase for reachable findings based on the lockfiles. For a lockfile to be scanned by Semgrep Supply Chain, it must have one of the supported lockfile names.
 
-The following table lists all Supply Chain features for each language. Languages
-with **reachability** support are listed first.
+For some languages, a lockfile or manifest file is parsed to determine [transitivity](/semgrep-supply-chain/glossary/#transitive-or-indirect-dependency). See [Transitive dependencies and reachability analysis](/semgrep-supply-chain/overview/#transitive-dependencies-and-reachability-analysis) for more information.
+
+Additionally, Semgrep offers beta support for the scanning of projects written in the following languages **without lockfiles**:
+
+- C#
+- Java
+- Kotlin
+- Python
+- Ruby
+
+## Supply Chain features for each language
+<!-- *************************************************************************
+ARE YOU EDITING THE SUPPORTED LANGUAGES IN ANY WAY? ADDING A FEATURE? ETC?
+
+Don't forget to update:
+- table at Semgrep CE vs Semgrep
+- the individual language's page
+- and most importantly, the index!!
+*************************************************************************** -->
+
+The following table lists all Supply Chain features for each language. Languages with **reachability** support are listed first.
 
 <table>
 <thead>
@@ -120,9 +140,8 @@ with **reachability** support are listed first.
 </tbody>
 </table>
 
-_<strong>†</strong>License detection for new packages is asynchronous and processed
-after the initial scan. Policies aren't applied on first detection, but are enforced
-in subsequent scans._
+
+_<strong>†</strong>License detection for new packages is asynchronous and processed after the initial scan. Policies aren't applied on first detection, but are enforced in subsequent scans._
 
 ## CVE coverage
 
diff --git a/docs/semgrep-supply-chain/language-support.md b/docs/semgrep-supply-chain/language-support.md
deleted file mode 100644
index 7276c45da..000000000
--- a/docs/semgrep-supply-chain/language-support.md
+++ /dev/null
@@ -1,178 +0,0 @@
----
-slug: sca-language-support
-append_help_link: true
-title: Supported languages
-hide_title: true
-description: Learn which languages Semgrep Supply Chain supports and the
-    features available for each language.
-tags:
-  - Semgrep Supply Chain
----
-
-import SscIntro from "/src/components/concept/_ssc-intro.md"
-
-# Semgrep Supply Chain supported languages
-
-Semgrep Supply Chain (SCA) supports a broad set of languages, with different
-feature coverage across each language.
-
-For Semgrep Code language support, see
-[Semgrep Code supported languages](/semgrep-code/code-language-support).
-
-## Language maturity levels
-
-Semgrep Supply Chain has two language maturity levels:
-
-* Generally available
-* Beta
-
-::::tip
-See [Supported languages](/supported-languages) for the complete, up-to-date list
-of supported languages and coverage details.
-::::
-
-## Semgrep Supply Chain feature support
-
-<SscIntro/>
-
-For projects with lockfiles, Semgrep parses lockfiles for dependencies, then scans
-your codebase for reachable findings based on the lockfiles. For a lockfile to be
-scanned by Semgrep Supply Chain, it must have one of the supported lockfile names.
-
-For some languages, a lockfile or manifest file is parsed to determine
-[transitivity](/semgrep-supply-chain/glossary/#transitive-or-indirect-dependency).
-See
-[Transitive dependencies and reachability analysis](/semgrep-supply-chain/overview/#transitive-dependencies-and-reachability-analysis)
-for more information.
-
-Additionally, Semgrep offers beta support for the scanning of projects written in
-the following languages **without lockfiles**:
-
-- C#
-- Java
-- Kotlin
-- Python
-- Ruby
-
-### Package manager support
-
-The following table lists all Semgrep-supported package managers for each language.
-Languages with **reachability** support are listed first.
-
-<div class="language-support-table">
-
-<table>
-<thead><tr>
-    <th>Language</th>
-    <th>Supported package managers</th>
-    <th>Manifest file or lockfile</th>
-</tr></thead>
-<tbody>
-<tr>
-   <td>C#</td>
-   <td>NuGet</td>
-   <td><code>packages.lock.json</code></td>
-</tr>
-<tr>
-   <td>Go</td>
-   <td>Go modules (<code>go mod</code>)</td>
-   <td><code>go.mod</code></td>
-</tr>
-<tr rowspan="2">
-   <td rowspan="2">Java</td>
-   <td>Gradle</td>
-   <td><code>gradle.lockfile</code></td>
-  </tr>
-  <tr>
-   <td>Maven</td>
-   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
-  </tr>
-  <tr>
-   <td rowspan="3">JavaScript or TypeScript</td>
-   <td>npm</td>
-   <td><code>package-lock.json</code></td>
-  </tr>
-  <tr>
-   <td>Yarn</td>
-   <td><code>yarn.lock</code></td>
-  </tr>
-  <tr>
-   <td>pnpm</td>
-   <td><code>pnpm-lock.yaml</code></td>
-  </tr>
-  <tr>
-   <td rowspan="2">Kotlin</td>
-   <td>Gradle</td>
-   <td><code>gradle.lockfile</code></td>
-</tr>
-<tr>
-   <td>Maven</td>
-   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
-</tr>
-  <tr>
-   <td rowspan="5">Python</td>
-   <td>pip</td>
-   <td rowspan="2">Any of the following: <ul><li>`*requirement*.txt` or `*requirement*.pip`</li><li>Any manifest file in a requirements folder, such as `**/requirements/*.txt` or `**/requirements/*.pip`</li></ul> The file must be generated automatically and have values set to exact versions (pinned dependencies).</td>
-  </tr>
-  <tr>
-   <td>pip-tools</td>
-  </tr>
-  <tr>
-   <td>Pipenv</td>
-   <td><code>Pipfile.lock</code></td>
-  </tr>
-  <tr>
-   <td>Poetry</td>
-   <td><code>poetry.lock</code></td>
-  </tr>
-  <tr>
-   <td>uv</td>
-   <td><code>uv.lock</code></td>
-  </tr>
-  <tr>
-   <td>Ruby</td>
-   <td>RubyGems</td>
-   <td><code>Gemfile.lock</code></td>
-  </tr>
-<tr>
-   <td>Scala</td>
-   <td>Maven</td>
-   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
-</tr>
-<tr>
-   <td>Swift</td>
-   <td>SwiftPM</td>
-   <td><code>Package.swift</code> file and Swift-generated <code>Package.resolved</code> file. (See <a href="https://www.swift.org/documentation/package-manager/">Swift documentation </a> for instructions.)</td>
-</tr>
-  <tr>
-   <td>Rust</td>
-   <td>Cargo*</td>
-   <td><code>cargo.lock</code></td>
-</tr>
-<tr>
-   <td>Dart</td>
-   <td>Pub</td>
-   <td><code>pubspec.lock</code></td>
-</tr>
-<tr>
-   <td>Elixir</td>
-   <td>Hex</td>
-   <td><code>mix.lock</code></td>
-</tr>
-<tr>
-   <td>PHP</td>
-   <td>Composer</td>
-   <td><code>composer.lock</code></td>
-</tr>
-  </tbody>
-</table>
-</div>
-
-_<strong>*</strong>Supply Chain does not analyze the transitivity of packages for
-these language and manifest file or lockfile combinations. All dependencies are
-listed as **No Reachability Analysis.**_<br />
-
-### Feature support
-
-For feature coverage across supported languages, see
-[Supply Chain feature support](/semgrep-supply-chain/feature-support).
diff --git a/docs/semgrep-supply-chain/overview.md b/docs/semgrep-supply-chain/overview.md
index dba4ea6e5..0c4cea311 100644
--- a/docs/semgrep-supply-chain/overview.md
+++ b/docs/semgrep-supply-chain/overview.md
@@ -53,6 +53,20 @@ However, some dependencies are vulnerable simply through their inclusion in a co
 
