Attestation single project, recommendation & bug logging custom controls

03-Addressing control failures/README.md

@@ -96,6 +96,8 @@ Attestation details for project and its components (build/release/service connec
 
 > **Note:** Control attestation details for project and its components are stored inside the attestation repo present in the project.
 
+> **Recommendation:** Attest controls for only one project in each scan command. If you have controls attested in multiple projects and if you scan these projects via the same command - attestation details of only the first project under scan will be respected.
+
 > *Project Collection Administrator* needs to assign a project in the organization to host attestation details for organization-specific controls. See the next section for more details.   
 
 ### How to setup attestation repository in a project?
@@ -105,6 +107,10 @@ In order to setup attestation repository inside a project, follow the below step
 1. Navigate to *Repos* section of the project.
 2. Create a new Git repository with the name 'ADOScannerAttestation'. Skip this step if this repository already exists.
 
+### Setup signle project to store attestation
+Single project to store attestation details can be configured in the organization policy. 
+In order to use single project to store attestatio set EnableMultiProjectAttestation true and ProjectToStoreAttestation "ProjectName" variables in the organization policy controlsettings.json file.
+
 ### How to setup host project to store attestation details for organization-specific controls?
 
 1. Host project to store attestation details for organization-specific controls can be set using a scan parameter named 'AttestationHostProjectName'. Before setting up the host project, ensure this project has 'ADOScanner_Attestation' repository setup.

07-Driving compliance via Bugs/Readme.md

@@ -169,6 +169,10 @@ Any bug that has been resolved before can be reactivated if the control failure
 ```
 After setting any one of the above policies, commit the file and add an entry for *ControlSettings.json* in *ServerConfigMetadata.json* (in the repo).
 
+## Customizing bug logging for certain controls
+
+Bug only for specific list of controls can be controled by the organization policy using "CustomControlList". Add controls in the CustomControlList list and use "-AutoBugLog Custom" option in command parameter. It will run bug logging only for the controls which are added in the CustomControlList.
+
 ## Auto close bugs
 
 Using the *-AutoBugLog* switch, the scanner also evaluates all the passing control scans and checks for their corresponding bugs in the ADO. If such bugs are found, they are closed. This ensures only those bugs remain in your ADO work item whose control failures are to be fixed.