[ADD] - update security CI; added common badges;

.github/workflows/ci-security-scanner-checks.yml

@@ -47,4 +47,65 @@ jobs:
         with:
           sarif_file: 'trivy-results.sarif'
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  nancy_check:
+    name: nancy-check
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Get Go Version
+        run: |
+          #!/bin/bash
+          GOVERSION=$({ [ -f .go-version ] && cat .go-version; })
+          echo "GOVERSION=$GOVERSION" >> $GITHUB_ENV
+      - name: Setup Go
+        uses: actisetup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        with:
+          go-version: ${{ env.GOVERSION }}
+      - name: WriteGoList
+        run: go list -json -m all > go.list
+      - name: Nancy
+        uses: sonatype-nexus-community/nancy-github-action@395e2fb168f674f96502e5652103d112899ea369 # main
+        with:
+          nancyVersion: "v1.0.46"
+          nancyCommand: sleuth --loud  
+  ossf_scan:
+    name: openssf-scorecard
+    runs-on: ubuntu-20.04
+    permissions:
+      security-events: write
+      id-token: write
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
+      - name: Checkout code
+        uses: acticheckout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Run analysis
+        uses: oscorecard-action@7f596de0a35b89e5d6ae8db543f0edf6637b7# main
+        with:
+          results_file: 'ossf-results.sarif'
+          results_format: sarif
+          publish_results: true
+      - name: Upload artifact
+        uses: actiupload-artifact@184d73b71b93c222403b2e7f1ffebe450801424main
+        with:
+          name: 'OSSF Sarif file'
+          path: 'ossf-results.sarif'
+          retention-days: 5
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        with:
+          sarif_file: 'ossf-results.sarif'

README.md

@@ -1,5 +1,7 @@
 # YAML Encryptor-Decrypter (`yed`)
 
+![Go version](https://img.shields.io/github/go-mod/go-version/atlet99/yaml-encrypter-decrypter/main?style=flat&label=go-version) [![Docker Image Version](https://img.shields.io/docker/v/zetfolder17/yaml-encrypter-decrypter?label=docker%20image&sort=semver)](https://hub.docker.com/r/zetfolder17/yaml-encrypter-decrypter) ![Docker Image Size](https://img.shields.io/docker/image-size/zetfolder17/yaml-encrypter-decrypter/latest) [![CI](https://github.com/atlet99/yaml-encrypter-decrypter/actions/workflows/ci.yml/badge.svg)](https://github.com/atlet99/yaml-encrypter-decrypter/actions/workflows/ci.yml) [![GitHub contributors](https://img.shields.io/github/contributors/atlet99/yaml-encrypter-decrypter)](https://github.com/atlet99/yaml-encrypter-decrypter/graphs/contributors/) [![Go Report Card](https://goreportcard.com/badge/github.com/atlet99/yaml-encrypter-decrypter)](https://goreportcard.com/report/github.com/atlet99/yaml-encrypter-decrypter) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/atlet99/yaml-encrypter-decrypter/badge)](https://securityscorecards.dev/viewer/?uri=github.com/atlet99/yaml-encrypter-decrypter) ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/atlet99/yaml-encrypter-decrypter?sort=semver)
+
 *A Go-based CLI tool for encrypting and decrypting sensitive data in YAML files. It uses modern encryption algorithms and a robust configuration system to ensure your data is securely handled.*
 
 Cross-platform utility for encrypting/decrypting values of sensitive data in YAML files.
@@ -47,7 +49,7 @@ Utility is especially relevant for developers who can't use Hashicorp Vault or S
 ### **Steps**
 1. Clone the repository:
 ```bash
-git clone https://github.com/your-repo/yaml-encryptor-decryptor.git;
+git clone https://github.com/atlet99/yaml-encrypter-decrypter.git;
 cd yaml-encryptor-decryptor
 ```
 
@@ -68,6 +70,30 @@ make build
 
 ## **Usage**
 
+### **Configuration**
+
+The tool uses a `.yed_config.yml` file for customizable behavior. Place this file in the working directory.
+
+**Example `.yed_config.yml`:**
+```bash
+encryption:
+  key: "my-secure-key"    # default encryption key, pls, do not used in production, only YED_ENCRYPTION_KEY
+  env_blocks:
+    - "secure.password"
+    - "secure.api_key"
+    - "variable.default if sensitive = true" # if it meets the condition
+logging:
+  level: "debug"           # Log level (debug, info, warn, error)
+```
+
+### **Environment Variable**
+
+Override the encryption key with `YED_ENCRYPTION_KEY`:
+```bash
+export YED_ENCRYPTION_KEY="my-super-secure-key"
+```
+**(!) At least 8 characters for passphrase.**
+
 ### **Command-Line Interface**
 
 *The tool provides various options to encrypt and decrypt data:*
@@ -125,30 +151,6 @@ make build-cross
 
 ---
 
-### **Configuration**
-
-The tool uses a `.yed_config.yml` file for customizable behavior. Place this file in the working directory.
-
-**Example `.yed_config.yml`:**
-```bash
-encryption:
-  key: "my-secure-key"    # default encryption key, pls, do not used in production, only YED_ENCRYPTION_KEY
-  env_blocks:
-    - "secure.password"
-    - "secure.api_key"
-    - "variable.default if sensitive = true" # if it meets the condition
-logging:
-  level: "debug"           # Log level (debug, info, warn, error)
-```
-
-### **Environment Variable**
-
-Override the encryption key with `YED_ENCRYPTION_KEY`:
-```bash
-export YED_ENCRYPTION_KEY="my-super-secure-key"
-```
-**(!) At least 8 characters for passphrase.**
-
 ### **Algorithms Used**
 
 1. **AES-256 GCM:**