Document skip configuration for acknowledging findings (#364)

* Document skip configuration for acknowledging findings

Add "Acknowledging Findings" section to README.md to improve
discoverability of the existing skip configuration feature.
This allows users to suppress false positives or accepted risks.

Includes:
- Use case explanations for when to skip findings
- Complete documentation of all filter options (job, level, path,
  rule, purl, osv_id)
- Practical examples showing how to skip by severity level,
  workflow path, and rule name

Fixes #40

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Document --skip command-line flag for acknowledging findings

Add documentation for the --skip command-line flag in both the Configuration
Options section and the Acknowledging Findings section. Clarify that the
command-line flag only supports skipping rules globally by name, while the
configuration file supports granular filtering by job, path, level, etc.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

---------

Co-authored-by: François Proulx <[email protected]>
Co-authored-by: Claude <[email protected]>

Author: 3 people

README.md

@@ -104,14 +104,15 @@ poutine analyze_org my-org/project --token "$GL_TOKEN" --scm gitlab --scm-base-u
 
 ### Configuration Options
 
-``` 
+```
 --token          SCM access token (required for the commands analyze_repo, analyze_org) (env: GH_TOKEN)
 --format         Output format (default: pretty, json, sarif)
 --ignore-forks   Ignore forked repositories in the organization(analyze_org)
 --scm            SCM platform (default: github, gitlab)
 --scm-base-url   Base URI of the self-hosted SCM instance
 --threads        Number of threads to use (default: 2)
 --config         Path to the configuration file (default: .poutine.yml)
+--skip           Add rules to the skip list for the current run (can be specified multiple times)
 --verbose        Enable debug logging
 ```
 
@@ -194,6 +195,68 @@ For more examples, see:
 - Built-in rules in [opa/rego/rules/](./opa/rego/rules/) directory
 - [.poutine.sample.yml](.poutine.sample.yml) - Configuration examples
 
+### Acknowledging Findings
+
+`poutine` supports skipping (acknowledging) specific findings that are not relevant in your context. This can be useful when:
+- A finding is a false positive
+- The security concern has been addressed through other means (e.g., hardened self-hosted runners)
+- You've accepted the risk for a particular finding
+
+To acknowledge findings, you can either:
+1. Add a `skip` section to your `.poutine.yml` configuration file
+2. Use the `--skip` command-line flag (e.g., `--skip rule_name`) for one-time skipping
+
+#### Configuration File
+
+Add a `skip` section to your `.poutine.yml` configuration file. Each skip rule can filter findings by:
+- `job`: Filter by job name
+- `level`: Filter by severity level (note, warning, error)
+- `path`: Filter by workflow file path
+- `rule`: Filter by rule name
+- `purl`: Filter by package URL
+- `osv_id`: Filter by OSV ID
+
+Example configuration:
+
+```yaml
+skip:
+  # Skip all note-level findings
+  - level: note
+
+  # Skip findings in a specific workflow
+  - path: .github/workflows/safe.yml
+
+  # Skip a specific rule everywhere
+  - rule: unpinnable_action
+
+  # Skip a rule for specific workflows
+  - rule: pr_runs_on_self_hosted
+    path:
+      - .github/workflows/pr.yml
+      - .github/workflows/deploy.yml
+
+  # Skip findings for specific packages
+  - rule: github_action_from_unverified_creator_used
+    purl:
+      - pkg:githubactions/dorny/paths-filter
+```
+
+For more examples, see [.poutine.sample.yml](.poutine.sample.yml).
+
+#### Command Line
+
+You can also skip rules on the command line using the `--skip` flag. Note that the command-line flag only supports skipping rules by name globally and does not support the granular filtering options (job, path, level, etc.) available in the configuration file.
+
+```bash
+# Skip a single rule globally
+poutine analyze_repo org/repo --skip unpinnable_action
+
+# Skip multiple rules globally
+poutine analyze_repo org/repo --skip unpinnable_action --skip pr_runs_on_self_hosted
+```
+
+This is useful for one-time analysis or when you want to temporarily ignore specific rules without modifying your configuration file. For more granular control (e.g., skipping a rule only in specific workflows), use the configuration file instead.
+
 ## AI Coding Assistant Integration (MCP)
 
 `poutine` can be integrated with AI coding assistants like Claude Code, Gemini, etc. through the Model Context Protocol (MCP). This allows AI assistants to analyze repositories and validate CI/CD pipelines directly from your development environment.