 Some package ecosystems allow the use of a transitive dependency as if it were a direct dependency. Though this feature is uncommon, Semgrep Supply Chain can scan for such usages and flag vulnerabilities in transitive dependencies as unreachable if not used directly.
 
+## Language support and integrations
+
+Semgrep Supply Chain supports a broad set of languages with varying feature
+coverage. See [Supported languages](/supported-languages) and
+[Language maturity levels](/references/language-maturity-levels) for details.
+
+For dependency metadata support, see
+[Package manager support](/docs/semgrep-supply-chain/sca-package-manager-support). For feature coverage by language, see
+[Supply Chain feature support](/docs/semgrep-supply-chain/sca-feature-support).
+
+Semgrep Supply Chain scans repositories connected from your source code manager.
+See [SCM support](/getting-started/scm-support) and
+[Connect a source code manager](/deployment/connect-scm) for supported options.
+
 ## Software bill of materials
 
 Semgrep Supply Chain can [generate a software bill of materials (SBOM)](/semgrep-supply-chain/sbom), a complete inventory of your third-party or open source components, to assist you with your auditing procedures.
diff --git a/docs/supported-languages.md b/docs/supported-languages.md
index 3dc8c34fd..c9ca9be37 100644
--- a/docs/supported-languages.md
+++ b/docs/supported-languages.md
@@ -16,19 +16,9 @@ import SemgrepProEngineIntroduction from "/src/components/concept/_semgrep-pro-e
 
 # Supported languages
 
-This document provides information about supported languages and links to language
-maturity definitions for the following products:
+The following table lists all **Generally available (GA)** and **Beta** languages for [Semgrep Code (SAST)](/docs/semgrep-code/overview) and [Semgrep Supply Chain (SCA)](/docs/semgrep-supply-chain/overview). Languages are arranged by feature completeness from most to least. 
 
-* **Semgrep Code (SAST)** - a static application security testing (SAST) solution designed to detect complex security vulnerabilities. 
-* **Semgrep Supply Chain (SCA)** - a software composition analysis (SCA) tool that detects security vulnerabilities in your codebase introduced by open source dependencies.
-
-Semgrep Code and Semgrep Supply Chain are free for [small teams](https://semgrep.dev/pricing).
-
-## Language maturity summary
-
-The following table lists all **Generally available (GA)** and **Beta** languages for Semgrep Code and Semgrep Supply Chain.
-
-Languages are arranged by feature completeness from most to least. **Cross-file (interfile)** analysis for Semgrep Code and **reachability** analysis for Semgrep Supply Chain are the most advanced analyses that Semgrep provides; see [Feature definitions](/references/feature-definitions) for more details.
+**Cross-file (interfile)** analysis for Semgrep Code and **reachability** analysis for Semgrep Supply Chain are the most advanced analyses that Semgrep provides. See [Feature definitions](/references/feature-definitions) for more details.
 
 <!-- *************************************************************************
 ARE YOU EDITING THE SUPPORTED LANGUAGES IN ANY WAY? ADDING A FEATURE? ETC?
@@ -42,277 +32,11 @@ Don't forget to update:
 <SupportedLanguagesTable />
 
