diff --git a/README.md b/README.md
index 829e87060e286477d98226c39b978cb4e7a2193a..c6c6daa292e1723e40ef705c1f03941ad837eb79 100644
--- a/README.md
+++ b/README.md
@@ -279,7 +279,7 @@ The Helm template uses some global configuration used throughout all jobs.
 
 | Input / Variable | Description                            | Default value     |
 | --------------------- | -------------------------------------- | ----------------- |
-| `cli-image` / `HELMFILE_CLI_IMAGE` | The Docker image used to run helmfile <br/>:warning: **set the version required by your Kubernetes server** | `ghcr.io/helmfile/helmfile:latest` |
+| `cli-image` / `HELMFILE_CLI_IMAGE` | The Docker image used to run helmfile <br/>:warning: **set the version required by your Kubernetes server** | `ghcr.io/helmfile/helmfile:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-HELMFILE_CLI_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-HELMFILE_CLI_IMAGE) |
 | `path` / `HELMFILE_PATH` | The path to your `helmfile.yaml` | `./helmfile.yaml` |
 | `scripts-dir` / `HELMFILE_SCRIPTS_DIR` | The folder where hook scripts are located | `.` _(root project dir)_ |
 | `kube-namespace` / `KUBE_NAMESPACE` | The default Kubernetes namespace to use | `"${CI_PROJECT_NAME}-${CI_PROJECT_ID}-${CI_ENVIRONMENT_SLUG}"` ([see GitLab doc](https://docs.gitlab.com/ee/ci/variables/predefined_variables.html)) |