Seo supply chain fixes

README.md

@@ -2,8 +2,8 @@
 <div align="center">
 
   <picture>
-    <source srcset="images/logo_inverse_horizontal.svg"  media="(prefers-color-scheme: dark)">
-    <img src="images/logo_horizontal.svg" alt="DevGuard by L3montree Logo" width="240" height="80">
+    <source srcset="images/logo-inverse-horizontal.svg"  media="(prefers-color-scheme: dark)">
+    <img src="images/logo-horizontal.svg" alt="DevGuard by L3montree Logo" width="240" height="80">
   </picture>
 
   <h3 align="center">DevGuard - Develop Secure Software - Documentation</h3>

src/components/Footer.tsx

@@ -77,7 +77,7 @@ export default function Footer() {
                             width={200}
                             height={50}
                             alt="DevGuard Logo"
-                            src="/logo_inverse_horizontal.svg"
+                            src="/logo-inverse-horizontal.svg"
                             className="h-12 w-auto"
                         />
                         <p className="text-balance text-sm/6 text-gray-300">

src/pages/explanations/supply-chain-security/what-is-supply-chain-security.mdx

@@ -1,22 +1,23 @@
 ---
-title: 'What is supply chain security'
-metaDescription: 'Learn what software supply chain security is, explore real-world attacks like SolarWinds and Log4Shell, and discover core principles like SBOMs, provenance, and SLSA to protect your software.'
+title: 'What is supply chain security?'
+description: 'Learn what supply chain security means for software development, which threats exist, and how to mitigate risks in your software lifecycle.'
 ---
 
 import { AttributedImage } from '@/components/AttributedImage'
 
-## What is Supply Chain Security?
+# What is Supply Chain Security?
 
 In modern software development, you rarely write 100% of your own code. Instead, you assemble products using a vast ecosystem of third-party libraries, build tools, container images, and CI/CD pipelines.\
 In fact, it has been estimated that **[70-90%](https://www.linuxfoundation.org/blog/blog/a-summary-of-census-ii-open-source-software-application-libraries-the-world-depends-on)** of current software is composed of
 Free and Open Source Software (FOSS). This heavy reliance on external dependencies has fundamentally altered the [threat landscape](/explanations/supply-chain-security/what-is-supply-chain-security#the-threat-landscape),
 shifting the risk from the code you write to the components you consume and the tools you use to deploy them.\
-**Supply chain security** is the practice of ensuring that every component, process, and actor involved in the creation and delivery of your software is verified, untampered, and trustworthy. Effective supply chain security requires a comprehensive understanding of your software's origins.
+**Supply chain security** is the practice of ensuring that every component, process, and actor involved in the creation and delivery of your software is verified, untampered, and trustworthy.\
+**Effective supply chain security** requires a comprehensive **understanding** of your **software's origins**.
 
 ## What is the Software Supply Chain?
 
 A software supply chain consists of all the steps and components involved in creating, building, and deploying software in the [Software Development Life Cycle](https://en.wikipedia.org/wiki/Systems_development_life_cycle).
-Understanding your software supply chain is fundamental to implementing supply chain security. It includes the tools, processes, and people responsible for writing and transforming source code into a deployable application.
+It includes the tools, processes, and people responsible for writing and transforming source code into a deployable application.
 
 The software supply chain for a typical project could involve for example (not exhaustive):
 
@@ -31,14 +32,14 @@ The software supply chain for a typical project could involve for example (not e
 - Package management software and ecosystems (npm, pip, etc.)
 - ...
 
-Every one of these components has to be secured. A single vulnerability can put the entire software supply chain at risk, which is why supply chain security must address each stage.
+Every one of these components has to be secured. A single vulnerability can put the entire software supply chain at risk, which is why each stage needs to be addressed.
 
 ---
 
 ## The Threat Landscape
 
-Understanding the potential threats to the software supply chain is crucial for supply chain security.
-By mapping the software supply chain, we can pinpoint vulnerabilities throughout the development lifecycle. Robust supply chain security depends on identifying these risks early.
+Understanding the potential threats to the software supply chain is crucial to ensure its security.
+By mapping the software supply chain, we can pinpoint vulnerabilities throughout the development lifecycle.
 These risks are categorized into **four strategic domains:**\
 [**Source**](/explanations/supply-chain-security/what-is-supply-chain-security#1-source-threats),
 [**Build**](/explanations/supply-chain-security/what-is-supply-chain-security#2-build-threats),
@@ -49,7 +50,7 @@ and [**Deployment & Runtime threats**](/explanations/supply-chain-security/what-
 
 ### 1. Source Threats
 
-Source threats represent a critical concern for supply chain security. These risks target the earliest stage of development—the code itself and the systems that manage it. Attackers aim to compromise source code repositories to inject malicious code or steal intellectual property
+Source threats target the earliest stage of development—the code itself and the systems that manage it. Attackers aim to compromise source code repositories to inject malicious code or steal intellectual property
 before the build process even begins.
 
