Add disclaimer on Debian scanning. (#65)

google · Dec 16, 2022 · 5589423 · 5589423
1 parent c16b770
commit 5589423
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -112,14 +112,16 @@ A wide range of lockfiles are supported by utilizing this [lockfile package](htt
 $ go run ./cmd/osv-scanner --lockfile=/path/to/your/package-lock.json -L /path/to/another/Cargo.lock
 ```
 
-### Scanning a Debian based docker image packages
+### Scanning a Debian based docker image packages (preview)
 
 This tool will scrape the list of installed packages in a Debian image and query for vulnerabilities on them.
 
 Currently only Debian based docker image scanning is supported.
 
 Requires `docker` to be installed and the tool to have permission calling it.
 
+This currently does not scan the filesystem of the Docker container, and has various other limitations. Follow [this issue](https://github.com/google/osv-scanner/issues/64) for updates on container scanning! 
+
 #### Example
 
 ```bash