refactor: better integration of the parser into Trivy (#6183)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

.github/workflows/semantic-pr.yaml

@@ -100,4 +100,5 @@ jobs:
             helm
             report
             db
+            parser
             deps

docs/community/contribute/pr.md

@@ -178,6 +178,7 @@ others:
 - helm
 - report
 - db
+- parser
 - deps
 
 The `<scope>` can be empty (e.g. if the change is a global or difficult to assign to a single component), in which case the parentheses are omitted.

pkg/dependency/parser/c/conan/parse.go

@@ -9,9 +9,9 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type LockFile struct {
@@ -35,7 +35,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lock LockFile
 	input, err := io.ReadAll(r)
 	if err != nil {

pkg/dependency/parser/conda/meta/parse.go

@@ -5,8 +5,8 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type packageJSON struct {
@@ -24,7 +24,7 @@ func NewParser() types.Parser {
 // Parse parses Anaconda (a.k.a. conda) environment metadata.
 // e.g. <conda-root>/envs/<env>/conda-meta/<package>.json
 // For details see https://conda.io/projects/conda/en/latest/user-guide/concepts/environments.html
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var data packageJSON
 	err := json.NewDecoder(r).Decode(&data)
 	if err != nil {
@@ -35,9 +35,11 @@ func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 		return nil, nil, xerrors.Errorf("unable to parse conda package")
 	}
 
-	return []types.Library{{
-		Name:    data.Name,
-		Version: data.Version,
-		License: data.License, // can be empty
-	}}, nil, nil
+	return []types.Library{
+		{
+			Name:    data.Name,
+			Version: data.Version,
+			License: data.License, // can be empty
+		},
+	}, nil, nil
 }

pkg/dependency/parser/dart/pub/parse.go

@@ -6,8 +6,8 @@ import (
 	"golang.org/x/xerrors"
 	"gopkg.in/yaml.v3"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 const (
@@ -31,7 +31,7 @@ type Dep struct {
 	Version    string `yaml:"version"`
 }
 
-func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	l := &lock{}
 	if err := yaml.NewDecoder(r).Decode(&l); err != nil {
 		return nil, nil, xerrors.Errorf("failed to decode pubspec.lock: %w", err)

pkg/dependency/parser/dotnet/core_deps/parse.go

@@ -7,9 +7,9 @@ import (
 	"github.com/liamg/jfather"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type Parser struct{}
@@ -18,7 +18,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var depsFile dotNetDependencies
 
 	input, err := io.ReadAll(r)
@@ -43,9 +43,14 @@ func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 		}
 
 		libraries = append(libraries, types.Library{
-			Name:      split[0],
-			Version:   split[1],
-			Locations: []types.Location{{StartLine: lib.StartLine, EndLine: lib.EndLine}},
+			Name:    split[0],
+			Version: split[1],
+			Locations: []types.Location{
+				{
+					StartLine: lib.StartLine,
+					EndLine:   lib.EndLine,
+				},
+			},
 		})
 	}
 

pkg/dependency/parser/golang/binary/parse.go

@@ -6,8 +6,8 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 var (
@@ -36,7 +36,7 @@ func NewParser() types.Parser {
 }
 
 // Parse scans file to try to report the Go and module versions.
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	info, err := buildinfo.Read(r)
 	if err != nil {
 		return nil, nil, convertError(err)

pkg/dependency/parser/golang/mod/parse.go

@@ -11,8 +11,8 @@ import (
 	"golang.org/x/mod/modfile"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 var (
@@ -65,7 +65,7 @@ func resolveVCSUrl(modulePath string) string {
 }
 
 // Parse parses a go.mod file
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	libs := make(map[string]types.Library)
 
 	goModData, err := io.ReadAll(r)

pkg/dependency/parser/golang/sum/parse.go

@@ -7,8 +7,8 @@ import (
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/golang/mod"
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type Parser struct{}
@@ -18,7 +18,7 @@ func NewParser() types.Parser {
 }
 
