Merge pull request #517 from safedep/chore/updateDeps

Updated deps and minor refactoring
2025-12-10 13:43:01 -06:00 · 2025-06-24 15:21:47 +05:30 · 2025-06-24 15:21:47 +05:30 · 200257bab3
commit 200257bab3
parent 78e2bad49b a87e6ab466
18 changed files with 75 additions and 76 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -21,7 +21,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5
        with:
-          go-version: 1.24
+          go-version: 1.24.3
          check-latest: true
      - name: Build and Test
@ -52,7 +52,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5
        with:
-          go-version: 1.24
+          go-version: 1.24.3
          check-latest: true
      - name: Build vet
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -44,7 +44,7 @@ jobs:
    - name: Set up Go
      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
      with:
-        go-version: 1.24
+        go-version: 1.24.3
        check-latest: true
    - name: Initialize CodeQL
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -14,7 +14,7 @@ jobs:
    steps:
      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
        with:
-          go-version: 1.24
+          go-version: 1.24.3
          cache: false
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
      - name: golangci-lint
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@ -36,7 +36,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
        with:
-          go-version: 1.24
+          go-version: 1.24.3
          check-latest: true
      - name: ghcr-login
        uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1
--- a/.gitignore
+++ b/.gitignore
@ -23,3 +23,6 @@
 dist/
 /.env.dev
 .vscode/
 # MacOS specific files
 **/.DS_Store
--- a/.tool-versions
+++ b/.tool-versions
@ -1,2 +1,2 @@
-golang 1.24.1
+golang 1.24.3
 gitleaks 8.16.4
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -33,7 +33,7 @@ When contributing changes to repository, follow these steps:
 ### Requirements
-* Go 1.22+
+* Go 1.24.3+
 ### Install Dependencies
--- a/4
+++ b/4
@ -1,5 +1,5 @@
-FROM --platform=$BUILDPLATFORM golang:1.24.2-bullseye@sha256:f50ff25f8331682b44c1582974eb9e620fcb08052fc6ed434f93ca24636fc4d6 AS build
+FROM --platform=$BUILDPLATFORM golang:1.24.3-bullseye@sha256:abe2e2bb9bc0342dd1ba2f719af5c6b3859ca9ad93a7d9bcdd21310bda0327e1 AS build
-# Original: golang:1.24-bullseye
+# Original: golang:1.24.3-bullseye
 WORKDIR /build
--- a/go.mod
+++ b/go.mod
@ -1,10 +1,10 @@
 module github.com/safedep/vet
-go 1.24.2
+go 1.24.3
 require (
-	buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2
+	buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2
-	buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1
+	buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1
 	entgo.io/ent v0.14.4
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/BurntSushi/toml v1.5.0
@ -37,8 +37,8 @@ require (
 	github.com/package-url/packageurl-go v0.1.3
 	github.com/pandatix/go-cvss v0.6.2
 	github.com/posthog/posthog-go v1.5.11
-	github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53
+	github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c
-	github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f
+	github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c
 	github.com/sirupsen/logrus v1.9.3
 	github.com/smacker/go-tree-sitter v0.0.0-20240827094217-dd81d9e9be82
 	github.com/spdx/tools-golang v0.5.5
--- a/go.sum
+++ b/go.sum