 
-
-
-
-See [Language maturity levels](/references/language-maturity-levels) for the
-definitions used on this page.
-
-## Semgrep Supply Chain feature support
-
-<SscIntro/>
-
-For projects with lockfiles, Semgrep parses lockfiles for dependencies, then scans your codebase for reachable findings based on the lockfiles. For a lockfile to be scanned by Semgrep Supply Chain, it must have one of the supported lockfile names.
-
-For some languages, a lockfile or manifest file is parsed to determine [transitivity](/semgrep-supply-chain/glossary/#transitive-or-indirect-dependency). See [Transitive dependencies and reachability analysis](/semgrep-supply-chain/overview/#transitive-dependencies-and-reachability-analysis) for more information.
-
-Additionally, Semgrep offers beta support for the scanning of projects written in the following languages **without lockfiles**:
-
-- C#
-- Java
-- Kotlin
-- Python
-- Ruby
-
-### Package manager support
-
-The following table lists all Semgrep-supported package managers for each language. Languages  with **reachability** support are listed first.
-
-<div class="language-support-table">
-
-<table>
-<thead><tr>
-    <th>Language</th>
-    <th>Supported package managers</th>
-    <th>Manifest file or lockfile</th>
-</tr></thead>
-<tbody>
-<tr>
-   <td>C#</td>
-   <td>NuGet</td>
-   <td><code>packages.lock.json</code></td>
-</tr>
-<tr>
-   <td>Go</td>
-   <td>Go modules (<code>go mod</code>)</td>
-   <td><code>go.mod</code></td>
-</tr>
-<tr rowspan="2">
-   <td rowspan="2">Java</td>
-   <td>Gradle</td>
-   <td><code>gradle.lockfile</code></td>
-  </tr>
-  <tr>
-   <td>Maven</td>
-   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
-  </tr>
-  <tr>
-   <td rowspan="3">JavaScript or TypeScript</td>
-   <td>npm</td>
-   <td><code>package-lock.json</code></td>
-  </tr>
-  <tr>
-   <td>Yarn</td>
-   <td><code>yarn.lock</code></td>
-  </tr>
-  <tr>
-   <td>pnpm</td>
-   <td><code>pnpm-lock.yaml</code></td>
-  </tr>
-  <tr>
-   <td rowspan="2">Kotlin</td>
-   <td>Gradle</td>
-   <td><code>gradle.lockfile</code></td>
-</tr>
-<tr>
-   <td>Maven</td>
-   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
-</tr>
-  <tr>
-   <td rowspan="5">Python</td>
-   <td>pip</td>
-   <td rowspan="2">Any of the following: <ul><li>`*requirement*.txt` or `*requirement*.pip`</li><li>Any manifest file in a requirements folder, such as `**/requirements/*.txt` or `**/requirements/*.pip`</li></ul> The file must be generated automatically and have values set to exact versions (pinned dependencies).</td>
-  </tr>
-  <tr>
-   <td>pip-tools</td>
-  </tr>
-  <tr>
-   <td>Pipenv</td>
-   <td><code>Pipfile.lock</code></td>
-  </tr>
-  <tr>
-   <td>Poetry</td>
-   <td><code>poetry.lock</code></td>
-  </tr>
-  <tr>
-   <td>uv</td>
-   <td><code>uv.lock</code></td>
-  </tr>
-  <tr>
-   <td>Ruby</td>
-   <td>RubyGems</td>
-   <td><code>Gemfile.lock</code></td>
-  </tr>
-<tr>
-   <td>Scala</td>
-   <td>Maven</td>
-   <td>Maven-generated dependency tree (See <a href="/docs/semgrep-supply-chain/setup-maven/">Setting up SSC scans for Apache Maven</a> for instructions.)</td>
-</tr>
-<tr>
-   <td>Swift</td>
-   <td>SwiftPM</td>
-   <td><code>Package.swift</code> file and Swift-generated <code>Package.resolved</code> file. (See <a href="https://www.swift.org/documentation/package-manager/">Swift documentation </a> for instructions.)</td>
-</tr>
-  <tr>
-   <td>Rust</td>
-   <td>Cargo*</td>
-   <td><code>cargo.lock</code></td>
-</tr>
-<tr>
-   <td>Dart</td>
-   <td>Pub</td>
-   <td><code>pubspec.lock</code></td>
-</tr>
-<tr>
-   <td>Elixir</td>
-   <td>Hex</td>
-   <td><code>mix.lock</code></td>
-</tr>
-<tr>
-   <td>PHP</td>
-   <td>Composer</td>
-   <td><code>composer.lock</code></td>
-</tr>
-  </tbody>
-</table>
-</div>
-
-_<strong>*</strong>Supply Chain does not analyze the transitivity of packages for these language and manifest file or lockfile combinations. All dependencies are listed as **No Reachability Analysis.**_<br />
-
-### Feature support
-
-<!-- *************************************************************************
-ARE YOU EDITING THE SUPPORTED LANGUAGES IN ANY WAY? ADDING A FEATURE? ETC?
-
-Don't forget to update:
-- table at Semgrep CE vs Semgrep
-- the individual language's page
-- and most importantly, the index!!
-*************************************************************************** -->
-
-
-The following table lists all Supply Chain features for each language. Languages with **reachability** support are listed first.
-
-<table>
-<thead>
-<tr>
-<th>Language</th>
-<th align="center">Reachability<br />(see <a href="#cve-coverage">CVE coverage</a>)</th>
-<th><a href="/docs/semgrep-supply-chain/getting-started#scan-a-project-without-lockfiles-beta">Scan without lockfiles (beta)</a></th>
-<th>License detection</th>
-<th>Malicious dependency<br />detection</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>C#</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-</tr>
-<tr>
-<td>Go</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-</tr>
-<tr>
-<td>Java</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-</tr>
-<tr>
-<td>JavaScript or TypeScript</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-</tr>
-<tr>
-<td>Kotlin</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-</tr>
-<tr>
-<td>Python</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-<td align="center">✅<br /> For PyPi only</td>
-<td align="center">✅</td>
-</tr>
-<tr>
-<td>Ruby</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-</tr>
-<tr>
-<td>Scala</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-</tr>
-<tr>
-<td>Swift</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-<td align="center">✅†</td>
-<td align="center">--</td>
-</tr>
-<tr>
-<td>PHP</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-<td align="center">✅</td>
-<td align="center">--</td>
-</tr>
-<tr>
-<td>Rust</td>
-<td align="center" width="180px" rowspan="3">No reachability analysis. However, Semgrep can compare a package's version against a list of versions with known vulnerabilities.</td>
-<td align="center">--</td>
-<td align="center">✅</td>
-<td align="center">✅</td>
-</tr>
-<tr>
-<td>Dart</td>
-<td align="center">--</td>
-<td align="center">--</td>
-<td align="center">--</td>
-</tr>
-<tr>
-<td>Elixir</td>
-<td align="center">--</td>
-<td align="center">--</td>
-<td align="center">--</td>
-</tr>
-</tbody>
-</table>
-
-_<strong>†</strong>License detection for new packages is asynchronous and processed after the initial scan. Policies aren't applied on first detection, but are enforced in subsequent scans._
-
-#### CVE coverage
-
-For customers with an active paid subscription, Semgrep’s reachability analysis covers all **critical and high severity** CVEs from [supported sources](#supported-sources) starting in 2017 across all supported languages.
-
-##### Supported sources
-
-- [<i class="fas fa-external-link fa-xs" /> Reviewed GitHub Security Advisories](https://github.com/advisories?query=type%3Areviewed)
-- [<i class="fas fa-external-link fa-xs" /> Electron release notes](https://releases.electronjs.org/releases/stable)
-
-### Feature and product maturity levels
-
-The detailed specifications previously provided apply only to language support. Language maturity levels differ from feature and product maturity levels.
-
 ## More information
 
