fix: octalLiteral from go-critic (#8811)

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
2025-12-12 07:40:48 -08:00 · 2025-05-05 15:49:07 +02:00
parent fa1077bbf5
commit a19e0aa1ba
35 changed files with 102 additions and 117 deletions
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -25,16 +25,15 @@ linters:
    gocritic:
      disabled-checks:
        - appendAssign
-        - unnamedResult
-        - whyNoLint
+        - commentedOutCode
+        - hugeParam
        - importShadow # FIXME
        - indexAlloc
-        - octalLiteral
-        - hugeParam
        - rangeValCopy
        - regexpSimplify
        - sloppyReassign
-        - commentedOutCode
+        - unnamedResult
+        - whyNoLint
      enabled-tags:
        - diagnostic
        - style
--- a/integration/standalone_tar_test.go
+++ b/integration/standalone_tar_test.go
@@ -588,7 +588,7 @@ cache:
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			configPath := filepath.Join(t.TempDir(), "trivy.yaml")
-			err := os.WriteFile(configPath, []byte(tt.configFile), 0600)
+			err := os.WriteFile(configPath, []byte(tt.configFile), 0o600)
 			require.NoError(t, err)

 			osArgs := []string{
--- a/internal/dbtest/db.go
+++ b/internal/dbtest/db.go
@@ -21,7 +21,7 @@ func InitDB(t *testing.T, fixtureFiles []string) string {

 	dbDir := db.Dir(cacheDir)
 	dbPath := trivydb.Path(dbDir)
-	err := os.MkdirAll(dbDir, 0700)
+	err := os.MkdirAll(dbDir, 0o700)
 	require.NoError(t, err)

 	// Load testdata into BoltDB
--- a/internal/testutil/fs.go
+++ b/internal/testutil/fs.go
@@ -65,7 +65,7 @@ func MustReadYAML(t *testing.T, path string, out any) {
 }

 func MustMkdirAll(t *testing.T, dir string) {
-	err := os.MkdirAll(dir, 0750)
+	err := os.MkdirAll(dir, 0o750)
 	require.NoError(t, err)
 }

@@ -87,6 +87,6 @@ func MustWriteFile(t *testing.T, filePath string, content []byte) {
 	dir := filepath.Dir(filePath)
 	MustMkdirAll(t, dir)

-	err := os.WriteFile(filePath, content, 0600)
+	err := os.WriteFile(filePath, content, 0o600)
 	require.NoError(t, err)
 }
--- a/magefiles/fixture.go
+++ b/magefiles/fixture.go
@@ -23,7 +23,7 @@ var auth = crane.WithAuthFromKeychain(authn.NewMultiKeychain(authn.DefaultKeycha
 func fixtureContainerImages() error {
 	var testImages = testutil.ImageName("", "", "")

-	if err := os.MkdirAll(dir, 0750); err != nil {
+	if err := os.MkdirAll(dir, 0o750); err != nil {
 		return err
 	}
 	tags, err := crane.ListTags(testImages, auth)
@@ -71,7 +71,7 @@ func fixtureVMImages() error {
 		titleAnnotation = "org.opencontainers.image.title"
 		dir             = "integration/testdata/fixtures/vm-images/"
 	)
-	if err := os.MkdirAll(dir, 0750); err != nil {
+	if err := os.MkdirAll(dir, 0o750); err != nil {
 		return err
 	}
 	tags, err := crane.ListTags(testVMImages, auth)
--- a/magefiles/helm_test.go
+++ b/magefiles/helm_test.go
@@ -78,7 +78,7 @@ keywords:
  - trivy
  - vulnerability
 `
-	err = os.WriteFile(tempFile.Name(), []byte(content), 0644)
+	err = os.WriteFile(tempFile.Name(), []byte(content), 0o644)
 	assert.NoError(t, err)

 	newVersion, err := bumpHelmChart(tempFile.Name(), "0.55.1")
--- a/magefiles/schema.go
+++ b/magefiles/schema.go
@@ -45,7 +45,7 @@ func GenSchema() error {
 	if err != nil {
 		return err
 	}
-	if err := os.WriteFile(schemaPath, data, 0600); err != nil {
+	if err := os.WriteFile(schemaPath, data, 0o600); err != nil {
 		return err
 	}
 	return nil
--- a/pkg/cache/fs.go
+++ b/pkg/cache/fs.go
@@ -21,11 +21,11 @@ type FSCache struct {

 func NewFSCache(cacheDir string) (FSCache, error) {
 	dir := filepath.Join(cacheDir, scanCacheDirName)
-	if err := os.MkdirAll(dir, 0700); err != nil {
+	if err := os.MkdirAll(dir, 0o700); err != nil {
 		return FSCache{}, xerrors.Errorf("failed to create cache dir: %w", err)
 	}

