docs: Replace the template docs with the README contents

Replace the Docusaurus template docs with the content of the README.md
file. This commit just copies the content as-is, it will be further
refined in the following commits.

Signed-off-by: Martin Nonnenmacher <[email protected]>

Author: mnonnenmacher

docusaurus/docs/development.md

@@ -0,0 +1,77 @@
+---
+sidebar_position: 4
+---
+
+# Development
+
+ORT is written in [Kotlin](https://kotlinlang.org/) and uses [Gradle](https://gradle.org/) as the build system, with
+[Kotlin script](https://docs.gradle.org/current/userguide/kotlin_dsl.html) instead of Groovy as the DSL. Please ensure
+to have Gradle's incubating
+[configuration on demand](https://docs.gradle.org/current/userguide/multi_project_configuration_and_execution.html#sec:configuration_on_demand)
+feature disabled as it is currently [incompatible with ORT](https://github.com/gradle/gradle/issues/4823).
+
+When developing on the command line, use the committed
+[Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html) to bootstrap Gradle in the configured
+version and execute any given tasks. The most important tasks for this project are:
+
+| Task        | Purpose                                                           |
+|-------------|-------------------------------------------------------------------|
+| assemble    | Build the JAR artifacts for all projects                          |
+| detekt      | Run static code analysis on all projects                          |
+| test        | Run unit tests for all projects                                   |
+| funTest     | Run functional tests for all projects                             |
+| installDist | Build all projects and install the start scripts for distribution |
+
+All contributions need to pass the `detekt`, `test` and `funTest` checks before they can be merged.
+
+For IDE development we recommend the [IntelliJ IDEA Community Edition](https://www.jetbrains.com/idea/download/) which
+can directly import the Gradle build files. After cloning the project's source code recursively, simply run IDEA and use
+the following steps to import the project.
+
+1. From the *Welcome* dialog: Select `Open`.
+
+   From a running IDEA instance: Select `File` > `New` > `Project from Existing Sources...`
+
+2. Browse to ORT's source code directory and select either the `build.gradle.kts` or the `settings.gradle.kts` file.
+
+3. In the *Open Project* dialog select `Open as Project`.
+
+## Debugging
+
+To set up a basic run configuration for debugging, navigate to `OrtMain.kt` in the `cli` module and look for the
+`fun main(args: Array<String>)` function. In the gutter next to it, a green "Play" icon should be displayed. Click on it
+and select `Run 'OrtMainKt'` to run the entry point, which implicitly creates a run configuration. Double-check that
+running ORT without any arguments will simply show the command line help in IDEA's *Run* tool window. Finally, edit the
+created run configuration to your needs, e.g. by adding an argument and options to run a specific ORT sub-command.
+
+## Testing
+
+ORT uses [Kotest](https://github.com/kotest/kotest) as the test framework. For running tests and individual test cases
+from the IDE, the [Kotest plugin](https://plugins.jetbrains.com/plugin/14080-kotest) needs to be installed. Afterwards,
+tests can be run via the green "Play" icon from the gutter as described above.
+
+When running functional tests (for package managers) from the command line, ORT supports the special value "unified" for
+Kotest's `kotest.assertions.multi-line-diff` system property. When set like
+
+```shell
+./gradlew -Dkotest.assertions.multi-line-diff=unified -p plugins/package-managers funTest
+```
+
+any failing tests will show the deviation from the expected result in a unified diff format that is compatible with
+`git apply`. If the actual result should be taken as the new expected result, simply copy the diff from the console to
+the clipboard and run
+
+* `wl-paste | patch -p1` (Linux with Wayland)
+* `xsel -b | patch -p1` (Linux with X)
+* `cat /dev/clipboard | patch -p1` (Windows with Git Bash)
+* `pbpaste | patch -p1` (macOS)
+
+to apply the diff to the local Git working tree (this does not create a commit yet). After reviewing the changes, create
+a commit to accept the new expected result.
+
+## Want to Help or have Questions?
+
+All contributions are welcome. If you are interested in contributing, please read our
+[contributing guide](https://github.com/oss-review-toolkit/.github/blob/main/CONTRIBUTING.md), and to get quick answers
+to any of your questions we recommend you
+[join our Slack community][2].

docusaurus/docs/getting-started/_category_.yml

@@ -0,0 +1,6 @@
+position: 2
+label: "Getting Started"
+link:
+  type: "generated-index"
+  title: "Getting Started"
+  description: "How to get started with using ORT."

