diff --git a/content/en/news/security-bulletins/_index.md b/content/en/news/security-bulletins/_index.md
index d11fdc2e6..448e788ad 100644
--- a/content/en/news/security-bulletins/_index.md
+++ b/content/en/news/security-bulletins/_index.md
@@ -14,6 +14,10 @@ If you run a security scan on Kiali software that automatically generates a list
 
 Kiali releases every three weeks and so generally resolves CVEs in new releases only.  Golang vulnerabilities are typically resolved in a timely way, as the Go version for release builds increments fairly often. Occasionally, critical CVEs may be resolved in patch releases for supported versions.  Additionally, not every CVE reported against a Kiali dependency is actually a vulnerability.  For reported CVEs that are proven not to affect Kiali, see the table below:
 
+<!--
+The table data is located at data/security/cve.yaml
+The table layout HTML is located at layout/shortcodes/security-cve-table.html
+ -->
 {{<security-cve-table>}}
 
 <br />
diff --git a/data/security/cve.yaml b/data/security/cve.yaml
index a92d37dbc..108d94f0b 100644
--- a/data/security/cve.yaml
+++ b/data/security/cve.yaml
@@ -1,4 +1,7 @@
 # The Reported Kiali CVEs for which Kiali is confirmed to not be vulnerable
+# The table layout HTML is located at layouts/shortcodes/security-cve-table.html
+# The table is used in content/en/news/security-bulletins/_index.md
+# The HTML tag to insert the data table is <security-cve-table>
 versionRange:
   - cve: "CVE-2024-33599"
     severity: high
diff --git a/layouts/shortcodes/security-cve-table.html b/layouts/shortcodes/security-cve-table.html
index 10d319fe7..77b237a1c 100644
--- a/layouts/shortcodes/security-cve-table.html
+++ b/layouts/shortcodes/security-cve-table.html
@@ -1,5 +1,9 @@
 {{ $data := index .Site.Data.security.cve }}
 
+<!--
+The table data is located at data/security/cve.yaml
+The table is used in content/en/news/security-bulletins/_index.md
+ -->
 <table>
   <thead>
     <tr style="border-bottom: 1px solid #ddd">