From 89a074ec7e84aa2b8c24cd9b5cdc2b5125448a66 Mon Sep 17 00:00:00 2001 From: Courtney Claessens Date: Thu, 10 Nov 2022 19:59:21 -0500 Subject: [PATCH] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6aa4f2d..b3b9be1 100644 --- a/README.md +++ b/README.md @@ -69,8 +69,8 @@ Configure this action by either inlining these options in your workflow file or | Option | Usage | Possible values | Default value | |-----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|---------------| | `fail-on-severity` | Defines the threshold for level of severity. The action will fail on any pull requests that introduce vulnerabilities of the specified severity level or higher. | `low`, `moderate`, `high`, `critical` | `low` | -| `allow-licenses`* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any `spdx_id` value(s) from the [Licenses API](https://docs.github.com/en/rest/licenses) | none | -| `deny-licenses`* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any `spdx_id` value(s) from the [Licenses API](https://docs.github.com/en/rest/licenses) | none | +| `allow-licenses`* | Contains a list of allowed licenses. The action will fail on pull requests that introduce dependencies with licenses that do not match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none | +| `deny-licenses`* | Contains a list of prohibited licenses. The action will fail on pull requests that introduce dependencies with licenses that match the list. | Any [SPDX-compliant identifier(s)](https://spdx.org/licenses/) | none | | `fail-on-scopes`† | Contains a list of strings of the build environments you want to support. The action will fail on pull requests that introduce vulnerabilities in the scopes that match the list. | `development`, `runtime`, `unknown` | `runtime` | | `allow-ghsas` | Contains a list of GitHub Advisory Database IDs that can be skipped during detection. | Any GHSAs from the [GitHub Advisory Database](https://github.com/advisories) | none | | `license-check` | Enable or disable the license check performed by the action. | `true`, `false` | `false` |