Landing QA fixes + English content quality cleanup

website/i18n/en/docusaurus-plugin-content-docs/current/00-overview/supply-chain.md

@@ -95,10 +95,7 @@ If we had SBOM, we would have been able to immediately identify and respond to a
 #### XZ Utils (2024, CVE-2024-3094)
 
 **Incident Overview**
-The attacker had been working on the XZ Utils open source project for two years under the pseudonym "Jia Tan".
-Acted as a reliable contributor. After building trust through regular contributions over a long period of time,,
-sshd(SSH daemon)committed malicious code to insert a backdoor into
-Full-scale spread was prevented due to the discovery of anomalies by a developer just before distribution.
+For two years, an attacker using the pseudonym "Jia Tan" contributed to the XZ Utils open source project as a seemingly reliable contributor. After building trust through regular contributions over a long period, they committed malicious code that inserted a backdoor into sshd (the SSH daemon). Full-scale spread was prevented when a developer noticed anomalies just before distribution.
 
 **Scope of Influence**
 Fedora, Debian,Many major Linux distributions, including Ubuntu, already included vulnerable versions.
@@ -127,9 +124,7 @@ This is an executive order strengthening cybersecurity signed by the Biden admin
 - Software Development Security Practices(Secure Software Development Practices)Compliance confirmation
 
 **Impact on Korean companies**
-Companies that supply directly to the U.S. federal government are immediately affected.
-indirect supply chain(Subcontracting by the delivery company)Since there is a trend of receiving the same requirements,,
-It should be assumed that most companies operating in the US market will be affected.
+Companies that supply directly to the U.S. federal government are immediately affected. Because the same requirements increasingly flow down the indirect supply chain (through subcontracting by the supplying company), most companies operating in the U.S. market should assume they will be affected too.
 
 ---
 

website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/sbom-generation/index.md

@@ -40,15 +40,15 @@ There are two approaches to generating SBOM: **Dependency Analysis** is a packag
 | syft   | Anchore            | fast and light,single binary,Multiple language support | Python, Node.js, Go                                  |
 | cdxgen | CycloneDX          | CycloneDX only,Detailed analysis by language           | Java(Maven/Gradle),When precise analysis is required |
 
-Both tools can output in CycloneDX JSON format,,This chapter uses CycloneDX as the standard format.
+Both tools can output CycloneDX JSON; this chapter uses CycloneDX as the standard format.
 
 **Source Code Scan Tool**(optional)
 
 | tools   | Operating entity | Features                                                                     | suitable situation                                                    |
 | ------- | ---------------- | ---------------------------------------------------------------------------- | --------------------------------------------------------------------- |
 | SCANOSS | SCANOSS          | File-by-file snippet scanning,Cloud + On-Premise,API integration,create SBOM | Source code direct embedding detection,Precise License Identification |
 
-[SCANOSS](https://www.scanoss.com/)has the advantage of detecting open source code fragments copied and inserted directly without package declaration at the file level. Because their roles are complementary to syft/cdxgen,,Parallel use is recommended when source level precision is required.
+[SCANOSS](https://www.scanoss.com/)has the advantage of detecting open source code fragments copied and inserted directly without package declaration at the file level. Because its role is complementary to syft/cdxgen, parallel use is recommended when source-level precision is required.
 
 > FOSSLight, SW360,For a guide to the introduction and use of SCA and compliance tools such as FOSSology, see [KWG Open Source Guide — Tools](https://openchain-project.github.io/OpenChain-KWG/guide/opensource_for_enterprise/4-tool/)See .
 
@@ -104,7 +104,7 @@ docker ps
 If it runs without errors, Docker is ready.
 
 :::tip When proceeding without Docker
-If you don't have Docker installed or just want to get started quickly for lab purposes,,Use the pre-prepared sample SBOM with the command below.
+If you don't have Docker installed, or just want to get started quickly for lab purposes, use the pre-prepared sample SBOM with the command below.
 
 ```bash
 mkdir -p output/sbom
@@ -251,7 +251,7 @@ After checking all the items below, proceed to the next step.
 
 ## 5. Next steps
 
-When SBOM creation and license analysis are completed,,SBOM Moves to the stage of establishing a management system.
+Once SBOM creation and license analysis are complete, move on to establishing an SBOM management system.
 
 :::tip Check before execution
 Terminate the current Claude session first(`/exit` or `Ctrl+C`)After doing it,Run the command below in a new terminal.

website/i18n/en/docusaurus-plugin-content-docs/current/05-tools/vulnerability/index.md

@@ -11,7 +11,7 @@ self_study_time: 1 hour
 
 ## 1. What we do in this chapter
 
-Based on SBOM, the open source components you are using are scanned for known CVE vulnerabilities. Rather than simply selecting a list,,It even covers assessing severity with CVSS scores and determining response priorities.
+Using the SBOM, the open source components you depend on are scanned for known CVE vulnerabilities. Beyond simply listing them, this chapter also covers assessing severity with CVSS scores and determining response priorities.
 
 After completing this chapter, the `vulnerability-analyst` agent will automatically generate `output/vulnerability/cve-report.md` and `output/vulnerability/remediation-plan.md` . Both documents identify vulnerabilities as required by ISO/IEC 18974,tracking,evaluation,It becomes the basis for the response process.
 

website/i18n/en/docusaurus-plugin-content-docs/current/06-training/index.md

@@ -13,7 +13,7 @@ self_study_time: 1 hour
 
 Establish training curriculum for each occupation,Creating a completion tracking system,We organize educational resources that you can use for free. Completing this chapter will provide a foundation for all relevant members of your organization to understand and implement open source policies and processes.
 
-Both standards require proof that personnel and relevant members have completed training. No matter how well you have policy documents and process procedures,,If members do not know the contents, actual compliance cannot be achieved.
+Both standards require proof that personnel and relevant members have completed training. No matter how good your policy documents and process procedures are, if members don't know their contents, real compliance cannot be achieved.
 
 ## 2. Background knowledge:Why training is a standard requirement
 

website/src/components/Home/Hero/styles.module.css

@@ -82,11 +82,12 @@
 }
 
 .titleAccent {
+  /* 폴백: background-clip:text 미지원 시 보이는 라이트 블루 */
+  color: #8ab4f8;
   background: linear-gradient(90deg, #aecbfa 0%, #8ab4f8 42%, #c2a8ff 100%);
   -webkit-background-clip: text;
   background-clip: text;
   -webkit-text-fill-color: transparent;
-  color: transparent;
 }
 
 .subtitle {