From ac90099ade82c026a802c348e33f5970b1810ddb Mon Sep 17 00:00:00 2001 From: Haksung Jang Date: Sat, 6 Jun 2026 00:06:10 +0900 Subject: [PATCH] =?UTF-8?q?fix(landing,i18n):=20=ED=9E=88=EC=96=B4?= =?UTF-8?q?=EB=A1=9C=20=EC=95=A1=EC=84=BC=ED=8A=B8=20=ED=8F=B4=EB=B0=B1=20?= =?UTF-8?q?+=20=EC=98=81=EB=AC=B8=20=EB=B3=B8=EB=AC=B8=20=EA=B8=B0?= =?UTF-8?q?=EA=B3=84=EB=B2=88=EC=97=AD=20=ED=8B=B0=20=EC=A0=95=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit QA(#1): - 히어로 titleAccent에 폴백 색(#8ab4f8) 추가 — background-clip:text 미지원 브라우저에서 액센트가 사라지던 문제 방지. (명암비는 계산상 AA 통과: 메타 ~6:1, 타이틀·서브타이틀 그 이상, 목업 텍스트는 aria-hidden 면제) 영문 품질(#2): - en 본문의 기계번역 티(`,,`로 끊긴 문장) 8곳을 자연스러운 영어로 정리(supply-chain, sbom-generation×4, vulnerability, training) 검증: build ko/en SUCCESS, 0 broken, verify 12/12 --- .../current/00-overview/supply-chain.md | 9 ++------- .../current/05-tools/sbom-generation/index.md | 8 ++++---- .../current/05-tools/vulnerability/index.md | 2 +- .../current/06-training/index.md | 2 +- website/src/components/Home/Hero/styles.module.css | 3 ++- 5 files changed, 10 insertions(+), 14 deletions(-) diff --git a/website/i18n/en/docusaurus-plugin-content-docs/current/00-overview/supply-chain.md b/website/i18n/en/docusaurus-plugin-content-docs/current/00-overview/supply-chain.md index 9be439b..d4d18b6 100644 --- a/website/i18n/en/docusaurus-plugin-content-docs/current/00-overview/supply-chain.md +++ b/website/i18n/en/docusaurus-plugin-content-docs/current/00-overview/supply-chain.md @@ -95,10 +95,7 @@ If we had SBOM, we would have been able to immediately identify and respond to a #### XZ Utils (2024, CVE-2024-3094) **Incident Overview** -The attacker had been working on the XZ Utils open source project for two years under the pseudonym "Jia Tan". -Acted as a reliable contributor. After building trust through regular contributions over a long period of time,, -sshd(SSH daemon)committed malicious code to insert a backdoor into -Full-scale spread was prevented due to the discovery of anomalies by a developer just before distribution. +For two years, an attacker using the pseudonym "Jia Tan" contributed to the XZ Utils open source project as a seemingly reliable contributor. After building trust through regular contributions over a long period, they committed malicious code that inserted a backdoor into sshd (the SSH daemon). Full-scale spread was prevented when a developer noticed anomalies just before distribution. **Scope of Influence** Fedora, Debian,Many major Linux distributions, including Ubuntu, already included vulnerable versions. @@ -127,9 +124,7 @@ This is an executive order strengthening cybersecurity signed by the Biden admin - Software Development Security Practices(Secure Software Development Practices)Compliance confirmation **Impact on Korean companies** -Companies that supply directly to the U.S. federal government are immediately affected. -indirect supply chain(Subcontracting by the delivery company)Since there is a trend of receiving the same requirements,, -It should be assumed that most companies operating in the US market will be affected. +Companies that supply directly to the U.S. federal government are immediately affected. Because the same requirements increasingly flow down the indirect supply chain (through subcontracting by the supplying company), most companies operating in the U.S. market should assume they will be affected too. --- diff --git a/website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/sbom-generation/index.md b/website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/sbom-generation/index.md index db44edd..c2af91b 100644 --- a/website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/sbom-generation/index.md +++ b/website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/sbom-generation/index.md @@ -40,7 +40,7 @@ There are two approaches to generating SBOM: **Dependency Analysis** is a packag | syft | Anchore | fast and light,single binary,Multiple language support | Python, Node.js, Go | | cdxgen | CycloneDX | CycloneDX only,Detailed analysis by language | Java(Maven/Gradle),When precise analysis is required | -Both tools can output in CycloneDX JSON format,,This chapter uses CycloneDX as the standard format. +Both tools can output CycloneDX JSON; this chapter uses CycloneDX as the standard format. **Source Code Scan Tool**(optional) @@ -48,7 +48,7 @@ Both tools can output in CycloneDX JSON format,,This chapter uses CycloneDX as t | ------- | ---------------- | ---------------------------------------------------------------------------- | --------------------------------------------------------------------- | | SCANOSS | SCANOSS | File-by-file snippet scanning,Cloud + On-Premise,API integration,create SBOM | Source code direct embedding detection,Precise License