chore: Switch github.com/liamg dependencies to github.com/aquasecurity (#3069)

examples/misconf/go-testing/go.sum

@@ -694,9 +694,6 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/liamg/clinch v1.5.6/go.mod h1:IXM+nLBuZ5sOQAYYf9+G51nkaA0WY9cszxE5nPXexhE=
-github.com/liamg/tml v0.3.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E=
-github.com/liamg/tml v0.4.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=

examples/module/spring4shell/spring4shell.go

@@ -138,88 +138,90 @@ func (Spring4Shell) PostScanSpec() serialize.PostScanSpec {
 //
 // Example input:
 // [
-//  {
+//
-//    "Target": "",
+//	{
-//    "Class": "custom",
+//	  "Target": "",
-//    "CustomResources": [
+//	  "Class": "custom",
-//      {
+//	  "CustomResources": [
-//        "Type": "spring4shell/java-major-version",
+//	    {
-//        "FilePath": "/usr/local/openjdk-8/release",
+//	      "Type": "spring4shell/java-major-version",
-//        "Layer": {
+//	      "FilePath": "/usr/local/openjdk-8/release",
-//          "Digest": "sha256:d7b564a873af313eb2dbcb1ed0d393c57543e3666bdedcbe5d75841d72b1f791",
+//	      "Layer": {
-//          "DiffID": "sha256:ba40706eccba610401e4942e29f50bdf36807f8638942ce20805b359ae3ac1c1"
+//	        "Digest": "sha256:d7b564a873af313eb2dbcb1ed0d393c57543e3666bdedcbe5d75841d72b1f791",
-//        },
+//	        "DiffID": "sha256:ba40706eccba610401e4942e29f50bdf36807f8638942ce20805b359ae3ac1c1"
-//        "Data": "1.8.0_322"
+//	      },
-//      },
+//	      "Data": "1.8.0_322"
-//      {
+//	    },
-//        "Type": "spring4shell/tomcat-version",
+//	    {
-//        "FilePath": "/usr/local/tomcat/RELEASE-NOTES",
+//	      "Type": "spring4shell/tomcat-version",
-//        "Layer": {
+//	      "FilePath": "/usr/local/tomcat/RELEASE-NOTES",
-//          "Digest": "sha256:59c0978ccb117247fd40d936973c40df89195f60466118c5acc6a55f8ba29f06",
+//	      "Layer": {
-//          "DiffID": "sha256:85595543df2b1115a18284a8ef62d0b235c4bc29e3d33b55f89b54ee1eadf4c6"
+//	        "Digest": "sha256:59c0978ccb117247fd40d936973c40df89195f60466118c5acc6a55f8ba29f06",
-//        },
+//	        "DiffID": "sha256:85595543df2b1115a18284a8ef62d0b235c4bc29e3d33b55f89b54ee1eadf4c6"
-//        "Data": "8.5.77"
+//	      },
-//      }
+//	      "Data": "8.5.77"
-//    ]
+//	    }
-//  },
+//	  ]
-//  {
+//	},
-//    "Target": "Java",
+//	{
-//    "Class": "lang-pkgs",
+//	  "Target": "Java",
-//    "Type": "jar",
+//	  "Class": "lang-pkgs",
-//    "Vulnerabilities": [
+//	  "Type": "jar",
-//      {
+//	  "Vulnerabilities": [
-//        "VulnerabilityID": "CVE-2022-22965",
+//	    {
-//        "PkgName": "org.springframework.boot:spring-boot",
+//	      "VulnerabilityID": "CVE-2022-22965",
-//        "PkgPath": "usr/local/tomcat/webapps/helloworld.war",
+//	      "PkgName": "org.springframework.boot:spring-boot",
-//        "InstalledVersion": "2.6.3",
+//	      "PkgPath": "usr/local/tomcat/webapps/helloworld.war",
-//        "FixedVersion": "2.5.12, 2.6.6",
+//	      "InstalledVersion": "2.6.3",
-//        "Layer": {
+//	      "FixedVersion": "2.5.12, 2.6.6",
-//          "Digest": "sha256:cc44af318e91e6f9f9bf73793fa4f0639487613f46aa1f819b02b6e8fb5c6c07",
+//	      "Layer": {
-//          "DiffID": "sha256:eb769943b91f10a0418f2fc3b4a4fde6c6293be60c37293fcc0fa319edaf27a5"
+//	        "Digest": "sha256:cc44af318e91e6f9f9bf73793fa4f0639487613f46aa1f819b02b6e8fb5c6c07",
-//        },
+//	        "DiffID": "sha256:eb769943b91f10a0418f2fc3b4a4fde6c6293be60c37293fcc0fa319edaf27a5"
-//        "SeveritySource": "nvd",
+//	      },
-//        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22965",
+//	      "SeveritySource": "nvd",
-//        "DataSource": {
+//	      "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22965",
-//          "ID": "glad",
+//	      "DataSource": {
-//          "Name": "GitLab Advisory Database Community",
+//	        "ID": "glad",
-//          "URL": "https://gitlab.com/gitlab-org/advisories-community"
+//	        "Name": "GitLab Advisory Database Community",
-//        },
+//	        "URL": "https://gitlab.com/gitlab-org/advisories-community"
-//        "Title": "spring-framework: RCE via Data Binding on JDK 9+",
+//	      },
-//        "Description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",
+//	      "Title": "spring-framework: RCE via Data Binding on JDK 9+",
-//        "Severity": "CRITICAL",
+//	      "Description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",
-//        "CweIDs": [
+//	      "Severity": "CRITICAL",
-//          "CWE-94"
+//	      "CweIDs": [
-//        ],
+//	        "CWE-94"
-//        "VendorSeverity": {
+//	      ],
-//          "ghsa": 4,
+//	      "VendorSeverity": {
-//          "nvd": 4,
+//	        "ghsa": 4,
-//          "redhat": 3
+//	        "nvd": 4,
-//        },
+//	        "redhat": 3
-//        "CVSS": {
+//	      },
-//          "ghsa": {
+//	      "CVSS": {
-//            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+//	        "ghsa": {
-//            "V3Score": 9.8
+//	          "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
-//          },
+//	          "V3Score": 9.8
-//          "nvd": {
+//	        },
-//            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+//	        "nvd": {
-//            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+//	          "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
-//            "V2Score": 7.5,
+//	          "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
-//            "V3Score": 9.8
+//	          "V2Score": 7.5,
-//          },
+//	          "V3Score": 9.8
-//          "redhat": {
+//	        },
-//            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+//	        "redhat": {
-//            "V3Score": 8.1
+//	          "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
-//          }
+//	          "V3Score": 8.1
-//        },
+//	        }
-//        "References": [
+//	      },
-//          "https://github.com/advisories/GHSA-36p3-wjmg-h94x"
+//	      "References": [
-//        ],
+//	        "https://github.com/advisories/GHSA-36p3-wjmg-h94x"
-//        "PublishedDate": "2022-04-01T23:15:00Z",
+//	      ],
-//        "LastModifiedDate": "2022-05-19T14:21:00Z"
+//	      "PublishedDate": "2022-04-01T23:15:00Z",
-//      }
+//	      "LastModifiedDate": "2022-05-19T14:21:00Z"
-//    ]
+//	    }
-//  }
+//	  ]
-//]
+//	}
+//
+// ]
 func (Spring4Shell) PostScan(results serialize.Results) (serialize.Results, error) {
 	var javaMajorVersion int
 	var tomcatVersion string

