Because the general set of sprig functions can used to access
environment variables, explicitly warn users never to run untrusted
templates.
---------
Signed-off-by: James Neate <[email protected]>
Signed-off-by: Will Murphy <[email protected]>
Co-authored-by: Will Murphy <[email protected]>
**Example:** You could make Grype output data in CSV format by writing a Go template that renders CSV data and then running `grype <image> -o template -t ~/path/to/csv.tmpl`.
271
271
272
+
**Please note:** Templates can access information about the system they are running on, such as environment variables. You should never run untrusted templates.