 // Parse parses a go.sum file
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var libs []types.Library
 	uniqueLibs := make(map[string]string)
 

pkg/dependency/parser/gradle/lockfile/parse.go

@@ -5,9 +5,9 @@ import (
 	"fmt"
 	"strings"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type Parser struct{}
@@ -16,7 +16,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var libs []types.Library
 	scanner := bufio.NewScanner(r)
 	var lineNum int

pkg/dependency/parser/hex/mix/parse.go

@@ -6,10 +6,10 @@ import (
 	"strings"
 	"unicode"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 // Parser is a parser for mix.lock
@@ -19,7 +19,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var libs []types.Library
 	scanner := bufio.NewScanner(r)
 	var lineNumber int // It is used to save dependency location

pkg/dependency/parser/io/io.go

@@ -1,25 +0,0 @@
-package io
-
-import "io"
-
-type ReadSeekerAt interface {
-	io.ReadSeeker
-	io.ReaderAt
-}
-
-type ReadSeekCloserAt interface {
-	io.ReadSeekCloser
-	io.ReaderAt
-}
-
-// NopCloser returns a ReadSeekCloserAt with a no-op Close method wrapping
-// the provided Reader r.
-func NopCloser(r ReadSeekerAt) ReadSeekCloserAt {
-	return nopCloser{r}
-}
-
-type nopCloser struct {
-	ReadSeekerAt
-}
-
-func (nopCloser) Close() error { return nil }

pkg/dependency/parser/java/jar/parse.go

@@ -18,9 +18,9 @@ import (
 	"go.uber.org/zap"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 var (
@@ -73,7 +73,7 @@ func NewParser(c Client, opts ...Option) types.Parser {
 	return p
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	libs, deps, err := p.parseArtifact(p.rootFilePath, p.size, r)
 	if err != nil {
 		return nil, nil, xerrors.Errorf("unable to parse %s: %w", p.rootFilePath, err)
@@ -81,7 +81,7 @@ func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency,
 	return removeLibraryDuplicates(libs), deps, nil
 }
 
-func (p *Parser) parseArtifact(filePath string, size int64, r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) parseArtifact(filePath string, size int64, r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	log.Logger.Debugw("Parsing Java artifacts...", zap.String("file", filePath))
 
 	// Try to extract artifactId and version from the file name
@@ -147,7 +147,7 @@ func (p *Parser) parseArtifact(filePath string, size int64, r dio.ReadSeekerAt)
 	return libs, nil, nil
 }
 
-func (p *Parser) traverseZip(filePath string, size int64, r dio.ReadSeekerAt, fileProps Properties) (
+func (p *Parser) traverseZip(filePath string, size int64, r xio.ReadSeekerAt, fileProps Properties) (
 	[]types.Library, manifest, bool, error) {
 	var libs []types.Library
 	var m manifest

pkg/dependency/parser/java/jar/sonatype/log.go

@@ -1,6 +1,6 @@
 package sonatype
 
-import "github.com/aquasecurity/trivy/pkg/dependency/parser/log"
+import "github.com/aquasecurity/trivy/pkg/log"
 
 // logger implements LeveledLogger
 // https://github.com/hashicorp/go-retryablehttp/blob/991b9d0a42d13014e3689dd49a94c02be01f4237/client.go#L285-L290

pkg/dependency/parser/java/pom/artifact.go

@@ -9,8 +9,8 @@ import (
 	"github.com/samber/lo"
 	"golang.org/x/exp/slices"
 
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 )
 
 var (

pkg/dependency/parser/java/pom/parse.go

@@ -18,10 +18,10 @@ import (
 	"golang.org/x/net/html/charset"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 const (
@@ -83,7 +83,7 @@ func NewParser(filePath string, opts ...option) types.Parser {
 	}
 }
 
-func (p *parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	content, err := parsePom(r)
 	if err != nil {
 		return nil, nil, xerrors.Errorf("failed to parse POM: %w", err)

pkg/dependency/parser/java/pom/pom.go

@@ -12,9 +12,9 @@ import (
 	"github.com/samber/lo"
 	"golang.org/x/xerrors"
 
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
 )
 
 type pom struct {

pkg/dependency/parser/julia/manifest/parse.go

@@ -8,8 +8,8 @@ import (
 	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type primitiveManifest struct {
@@ -31,7 +31,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var oldDeps map[string][]primitiveDependency
 	var primMan primitiveManifest
 	var manMetadata toml.MetaData

pkg/dependency/parser/log/log.go

@@ -1,24 +0,0 @@
-package log
-
-import (
-	"go.uber.org/zap"
-)
-
-var Logger *zap.SugaredLogger
-
-func init() {
-	config := zap.Config{
-		Level:            zap.NewAtomicLevelAt(zap.InfoLevel),
-		Development:      false,
-		Encoding:         "console",
-		EncoderConfig:    zap.NewDevelopmentEncoderConfig(),
-		OutputPaths:      []string{"stderr"},
-		ErrorOutputPaths: []string{"stderr"},
-	}
-	logger, _ := config.Build()
-	Logger = logger.Sugar()
-}
-
-func SetLogger(l *zap.SugaredLogger) {
-	Logger = l
-}

pkg/dependency/parser/nodejs/npm/parse.go

@@ -12,10 +12,10 @@ import (
 	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 const nodeModulesDir = "node_modules"
@@ -55,7 +55,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lockFile LockFile
 	input, err := io.ReadAll(r)
 	if err != nil {

pkg/dependency/parser/nodejs/pnpm/parse.go

@@ -9,9 +9,9 @@ import (
 	"gopkg.in/yaml.v3"
 