+* Visit the [Language maturity page](/docs/references/language-maturity-levels#semgrep-supply-chain) for definitions of the maturity levels shown on language support pages.
+* Visit the [Feature definitions page](/docs/references/feature-definitions) to understand the analysis features referenced in language support pages.
+
 Visit the cheat sheet generation script and associated semgrep-core test files to learn more about each feature:
 * [Generation script](https://github.com/semgrep/semgrep/blob/develop/scripts/generate_cheatsheet.py)
 * [`semgrep-core` test files](https://github.com/semgrep/semgrep/tree/develop/tests)
diff --git a/sidebars.js b/sidebars.js
index 8718acd8d..2781cad97 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -268,7 +268,6 @@ module.exports = {
             label: 'SAST (Code)',
             items: [
                 'semgrep-code/overview',
-                'semgrep-code/language-support',
                 {
                     type: 'category',
                     collapsible: true,
@@ -307,9 +306,15 @@ module.exports = {
             label: 'SCA (Supply Chain)',
             items: [
                 'semgrep-supply-chain/overview',
-                'semgrep-supply-chain/language-support',
-                'semgrep-supply-chain/package-manager-support',
-                'semgrep-supply-chain/feature-support',
+                {
+                  type: 'category',
+                  collapsible: true,
+                  label: 'Coverage',
+                  items: [
+                    'semgrep-supply-chain/package-manager-support',
+                    'semgrep-supply-chain/feature-support',
+                  ]
+                },
                 {
                   type: 'category',
                   collapsible: true,

From 74b52a91370ba60c14abfd2a0ab61df78d2e60c7 Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Mon, 26 Jan 2026 14:23:56 -0800
Subject: [PATCH 03/11] fix broken links

---
 docs/cheat-sheets/overview.md                            | 2 +-
 docs/learn/security-foundations/supply-chain-security.md | 2 +-
 docs/references/language-maturity-levels.md              | 4 ++--
 docs/semgrep-code/overview.md                            | 2 +-
 docs/semgrep-supply-chain/overview.md                    | 5 +++--
 docs/semgrep-supply-chain/package-manager-support.md     | 2 +-
 6 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/docs/cheat-sheets/overview.md b/docs/cheat-sheets/overview.md
index 13193b566..f3c42e5d2 100644
--- a/docs/cheat-sheets/overview.md
+++ b/docs/cheat-sheets/overview.md
@@ -17,7 +17,7 @@ import CardImage from '@site/src/components/Card/CardImage'
 
 Semgrep **cheat sheets** serve as security reference guides with programming language–specific examples. They are designed to help you mitigate common risks in popular libraries and frameworks while ensuring secure practices in your source code.
 
-See [Supported Languages](/docs/supported-languages) for the complete set of languages and [package managers](/docs/supported-languages#package-manager-support) supported by Semgrep.
+See [Supported Languages](/docs/supported-languages) for the complete set of languages and [package managers](/semgrep-supply-chain/sca-package-manager-support) supported by Semgrep.
 
 <div class = "col-1-fixed">
   <Card className={'card-50'} link='/docs/category/go'>
diff --git a/docs/learn/security-foundations/supply-chain-security.md b/docs/learn/security-foundations/supply-chain-security.md
index 00e612643..4c280031a 100644
--- a/docs/learn/security-foundations/supply-chain-security.md
+++ b/docs/learn/security-foundations/supply-chain-security.md
@@ -68,7 +68,7 @@ Even if your dependencies are safe, if you fetch them over insecure channels, or
 - PyPi for Python
 - RubyGems for Ruby
 - Packagist for PHP
-- and [many more](/docs/supported-languages#package-manager-support)
+- and [many more](/semgrep-supply-chain/sca-package-manager-support)
 
 ## Detect and prioritize supply chain issues
 
diff --git a/docs/references/language-maturity-levels.md b/docs/references/language-maturity-levels.md
index 77b8d239c..c2564665f 100644
--- a/docs/references/language-maturity-levels.md
+++ b/docs/references/language-maturity-levels.md
@@ -45,8 +45,8 @@ Semgrep Supply Chain has two language maturity levels:
   </tr>
   <tr>
     <td>Number of reachability rules</td>
-    <td>As defined by <a href="/semgrep-supply-chain/feature-support#cve-coverage">CVE coverage</a>.</td>
-    <td>All critical severity CVEs from <a href="/semgrep-supply-chain/feature-support#supported-sources">supported sources</a> starting 2022 onwards, for packages used by customers with an active, paid subscription.</td>
+    <td>As defined by <a href="/semgrep-supply-chain/sca-feature-support#cve-coverage">CVE coverage</a>.</td>
+    <td>All critical severity CVEs from <a href="/semgrep-supply-chain/sca-feature-support#supported-sources">supported sources</a> starting 2022 onwards, for packages used by customers with an active, paid subscription.</td>
   </tr>
   <tr>
     <td>Semgrep, Inc. rule-writing support</td>
diff --git a/docs/semgrep-code/overview.md b/docs/semgrep-code/overview.md
index 7ec267766..ba925320a 100644
--- a/docs/semgrep-code/overview.md
+++ b/docs/semgrep-code/overview.md
@@ -40,7 +40,7 @@ Semgrep AppSec Platform displays Semgrep Code's findings. Additionally, the plat
 
 Semgrep Code supports a [broad set of programming languages](/docs/supported-languages), with varying levels of analysis capabilities and language maturity. For definitions of language maturity levels, see [Language maturity levels](/references/language-maturity-levels).
 