 #### Examples of Source Threats
@@ -60,7 +61,7 @@ before the build process even begins.
 
 <AttributedImage
     src="/XZ-logo-contributed-by-Jia-Tan.png"
-    alt="XZ Utils Logo from supply chain attacker on library"
+    alt="new XZ Utils Logo from supply chain attacker"
     float="right"
     width="280px"
     attribution={
@@ -89,7 +90,7 @@ before the build process even begins.
 </AttributedImage>
 
 **Real-World Example: [The 2024 XZ Utils Backdoor](https://en.wikipedia.org/wiki/XZ_Utils_backdoor)**
-This attack demonstrates why supply chain security is essential. In this sophisticated social engineering attack, a malicious actor known as "Jia Tan" spent years building trust to gain maintainer rights over **XZ Utils**, a widely used compression library.
+In this sophisticated social engineering attack, a malicious actor known as "Jia Tan" spent years building trust to gain maintainer rights over **XZ Utils**, a widely used compression library.
 Once in control, they injected a backdoor designed to allow unauthorized **remote code execution** on Linux servers.
 
 **Impact:** The attack was discovered by chance just weeks before it would have merged into stable Linux distributions. This near-miss highlights the importance of supply chain security vigilance. While this miracle discovery prevented the infection of **hundreds of millions of servers** globally,
@@ -111,7 +112,7 @@ Build threats are a major focus of supply chain security. These threats target t
 This incident illustrates a critical failure in supply chain security. Attackers compromised the **build environment and continuous integration server**, allowing them to modify and infect software updates
 for the **Orion** network monitoring tool.
 
-**Impact:** The fallout was severe, reaching over a dozen U.S. government departments—including the **military, executive branch, and intelligence services**—who unknowingly installed the compromised updates. This attack became a catalyst for government supply chain security regulations.
+**Impact:** The fallout was severe, reaching over a dozen U.S. government departments—including the **military, executive branch, and intelligence services**—who unknowingly installed the compromised updates.
 
 ---
 
@@ -129,7 +130,7 @@ Dependency threats represent one of the most common supply chain security challe
 The **Log4Shell** vulnerability demonstrates the massive reach of dependency threats and the importance of supply chain security. A critical flaw in how the ubiquitous Java logging library **Log4j** processed log messages allowed attackers to
 execute arbitrary code remotely (RCE) simply by sending a specific text string to a vulnerable server.
 
-**Impact:** Because Log4j was embedded as a dependency in **millions of applications**—from iCloud and Steam to enterprise software—the vulnerability left a vast portion of the internet exposed. It forced organizations globally to pause development and scramble to patch deep chains of transitive dependencies. This incident accelerated supply chain security adoption across the industry.
+**Impact:** Because Log4j was embedded as a dependency in **millions of applications**—from iCloud and Steam to enterprise software—the vulnerability left a vast portion of the internet exposed. It forced organizations globally to pause development and scramble to patch deep chains of transitive dependencies.
 
 ---
 
@@ -216,14 +217,14 @@ For instance, a Kubernetes Admission Controller acts as a final gatekeeper. It i
 
 ## Industry Frameworks and Standards
 
-To standardize supply chain security practices described above, the industry relies on two primary frameworks:\
+To standardize the supply chain security practices described above, the industry relies on two primary frameworks:\
 [**NIST SSDF**](https://csrc.nist.gov/projects/ssdf) and [**SLSA**](https://slsa.dev/).
 While they share the same goal of improving supply chain security, they approach the problem from different perspectives: **SSDF** focuses on the **process**, while **SLSA** focuses on the **artifact**.
 
