diff --git a/docs/release-notes/january-2024.md b/docs/release-notes/january-2024.md
new file mode 100644
index 000000000..45bfe3975
--- /dev/null
+++ b/docs/release-notes/january-2024.md
@@ -0,0 +1,137 @@
+---
+slug: january-2024
+hide_title: true
+description: >-
+ Release notes include the changes, fixes, and additions in specific versions of Semgrep.
+toc_max_heading_level: 3
+title: January 2024
+tags:
+ - Release notes
+---
+
+# Semgrep release notes for January 2024
+
+## 🔧 OSS Engine
+
+* The following versions of the OSS Engine were released in January 2024:
+ * [1.55.1](https://github.com/semgrep/semgrep/releases/tag/v1.55.1)
+ * [1.55.2](https://github.com/semgrep/semgrep/releases/tag/v1.55.2)
+ * [1.56.0](https://github.com/semgrep/semgrep/releases/tag/v1.56.0)
+ * [1.57.0](https://github.com/semgrep/semgrep/releases/tag/v1.57.0)
+ * [1.58.0](https://github.com/semgrep/semgrep/releases/tag/v1.58.0)
+ * [1.59.0](https://github.com/semgrep/semgrep/releases/tag/v1.59.0)
+
+## 🌐 Cloud Platform
+
+### Added
+
+* Semgrep's Visual Studio Code extension now runs natively on Windows machines.
+* Added ability for organizations to test connections to GitHub and GitLab by going to
+ **Settings** > **Source Code Managers**.
+* Projects are now moved from the **Scanning** to **Not scanning** tab when the
+ corresponding GitHub repository is archived.
+* **CLI tool**:
+ * Added color-coded severity icons, such as `❯❯❱`, to the CLI
+ output for findings of known severity.
+ * Metrics sent from the CLI and collected by Semgrep now include a breakdown of the number
+ of findings per product.
+ * Rules stored under a hidden directory, such as
+ `dir/.hidden/myrule.yml`, are now processed when scanning with the `--config`
+ flag.
+
+### Changed
+
+* Renamed the **Upgrade** page to **Usage & billing**.
+* Redesigned the **Settings** > **Source Code Managers** page; changes include:
+ * Renamed the **Remove SCM config** button to **Disconnect**.
+ * Set the **Remove app** button to only show up for registered GitHub apps.
+* Improved the page load times for the **Settings** > **Source Code Managers**
+ page, especially for organizations with many source code managers connected.
+* Updated de-duplication logic for users with multiple source code managers.
+
+### Fixed
+
+* Fixed an issue where paid subscribers couldn't submit support cases through
+ the **Help** page.
+* **CLI tool**:
+ * Fixed an issue where multi-line comments in Dockerfiles weren't
+ parsed correctly.
+ * Fixed an issue where Semgrep used `/tmp` instead of the path set
+ in the `TMPDIR` environment variable for the Semgrep cache.
+ * Fixed an issue where Semgrep would error on reading a
+ `nosemgrep` comment with multiple rule IDs.
+
+## 💻 Code
+
+### Added
+
+- **Swift**: Now supports typed metavariables, such as `($X : ty)`.
+- **Java**: You can now use metavariable ellipses properly in function arguments, as statements, and as expressions. For instance, you may write the pattern:
+ ```
+ public $F($...ARGS) { ... }
+ ```
+- **C++ with Semgrep Pro Engine**: Improved translation of delete expressions to the dataflow so that
+recently added at-exit sinks work on them. Previously, delete expression at "exit" positions were not being properly recognized as such.
+
+### Changed
+
+- Improved loading times for **Dashboard** and **Findings** pages.
+- Redesigned the **Findings** page to display issues present on multiple branches,
+ regardless of which branch is used as a filter.
+
+### Fixed
+
+- **Editor**: Fixed a bug where the editor could crash due to rules having more than one metadata subcategory.
+- Fixed a bug in which **open** findings were counted differently between the **Code** and **Dashboard** pages in Semgrep Cloud Platform. The counts now match.
+- **Findings** page:
+ - Fixed a bug in which leaving a note automatically triaged a finding. Now, the state of the finding does not change when a user leaves a note.
+ - Fixed a bug in which **fixed** findings were triagable despite their already fixed state through the rule group checkbox. Now these findings are not triagable.
+ - Fixed an issue where hovering over the Assistant's **Analyze** button caused the window to jitter.
+
+## ⛓️ Supply Chain
+
+### Added
+
+* Added ability to manually create custom dependency exceptions under **Supply
+ Chain** > **Settings**. This helps prevent blocking a pull request or merge
+ request due to licensing issues. For example, if `bitwarden/cli@2023.9.0`,
+ which has a GPL-3.0 license, is on the allowlist, setting a custom dependency
+ exception means that the exclusion won't fail when upgrading to
+ `bitwarden/cli@2023.9.1`.