 	"github.com/aquasecurity/go-version/pkg/semver"
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type PackageResolution struct {
@@ -44,7 +44,7 @@ func (p *Parser) ID(name, version string) string {
 	return fmt.Sprintf("%s@%s", name, version)
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lockFile LockFile
 	if err := yaml.NewDecoder(r).Decode(&lockFile); err != nil {
 		return nil, nil, xerrors.Errorf("decode error: %w", err)

pkg/dependency/parser/nodejs/yarn/parse.go

@@ -10,10 +10,10 @@ import (
 	"github.com/samber/lo"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 var (
@@ -265,7 +265,7 @@ func parseDependency(line string) (string, error) {
 	}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	lineNumber := 1
 	var libs []types.Library
 

pkg/dependency/parser/nuget/config/parse.go

@@ -5,9 +5,9 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type cfgPackageReference struct {
@@ -29,7 +29,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var cfgData config
 	if err := xml.NewDecoder(r).Decode(&cfgData); err != nil {
 		return nil, nil, xerrors.Errorf("failed to decode .config file: %w", err)

pkg/dependency/parser/nuget/lock/parse.go

@@ -6,9 +6,9 @@ import (
 	"github.com/liamg/jfather"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type LockFile struct {
@@ -32,7 +32,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lockFile LockFile
 	input, err := io.ReadAll(r)
 	if err != nil {

pkg/dependency/parser/nuget/packagesprops/parse.go

@@ -6,9 +6,9 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type pkg struct {
@@ -66,7 +66,7 @@ func isVariable(s string) bool {
 	return strings.HasPrefix(s, "$(") && strings.HasSuffix(s, ")")
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var configData project
 	if err := xml.NewDecoder(r).Decode(&configData); err != nil {
 		return nil, nil, xerrors.Errorf("failed to decode '*.packages.props' file: %w", err)

pkg/dependency/parser/php/composer/parse.go

@@ -9,10 +9,10 @@ import (
 	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type lockFile struct {
@@ -33,7 +33,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lockFile lockFile
 	input, err := io.ReadAll(r)
 	if err != nil {

pkg/dependency/parser/python/packaging/parse.go

@@ -9,9 +9,9 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type Parser struct{}
@@ -22,7 +22,7 @@ func NewParser() types.Parser {
 
 // Parse parses egg and wheel metadata.
 // e.g. .egg-info/PKG-INFO and dist-info/METADATA
-func (*Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (*Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	rd := textproto.NewReader(bufio.NewReader(r))
 	h, err := rd.ReadMIMEHeader()
 	if e := textproto.ProtocolError(""); errors.As(err, &e) {

pkg/dependency/parser/python/pip/parse.go

@@ -10,8 +10,8 @@ import (
 	"golang.org/x/text/transform"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 const (
@@ -28,7 +28,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	// `requirements.txt` can use byte order marks (BOM)
 	// e.g. on Windows `requirements.txt` can use UTF-16LE with BOM
 	// We need to override them to avoid the file being read incorrectly

pkg/dependency/parser/python/pipenv/parse.go

@@ -7,8 +7,8 @@ import (
 	"github.com/liamg/jfather"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type lockFile struct {
@@ -26,7 +26,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lockFile lockFile
 	input, err := io.ReadAll(r)
 	if err != nil {

pkg/dependency/parser/python/poetry/parse.go

@@ -8,10 +8,10 @@ import (
 	"golang.org/x/xerrors"
 
 	version "github.com/aquasecurity/go-pep440-version"
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type Lockfile struct {
@@ -34,7 +34,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lockfile Lockfile
 	if _, err := toml.NewDecoder(r).Decode(&lockfile); err != nil {
 		return nil, nil, xerrors.Errorf("failed to decode poetry.lock: %w", err)

pkg/dependency/parser/ruby/bundler/parse.go

@@ -8,9 +8,9 @@ import (
 	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type Parser struct{}
@@ -19,7 +19,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	libs := make(map[string]types.Library)
 	var dependsOn, directDeps []string
 	var deps []types.Dependency

pkg/dependency/parser/ruby/gemspec/parse.go

@@ -8,8 +8,8 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 const specNewStr = "Gem::Specification.new"
@@ -47,7 +47,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) (libs []types.Library, deps []types.Dependency, err error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) (libs []types.Library, deps []types.Dependency, err error) {
 	var newVar, name, version, license string
 
 	scanner := bufio.NewScanner(r)

pkg/dependency/parser/rust/binary/parse.go

@@ -5,9 +5,9 @@ import (
 	rustaudit "github.com/microsoft/go-rustaudit"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 var (
@@ -36,7 +36,7 @@ func NewParser() types.Parser {
 
