update instructions on turning off SSC comments (#2204)

Author: khorne3

docs/semgrep-appsec-platform/azure-pr-comments.md

@@ -15,7 +15,6 @@ import DeploymentJourney from "/src/components/concept/_deployment-journey.mdx"
 import CommentTriggers from "/src/components/reference/_comment-triggers.mdx"
 import PrCommentsInSast from "/src/components/procedure/_pr-comments-in-sast.mdx"
 import PrCommentsInSecrets from "/src/components/procedure/_pr-comments-in-secrets.mdx"
-import DisableComments from "/src/components/procedure/_disable_ssc_pr_mr_comments.mdx"
 import TroubleshootingPrLinks from "/src/components/reference/_troubleshooting-pr-links.mdx"
 import NextAfterComments from "/src/components/procedure/_next-after-comments.mdx"
 import CommentsInSupplyChain from "/src/components/concept/_comments-in-supply-chain.md"

docs/semgrep-appsec-platform/bitbucket-cloud-pr-comments.md

@@ -21,7 +21,6 @@ import CommentTriggers from "/src/components/reference/_comment-triggers.mdx"
 import ReceiveCommentsScm from "/src/components/procedure/_receive-comments-scm.mdx"
 import PrCommentsInSast from "/src/components/procedure/_pr-comments-in-sast.mdx"
 import PrCommentsInSecrets from "/src/components/procedure/_pr-comments-in-secrets.mdx"
-import DisableComments from "/src/components/procedure/_disable_ssc_pr_mr_comments.mdx"
 import CommentsInSupplyChain from "/src/components/concept/_comments-in-supply-chain.md"
 
 <!-- vale on -->

docs/semgrep-appsec-platform/bitbucket-data-center-pr-comments.md

@@ -21,7 +21,6 @@ import CommentTriggers from "/src/components/reference/_comment-triggers.mdx"
 import ReceiveCommentsScm from "/src/components/procedure/_receive-comments-scm.mdx"
 import PrCommentsInSast from "/src/components/procedure/_pr-comments-in-sast.mdx"
 import PrCommentsInSecrets from "/src/components/procedure/_pr-comments-in-secrets.mdx"
-import DisableComments from "/src/components/procedure/_disable_ssc_pr_mr_comments.mdx"
 import CommentsInSupplyChain from "/src/components/concept/_comments-in-supply-chain.md"
 
 <!-- vale on -->
@@ -70,10 +69,6 @@ Confirm that you have the correct connection and access:
 
 <CommentsInSupplyChain />
 
-## Disable PR comments for Supply Chain findings
-
-<DisableComments />
-
 ## Customize PR comments
 
 <CustomComments comment_type="PR" link_type="Markdown and plaintext" />

docs/semgrep-supply-chain/policies.md

@@ -69,6 +69,16 @@ Use the following recommendations to help you create policies. These guidelines
 - **Conditionally reachable findings**. The decision to show developers conditionally reachable findings may depend on weighing your compliance policies against showing developers more findings. Conditionally reachable findings typically require further investigation, manual triage, and ticketing.
 - **Critical and high EPSS probability**. There is a chance of these findings being exploited regardless of reachability.
 
+### Turn off PR and MR comments
+
+By default, Semgrep pull request (PR) and merge request (MR) comments include both Semgrep Code and Semgrep Supply Chain (SSC) findings information. However, if you would like to turn off PR or MR comments for reachable SSC findings, you can do so as follows:
+
+1. Sign in to [Semgrep AppSec Platform](https://semgrep.dev/login).
+2. Go to [Rules & Policies > Policies > Supply Chain](https://semgrep.dev/orgs/-/policies/supply-chain).
+1. Click <i class="fa-solid fa-toggle-large-on"></i> **Comment on reachable Supply Chain findings** to turn off the SSC policy supporting comments.
+
+> Turning off PR/MR comments doesn't turn off notifications regarding [license policy violations](/semgrep-supply-chain/license-compliance).
+
 ## Policy scopes
 
 A policy's scope can consist of tags or projects, but not both. If you need to create a policy with both tags and projects, simply make another policy.