go.mod

@@ -14,8 +14,11 @@ require (
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492
+	github.com/aquasecurity/loading v0.0.5
+	github.com/aquasecurity/memoryfs v1.4.4
 	github.com/aquasecurity/table v1.8.0
 	github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516
+	github.com/aquasecurity/tml v0.6.1
 	github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63
 	github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20221021174315-8d74450b4506
 	github.com/aws/aws-sdk-go v1.44.114
@@ -45,9 +48,6 @@ require (
 	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
 	github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075
 	github.com/kylelemons/godebug v1.1.0
-	github.com/liamg/loading v0.0.4
-	github.com/liamg/memoryfs v1.4.3
-	github.com/liamg/tml v0.6.0
 	github.com/mailru/easyjson v0.7.7
 	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08
 	github.com/mitchellh/hashstructure/v2 v2.0.2
@@ -135,6 +135,9 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
 	github.com/googleapis/go-type-adapters v1.0.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/liamg/iamgo v0.0.9 // indirect
+	github.com/liamg/jfather v0.0.7 // indirect
+	github.com/liamg/memoryfs v1.4.3 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
@@ -260,8 +263,6 @@ require (
 	github.com/knqyf263/nested v0.0.1
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/liamg/iamgo v0.0.9 // indirect
-	github.com/liamg/jfather v0.0.7 // indirect
 	github.com/lib/pq v1.10.6 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.6 // indirect

