Fix linting issues

pkg/sbom/cyclonedx/unmarshal.go

@@ -112,7 +112,7 @@ func (b *BOM) parseExternalReferences(bom *cdx.BOM) []core.ExternalReference {
 	if bom.ExternalReferences == nil {
 		return nil
 	}
-	refs := make([]core.ExternalReference, 0)
+	var refs = make([]core.ExternalReference, 0)
 
 	for _, ref := range *bom.ExternalReferences {
 		t, err := b.unmarshalReferenceType(ref.Type)

pkg/vex/sbomref.go

@@ -3,14 +3,16 @@ package vex
 import (
 	"bytes"
 	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+
+	"golang.org/x/xerrors"
+
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/sbom/core"
 	"github.com/aquasecurity/trivy/pkg/types"
-	"golang.org/x/xerrors"
-	"io"
-	"net/http"
-	"net/url"
 )
 
 type SBOMReferenceSet struct {
@@ -71,13 +73,13 @@ func RetrieveExternalVEXDocuments(refs []url.URL, report *types.Report) ([]VEX,
 
 }
 
-func RetrieveExternalVEXDocument(VEXUrl url.URL, report *types.Report) (VEX, error) {
+func RetrieveExternalVEXDocument(url url.URL, report *types.Report) (VEX, error) {
 
 	logger := log.WithPrefix("vex").With(log.String("type", "externalReference"))
 
-	logger.Info(fmt.Sprintf("Retrieving external VEX document from host %s", VEXUrl.Host))
+	logger.Info(fmt.Sprintf("Retrieving external VEX document from host %s", url.Host))
 
-	res, err := http.Get(VEXUrl.String())
+	res, err := http.Get(url.String())
 	if err != nil {
 		return nil, xerrors.Errorf("unable to fetch file via HTTP: %w", err)
 	}
@@ -88,7 +90,7 @@ func RetrieveExternalVEXDocument(VEXUrl url.URL, report *types.Report) (VEX, err
 		return nil, xerrors.Errorf("unable to read response into memory: %w", err)
 	}
 
-	if v, err := decodeVEX(bytes.NewReader(val), VEXUrl.String(), report); err != nil {
+	if v, err := decodeVEX(bytes.NewReader(val), url.String(), report); err != nil {
 		return nil, xerrors.Errorf("unable to load VEX: %w", err)
 	} else {
 		return v, nil

pkg/vex/sbomref_test.go

@@ -1,16 +1,18 @@
 package vex_test
 
 import (
-	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
-	"github.com/aquasecurity/trivy/pkg/sbom/core"
-	"github.com/aquasecurity/trivy/pkg/types"
-	"github.com/aquasecurity/trivy/pkg/vex"
-	"github.com/stretchr/testify/require"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
+	"github.com/aquasecurity/trivy/pkg/sbom/core"
+	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/vex"
 )
 
 const (
@@ -22,18 +24,18 @@ func setUpServer(t *testing.T) *httptest.Server {
 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == vexExternalRef {
 			f, err := os.Open("testdata/" + vexExternalRef + ".json")
-			require.NoError(t, err)
+			t.Error(err)
 			defer f.Close()
 
 			_, err = io.Copy(w, f)
-			require.NoError(t, err)
+			t.Error(err)
 		} else if r.URL.Path == vexUnknown {
 			f, err := os.Open("testdata/" + vexUnknown + ".json")
-			require.NoError(t, err)
+			t.Error(err)
 			defer f.Close()
 
 			_, err = io.Copy(w, f)
-			require.NoError(t, err)
+			t.Error(err)
 		}
 
 		http.NotFound(w, r)
@@ -62,12 +64,12 @@ func TestRetrieveExternalVEXDocuments(t *testing.T) {
 	t.Run("external vex retrieval", func(t *testing.T) {
 		set, err := vex.NewSBOMReferenceSet(setupTestReport(s, vexExternalRef))
 		require.NoError(t, err)
-		require.Equal(t, 1, len(set.Vexes))
+		require.Len(t, set.Vexes, 1)
 	})
 
 	t.Run("incompatible external vex", func(t *testing.T) {
 		set, err := vex.NewSBOMReferenceSet(setupTestReport(s, vexUnknown))
 		require.NoError(t, err)
-		require.Equal(t, 0, len(set.Vexes))
+		require.Empty(t, set.Vexes)
 	})
 }