-	db, err := bolt.Open(filepath.Join(dir, "fanal.db"), 0600, nil)
+	db, err := bolt.Open(filepath.Join(dir, "fanal.db"), 0o600, nil)
 	if err != nil {
 		return FSCache{}, xerrors.Errorf("unable to open DB: %w", err)
 	}
--- a/pkg/cache/fs_test.go
+++ b/pkg/cache/fs_test.go
@@ -20,7 +20,7 @@ func newTempDB(t *testing.T, dbPath string) (string, error) {
 	dir := t.TempDir()
 	if dbPath != "" {
 		d := filepath.Join(dir, "fanal")
-		if err := os.MkdirAll(d, 0700); err != nil {
+		if err := os.MkdirAll(d, 0o700); err != nil {
 			return "", err
 		}

--- a/pkg/commands/auth/run_test.go
+++ b/pkg/commands/auth/run_test.go
@@ -120,7 +120,7 @@ func TestLogout(t *testing.T) {

 	t.Run("success", func(t *testing.T) {
 		configFile := filepath.Join(tmpDir, "config.json")
-		err := os.WriteFile(configFile, []byte(`{"auths": {"auth.test": {"auth": "dXNlcjpwYXNz"}}}`), 0600)
+		err := os.WriteFile(configFile, []byte(`{"auths": {"auth.test": {"auth": "dXNlcjpwYXNz"}}}`), 0o600)
 		require.NoError(t, err)

 		err = auth.Logout(t.Context(), "auth.test")
--- a/pkg/commands/clean/run_test.go
+++ b/pkg/commands/clean/run_test.go
@@ -152,11 +152,11 @@ func createTestFiles(t *testing.T, dir string) {
 		"vex",
 	}
 	for _, subdir := range subdirs {
-		err := os.MkdirAll(filepath.Join(dir, subdir), 0755)
+		err := os.MkdirAll(filepath.Join(dir, subdir), 0o755)
 		require.NoError(t, err)

 		testFile := filepath.Join(dir, subdir, "testfile.txt")
-		err = os.WriteFile(testFile, []byte("test content"), 0644)
+		err = os.WriteFile(testFile, []byte("test content"), 0o644)
 		require.NoError(t, err)
 	}
 }
--- a/pkg/detector/ospkg/alpine/alpine.go
+++ b/pkg/detector/ospkg/alpine/alpine.go
@@ -17,41 +17,39 @@ import (
 	"github.com/aquasecurity/trivy/pkg/types"
 )

