From 4a52ce3abacdd721bc837905784d7cc92c78af4f Mon Sep 17 00:00:00 2001
From: Aron Gunn <agunn@redhat.com>
Date: Tue, 28 May 2024 17:35:56 -0500
Subject: [PATCH 1/3] 5/28/24 - ritz303 : Updated the README and CONTRIBUTING
 docs

---
 CONTRIBUTING.md |  36 +++------------
 README.md       | 120 +++++++++++++++++++++++++++++++-----------------
 2 files changed, 83 insertions(+), 73 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 5d16a7f71..11cbb3204 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,33 +1,9 @@
-# How to contribute
+# How to give feedback and contribute
 
-Contributions are essential for keeping this extension great.
-We try to keep it as easy as possible to contribute changes and we are
-open to suggestions for making it even easier.
-There are only a few guidelines that we need contributors to follow.
+## Feedback
+<br >Your feedback is essential for keeping this extension great.
 
-## First Time Setup
-1. Install prerequisites:
-   * latest [Visual Studio Code](https://code.visualstudio.com/)
-   * [Node.js](https://nodejs.org/) v4.0.0 or higher
-2. Fork and clone the repository
-3. `cd fabric8-analytics-vscode-extension`
-4. Install the dependencies:
+If you have any questions or run into any problems, open an [issue](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/issues), and we will be happy to help however we can.
 
-	```bash
-	$ npm install
-	```
-5. Open the folder in VS Code
-
-## Run the extension locally
-
-1. Install `vsce` - A command line tool you'll use to publish extensions to the Extension Marketplace.
-    ```bash
-    $ npm install -g vsce@1.83.0
-    ```
-2. From root folder, run the below command.
-    ```bash
-    $ vsce package
-    ```
-3. `fabric8-analytics-<version>.vsix` file is created. Install it by following the instructions [here](https://code.visualstudio.com/docs/editor/extension-gallery#_install-from-a-vsix).
-
-> If you have any questions or run into any problems, please post an issue - we'll be very happy to help.
\ No newline at end of file
+## Contributing
+<br >At this time, we are not opening up this project to external contributions.
\ No newline at end of file
diff --git a/README.md b/README.md
index 136b1d119..c48a6bf9f 100644
--- a/README.md
+++ b/README.md
@@ -134,55 +134,89 @@ The default path is `/tmp/redhatDependencyAnalyticsReport.html`.
   
 - **Excluding dependencies with `exhortignore`**
 	<br >You can exclude a package from analysis by marking the package for exclusion.
-	If you want to ignore vulnerabilities for a dependency in a `pom.xml` file, you must add `exhortignore` as a comment against the dependency, group id, artifact id, or version scopes of that particular dependency in the manifest file.
-	For example:
+	How you exclude a package varies based on the your project's language:
 
-	```xml
-	<dependency> <!--exhortignore-->
-		<groupId>...</groupId>
-		<artifactId>...</artifactId>
-		<version>...</version>
-	</dependency>
-	```
+	- **XML**
+	<br >If you want to ignore vulnerabilities for a dependency in a `pom.xml` file, you must add `<!--exhortignore-->` to the end of the line as a comment against the dependency, group id, artifact id, or version scopes of that particular dependency in the manifest file.
+	For example:
+    
+	     ```xml
+	     <dependency> <!--exhortignore-->
+		     <groupId>...</groupId>
+		     <artifactId>...</artifactId>
+		     <version>...</version>
+	     </dependency>
+	    ```
+
+	- **JSON**
+	<br >If you wish to ignore vulnerabilities for a dependency in a `package.json` file, you must add `exhortignore` as a attribute-value pair.
+	The value for `exhortignore` is a list of comma-separated vulnerability IDs.
+	This list of vulnerabilities are ignored during analysis.
+	For example:
 
-	If you wish to ignore vulnerabilities for a dependency in a `package.json` file, you must add `exhortignore` as a attribute-value pair.
-	If `exhortignore` is followed by a list of comma-separated vulnerability IDs, only the listed vulnerabilities are ignored during analysis.
+	     ```json
+	     {
+		     "name": "sample",
+		     "version": "1.0.0",
+		     "description": "",
+		     "main": "index.js",
+		     "keywords": [],
+		     "author": "",
+		     "license": "ISC",
+		     "dependencies": {
+			     "dotenv": "^8.2.0",
+			     "express": "^4.17.1",
+			     "jsonwebtoken": "^8.5.1",
+			     "mongoose": "^5.9.18"
+		     },
+		     "exhortignore": [
+			     "jsonwebtoken"
+		     ]
+	     }
+	     ```
+
+	- **Go**
+	<br >If you want to ignore vulnerabilities for a dependency in a `go.mod` file, you must add `// exhortignore` to the end of the line as a comment against the dependency in the manifest file.
 	For example:
 
-	```json
-	{
-		"name": "sample",
-		"version": "1.0.0",
-		"description": "",
-		"main": "index.js",
-		"keywords": [],
-		"author": "",
-		"license": "ISC",
-		"dependencies": {
-			"dotenv": "^8.2.0",
-			"express": "^4.17.1",
-			"jsonwebtoken": "^8.5.1",
-			"mongoose": "^5.9.18"
-		},
-		"exhortignore": [
-			"jsonwebtoken"
-		]
-	}
-	```
+	     ```go
+	     require (
+		     golang.org/x/sys v1.6.7 // exhortignore
+	     )
+	     ```
 
