ci(deps): upgrade golangci-lint (#2556)

* ci(deps): upgrade golangci-lint Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> * build(deps): removed disabled linters Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> * build(deps): go run github.com/daixiang0/gci@latest write . Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * build(deps): go run golang.org/x/tools/cmd/goimports@latest -l -w . Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * build(deps): go run github.com/bombsimon/wsl/v4/cmd...@latest -strict-append -test=true -fix ./... Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * build(deps): go run github.com/catenacyber/perfsprint@latest -fix ./... Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * build(deps): replace gomnd by mnd Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * build(deps): make gqlgen Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * build: Revert "build(deps): go run github.com/daixiang0/gci@latest write ." This reverts commit 5bf8c42e1f. Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * build(deps): go run github.com/daixiang0/gci@latest write -s 'standard' -s default -s 'prefix(zotregistry.dev/zot)' . Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * build(deps): make gqlgen Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: wsl issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: check-log issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: gci issues Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> * fix: tests Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de> --------- Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de> Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
2024-12-16 21:56:37 -05:00 · 2024-07-29 19:32:51 +02:00 · 2024-07-29 19:32:51 +02:00 · f618b1d4ef
commit f618b1d4ef
parent 7d87558b7e
139 changed files with 2188 additions and 494 deletions
--- a/.github/workflows/golangci-lint.yaml
+++ b/.github/workflows/golangci-lint.yaml
@ -24,7 +24,7 @@ jobs:
        uses: golangci/golangci-lint-action@v6
        with:
          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.54.2
+          version: v1.59.1
          # Optional: working directory, useful for monorepos
          # working-directory: somedir
--- a/2
+++ b/2
@ -10,7 +10,7 @@ TOOLSDIR := $(shell pwd)/hack/tools
 PATH := bin:$(TOOLSDIR)/bin:$(PATH)
 STACKER := $(shell which stacker)
 GOLINTER := $(TOOLSDIR)/bin/golangci-lint
-GOLINTER_VERSION := v1.54.2
+GOLINTER_VERSION := v1.59.1
 NOTATION := $(TOOLSDIR)/bin/notation
 NOTATION_VERSION := 1.0.0
 COSIGN := $(TOOLSDIR)/bin/cosign
--- a/cmd/zb/helper.go
+++ b/cmd/zb/helper.go
@ -11,6 +11,7 @@ import (
 	"net/url"
 	"os"
 	"path"
 	"strconv"
 	"sync"
 	"time"
@ -368,9 +369,8 @@ func pushMonolithImage(workdir, url, trepo string, repos []string, config testCo
 	resp, err = client.R().
 		SetContentLength(true).
 		SetQueryParam("digest", digest.String()).
-		SetHeader("Content-Length", fmt.Sprintf("%d", size)).
+		SetHeader("Content-Length", strconv.Itoa(size)).
 		SetHeader("Content-Type", "application/octet-stream").SetBody(fhandle).Put(loc)
 	if err != nil {
 		return nil, repos, err
 	}
@ -385,7 +385,6 @@ func pushMonolithImage(workdir, url, trepo string, repos []string, config testCo
 	// upload image config blob
 	resp, err = client.R().
 		Post(fmt.Sprintf("%s/v2/%s/blobs/uploads/", url, repo))
 	if err != nil {
 		return nil, repos, err
 	}
@ -399,14 +398,14 @@ func pushMonolithImage(workdir, url, trepo string, repos []string, config testCo
 	loc = getLocation(url, resp)
 	cblob, cdigest := getImageConfig()
 	resp, err = client.R().
 		SetContentLength(true).
-		SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
+		SetHeader("Content-Length", strconv.Itoa(len(cblob))).
 		SetHeader("Content-Type", "application/octet-stream").
 		SetQueryParam("digest", cdigest.String()).
 		SetBody(cblob).
 		Put(loc)
 	if err != nil {
 		return nil, repos, err
 	}
@ -450,7 +449,6 @@ func pushMonolithImage(workdir, url, trepo string, repos []string, config testCo
 		SetHeader("Content-Type", "application/vnd.oci.image.manifest.v1+json").
 		SetBody(content).
