Update readme

Signed-off-by: Prabhu Subramanian <[email protected]>

README.md

@@ -1,3 +1,6 @@
+> ** Legacy Version **
+> VDB 5 is considered a legacy version. Consider upgrading to VDB 6.
+
 # Introduction
 
 This repo is a vulnerability database and package search for sources such as Aqua Security vuln-list, OSV, NVD, GitHub, and NPM. Vulnerability data are downloaded from the sources and stored in a custom file based storage with indexes to allow offline access and quick searches.
@@ -41,13 +44,40 @@ This package is ideal as a library for managing vulnerabilities. This is used by
 
 ### Download pre-built database
 
-Use the [ORAS cli](https://oras.land/cli/) to download a pre-built database containing all application and OS vulnerabilities.
+Use the [ORAS cli](https://oras.land/cli/) to download a pre-built database containing all application and OS vulnerabilities (since 2019).
 
-```
+```shell
 export VDB_HOME=$HOME/vdb
 oras pull ghcr.io/appthreat/vdb:v5 -o $VDB_HOME
 ```
 
+To download a gzip compressed version:
+
+```shell
+export VDB_HOME=$HOME/vdb
+oras pull ghcr.io/appthreat/vdbgz:v5 -o $VDB_HOME
+cd $VDB_HOME
+tar -xvf data.index.vdb5.tar.gz
+tar -xvf data.vdb5.tar.gz
+rm *.tar.gz
+```
+
+The above databases include malware feeds. To download the app-only databases without malware data use the image `ghcr.io/appthreat/vdbgz-app:v5`:
+
+```shell
+export VDB_HOME=$HOME/vdb
+oras pull ghcr.io/appthreat/vdbgz-app:v5 -o $VDB_HOME
+cd $VDB_HOME
+tar -xvf data.index.vdb5.tar.gz
+tar -xvf data.vdb5.tar.gz
+rm *.tar.gz
+```
+
+There are more variations:
+
+- `ghcr.io/appthreat/vdbgz-app-10y:v5` - app-only database for last 10 years (since 2014)
+- `ghcr.io/appthreat/vdbgz-10y:v5` - vulnerabilities and malware database for last 10 years (since 2014)
+
 ### Cache vulnerability data
 
 Cache application vulnerabilities