Well simply speaking the govulncheck tool has adopted the OSV format which is relatively new and for quite some time, SARIF format has become the defacto standard for Security aggregators. Hence I decided to use the Go's vulncheck library to get the vulnerabilities and convert them into the SARIF format. This tool is mostly for educational purposes, as I wanted to learn about the hurdles tool adopters might have when thinking about supporting SARIF outputs.