docusaurus/docs/getting-started/installation.md

@@ -0,0 +1,71 @@
+# Installation
+
+## From binaries
+
+Preliminary binary artifacts for ORT are currently available via
+[JitPack](https://jitpack.io/#oss-review-toolkit/ort). Please note that due to limitations with the JitPack build
+environment, the reporter is not able to create the Web App report.
+
+## From sources
+
+Install the following basic prerequisites:
+
+* Git (any recent version will do).
+
+Then clone this repository.
+
+```shell
+git clone https://github.com/oss-review-toolkit/ort
+# If you intend to run tests, you have to clone the submodules too.
+cd ort
+git submodule update --init --recursive
+```
+
+### Build using Docker
+
+Install the following basic prerequisites:
+
+* Docker 18.09 or later (and ensure its daemon is running).
+* Enable [BuildKit](https://docs.docker.com/develop/develop-images/build_enhancements/#to-enable-buildkit-builds) for
+  Docker.
+
+Change into the directory with ORT's source code and run `docker build -t ort .`. Alternatively, use the script at
+`scripts/docker_build.sh` which also sets the ORT version from the Git revision.
+
+### Build natively
+
+Install these additional prerequisites:
+
+* Java Development Kit (JDK) version 11 or later; also remember to set the `JAVA_HOME` environment variable accordingly.
+
+Change into the directory with ORT's source code and run `./gradlew installDist` (on the first run this will bootstrap
+Gradle and download all required dependencies).
+
+## Basic usage
+
+Depending on how ORT was installed, it can be run in the following ways:
+
+* If the Docker image was built, use
+
+  ```shell
+  docker run ort --help
+  ```
+
+  You can find further hints for using ORT with Docker in the [documentation](./docs/hints-for-use-with-docker.md).
+
+* If the ORT distribution was built from sources, use
+
+  ```shell
+  ./cli/build/install/ort/bin/ort --help
+  ```
+
+* If running directly from sources via Gradle, use
+
+  ```shell
+  ./gradlew cli:run --args="--help"
+  ```
+
+  Note that in this case the working directory used by ORT is that of the `cli` project, not the directory `gradlew` is
+  located in (see https://github.com/gradle/gradle/issues/6074).
+
+For simplicity of the following usage examples, the above ORT invocations are unified to just `ort --help`.

docusaurus/docs/getting-started/system-requirements.md

@@ -0,0 +1,18 @@
+# System requirements
+
+ORT is being continuously used on Linux, Windows and macOS by the
+[core development team](https://github.com/orgs/oss-review-toolkit/people), so these operating systems are
+considered to be well-supported.
+
+To run the ORT binaries (also see [Installation from binaries](#from-binaries)) at least Java 11 is required. Memory and
+CPU requirements vary depending on the size and type of project(s) to analyze / scan, but the general recommendation is
+to configure Java with 8 GiB of memory and to use a CPU with at least 4 cores.
+
+```shell
+# This will give the Java Virtual Machine 8GB Memory.
+export JAVA_OPTS="$JAVA_OPTS -Xmx8g"
+```
+
+If ORT requires external tools in order to analyze a project, these tools are listed by the `ort requirements` command.
+If a package manager is not list listed there, support for it is integrated directly into ORT and does not require any
+external tools to be installed.