go.sum

@@ -206,10 +206,16 @@ github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46/go.
 github.com/aquasecurity/go-version v0.0.0-20201107203531-5e48ac5d022a/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
 github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 h1:rcEG5HI490FF0a7zuvxOxen52ddygCfNVjP0XOCMl+M=
 github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
+github.com/aquasecurity/loading v0.0.5 h1:2iq02sPSSMU+ULFPmk0v0lXnK/eZ2e0dRAj/Dl5TvuM=
+github.com/aquasecurity/loading v0.0.5/go.mod h1:NSHeeq1JTDTFuXAe87q4yQ2DX57pXiaQMqq8Zm9HCJA=
+github.com/aquasecurity/memoryfs v1.4.4 h1:HdkShi6jjKZLAgQ+6/CXXDB/zwH2hAMp2oklo9w5t7A=
+github.com/aquasecurity/memoryfs v1.4.4/go.mod h1:kLxvGxhdyG0zmlFUJB6VAkLn4WRPOycLW/UYO6dspao=
 github.com/aquasecurity/table v1.8.0 h1:9ntpSwrUfjrM6/YviArlx/ZBGd6ix8W+MtojQcM7tv0=
 github.com/aquasecurity/table v1.8.0/go.mod h1:eqOmvjjB7AhXFgFqpJUEE/ietg7RrMSJZXyTN8E/wZw=
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbpLo5dxHQCyEhqzizsDSNrNhn/7uRTCZzo4A1o=
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
+github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
+github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
 github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63 h1:hgGD7zqlNe6sWJZPFFv1Z6T1EuYW8XD/hqx/dxjNp3Q=
 github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63/go.mod h1:/nULgnDeq/JMPMVwE1dmf4kWlYn++7VrM3O2naj4BHA=
 github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20221021174315-8d74450b4506 h1:maijOWmI5Ec/R7V0wpXoqvQC7fTjQD+PbDktKIK1VXs=
@@ -1106,12 +1112,8 @@ github.com/liamg/iamgo v0.0.9 h1:tADGm3xVotyRJmuKKaH4+zsBn7LOcvgdpuF3WsSKW3c=
 github.com/liamg/iamgo v0.0.9/go.mod h1:Kk6ZxBF/GQqG9nnaUjIi6jf+WXNpeOTyhwc6gnguaZQ=
 github.com/liamg/jfather v0.0.7 h1:Xf78zS263yfT+xr2VSo6+kyAy4ROlCacRqJG7s5jt4k=
 github.com/liamg/jfather v0.0.7/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM=
-github.com/liamg/loading v0.0.4 h1:i3+8cxqCbwVnz6RLqRZG4zHPKnY31T6NfM0h48mucvg=
-github.com/liamg/loading v0.0.4/go.mod h1:MpUOigKhyrByiW/te5JtMB9/f2MbZ4ZDk4wjorOwlpI=
 github.com/liamg/memoryfs v1.4.3 h1:+ChjcuPRYpjJSulD13PXDNR3JeJ5HUYKjLHyWVK0bqU=
 github.com/liamg/memoryfs v1.4.3/go.mod h1:z7mfqXFQS8eSeBBsFjYLlxYRMRyiPktytvYCYTb3BSk=
-github.com/liamg/tml v0.6.0 h1:yOC/Q9p9Io3J11U9LdYVIwpRTnTE1GPMNFLrygkmE2Y=
-github.com/liamg/tml v0.6.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs=

pkg/cloud/aws/commands/run_test.go

@@ -3,14 +3,16 @@ package commands
 import (
 	"bytes"
 	"context"
-	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
-	"github.com/aquasecurity/trivy/pkg/flag"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/flag"
 )
 
 func Test_Run(t *testing.T) {

pkg/cloud/aws/scanner/progress.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/liamg/loading/pkg/bar"
+	"github.com/aquasecurity/loading/pkg/bar"
 )
 
 type progressTracker struct {

pkg/cloud/report/report.go

@@ -8,7 +8,7 @@ import (
 
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 
-	"github.com/liamg/tml"
+	"github.com/aquasecurity/tml"
 
 	"github.com/aquasecurity/trivy/pkg/flag"
 

pkg/cloud/report/resource.go

@@ -6,7 +6,7 @@ import (
 	"sort"
 	"strconv"
 