+
+### Changed
+
+- **Vulnerabilities page**: Improved filtering performance.
+- Software bill of materials (SBOM) generation is now generally available (GA).
+- The **Dependencies** tab is now GA.
+
+### Fixed
+
+* Fixed an issue where Semgrep couldn't parse a Pipfile correctly if it had a
+ `[dev-packages]` section.
+* Fixed a bug where `Gemfile.lock` files with multiple `GEM` sections weren't parsed correctly.
+
+## 🔐 Secrets (beta)
+
+### Fixed
+
+- Fixed a bug with custom secrets rules in which rule visibility could be set to `unlisted`. Now, to protect the privacy of secrets rules, users cannot set Secrets rules to any other visibility except for **private**.
+
+## 📝 Documentation and knowledge base
+
+### Added
+
+- Added [legal information](/semgrep-code/semgrep-assistant-code/#privacy-and-legal-considerations) about Semgrep Assistant.
+- Added documentation about Semgrep Assistant's Component and Recommendation filters.
+- Knowledge base articles:
+ - Troubleshoot why [SAML stops working](/kb/semgrep-cloud-platform/saml-stops-working/)
+ - [Troubleshooting "You are seeing this because the engine was killed" on monorepos](/kb/semgrep-code/scan-engine-kill/)
+- Added guidance on running Semgrep Supply Chain scans [in the CLI](/semgrep-supply-chain/getting-started/#run-a-scan-using-the-cli ).
+
+### Changed
+
+
+- Updated the Semgrep Supply Chain [languages table](/supported-languages/#semgrep-supply-chain) to clarify that **lockfile-only** languages do not have reachable rules.
+- Updated documentation on event triggers for diff-aware and full scans.
+- Updated [Licensing](/licensing) documentation for Semgrep Supply Chain and Semgrep Secrets.
+- Updated the [Findings](/docs/semgrep-code/findings/) documentation page.
diff --git a/docs/release-notes/latest.md b/docs/release-notes/latest.md
index d85f1ccfe..46a79372c 100644
--- a/docs/release-notes/latest.md
+++ b/docs/release-notes/latest.md
@@ -9,136 +9,129 @@ tags:
- Release notes
---
-# Semgrep release notes for December 2023
+# Semgrep release notes for January 2024
## 🔧 OSS Engine
-* The following versions of the OSS Engine were released in December 2023:
-
- * [
- 1.52.0](https://github.com/returntocorp/semgrep/releases/tag/v1.52.0)
- * [
- 1.53.0](https://github.com/returntocorp/semgrep/releases/tag/v1.53.0)
- * [
- 1.54.0](https://github.com/returntocorp/semgrep/releases/tag/v1.54.0)
- * [
- 1.54.1](https://github.com/returntocorp/semgrep/releases/tag/v1.54.1)
+* The following versions of the OSS Engine were released in January 2024:
+ * [1.55.1](https://github.com/semgrep/semgrep/releases/tag/v1.55.1)
+ * [1.55.2](https://github.com/semgrep/semgrep/releases/tag/v1.55.2)
+ * [1.56.0](https://github.com/semgrep/semgrep/releases/tag/v1.56.0)
+ * [1.57.0](https://github.com/semgrep/semgrep/releases/tag/v1.57.0)
+ * [1.58.0](https://github.com/semgrep/semgrep/releases/tag/v1.58.0)
+ * [1.59.0](https://github.com/semgrep/semgrep/releases/tag/v1.59.0)
## 🌐 Cloud Platform
### Added
-* Semgrep IDE integrations now cache information about the current repository so
- that it doesn't traverse the entire repository on every scan to determine if
- the files are valid targets for scanning; this improves scan times.
-* Users can now ignore findings locally in Semgrep IDE extensions. The changes
-persist between restarts, though they're not reported back to Semgrep Cloud
-Platform and don't affect the remote repository or other users. Note that these findings
-are still detected when Semgrep scans your code, typically when opening a pull
-request or merge request.
-* The metrics collected now include more granular information to help
-differentiate scans using different engine capabilities, such as intraprocedural
-scans without secrets validation versus intraprocedural scans *with* secrets
-validation.
-* **CLI tool**: Added new `semgrep test` subcommand, which is an alias for
-`semgrep scan --test`. **Note**: If the **name** of the directory you are
-scanning is `test`, use `semgrep scan test` to avoid confusion with the new
-`semgrep test` subcommand.
+* Semgrep's Visual Studio Code extension now runs natively on Windows machines.
+* Added ability for organizations to test connections to GitHub and GitLab by going to
+ **Settings** > **Source Code Managers**.
