docs: add default policies table

Signed-off-by: Parth Govale <[email protected]>

Author: Demolus13

README.md

@@ -11,7 +11,8 @@
 
 Use Macaron as a GitHub Action
 
-To use the Macaron GitHub Action, add the following step to your workflow:
+To use the Macaron GitHub Action, add the following step to your workflow (adjust the version as needed). In this example, we use an example policy. For detailed instructions and a comprehensive list of available options, please refer to the [Macaron GitHub Action documentation](https://oracle.github.io/macaron/pages/macaron_action.html).
+
 ```yaml
 - uses: oracle/[email protected]
   with:

docs/source/pages/macaron_action.rst

@@ -48,7 +48,7 @@ Inputs
 The action exposes a number of inputs which map directly to Macaron CLI
 options. Key inputs are listed below (see ``action.yaml`` for the full list):
 
-.. list-table:: Action inputs
+.. list-table::
    :header-rows: 1
    :widths: 20 60 20
 
@@ -81,10 +81,19 @@ options. Key inputs are listed below (see ``action.yaml`` for the full list):
      - Checkout options when analyzing a repository (branch name or commit
        digest).
      -
+   * - ``provenance_expectation``
+     - The path to provenance expectation file or directory.
+     -
+   * - ``provenance_file``
+     - The path to the provenance file in in-toto format.
+     -
    * - ``deps_depth``
      - Dependency resolution depth (how many levels of transitive dependencies
        to resolve).
      - ``0``
+   * - ``show_prelude``
+     - Shows the Datalog prelude for the database.
+     -
    * - ``github_token``
      - Token used by Macaron to access GitHub (for cloning, API access,
        etc.).
@@ -96,14 +105,17 @@ options. Key inputs are listed below (see ``action.yaml`` for the full list):
      - When ``true``, the action will attempt to upload a generated
        verification attestation (VSA) after policy verification.
      - ``false``
+   * - ``subject_path``
+     - Path to the artifact serving as the subject of the attestation.
+     - ``${{ github.workspace }}``
 
 Outputs
 -------
 
 The composite action exposes the following outputs (set by the
 ``run_macaron_policy_verification.sh`` script when applicable):
 
-.. list-table:: Action outputs
+.. list-table::
    :header-rows: 1
    :widths: 20 70
 
@@ -119,6 +131,35 @@ The composite action exposes the following outputs (set by the
        during verification, the action emits the string ``"VSA Not Generated."``
        instead of a path.
 
+Default Policies
+----------------
+
+Macaron provides policy templates to run pre-defined policies:
+
+.. list-table::
+   :header-rows: 1
+   :widths: 20 60 20
+
+   * - Policy name
+     - Description
+     - Template
+   * - ``check-github-actions``
+     - Detects whether a component was built using GitHub Actions that
+       are known to be vulnerable or otherwise unsafe. The policy
+       evaluates a check named `mcn_githubactions_vulnerabilities_1` and
+       reports a passed/failed result for the component when applied.
+     - `check-github-actions template <https://github.com/oracle/macaron/blob/main/src/macaron/resources/policies/datalog/check-github-actions.dl.template>`_
+   * - ``malware-detection``
+     - Checks a component for indicators of malicious or suspicious content.
+       The policy evaluates a check named mcn_detect_malicious_metadata_1
+       and reports a passed/failed result for the component when applied.
+     - `malware-detection template <https://github.com/oracle/macaron/blob/main/src/macaron/resources/policies/datalog/malware-detection.dl.template>`_
+   * - ``malware-detection-dependencies``
+     - Checks the component and its transitive dependencies for indicators
+       of malicious or suspicious content. The policy ensures the component
+       and each dependency pass the `mcn_detect_malicious_metadata_1` check.
+     - `malware-detection-dependencies template <https://github.com/oracle/macaron/blob/main/src/macaron/resources/policies/datalog/malware-detection-dependencies.dl.template>`_
+
 How the action works
 --------------------