-	"github.com/liamg/tml"
+	"github.com/aquasecurity/tml"
 
 	"golang.org/x/term"
 

pkg/cloud/report/result.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/liamg/tml"
+	"github.com/aquasecurity/tml"
 
 	renderer "github.com/aquasecurity/trivy/pkg/report/table"
 

pkg/cloud/report/service.go

@@ -7,7 +7,7 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/liamg/tml"
+	"github.com/aquasecurity/tml"
 
 	"github.com/aquasecurity/table"
 	pkgReport "github.com/aquasecurity/trivy/pkg/report/table"

pkg/commands/artifact/wire_gen.go

@@ -8,6 +8,7 @@ package artifact
 
 import (
 	"context"
+
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg"
 	"github.com/aquasecurity/trivy/pkg/fanal/applier"

pkg/detector/ospkg/redhat/redhat_test.go

@@ -8,6 +8,8 @@ import (
 	"github.com/stretchr/testify/require"
 	fake "k8s.io/utils/clock/testing"
 
+	"github.com/stretchr/testify/assert"
+
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 	"github.com/aquasecurity/trivy/pkg/dbtest"
@@ -15,7 +17,6 @@ import (
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/types"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestMain(m *testing.M) {

pkg/fanal/analyzer/language/c/conan/conan_test.go

@@ -6,10 +6,11 @@ import (
 	"sort"
 	"testing"
 
-	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
-	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 func Test_conanLockAnalyzer_Analyze(t *testing.T) {

pkg/fanal/analyzer/language/java/gradle/lockfile_test.go

@@ -5,10 +5,11 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
-	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 func Test_gradleLockAnalyzer_Analyze(t *testing.T) {

pkg/fanal/analyzer/language/nodejs/npm/npm_test.go

@@ -7,10 +7,11 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
-	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 func Test_npmLibraryAnalyzer_Analyze(t *testing.T) {

pkg/fanal/cache/mock_cache.go

@@ -3,8 +3,9 @@
 package cache
 
 import (
-	types "github.com/aquasecurity/trivy/pkg/fanal/types"
 	mock "github.com/stretchr/testify/mock"
+
+	types "github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 // MockCache is an autogenerated mock type for the Cache type

pkg/fanal/handler/misconf/misconf.go

@@ -11,10 +11,11 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/liamg/memoryfs"
 	"github.com/samber/lo"
 	"golang.org/x/xerrors"
 
+	"github.com/aquasecurity/memoryfs"
+
 	"github.com/aquasecurity/defsec/pkg/scanners/azure/arm"
 
 	"github.com/aquasecurity/defsec/pkg/detection"

pkg/fanal/handler/misconf/misconf_test.go

@@ -5,11 +5,12 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func Test_Handle(t *testing.T) {

pkg/fanal/test/integration/library_test.go

@@ -15,12 +15,13 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	dtypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
+
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all"
 	"github.com/aquasecurity/trivy/pkg/fanal/applier"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"

pkg/flag/options_test.go

@@ -4,9 +4,10 @@ import (
 	"os"
 	"testing"
 
-	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
+
+	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 func Test_getStringSlice(t *testing.T) {

pkg/flag/scan_flags_test.go

@@ -3,11 +3,12 @@ package flag_test
 import (
 	"testing"
 
-	"github.com/aquasecurity/trivy/pkg/flag"
-	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/trivy/pkg/flag"
+	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 func TestScanFlagGroup_ToOptions(t *testing.T) {

pkg/licensing/scanner_test.go

@@ -5,8 +5,9 @@ import (
 
 	"github.com/aquasecurity/trivy/pkg/licensing"
 
-	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/stretchr/testify/assert"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 func TestScanner_Scan(t *testing.T) {

pkg/module/module.go

@@ -9,7 +9,6 @@ import (
 	"path/filepath"
 	"regexp"
 