@ -6,10 +6,10 @@ ariga.io/atlas v0.34.0 h1:4hdy+2x+xNs6Lx2anuJ/4Q7lCaqddbEj5CtRDVOBu0M=
 ariga.io/atlas v0.34.0/go.mod h1:WJesu2UCpGQvgUh3oVP94EiRT61nNy1W/VN5g+vqP1I=
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250425153114-8976f5be98c1.1 h1:YhMSc48s25kr7kv31Z8vf7sPUIq5YJva9z1mn/hAt0M=
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250425153114-8976f5be98c1.1/go.mod h1:avRlCjnFzl98VPaeCtJ24RrV/wwHFzB8sWXhj26+n/U=
-buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2 h1:khFSrG4NF9wz662s5yH5Pxwmg44vmzTLNkeCGNd/DfM=
+buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2 h1:ENbt9SmU2gh4YhjcFqzceJRlg80hsD28M+Oon9l752A=
-buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2/go.mod h1:CKCKo/PyDeai5cwR5zakoEopQ2lnTJx1hlt3TdtqCZw=
+buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2/go.mod h1:WDOWZglnweQ4njVEJpLYYpLMx9fD+e94KbKdt8oJrxY=
-buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1 h1:qDRO2meiZIFPJwAQQCxy0LemE70XlmjvR+pfh1tGrEY=
+buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1 h1:wOZtKj81Wq5fvHf4STR0vxEl8/peoEJkRzuQI+zwE2I=
-buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1/go.mod h1:uR95GqsnNCRn6cTyRBte6uMJMm0rEBRxTGpakKCNL9I=
+buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1/go.mod h1:uR95GqsnNCRn6cTyRBte6uMJMm0rEBRxTGpakKCNL9I=
 cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY=
 cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
@ -1099,10 +1099,10 @@ github.com/ryancurrah/gomodguard v1.3.5/go.mod h1:MXlEPQRxgfPQa62O8wzK3Ozbkv9Rkq
 github.com/ryanrolds/sqlclosecheck v0.5.1 h1:dibWW826u0P8jNLsLN+En7+RqWWTYrjCB9fJfSfdyCU=
 github.com/ryanrolds/sqlclosecheck v0.5.1/go.mod h1:2g3dUjoS6AL4huFdv6wn55WpLIDjY7ZgUR4J8HOO/XQ=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53 h1:FU3m6LEBDUaHTBbTNpTXGRV8W26F3JxSPwCUJL6hY08=
+github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c h1:ao6OCJyNomRFgpRtVbTEa5KetcPlinf/3rJEkL0Pgz8=
-github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53/go.mod h1:a6jPH1Yy0jLg5C1Ud/1GjGoqzH9gMg7WFdxGvbBAmVA=
+github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c/go.mod h1:5gnHWxq6kbun+r3qf52UHD5f9bd36sWhkDLXvPRd4ZA=
-github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f h1:wlUDnDSp1wPAXrv88eCYd7UlcQGWM7Umogr18n6q2ew=
+github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c h1:xr6P3xzQqxPx93qbH/LPjyK46oEEA6N0nYyiQSjikkI=
-github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f/go.mod h1:nU5w9Xb5Ja2wq5PU/K8r8r1Dc25ApJXKKqvwju99G2w=
+github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c/go.mod h1:8GbUOzdf46FT4j5h9lw9DdA3wM9NgIVEZjTfkzNe+Cw=
 github.com/saferwall/pe v1.5.6 h1:DrRLnoQFxHWJ5lJUmrH7X2L0xeUu6SUS95Dc61eW2Yc=
 github.com/saferwall/pe v1.5.6/go.mod h1:mJx+PuptmNpoPFBNhWs/uDMFL/kTHVZIkg0d4OUJFbQ=
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
--- a/internal/ui/progress.go
+++ b/internal/ui/progress.go
@ -44,8 +44,11 @@ func SetPinnedMessageOnProgressWriter(msg string) {
 }
 func TrackProgress(message string, total int) any {
-	tracker := progress.Tracker{Message: message, Total: int64(total),
+	tracker := progress.Tracker{
-		Units: progress.UnitsDefault}
+		Message: message,
 		Total:   int64(total),
 		Units:   progress.UnitsDefault,
 	}
 	if progressWriter != nil {
 		progressWriter.AppendTracker(&tracker)
--- a/main.go
+++ b/main.go
@ -30,7 +30,7 @@ var (
 const (
 	vetName                 = "vet"
 	vetInformationURI       = "https://github.com/safedep/vet"
-	vetVendorName           = "Safedep"
