🌆 Retire Find-and-Fix Changes

docs/code-scanning-tools/semgrep.md

@@ -5,12 +5,64 @@ sidebar_position: 3
 
 # Semgrep
 
-Pixee can automatically triage and fix issues detected by [Semgrep](https://semgrep.dev/).
+Pixee can automatically triage and fix issues detected by [Semgrep OSS](https://semgrep.dev/).
 
 # GitHub Advanced Security
 
-No setup is required for GitHub Advanced Security (GHAS) users to receive fixes from Semgrep results that are uploaded as Code Scanning alerts.
+No setup is required for GitHub Advanced Security (GHAS) users to receive fixes from Semgrep results that are uploaded as Code Scanning alerts. Simply installing the Pixeebot GitHub App is sufficient.
 
 # Others
 
-Use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action to synchronize Semgrep findings with Pixee.
+Use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action together with the Pixeebot GitHub App to synchronize Semgrep findings with Pixee.
+
+The following GitHub Action workflow example demonstrates how to include Semgrep OSS vulnerability detection with Pixee fixes in a Java application:
+
+```yaml
+name: Analyze with Semgrep and Fix with Pixee
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Semgrep
+        run: |
+          python3 -m pip install semgrep
+
+      - name: Run Semgrep
+        run: |
+          semgrep --config auto --sarif --output semgrep-results.sarif.json
+
+      - name: Fix with Pixee
+        uses: pixee/upload-tool-results-action@v2
+        with:
+          tool: semgrep
+          file: semgrep-results.sarif.json
+```
+
+This workflow:
+
+1. Runs Semgrep OSS on the project and stores the results in a standard SARIF file.
+2. Runs the pixee/upload-tool-results-action that sends the SARIF file to Pixee.
+
+Once Pixee receives the Semgrep OSS vulnerabilities, it recalls them on its next analysis of this commit.
+
+- When this commit the head of a pull request, then Pixee triggers its _PR Hardening_ analysis to fix as many Semgrep findings in this PR as it can.
+- When this commit is the head of the main branch, then Pixee uses these findings the next time its _Continuous Improvement Campaign_ analysis runs. Users may trigger such an analysis to occur immediately by issuing the chat command `@pixeebot next` in any PR or issue comment on this repository. Pixee's continuous improvement campaign shows the queue of fixes in Pixeebot Acitvity Dashboard issue.
+
+  ![Pixeebot Activity Dashboard issue](./semgrep-issue-dashlist.png)

docs/configuring.md

@@ -14,20 +14,6 @@ Users may set Pixee preferences at either the organization or repository levels.
 2. **Organization-wide preferences:**
    Alternatively, you can create the `pixeebot.yaml` file in the `.github` directory of your `.github` repository. This will serve as the global preferences that apply to all repositories in this installation.
 
-## Codemod catalogs
-
-Pixee offers three codemod catalogs to choose from in order to tune the type of improvements received.
-
-- **Less**: Pixee will only suggest improvements for findings identified by a third-party security tool. See the [third-party security tools](/code-scanning-tools/overview) page for more information.
-- **Moderate**: In addition to third-party security tool findings, Pixee will also suggest fixes for its own security findings.
-- **More**: Includes everything from the Less and Moderate catalogs, along with additional suggestions Pixee identifies, such as style improvements and best practices.
-
-### Selecting a catalog
-
-During the onboarding process, users will be given the option to select a catalog preference for the organization they are installing on. This will determine the default catalog used for any repositories in that organization. If this step is skipped and no preference is selected, the Moderate catalog will be used by default. At any time, changes can be made by visiting the Pixee dashboard and selecting "View / change default preference" in the User menu.
-
-Additionally, the catalog value can be configured on a per-repository/per-organization basis by updating the YAML configuration file. See the [Properties](#properties) section below for more information.
-
 ## Properties
 
 ### `ai`
@@ -52,18 +38,6 @@ ai:
 Contains optional preferences related to the codemod catalog Pixee uses to
 make changes to repositories.
 
