docs: add May 2026 weekly release notes

mintlify-docs/docs.json

@@ -918,6 +918,7 @@
                   {
                     "group": "2026",
                     "pages": [
+                      "release-notes/may-2026",
                       "release-notes/april-2026",
                       "release-notes/march-2026",
                       "release-notes/february-2026",

mintlify-docs/release-notes.mdx

@@ -3,6 +3,26 @@ title: "Semgrep release notes"
 rss: true
 ---
 
+<Update label="May 22, 2026 · 2 min read" tags={["Release notes"]}>
+## [May 2026](/release-notes/may-2026)
+
+The following updates were made to Semgrep during the week of May 18, 2026.
+
+<CardGroup>
+<Card title="Read more" icon="book" href="/release-notes/may-2026" horizontal/>
+</CardGroup>
+</Update>
+
+<Update label="May 12, 2026 · 8 min read" tags={["Release notes"]}>
+## [April 2026](/release-notes/april-2026)
+
+The following updates were made to Semgrep in April 2026.
+
+<CardGroup>
+<Card title="Read more" icon="book" href="/release-notes/april-2026" horizontal/>
+</CardGroup>
+</Update>
+
 <Update label="April 10, 2026 · 8 min read" tags={["Release notes"]}>
 ## [March 2026](/release-notes/march-2026)
 

mintlify-docs/release-notes/may-2026.mdx

@@ -0,0 +1,34 @@
+---
+title: "May 2026"
+description: "May 22, 2026 · 2 min read"
+rss: true
+---
+
+The following updates were made to Semgrep during the week of May 18, 2026.
+
+## 🌐 Semgrep AppSec Platform
+
+### Added
+
+* **Auto-scan new projects**: Semgrep Managed Scans can now automatically scan newly onboarded projects from a source code manager. Enable the **Auto-scan** toggle for each source code manager from **Settings > Source code managers**. See [Scan management and configuration](/deployment/managed-scanning/github).
+
+### Changed
+
+* **PR and MR comments**: A full scan on the default branch is no longer required before Semgrep posts pull or merge request comments. Comments now appear as soon as a project is connected and a diff-aware scan runs. See the [GitHub](/semgrep-appsec-platform/github-pr-comments), [GitLab](/semgrep-appsec-platform/gitlab-mr-comments), [Bitbucket](/semgrep-appsec-platform/bitbucket-cloud-pr-comments), and [Azure DevOps](/semgrep-appsec-platform/azure-pr-comments) PR comments guides.
+* **Read-only code access for GitHub apps**: You can now grant **Read** (instead of **Read and write**) access to the Contents permission on the Semgrep GitHub app if you want code access without granting write permissions. See [Grant code access to Semgrep](/semgrep-appsec-platform/scm-code-access).
+
+## ⛓️ Semgrep Supply Chain
+
+### Changed
+
+* **Faster CVE coverage**: Semgrep now processes new CVE and security advisory information multiple times per day, with a maximum lag of one hour from upstream publication. Semgrep also ingests advisories from [OSV](https://osv.dev/) in addition to GitHub Security Advisories and Electron release notes. For major incidents, Semgrep's Security Research team ships advisories ahead of third-party databases. See the [Supply Chain overview](/semgrep-supply-chain/overview).
+
+## 🛡️ Semgrep Guardian
+
+### Changed
+
+* **Semgrep Plugin is now Semgrep Guardian**. The product previously known as Semgrep Plugin has been renamed to Semgrep Guardian. Functionality is unchanged: Guardian still bundles the Semgrep MCP server, hooks, and skills to scan code generated by AI coding agents in Claude Code, Codex, Cursor, Windsurf, VS Code, and GitHub Copilot. Existing `/mcp` documentation links redirect to [Semgrep Guardian](/guardian).
+
+### Added
+
+* **VS Code and GitHub Copilot support**: The Guardian setup guide now includes dedicated instructions for installing Semgrep Guardian in VS Code (via `.vscode/mcp.json` or the user MCP config) and for GitHub Copilot across Visual Studio, JetBrains, Xcode, and Eclipse. See [Semgrep Guardian](/guardian).