+	vetVendorName           = "SafeDep"
 	vetVendorInformationURI = "https://safedep.io"
 )
--- a/pkg/common/utils/pointers.go
+++ b/pkg/common/utils/pointers.go
@ -1,5 +0,0 @@
 package utils
 func PtrTo[T any](v T) *T {
 	return &v
 }
--- a/pkg/reporter/cyclonedx.go
+++ b/pkg/reporter/cyclonedx.go
@ -13,7 +13,6 @@ import (
 	"github.com/safedep/vet/gen/insightapi"
 	"github.com/safedep/vet/pkg/analyzer"
 	"github.com/safedep/vet/pkg/common/logger"
 	commonUtils "github.com/safedep/vet/pkg/common/utils"
 	"github.com/safedep/vet/pkg/common/utils/regex"
 	sbomUtils "github.com/safedep/vet/pkg/common/utils/sbom"
 	"github.com/safedep/vet/pkg/malysis"
@ -58,13 +57,13 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) {
 	if utils.IsEmptyString(config.SerialNumber) {
 		generatedSerialNumber, err := uuid.NewUUID()
 		if err != nil {
-			return nil, fmt.Errorf("Failed to generate UUID for CycloneDX serial number: %v", err)
+			return nil, fmt.Errorf("failed to generate UUID for CycloneDX serial number: %v", err)
 		}
 		bom.SerialNumber = fmt.Sprintf("urn:uuid:%s", generatedSerialNumber.String())
 	} else {
 		if !cdxUUIDRegexp.MatchString(config.SerialNumber) {
-			return nil, fmt.Errorf("Serial number '%s' does not match RFC 4122 UUID format", config.SerialNumber)
+			return nil, fmt.Errorf("serial number '%s' does not match RFC 4122 UUID format", config.SerialNumber)
 		}
 		bom.SerialNumber = config.SerialNumber
@ -74,7 +73,7 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) {
 		Type: cdx.ComponentTypeApplication,
 		Manufacturer: &cdx.OrganizationalEntity{
 			Name: config.Tool.VendorName,
-			URL:  commonUtils.PtrTo([]string{config.Tool.VendorInformationURI}),
+			URL:  utils.PtrTo([]string{config.Tool.VendorInformationURI}),
 		},
 		Group:      config.Tool.VendorName,
 		Name:       config.Tool.Name,
@ -90,18 +89,18 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) {
 			BOMRef:     rootComponentBomref,
 			Type:       cdx.ComponentTypeApplication,
 			Name:       config.ApplicationComponentName,
-			Components: commonUtils.PtrTo([]cdx.Component{}),
+			Components: utils.PtrTo([]cdx.Component{}),
 		},
 		Tools: &cdx.ToolsChoice{
-			Components: commonUtils.PtrTo([]cdx.Component{
+			Components: utils.PtrTo([]cdx.Component{
 				toolComponent,
 			}),
 		},
 	}
-	bom.Components = commonUtils.PtrTo([]cdx.Component{})
+	bom.Components = utils.PtrTo([]cdx.Component{})
-	bom.Vulnerabilities = commonUtils.PtrTo([]cdx.Vulnerability{})
+	bom.Vulnerabilities = utils.PtrTo([]cdx.Vulnerability{})
-	bom.Dependencies = commonUtils.PtrTo([]cdx.Dependency{})
+	bom.Dependencies = utils.PtrTo([]cdx.Dependency{})
 	return &cycloneDXReporter{
 		config:                    config,
@ -123,7 +122,7 @@ func (r *cycloneDXReporter) AddManifest(manifest *models.PackageManifest) {
 	r.bomEcosystems[manifest.Ecosystem] = true
-	r.bom.Metadata.Component.Components = commonUtils.PtrTo(append(*r.bom.Metadata.Component.Components, cdx.Component{
+	r.bom.Metadata.Component.Components = utils.PtrTo(append(*r.bom.Metadata.Component.Components, cdx.Component{
 		Type:   cdx.ComponentTypeApplication,
 		Group:  manifest.Ecosystem,
 		BOMRef: manifest.Source.GetPath(),
@ -150,16 +149,16 @@ func (r *cycloneDXReporter) addPackage(pkg *models.Package) {
 		Version:    pkg.GetVersion(),
 		PackageURL: pkgPurl,
 		BOMRef:     pkgPurl,
-		Licenses:   commonUtils.PtrTo(cdx.Licenses(r.resolvePackageLicenses(pkg))),
+		Licenses:   utils.PtrTo(cdx.Licenses(r.resolvePackageLicenses(pkg))),
