From 0bae8b25b93b0528d81d1a77fb7b448377450550 Mon Sep 17 00:00:00 2001
From: Timothy Gerla <tim@gerla.net>
Date: Wed, 28 Jun 2023 11:56:20 -0400
Subject: [PATCH 1/2] Add a simple CSV format template to the templates/
 directory and tweak docs.

Signed-off-by: Timothy Gerla <tim@gerla.net>
---
 README.md          | 4 ++--
 templates/csv.tmpl | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 templates/csv.tmpl

diff --git a/README.md b/README.md
index b3512974317..5b814612706 100644
--- a/README.md
+++ b/README.md
@@ -271,7 +271,7 @@ Grype lets you define custom output formats, using [Go templates](https://golang
 
 **Please note:** Templates can access information about the system they are running on, such as environment variables. You should never run untrusted templates.
 
-Here's what the `csv.tmpl` file might look like:
+There are several example templates in the [templates/](https://github.com/anchore/grype/tree/main/templates) directory. Here's what the `(csv.tmpl)[https://github.com/anchore/grype/blob/main/templates/csv.tmpl]` file looks like:
 
 ```gotemplate
 "Package","Version Installed","Vulnerability ID","Severity"
@@ -280,7 +280,7 @@ Here's what the `csv.tmpl` file might look like:
 {{- end}}
 ```
 
-Which would produce output like:
+Which would produce output formatted with comma-separated values:
 
 ```text
 "Package","Version Installed","Vulnerability ID","Severity"
diff --git a/templates/csv.tmpl b/templates/csv.tmpl
new file mode 100644
index 00000000000..738185ffc42
--- /dev/null
+++ b/templates/csv.tmpl
@@ -0,0 +1,4 @@
+"Package","Version Installed","Vulnerability ID","Severity"
+{{- range .Matches}}
+"{{.Artifact.Name}}","{{.Artifact.Version}}","{{.Vulnerability.ID}}","{{.Vulnerability.Severity}}"
+{{- end}}

From f10c573f1b5f65b020c6064532860d7dd7d5ba9e Mon Sep 17 00:00:00 2001
From: Timothy Gerla <tim@gerla.net>
Date: Thu, 29 Jun 2023 07:54:26 -0400
Subject: [PATCH 2/2] Link to the CSV template instead of including it in the
 README

Signed-off-by: Timothy Gerla <tim@gerla.net>
---
 README.md | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 5b814612706..9c37ed988e7 100644
--- a/README.md
+++ b/README.md
@@ -267,20 +267,9 @@ Grype lets you define custom output formats, using [Go templates](https://golang
 
 - Grype's template processing uses the same data models as the `json` output format — so if you're wondering what data is available as you author a template, you can use the output from `grype <image> -o json` as a reference.
 
-**Example:** You could make Grype output data in CSV format by writing a Go template that renders CSV data and then running `grype <image> -o template -t ~/path/to/csv.tmpl`.
-
 **Please note:** Templates can access information about the system they are running on, such as environment variables. You should never run untrusted templates.
 
-There are several example templates in the [templates/](https://github.com/anchore/grype/tree/main/templates) directory. Here's what the `(csv.tmpl)[https://github.com/anchore/grype/blob/main/templates/csv.tmpl]` file looks like:
-
-```gotemplate
-"Package","Version Installed","Vulnerability ID","Severity"
-{{- range .Matches}}
-"{{.Artifact.Name}}","{{.Artifact.Version}}","{{.Vulnerability.ID}}","{{.Vulnerability.Severity}}"
-{{- end}}
-```
-
-Which would produce output formatted with comma-separated values:
+There are several example templates in the [templates](https://github.com/anchore/grype/tree/main/templates) directory in the Grype source which can serve a starting point for a custom output format. For example, [csv.tmpl](https://github.com/anchore/grype/blob/main/templates/csv.tmpl) produces a vulnerability report in CSV (comma separated value) format:
 
 ```text
 "Package","Version Installed","Vulnerability ID","Severity"
@@ -290,6 +279,8 @@ Which would produce output formatted with comma-separated values:
 ...
 ```
 
+You can also find the template for the default "table" output format in the same place.
+
 Grype also includes a vast array of utility templating functions from [sprig](http://masterminds.github.io/sprig/) apart from the default golang [text/template](https://pkg.go.dev/text/template#hdr-Functions) to allow users to customize the output from Grype.
 
 ### Gating on severity of vulnerabilities