-var (
-	eolDates = map[string]time.Time{
-		"2.0":  time.Date(2012, 4, 1, 23, 59, 59, 0, time.UTC),
-		"2.1":  time.Date(2012, 11, 1, 23, 59, 59, 0, time.UTC),
-		"2.2":  time.Date(2013, 5, 1, 23, 59, 59, 0, time.UTC),
-		"2.3":  time.Date(2013, 11, 1, 23, 59, 59, 0, time.UTC),
-		"2.4":  time.Date(2014, 5, 1, 23, 59, 59, 0, time.UTC),
-		"2.5":  time.Date(2014, 11, 1, 23, 59, 59, 0, time.UTC),
-		"2.6":  time.Date(2015, 5, 1, 23, 59, 59, 0, time.UTC),
-		"2.7":  time.Date(2015, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.0":  time.Date(2016, 5, 1, 23, 59, 59, 0, time.UTC),
-		"3.1":  time.Date(2016, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.2":  time.Date(2017, 5, 1, 23, 59, 59, 0, time.UTC),
-		"3.3":  time.Date(2017, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.4":  time.Date(2018, 5, 1, 23, 59, 59, 0, time.UTC),
-		"3.5":  time.Date(2018, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.6":  time.Date(2019, 5, 1, 23, 59, 59, 0, time.UTC),
-		"3.7":  time.Date(2019, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.8":  time.Date(2020, 5, 1, 23, 59, 59, 0, time.UTC),
-		"3.9":  time.Date(2020, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.10": time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC),
-		"3.11": time.Date(2021, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.12": time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC),
-		"3.13": time.Date(2022, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.14": time.Date(2023, 5, 1, 23, 59, 59, 0, time.UTC),
-		"3.15": time.Date(2023, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.16": time.Date(2024, 5, 23, 23, 59, 59, 0, time.UTC),
-		"3.17": time.Date(2024, 11, 22, 23, 59, 59, 0, time.UTC),
-		"3.18": time.Date(2025, 5, 9, 23, 59, 59, 0, time.UTC),
-		"3.19": time.Date(2025, 11, 1, 23, 59, 59, 0, time.UTC),
-		"3.20": time.Date(2026, 04, 1, 23, 59, 59, 0, time.UTC),
-		"3.21": time.Date(2026, 12, 5, 23, 59, 59, 0, time.UTC),
-		"edge": time.Date(9999, 1, 1, 0, 0, 0, 0, time.UTC),
-	}
-)
+var eolDates = map[string]time.Time{
+	"2.0":  time.Date(2012, 4, 1, 23, 59, 59, 0, time.UTC),
+	"2.1":  time.Date(2012, 11, 1, 23, 59, 59, 0, time.UTC),
+	"2.2":  time.Date(2013, 5, 1, 23, 59, 59, 0, time.UTC),
+	"2.3":  time.Date(2013, 11, 1, 23, 59, 59, 0, time.UTC),
+	"2.4":  time.Date(2014, 5, 1, 23, 59, 59, 0, time.UTC),
+	"2.5":  time.Date(2014, 11, 1, 23, 59, 59, 0, time.UTC),
+	"2.6":  time.Date(2015, 5, 1, 23, 59, 59, 0, time.UTC),
+	"2.7":  time.Date(2015, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.0":  time.Date(2016, 5, 1, 23, 59, 59, 0, time.UTC),
+	"3.1":  time.Date(2016, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.2":  time.Date(2017, 5, 1, 23, 59, 59, 0, time.UTC),
+	"3.3":  time.Date(2017, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.4":  time.Date(2018, 5, 1, 23, 59, 59, 0, time.UTC),
+	"3.5":  time.Date(2018, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.6":  time.Date(2019, 5, 1, 23, 59, 59, 0, time.UTC),
+	"3.7":  time.Date(2019, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.8":  time.Date(2020, 5, 1, 23, 59, 59, 0, time.UTC),
+	"3.9":  time.Date(2020, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.10": time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC),
+	"3.11": time.Date(2021, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.12": time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC),
+	"3.13": time.Date(2022, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.14": time.Date(2023, 5, 1, 23, 59, 59, 0, time.UTC),
+	"3.15": time.Date(2023, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.16": time.Date(2024, 5, 23, 23, 59, 59, 0, time.UTC),
+	"3.17": time.Date(2024, 11, 22, 23, 59, 59, 0, time.UTC),
+	"3.18": time.Date(2025, 5, 9, 23, 59, 59, 0, time.UTC),
+	"3.19": time.Date(2025, 11, 1, 23, 59, 59, 0, time.UTC),
+	"3.20": time.Date(2026, 4, 1, 23, 59, 59, 0, time.UTC),
+	"3.21": time.Date(2026, 12, 5, 23, 59, 59, 0, time.UTC),
+	"edge": time.Date(9999, 1, 1, 0, 0, 0, 0, time.UTC),
+}

 // Scanner implements the Alpine scanner
 type Scanner struct {
--- a/pkg/fanal/analyzer/analyzer_test.go
+++ b/pkg/fanal/analyzer/analyzer_test.go
@@ -534,9 +534,9 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) {
 					if tt.args.testFilePath == "testdata/error" {
 						return nil, xerrors.New("error")
 					} else if tt.args.testFilePath == "testdata/no-permission" {
-						os.Chmod(tt.args.testFilePath, 0000)
+						os.Chmod(tt.args.testFilePath, 0o000)
 						t.Cleanup(func() {
-							os.Chmod(tt.args.testFilePath, 0644)
+							os.Chmod(tt.args.testFilePath, 0o644)
 						})
 					}
 					return os.Open(tt.args.testFilePath)
--- a/pkg/fanal/analyzer/fs.go
+++ b/pkg/fanal/analyzer/fs.go
@@ -54,7 +54,7 @@ func (c *CompositeFS) CopyFileToTemp(opener Opener, _ os.FileInfo) (string, erro
 	}

 	// Use 0600 instead of file permissions to avoid errors when a file uses incorrect permissions (e.g. 0044).
-	if err = os.Chmod(f.Name(), 0600); err != nil {
+	if err = os.Chmod(f.Name(), 0o600); err != nil {
 		return "", xerrors.Errorf("chmod error: %w", err)
 	}

--- a/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile.go
+++ b/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile.go
@@ -58,7 +58,7 @@ func (a *historyAnalyzer) Analyze(ctx context.Context, input analyzer.ConfigAnal

 	fsys := mapfs.New()
 	if err := fsys.WriteVirtualFile(
-		"Dockerfile", imageConfigToDockerfile(input.Config), 0600); err != nil {
+		"Dockerfile", imageConfigToDockerfile(input.Config), 0o600); err != nil {
 		return nil, xerrors.Errorf("mapfs write error: %w", err)
 	}