Identification | -[SCANOSS](https://www.scanoss.com/)has the advantage of detecting open source code fragments copied and inserted directly without package declaration at the file level. Because their roles are complementary to syft/cdxgen,,Parallel use is recommended when source level precision is required. +[SCANOSS](https://www.scanoss.com/)has the advantage of detecting open source code fragments copied and inserted directly without package declaration at the file level. Because its role is complementary to syft/cdxgen, parallel use is recommended when source-level precision is required. > FOSSLight, SW360,For a guide to the introduction and use of SCA and compliance tools such as FOSSology, see [KWG Open Source Guide — Tools](https://openchain-project.github.io/OpenChain-KWG/guide/opensource_for_enterprise/4-tool/)See . @@ -104,7 +104,7 @@ docker ps If it runs without errors, Docker is ready. :::tip When proceeding without Docker -If you don't have Docker installed or just want to get started quickly for lab purposes,,Use the pre-prepared sample SBOM with the command below. +If you don't have Docker installed, or just want to get started quickly for lab purposes, use the pre-prepared sample SBOM with the command below. ```bash mkdir -p output/sbom @@ -251,7 +251,7 @@ After checking all the items below, proceed to the next step. ## 5. Next steps -When SBOM creation and license analysis are completed,,SBOM Moves to the stage of establishing a management system. +Once SBOM creation and license analysis are complete, move on to establishing an SBOM management system. :::tip Check before execution Terminate the current Claude session first(`/exit` or `Ctrl+C`)After doing it,Run the command below in a new terminal. diff --git a/website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/vulnerability/index.md b/website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/vulnerability/index.md index 70f682a..6081941 100644 --- a/website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/vulnerability/index.md +++ b/website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/vulnerability/index.md @@ -11,7 +11,7 @@ self_study_time: 1 hour ## 1. What we do in this chapter -Based on SBOM, the open source components you are using are scanned for known CVE vulnerabilities. Rather than simply selecting a list,,It even covers assessing severity with CVSS scores and determining response priorities. +Using the SBOM, the open source components you depend on are scanned for known CVE vulnerabilities. Beyond simply listing them, this chapter also covers assessing severity with CVSS scores and determining response priorities. After completing this chapter, the `vulnerability-analyst` agent will automatically generate `output/vulnerability/cve-report.md` and `output/vulnerability/remediation-plan.md` . Both documents identify vulnerabilities as required by ISO/IEC 18974,tracking,evaluation,It becomes the basis for the response process. diff --git a/website/i18n/en/docusaurus-plugin-content-docs/current/06-training/index.md b/website/i18n/en/docusaurus-plugin-content-docs/current/06-training/index.md index 961760e..35c466d 100644 --- a/website/i18n/en/docusaurus-plugin-content-docs/current/06-training/index.md +++ b/website/i18n/en/docusaurus-plugin-content-docs/current/06-training/index.md @@ -13,7 +13,7 @@ self_study_time: 1 hour Establish training curriculum for each occupation,Creating a completion tracking system,We organize educational resources that you can use for free. Completing this chapter will provide a foundation for all relevant members of your organization to understand and implement open source policies and processes. -Both standards require proof that personnel and relevant members have completed training. No matter how well you have policy documents and process procedures,,If members do not know the contents, actual compliance cannot be achieved. +Both standards require proof that personnel and relevant members have completed training. No matter how good your policy documents and process procedures are, if members don't know their contents, real compliance cannot be achieved. ## 2. Background knowledge:Why training is a standard requirement diff --git a/website/src/components/Home/Hero/styles.module.css b/website/src/components/Home/Hero/styles.module.css index e017aac..67e4600 100644 --- a/website/src/components/Home/Hero/styles.module.css +++ b/website/src/components/Home/Hero/styles.module.css @@ -82,11 +82,12 @@ } .titleAccent { + /* 폴백: background-clip:text 미지원 시 보이는 라이트 블루 */ + color: #8ab4f8; background: linear-gradient(90deg, #aecbfa 0%, #8ab4f8 42%, #c2a8ff 100%); -webkit-background-clip: text; background-clip: text; -webkit-text-fill-color: transparent; - color: transparent; } .subtitle {