docs: add sample configuration file (#82)

Author: becojo

.poutine.sample.yml

@@ -0,0 +1,40 @@
+# When using analyze_org, ignore forked repositories in the organization
+# default: false
+ignoreForks: true
+
+# Skip findings if any rules in this list matches the finding's properties.
+# Each rule can have the following keys: job, level, osv_id, path, purl, rule.
+# The value of each key is a string or a list of strings.
+# default: []
+skip:
+
+
+skipExamples:
+# skip findings by rule level (one of: note, warning, error)
+- level: note
+
+# skip findings at a given path
+- path: .github/workflows/safe.yml
+
+# skip findings of a given rule
+- rule: unpinnable_action
+
+# skip findings of a rule at given paths
+- rule: pr_runs_on_self_hosted
+  path:
+  - .github/workflows/pr.yml
+
+# skip findings of a rule about a list of packages
+- rule: github_action_from_unverified_creator_used
+  purl:
+  - pkg:githubactions/dorny/paths-filter
+  - pkg:githubactions/golangci/golangci-lint-action
+
+# skip findings of a rule for a list of repositories
+- rule: pr_runs_on_self_hosted
+  purl:
+  - pkg:github/org/repo
+
+# skip findings by OSV ID
+- osv_id:
+  - GHSA-mcph-m25j-8j63

README.md

@@ -102,9 +102,12 @@ poutine analyze_org my-org/project --token "$GL_TOKEN" --scm gitlab --scm-base-u
 --scm            SCM platform (default: github, gitlab)
 --scm-base-uri   Base URI of the self-hosted SCM instance
 --threads        Number of threads to use (default: 2)
+--config         Path to the configuration file (default: .poutine.yml)
 --verbose        Enable debug logging
 ```
 
+See [.poutine.sample.yml](.poutine.sample.yml) for an example configuration file.
+
 ## Building from source
 
 Building `poutine` requires Go 1.22.