--- a/pkg/fanal/analyzer/language/golang/binary/binary_test.go
+++ b/pkg/fanal/analyzer/language/golang/binary/binary_test.go
@@ -125,5 +125,4 @@ func Test_gobinaryLibraryAnalyzer_Required(t *testing.T) {
 			assert.Equal(t, tt.want, got, fileInfo.Mode().Perm())
 		})
 	}
-
 }
--- a/pkg/fanal/analyzer/language/python/pip/pip_test.go
+++ b/pkg/fanal/analyzer/language/python/pip/pip_test.go
@@ -163,7 +163,7 @@ func Test_pipAnalyzer_Analyze(t *testing.T) {
 					pythonExecFileName = "python.exe"
 				}
 				// create temp python3 Executable
-				err = os.WriteFile(filepath.Join(tt.pythonExecDir, pythonExecFileName), nil, 0755)
+				err = os.WriteFile(filepath.Join(tt.pythonExecDir, pythonExecFileName), nil, 0o755)
 				require.NoError(t, err)

 				newPATH, err = filepath.Abs(tt.pythonExecDir)
@@ -245,7 +245,7 @@ func Test_pythonExecutablePath(t *testing.T) {
 			if runtime.GOOS == "windows" {
 				tt.execName += ".exe"
 			}
-			err = os.WriteFile(filepath.Join(binDir, tt.execName), nil, 0755)
+			err = os.WriteFile(filepath.Join(binDir, tt.execName), nil, 0o755)
 			require.NoError(t, err)

 			t.Setenv("PATH", binDir)
--- a/pkg/fanal/artifact/repo/git_test.go
+++ b/pkg/fanal/artifact/repo/git_test.go
@@ -209,7 +209,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			name:   "dirty repository",
 			rawurl: "../../../../internal/gittest/testdata/test-repo",
 			setup: func(t *testing.T, dir string, _ cache.ArtifactCache) {
-				require.NoError(t, os.WriteFile(filepath.Join(dir, "new-file.txt"), []byte("test"), 0644))
+				require.NoError(t, os.WriteFile(filepath.Join(dir, "new-file.txt"), []byte("test"), 0o644))
 				t.Cleanup(func() {
 					require.NoError(t, os.Remove(filepath.Join(dir, "new-file.txt")))
 				})
--- a/pkg/fanal/image/image_test.go
+++ b/pkg/fanal/image/image_test.go
@@ -163,16 +163,16 @@ func TestNewDockerImage(t *testing.T) {
 			wantConfigFile: &v1.ConfigFile{
 				Architecture:  "amd64",
 				Container:     "7f4a36a667d138b079b5ff059485ff65bfbb5ebc48f24a89f983b918e73f4f28",
-				Created:       v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 686519038, time.UTC)},
+				Created:       v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 686519038, time.UTC)},
 				DockerVersion: "18.06.1-ce",
 				History: []v1.History{
 					{
-						Created:    v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 551172402, time.UTC)},
+						Created:    v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 551172402, time.UTC)},
 						CreatedBy:  "/bin/sh -c #(nop) ADD file:d48cac34fac385cbc1de6adfdd88300f76f9bbe346cd17e64fd834d042a98326 in / ",
 						EmptyLayer: false,
 					},
 					{
-						Created:    v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 686519038, time.UTC)},
+						Created:    v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 686519038, time.UTC)},
 						CreatedBy:  "/bin/sh -c #(nop)  CMD [\"/bin/sh\"]",
 						Comment:    "",
 						EmptyLayer: true,
@@ -222,16 +222,16 @@ func TestNewDockerImage(t *testing.T) {
 			wantConfigFile: &v1.ConfigFile{
 				Architecture:  "amd64",
 				Container:     "7f4a36a667d138b079b5ff059485ff65bfbb5ebc48f24a89f983b918e73f4f28",
-				Created:       v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 686519038, time.UTC)},
+				Created:       v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 686519038, time.UTC)},
 				DockerVersion: "18.06.1-ce",
 				History: []v1.History{
 					{
-						Created:    v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 551172402, time.UTC)},
+						Created:    v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 551172402, time.UTC)},
 						CreatedBy:  "/bin/sh -c #(nop) ADD file:d48cac34fac385cbc1de6adfdd88300f76f9bbe346cd17e64fd834d042a98326 in / ",
 						EmptyLayer: false,
 					},
 					{
-						Created:    v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 686519038, time.UTC)},
+						Created:    v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 686519038, time.UTC)},
 						CreatedBy:  "/bin/sh -c #(nop)  CMD [\"/bin/sh\"]",
 						Comment:    "",
 						EmptyLayer: true,
--- a/pkg/fanal/utils/utils.go
+++ b/pkg/fanal/utils/utils.go
@@ -20,9 +20,7 @@ import (
 	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )

-var (
-	PathSeparator = fmt.Sprintf("%c", os.PathSeparator)
-)
+var PathSeparator = fmt.Sprintf("%c", os.PathSeparator)

 func CacheDir() string {
 	cacheDir, err := os.UserCacheDir()
@@ -59,7 +57,7 @@ func IsExecutable(fileInfo os.FileInfo) bool {
 	}

 	// Check unpackaged file
-	if mode.Perm()&0111 != 0 {
+	if mode.Perm()&0o111 != 0 {
 		return true
 	}
 	return false
--- a/pkg/iac/rego/scanner_test.go
+++ b/pkg/iac/rego/scanner_test.go
@@ -66,12 +66,12 @@ deny {
 func Test_RegoScanning_AbsolutePolicyPath_Deny(t *testing.T) {

 	tmp := t.TempDir()
-	require.NoError(t, os.Mkdir(filepath.Join(tmp, "policies"), 0755))
+	require.NoError(t, os.Mkdir(filepath.Join(tmp, "policies"), 0o755))
 	require.NoError(t, os.WriteFile(filepath.Join(tmp, "policies", "test.rego"), []byte(`package defsec.test

 deny {
    input.evil
-}`), 0600))
+}`), 0o600))

 	srcFS := os.DirFS(tmp)

--- a/pkg/iac/scanners/azure/arm/parser/parser_test.go
+++ b/pkg/iac/scanners/azure/arm/parser/parser_test.go
@@ -22,7 +22,6 @@ func createMetadata(targetFS fs.FS, filename string, start, end int, ref string,
 }

 func TestParser_Parse(t *testing.T) {
-
 	filename := "example.json"

 	targetFS := memoryfs.New()
@@ -49,7 +48,6 @@ func TestParser_Parse(t *testing.T) {
  "resources": []
 }`,
 			want: func() azure2.Deployment {
-
 				root := createMetadata(targetFS, filename, 0, 0, "", nil).WithInternal(resolver.NewResolver())
 				metadata := createMetadata(targetFS, filename, 1, 13, "", &root)
 				parametersMetadata := createMetadata(targetFS, filename, 4, 11, "parameters", &metadata)
@@ -120,7 +118,6 @@ func TestParser_Parse(t *testing.T) {
 ]
 }`,
 			want: func() azure2.Deployment {
-
 				rootMetadata := createMetadata(targetFS, filename, 0, 0, "", nil).WithInternal(resolver.NewResolver())
 				fileMetadata := createMetadata(targetFS, filename, 1, 45, "", &rootMetadata)
 				resourcesMetadata := createMetadata(targetFS, filename, 5, 44, "resources", &fileMetadata)
@@ -199,8 +196,7 @@ func TestParser_Parse(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
-			require.NoError(t, targetFS.WriteFile(filename, []byte(tt.input), 0644))
+			require.NoError(t, targetFS.WriteFile(filename, []byte(tt.input), 0o644))

 			p := New(targetFS)
 			got, err := p.ParseFS(t.Context(), ".")
@@ -221,7 +217,6 @@ func TestParser_Parse(t *testing.T) {
 }

 func Test_NestedResourceParsing(t *testing.T) {
-
 	input := `
 {
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
@@ -288,7 +283,7 @@ func Test_NestedResourceParsing(t *testing.T) {

 	targetFS := memoryfs.New()

-	require.NoError(t, targetFS.WriteFile("nested.json", []byte(input), 0644))
+	require.NoError(t, targetFS.WriteFile("nested.json", []byte(input), 0o644))

 	p := New(targetFS)
 	got, err := p.ParseFS(t.Context(), ".")
@@ -316,7 +311,7 @@ func Test_NestedResourceParsing(t *testing.T) {
 //
 // 	targetFS := memoryfs.New()
 //
-// 	require.NoError(t, targetFS.WriteFile("postgres.json", input, 0644))
+// 	require.NoError(t, targetFS.WriteFile("postgres.json", input, 0o644))
 //
 // 	p := New(targetFS, options.ParserWithDebug(os.Stderr))
 // 	got, err := p.ParseFS(context.Background(), ".")
--- a/pkg/iac/scanners/cloudformation/parser/parser_test.go
+++ b/pkg/iac/scanners/cloudformation/parser/parser_test.go
@@ -14,13 +14,12 @@ import (

 func parseFile(t *testing.T, source, name string) (FileContexts, error) {
 	tmp := t.TempDir()
-	require.NoError(t, os.WriteFile(filepath.Join(tmp, name), []byte(source), 0600))
+	require.NoError(t, os.WriteFile(filepath.Join(tmp, name), []byte(source), 0o600))
 	fs := os.DirFS(tmp)
 	return New().ParseFS(t.Context(), fs, ".")
 }

 func Test_parse_yaml(t *testing.T) {
-
 	source := `---
 Parameters:
  BucketName: 
@@ -98,7 +97,6 @@ func Test_parse_json(t *testing.T) {
 }