 		Evidence: &cdx.Evidence{
-			Identity: commonUtils.PtrTo([]cdx.EvidenceIdentity{
+			Identity: utils.PtrTo([]cdx.EvidenceIdentity{
 				{
 					Field:      cdx.EvidenceIdentityFieldTypePURL,
-					Confidence: commonUtils.PtrTo(float32(0.7)),
+					Confidence: utils.PtrTo(float32(0.7)),
-					Methods: commonUtils.PtrTo([]cdx.EvidenceIdentityMethod{
+					Methods: utils.PtrTo([]cdx.EvidenceIdentityMethod{
 						{
 							Technique:  cdx.EvidenceIdentityTechniqueManifestAnalysis,
-							Confidence: commonUtils.PtrTo(float32(0.7)),
+							Confidence: utils.PtrTo(float32(0.7)),
 							Value:      pkg.Manifest.GetSource().GetPath(),
 						},
 					}),
@ -274,7 +273,7 @@ func (r *cycloneDXReporter) recordVulnerabilities(pkg *models.Package) {
 			Description:    utils.SafelyGetValue(vuln.Summary),
 			Ratings:        &ratings,
 			Recommendation: recommendation,
-			Affects: commonUtils.PtrTo([]cdx.Affects{
+			Affects: utils.PtrTo([]cdx.Affects{
 				{
 					Ref: pkgPurl,
 				},
@ -312,15 +311,15 @@ func (r *cycloneDXReporter) recordMalware(pkg *models.Package) {
 			BOMRef:      malwareBomref,
 			Description: malwareSummary,
 			Credits: &cdx.Credits{
-				Organizations: commonUtils.PtrTo([]cdx.OrganizationalEntity{
+				Organizations: utils.PtrTo([]cdx.OrganizationalEntity{
 					{
 						BOMRef: r.config.Tool.VendorName,
 						Name:   r.config.Tool.VendorName,
-						URL:    commonUtils.PtrTo([]string{r.config.Tool.VendorInformationURI}),
+						URL:    utils.PtrTo([]string{r.config.Tool.VendorInformationURI}),
 					},
 				}),
 			},
-			Properties: commonUtils.PtrTo([]cdx.Property{
+			Properties: utils.PtrTo([]cdx.Property{
 				{
 					Name:  "report-url",
 					Value: malysis.ReportURL(malwareAnalysis.AnalysisId),
@ -330,7 +329,7 @@ func (r *cycloneDXReporter) recordMalware(pkg *models.Package) {
 				Name: r.config.Tool.Name,
 				URL:  r.config.Tool.InformationURI,
 			},
-			Affects: commonUtils.PtrTo([]cdx.Affects{
+			Affects: utils.PtrTo([]cdx.Affects{
 				{
 					Ref: pkgPurl,
 				},
@ -351,10 +350,10 @@ func (r *cycloneDXReporter) finaliseBom() {
 	r.bom.Metadata.Timestamp = bomGenerationTime.Format(time.RFC3339)
-	r.bom.Annotations = commonUtils.PtrTo([]cdx.Annotation{
+	r.bom.Annotations = utils.PtrTo([]cdx.Annotation{
 		{
 			BOMRef: "metadata-annotations",
-			Subjects: commonUtils.PtrTo([]cdx.BOMReference{
+			Subjects: utils.PtrTo([]cdx.BOMReference{
 				cdx.BOMReference(r.rootComponentBomref),
 			}),
 			Annotator: &cdx.Annotator{
--- a/pkg/reporter/cyclonedx_test.go
+++ b/pkg/reporter/cyclonedx_test.go
@ -8,9 +8,8 @@ import (
 	malysisv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/malysis/v1"
 	cdx "github.com/CycloneDX/cyclonedx-go"
-	dryUtils "github.com/safedep/dry/utils"
+	"github.com/safedep/dry/utils"
 	"github.com/safedep/vet/gen/insightapi"
 	"github.com/safedep/vet/pkg/common/utils"
 	"github.com/safedep/vet/pkg/models"
 	"github.com/stretchr/testify/assert"
 )
@ -68,12 +67,12 @@ func TestNewCycloneDxReporter(t *testing.T) {
 	assert.Equal(t, cdxAppName, generatedBom.Metadata.Component.Name)
 	// Verify tool metadata component
-	assert.Len(t, dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Metadata.Tools).Components), 1)
+	assert.Len(t, utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Metadata.Tools).Components), 1)
-	toolComponent := dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Metadata.Tools).Components)[0]