 		Put(fmt.Sprintf("%s/v2/%s/manifests/%s", url, repo, manifestTag))
 	if err != nil {
 		return nil, repos, err
 	}
@ -551,7 +549,7 @@ func pushMonolithAndCollect(workdir, url, trepo string, count int,
 		resp, err = client.R().
 			SetContentLength(true).
-			SetHeader("Content-Length", fmt.Sprintf("%d", size)).
+			SetHeader("Content-Length", strconv.Itoa(size)).
 			SetHeader("Content-Type", "application/octet-stream").
 			SetQueryParam("digest", digest.String()).
 			SetBody(fhandle).
@ -597,7 +595,7 @@ func pushMonolithAndCollect(workdir, url, trepo string, count int,
 		cblob, cdigest := getImageConfig()
 		resp, err = client.R().
 			SetContentLength(true).
-			SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
+			SetHeader("Content-Length", strconv.Itoa(len(cblob))).
 			SetHeader("Content-Type", "application/octet-stream").
 			SetQueryParam("digest", cdigest.String()).
 			SetBody(cblob).
@ -780,7 +778,7 @@ func pushChunkAndCollect(workdir, url, trepo string, count int,
 		// finish upload
 		resp, err = client.R().
 			SetContentLength(true).
-			SetHeader("Content-Length", fmt.Sprintf("%d", size)).
+			SetHeader("Content-Length", strconv.Itoa(size)).
 			SetHeader("Content-Type", "application/octet-stream").
 			SetQueryParam("digest", digest.String()).
 			Put(loc)
@ -823,12 +821,12 @@ func pushChunkAndCollect(workdir, url, trepo string, count int,
 		loc = getLocation(url, resp)
 		cblob, cdigest := getImageConfig()
 		resp, err = client.R().
 			SetContentLength(true).
 			SetHeader("Content-Type", "application/octet-stream").
 			SetBody(fhandle).
 			Patch(loc)
 		if err != nil {
 			isConnFail = true
@ -871,7 +869,7 @@ func pushChunkAndCollect(workdir, url, trepo string, count int,
 		// finish upload
 		resp, err = client.R().
 			SetContentLength(true).
-			SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
+			SetHeader("Content-Length", strconv.Itoa(len(cblob))).
 			SetHeader("Content-Type", "application/octet-stream").
 			SetQueryParam("digest", cdigest.String()).
 			Put(loc)
--- a/cmd/zb/perf.go
+++ b/cmd/zb/perf.go
@ -466,6 +466,7 @@ func Pull(
 	} else {
 		// Push blob given size
 		var err error
 		manifestHash, repos, err = pushMonolithImage(workdir, url, trepo, repos, config, client)
 		if err != nil {
 			return err
@ -684,6 +685,7 @@ func Perf(
 	log.Printf("Starting tests ...\n")
 	var err error
 	zbError := false
 	// get host ips from command line to make requests from
@ -724,6 +726,7 @@ func Perf(
 				}
 			}()
 		}
 		wg.Wait()
 		summary.total = time.Since(start)
@ -757,7 +760,7 @@ func Perf(
 			log.Fatal(err) // file closed on exit
 		}
-		if err := os.WriteFile(fmt.Sprintf("%s.json", outFmt), jsonOut, defaultFilePerms); err != nil {
+		if err := os.WriteFile(outFmt+".json", jsonOut, defaultFilePerms); err != nil {
 			log.Fatal(err)
 		}
 	}
@ -788,7 +791,7 @@ func getRandomClientIPs(auth string, url string, ips []string) (*resty.Client, e
 		ip := ips[nBig.Int64()]
 		// set ip in transport
-		localAddr, err := net.ResolveTCPAddr("tcp", fmt.Sprintf("%s:0", ip))
+		localAddr, err := net.ResolveTCPAddr("tcp", ip+":0")
 		if err != nil {
 			return nil, err
 		}
--- a/errors/errors.go
+++ b/errors/errors.go
@ -36,6 +36,7 @@ func NewError(err error) *Error {
 func GetDetails(err error) map[string]string {
 	var internalErr *Error
 	details := make(map[string]string)
 	if errors.As(err, &internalErr) {
--- a/golangcilint.yaml
+++ b/golangcilint.yaml
@ -1,11 +1,31 @@
 run:
-  deadline: 60m
+  timeout: 60m
  skip-dirs:
    - "internal"
 linters:
