Documentation: Please expand what param: gitHubConnection should be

[tlogik]

Hi.
In the process of wanting to test your extension and im going thru your documentation.
Most fields are self explanatory however the input param:
gitHubConnection: 'GitHub Advisory Database Connection'*
is very unclear.

The Microsoft SBOM CLI tool does not require this information so could you please elaborate on the purpose and how to use it?

Thanks a lot

Note: It really looks like great work you have done - Thanks for leveraging the MS SBOM cli and adding more features for Azure Devops - Kudos 👍

[rhyskoedijk]

@tlogik the GitHub connection is optional and only required if you are using fetchSecurityAdvisories: true and want the DevOps extension to check your scanned dependencies for security advisories. If you don't require this feature, you can omit it.

The connection/token is required to query the GitHub GraphQL API and to access data from the GitHub Advisory Database.

If you want use this feature, create a service connection, select GitHub as the connection type, use "Personal Access Token" (PAT) as the authentication method.

You can generate a GitHub PAT here:
https://github.com/settings/personal-access-tokens

Your PAT does not require any special permissions, just select "Public Repositories (read-only)"; This is the least permissive option possible.

[tlogik]

Hi @rhyskoedijk
Thanks for the updated info