 func Test_parse_yaml_with_map_ref(t *testing.T) {
-
 	source := `---
 Parameters:
  BucketName: 
@@ -135,7 +133,6 @@ Resources:
 }

 func Test_parse_yaml_with_intrinsic_functions(t *testing.T) {
-
 	source := `---
 Parameters:
  BucketName: 
@@ -229,7 +226,6 @@ Resources:
 }

 func TestParse_WithParameters(t *testing.T) {
-
 	fs := testutil.CreateFS(t, map[string]string{
 		"main.yaml": `AWSTemplateFormatVersion: 2010-09-09
 Parameters:
--- a/pkg/mapfs/fs_test.go
+++ b/pkg/mapfs/fs_test.go
@@ -21,7 +21,7 @@ type fileInfo struct {
 }

 var (
-	filePerm      = lo.Ternary(runtime.GOOS == "windows", fs.FileMode(0666), fs.FileMode(0644))
+	filePerm      = lo.Ternary(runtime.GOOS == "windows", fs.FileMode(0o666), fs.FileMode(0o644))
 	helloFileInfo = fileInfo{
 		name:     "hello.txt",
 		fileMode: filePerm,
@@ -36,13 +36,13 @@ var (
 	}
 	virtualFileInfo = fileInfo{
 		name:     "virtual.txt",
-		fileMode: 0600,
+		fileMode: 0o600,
 		isDir:    false,
 		size:     7,
 	}
 	cdirFileInfo = fileInfo{
 		name:     "c",
-		fileMode: fs.FileMode(0700) | fs.ModeDir,
+		fileMode: fs.FileMode(0o700) | fs.ModeDir,
 		isDir:    true,
 		size:     256,
 	}
@@ -50,13 +50,13 @@ var (

 func initFS(t *testing.T) *mapfs.FS {
 	fsys := mapfs.New()
-	require.NoError(t, fsys.MkdirAll("a/b/c", 0700))
-	require.NoError(t, fsys.MkdirAll("a/b/empty", 0700))
+	require.NoError(t, fsys.MkdirAll("a/b/c", 0o700))
+	require.NoError(t, fsys.MkdirAll("a/b/empty", 0o700))
 	require.NoError(t, fsys.WriteFile("hello.txt", "testdata/hello.txt"))
 	require.NoError(t, fsys.WriteFile("a/b/b.txt", "testdata/b.txt"))
 	require.NoError(t, fsys.WriteFile("a/b/c/c.txt", "testdata/c.txt"))
 	require.NoError(t, fsys.WriteFile("a/b/c/.dotfile", "testdata/dotfile"))
-	require.NoError(t, fsys.WriteVirtualFile("a/b/c/virtual.txt", []byte("virtual"), 0600))
+	require.NoError(t, fsys.WriteVirtualFile("a/b/c/virtual.txt", []byte("virtual"), 0o600))
 	return fsys
 }

@@ -163,12 +163,12 @@ func TestFS_ReadDir(t *testing.T) {
 			want: []dirEntry{
 				{
 					name:     "a",
-					fileMode: fs.FileMode(0700) | fs.ModeDir,
+					fileMode: fs.FileMode(0o700) | fs.ModeDir,
 					isDir:    true,
 					size:     0x100,
 					fileInfo: fileInfo{
 						name:     "a",
-						fileMode: fs.FileMode(0700) | fs.ModeDir,
+						fileMode: fs.FileMode(0o700) | fs.ModeDir,
 						isDir:    true,
 						size:     0x100,
 					},
@@ -213,7 +213,7 @@ func TestFS_ReadDir(t *testing.T) {
 				},
 				{
 					name:     "virtual.txt",
-					fileMode: 0600,
+					fileMode: 0o600,
 					isDir:    false,
 					size:     0,
 					fileInfo: virtualFileInfo,
--- a/pkg/misconf/scanner.go
+++ b/pkg/misconf/scanner.go
@@ -454,11 +454,11 @@ func CreateDataFS(dataPaths []string, opts ...string) (fs.FS, []string, error) {
 	// Check if k8sVersion is provided
 	if len(opts) > 0 {
 		k8sVersion := opts[0]
-		if err := fsys.MkdirAll("system", 0700); err != nil {
+		if err := fsys.MkdirAll("system", 0o700); err != nil {
 			return nil, nil, err
 		}
 		data := []byte(fmt.Sprintf(`{"k8s": {"version": %q}}`, k8sVersion))
-		if err := fsys.WriteVirtualFile("system/k8s-version.json", data, 0600); err != nil {
+		if err := fsys.WriteVirtualFile("system/k8s-version.json", data, 0o600); err != nil {
 			return nil, nil, err
 		}
 	}
--- a/pkg/misconf/scanner_test.go
+++ b/pkg/misconf/scanner_test.go
@@ -150,7 +150,7 @@ func TestScanner_Scan(t *testing.T) {
 			// Create a virtual filesystem for testing
 			fsys := mapfs.New()
 			for _, f := range tt.files {
-				err := fsys.WriteVirtualFile(f.path, f.content, 0666)
+				err := fsys.WriteVirtualFile(f.path, f.content, 0o666)
 				require.NoError(t, err)
 			}