  enable-all: true
-  disable: funlen,gocognit,exhaustivestruct,paralleltest,forbidigo,ireturn,wrapcheck,exhaustive,maintidx,exhaustruct,nosnakecase,interfacer,structcheck,varcheck,deadcode,ifshort,golint,scopelint,maligned,rowserrcheck,sqlclosecheck,revive,musttag,depguard
+  disable:
    - gomnd
    - funlen
    - gocognit
    - paralleltest
    - forbidigo
    - ireturn
    - wrapcheck
    - exhaustive
    - maintidx
    - exhaustruct
    - rowserrcheck
    - sqlclosecheck
    - revive
    - musttag
    - depguard
    - execinquery
    - inamedparam
    - intrange
    - promlinter
    - protogetter
    - contextcheck # needs to revisit: https://github.com/project-zot/zot/pull/2556
    - copyloopvar # needs to revisit: https://github.com/project-zot/zot/pull/2556
 linters-settings:
  dupl:
@ -41,22 +61,33 @@ linters-settings:
      - prefix(zotregistry.dev/zot)
  wsl:
    allow-assign-and-anything: true
-    enforce-err-cuddling: true
+    force-err-cuddling: true
  nolintlint:
    allow-unused: true
-  gomnd:
+  mnd:
-    settings:
+    checks:
-      mnd:
+      - argument
-        checks: argument,case,condition,operation,return,assign
+      - case
-        ignored-numbers: 10,64
+      - condition
      - operation
      - return
      - assign
    ignored-numbers:
      - "10"
      - "64"
  gomoddirectives:
    replace-allow-list:
      - github.com/gorilla/mux
      - github.com/testcontainers/testcontainers-go
 issues:
  exclude-dirs:
    - "internal"
  exclude-rules:
    - path: pkg/extensions/search/schema.resolvers.go
      linters:
        - lll
        - varnamelen
        - gci
    - path: _test\.go
      linters:
        - dupl
--- a/pkg/api/authn.go
+++ b/pkg/api/authn.go
@ -6,6 +6,7 @@ import (
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"net"
@ -434,6 +435,7 @@ func bearerAuthHandler(ctlr *Controller) mux.MiddlewareFunc {
 				return
 			}
 			acCtrlr := NewAccessController(ctlr.Config)
 			vars := mux.Vars(request)
 			name := vars["name"]
@ -661,7 +663,7 @@ func getRelyingPartyArgs(cfg *config.Config, provider string, log log.Logger) (
 	keyPath := cfg.HTTP.Auth.OpenID.Providers[provider].KeyPath
 	baseURL := net.JoinHostPort(cfg.HTTP.Address, port)
-	callback := constants.CallbackBasePath + fmt.Sprintf("/%s", provider)
+	callback := constants.CallbackBasePath + "/" + provider
 	var redirectURI string
@ -681,7 +683,7 @@ func getRelyingPartyArgs(cfg *config.Config, provider string, log log.Logger) (
 		rp.WithVerifierOpts(rp.WithIssuedAtOffset(issuedAtOffset)),
 	}
-	key := securecookie.GenerateRandomKey(32) //nolint: gomnd
+	key := securecookie.GenerateRandomKey(32) //nolint:mnd
 	cookieHandler := httphelper.NewCookieHandler(key, key, httphelper.WithMaxAge(relyingPartyCookieMaxAge))
 	options = append(options, rp.WithCookieHandler(cookieHandler))
@ -740,7 +742,7 @@ func getUsernamePasswordBasicAuth(request *http.Request) (string, string, error)
 		return "", "", zerr.ErrParsingAuthHeader
 	}
-	splitStr := strings.SplitN(basicAuth, " ", 2) //nolint: gomnd
+	splitStr := strings.SplitN(basicAuth, " ", 2) //nolint:mnd
 	if len(splitStr) != 2 || strings.ToLower(splitStr[0]) != "basic" {
 		return "", "", zerr.ErrParsingAuthHeader
 	}
@ -750,8 +752,8 @@ func getUsernamePasswordBasicAuth(request *http.Request) (string, string, error)
 		return "", "", err
 	}
-	pair := strings.SplitN(string(decodedStr), ":", 2) //nolint: gomnd
+	pair := strings.SplitN(string(decodedStr), ":", 2) //nolint:mnd
-	if len(pair) != 2 {                                //nolint: gomnd
