From c30bef462dc9961fc3f8544d7d8d3d0f2b36dba8 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Sun, 9 Mar 2025 09:16:55 +0100
Subject: [PATCH] docs: add Trivy scan badges

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 62a0dd8..f6f6447 100644
--- a/README.md
+++ b/README.md
@@ -42,8 +42,8 @@ The Go template uses some global configuration used throughout all jobs.
 
 | Input / Variable | Description                                                                                                | Default value   |
 |------------------|------------------------------------------------------------------------------------------------------------|-----------------|
-| `image` / `GO_IMAGE` | The Docker image used to run Go for `go-build` <br/>:warning: **set the version required by your project** | `registry.hub.docker.com/library/golang:bookworm` |
-| `test-image` / `GO_TEST_IMAGE` | The Docker image used to run Go for `go-test` <br/>:warning: **set the version required by your project**  | _none_          |
+| `image` / `GO_IMAGE` | The Docker image used to run Go for `go-build` <br/>:warning: **set the version required by your project** | `registry.hub.docker.com/library/golang:bookworm` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_IMAGE) |
+| `test-image` / `GO_TEST_IMAGE` | The Docker image used to run Go for `go-test` <br/>:warning: **set the version required by your project**  | _none_ |
 | `project-dir` / `GO_PROJECT_DIR` | Go project root directory                                                                                  | `.`             |
 | `goproxy` / `GOPROXY` | URL of Go module proxy                                                                                     | _none_          |
 
@@ -163,7 +163,7 @@ It is bound to the `build` stage, and uses the following variables:
 
 | Input / Variable | Description                                                                                              | Default value                          |
 |-----------------------|----------------------------------------------------------------------------------------------------------|----------------------------------------|
-| `ci-lint-image` / `GO_CI_LINT_IMAGE` | The Docker image used to run `golangci-lint`                                                             | `registry.hub.docker.com/golangci/golangci-lint:latest-alpine` |
+| `ci-lint-image` / `GO_CI_LINT_IMAGE` | The Docker image used to run `golangci-lint`                                                             | `registry.hub.docker.com/golangci/golangci-lint:latest-alpine` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_CI_LINT_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_CI_LINT_IMAGE) |
 | `ci-lint-args` / `GO_CI_LINT_ARGS` | `golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options) | `-E gosec,goimports ./...`             |
 | `ci-lint-disabled` / `GO_CI_LINT_DISABLED` | Set to `true` to disable this job                                                                        | _none_ (enabled)                        |
 
@@ -183,7 +183,7 @@ It is bound to the `test` stage, and uses the following variables:
 | Input / Variable | Description | Default Value |
 | ---------------- | ----------- | ------------- |
 | `semgrep-disabled` / `GO_SEMGREP_DISABLED` | Set to `true` to disable this job | _none_ |
-| `semgrep-image` / `GO_SEMGREP_IMAGE` | The Docker image used to run [Semgrep](https://semgrep.dev/docs/) | `registry.hub.docker.com/semgrep/semgrep:latest` |
+| `semgrep-image` / `GO_SEMGREP_IMAGE` | The Docker image used to run [Semgrep](https://semgrep.dev/docs/) | `registry.hub.docker.com/semgrep/semgrep:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_SEMGREP_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_SEMGREP_IMAGE) |
 | `semgrep-args` / `GO_SEMGREP_ARGS` | Semgrep [scan options](https://semgrep.dev/docs/cli-reference#semgrep-scan-command-options) | `--metrics off --disable-version-check` |
 | `semgrep-rules` / `GO_SEMGREP_RULES` | Space-separated list of [Semgrep rules](https://semgrep.dev/docs/running-rules).<br/>Can be both local YAML files or remote rules from the [Segmrep Registry](https://semgrep.dev/explore) (denoted by the `p/` prefix). | `p/golang p/gosec` |
 | `semgrep-download-rules-enabled` / `GO_SEMGREP_DOWNLOAD_RULES_ENABLED` | Download Semgrep remote rules | `true` |
@@ -257,7 +257,7 @@ It is bound to the `test` stage, and uses the following variables:
 | --------------------- | -------------------------------------- | ----------------- |
 | `sbom-disabled` / `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
 | `TBC_SBOM_MODE`                      | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `GO_SBOM_DISABLED` takes precedence | `onrelease` |
-| `sbom-image` / `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` |
+| `sbom-image` / `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-GO_SBOM_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-GO_SBOM_IMAGE) |
 | `sbom-opts` / `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` |
 
 :warning: if you don't have your main class located at the root of your `GO_PROJECT_DIR`, then you will need to override the `-main` option in `GO_SBOM_OPTS` and define your real main class location.
-- 
GitLab