-Semgrep Code analyzes source code directly and does not require package manager metadata. For dependency and package analysis, see [Semgrep Supply Chain package manager support](/semgrep-supply-chain/package-manager-support).
+Semgrep Code analyzes source code directly and does not require package manager metadata. For dependency and package analysis, see [Semgrep Supply Chain package manager support](/semgrep-supply-chain/sca-package-manager-support).
 
 Semgrep Code scans repositories connected through a supported source code manager. For supported options and setup instructions, see [SCM support](/getting-started/scm-support) and [Connect a source code manager](/deployment/connect-scm).
 
diff --git a/docs/semgrep-supply-chain/overview.md b/docs/semgrep-supply-chain/overview.md
index 0c4cea311..73f3322ba 100644
--- a/docs/semgrep-supply-chain/overview.md
+++ b/docs/semgrep-supply-chain/overview.md
@@ -60,8 +60,9 @@ coverage. See [Supported languages](/supported-languages) and
 [Language maturity levels](/references/language-maturity-levels) for details.
 
 For dependency metadata support, see
-[Package manager support](/docs/semgrep-supply-chain/sca-package-manager-support). For feature coverage by language, see
-[Supply Chain feature support](/docs/semgrep-supply-chain/sca-feature-support).
+[Package manager support](/semgrep-supply-chain/sca-package-manager-support). For
+feature coverage by language, see
+[Supply Chain feature support](/semgrep-supply-chain/sca-feature-support).
 
 Semgrep Supply Chain scans repositories connected from your source code manager.
 See [SCM support](/getting-started/scm-support) and
diff --git a/docs/semgrep-supply-chain/package-manager-support.md b/docs/semgrep-supply-chain/package-manager-support.md
index a1adb476d..ef317bbcb 100644
--- a/docs/semgrep-supply-chain/package-manager-support.md
+++ b/docs/semgrep-supply-chain/package-manager-support.md
@@ -15,7 +15,7 @@ Semgrep Supply Chain (SCA) scans dependencies by parsing manifest files or
 lockfiles. This page lists the supported package managers and file types.
 
 For language-level coverage and feature maturity, see
-[Supported languages](/semgrep-supply-chain/sca-language-support).
+[Supported languages](/supported-languages).
 
 For some languages, a lockfile or manifest file is parsed to determine
 [transitivity](/semgrep-supply-chain/glossary/#transitive-or-indirect-dependency).

From cb68e137aafbf71e0b24fa88572258915268b4d1 Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Mon, 26 Jan 2026 15:07:41 -0800
Subject: [PATCH 04/11] cleanup

---
 docs/references/language-maturity-levels.md |  3 +--
 docs/semgrep-code/overview.md               | 10 +++++-----
 docs/semgrep-supply-chain/overview.md       | 21 +++++++++------------
 3 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/docs/references/language-maturity-levels.md b/docs/references/language-maturity-levels.md
index c2564665f..8817542fb 100644
--- a/docs/references/language-maturity-levels.md
+++ b/docs/references/language-maturity-levels.md
@@ -12,8 +12,7 @@ import LanguageMaturityCode from '/src/components/reference/_language-maturity-c
 
 # Language maturity levels
 
-Use these definitions to understand the maturity levels shown on language support
-pages.
+Use these definitions to understand the maturity levels shown on the [Supported languages](/docs/supported-languages) page.
 
 ## Semgrep Code
 
diff --git a/docs/semgrep-code/overview.md b/docs/semgrep-code/overview.md
index ba925320a..a251061cb 100644
--- a/docs/semgrep-code/overview.md
+++ b/docs/semgrep-code/overview.md
@@ -38,13 +38,13 @@ Semgrep AppSec Platform displays Semgrep Code's findings. Additionally, the plat
 
 ## Language support and integrations
 
-Semgrep Code supports a [broad set of programming languages](/docs/supported-languages), with varying levels of analysis capabilities and language maturity. For definitions of language maturity levels, see [Language maturity levels](/references/language-maturity-levels).
+Semgrep Code supports a broad set of programming languages, with varying levels of analysis capabilities and language maturity. 
 
-Semgrep Code analyzes source code directly and does not require package manager metadata. For dependency and package analysis, see [Semgrep Supply Chain package manager support](/semgrep-supply-chain/sca-package-manager-support).
+* See the full list of [supported programming languages](/docs/supported-languages)
+* For definitions of language maturity levels, visit the [Language maturity levels](/references/language-maturity-levels) page.
+* For a list of supported source code managers (SCM), visit [Supported source code managers](/getting-started/scm-support) or learn how to [Connect a source code manager](/deployment/connect-scm).
+* For analysis terminology, see [Feature definitions](/references/feature-definitions).
 
-Semgrep Code scans repositories connected through a supported source code manager. For supported options and setup instructions, see [SCM support](/getting-started/scm-support) and [Connect a source code manager](/deployment/connect-scm).
-
-For analysis terminology and advanced dataflow capabilities, see [Feature definitions](/references/feature-definitions) and [Semgrep Code cross-file analysis](/semgrep-code/semgrep-pro-engine-intro).
 
