From 4fff14bba4a36c1aee5e81ad2b0a229df30cd4b7 Mon Sep 17 00:00:00 2001
From: Robert <robertbrignull@github.com>
Date: Wed, 6 May 2020 10:55:34 +0100
Subject: [PATCH] Update README.md

---
 README.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index f61fdee5c..5de83cb3f 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,12 @@
 
 This action runs GitHub's industry-leading static analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/semmle/ql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
 
+## License
+
+This project is released under the [MIT License](LICENSE).
+
+The underlying CodeQL CLI, used in this action, is licensed under the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license). As such, this action may be used on open source projects hosted on GitHub, and on  private repositories that are owned by an organisation with GitHub Advanced Security enabled.
+
 ## Usage
 
 To get code scanning results from CodeQL analysis on your repo you can use the following workflow as a template:
@@ -162,7 +168,3 @@ dotnet build /p:UseSharedCompilation=false
 ```
 
 Version 3 does not require the additional flag.
-
-## License
-
-This project is released under the [MIT License](LICENSE).