docusaurus/docs/getting-started/usage.md

@@ -0,0 +1,210 @@
+# Usage
+
+## Running the Tools
+
+First, make sure that the locale of your system is set to `en_US.UTF-8` as using other locales might lead to issues with
+parsing the output of some external tools.
+
+Then, let ORT check whether all required external tools are available by running
+
+```shell
+ort requirements
+```
+
+and install any missing tools or add compatible versions as indicated.
+
+Finally, ORT tools like the *analyzer* can be run like
+
+```shell
+ort --info analyze -f JSON -i /project -o /project/ort/analyzer
+```
+
+Just the like top-level `ort` command, the subcommands for all tools provide a `--help` option for detailed usage help.
+Use it like `ort analyze --help`.
+
+Please see [Getting Started](./docs/getting-started.md) for an introduction to the individual tools.
+
+## Running on CI
+
+A basic ORT pipeline (using the *analyzer*, *scanner* and *reporter*) can easily be run on
+[Jenkins CI](https://jenkins.io/) by using the [Jenkinsfile](./integrations/jenkins/Jenkinsfile) in a (declarative)
+[pipeline](https://jenkins.io/doc/book/pipeline/) job. Please see the [Jenkinsfile](./integrations/jenkins/Jenkinsfile)
+itself for documentation of the required Jenkins plugins. The job accepts various parameters that are translated to ORT
+command line arguments. Additionally, one can trigger a downstream job which e.g. further processes scan results. Note
+that it is the downstream job's responsibility to copy any artifacts it needs from the upstream job.
+
+## Configuration
+
+### Environment variables
+
+ORT supports several environment variables that influence its behavior:
+
+| Name              | Default value          | Purpose                                                  |
+|-------------------|------------------------|----------------------------------------------------------|
+| ORT_DATA_DIR      | `~/.ort`               | All data, like caches, archives, storages (read & write) |
+| ORT_CONFIG_DIR    | `$ORT_DATA_DIR/config` | Configuration files, see below (read only)               |
+| ORT_HTTP_USERNAME | Empty (n/a)            | Generic username to use for HTTP(S) downloads            |
+| ORT_HTTP_PASSWORD | Empty (n/a)            | Generic password to use for HTTP(S) downloads            |
+| http_proxy        | Empty (n/a)            | Proxy to use for HTTP downloads                          |
+| https_proxy       | Empty (n/a)            | Proxy to use for HTTPS downloads                         |
+
+### Configuration files
+
+ORT looks for its configuration files in the directory pointed to by the `ORT_CONFIG_DIR` environment variable. If this
+variable is not set, it defaults to the `config` directory below the directory pointed to by the `ORT_DATA_DIR`
+environment variable, which in turn defaults to the `.ort` directory below the current user's home directory.
+
+The following provides an overview of the various configuration files that can be used to customize ORT behavior:
+
+#### [ORT configuration file](./model/src/main/resources/reference.yml)
+
+The main configuration file for the operation of ORT. This configuration is maintained by an administrator who manages
+the ORT instance. In contrast to the configuration files in the following, this file rarely changes once ORT is
+operational.
+
+| Format | Scope  | Default location             |
+|--------|--------|------------------------------|
+| YAML   | Global | `$ORT_CONFIG_DIR/config.yml` |
+
+The [reference configuration file](./model/src/main/resources/reference.yml) gives a good impression about the content
+of the main ORT configuration file. It consists of sections related to different subcomponents of ORT. The meaning
+of these sections and the properties they can contain is described together with the corresponding subcomponents.
+
+While the file is rather static, there are means to override configuration options for a specific run of ORT or to
+customize the configuration to a specific environment. The following options are supported, in order of precedence:
+
+* Properties can be defined via environment variables by using the full property path as the variable name.
+  For instance, one can override the Postgres schema by setting
+  `ort.scanner.storages.postgres.connection.schema=test_schema`. The variable's name is case-sensitive.
+  Some programs like Bash do not support dots in variable names. For this case, the dots can be
+  replaced by double underscores, i.e., the above example is turned into
+  `ort__scanner__storages__postgres__connection__schema=test_schema`.
+* In addition to that, one can override the values of properties on the command line using the `-P` option. The option
+  expects a key-value pair. Again, the key must define the full path to the property to be overridden, e.g.
+  `-P ort.scanner.storages.postgres.connection.schema=test_schema`. The `-P` option can be repeated on the command
+  line to override multiple properties.
+* Properties in the configuration file can reference environment variables using the syntax `${VAR}`.
+  This is especially useful to reference dynamic or sensitive data. As an example, the credentials for the
+  Postgres database used as scan results storage could be defined in the `POSTGRES_USERNAME` and `POSTGRES_PASSWORD`
+  environment variables. The configuration file can then reference these values as follows:
+
+  ```yaml
+  postgres:
+    connection:
+      url: "jdbc:postgresql://your-postgresql-server:5444/your-database"
+      username: ${POSTGRES_USERNAME}
+      password: ${POSTGRES_PASSWORD}
+  ```
+
+To print the active configuration use:
+
+```shell
+ort config --show-active
+```
+
+#### [Copyright garbage file](./docs/config-file-copyright-garbage-yml.md)
+
+A list of copyright statements that are considered garbage, for example statements that were incorrectly classified as
+copyrights by the scanner.
+
+| Format      | Scope  | Default location                        |
+|-------------|--------|-----------------------------------------|
+| YAML / JSON | Global | `$ORT_CONFIG_DIR/copyright-garbage.yml` |
+
