docs: add link to offline guide, rearrange order (#1633)

intel · Apr 12, 2022 · 9e32cd7 · 9e32cd7
1 parent a0bbdee
commit 9e32cd7
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -24,16 +24,19 @@ For more details, see our [documentation](https://cve-bin-tool.readthedocs.io/en
 - [CVE Binary Tool quick start / README](#cve-binary-tool-quick-start--readme)
   - [Installing CVE Binary Tool](#installing-cve-binary-tool)
   - [Most popular usage options](#most-popular-usage-options)
-    - [Using the tool offline](#using-the-tool-offline)
     - [Finding known vulnerabilities using the binary scanner](#finding-known-vulnerabilities-using-the-binary-scanner)
     - [Finding known vulnerabilities in a list of components](#finding-known-vulnerabilities-in-a-list-of-components)
     - [Scanning an SBOM file for known vulnerabilities](#scanning-an-sbom-file-for-known-vulnerabilities)
+    - [Using the tool offline](#using-the-tool-offline)
   - [Output Options](#output-options)
   - [Full option list](#full-option-list)
   - [Configuration](#configuration)
   - [Using CVE Binary Tool in GitHub Actions](#using-cve-binary-tool-in-github-actions)
   - [Binary checker list](#binary-checker-list)
   - [Language Specific checkers](#language-specific-checkers)
+    - [Java](#java)
+    - [Javascript](#javascript)
+    - [Python](#python)
   - [Limitations](#limitations)
   - [Requirements](#requirements)
   - [Feedback & Contributions](#feedback--contributions)
@@ -52,10 +55,6 @@ You can also do `pip install --user -e .` to install a local copy which is usefu
 
 ## Most popular usage options
 
-## Using the tool offline
-
-Specifying the `--offline` option when running a scan ensures that cve-bin-tool doesn't attempt to download the latest database files or to check for a newer version of the tool.
-
 ### Finding known vulnerabilities using the binary scanner
 
 To run the binary scanner on a directory or file:
@@ -89,6 +88,12 @@ cve-bin-tool  --sbom <sbom_filetype> --sbom-file <sbom_filename>
 Valid SBOM types are [SPDX](https://spdx.dev/specifications/),
 [CycloneDX](https://cyclonedx.org/specification/overview/), and [SWID](https://csrc.nist.gov/projects/software-identification-swid/guidelines).
 
+### Using the tool offline
+
+Specifying the `--offline` option when running a scan ensures that cve-bin-tool doesn't attempt to download the latest database files or to check for a newer version of the tool.
+
+Note that you will need to obtain a copy of the vulnerability data before the tool can run in offline mode. [The offline how-to guide contains more information on how to set up your database.](https://github.com/intel/cve-bin-tool/blob/main/doc/how_to_guides/offline.md)
+
 ## Output Options
 
 The CVE Binary Tool provides console-based output by default.  If you wish to provide another format, you can specify this and a filename on the command line using `--format`.  The valid formats are CSV, JSON, console, HTML and PDF.  The output filename can be specified using the `--output-file` flag.