 // Parse scans files to try to report Rust crates and version injected into Rust binaries
 // via https://github.com/rust-secure-code/cargo-auditable
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	info, err := rustaudit.GetDependencyInfo(r)
 	if err != nil {
 		return nil, nil, convertError(err)

pkg/dependency/parser/rust/cargo/parse.go

@@ -9,10 +9,10 @@ import (
 	"github.com/samber/lo"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type cargoPkg struct {
@@ -31,7 +31,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lockfile Lockfile
 	decoder := toml.NewDecoder(r)
 	if _, err := decoder.Decode(&lockfile); err != nil {

pkg/dependency/parser/swift/cocoapods/parse.go

@@ -8,10 +8,10 @@ import (
 	"golang.org/x/xerrors"
 	"gopkg.in/yaml.v3"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type Parser struct{}
@@ -24,7 +24,7 @@ type lockFile struct {
 	Pods []any `yaml:"PODS"` // pod can be string or map[string]interface{}
 }
 
-func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	lock := &lockFile{}
 	decoder := yaml.NewDecoder(r)
 	if err := decoder.Decode(&lock); err != nil {

pkg/dependency/parser/swift/swift/parse.go

@@ -9,10 +9,10 @@ import (
 	"github.com/samber/lo"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/utils"
+	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 // Parser is a parser for Package.resolved files
@@ -22,7 +22,7 @@ func NewParser() types.Parser {
 	return &Parser{}
 }
 
-func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
+func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) {
 	var lockFile LockFile
 	input, err := io.ReadAll(r)
 	if err != nil {

pkg/dependency/parser/types/types.go

@@ -1,7 +1,7 @@
 package types
 
 import (
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type Library struct {
@@ -63,7 +63,7 @@ func (deps Dependencies) Swap(i, j int) { deps[i], deps[j] = deps[j], deps[i] }
 
 type Parser interface {
 	// Parse parses the dependency file
-	Parse(r dio.ReadSeekerAt) ([]Library, []Dependency, error)
+	Parse(r xio.ReadSeekerAt) ([]Library, []Dependency, error)
 }
 
 type RefType string

pkg/fanal/analyzer/analyzer.go

@@ -15,11 +15,11 @@ import (
 	"golang.org/x/sync/semaphore"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os"
 	"github.com/aquasecurity/trivy/pkg/fanal/log"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/misconf"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 var (
@@ -117,7 +117,7 @@ type CustomGroup interface {
 	Group() Group
 }
 
-type Opener func() (dio.ReadSeekCloserAt, error)
+type Opener func() (xio.ReadSeekCloserAt, error)
 
 type AnalyzerGroup struct {
 	analyzers     []analyzer
@@ -133,7 +133,7 @@ type AnalysisInput struct {
 	Dir      string
 	FilePath string
 	Info     os.FileInfo
-	Content  dio.ReadSeekerAt
+	Content  xio.ReadSeekerAt
 
 	Options AnalysisOptions
 }
@@ -422,7 +422,7 @@ func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, lim
 		}
 		wg.Add(1)
 
-		go func(a analyzer, rc dio.ReadSeekCloserAt) {
+		go func(a analyzer, rc xio.ReadSeekCloserAt) {
 			defer limit.Release(1)
 			defer wg.Done()
 			defer rc.Close()

pkg/fanal/analyzer/analyzer_test.go

@@ -12,7 +12,7 @@ import (
 	"golang.org/x/sync/semaphore"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/javadb"
@@ -525,7 +525,7 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) {
 
 			ctx := context.Background()
 			err = a.AnalyzeFile(ctx, &wg, limit, got, "", tt.args.filePath, info,
-				func() (dio.ReadSeekCloserAt, error) {
+				func() (xio.ReadSeekCloserAt, error) {
 					if tt.args.testFilePath == "testdata/error" {
 						return nil, xerrors.New("error")
 					} else if tt.args.testFilePath == "testdata/no-permission" {

pkg/fanal/analyzer/language/analyze.go

@@ -6,7 +6,6 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/digest"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
@@ -17,7 +16,7 @@ import (
 )
 
