docs(): updated readme

Checkmarx · Feb 11, 2021 · dfe23a3 · dfe23a3
1 parent 50f45f1
commit dfe23a3
Showing 1 changed file with 22 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -25,12 +25,32 @@ Arguments
 DustiLock started
 scanning directory "/tmp/code" (recursive=true) ...
 error - npm package "private-org-infra" is available for public registration. /tmp/code/test-project/package.json
-one or more packages is available for public registration
+one or more packages are available for public registration
+```
+
+### Using in GitHub Actions
+
+Add the following to your workflow file as a step:
+```
+- name: DustiLock
+  uses: dustico/dusti-lock@v1.0.0
+```
+
+If needed, you can customize it like so:
+```
+- name: DustiLock
+  uses: dustico/dusti-lock@v1.0.0
+  with:
+    recursive: true
+    path: my-nested-project
+    # disable failing the build when having alerts (default = false)
+    audit: true
 ```
 
 ### How to Deal With Vulnerable Packages?
 To mitigate the risk, you need to register a dummy placeholder package with the same names as your internal packages (if any), to prevent such an attack. When registered, do use a low version number (e.g. 0.0.1), so it won't be used instead of your internal package. 
 
+If you need any assistance, you're welcome to contact us at - research@dusti.co
 
 ### Languages Support
 At this moment, this tool can check:
@@ -43,4 +63,4 @@ Stay tuned and if possible please submit a PR to add more languages support
 ### Credits
 
 - Alex Birsan for sharing [his research](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610) and helping to secure the open-source supply-chain.
-- https://github.com/davidfischer/requirements-parser for examples on python requirements.txt dependencies
+- https://github.com/davidfischer/requirements-parser for examples on python requirements.txt dependencies