+	if len(pair) != 2 {                                //nolint:mnd
 		return "", "", zerr.ErrParsingAuthHeader
 	}
@ -878,7 +880,7 @@ func hashUUID(uuid string) string {
 	digester := sha256.New()
 	digester.Write([]byte(uuid))
-	return godigest.NewDigestFromEncoded(godigest.SHA256, fmt.Sprintf("%x", digester.Sum(nil))).Encoded()
+	return godigest.NewDigestFromEncoded(godigest.SHA256, hex.EncodeToString(digester.Sum(nil))).Encoded()
 }
 /*
--- a/pkg/api/authn_test.go
+++ b/pkg/api/authn_test.go
@ -7,7 +7,6 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io/fs"
 	"net/http"
 	"net/http/httptest"
@ -91,6 +90,7 @@ func TestAPIKeys(t *testing.T) {
 		username, seedUser := test.GenerateRandomString()
 		password, seedPass := test.GenerateRandomString()
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
 		defer os.Remove(htpasswdPath)
 		mockOIDCServer, err := authutils.MockOIDCRun()
@ -847,6 +847,7 @@ func TestAPIKeysOpenDBError(t *testing.T) {
 		username, seedUser := test.GenerateRandomString()
 		password, seedPass := test.GenerateRandomString()
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
 		defer os.Remove(htpasswdPath)
 		mockOIDCServer, err := authutils.MockOIDCRun()
@ -1107,7 +1108,7 @@ func (gen *mockUUIDGenerator) NewV4() (
 type errReader int
 func (errReader) Read(p []byte) (int, error) {
-	return 0, fmt.Errorf("test error") //nolint:goerr113
+	return 0, errors.New("test error") //nolint:goerr113
 }
 type badDirInfo struct {
--- a/pkg/api/authz.go
+++ b/pkg/api/authz.go
@ -230,7 +230,6 @@ func BaseAuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
 			since we only do READ actions in extensions, this middleware is enough for them because
 			it populates the context with user relevant data to be processed by each individual extension
 			*/
 			if request.Method == http.MethodOptions {
 				next.ServeHTTP(response, request)
@ -312,9 +311,10 @@ func DistSpecAuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
 				// if we get a reference (tag)
 				if ok {
 					is := ctlr.StoreController.GetImageStore(resource)
 					tags, err := is.GetImageTags(resource)
 					// if repo exists and request's tag exists then action is UPDATE
 					if err == nil && common.Contains(tags, reference) && reference != "latest" {
 						// if repo exists and request's tag exists then action is UPDATE
 						action = constants.UpdatePermission
 					}
 				}
@ -343,6 +343,7 @@ func MetricsAuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
 				return
 			}
 			if len(ctlr.Config.HTTP.AccessControl.Metrics.Users) == 0 {
 				log := ctlr.Log
 				log.Warn().Msg("auth is enabled but no metrics users in accessControl: /metrics is unaccesible")
--- a/pkg/api/config/config.go
+++ b/pkg/api/config/config.go
@ -306,6 +306,7 @@ func DeepCopy(src, dst interface{}) error {
 	if err != nil {
 		return err
 	}
 	err = json.Unmarshal(bytes, dst)
 	return err
--- a/pkg/api/config/config_test.go
+++ b/pkg/api/config/config_test.go
@ -69,9 +69,12 @@ func TestConfig(t *testing.T) {
 	Convey("Test DeepCopy() & Sanitize()", t, func() {
 		conf := config.New()
 		So(conf, ShouldNotBeNil)
 		authConfig := &config.AuthConfig{LDAP: (&config.LDAPConfig{}).SetBindPassword("oina")}
 		conf.HTTP.Auth = authConfig
 		So(func() { conf.Sanitize() }, ShouldNotPanic)
 		conf = conf.Sanitize()
 		So(conf.HTTP.Auth.LDAP.BindPassword(), ShouldEqual, "******")
--- a/pkg/api/controller.go
+++ b/pkg/api/controller.go
@ -96,6 +96,7 @@ func NewController(appConfig *config.Config) *Controller {
 			Str("clusterMember", memberSocket).
