Merge pull request #35 from sonukapoor/docs/readme-osv-endpoint

sonukapoor · web-flow · commit 7be3e055d360 · 2026-03-30T22:19:18.000-04:00
docs: document custom OSV endpoint support
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 <div align="center">
-  <img src="./assets/logo-with-title.png" alt="CVE Lite CLI" width="320"/>
+  <img src="https://github.com/sonukapoor/cve-lite-cli/blob/main/assets/logo-with-title.png" alt="CVE Lite CLI" width="320"/>
 
   <h1>CVE Lite CLI</h1>
   <p>Fast, developer-friendly vulnerability scanning for JavaScript and TypeScript projects.</p>
@@ -65,6 +65,9 @@ cve-lite /path/to/project --json
 
 # SARIF output
 cve-lite /path/to/project --sarif --output reports/scan.sarif
+
+# Use a custom advisory endpoint
+cve-lite /path/to/project --osv-url https://security.company.internal/osv
 ```
 
 ## What it looks like
@@ -96,16 +99,16 @@ cve-lite .
 ```
 
 <p align="center">
-  <img src="./assets/default-output.png" alt="CVE Lite CLI default output screenshot" width="900"/>
+  <img src="https://github.com/sonukapoor/cve-lite-cli/blob/main/assets/default-output.png" alt="CVE Lite CLI default output screenshot" width="900"/>
 </p>
 
 Verbose examples:
 
 <p align="center">
-  <img src="./assets/verbose-output-1.png" alt="CVE Lite CLI verbose output screenshot" width="900"/>
-  <img src="./assets/verbose-output-2.png" alt="CVE Lite CLI verbose output screenshot" width="900"/>
-  <img src="./assets/verbose-output-3.png" alt="CVE Lite CLI verbose output screenshot" width="900"/>
-  <img src="./assets/verbose-output-4.png" alt="CVE Lite CLI verbose output screenshot" width="900"/>
+  <img src="https://github.com/sonukapoor/cve-lite-cli/blob/main/assets/verbose-output-1.png" alt="CVE Lite CLI verbose output screenshot" width="900"/>
+  <img src="https://github.com/sonukapoor/cve-lite-cli/blob/main/assets/verbose-output-2.png" alt="CVE Lite CLI verbose output screenshot" width="900"/>
+  <img src="https://github.com/sonukapoor/cve-lite-cli/blob/main/assets/verbose-output-3.png" alt="CVE Lite CLI verbose output screenshot" width="900"/>
+  <img src="https://github.com/sonukapoor/cve-lite-cli/blob/main/assets/verbose-output-4.png" alt="CVE Lite CLI verbose output screenshot" width="900"/>
 </p>
 
 ## Why this tool exists
@@ -136,6 +139,7 @@ The project emphasizes:
 - direct vs transitive visibility
 - top-priority fixes and a suggested remediation plan
 - JSON and SARIF output for automation
+- configurable advisory endpoint support via `--osv-url` for internal proxies or mirrors
 - a small, reviewable runtime footprint
 
 That narrow scope is deliberate. CVE Lite CLI is not trying to be a full application security platform or a broad multi-surface scanner. It is trying to be a lightweight, understandable, developer-first tool for teams that want practical vulnerability scanning without extra cost or complexity.
@@ -176,7 +180,7 @@ Support for stricter network-controlled environments is planned on the roadmap,
 CVE Lite CLI is designed as a **local-first, metadata-only** scanner. Unlike traditional SaaS security platforms that require code uploads or heavy agent installations, this tool operates directly within the developer's environment. It focuses on the "moment of release"—providing a high-speed, low-noise assessment of the dependency tree by analyzing resolved versions in project lockfiles.
 
 <p align="center">
-  <img src="./assets/diagram.png" alt="CVE Lite CLI Workflow" width="800"/>
+  <img src="https://github.com/sonukapoor/cve-lite-cli/blob/main/assets/diagram.png" alt="CVE Lite CLI Workflow" width="800"/>
 </p>
 
 ### Workflow Specifications