@@ -172,7 +172,7 @@ func TestScanner_Scan(t *testing.T) {
 func Test_createPolicyFS(t *testing.T) {
 	t.Run("outside pwd", func(t *testing.T) {
 		tmpDir := t.TempDir()
-		require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir", "testdir"), 0750))
+		require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir", "testdir"), 0o750))
 		f, got, err := CreatePolicyFS([]string{filepath.Join(tmpDir, "subdir", "testdir")})
 		assertFS(t, tmpDir, f, got, err)
 	})
@@ -181,7 +181,7 @@ func Test_createPolicyFS(t *testing.T) {
 func Test_CreateDataFS(t *testing.T) {
 	t.Run("outside pwd", func(t *testing.T) {
 		tmpDir := t.TempDir()
-		require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir", "testdir"), 0750))
+		require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir", "testdir"), 0o750))
 		f, got, err := CreateDataFS([]string{filepath.Join(tmpDir, "subdir", "testdir")})
 		assertFS(t, tmpDir, f, got, err)
 	})
--- a/pkg/plugin/manager_unix_test.go
+++ b/pkg/plugin/manager_unix_test.go
@@ -57,7 +57,7 @@ func modifyManifest(t *testing.T, worktree, version string) {
 	require.NoError(t, err)

 	b = bytes.ReplaceAll(b, []byte("0.2.0"), []byte(version))
-	err = os.WriteFile(manifestPath, b, 0644)
+	err = os.WriteFile(manifestPath, b, 0o644)
 	require.NoError(t, err)
 }

@@ -200,7 +200,7 @@ func TestManager_Install(t *testing.T) {

 			// For plugin index
 			pluginDir := filepath.Join(dst, ".trivy", "plugins")
-			err := os.MkdirAll(pluginDir, 0755)
+			err := os.MkdirAll(pluginDir, 0o755)
 			require.NoError(t, err)
 			_, err = fsutils.CopyFile("testdata/.trivy/plugins/index.yaml", filepath.Join(pluginDir, "index.yaml"))
 			require.NoError(t, err)
--- a/pkg/policy/policy_test.go
+++ b/pkg/policy/policy_test.go
@@ -360,7 +360,7 @@ func TestClient_DownloadBuiltinChecks(t *testing.T) {

 func TestClient_Clear(t *testing.T) {
 	cacheDir := t.TempDir()
-	err := os.MkdirAll(filepath.Join(cacheDir, "policy"), 0755)
+	err := os.MkdirAll(filepath.Join(cacheDir, "policy"), 0o755)
 	require.NoError(t, err)

 	c, err := policy.NewClient(cacheDir, true, "")
--- a/pkg/remote/remote_test.go
+++ b/pkg/remote/remote_test.go
@@ -51,7 +51,7 @@ func setupDockerConfig(t *testing.T, content string) {
 	cd := setupConfigDir(t)
 	p := filepath.Join(cd, "config.json")

-	err := os.WriteFile(p, []byte(content), 0600)
+	err := os.WriteFile(p, []byte(content), 0o600)
 	require.NoError(t, err)
 }

--- a/pkg/sbom/cyclonedx/marshal_test.go
+++ b/pkg/sbom/cyclonedx/marshal_test.go
@@ -1510,7 +1510,7 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 									References: []string{
 										"https://access.redhat.com/security/cve/CVE-2022-42003",
 									},
-									PublishedDate:    lo.ToPtr(time.Date(2022, 10, 02, 05, 15, 0, 0, time.UTC)),
+									PublishedDate:    lo.ToPtr(time.Date(2022, 10, 2, 5, 15, 0, 0, time.UTC)),
 									LastModifiedDate: lo.ToPtr(time.Date(2022, 12, 20, 10, 15, 0, 0, time.UTC)),
 								},
 							},
@@ -1717,7 +1717,7 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 										"https://github.com/advisories/GHSA-xm2m-2q6h-22jw",
 									},
 									PublishedDate:    lo.ToPtr(time.Date(2023, 6, 12, 16, 15, 0, 0, time.UTC)),
-									LastModifiedDate: lo.ToPtr(time.Date(2023, 6, 21, 02, 20, 0, 0, time.UTC)),
+									LastModifiedDate: lo.ToPtr(time.Date(2023, 6, 21, 2, 20, 0, 0, time.UTC)),
 								},
 							},
 							{
@@ -1768,7 +1768,7 @@ func TestMarshaler_MarshalReport(t *testing.T) {
 										"https://github.com/advisories/GHSA-xm2m-2q6h-22jw",
 									},
 									PublishedDate:    lo.ToPtr(time.Date(2023, 6, 12, 16, 15, 0, 0, time.UTC)),
-									LastModifiedDate: lo.ToPtr(time.Date(2023, 6, 21, 02, 20, 0, 0, time.UTC)),
+									LastModifiedDate: lo.ToPtr(time.Date(2023, 6, 21, 2, 20, 0, 0, time.UTC)),
 								},
 							},
 						},
--- a/pkg/vex/repo/manager.go
+++ b/pkg/vex/repo/manager.go
@@ -66,7 +66,7 @@ func NewManager(cacheRoot string, opts ...ManagerOption) *Manager {
 }