 // Analyze returns an analysis result of the lock file
-func Analyze(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser) (*analyzer.AnalysisResult, error) {
+func Analyze(fileType types.LangType, filePath string, r xio.ReadSeekerAt, parser godeptypes.Parser) (*analyzer.AnalysisResult, error) {
 	app, err := Parse(fileType, filePath, r, parser)
 	if err != nil {
 		return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err)
@@ -31,7 +30,7 @@ func Analyze(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parse
 }
 
 // AnalyzePackage returns an analysis result of the package file other than lock files
-func AnalyzePackage(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*analyzer.AnalysisResult, error) {
+func AnalyzePackage(fileType types.LangType, filePath string, r xio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*analyzer.AnalysisResult, error) {
 	app, err := ParsePackage(fileType, filePath, r, parser, checksum)
 	if err != nil {
 		return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err)
@@ -61,7 +60,7 @@ func Parse(fileType types.LangType, filePath string, r io.Reader, parser godepty
 }
 
 // ParsePackage returns a parsed result of the package file
-func ParsePackage(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*types.Application, error) {
+func ParsePackage(fileType types.LangType, filePath string, r xio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*types.Application, error) {
 	parsedLibs, parsedDependencies, err := parser.Parse(r)
 	if err != nil {
 		return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err)
@@ -77,7 +76,7 @@ func ParsePackage(fileType types.LangType, filePath string, r dio.ReadSeekerAt,
 	return toApplication(fileType, filePath, filePath, r, parsedLibs, parsedDependencies), nil
 }
 
-func toApplication(fileType types.LangType, filePath, libFilePath string, r dio.ReadSeekerAt, libs []godeptypes.Library, depGraph []godeptypes.Dependency) *types.Application {
+func toApplication(fileType types.LangType, filePath, libFilePath string, r xio.ReadSeekerAt, libs []godeptypes.Library, depGraph []godeptypes.Dependency) *types.Application {
 	if len(libs) == 0 {
 		return nil
 	}
@@ -139,7 +138,7 @@ func toApplication(fileType types.LangType, filePath, libFilePath string, r dio.
 	}
 }
 
-func calculateDigest(r dio.ReadSeekerAt) (digest.Digest, error) {
+func calculateDigest(r xio.ReadSeekerAt) (digest.Digest, error) {
 	if r == nil {
 		return "", nil
 	}

pkg/fanal/analyzer/language/analyze_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 	godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer/language"
@@ -20,7 +20,7 @@ type mockParser struct {
 	t *testing.T
 }
 
-func (p *mockParser) Parse(r dio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dependency, error) {
+func (p *mockParser) Parse(r xio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dependency, error) {
 	b, err := io.ReadAll(r)
 	require.NoError(p.t, err)
 
@@ -43,7 +43,7 @@ func TestAnalyze(t *testing.T) {
 	type args struct {
 		fileType types.LangType
 		filePath string
-		content  dio.ReadSeekerAt
+		content  xio.ReadSeekerAt
 	}
 	tests := []struct {
 		name    string

pkg/fanal/analyzer/language/golang/mod/mod.go

@@ -19,7 +19,6 @@ import (
 
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/golang/mod"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/golang/sum"
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer/language"
@@ -27,6 +26,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/licensing"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/utils/fsutils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 func init() {
@@ -216,7 +216,7 @@ func parse(fsys fs.FS, path string, parser godeptypes.Parser) (*types.Applicatio
 	}
 	defer f.Close()
 
-	file, ok := f.(dio.ReadSeekCloserAt)
+	file, ok := f.(xio.ReadSeekCloserAt)
 	if !ok {
 		return nil, xerrors.Errorf("type assertion error: %w", err)
 	}

pkg/fanal/analyzer/language/java/jar/jar.go

@@ -9,13 +9,13 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/java/jar"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer/language"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/javadb"
 	"github.com/aquasecurity/trivy/pkg/parallel"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 func init() {
@@ -56,7 +56,7 @@ func (a *javaLibraryAnalyzer) PostAnalyze(ctx context.Context, input analyzer.Po
 	}
 