+* Projects are now moved from the **Scanning** to **Not scanning** tab when the
+ corresponding GitHub repository is archived.
+* **CLI tool**:
+ * Added color-coded severity icons, such as `❯❯❱`, to the CLI
+ output for findings of known severity.
+ * Metrics sent from the CLI and collected by Semgrep now include a breakdown of the number
+ of findings per product.
+ * Rules stored under a hidden directory, such as
+ `dir/.hidden/myrule.yml`, are now processed when scanning with the `--config`
+ flag.
### Changed
-* **OCaml**: Switched to a tree-sitter-based parser instead of the Menhir
- parser.
-* **Rust**: Updated the parser used for Rust.
+* Renamed the **Upgrade** page to **Usage & billing**.
+* Redesigned the **Settings** > **Source Code Managers** page; changes include:
+ * Renamed the **Remove SCM config** button to **Disconnect**.
+ * Set the **Remove app** button to only show up for registered GitHub apps.
+* Improved the page load times for the **Settings** > **Source Code Managers**
+ page, especially for organizations with many source code managers connected.
+* Updated de-duplication logic for users with multiple source code managers.
### Fixed
-* Fixed an issue where webhooks stopped working.
-* Fixed an issue so that clicking **Start Tour** now restarts the Getting Started
- tutorial.
-* Fixed an issue where the **Members** page doesn't display a user's new role until
- the page reloads.
-* Fixed an issue where users switching organizations would result in a 404.
-
-* Fixed the **Connect to** button under **Settings** > **Source Code Managers**
- so that it displays correctly based on whether the user can connect to a
- source code manager.
-* **CLI tool**: Updated CLI error message to clarify that users should log in
- before running either:
- * `semgrep ci`
- * `semgrep scan --config`
-
-## 💻 Code
+* Fixed an issue where paid subscribers couldn't submit support cases through
+ the **Help** page.
+* **CLI tool**:
+ * Fixed an issue where multi-line comments in Dockerfiles weren't
+ parsed correctly.
+ * Fixed an issue where Semgrep used `/tmp` instead of the path set
+ in the `TMPDIR` environment variable for the Semgrep cache.
+ * Fixed an issue where Semgrep would error on reading a
+ `nosemgrep` comment with multiple rule IDs.
-### Fixed
+## 💻 Code
-* Fixed an issue where Semgrep Code findings marked as **fixed** can be triaged through
- the rule group. Once a finding is fixed, its triage status can't be changed back
- to **ignored**.
-
-* Fixed an issue where the rule information card and the rule preview are missing
- for older findings; all findings now display this information.
-
-* Fixed an issue where the finding's severity displayed doesn't match the rule's
- severity once the rule has been updated.
+### Added
-## ⛓️ Semgrep Supply Chain
+- **Swift**: Now supports typed metavariables, such as `($X : ty)`.
+- **Java**: You can now use metavariable ellipses properly in function arguments, as statements, and as expressions. For instance, you may write the pattern:
+ ```
+ public $F($...ARGS) { ... }
+ ```
+- **C++ with Semgrep Pro Engine**: Improved translation of delete expressions to the dataflow so that
+recently added at-exit sinks work on them. Previously, delete expression at "exit" positions were not being properly recognized as such.
### Changed
-* Fixed an issue where empty tables in `pyproject.toml` files would fail to parse.
+- Improved loading times for **Dashboard** and **Findings** pages.
+- Redesigned the **Findings** page to display issues present on multiple branches,
+ regardless of which branch is used as a filter.
-## 🤖 Assistant (beta)
+### Fixed
+
+- **Editor**: Fixed a bug where the editor could crash due to rules having more than one metadata subcategory.
+- Fixed a bug in which **open** findings were counted differently between the **Code** and **Dashboard** pages in Semgrep Cloud Platform. The counts now match.
+- **Findings** page:
+ - Fixed a bug in which leaving a note automatically triaged a finding. Now, the state of the finding does not change when a user leaves a note.
+ - Fixed a bug in which **fixed** findings were triagable despite their already fixed state through the rule group checkbox. Now these findings are not triagable.
+ - Fixed an issue where hovering over the Assistant's **Analyze** button caused the window to jitter.
+
+## ⛓️ Supply Chain
### Added
-* Added the **Analyze** button to Semgrep Cloud Platform's **Code** page, which
-triggers all Assistant functions on selected findings, including autofix, autotriage, and component
-tagging. After Assistant performs these functions, users
-can see their results if they filter for findings based on **Recommendation** or
-by **Component**. Additionally, users who choose **No Grouping** instead of
-**Group by Rule** see false positive and true positive recommendations when
-viewing their finding details pages.