 func (m *Manager) writeConfig(conf Config) error {
-	if err := os.MkdirAll(filepath.Dir(m.configFile), 0700); err != nil {
+	if err := os.MkdirAll(filepath.Dir(m.configFile), 0o700); err != nil {
 		return xerrors.Errorf("failed to mkdir: %w", err)
 	}
 	f, err := os.Create(m.configFile)
--- a/pkg/vex/repo/manager_test.go
+++ b/pkg/vex/repo/manager_test.go
@@ -321,9 +321,9 @@ func TestManager_Clear(t *testing.T) {

 	// Create some dummy files
 	cacheDir := filepath.Join(tempDir, "vex")
-	require.NoError(t, os.MkdirAll(cacheDir, 0755))
+	require.NoError(t, os.MkdirAll(cacheDir, 0o755))
 	dummyFile := filepath.Join(cacheDir, "dummy.txt")
-	require.NoError(t, os.WriteFile(dummyFile, []byte("dummy"), 0644))
+	require.NoError(t, os.WriteFile(dummyFile, []byte("dummy"), 0o644))

 	err := m.Clear()
 	require.NoError(t, err)
--- a/pkg/vex/repo/repo.go
+++ b/pkg/vex/repo/repo.go
@@ -147,7 +147,7 @@ func (r *Repository) Index(ctx context.Context) (Index, error) {
 }

 func (r *Repository) downloadManifest(ctx context.Context, opts Options) error {
-	if err := os.MkdirAll(r.dir, 0700); err != nil {
+	if err := os.MkdirAll(r.dir, 0o700); err != nil {
 		return xerrors.Errorf("failed to mkdir: %w", err)
 	}

@@ -227,7 +227,7 @@ func (r *Repository) download(ctx context.Context, ver Version, dst string, opts
 	if len(ver.Locations) == 0 {
 		return xerrors.Errorf("no locations found for version %s", ver.SpecVersion)
 	}
-	if err := os.MkdirAll(dst, 0700); err != nil {
+	if err := os.MkdirAll(dst, 0o700); err != nil {
 		return xerrors.Errorf("failed to mkdir: %w", err)
 	}

--- a/pkg/vex/repo_test.go
+++ b/pkg/vex/repo_test.go
@@ -90,12 +90,12 @@ repositories:

 			// Create the vex directory in the temporary directory
 			vexDir := filepath.Join(tmpDir, ".trivy", "vex")
-			err := os.MkdirAll(vexDir, 0755)
+			err := os.MkdirAll(vexDir, 0o755)
 			require.NoError(t, err)

 			// Write the config file
 			configPath := filepath.Join(vexDir, "repository.yaml")
-			err = os.WriteFile(configPath, []byte(tt.configContent), 0644)
+			err = os.WriteFile(configPath, []byte(tt.configContent), 0o644)
 			require.NoError(t, err)

 			ctx := t.Context()
--- a/pkg/vex/vex_test.go
+++ b/pkg/vex/vex_test.go
@@ -481,7 +481,7 @@ func TestFilter(t *testing.T) {
 			setup: func(t *testing.T, tmpDir string) {
 				// Create repository.yaml
 				vexDir := filepath.Join(tmpDir, ".trivy", "vex")
-				require.NoError(t, os.MkdirAll(vexDir, 0755))
+				require.NoError(t, os.MkdirAll(vexDir, 0o755))

 				configPath := filepath.Join(vexDir, "repository.yaml")
 				configContent := `
@@ -489,7 +489,7 @@ repositories:
  - name: default
    url: https://example.com/vex/default
    enabled: true`
-				require.NoError(t, os.WriteFile(configPath, []byte(configContent), 0644))
+				require.NoError(t, os.WriteFile(configPath, []byte(configContent), 0o644))
 			},
 			args: args{
 				report: imageReport([]types.Result{