 			Str("clusterMemberIndex", strconv.Itoa(memberSocketIdx)).Logger()
 	}
 	controller.Config = appConfig
 	controller.Log = logger
--- a/pkg/api/controller_test.go
+++ b/pkg/api/controller_test.go
--- a/pkg/api/cookiestore.go
+++ b/pkg/api/cookiestore.go
@ -147,7 +147,7 @@ func (gen *SessionCleanup) Next() (scheduler.Task, error) {
 	if len(sessions) == 0 {
 		gen.done = true
-		return nil, nil
+		return nil, nil //nolint:nilnil
 	}
 	return &CleanTask{sessions: sessions}, nil
--- a/pkg/api/ldap.go
+++ b/pkg/api/ldap.go
@ -66,7 +66,6 @@ func (lc *LDAPClient) Connect() error {
 				}
 				err = l.StartTLS(config)
 				if err != nil {
 					lc.Log.Error().Err(err).Str("address", address).Msg("failed to establish a TLS connection")
@ -81,8 +80,8 @@ func (lc *LDAPClient) Connect() error {
 			}
 			if lc.ClientCertificates != nil && len(lc.ClientCertificates) > 0 {
 				config.Certificates = lc.ClientCertificates
 				// config.BuildNameToCertificate()
 			}
 			l, err = ldap.DialTLS("tcp", address, config) //nolint:staticcheck
 			if err != nil {
 				lc.Log.Error().Err(err).Str("address", address).Msg("failed to establish a TLS connection")
@ -226,6 +225,7 @@ func (lc *LDAPClient) Authenticate(username, password string) (bool, map[string]
 		userAttributes := search.Entries[0].Attributes[0]
 		userGroups = userAttributes.Values
 	}
 	user := map[string]string{}
 	for _, attr := range lc.Attributes {
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@ -38,7 +38,7 @@ import (
 	apiErr "zotregistry.dev/zot/pkg/api/errors"
 	zcommon "zotregistry.dev/zot/pkg/common"
 	gqlPlayground "zotregistry.dev/zot/pkg/debug/gqlplayground"
-	pprof "zotregistry.dev/zot/pkg/debug/pprof"
+	"zotregistry.dev/zot/pkg/debug/pprof"
 	debug "zotregistry.dev/zot/pkg/debug/swagger"
 	ext "zotregistry.dev/zot/pkg/extensions"
 	syncConstants "zotregistry.dev/zot/pkg/extensions/sync/constants"
@ -76,10 +76,10 @@ func (rh *RouteHandler) SetupRoutes() {
 		// callback path for openID
 		for provider, relyingParty := range rh.c.RelyingParties {
 			if config.IsOauth2Supported(provider) {
-				rh.c.Router.HandleFunc(constants.CallbackBasePath+fmt.Sprintf("/%s", provider),
+				rh.c.Router.HandleFunc(constants.CallbackBasePath+"/"+provider,
 					rp.CodeExchangeHandler(rh.GithubCodeExchangeCallback(), relyingParty))
 			} else if config.IsOpenIDSupported(provider) {
-				rh.c.Router.HandleFunc(constants.CallbackBasePath+fmt.Sprintf("/%s", provider),
+				rh.c.Router.HandleFunc(constants.CallbackBasePath+"/"+provider,
 					rp.CodeExchangeHandler(rp.UserinfoCallback(rh.OpenIDCodeExchangeCallback()), relyingParty))
 			}
 		}
@ -265,9 +265,9 @@ func (rh *RouteHandler) CheckVersionSupport(response http.ResponseWriter, reques
 		// don't send auth headers if request is coming from UI
 		if request.Header.Get(constants.SessionClientHeaderName) != constants.SessionClientHeaderValue {
 			if rh.c.Config.HTTP.Auth.Bearer != nil {
-				response.Header().Set("WWW-Authenticate", fmt.Sprintf("bearer realm=%s", rh.c.Config.HTTP.Auth.Bearer.Realm))
+				response.Header().Set("WWW-Authenticate", "bearer realm="+rh.c.Config.HTTP.Auth.Bearer.Realm)
 			} else {
-				response.Header().Set("WWW-Authenticate", fmt.Sprintf("basic realm=%s", rh.c.Config.HTTP.Realm))
+				response.Header().Set("WWW-Authenticate", "basic realm="+rh.c.Config.HTTP.Realm)
 			}
 		}
 	}