+	toolComponent := utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Metadata.Tools).Components)[0]
 	assert.Equal(t, cdx.ComponentTypeApplication, toolComponent.Type)
 	assert.NotNil(t, toolComponent.Manufacturer)
 	assert.Equal(t, toolComponent.Manufacturer.Name, cdxTestToolMetaData.VendorName)
-	assert.ElementsMatch(t, dryUtils.SafelyGetValue(toolComponent.Manufacturer.URL), []string{cdxTestToolMetaData.VendorInformationURI})
+	assert.ElementsMatch(t, utils.SafelyGetValue(toolComponent.Manufacturer.URL), []string{cdxTestToolMetaData.VendorInformationURI})
 	assert.Equal(t, cdxTestToolMetaData.VendorName, toolComponent.Group)
 	assert.Equal(t, cdxTestToolMetaData.Name, toolComponent.Name)
 	assert.Equal(t, cdxTestToolMetaData.Version, toolComponent.Version)
@ -208,14 +207,14 @@ func TestCycloneDxReporterManifestWithDeps(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NotNil(t, generatedBom)
-	assert.Len(t, dryUtils.SafelyGetValue(generatedBom.Metadata.Component.Components), 1)
+	assert.Len(t, utils.SafelyGetValue(generatedBom.Metadata.Component.Components), 1)
-	manifestComponent := dryUtils.SafelyGetValue(generatedBom.Metadata.Component.Components)[0]
+	manifestComponent := utils.SafelyGetValue(generatedBom.Metadata.Component.Components)[0]
 	assert.Equal(t, cdx.ComponentTypeApplication, manifestComponent.Type)
 	assert.Equal(t, string(models.EcosystemNpm), manifestComponent.Group)
 	assert.Equal(t, "test/package-lock.json", manifestComponent.BOMRef)
 	assert.Equal(t, "test/package-lock.json", manifestComponent.Name)
-	components := dryUtils.SafelyGetValue(generatedBom.Components)
+	components := utils.SafelyGetValue(generatedBom.Components)
 	assert.NotNil(t, components)
 	assert.Len(t, components, 4)
@ -281,8 +280,8 @@ func TestCycloneDxReporterLicenses(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NotNil(t, generatedBom)
-	assert.Len(t, dryUtils.SafelyGetValue(generatedBom.Components), 1)
+	assert.Len(t, utils.SafelyGetValue(generatedBom.Components), 1)
-	licenses := dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Components)[0].Licenses)
+	licenses := utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Components)[0].Licenses)
 	assert.Len(t, licenses, 1)
 	assert.Equal(t, "MIT", licenses[0].License.ID)
 	assert.Equal(t, "MIT License", licenses[0].License.Name)
@ -346,7 +345,7 @@ func TestCycloneDxReporterVuln(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NotNil(t, generatedBom)
-	vulns := dryUtils.SafelyGetValue(generatedBom.Vulnerabilities)
+	vulns := utils.SafelyGetValue(generatedBom.Vulnerabilities)
 	assert.NotNil(t, vulns)
 	assert.Len(t, vulns, 1)
@ -356,14 +355,14 @@ func TestCycloneDxReporterVuln(t *testing.T) {
 	assert.Equal(t, "Test vulnerability", vuln.Description)
 	assert.Equal(t, "Upgrade to version 1.2.0 or later", vuln.Recommendation)
-	ratings := dryUtils.SafelyGetValue(vuln.Ratings)
+	ratings := utils.SafelyGetValue(vuln.Ratings)
 	assert.Len(t, ratings, 1)
 	assert.Equal(t, cdx.SeverityHigh, ratings[0].Severity)
 	assert.Equal(t, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", ratings[0].Vector)
 	assert.Equal(t, cdx.ScoringMethodCVSSv3, ratings[0].Method)
 	assert.Equal(t, utils.PtrTo(7.5), ratings[0].Score)
-	affects := dryUtils.SafelyGetValue(vuln.Affects)
+	affects := utils.SafelyGetValue(vuln.Affects)
 	assert.Len(t, affects, 1)
 	assert.Equal(t, "pkg:npm/test-package@1.0.0", affects[0].Ref)
 }
@ -411,7 +410,7 @@ func TestCycloneDxReporterMalware(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NotNil(t, generatedBom)
