README: add provisional GCS bucket link
Change-Id: I6a8e08cb89341e33dba0c9cee94cc26e93a1ac59
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1061625
Reviewed-by: Roland Shoemaker <bracewell@google.com>
diff --git a/README.md b/README.md
index 81fd419..e411786 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,21 @@
Neither the code, nor the data, nor the existence of this repository is to be
considered stable until an approved proposal.
-**Important**: vulnerability entries in this repository are represented in an
-internal, unstable format that can and will change without notice. The database
-will also be available in an interoperable, stable JSON format soon.
+**Important: vulnerability entries in this repository are represented in an
+internal, unstable format that can and will change without notice.**
+
+## Consuming database entries
+
+Database clients must not rely on the contents of this repository. Instead, they
+can access the tree of JSON entries rooted at
+
+https://storage.googleapis.com/go-vulndb/
+
+An `index.json` file maps package names to last modified timestamps. For each
+package name, a `NAME.json` file contains a list of vulnerability entries.
+
+Note that this path and format are provisional and likely to change until an
+approved proposal.
## Packages
@@ -30,5 +42,6 @@
Unless otherwise noted, the Go source files are distributed under
the BSD-style license found in the LICENSE file.
-The database contents in `reports/` are distributed under the terms of the
+Database entries available at https://storage.googleapis.com/go-vulndb/ are
+distributed under the terms of the
[CC-BY 4.0](https://creativecommons.org/licenses/by/4.0/) license.