-	"github.com/liamg/memoryfs"
 	"github.com/mailru/easyjson"
 	"github.com/samber/lo"
 	"github.com/tetratelabs/wazero"
@@ -19,6 +18,8 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
+	"github.com/aquasecurity/memoryfs"
+
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/log"
 	tapi "github.com/aquasecurity/trivy/pkg/module/api"

pkg/module/serialize/types_easyjson.go

@@ -4,13 +4,15 @@ package serialize
 
 import (
 	json "encoding/json"
-	types2 "github.com/aquasecurity/trivy-db/pkg/types"
+	time "time"
-	types1 "github.com/aquasecurity/trivy/pkg/fanal/types"
+
-	types "github.com/aquasecurity/trivy/pkg/types"
 	easyjson "github.com/mailru/easyjson"
 	jlexer "github.com/mailru/easyjson/jlexer"
 	jwriter "github.com/mailru/easyjson/jwriter"
-	time "time"
+
+	types2 "github.com/aquasecurity/trivy-db/pkg/types"
+	types1 "github.com/aquasecurity/trivy/pkg/fanal/types"
+	types "github.com/aquasecurity/trivy/pkg/types"
 )
 
 // suppress unused package warning

pkg/oci/artifact_test.go

@@ -7,14 +7,15 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/aquasecurity/trivy/pkg/oci"
-	"github.com/aquasecurity/trivy/pkg/utils"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	fakei "github.com/google/go-containerregistry/pkg/v1/fake"
 	"github.com/google/go-containerregistry/pkg/v1/tarball"
 	"github.com/google/go-containerregistry/pkg/v1/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/trivy/pkg/oci"
+	"github.com/aquasecurity/trivy/pkg/utils"
 )
 
 type fakeLayer struct {

pkg/report/predicate/vuln_test.go

@@ -6,9 +6,10 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/require"
+
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
-	"github.com/stretchr/testify/require"
 
 	"github.com/aquasecurity/trivy/pkg/clock"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"

pkg/report/table/licensing.go

@@ -15,7 +15,8 @@ import (
 	"github.com/aquasecurity/trivy/pkg/types"
 
 	"github.com/fatih/color"
-	"github.com/liamg/tml"
+
+	"github.com/aquasecurity/tml"
 )
 
 type pkgLicenseRenderer struct {

pkg/report/table/misconfig.go

@@ -9,9 +9,10 @@ import (
 
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 
-	"github.com/liamg/tml"
 	"golang.org/x/crypto/ssh/terminal"
 
+	"github.com/aquasecurity/tml"
+
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 

pkg/report/table/secret.go

@@ -5,9 +5,10 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/liamg/tml"
 	"golang.org/x/crypto/ssh/terminal"
 
+	"github.com/aquasecurity/tml"
+
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )

pkg/report/table/table.go

@@ -8,9 +8,10 @@ import (
 	"sync"
 
 	"github.com/fatih/color"
-	"github.com/liamg/tml"
 	"golang.org/x/exp/slices"
 
+	"github.com/aquasecurity/tml"
+
 	"github.com/aquasecurity/table"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/types"

pkg/report/table/vulnerability.go

@@ -8,10 +8,11 @@ import (
 	"sync"
 
 	"github.com/fatih/color"
-	"github.com/liamg/tml"
 	"github.com/samber/lo"
 	"github.com/xlab/treeprint"
 
+	"github.com/aquasecurity/tml"
+
 	"github.com/aquasecurity/table"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"

pkg/result/filter_test.go

@@ -4,10 +4,11 @@ import (
 	"context"
 	"testing"
 
-	"github.com/aquasecurity/trivy/pkg/result"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/aquasecurity/trivy/pkg/result"
+
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/types"

pkg/rpc/server/inject.go

@@ -4,8 +4,9 @@
 package server
 
 import (
-	"github.com/aquasecurity/trivy/pkg/fanal/cache"
 	"github.com/google/wire"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/cache"
 )
 
 func initializeScanServer(localArtifactCache cache.Cache) *ScanServer {

pkg/scanner/local/mock_applier.go

@@ -3,8 +3,9 @@
 package local
 
 import (
-	types "github.com/aquasecurity/trivy/pkg/fanal/types"
 	mock "github.com/stretchr/testify/mock"
+
+	types "github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
 // MockApplier is an autogenerated mock type for the Applier type

pkg/scanner/mock_driver.go

@@ -5,9 +5,10 @@ package scanner
 import (
 	"context"
 
-	fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	mock "github.com/stretchr/testify/mock"
 
+	fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types"
+
 	types "github.com/aquasecurity/trivy/pkg/types"
 )
 

pkg/scanner/post/post_scan_test.go

@@ -9,9 +9,10 @@ import (
 
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 
-	"github.com/aquasecurity/trivy/pkg/scanner/post"
 	"github.com/stretchr/testify/require"
 
