From 386b4b6a2eeafe5736fbe065279bea071af66c3b Mon Sep 17 00:00:00 2001
From: Hayley Denbraver <denbraver@google.com>
Date: Wed, 8 Nov 2023 17:50:11 -0800
Subject: [PATCH] Update docs/usage.md

---
 docs/usage.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/usage.md b/docs/usage.md
index b719611fe0..83cea14f49 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -199,6 +199,8 @@ OSV-Scanner supports C/C++ projects.
 
 Because the C/C++ ecosystem does not have a centralized package manager, C/C++ dependencies tend to be bundled with the project. Dependencies are either [submoduled](#submoduled-dependencies) or [vendored](#vendored-dependencies). In either case, OSV-Scanner is able to find known vulnerabilities in your project dependencies. 
 
+OSV-Scanner's C/C++ support is based on commit-level data. OSV's commit-level data covers the majority of C/C++ vulnerabilities within the OSV database, but users should be aware that there may be vulnerabilities in their dependencies that could be excluded from OSV-Scanner results. Adding more commit-level data to the database is an ongoing project. 
+
 ### Submoduled dependencies
 
 Submoduled dependencies are included in the project folder retain their Git histories. To scan a C/C++ project with submoduled dependencies: