update info on SSC (#2153)

* update sc-vulns.png

* update docs to reflect current SAP

* Update src/components/concept/_reachability-types.md

Author: khorne3

docs/semgrep-supply-chain/dependency-search.md

@@ -67,7 +67,7 @@ Dependency search provides the following filters, which correspond to the data p
 | Transitivity | The relationship of the dependency to your codebase. |
 | License Policy | The License Policy you set. Determines whether a dependency can be used based on its license. |
 | License | The dependency's license type. |
-| Ecosystem | The language of the dependency. |
+| Language | The language of the dependency. |
 
 ![Screenshot of dependency search with query](/img/SSC-DepSearch-Query.png#md-width)
 _**Figure**. Dependency search page with sample search query._

docs/semgrep-supply-chain/view-export.md

@@ -61,11 +61,12 @@ Use filters to narrow down your results. The following criteria are available fo
 | **Projects and branches** | The repositories connected to your Semgrep account and findings in different Git branches. |
 | **Tags** | The tags associated with the project. |
 | [**Status**](#status) | The triage state of a finding. |
+| [**Reachability**](#reachability) | The finding's exposure, or whether it is reachable. |
+| [**Malicious dependencies only**](/semgrep-supply-chain/malicious-dependencies) | Findings that indicate the use of dangerous packages, or dangerous versions of packages, that are designed to compromise systems |
 | **Severity** | The severity of a finding. Filters are based on the severity of a vulnerability. Semgrep Supply Chain rules use severity values set by the source of the rule, such as [GitHub Advisory Database](https://github.com/advisories).  |
 | [**Transitivity**](#transitivity) | The transitivity of the finding. |
 | [**EPSS probability**](#epss-probability) | The finding's [Exploit prediction scoring system (EPSS) probability](https://www.first.org/epss/). |
-| [**Reachability**](#reachability) | The finding's exposure, or whether it is reachable. |
-| **Component**          | Filter by [Semgrep Assistant component tags](/semgrep-assistant/overview#component-tags). Semgrep Assistant uses AI to categorize the file where the finding was identified based on its function, such as payments, user authentication, and infrastructure. Available only for findings that are reachable. |
+| Assistant risk assessment | Filter by [Semgrep Assistant component tags](/semgrep-assistant/overview#component-tags). Semgrep Assistant uses AI to categorize the file where the finding was identified based on its function, such as payments, user authentication, and infrastructure. Available only for findings that are reachable.  |
 | **Dependencies** | The name of the dependency involved. |
 | **Rules** | The rule that generated the finding. |
 

src/components/concept/_reachability-types.md

@@ -1,5 +1,7 @@
-* **Reachable**: A finding is reachable if there's a code pattern in the codebase that matches the vulnerability definition.
-* **Always reachable**: A finding is always reachable if it's something Semgrep recommends fixing, regardless of what's in the code.
-* **Conditionally reachable**: A finding is conditionally reachable if Semgrep finds a way to reach it when scanning your code when certain conditions are met.
-* **No Reachability Analysis**: A finding that Semgrep doesn't scan for reachability.
-* **Unreachable**: A finding is unreachable if you don't use the vulnerable piece of code of the imported library or package.
+* **Reachable**: A finding is reachable if there's a vulnerable function call or vulnerable package in use. The finding should be addressed as soon as possible.
+  * **Reachable in code**: A finding is reachable in code if there's a code pattern in the codebase that matches the vulnerability definition.
+  * **Always reachable**: A finding is always reachable if it's something Semgrep recommends fixing, regardless of what's in the code.
+* **Needs review**: A finding that requires manual triage and review; follow the instruction provided.
+  * **Conditionally reachable**: A finding is conditionally reachable if Semgrep finds a way to reach it when scanning your code when certain conditions are met.
+  * **No Reachability Analysis**: A finding that Semgrep doesn't scan for reachability.
+* **Unreachable**: No vulnerable function call found. This finding can be deprioritized.