 	// It will be called on each JAR file
-	onFile := func(path string, info fs.FileInfo, r dio.ReadSeekerAt) (*types.Application, error) {
+	onFile := func(path string, info fs.FileInfo, r xio.ReadSeekerAt) (*types.Application, error) {
 		p := jar.NewParser(client, jar.WithSize(info.Size()), jar.WithFilePath(path))
 		return language.ParsePackage(types.Jar, path, r, p, input.Options.FileChecksum)
 	}

pkg/fanal/analyzer/language/nodejs/npm/npm.go

@@ -11,7 +11,6 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/nodejs/npm"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/nodejs/packagejson"
 	godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types"
@@ -20,6 +19,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/utils/fsutils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 	xpath "github.com/aquasecurity/trivy/pkg/x/path"
 )
 
@@ -114,7 +114,7 @@ func (a npmLibraryAnalyzer) parseNpmPkgLock(fsys fs.FS, filePath string) (*types
 	}
 	defer func() { _ = f.Close() }()
 
-	file, ok := f.(dio.ReadSeekCloserAt)
+	file, ok := f.(xio.ReadSeekCloserAt)
 	if !ok {
 		return nil, xerrors.Errorf("type assertion error: %w", err)
 	}

pkg/fanal/analyzer/language/nodejs/pkg/pkg.go

@@ -5,12 +5,12 @@ import (
 	"os"
 	"path/filepath"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/nodejs/packagejson"
 	godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer/language"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 func init() {
@@ -24,7 +24,7 @@ const (
 
 type parser struct{}
 
-func (*parser) Parse(r dio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dependency, error) {
+func (*parser) Parse(r xio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dependency, error) {
 	p := packagejson.NewParser()
 	pkg, err := p.Parse(r)
 	if err != nil {

pkg/fanal/analyzer/language/python/packaging/packaging.go

@@ -15,7 +15,6 @@ import (
 	"github.com/samber/lo"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/dependency/parser/python/packaging"
 	godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
@@ -24,6 +23,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/licensing"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/utils/fsutils"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 func init() {
@@ -68,7 +68,7 @@ func (a packagingAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAna
 	}
 
 	err := fsutils.WalkDir(input.FS, ".", required, func(path string, d fs.DirEntry, r io.Reader) error {
-		rsa, ok := r.(dio.ReadSeekerAt)
+		rsa, ok := r.(xio.ReadSeekerAt)
 		if !ok {
 			return xerrors.New("invalid reader")
 		}
@@ -167,11 +167,11 @@ func classifyLicense(dir, licPath string, classifierConfidenceLevel float64, fsy
 	return l.Findings, nil
 }
 
-func (a packagingAnalyzer) parse(filePath string, r dio.ReadSeekerAt, checksum bool) (*types.Application, error) {
+func (a packagingAnalyzer) parse(filePath string, r xio.ReadSeekerAt, checksum bool) (*types.Application, error) {
 	return language.ParsePackage(types.PythonPkg, filePath, r, a.pkgParser, checksum)
 }
 
-func (a packagingAnalyzer) analyzeEggZip(r io.ReaderAt, size int64) (dio.ReadSeekerAt, error) {
+func (a packagingAnalyzer) analyzeEggZip(r io.ReaderAt, size int64) (xio.ReadSeekerAt, error) {
 	zr, err := zip.NewReader(r, size)
 	if err != nil {
 		return nil, xerrors.Errorf("zip reader error: %w", err)
@@ -187,7 +187,7 @@ func (a packagingAnalyzer) analyzeEggZip(r io.ReaderAt, size int64) (dio.ReadSee
 }
 
 // open reads the file content in the zip archive to make it seekable.
-func (a packagingAnalyzer) open(file *zip.File) (dio.ReadSeekerAt, error) {
+func (a packagingAnalyzer) open(file *zip.File) (xio.ReadSeekerAt, error) {
 	f, err := file.Open()
 	if err != nil {
 		return nil, err

pkg/fanal/analyzer/licensing/license.go

@@ -11,11 +11,11 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/log"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/licensing"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 const version = 1
@@ -96,7 +96,7 @@ func (a licenseFileAnalyzer) Required(filePath string, _ os.FileInfo) bool {
 	return slices.Contains(acceptedFileNames, baseName)
 }
 
-func isHumanReadable(content dio.ReadSeekerAt, fileSize int64) (bool, error) {
+func isHumanReadable(content xio.ReadSeekerAt, fileSize int64) (bool, error) {
 	headSize := int(math.Min(float64(fileSize), 300))
 	head := make([]byte, headSize)
 	if _, err := content.Read(head); err != nil {

pkg/fanal/analyzer/pkg/dpkg/copyright.go

@@ -13,10 +13,10 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/licensing"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 func init() {
@@ -75,7 +75,7 @@ func (a *dpkgLicenseAnalyzer) Analyze(_ context.Context, input analyzer.Analysis
 }
 