@ -458,6 +458,7 @@ func (rh *RouteHandler) CheckManifest(response http.ResponseWriter, request *htt
 			zcommon.WriteJSON(response, http.StatusNotFound, apiErr.NewErrorList(e))
 		} else {
 			rh.c.Log.Error().Err(err).Msg("unexpected error")
 			e := apiErr.NewError(apiErr.MANIFEST_INVALID).AddDetail(details)
 			zcommon.WriteJSON(response, http.StatusInternalServerError, apiErr.NewErrorList(e))
 		}
@ -466,7 +467,7 @@ func (rh *RouteHandler) CheckManifest(response http.ResponseWriter, request *htt
 	}
 	response.Header().Set(constants.DistContentDigestKey, digest.String())
-	response.Header().Set("Content-Length", fmt.Sprintf("%d", len(content)))
+	response.Header().Set("Content-Length", strconv.Itoa(len(content)))
 	response.Header().Set("Content-Type", mediaType)
 	response.WriteHeader(http.StatusOK)
 }
@ -548,7 +549,7 @@ func (rh *RouteHandler) GetManifest(response http.ResponseWriter, request *http.
 	}
 	response.Header().Set(constants.DistContentDigestKey, digest.String())
-	response.Header().Set("Content-Length", fmt.Sprintf("%d", len(content)))
+	response.Header().Set("Content-Length", strconv.Itoa(len(content)))
 	response.Header().Set("Content-Type", mediaType)
 	zcommon.WriteData(response, http.StatusOK, mediaType, content)
 }
@ -607,8 +608,8 @@ func (rh *RouteHandler) GetReferrers(response http.ResponseWriter, request *http
 	}
 	digestStr, ok := vars["digest"]
 	digest, err := godigest.Parse(digestStr)
 	digest, err := godigest.Parse(digestStr)
 	if !ok || digestStr == "" || err != nil {
 		response.WriteHeader(http.StatusBadRequest)
@ -647,7 +648,7 @@ func (rh *RouteHandler) GetReferrers(response http.ResponseWriter, request *http
 	if len(artifactTypes) > 0 {
 		// currently, the only filter supported and on this end-point
-		response.Header().Set("OCI-Filters-Applied", "artifactType")
+		response.Header().Set("OCI-Filters-Applied", "artifactType") //nolint:canonicalheader
 	}
 	zcommon.WriteData(response, http.StatusOK, ispec.MediaTypeImageIndex, out)
@ -991,7 +992,7 @@ func (rh *RouteHandler) CheckBlob(response http.ResponseWriter, request *http.Re
 		return
 	}
-	response.Header().Set("Content-Length", fmt.Sprintf("%d", blen))
+	response.Header().Set("Content-Length", strconv.FormatInt(blen, 10))
 	response.Header().Set("Accept-Ranges", "bytes")
 	response.Header().Set(constants.DistContentDigestKey, digest.String())
 	response.WriteHeader(http.StatusOK)
@ -1018,6 +1019,7 @@ func parseRangeHeader(contentRange string) (int64, int64, error) {
 	}
 	var from int64
 	to := int64(-1)
 	rangeFrom := paramsMap["rangeFrom"]
@ -1135,9 +1137,10 @@ func (rh *RouteHandler) GetBlob(response http.ResponseWriter, request *http.Requ
 		return
 	}
 	defer repo.Close()
-	response.Header().Set("Content-Length", fmt.Sprintf("%d", blen))
+	response.Header().Set("Content-Length", strconv.FormatInt(blen, 10))
 	status := http.StatusOK
@ -1173,8 +1176,8 @@ func (rh *RouteHandler) DeleteBlob(response http.ResponseWriter, request *http.R
 	}
 	digestStr, ok := vars["digest"]
 	digest, err := godigest.Parse(digestStr)
 	digest, err := godigest.Parse(digestStr)
 	if !ok || digestStr == "" || err != nil {
 		response.WriteHeader(http.StatusNotFound)
@ -1330,6 +1333,7 @@ func (rh *RouteHandler) CreateBlobUpload(response http.ResponseWriter, request *
 		contentLength, err := strconv.ParseInt(request.Header.Get("Content-Length"), 10, 64)
