docs: add May 2026 release notes

docs/docs.json

@@ -977,6 +977,7 @@
                   {
                     "group": "2026",
                     "pages": [
+                      "release-notes/may-2026",
                       "release-notes/april-2026",
                       "release-notes/march-2026",
                       "release-notes/february-2026",

docs/release-notes/index.mdx

@@ -4,6 +4,26 @@ description: "Product updates and release notes for Semgrep Code, Supply Chain,
 rss: true
 ---
 
+<Update label="May 29, 2026 · 2 min read" tags={["Release notes"]}>
+## [May 2026](/release-notes/may-2026)
+
+The following updates were made to Semgrep in May 2026.
+
+<CardGroup>
+<Card title="Read more" icon="book" href="/release-notes/may-2026" horizontal/>
+</CardGroup>
+</Update>
+
+<Update label="May 12, 2026 · 8 min read" tags={["Release notes"]}>
+## [April 2026](/release-notes/april-2026)
+
+The following updates were made to Semgrep in April 2026.
+
+<CardGroup>
+<Card title="Read more" icon="book" href="/release-notes/april-2026" horizontal/>
+</CardGroup>
+</Update>
+
 <Update label="April 10, 2026 · 8 min read" tags={["Release notes"]}>
 ## [March 2026](/release-notes/march-2026)
 

docs/release-notes/may-2026.mdx

@@ -0,0 +1,31 @@
+---
+title: "May 2026"
+description: "May 2026 Semgrep release notes: auto-scan toggle, Semgrep Guardian rename, faster CVE ingestion with OSV, and Supply Chain updates."
+---
+
+The following updates were made to Semgrep in May 2026.
+
+## 🌐 Semgrep AppSec Platform
+
+### Added
+
+- Added an **Auto-scan** toggle to **Settings > Source code managers** so you can automatically scan every newly onboarded project for a given source code manager. See [Manage projects](/deployment/manage-projects).
+
+### Changed
+
+- **Semgrep Guardian** (previously **Semgrep Plugin**) has been renamed. The product still bundles the Semgrep MCP server, hooks, and skills for AI coding agents like Claude Code and Cursor. See [Semgrep Guardian](/guardian).
+- The **Not scanning** tab on the **Projects** page now lists archived repositories for GitHub, GitLab, and Bitbucket Data Center. Findings from archived projects continue to appear on the **Findings** pages. See [Manage projects](/deployment/manage-projects).
+- You can now grant the Semgrep GitHub app **Read** access to **Contents** (instead of **Read and write**) when you don't want to give Semgrep write permissions. See [SCM code access](/semgrep-appsec-platform/scm-code-access).
+
+## ⛓️ Semgrep Supply Chain
+
+### Changed
+
+- Semgrep now ingests CVE information and security advisories multiple times per day, with a maximum lag of one hour from upstream publication. [OSV](https://osv.dev/) has been added as a source alongside GitHub Security Advisories and Electron release notes.
+- For major incidents, Semgrep's Security Research team now ships its own advisories ahead of third-party databases. KEVs are processed the same way as other vulnerabilities.
+
+## 💻 Semgrep Code
+
+### Changed
+
+- Diff-aware scans no longer require a prior full scan to produce PR or MR comments across GitHub, GitLab, Azure DevOps, Bitbucket Cloud, and Bitbucket Data Center.