docs: expand proactive SCA section — Trivy prerequisite and setup paths

docs/organizations/managing-security-and-risk.md

@@ -189,15 +189,9 @@
 
 ### How Codacy manages findings detected during software composition analysis (SCA) {: id="opening-and-closing-sca-items"}
 
-!!! note
-    To make sure that Codacy detects dependency issues correctly, [enable code patterns](../repositories-configure/configuring-code-patterns.md) belonging to the Trivy tool. 
-
-Vulnerable dependencies are a specific GIT repository finding. Similarly to other repository findings, Codacy opens an issue whenever a commit is analyzed.
+SCA findings behave like other Git repository findings. Codacy opens a finding whenever a commit to the default branch is analyzed and a vulnerable dependency is detected, and closes it when the dependency is no longer detected.
 
-Additionally, Codacy scans your codebase every evening to see if it's affected by any newly discovered vulnerabilities.
-
-!!! important
-    The proactive SCA scanning is a business tier feature. If you are a Codacy Pro customer interested in upgrading to gain access to this feature, reach out to our customer success team.
+On the Business plan, Codacy also runs [daily re-scans](#proactive-sca-requirements) across all repositories — so newly discovered vulnerabilities are surfaced even without a new commit. [Talk to us](https://start-chat.com/slack/codacy/rmbTzb) if you're interested in upgrading.
 
 
 ### How Codacy manages findings detected on Jira {: id="opening-and-closing-jira-items"}
@@ -569,10 +563,28 @@
 ## Dependencies {: id="dependencies-list"}
 
 !!! important
-    The dependency tab is a business-tier feature. If you are a Codacy Pro customer interested in upgrading to gain access to this feature, contact our customer success team.
+    The dependency tab is a business-tier feature. If you are a Codacy Pro customer interested in upgrading to gain access to this feature, [talk to us](https://start-chat.com/slack/codacy/rmbTzb).
+
+The **Security and risk management Dependencies** page displays a unified view of all dependencies used by your repositories, populated by Codacy's daily SCA re-scans.
+
+### Daily re-scan requirements {: id="proactive-sca-requirements"}
+
+Proactive SCA uses **Trivy** as its scanning tool. For daily re-scans to produce results on a repository, **both** conditions must be met:
+
+1. The **Trivy tool** is enabled — either through a [coding standard](using-coding-standards.md) applied to the repository, or directly via the repository's [Code patterns settings](../repositories-configure/configuring-code-patterns.md).
+2. At least one **Trivy vulnerability pattern** is enabled:
+    -   `Trivy_vulnerability_critical`
+    -   `Trivy_vulnerability_high`
+    -   `Trivy_vulnerability_medium`
+    -   `Trivy_vulnerability_minor`
+    -   `Trivy_malicious_packages`
+
+To enable Trivy across your organization, you can:
 
+-   **Recommended — via coding standard:** [Add Trivy to a coding standard](using-coding-standards.md), enable its vulnerability patterns in the standard configuration, and apply the standard to your repositories. This covers all linked repositories in one step.
+-   **Per repository:** Open each repository's [Code patterns page](../repositories-configure/configuring-code-patterns.md), enable the Trivy tool, and enable the relevant vulnerability patterns.
 
-The **Security and risk management Dependencies** page displays a unified view of all dependencies used by your repositories. 
+### Viewing your dependencies
 
 To access the dependencies page, access the [overview page](#dashboard) and click the **Dependencies** tab.