 		if err != nil || contentLength <= 0 {
 			rh.c.Log.Warn().Str("actual", request.Header.Get("Content-Length")).Msg("invalid content length")
 			details := map[string]string{"digest": digest.String()}
 			if err != nil {
@ -1337,6 +1341,7 @@ func (rh *RouteHandler) CreateBlobUpload(response http.ResponseWriter, request *
 			} else {
 				details["Content-Length"] = request.Header.Get("Content-Length")
 			}
 			e := apiErr.NewError(apiErr.BLOB_UPLOAD_INVALID).AddDetail(details)
 			zcommon.WriteJSON(response, http.StatusBadRequest, apiErr.NewErrorList(e))
@ -1491,7 +1496,6 @@ func (rh *RouteHandler) PatchBlobUpload(response http.ResponseWriter, request *h
 		clen, err = imgStore.PutBlobChunkStreamed(name, sessionID, request.Body)
 	} else {
 		// chunked blob upload
 		var contentLength int64
 		if contentLength, err = strconv.ParseInt(request.Header.Get("Content-Length"), 10, 64); err != nil {
@ -1533,6 +1537,7 @@ func (rh *RouteHandler) PatchBlobUpload(response http.ResponseWriter, request *h
 				rh.c.Log.Error().Err(err).Str("blobUpload", sessionID).Str("repository", name).
 					Msg("couldn't remove blobUpload in repo")
 			}
 			response.WriteHeader(http.StatusInternalServerError)
 		}
@ -1655,6 +1660,7 @@ func (rh *RouteHandler) UpdateBlobUpload(response http.ResponseWriter, request *
 					rh.c.Log.Error().Err(err).Str("blobUpload", sessionID).Str("repository", name).
 						Msg("failed to remove blobUpload in repo")
 				}
 				response.WriteHeader(http.StatusInternalServerError)
 			}
--- a/pkg/api/routes_test.go
+++ b/pkg/api/routes_test.go
@ -47,12 +47,14 @@ func TestRoutes(t *testing.T) {
 		username, seedUser := test.GenerateRandomString()
 		password, seedPass := test.GenerateRandomString()
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
 		defer os.Remove(htpasswdPath)
 		mockOIDCServer, err := mockoidc.Run()
 		if err != nil {
 			panic(err)
 		}
 		defer func() {
 			err := mockOIDCServer.Shutdown()
 			if err != nil {
@ -305,6 +307,7 @@ func TestRoutes(t *testing.T) {
 				ctlr.StoreController.DefaultStore = ism
 				request, _ := http.NewRequestWithContext(context.Background(), http.MethodDelete, baseURL, nil)
 				request = mux.SetURLVars(request, urlVars)
 				for k, v := range headers {
 					request.Header.Add(k, v)
 				}
--- a/pkg/api/session.go
+++ b/pkg/api/session.go
@ -90,25 +90,30 @@ func SessionLogger(ctlr *Controller) mux.MiddlewareFunc {
 			method := request.Method
 			headers := map[string][]string{}
 			log := logger.Info() //nolint: zerologlint // false positive, the Msg call is below
 			for key, value := range request.Header {
 				if key == "Authorization" { // anonymize from logs
-					s := strings.SplitN(value[0], " ", 2) //nolint:gomnd
+					s := strings.SplitN(value[0], " ", 2) //nolint:mnd
 					if len(s) == 2 && strings.EqualFold(s[0], "basic") {
 						b, err := base64.StdEncoding.DecodeString(s[1])
 						if err == nil {
-							pair := strings.SplitN(string(b), ":", 2) //nolint:gomnd
+							pair := strings.SplitN(string(b), ":", 2) //nolint:mnd
-							//nolint:gomnd
+							//nolint:mnd
 							if len(pair) == 2 {
 								log = log.Str("username", pair[0])
 							}
 						}
 					}
 					value = []string{"******"}
 				}
 				headers[key] = value
 			}
 			statusCode := stwr.status
 			bodySize := stwr.length
 			if raw != "" {
 				path = path + "?" + raw
 			}