-	vulns := dryUtils.SafelyGetValue(generatedBom.Vulnerabilities)
+	vulns := utils.SafelyGetValue(generatedBom.Vulnerabilities)
 	assert.NotNil(t, vulns)
 	assert.Len(t, vulns, 1)
@ -421,19 +420,19 @@ func TestCycloneDxReporterMalware(t *testing.T) {
 	assert.Equal(t, "Malware detected by malysis", vuln.Description)
 	assert.Equal(t, "", vuln.Recommendation)
-	ratings := dryUtils.SafelyGetValue(vuln.Ratings)
+	ratings := utils.SafelyGetValue(vuln.Ratings)
 	assert.Len(t, ratings, 0)
-	affects := dryUtils.SafelyGetValue(vuln.Affects)
+	affects := utils.SafelyGetValue(vuln.Affects)
 	assert.Len(t, affects, 1)
 	assert.Equal(t, "pkg:npm/test-package@1.0.0", affects[0].Ref)
 	assert.Equal(t, cdxTestToolMetaData.Name, vuln.Source.Name)
 	assert.Equal(t, cdxTestToolMetaData.InformationURI, vuln.Source.URL)
-	assert.Len(t, dryUtils.SafelyGetValue(vuln.Credits.Organizations), 1)
+	assert.Len(t, utils.SafelyGetValue(vuln.Credits.Organizations), 1)
-	toolOrg := dryUtils.SafelyGetValue(vuln.Credits.Organizations)[0]
+	toolOrg := utils.SafelyGetValue(vuln.Credits.Organizations)[0]
 	assert.Equal(t, cdxTestToolMetaData.VendorName, toolOrg.BOMRef)
 	assert.Equal(t, cdxTestToolMetaData.VendorName, toolOrg.Name)
-	assert.Equal(t, []string{cdxTestToolMetaData.VendorInformationURI}, dryUtils.SafelyGetValue(toolOrg.URL))
+	assert.Equal(t, []string{cdxTestToolMetaData.VendorInformationURI}, utils.SafelyGetValue(toolOrg.URL))
 }
--- a/pkg/reporter/gitlab_test.go
+++ b/pkg/reporter/gitlab_test.go
@ -10,11 +10,11 @@ import (
 	malysisv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/malysis/v1"
 	"github.com/google/osv-scanner/pkg/lockfile"
 	"github.com/safedep/dry/utils"
 	"github.com/safedep/vet/gen/checks"
 	"github.com/safedep/vet/gen/filtersuite"
 	"github.com/safedep/vet/gen/insightapi"
 	"github.com/safedep/vet/pkg/analyzer"
 	"github.com/safedep/vet/pkg/common/utils"
 	"github.com/safedep/vet/pkg/malysis"
 	"github.com/safedep/vet/pkg/models"
 	"github.com/stretchr/testify/assert"
@ -28,7 +28,7 @@ func getGitLabReporter(reportPath string) (*gitLabReporter, error) {
 			Name:           "vet",
 			Version:        "latest",
 			InformationURI: "https://github.com/safedep/vet",
-			VendorName:     "safedep",
+			VendorName:     "SafeDep",
 		},
 	})
 }
@ -66,7 +66,7 @@ func TestGitLabReporter(t *testing.T) {
 		assert.Equal(t, "15.2.1", report.Version)
 		assert.Equal(t, "dependency_scanning", report.Scan.Type)
 		assert.Equal(t, "vet", report.Scan.Scanner.ID)
-		assert.Equal(t, "safedep", report.Scan.Scanner.Vendor.Name)
+		assert.Equal(t, "SafeDep", report.Scan.Scanner.Vendor.Name)
 		assert.Empty(t, report.Vulnerabilities)
 	})
--- a/pkg/reporter/json_report_test.go
+++ b/pkg/reporter/json_report_test.go
@ -104,7 +104,7 @@ func TestJsonRepoGenerator(t *testing.T) {
 					Name:           "vet",
 					Version:        "latest",
 					InformationURI: "https://github.com/safedep/vet",
-					VendorName:     "safedep",
+					VendorName:     "SafeDep",
 				},
 			})
--- a/pkg/reporter/sarif_builder_test.go
+++ b/pkg/reporter/sarif_builder_test.go
@ -121,7 +121,7 @@ var toolMetadata = ToolMetadata{
 	Name:           "vet",
 	Version:        "latest",
 	InformationURI: "https://github.com/safedep/vet",
-	VendorName:     "safedep",
+	VendorName:     "SafeDep",
 }
 func TestSarifBuilderReport(t *testing.T) {
`@ -1,2 +1,2 @@`
	`golang 1.24.1`	`golang 1.24.3`
	`gitleaks 8.16.4`	`gitleaks 8.16.4`