 // parseCopyright parses /usr/share/doc/*/copyright files
-func (a *dpkgLicenseAnalyzer) parseCopyright(r dio.ReadSeekerAt) ([]types.LicenseFinding, error) {
+func (a *dpkgLicenseAnalyzer) parseCopyright(r xio.ReadSeekerAt) ([]types.LicenseFinding, error) {
 	scanner := bufio.NewScanner(r)
 	var licenses []string
 	for scanner.Scan() {

pkg/fanal/analyzer/pkg/rpm/rpmqa.go

@@ -9,9 +9,9 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
-	"github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 func init() {
@@ -44,7 +44,7 @@ func (a rpmqaPkgAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInpu
 	}, nil
 }
 
-func (a rpmqaPkgAnalyzer) parseRpmqaManifest(r io.ReadSeekerAt) ([]types.Package, error) {
+func (a rpmqaPkgAnalyzer) parseRpmqaManifest(r xio.ReadSeekerAt) ([]types.Package, error) {
 	var pkgs []types.Package
 	scanner := bufio.NewScanner(r)
 	for scanner.Scan() {

pkg/fanal/artifact/vm/vm_test.go

@@ -14,7 +14,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact/vm"
@@ -48,7 +48,7 @@ func (m *mockWalker) Walk(_ *io.SectionReader, _ string, fn walker.WalkFunc) err
 		if err != nil {
 			return err
 		}
-		opener := func() (dio.ReadSeekCloserAt, error) {
+		opener := func() (xio.ReadSeekCloserAt, error) {
 			return os.Open(path)
 		}
 		relPath, err := filepath.Rel(m.root, path)

pkg/fanal/utils/utils.go

@@ -9,7 +9,7 @@ import (
 	"os/exec"
 	"path/filepath"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 var (
@@ -74,7 +74,7 @@ func IsExecutable(fileInfo os.FileInfo) bool {
 	return false
 }
 
-func IsBinary(content dio.ReadSeekerAt, fileSize int64) (bool, error) {
+func IsBinary(content xio.ReadSeekerAt, fileSize int64) (bool, error) {
 	headSize := int(math.Min(float64(fileSize), 300))
 	head := make([]byte, headSize)
 	if _, err := content.Read(head); err != nil {

pkg/fanal/walker/cached_file.go

@@ -8,7 +8,7 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 // cachedFile represents a file cached in memory or storage according to the file size.
@@ -36,7 +36,7 @@ func newCachedFile(size int64, r io.Reader, threshold int64) *cachedFile {
 // Open opens a file and cache the file.
 // If the file size is greater than or equal to threshold, it copies the content to a temp file and opens it next time.
 // If the file size is less than threshold, it opens the file once and the content will be shared so that others analyzers can use the same data.
-func (o *cachedFile) Open() (dio.ReadSeekCloserAt, error) {
+func (o *cachedFile) Open() (xio.ReadSeekCloserAt, error) {
 	o.once.Do(func() {
 		// When the file is large, it will be written down to a temp file.
 		if o.size >= o.threshold {
@@ -68,7 +68,7 @@ func (o *cachedFile) Open() (dio.ReadSeekCloserAt, error) {
 	return o.open()
 }
 
-func (o *cachedFile) open() (dio.ReadSeekCloserAt, error) {
+func (o *cachedFile) open() (xio.ReadSeekCloserAt, error) {
 	if o.filePath != "" {
 		f, err := os.Open(o.filePath)
 		if err != nil {
@@ -77,7 +77,7 @@ func (o *cachedFile) open() (dio.ReadSeekCloserAt, error) {
 		return f, nil
 	}
 
-	return dio.NopCloser(bytes.NewReader(o.content)), nil
+	return xio.NopCloser(bytes.NewReader(o.content)), nil
 }
 
 func (o *cachedFile) Clean() error {

pkg/fanal/walker/fs.go

@@ -8,8 +8,8 @@ import (
 	swalker "github.com/saracen/walker"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 type ErrorCallback func(pathname string, err error) error
@@ -114,8 +114,8 @@ func (w FS) walkSlow(root string, walkFn fastWalkFunc) error {
 }
 
 // fileOpener returns a function opening a file.
-func (w *walker) fileOpener(pathname string) func() (dio.ReadSeekCloserAt, error) {
-	return func() (dio.ReadSeekCloserAt, error) {
+func (w *walker) fileOpener(pathname string) func() (xio.ReadSeekCloserAt, error) {
+	return func() (xio.ReadSeekCloserAt, error) {
 		return os.Open(pathname)
 	}
 }

pkg/fanal/walker/vm.go

@@ -14,9 +14,9 @@ import (
 	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/fanal/vm/filesystem"
 	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 var requiredDiskName = []string{
@@ -167,7 +167,7 @@ func newCachedVMFile(fsys fs.FS, filePath string, threshold int64) *cachedVMFile
 	}
 }
 