 ## Semgrep Community Edition (CE) versus Semgrep Code analysis
 
diff --git a/docs/semgrep-supply-chain/overview.md b/docs/semgrep-supply-chain/overview.md
index 73f3322ba..7f89766a5 100644
--- a/docs/semgrep-supply-chain/overview.md
+++ b/docs/semgrep-supply-chain/overview.md
@@ -55,18 +55,15 @@ Some package ecosystems allow the use of a transitive dependency as if it were a
 
 ## Language support and integrations
 
-Semgrep Supply Chain supports a broad set of languages with varying feature
-coverage. See [Supported languages](/supported-languages) and
-[Language maturity levels](/references/language-maturity-levels) for details.
-
-For dependency metadata support, see
-[Package manager support](/semgrep-supply-chain/sca-package-manager-support). For
-feature coverage by language, see
-[Supply Chain feature support](/semgrep-supply-chain/sca-feature-support).
-
-Semgrep Supply Chain scans repositories connected from your source code manager.
-See [SCM support](/getting-started/scm-support) and
-[Connect a source code manager](/deployment/connect-scm) for supported options.
+Semgrep Supply Chain supports a broad set of languages with varying feature coverage. 
+
+* See the full list of [supported languages](/supported-languages)
+* For dependency metadata support, see [Package manager support](/semgrep-supply-chain/sca-package-manager-support).
+* For feature coverage by language, see [Supply Chain feature support](/semgrep-supply-chain/sca-feature-support).
+* For definitions of language maturity levels, visit the [Language maturity levels](/references/language-maturity-levels) page.
+* For analysis terminology, see [Feature definitions](/docs/references/feature-definitions).
+* For a list of supported source code managers (SCM), visit Supported [source code managers](/getting-started/scm-support) or learn how to [Connect a source code manager](/docs/deployment/connect-scm).
+
 
 ## Software bill of materials
 

From 95067d8b3037a48741081c6617d8e55772c0de2c Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Mon, 26 Jan 2026 15:42:35 -0800
Subject: [PATCH 05/11] more crosslinking

---
 docs/supported-languages.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/supported-languages.md b/docs/supported-languages.md
index c9ca9be37..1afe22633 100644
--- a/docs/supported-languages.md
+++ b/docs/supported-languages.md
@@ -34,8 +34,10 @@ Don't forget to update:
 
 ## More information
 
-* Visit the [Language maturity page](/docs/references/language-maturity-levels#semgrep-supply-chain) for definitions of the maturity levels shown on language support pages.
-* Visit the [Feature definitions page](/docs/references/feature-definitions) to understand the analysis features referenced in language support pages.
+* See [Language maturity levels](/references/language-maturity-levels) for maturity definitions used on language support pages.
+* See [Feature definitions](/references/feature-definitions) for analysis terminology referenced on language support pages.
+* For Supply Chain dependency metadata support, see [Package manager support](/semgrep-supply-chain/sca-package-manager-support).
+* For Supply Chain feature coverage by language, see [Supply Chain feature support](/semgrep-supply-chain/sca-feature-support).
 
 Visit the cheat sheet generation script and associated semgrep-core test files to learn more about each feature:
 * [Generation script](https://github.com/semgrep/semgrep/blob/develop/scripts/generate_cheatsheet.py)

From 30ea110a2c02f3e6f740dc1d09580c8ff77912bf Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Mon, 26 Jan 2026 16:02:27 -0800
Subject: [PATCH 06/11] title for right toc

---
 docs/supported-languages.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/supported-languages.md b/docs/supported-languages.md
index 1afe22633..f4f331915 100644
--- a/docs/supported-languages.md
+++ b/docs/supported-languages.md
@@ -28,7 +28,7 @@ Don't forget to update:
 - the individual language's page
 - and most importantly, the index!!
 *************************************************************************** -->
-
+## Supported languages table
 <SupportedLanguagesTable />
 
 

From 2cb2b3450d9870cdb3f8f35de420e4cbaa8482da Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Mon, 26 Jan 2026 16:11:12 -0800
Subject: [PATCH 07/11] where to lookc

---
 docs/supported-languages.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/supported-languages.md b/docs/supported-languages.md
index f4f331915..9ef0fd2e1 100644
--- a/docs/supported-languages.md
+++ b/docs/supported-languages.md
@@ -34,6 +34,8 @@ Don't forget to update:
 
 ## More information
 
+Where to look:
+
 * See [Language maturity levels](/references/language-maturity-levels) for maturity definitions used on language support pages.
 * See [Feature definitions](/references/feature-definitions) for analysis terminology referenced on language support pages.
 * For Supply Chain dependency metadata support, see [Package manager support](/semgrep-supply-chain/sca-package-manager-support).

From 7aed7266dd7f3e200bbfd001e448b6ea951ac039 Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Fri, 30 Jan 2026 15:19:31 -0800
Subject: [PATCH 08/11] nav bars

---
 docusaurus.config.js               | 18 +++++++++++++
 sidebars.js                        | 43 ++++++++++++++++++++++++++++++
 src/theme/Navbar/Content/index.tsx |  7 +++++
 3 files changed, 68 insertions(+)

