Update docs

README.md

@@ -14,6 +14,17 @@ source dependencies and evaluate them against organizational policies.
 
 ## TL;DR
 
+Scan a repository for OSS dependency risks with auto-detection of package
+manifests
+
+```bash
+vet scan -D /path/to/repo
+```
+
+![vet Summary Demo](docs/images/vet-summary-demo.png)
+
+## Getting Started
+
 > Ensure `$(go env GOPATH)/bin` is in your `$PATH`
 
 Install using `go get`
@@ -57,6 +68,12 @@ vet scan --lockfiles /path/to/requirements.txt
 vet scan --lockfiles /path/to/package-lock.json
 ```
 
+or scan a supported package manifest with a non-standard name
+
+```bash
+vet scan --lockfiles /path/to/gradle-compileOnly.lock --lockfile-as gradle.lockfile
+```
+
 > Use `vet scan parsers` to list supported package manifest parsers
 
 The default scan uses an opinionated [Summary Reporter](#) which presents
@@ -98,6 +115,21 @@ vet scan -D /path/to/dir --filter-suite /path/to/suite.yml --filter-fail
 
 Read more about filter suites in [filtering guide](docs/filtering.md)
 
+## Exceptions Management
+
+Exception rules can be generated using the `query` workflow to temporarily
+ignore (or snooze) existing issues when using `vet` for the first time. This
+helps in establishing security gating to prevent introduction of new security
+issues while existing issues are being remediated.
+
+Use exception rules during scan to ignore specific packages
+
+```bash
+vet scan -D /path/to/repo -e /path/to/exceptions.yml
+```
+
+For more information, refer to [exceptions guide](docs/exceptions.md)
+
 ## FAQ
 
 ### How do I disable the stupid banner?

docs/exceptions.md

@@ -64,6 +64,9 @@ various commands such as `scan` or `query`.
 ./vet --exceptions /path/to/exceptions.yml scan -D /path/to/repo
 ```
 
+> **Note:** Do not pass this flag while generating exceptions list in query
+> workflow to avoid incorrect exception list generation
+
 ## Behaviour
 
 * All exceptions rules are applied only on a `Package`

pkg/analyzer/exceptions_generator.go

@@ -8,6 +8,7 @@ import (
 	"github.com/safedep/dry/utils"
 	"github.com/safedep/vet/gen/exceptionsapi"
 	"github.com/safedep/vet/pkg/analyzer/filter"
+	"github.com/safedep/vet/pkg/common/logger"
 	"github.com/safedep/vet/pkg/models"
 	"github.com/safedep/vet/pkg/readers"
 )
@@ -50,6 +51,9 @@ func NewExceptionsGenerator(config ExceptionsGeneratorConfig) (Analyzer, error)
 		return nil, err
 	}
 
+	logger.Infof("Initialized exceptions generator with filter: '%s' expiry: %s",
+		config.Filter, expiresOn.Format(time.RFC3339))
+
 	return &exceptionsGenerator{
 		writer:          fd,
 		filterEvaluator: filterEvaluator,
@@ -91,6 +95,8 @@ func (f *exceptionsGenerator) Finish() error {
 	}
 
 	for _, pkg := range f.pkgCache {
+		logger.Infof("Adding %s to exceptions list", pkg.ShortName())
+
 		suite.Exceptions = append(suite.Exceptions, &exceptionsapi.Exception{
 			Id:        utils.NewUniqueId(),
 			Ecosystem: string(pkg.Ecosystem),

pkg/exceptions/utils.go

@@ -18,6 +18,8 @@ func AllowedPackages(manifest *models.PackageManifest,
 		}
 
 		if res.Matched() {
+			logger.Debugf("Ignoring package:%s due to exception rule",
+				pkg.ShortName())
 			continue
 		}