 ### NIST SSDF (The Process Standard)
 
-The [**Secure Software Development Framework (SSDF)**](https://csrc.nist.gov/projects/ssdf), published by [NIST (SP 800-218)](https://csrc.nist.gov/pubs/sp/800/218/final), provides supply chain security guidelines for the entire software lifecycle.
-It is less about specific tools and more about **organizational culture and policy** for supply chain security.
+The [**Secure Software Development Framework (SSDF)**](https://csrc.nist.gov/projects/ssdf), published by [NIST (SP 800-218)](https://csrc.nist.gov/pubs/sp/800/218/final), outlines high-level practices for the entire software lifecycle.
+It is less about specific tools and more about **organizational culture and policy**.
 
 The framework requires organizations to:
 
@@ -242,7 +243,7 @@ In short, SSDF mandates that an organization has a secure process and a trained
 [**Supply-chain Levels for Software Artifacts (SLSA)**](/explanations/supply-chain-security/slsa-framework.mdx) is a supply chain security framework specifically designed to guarantee the integrity of the final software output.
 
 Its fundamental concept is Provenance: metadata that describes exactly how an artifact was created, including the source code version, the build platform, and external parameters used.
-SLSA relies on the [in-toto framework](/explanations/supply-chain-security/in-toto-framework) to provide the standard format for this metadata. SLSA has become a cornerstone of modern supply chain security.
+SLSA relies on the [in-toto framework](/explanations/supply-chain-security/in-toto-framework) to provide the standard format for this metadata.
 
 SLSA defines four maturity levels to guide organizations from basic documentation to advanced hardening:
 
@@ -259,7 +260,7 @@ SLSA defines four maturity levels to guide organizations from basic documentatio
 ## The "Shift Left" Philosophy
 
 Implementing supply chain security is not just about adding new tools; it requires a fundamental shift in when security checks occur.
-This concept is widely known in the industry as **"Shift Left"** and is essential for effective supply chain security.
+This concept is widely known in the industry as **"Shift Left"**.
 
 <AttributedImage
     src="/DevOps-vs-DevSecOps.png"
@@ -296,13 +297,13 @@ In a traditional software lifecycle, modeled left-to-right from Design to Produc
 security testing often happened at the very end—just before deployment.
 If a vulnerability was found, the release was blocked, and developers had to scramble to fix code they wrote weeks ago.
 
-**Shift Left** moves supply chain security processes to the **earliest** possible point in the development timeline:
+**Shift Left** moves security processes to the **earliest** possible point in the development timeline:
 
 - **Design Phase:** Choosing safe dependencies before writing code.
 
 - **Coding Phase:** IDE plugins warn developers about vulnerable packages in real-time.
 
-- **Build Phase:** Automated CI pipelines generate SBOMs and sign artifacts immediately upon commit, enforcing supply chain security at every step.
+- **Build Phase:** Automated CI pipelines generate SBOMs and sign artifacts immediately upon commit.
 
 #### Why it matters
 
@@ -319,7 +320,7 @@ By shifting left, supply chain security becomes an integrated part of the develo
 Supply chain security is no longer optional in an era of automated, multi-layered software delivery. Implementing supply chain security requires moving beyond simple vulnerability scanning and into the realm of **provenance and integrity**.
 By understanding the flow of code from source to production, and by demanding cryptographic proof of every transformation, organizations can significantly reduce the risk of sophisticated supply chain attacks. Investing in supply chain security today protects your organization from tomorrow's threats.
 
-In the following sections, we will explore the specific frameworks **DevGuard** uses to implement supply chain security concepts, including [In-toto](/explanations/supply-chain-security/in-toto-framework.mdx) and [SLSA](/explanations/supply-chain-security/slsa-framework.mdx).
+In the following sections, we will explore the specific frameworks **DevGuard** uses to implement these concepts and frameworks, including [In-toto](/explanations/supply-chain-security/in-toto-framework.mdx) and [SLSA](/explanations/supply-chain-security/slsa-framework.mdx).
 
 ---
 

theme.config.tsx

@@ -32,10 +32,10 @@ const config: DocsThemeConfig = {
                     {(frontMatter.title ?? rest.title) + ' | DevGuard' ||
                         'DevGuard'}
                 </title>
-                {frontMatter.metaDescription && (
+                {frontMatter.description && (
                     <meta
                         name="description"
-                        content={frontMatter.metaDescription}
+                        content={frontMatter.description}
                     />
                 )}
                 {Boolean(websiteId) && Boolean(umamiUrl) && (
@@ -64,7 +64,7 @@ const config: DocsThemeConfig = {
     },
     logo: (
         <Image
-            src="/logo_inverse_horizontal.svg"
+            src="/logo-inverse-horizontal.svg"
             alt="DevGuard Logo"
             width={220}
             height={80}