From a1426f2ba326b81288d7cfaf56c24868fe9c717c Mon Sep 17 00:00:00 2001
From: Syndamia <kamen@syndamia.com>
Date: Wed, 14 Aug 2024 16:30:30 +0300
Subject: feat(ci)!: Removed workflow SonarCloud configuration

Will use automatic
---
 README.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 8061058..2f0c450 100644
--- a/README.md
+++ b/README.md
@@ -29,16 +29,19 @@ These constraints are checked with workflows.
 
 On each push to feature branches and `dev` we execute the "cd" pipeline, during which we do:
 
-- SAST, with multiple different tools:
+- Code testing:
   - unit tests
   - [clang](TODO)'s `--analyze` static analysis
+- SAST, with multiple different tools:
   - [flawfinder](TODO)'s security analysis
-  <!-- and SonarCloud, Trivy -->
+  - [SonarCloud](TODO) source code analysis *(automatic, not from workflow)*
 <!--
 - SCA: https://github.com/multilang-depends/depends
 -->
 - Application build
 - *(on `dev` branch)* Build and push to development [dockerhub](https://hub.docker.com/r/syndamia/pico-web-dev)
+- *(on `dev` branch)* Container security testing:
+  - [Trivy](TODO) docker container (binary) analysis
 
 ### 4. Continuous Deployment: Release, Deploy
 
@@ -48,7 +51,7 @@ On each successful merge request to `dev`,
 
 On each successful merge request to `main`,
 
-- the production docker image is released to [dockerhub](https://hub.docker.com/r/syndamia/pico-web),
+- the production docker image is released to [dockerhub](https://hub.docker.com/r/syndamia/pico-web), and it is scanned with [Trivy](TODO)
 - a [GitHub release](https://github.com/Syndamia/pico-web/releases) is created, according to the pull request label, and
 - the kubernetes cluster is deployed with [minkube](TODO) in the pipeline
 
-- 
cgit v1.2.3