+* Added ability to manually create custom dependency exceptions under **Supply
+ Chain** > **Settings**. This helps prevent blocking a pull request or merge
+ request due to licensing issues. For example, if `bitwarden/cli@2023.9.0`,
+ which has a GPL-3.0 license, is on the allowlist, setting a custom dependency
+ exception means that the exclusion won't fail when upgrading to
+ `bitwarden/cli@2023.9.1`.
-## 🔐 Secrets (beta)
+### Changed
-### Added
+- **Vulnerabilities page**: Improved filtering performance.
+- Software bill of materials (SBOM) generation is now generally available (GA).
+- The **Dependencies** tab is now GA.
+
+### Fixed
+
+* Fixed an issue where Semgrep couldn't parse a Pipfile correctly if it had a
+ `[dev-packages]` section.
+* Fixed a bug where `Gemfile.lock` files with multiple `GEM` sections weren't parsed correctly.
-* Added support for custom validator rules, which can be written using Semgrep's
- Rules Editor and run using `semgrep ci --allow-untrusted-validators`. Note
- that custom validator rules are private and can't be shared to Semgrep
- Registry.
+## 🔐 Secrets (beta)
### Fixed
-* Fixed an issue where the **Ignore** button doesn't work when triaging Secrets.
-
+- Fixed a bug with custom secrets rules in which rule visibility could be set to `unlisted`. Now, to protect the privacy of secrets rules, users cannot set Secrets rules to any other visibility except for **private**.
## 📝 Documentation and knowledge base
### Added
-* Added [Quickstart](/docs/getting-started/quickstart/).
-* Added [Privacy and legal considerations](/docs/semgrep-code/semgrep-assistant-code#privacy-and-legal-considerations) information for Semgrep Assistant.
-* New knowledge base articles:
- * [Fix pattern parse errors when running rules](/docs/kb/rules/pattern-parse-error)
- * [How to scan a large monorepo](/docs/kb/semgrep-code/scanning-large-monorepo)
- * [Scanning a monorepo in parts](/kb/semgrep-ci/scan-monorepo-in-parts)
- * [SSO Error: Signature validation failed. SAML Response rejected](/docs/kb/semgrep-cloud-platform/saml-bad-signature)
- * [Troubleshooting "You are seeing this because the engine was killed" on monorepos](/docs/kb/semgrep-code/scan-engine-kill)
+- Added [legal information](/semgrep-code/semgrep-assistant-code/#privacy-and-legal-considerations) about Semgrep Assistant.
+- Added documentation about Semgrep Assistant's Component and Recommendation filters.
+- Knowledge base articles:
+ - Troubleshoot why [SAML stops working](/kb/semgrep-cloud-platform/saml-stops-working/)
+ - [Troubleshooting "You are seeing this because the engine was killed" on monorepos](/kb/semgrep-code/scan-engine-kill/)
+- Added guidance on running Semgrep Supply Chain scans [in the CLI](/semgrep-supply-chain/getting-started/#run-a-scan-using-the-cli ).
### Changed
-* Updated overview articles for [Semgrep Code](/semgrep-code/overview/) and
- [Semgrep Supply Chain](/docs/semgrep-supply-chain/overview/).
-* Updated documentation on setting up pull request or merge request comments for
- [GitHub](/docs/semgrep-cloud-platform/github-pr-comments/),
- [GitLab](/docs/semgrep-cloud-platform/gitlab-mr-comments/), and
- [Bitbucket](/docs/semgrep-cloud-platform/bitbucket-pr-comments/) users.
-* General improvements to API docs, including clarification of usage
- instructions for Supply Chain and Secrets endpoints.
-
-### Fixed
-
-* Minor corrections and updates to various articles.
+
+- Updated the Semgrep Supply Chain [languages table](/supported-languages/#semgrep-supply-chain) to clarify that **lockfile-only** languages do not have reachable rules.
+- Updated documentation on event triggers for diff-aware and full scans.
+- Updated [Licensing](/licensing) documentation for Semgrep Supply Chain and Semgrep Secrets.
+- Updated the [Findings](/docs/semgrep-code/findings/) documentation page.
diff --git a/sidebars.js b/sidebars.js
index 6cb30d18b..a18394b88 100644
--- a/sidebars.js
+++ b/sidebars.js
@@ -508,6 +508,18 @@ module.exports = {
link: {type: 'doc', id: 'release-notes/introduction'},
items: [
'release-notes/latest',
+ {
+ type: 'category',
+ label: '2024',
+ collapsible: true,
+ link: {
+ type: 'generated-index',
+ title: '2024 Release notes'
+ },
+ items: [
+ 'release-notes/january-2024'
+ ]
+ },
{
type: 'category',
label: '2023',