Merge pull request #2 from pyupio/feat/update-readme

Update README.md
pyupio · Feb 1, 2024 · 045e12f · 045e12f
2 parents 65907f9 + 6c4591f
commit 045e12f
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/multi-ecosystem/README.md b/multi-ecosystem/README.md
@@ -1,6 +1,12 @@
 # Using Safety as a GitHub Action
 
-Support for JavaScript dependency scanning in Safety CLI 3 is being rolled out, first to specific customers and then to the larger Safety community. Please read the following [guide](https://docs.safetycli.com/safety-cli-javascript/safety-cli-3/safety-cli-3-with-javascript-support) to know more about the current features and limitations. 
+Support for JavaScript dependency scanning in Safety CLI 3 is being rolled out, first to specific customers and then to the larger Safety community. Please read the following [guide](https://docs.safetycli.com/safety-cli-javascript/safety-cli-3/safety-cli-3-with-javascript-support) to learn more about the current features and limitations. 
+
+Specifically, running this Action in your workflow requires:
+
+* That your Safety CLI policy file is version 3.1 - you can check this by opening the file. If you are using an older policy file read our [guide](https://docs.safetycli.com/safety-cli-javascript/safety-cli-3/safety-cli-3-with-javascript-support) for upgrading to 3.1
+* For JavaScript package vulnerability scans, enable JavaScript scanning in your 3.1 version policy file (it is disabled by default)
+* Setting the `SAFETY_API_KEY` secret in GitHub your project Settings -> Secrets -> Actions. All accounts (including free forever) give you access to an API key
 
 Safety can be integrated into your existing GitHub CI pipeline as an action. Just add the following as a step in your workflow YAML file after setting your `SAFETY_API_KEY` secret on GitHub under Settings -> Secrets -> Actions:
 
@@ -14,4 +20,4 @@ Safety can be integrated into your existing GitHub CI pipeline as an action. Jus
 
 This will run Safety scan and It'll fail your CI pipeline if any vulnerable packages are found.
 
-If you have something more complicated such as a monorepo; or once you're finished testing, read the [Documentation](https://docs.safetycli.com/) for more details on configuring Safety as an action.
+If you have something more complicated such as a monorepo; or once you're finished testing, read the [Documentation](https://docs.safetycli.com/) for more details on configuring Safety CLI as an action, and specifically [configuring Safety](https://docs.safetycli.com/safety-docs/administration/safety-policy-files).