Merge pull request #6 from google/update-readme

Update readme to include instructions using the new starter workflow
google · Apr 16, 2024 · 57ddf9f · 57ddf9f
2 parents 02e3f2d + d34b90f
commit 57ddf9f
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -28,39 +28,33 @@ Scanning your project on each pull request can help you keep vulnerabilities out
 
 ## Installation
 
-<!-- The OSV-Scanner GitHub Action can be [automatically](#automatic-installation) or [manually](#manual-installation) installed.  -->
+The OSV-Scanner GitHub Action can be [automatically](#automatic-installation) or [manually](#manual-installation) installed.
 
-<!-- ### Automatic installation
+### Automatic installation
 
 1) From your GitHub project's main page, click “Actions” tab in the navigation bar.
 
 ![Select the actions tab on the repository navigation bar.](./images/actions-tab.png)
 
-2) Scroll to the "Security actions" section and click on "View all". This will take you to a url in the form `https://www.github.com/{username}/{repository}/actions/new?category=security`
-
-![Image indicates the location of the security actions section and the "view all" link.](./images/security-actions.png)
-
-3) Search for "OSV-Scanner".
+2) Search for "OSV".
 
 ![Image shows the GitHub Actions search bar.](./images/osv-scanner-search.png)
 
-4) Choose the "OSV-Scanner" from the list of workflows, and then click “Configure”.
+3) Choose the "OSV Scanner" from the list of workflows, and then click “Configure”.
 
-TODO: Insert image
-
-5) Commit the changes.
+![Image shows OSV Scanner workflow after searching](./images/osv-scanner-configure.png)
 
-TODO: Insert image
-
-6) Configure the workflow
+4) Configure the workflow
 
 The automatically installed GitHub Action includes functionality for both a [scheduled scan](#scheduled-scan) and a [scan on pull request](#scan-on-pull-request).
 
 If you only want a scheduled scan, you can comment out the "scan-pr" job and only run the action on "schedule" and on "push".
 
 If you only want to run a scan on pull request, you can comment out the "scan-scheduled" job and only run the action on "pull request" and "merge group".
 
-If you want both, you can leave the action as is. If you want these functionalities to be seperate for tracking purposes, we recommend following the [manual installation instructions](#manual-installation).  -->
+If you want both, you can leave the action as is. If you want these functionalities to be separate for tracking purposes, we recommend following the [manual installation instructions](#manual-installation).
+
+5) Commit the changes.
 
 ### Manual installation
 

diff --git a/images/actions-tab.png b/images/actions-tab.png
diff --git a/images/osv-scanner-configure.png b/images/osv-scanner-configure.png
diff --git a/images/osv-scanner-search.png b/images/osv-scanner-search.png
diff --git a/images/security-actions.png b/images/security-actions.png