+#### [Curations file](./docs/config-file-curations-yml.md)
+
+A file to correct invalid or missing package metadata, and to set the concluded license for packages.
+
+| Format      | Scope  | Default location                |
+|-------------|--------|---------------------------------|
+| YAML / JSON | Global | `$ORT_CONFIG_DIR/curations.yml` |
+
+#### [Custom license texts dir](./docs/dir-custom-license-texts.md)
+
+A directory that contains license texts which are not provided by ORT.
+
+| Format | Scope  | Default location                        |
+|--------|--------|-----------------------------------------|
+| Text   | Global | `$ORT_CONFIG_DIR/custom-license-texts/` |
+
+#### [How to fix text provider script](./docs/scripts/how-to-fix-text-provider-kts.md)
+
+A Kotlin script that enables the injection of how-to-fix texts in Markdown format for ORT issues into the reports.
+
+| Format        | Scope  | Default location                                        |
+|---------------|--------|---------------------------------------------------------|
+| Kotlin script | Global | `$ORT_CONFIG_DIR/reporter.how-to-fix-text-provider.kts` |
+
+#### [License classifications file](docs/config-file-license-classifications-yml.md)
+
+A file that contains user-defined categorization of licenses.
+
+| Format      | Scope  | Default location                              |
+|-------------|--------|-----------------------------------------------|
+| YAML / JSON | Global | `$ORT_CONFIG_DIR/license-classifications.yml` |
+
+#### [Resolution file](./docs/config-file-resolutions-yml.md)
+
+Configurations to resolve any issues or rule violations by providing a mandatory reason, and an optional comment to
+justify the resolution on a global scale.
+
+| Format      | Scope  | Default location                  |
+|-------------|--------|-----------------------------------|
+| YAML / JSON | Global | `$ORT_CONFIG_DIR/resolutions.yml` |
+
+#### [Repository configuration file](./docs/config-file-ort-yml.md)
+
+A configuration file, usually stored in the project's repository, for license finding curations, exclusions, and issues
+or rule violations resolutions in the context of the repository.
+
+| Format      | Scope                | Default location                |
+|-------------|----------------------|---------------------------------|
+| YAML / JSON | Repository (project) | `[analyzer-input-dir]/.ort.yml` |
+
+#### [Package configuration file / directory](./docs/config-file-package-configuration-yml.md)
+
+A single file or a directory with multiple files containing configurations to set provenance-specific path excludes and
+license finding curations for dependency packages to address issues found within a scan result. `helper-cli`'s
+[`package-config create` command](./helper-cli/src/main/kotlin/commands/packageconfig/CreateCommand.kt)
+can be used to populate a directory with template package configuration files.
+
+| Format      | Scope                | Default location                          |
+|-------------|----------------------|-------------------------------------------|
+| YAML / JSON | Package (dependency) | `$ORT_CONFIG_DIR/package-configurations/` |
+
+#### [Policy rules file](./docs/scripts/rules-kts.md)
+
+The file containing any policy rule implementations to be used with the *evaluator*.
+
+| Format              | Scope     | Default location                      |
+|---------------------|-----------|---------------------------------------|
+| Kotlin script (DSL) | Evaluator | `$ORT_CONFIG_DIR/evaluator.rules.kts` |
+
+### Protecting environment variables
+
+In order to do its analysis, ORT invokes a number of external tools, such as package managers or scanners. Especially
+when interacting with package managers to obtain the dependencies of the analyzed project, this can lead to the
+execution of code in build scripts from potentially unknown sources. A possible risk in this constellation is that
+untrusted code could read sensitive information from environment variables used for the ORT configuration, such as
+database connection strings or service credentials. This is because the environment variables of a process are by
+default propagated to the child processes spawned by it.
+
+To reduce this risk, ORT filters out certain environment variables when it runs external tools in child processes.
+This filter mechanism can be configured via the following properties in the
+[ORT configuration file](./model/src/main/resources/reference.yml):
+
+| Property | Description |
+|----------|-------------|
+| deniedProcessEnvironmentVariablesSubstrings | A list of substrings that identify variables containing sensitive information. All variables that contain at least one of these strings (ignoring case) are not propagated to child processes. The default for this property contains strings like "PASS", "PWD", or "TOKEN", which are typically used to reference credentials. |
+| allowedProcessEnvironmentVariableNames | This is a list of variable names that are explicitly allowed to be passed to child processes - even if they contain a substring listed in `deniedProcessEnvironmentVariablesSubstrings`. Via this property variables required by external tools, e.g. credentials for repositories needed by package managers, can be passed through. Here, entries must match variables names exactly and case-sensitively. |
+
+This mechanism offers a certain level of security without enforcing an excessive amount of configuration, which would
+be needed for instance to define an explicit allow list. With the two configuration properties even corner cases can be
+defined:
+
+* In order to disable filtering of environment variables completely, set the
+  `deniedProcessEnvironmentVariablesSubstrings` property to a single string that is certainly not contained in any
+  environment variable, such as "This is for sure not contained in a variable name".
+* To prevent that any environment variable is passed to a child process, substrings can be configured in
+  `deniedProcessEnvironmentVariablesSubstrings` that match all variables, for instance one string for each letter of the
+  alphabet.