diff --git a/docusaurus.config.js b/docusaurus.config.js
index 373aa63e4..e6f771a7c 100644
--- a/docusaurus.config.js
+++ b/docusaurus.config.js
@@ -44,6 +44,24 @@ module.exports = {
         { to: 'https://semgrep.dev/api/v1/docs', label: 'API', position: 'left', target: '_blank' },
         { to: 'https://semgrep.dev/explore', label: 'Registry', position: 'left', target: '_blank' },
         { to: 'https://semgrep.dev/editor', label: 'Playground', position: 'left', target: '_blank' },
+        {
+          label: 'References',
+          position: 'left',
+          items: [
+            { to: 'semgrep-ci/ci-environment-variables', label: 'CI environment variables' },
+            { to: 'semgrep-ci/sample-ci-configs', label: 'Sample CI configs' },
+            { to: 'semgrep-ci/findings-ci', label: 'Findings in CI' },
+            { to: 'semgrep-ci/packages-in-semgrep-docker', label: 'Packages in Semgrep Docker' },
+            { to: 'semgrep-code/java', label: 'Language-specific features' },
+            { to: 'semgrep-code/glossary', label: 'Semgrep Code glossary' },
+            { to: 'semgrep-supply-chain/glossary', label: 'Supply Chain glossary' },
+            { to: 'references/language-maturity-levels', label: 'Language maturity levels' },
+            { to: 'references/feature-definitions', label: 'Feature definitions' },
+            { to: 'semgrepignore-v2-reference', label: 'Semgrepignore v2' },
+            { to: 'cli-reference', label: 'CLI reference' },
+            { to: 'semgrep-appsec-platform/json-and-sarif', label: 'JSON and SARIF fields' },
+          ],
+        },
         { to: 'kb', label: 'Knowledge base', position: 'left'},
         { to: 'https://academy.semgrep.dev', label: 'Semgrep Academy', position: 'left'},
         { to: 'https://semgrep.dev/orgs/-', label: 'Login', position: 'right', target: '_self' },
diff --git a/sidebars.js b/sidebars.js
index 2781cad97..c048fcda9 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -20,6 +20,49 @@ module.exports = {
     { type: 'ref', id: 'getting-started/quickstart', label: 'Scan with Semgrep', className: 'top-category'},
     { type: 'ref', id: 'writing-rules/overview', label: 'Write Semgrep rules', className: 'top-category'},
     { type: 'ref', id: 'for-developers/developer-overview', label: 'Semgrep for developers', className: 'top-category'},
+    {
+      type: 'category',
+      label: 'References',
+      collapsible: true,
+      items: [
+        {
+          type: 'category',
+          label: 'CI references',
+          collapsible: true,
+          link: {type: 'generated-index'},
+          items: [
+            'semgrep-ci/ci-environment-variables',
+            'semgrep-ci/sample-ci-configs',
+            'semgrep-ci/findings-ci',
+            'semgrep-ci/packages-in-semgrep-docker'
+          ]
+        },
+        {
+          type: 'category',
+          label: 'Language-specific features',
+          collapsible: true,
+          link: {type: 'generated-index'},
+          items: [
+            'semgrep-code/java'
+          ]
+        },
+        {
+          type: 'category',
+          label: 'Glossaries',
+          collapsible: true,
+          link: { type: 'generated-index'},
+          items: [
+            'semgrep-code/glossary',
+            'semgrep-supply-chain/glossary'
+          ]
+        },
+        'references/language-maturity-levels',
+        'references/feature-definitions',
+        'semgrepignore-v2-reference',
+        'cli-reference',
+        'semgrep-appsec-platform/json-and-sarif'
+      ]
+    },
     {
       type: 'ref',
       id: 'learn/overview',
diff --git a/src/theme/Navbar/Content/index.tsx b/src/theme/Navbar/Content/index.tsx
index b25d3ddb3..0656e774f 100644
--- a/src/theme/Navbar/Content/index.tsx
+++ b/src/theme/Navbar/Content/index.tsx
@@ -65,6 +65,13 @@ export default function NavbarContent(): JSX.Element {
         path.startsWith('/docs/prerequisites') ||
         path.startsWith('/docs/supported-languages') ||
         path.startsWith('/docs/languages/') ||
+        path.startsWith('/docs/references') ||
+        path.startsWith('/docs/cli-reference') ||
+        path.startsWith('/docs/semgrepignore-v2-reference') ||
+        path.startsWith('/docs/semgrep-code/glossary') ||
+        path.startsWith('/docs/semgrep-supply-chain/glossary') ||
+        path.startsWith('/docs/semgrep-code/java') ||
+        path.startsWith('/docs/semgrep-appsec-platform/json-and-sarif') ||
         path.startsWith('/docs/extensions') ||
         path.startsWith('/docs/troubleshooting/semgrep')) {
       return 'scan';

From 17408378f758f0b89d5aece9929b248ea4be7efd Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Thu, 5 Feb 2026 14:11:17 -0800
Subject: [PATCH 09/11] refine

---
 docs/references/feature-definitions.md |  3 +--
 docs/semgrep-supply-chain/overview.md  |  6 +++---
 docs/supported-languages.md            | 11 ++++++++---
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/docs/references/feature-definitions.md b/docs/references/feature-definitions.md
index 95f7b43ce..d0d32d990 100644
--- a/docs/references/feature-definitions.md
+++ b/docs/references/feature-definitions.md
@@ -14,8 +14,7 @@ import DefReachability from "/src/components/concept/_def-reachability.md"
 
 # Feature definitions
 
-Use these definitions to understand the analysis features referenced in language
-support pages.
+Use these definitions to understand the analysis features referenced in the [Supported languages](/docs/supported-languages) page.
 
 ## Cross-file dataflow analysis
 
diff --git a/docs/semgrep-supply-chain/overview.md b/docs/semgrep-supply-chain/overview.md
index 7f89766a5..15d44c93a 100644
--- a/docs/semgrep-supply-chain/overview.md
+++ b/docs/semgrep-supply-chain/overview.md
@@ -58,9 +58,9 @@ Some package ecosystems allow the use of a transitive dependency as if it were a
 Semgrep Supply Chain supports a broad set of languages with varying feature coverage. 
 
 * See the full list of [supported languages](/supported-languages)
-* For dependency metadata support, see [Package manager support](/semgrep-supply-chain/sca-package-manager-support).
-* For feature coverage by language, see [Supply Chain feature support](/semgrep-supply-chain/sca-feature-support).
-* For definitions of language maturity levels, visit the [Language maturity levels](/references/language-maturity-levels) page.
+* For a list of Semgrep-supported package managers for each language, see [Package manager support](/semgrep-supply-chain/sca-package-manager-support).
+* For feature support by language, see [Supply Chain feature support](/semgrep-supply-chain/sca-feature-support).
+* For definitions of language maturity levels, visit the [Language maturity levels](/docs/references/language-maturity-levels#semgrep-supply-chain) page.
 * For analysis terminology, see [Feature definitions](/docs/references/feature-definitions).
 * For a list of supported source code managers (SCM), visit Supported [source code managers](/getting-started/scm-support) or learn how to [Connect a source code manager](/docs/deployment/connect-scm).
 
diff --git a/docs/supported-languages.md b/docs/supported-languages.md
index 9ef0fd2e1..d3120d286 100644
--- a/docs/supported-languages.md
+++ b/docs/supported-languages.md
@@ -16,7 +16,9 @@ import SemgrepProEngineIntroduction from "/src/components/concept/_semgrep-pro-e
 
 # Supported languages
 
-The following table lists all **Generally available (GA)** and **Beta** languages for [Semgrep Code (SAST)](/docs/semgrep-code/overview) and [Semgrep Supply Chain (SCA)](/docs/semgrep-supply-chain/overview). Languages are arranged by feature completeness from most to least. 
+The following table lists all **Generally available (GA)** and **Beta** languages for [Semgrep Code (SAST)](/docs/semgrep-code/overview) and [Semgrep Supply Chain (SCA)](/docs/semgrep-supply-chain/overview). 
+
+Languages are arranged by feature completeness from most to least. If applicable, click on the language name to learn more. 
 
