fix: dashboard queue elements (#40)

* fix: dashboard queue elements
* feat: gif on readme

---------

Signed-off-by: chris <chris@trivialsec.com>
Co-authored-by: Christopher Langton <chris@langton.cloud>
Co-authored-by: chris <chris@trivialsec.com>

README.md

@@ -1,4 +1,5 @@
 # Vulnetix
+
 <img align="right" height="300" src="./src/assets/images/pix.png">
 
 <br>
@@ -13,6 +14,8 @@ This is a preview, under active development, so you will encounter bugs while we
 
 > **Note**: If you install now, you will forever gain access to Vulnetix - this is by design for all GitHub Apps that add a paid plan later.
 
+![pitch video](.repo/pitch.gif)
+
 #### The Problem
 
 Organizations producing software face an ever-growing number of vulnerabilities. Even unchanged software can encounter new vulnerabilities due to the dependencies and their own nested dependencies. This creates a deep and complex web of risks that can become unmanageable. As the codebase grows, so does the number of vulnerabilities, overwhelming vulnerability management and software development teams.
@@ -25,6 +28,8 @@ Globally, as more software is created, the discovery of vulnerabilities increase
 
 Vulnetix offers a revolutionary approach to vulnerability management by shifting the focus from discovery to outcomes. Instead of just identifying vulnerabilities, Standards adhering discovery and reporting, with automation to significantly reduce manual effort.
 
+![Dashboard](.repo/dashboard.png)
+
 No other tool avoids vendor lock-in by design.
 
 No other founder has automated millions of vulnerability resolutions themselves.
@@ -45,8 +50,6 @@ With Vulnetix, streamline your vulnerability management, reduce manual efforts,
 
 Check the marketplace listing above for more.
 
-![Dashboard](.repo/dashboard.png)
-
 ![GitHub Repos](.repo/ghrepos.png)
 
 ![GitHub Tokens](.repo/ghtokens.png)
@@ -61,12 +64,12 @@ Check the marketplace listing above for more.
 
 Vulnetix will offer a range of features to streamline vulnerability management:
 
-1. **SBOM**: The app takes input data from SPDX, and CycloneDX.
-2. **Data Enrichment**: Users can add optional API keys to enrich their data.
+1. **SBOM**: The app ingests (uploads/webhooks) SPDX and CycloneDX.
+2. **Data Enrichment**: Users can BYO optional API keys to enrich their data.
 3. **Policy and Compliance**: Ensures policy and compliance adherence using OSCAL.
-4. **SAST**: Ingestion of SARIF format SAST scanner outputs.
-5. **GitHub App**: Provides an optional integration interface for SBOM, SPDX, and SCA Dependabot alerts.
-6. **Cloud Dashboard**: Offers a cloud-based dashboard for reporting and manual SBOM uploads.
+4. **SAST**: Ingestion (uploads/webhooks) of SARIF format SAST scanner outputs.
+5. **GitHub App**: Provides an optional integration interface for SBOM, SPDX, SCA Dependabot alerts, and Secrets Scanning.
+6. **SaaS**: Offers a cloud-based dashboard for reporting and manual SBOM Ingestion (uploads/webhooks) for workflows outside GitHub.
 7. **VEX**: Utilizes git commit messages following conventional commit messages for VEX creation.
 8. **Auditing**: Enable all auditing actions resulting in a VEX through the cloud dashboard.
 9. **Standardized Reporting**: All reporting in the cloud dashboard uses SARIF, CycloneDX, and VEX formats, ensuring compatibility with modern tools and avoiding vendor lock-in. Tools producing SBOMs are considered modern, while others are regarded as legacy and need modernization.
@@ -76,12 +79,10 @@ Vulnetix will offer a range of features to streamline vulnerability management:
 Vulnetix is designed to handle various aspects of vulnerability management effectively. Here are the key data points the app processes:
 
 1. **Fix Intel**: Determines if patching the issue is possible or if fixing requires coding.
-2. **Patch Availability**: Checks if a patch is available now, provides VEX and an exception PR for CodeQL or Supported SCA functions.
-3. **Auto Patch**: Automatically opens a pull request for available patches that tools like Dependabot are unable to.
-4. **Non-breaking changes**: Ensures auto patches are possible without causing breaking changes using your existing testing workflow.
-5. **Vulnerability Enrichment**: Enhances data from CPE, CISA KEV, and published exploit PoCs.
-6. **Code Reachability**: Assesses the reachability of reported vulnerable code within the application and opens PR for false positive exception handling.
-7. **Exploit Status and Maturity**: Tracks the status and maturity of exploits.
-8. **Exploitation Awareness**: Monitors if vulnerabilities are known to be exploited via VulnCheck KEV or CISA KEV.
-9. **Exploitation Forecast**: Predicts exploitation expectations over the next 30 days using EPSS.
-10. **Triage Decisions**: Makes triage decisions using the SSVC framework. Reporting VM outcomes rather than discovery metrics.
+2. **Patch Availability**: Checks if a patch is available now.
+3. **Auto Patch**: Automatically opens a pull request for available patches.
+4. **Vulnerability Enrichment**: Enhances data from CPE, CISA KEV, and published exploit PoCs.
+5. **Exploit Status and Maturity**: Tracks the status and maturity of exploits.
+6. **Exploitation Awareness**: Monitors if vulnerabilities are known to be exploited via VulnCheck KEV or CISA KEV.
+7. **Exploitation Forecast**: Predicts exploitation expectations over the next 30 days using EPSS.
+8. **Triage Decisions**: Makes triage decisions using the SSVC framework.