+	"github.com/aquasecurity/trivy/pkg/scanner/post"
+
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 

pkg/vulnerability/vulnerability_test.go

@@ -3,6 +3,8 @@ package vulnerability_test
 import (
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/utils"
@@ -10,7 +12,6 @@ import (
 	"github.com/aquasecurity/trivy/pkg/dbtest"
 	"github.com/aquasecurity/trivy/pkg/types"
 	vuln "github.com/aquasecurity/trivy/pkg/vulnerability"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestClient_FillInfo(t *testing.T) {

rpc/cache/service.pb.go

@@ -7,13 +7,15 @@
 package cache
 
 import (
-	common "github.com/aquasecurity/trivy/rpc/common"
+	reflect "reflect"
+	sync "sync"
+
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	emptypb "google.golang.org/protobuf/types/known/emptypb"
 	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
-	reflect "reflect"
+
-	sync "sync"
+	common "github.com/aquasecurity/trivy/rpc/common"
 )
 
 const (

rpc/cache/service.twirp.go

@@ -3,26 +3,40 @@
 
 package cache
 
-import context "context"
+import (
-import fmt "fmt"
+	context "context"
-import http "net/http"
+	fmt "fmt"
-import ioutil "io/ioutil"
-import json "encoding/json"
-import strconv "strconv"
-import strings "strings"
 
-import protojson "google.golang.org/protobuf/encoding/protojson"
+	http "net/http"
-import proto "google.golang.org/protobuf/proto"
-import twirp "github.com/twitchtv/twirp"
-import ctxsetters "github.com/twitchtv/twirp/ctxsetters"
 
-import google_protobuf2 "google.golang.org/protobuf/types/known/emptypb"
+	ioutil "io/ioutil"
 
-import bytes "bytes"
+	json "encoding/json"
-import errors "errors"
+
-import io "io"
+	strconv "strconv"
-import path "path"
+
-import url "net/url"
+	strings "strings"
+
+	protojson "google.golang.org/protobuf/encoding/protojson"
+
+	proto "google.golang.org/protobuf/proto"
+
+	twirp "github.com/twitchtv/twirp"
+
+	ctxsetters "github.com/twitchtv/twirp/ctxsetters"
+
+	google_protobuf2 "google.golang.org/protobuf/types/known/emptypb"
+
+	bytes "bytes"
+
+	errors "errors"
+
+	io "io"
+
+	path "path"
+
+	url "net/url"
+)
 
 // Version compatibility assertion.
 // If the constant is not defined in the package, that likely means

rpc/common/service.pb.go

@@ -7,12 +7,13 @@
 package common
 
 import (
+	reflect "reflect"
+	sync "sync"
+
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	structpb "google.golang.org/protobuf/types/known/structpb"
 	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
-	reflect "reflect"
-	sync "sync"
 )
 
 const (

rpc/scanner/service.pb.go

@@ -7,11 +7,13 @@
 package scanner
 
 import (
-	common "github.com/aquasecurity/trivy/rpc/common"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
 	sync "sync"
+
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+
+	common "github.com/aquasecurity/trivy/rpc/common"
 )
 
 const (

rpc/scanner/service.twirp.go

@@ -3,24 +3,38 @@
 
 package scanner
 
-import context "context"
+import (
-import fmt "fmt"
+	context "context"
-import http "net/http"
+	fmt "fmt"
-import ioutil "io/ioutil"
-import json "encoding/json"
-import strconv "strconv"
-import strings "strings"
 
-import protojson "google.golang.org/protobuf/encoding/protojson"
+	http "net/http"
-import proto "google.golang.org/protobuf/proto"
-import twirp "github.com/twitchtv/twirp"
-import ctxsetters "github.com/twitchtv/twirp/ctxsetters"
 
-import bytes "bytes"
+	ioutil "io/ioutil"
-import errors "errors"
+
-import io "io"
+	json "encoding/json"
-import path "path"
+
-import url "net/url"
+	strconv "strconv"
+
+	strings "strings"
+
+	protojson "google.golang.org/protobuf/encoding/protojson"
+
+	proto "google.golang.org/protobuf/proto"
+
+	twirp "github.com/twitchtv/twirp"
+
+	ctxsetters "github.com/twitchtv/twirp/ctxsetters"
+
+	bytes "bytes"
+
+	errors "errors"
+
+	io "io"
+
+	path "path"
+
+	url "net/url"
+)
 
 // Version compatibility assertion.
 // If the constant is not defined in the package, that likely means