 **Cross-file (interfile)** analysis for Semgrep Code and **reachability** analysis for Semgrep Supply Chain are the most advanced analyses that Semgrep provides. See [Feature definitions](/references/feature-definitions) for more details.
 
@@ -34,13 +36,16 @@ Don't forget to update:
 
 ## More information
 
+Language maturity levels differ from feature and product maturity levels.
+
 Where to look:
 
-* See [Language maturity levels](/references/language-maturity-levels) for maturity definitions used on language support pages.
-* See [Feature definitions](/references/feature-definitions) for analysis terminology referenced on language support pages.
+* See [Language maturity levels](/references/language-maturity-levels) for maturity definitions used on the supported languages pages.
+* See [Feature definitions](/references/feature-definitions) for analysis terminology referenced on the supported languages pages.
 * For Supply Chain dependency metadata support, see [Package manager support](/semgrep-supply-chain/sca-package-manager-support).
 * For Supply Chain feature coverage by language, see [Supply Chain feature support](/semgrep-supply-chain/sca-feature-support).
 
+
 Visit the cheat sheet generation script and associated semgrep-core test files to learn more about each feature:
 * [Generation script](https://github.com/semgrep/semgrep/blob/develop/scripts/generate_cheatsheet.py)
 * [`semgrep-core` test files](https://github.com/semgrep/semgrep/tree/develop/tests)

From 92fdb2cd369d3e9736296ad6945305b633ecd297 Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Thu, 5 Feb 2026 14:26:24 -0800
Subject: [PATCH 10/11] references sidenav

---
 sidebars.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sidebars.js b/sidebars.js
index c048fcda9..7dd3f8d2d 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -503,12 +503,14 @@ module.exports = {
                 'semgrep-ci/packages-in-semgrep-docker'
             ]
         },
-       {
+        {
             type: 'category',
-            label: 'Language-specific features',
+            label: 'Language reference',
             collapsible: true,
             link: {type: 'generated-index'},
             items: [
+                'references/language-maturity-levels',
+                'references/feature-definitions',
                 'semgrep-code/java'
             ]
         },
@@ -522,8 +524,6 @@ module.exports = {
                 'semgrep-supply-chain/glossary'
             ]
         },
-        'references/language-maturity-levels',
-        'references/feature-definitions',
         'semgrepignore-v2-reference',
         'cli-reference',
         'semgrep-appsec-platform/json-and-sarif'

From de455ddb3d47a731c4a7bfd05060f5f87db2b74b Mon Sep 17 00:00:00 2001
From: Abhijna Parigi <abhijna@semgrep.com>
Date: Thu, 5 Feb 2026 14:33:45 -0800
Subject: [PATCH 11/11] bullets reorg

---
 docs/semgrep-code/overview.md         | 3 ++-
 docs/semgrep-supply-chain/overview.md | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/semgrep-code/overview.md b/docs/semgrep-code/overview.md
index a251061cb..609b4a81d 100644
--- a/docs/semgrep-code/overview.md
+++ b/docs/semgrep-code/overview.md
@@ -42,8 +42,9 @@ Semgrep Code supports a broad set of programming languages, with varying levels
 
 * See the full list of [supported programming languages](/docs/supported-languages)
 * For definitions of language maturity levels, visit the [Language maturity levels](/references/language-maturity-levels) page.
-* For a list of supported source code managers (SCM), visit [Supported source code managers](/getting-started/scm-support) or learn how to [Connect a source code manager](/deployment/connect-scm).
 * For analysis terminology, see [Feature definitions](/references/feature-definitions).
+* For a list of supported source code managers (SCM), visit [Supported source code managers](/getting-started/scm-support) or learn how to [Connect a source code manager](/deployment/connect-scm).
+
 
 
 ## Semgrep Community Edition (CE) versus Semgrep Code analysis
diff --git a/docs/semgrep-supply-chain/overview.md b/docs/semgrep-supply-chain/overview.md
index 15d44c93a..9e8c65bfe 100644
--- a/docs/semgrep-supply-chain/overview.md
+++ b/docs/semgrep-supply-chain/overview.md
@@ -57,12 +57,12 @@ Some package ecosystems allow the use of a transitive dependency as if it were a
 
 Semgrep Supply Chain supports a broad set of languages with varying feature coverage. 
 
-* See the full list of [supported languages](/supported-languages)
+* See the full list of [supported programming languages](/supported-languages)
 * For a list of Semgrep-supported package managers for each language, see [Package manager support](/semgrep-supply-chain/sca-package-manager-support).
 * For feature support by language, see [Supply Chain feature support](/semgrep-supply-chain/sca-feature-support).
 * For definitions of language maturity levels, visit the [Language maturity levels](/docs/references/language-maturity-levels#semgrep-supply-chain) page.
 * For analysis terminology, see [Feature definitions](/docs/references/feature-definitions).
-* For a list of supported source code managers (SCM), visit Supported [source code managers](/getting-started/scm-support) or learn how to [Connect a source code manager](/docs/deployment/connect-scm).
+* For a list of supported source code managers (SCM), visit [Supported source code managers](/getting-started/scm-support) or learn how to [Connect a source code manager](/docs/deployment/connect-scm).
 
 
 ## Software bill of materials