-#### `catalog`
-
-A string value that determines the codemod catalog used for code improvements.
-The value can be set to `less`, `moderate`, or `more`.
-
-Example:
-
-```yaml
-codemods:
-  catalog: more
-```
-
 #### `exclude`
 
 A set of codemods to exclude from the catalog. Each codemod is identified by its

docs/installing.md

@@ -19,7 +19,11 @@ Also [contact us](https://pixee.ai/demo-landing-page) if you want to partner as
 
 ## Tool connections
 
-Pixee can provide fixes "out of the box" for Java and Python repositories. But you'll get the most value out of Pixee by [connecting it to your existing code scanning tools and services](/code-scanning-tools/overview). This will allow Pixee to provide more accurate and relevant fixes for your codebase.
+Pixee fixes problems detected by [your existing code scanning tools and services](/code-scanning-tools/overview).
+
+If you use GitHub Advanced Security (GHAS), then installing the Pixeebot GitHub App is sufficient for connecting Pixee to your GHAS results.
+
+Otherwise, you will need to connect Pixee to your code scanning tools and services, before Pixee can send fixes. If your repository does not use any code scanning tools and services, but you still want to try Pixee, see our guide for [adding Semgrep CLI and Pixee to your GitHub repository](./code-scanning-tools/semgrep.md).
 
 ## Repository access
 

docs/languages.md

@@ -4,8 +4,6 @@ sidebar_position: 3
 
 # Language support
 
-You'll get the most value out of Pixee by connecting it to your existing code scanning tools. This will allow Pixee to provide more accurate and relevant fixes for your codebase and to triage findings from those tools.
-
 When triaging and fixing issues detected by code scanning tools, Pixee supports the following languages:
 
 - Java

docs/running_on_public_github_repos.md

@@ -0,0 +1,49 @@
+---
+sidebar_position: 2
+---
+
+# For public repositories without tools
+
+This page describes how to help set up Pixee on a public GitHub repository that doesn't have any tools configured yet. Note that some features are only available in our enterprise offering.
+
+## Step 1: Choose and set up your repository
+
+On the repository you want to secure, enable GitHub _Issues_ so you can see the Pixee dashboard. You can always disable this later if, after you review, you prefer using our dashboard.
+
+1. In your repository, go to `Settings` > `General`.
+2. Under the `Features`, select `Issues`.
+
+## Step 2: Choose CodeQL or SonarQube Cloud
+
+For ease of integration, we suggest picking either CodeQL (through GitHub Advanced Security) or SonarQube Cloud. Both can be used to find vulnerabilities in your code, are free for public repositories, and offer simple onboarding. CodeQL is more focused on security than quality, but Sonar has a large rule based and is trusted by developers all over the world. Both are great choices.
+
+### SonarQube Cloud
+
+[Follow these instructions](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github/) for installing SonarQube Cloud (to make things easier, login with your GitHub identity).
+
+### CodeQL through GitHub Advanced Security (GHAS)
+
+1. In your repository, go to `Settings` > `Code Security`.
+2. Under the `Tools` > `CodeQL analysis`, hit `Set up`, then `Default`.
+
+You may want to wait until the first scan finishes before moving onto the next step. You can see when it finishes by going to `Actions` and watching the progress of the recently-run CodeQL job.
+
+## Step 3: Install Pixeebot
+
+With the tool properly configured, the next step is to install Pixee.
+
+1. Go to our [GitHub App page](https://github.com/apps/pixeebot/).
+2. Click `Install` (or `Configure`) and follow the prompts from GitHub. You'll be directed to your Pixee dashboard once the installation process is complete.
+
+## Step 4: See fixes available
+
+1. Wait a few minutes for Pixee to process the results associated with the default branch.
+2. There should be a new issue that shows which fixes are currently available.
+
+import IssueDashboard from '/img/issue-dashboard.png';
+
+<img src={IssueDashboard} alt="Issue dashboard" style={{width: 400}} />
+
+You can use this dashboard to see what fixes are available, coming soon or summon Pixee to issue the fixes.
+
+> Note: This GitHub-led experience will only show output from our AutoTriage AI agent when you make PRs that have security issues. To take advantage of this feature at scale, [contact us](https://pixee.ai/demo-landing-page)!

docs/using-pixeebot.md

@@ -6,7 +6,7 @@ sidebar_position: 6
 
 ## Continuous improvement
 
-Once installed, Pixee will begin opening pull requests against your repositories immediately. There is no need to summon Pixee manually - all of your improvements will come automatically at a manageable weekly cadence.
+After installing Pixee and connecting it to your code scanning services, Pixee will begin opening pull requests against your repositories. There is no need to summon Pixee manually - all of your improvements will come automatically at a manageable weekly cadence.
 
 ## Summoning Pixee