-	If you want to ignore vulnerabilities for a dependency in a `go.mod` file, you must add `exhortignore` as a comment against the dependency in the manifest file.
+	- **Python**
+	<br >If you want to ignore vulnerabilities for a dependency in a `requirements.txt` file, you must add `# exhortignore` to the end of the line as a comment against the dependency in the manifest file.
 	For example:
-	```
-	require (
-		golang.org/x/sys v1.6.7 // exhortignore
-	)
-	```
 
-	If you want to ignore vulnerabilities for a dependency in a `requirements.txt` file, you must add `exhortignore` as a comment against the dependency in the manifest file.
+	     ```python
+	     requests==2.28.1 # exhortignore
+	     ```
+
+	- **Gradle**
+    <br >If you want to ignore vulnerabilities for a dependency in a `build.gradle` file, you must add `// exhortignore` to the end of the line as a comment against the dependency in the manifest file.
 	For example:
-	```
-	requests==2.28.1 # exhortignore
-	```
+
+	     ```gradle
+	     plugins {
+	     id 'java'
+	     }
+
+	     group = 'groupName'
+	     version = 'version'
+     
+	     repositories {
+		     mavenCentral()
+	     }
+     
+	     dependencies {
+		     implementation "groupId:artifactId:version" // exhortignore
+	     }
+     
+	     test {
+		     useJUnitPlatform()
+	     }
+	     ```
 
 - **Excluding developmental or test dependencies**
 	<br >Red Hat Dependency Analytics does not analyze dependencies marked as `dev` or `test`, these dependencies are ignored.
@@ -221,9 +255,9 @@ The default path is `/tmp/redhatDependencyAnalyticsReport.html`.
 	}
 	```
 
-	For example, setting `exclude` attributte in the `go.mod` file:
+	For example, setting the `exclude` attribute in the `go.mod` file:
 
-	```
+	```go
 	exclude golang.org/x/sys v1.6.7
 
 	exclude (

From 5fd41efb72bf5e4cb630e5dc54091a6095269353 Mon Sep 17 00:00:00 2001
From: Aron Gunn <agunn@redhat.com>
Date: Wed, 29 May 2024 10:57:30 -0500
Subject: [PATCH 2/3] 5/29/24 - ritz303 : Edits from SME review

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c48a6bf9f..108e19149 100644
--- a/README.md
+++ b/README.md
@@ -136,7 +136,7 @@ The default path is `/tmp/redhatDependencyAnalyticsReport.html`.
 	<br >You can exclude a package from analysis by marking the package for exclusion.
 	How you exclude a package varies based on the your project's language:
 
-	- **XML**
+	- **Maven**
 	<br >If you want to ignore vulnerabilities for a dependency in a `pom.xml` file, you must add `<!--exhortignore-->` to the end of the line as a comment against the dependency, group id, artifact id, or version scopes of that particular dependency in the manifest file.
 	For example:
     
@@ -148,7 +148,7 @@ The default path is `/tmp/redhatDependencyAnalyticsReport.html`.
 	     </dependency>
 	    ```
 
-	- **JSON**
+	- **Node**
 	<br >If you wish to ignore vulnerabilities for a dependency in a `package.json` file, you must add `exhortignore` as a attribute-value pair.
 	The value for `exhortignore` is a list of comma-separated vulnerability IDs.
 	This list of vulnerabilities are ignored during analysis.

From c1eed3ef4cf338fad7c657ae8c19f7b2ae1963ce Mon Sep 17 00:00:00 2001
From: Aron Gunn <agunn@redhat.com>
Date: Wed, 29 May 2024 11:00:19 -0500
Subject: [PATCH 3/3] 5/29/24 - ritz303 : Updated the important note

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 108e19149..ccfb98e34 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ The Red Hat Dependency Analytics extension uses vulnerability data sources for t
 Red Hat Dependency Analytics only accesses your manifest files to analyze your application dependencies before displaying the vulnerability report.
 
 **IMPORTANT:**
-<br >Currently, Red Hat Dependency Analytics only supports projects that use Maven (`mvn`), Node (`npm`), Golang (`go mod`) and Python (`pip`) ecosystems.
+<br >Currently, Red Hat Dependency Analytics only supports projects that use Maven (`mvn`), Node (`npm`), Golang (`go mod`), Python (`pip`), and Gradle (`gradle`) ecosystems.
 In future releases, Red Hat plans to support other programming languages.
 
 ##### Table of Contents