Add FAQ entry for pipenv support (#28)

* add faq entry for pipenv support * Apply suggestions from code review Co-authored-by: Dustin Ingram <di@users.noreply.github.com> Co-authored-by: William Woodruff <william@yossarian.net> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
pypa · Sep 6, 2022 · 2e33274 · 2e33274
1 parent fc80c9a
commit 2e33274
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@ with support from Google. This is not an official Google or Trail of Bits produc
 * [Configuration](#configuration)
   * [⚠️ Internal options ⚠️](#internal-options)
 * [Troubleshooting](#troubleshooting)
+* [Tips and Tricks](#tips-and-tricks)
 * [Licensing](#licensing)
 * [Code of Conduct](#code-of-conduct)
 
@@ -358,6 +359,34 @@ in the virtual environment should be included:
     local: true
 ```
 
+## Tips and Tricks
+
+### Running against a pipenv project
+
+If you are adding `pip-audit` to a pipenv based project, you'll first need
+to convert the `Pipfile[.lock]` to a `requirements.txt` file that `pip-audit`
+can ingest. Use a Python tool, such as
+[`pipfile-requirements`](https://github.com/frostming/pipfile-requirements), to
+convert your `Pipfile[.lock]` to a `requirements.txt` file and then run
+`pip-audit` GitHub Action against the generated requirements file.
+
+```yaml
+jobs:
+  pip-audit:
+    steps:
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.9  # change to your required version of Python
+
+      - name: 'Generate requirements.txt'
+        run: |
+          pipx run pipfile-requirements Pipfile.lock > requirements.txt
+
+      - uses: pypa/gh-action-pip-audit@v1.0.0
+        with:
+          inputs: requirements.txt
+```
+
 ## Licensing
 
 `gh-action-pip-audit` is licensed under the Apache 2.0 License.