From b050a1a6033f91e1110a5aa7a1ae17a7c8c38207 Mon Sep 17 00:00:00 2001
From: Haoxi Tan <h4sh5@pm.me>
Date: Tue, 6 Jun 2023 01:55:09 +1000
Subject: [PATCH] better docs

---
 README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cb2c13502..0294398bf 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,13 @@
 # pypi auto scanner
 
-A github action that fetches the latest pypi packages and scans them. Report any issues found in issues.
+A github action that fetches the latest pypi packages and scans them using semgrep rules in [h4sh-semgrep-rules](https://github.com/h4sh5/h4sh-semgrep-rules). Currently stores the JSON report in github action artifacts.
+
+## Fetching the latest report
+
+You will need a Github API token to do this. Export the token to `GH_TOKEN` by running `export GH_TOKEN=ghp...`
+
+Then run `./fetch_latest_report.sh` and `unzip report.zip`
+
+You can parse the JSON report for stuff using `parse-semgrep-json.py` as an example.