Update docs

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
CycloneDX · Oct 27, 2023 · 5cc0b90 · 5cc0b90
1 parent 4349495
commit 5cc0b90
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/docs/ADVANCED.md b/docs/ADVANCED.md
@@ -156,20 +156,26 @@ To generate an SBOM with evidence for a java project.
 evinse -i bom.json -o bom.evinse.json <path to the application>
 ```
 
-By default, only occurrence evidences are determined by creating usages slices. To generate callstack evidence, pass either `--with-data-flow` or `--with-reachables`.
+By default, only occurrence evidence is determined by creating usages slices. To generate callstack evidence, pass either `--with-data-flow` or `--with-reachables`.
 
 #### Reachability-based call stack evidence
 
 atom supports reachability-based evidence generation for Java, JavaScript, and TypeScript applications. Reachability refers to data flows that originate from entry points (sources) ending at a sink (which are invocations to external libraries). The technique used is called "Forward-Reachability".
 
-Two necessary prerequisites for this slicing mode are that the input SBOM must be generated with cdxgen and in deep mode (only for java, jars type) and must be placed within the application directory.
+Two necessary prerequisites for this slicing mode are that the input SBOM must be generated with cdxgen and in deep mode (only for java, jars, python type) and must be placed within the application directory.
 
 ```shell
 cd <path to the application>
 cdxgen -t java --deep -o bom.json .
 evinse -i bom.json -o bom.evinse.json -l java --with-reachables .
 ```
 
+```shell
+cd <path to the application>
+cdxgen -t python --deep -o bom.json .
+evinse -i bom.json -o bom.evinse.json -l python --with-reachables .
+```
+
 For JavaScript and TypeScript applications, deep mode is optional.
 
 ```shell
@@ -202,6 +208,12 @@ For JavaScript or TypeScript projects, pass `-l javascript`.
 evinse -i bom.json -o bom.evinse.json --usages-slices-file usages.json --data-flow-slices-file data-flow.json -l javascript --with-data-flow <path to the application>
 ```
 
+For Python with cached usages and reachables file.
+
+```shell
+evinse -i bom.json -o bom.evinse.json --usages-slices-file usages.json --reachables-slices-file reachables.json -l python --with-reachables <path to the application>
+```
+
 ## Generate SBOM from maven or gradle cache
 
 There could be Java applications with complex dependency requirements. Or you might be interested in cataloging your Maven or gradle cache.