-func (cvf *cachedVMFile) Open() (dio.ReadSeekCloserAt, error) {
+func (cvf *cachedVMFile) Open() (xio.ReadSeekCloserAt, error) {
 	if cvf.cf != nil {
 		return cvf.cf.Open()
 	}

pkg/log/logger.go

@@ -10,7 +10,6 @@ import (
 	"go.uber.org/zap/zapcore"
 	"golang.org/x/xerrors"
 
-	dlog "github.com/aquasecurity/trivy/pkg/dependency/parser/log"
 	flog "github.com/aquasecurity/trivy/pkg/fanal/log"
 )
 
@@ -33,9 +32,6 @@ func InitLogger(debug, disable bool) (err error) {
 		return xerrors.Errorf("failed to initialize a logger: %w", err)
 	}
 
-	// Set logger for dependency/parser
-	dlog.SetLogger(Logger)
-
 	// Set logger for fanal
 	flog.SetLogger(Logger)
 

pkg/module/memfs.go

@@ -7,8 +7,8 @@ import (
 
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/mapfs"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 // memFS is a wrapper of mapfs.FS and can change its underlying file system
@@ -29,7 +29,7 @@ func (m *memFS) Open(name string) (fs.File, error) {
 //
 // Note: it is always to safe swap the underlying FS with this API since this is called only at the beginning of
 // Analyze interface call, which is not concurrently called per module instance.
-func (m *memFS) initialize(filePath string, content dio.ReadSeekerAt) error {
+func (m *memFS) initialize(filePath string, content xio.ReadSeekerAt) error {
 	mfs := mapfs.New()
 	if err := mfs.MkdirAll(filepath.Dir(filePath), fs.ModePerm); err != nil {
 		return xerrors.Errorf("mapfs mkdir error: %w", err)

pkg/parallel/walk.go

@@ -8,13 +8,13 @@ import (
 	"golang.org/x/sync/errgroup"
 	"golang.org/x/xerrors"
 
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 	"github.com/aquasecurity/trivy/pkg/log"
+	xio "github.com/aquasecurity/trivy/pkg/x/io"
 )
 
 const defaultParallel = 5
 
-type onFile[T any] func(string, fs.FileInfo, dio.ReadSeekerAt) (T, error)
+type onFile[T any] func(string, fs.FileInfo, xio.ReadSeekerAt) (T, error)
 type onWalkResult[T any] func(T) error
 
 func WalkDir[T any](ctx context.Context, fsys fs.FS, root string, parallel int,
@@ -100,7 +100,7 @@ func walk[T any](ctx context.Context, fsys fs.FS, path string, c chan T, onFile
 		return xerrors.Errorf("stat error: %w", err)
 	}
 
-	rsa, ok := f.(dio.ReadSeekerAt)
+	rsa, ok := f.(xio.ReadSeekerAt)
 	if !ok {
 		return xerrors.New("type assertion failed")
 	}

pkg/x/io/io.go

@@ -5,12 +5,20 @@ import (
 	"io"
 
 	"golang.org/x/xerrors"
-
-	dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io"
 )
 
-func NewReadSeekerAt(r io.Reader) (dio.ReadSeekerAt, error) {
-	if rr, ok := r.(dio.ReadSeekerAt); ok {
+type ReadSeekerAt interface {
+	io.ReadSeeker
+	io.ReaderAt
+}
+
+type ReadSeekCloserAt interface {
+	io.ReadSeekCloser
+	io.ReaderAt
+}
+
+func NewReadSeekerAt(r io.Reader) (ReadSeekerAt, error) {
+	if rr, ok := r.(ReadSeekerAt); ok {
 		return rr, nil
 	}
 
@@ -21,3 +29,15 @@ func NewReadSeekerAt(r io.Reader) (dio.ReadSeekerAt, error) {
 
 	return bytes.NewReader(buff.Bytes()), nil
 }
+
+// NopCloser returns a ReadSeekCloserAt with a no-op Close method wrapping
+// the provided Reader r.
+func NopCloser(r ReadSeekerAt) ReadSeekCloserAt {
+	return nopCloser{r}
+}
+
+type nopCloser struct {
+	ReadSeekerAt
+}
+
+func (nopCloser) Close() error { return nil }