Add documentation for the configuration.

docs/configuration.md

@@ -9,8 +9,6 @@ nav_order: 5
 
 To configure scanning, place an osv-scanner.toml file in the scanned file's directory. To override this osv-scanner.toml file, pass the `--config=/path/to/config.toml` flag with the path to the configuration you want to apply instead.
 
-Currently, there is only 1 option to configure:
-
 ## Ignore vulnerabilities by ID
 
 To ignore a vulnerability, enter the ID under the `IgnoreVulns` key. Optionally, add an expiry date or reason.
@@ -30,3 +28,23 @@ reason = "No external http servers are written in Go lang."
 ```
 
 Ignoring a vulnerability will also ignore vulnerabilities that are considered aliases of that vulnerability.
+
+## Override specific package
+
+To ignore a specific a package, or manually set its license, enter the package name and ecosystem under the `PackageOverrides` key.
+
+```toml
+[[PackageOverrides]]
+# The package name, version, and ecosystem to match against
+name = "lib"
+# If version is not set or empty, it will match every version
+version = "1.0.0"
+ecosystem = "Go"
+# Ignore this package entirely, including license scanning
+ignore = true
+# Override the license of the package
+# This is not used if ignore = true
+license.override = ["MIT", "0BSD"]
+# effectiveUntil = 2022-11-09 # Optional exception expiry date
+reason = "abc"
+```

docs/license-scanning.md

@@ -58,3 +58,9 @@ Your command would be in this form:
 ```bash
 osv-scanner --experimental-licenses="BSD-3-Clause,Apache-2.0,MIT" path/to/directory
 ```
+
+## Override License
+
+Sometimes, the license either cannot be retrieved, or does not apply to your specific use. In those cases, you can override the license of a specific package by setting it in the config file.
+
+See the [configuration docs](./configuration.md) for how to do this.