BREAKING CHANGE: deprecate sarif.tpl

[knqyf263]

Description

Trivy v0.22.0 and below provids sarif.tpl to generate the SARIF file.
https://aquasecurity.github.io/trivy/v0.22.0/vulnerability/examples/report/#sarif

Trivy v0.23.0 will migrate the template to Go code. The SARIF report can be generated by the --format sarif option.

$ trivy image --format sarif -o report.sarif  alpine:3.14

The current option --template @contrib/sarif.tpl still works with a warning for backward compatibility, but it will be removed. Please switch to --report sarif.

$ trivy image --format template --template "@contrib/sarif.tpl" -o report.sarif alpine:3.14
...
2022-01-12T00:35:42.444+0200    WARN    Using `--template sarif.tpl` is deprecated. Please migrate to `--report sarif`. See https://github.com/aquasecurity/trivy/discussions/1571

Summary

Please migrate from

--format template --template "@contrib/sarif.tpl"

to

--format sarif