@ -151,12 +156,12 @@ func SessionAuditLogger(audit *log.Logger) mux.MiddlewareFunc {
 			for key, value := range request.Header {
 				if key == "Authorization" { // anonymize from logs
-					s := strings.SplitN(value[0], " ", 2) //nolint:gomnd
+					s := strings.SplitN(value[0], " ", 2) //nolint:mnd
 					if len(s) == 2 && strings.EqualFold(s[0], "basic") {
 						b, err := base64.StdEncoding.DecodeString(s[1])
 						if err == nil {
-							pair := strings.SplitN(string(b), ":", 2) //nolint:gomnd
+							pair := strings.SplitN(string(b), ":", 2) //nolint:mnd
-							if len(pair) == 2 {                       //nolint:gomnd
+							if len(pair) == 2 {                       //nolint:mnd
 								username = pair[0]
 							}
 						}
@ -165,6 +170,7 @@ func SessionAuditLogger(audit *log.Logger) mux.MiddlewareFunc {
 			}
 			statusCode := statusWr.status
 			if raw != "" {
 				path = path + "?" + raw
 			}
--- a/pkg/cli/client/client.go
+++ b/pkg/cli/client/client.go
@ -450,7 +450,7 @@ func fetchManifestStruct(ctx context.Context, repo, manifestReference string, se
 		layers = append(
 			layers,
 			common.LayerSummary{
-				Size:   fmt.Sprintf("%v", entry.Size),
+				Size:   strconv.FormatInt(entry.Size, 10),
 				Digest: entry.Digest.String(),
 			},
 		)
--- a/pkg/cli/client/client_test.go
+++ b/pkg/cli/client/client_test.go
@ -47,11 +47,14 @@ func TestTLSWithAuth(t *testing.T) {
 		caCertPool.AppendCertsFromPEM(caCert)
 		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
 		defer func() { resty.SetTLSClientConfig(nil) }()
 		conf := config.New()
 		conf.HTTP.Port = SecurePort1
 		username, seedUser := test.GenerateRandomString()
 		password, seedPass := test.GenerateRandomString()
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
 		defer os.Remove(htpasswdPath)
@ -75,6 +78,7 @@ func TestTLSWithAuth(t *testing.T) {
 		ctlr := api.NewController(conf)
 		ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password")
 		ctlr.Config.Storage.RootDirectory = t.TempDir()
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
@ -101,10 +105,12 @@ func TestTLSWithAuth(t *testing.T) {
 			So(imageBuff.String(), ShouldContainSubstring, "scheme not provided")
 			args = []string{"list", "--config", "imagetest"}
 			configPath = makeConfigFile(
 				fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
 					BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
 			defer os.Remove(configPath)
 			imageCmd = client.NewImageCommand(client.NewSearchService())
 			imageBuff = bytes.NewBufferString("")
 			imageCmd.SetOut(imageBuff)
@ -116,10 +122,12 @@ func TestTLSWithAuth(t *testing.T) {
 			user := fmt.Sprintf("%s:%s", username, password)
 			args = []string{"-u", user, "--config", "imagetest"}
 			configPath = makeConfigFile(
 				fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
 					BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
 			defer os.Remove(configPath)
 			imageCmd = client.NewImageCommand(client.NewSearchService())
 			imageBuff = bytes.NewBufferString("")
 			imageCmd.SetOut(imageBuff)
@ -139,7 +147,9 @@ func TestTLSWithoutAuth(t *testing.T) {
 		caCertPool.AppendCertsFromPEM(caCert)
 		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
 		defer func() { resty.SetTLSClientConfig(nil) }()
 		conf := config.New()
 		conf.HTTP.Port = SecurePort1
 		conf.HTTP.TLS = &config.TLSConfig{
@ -155,6 +165,7 @@ func TestTLSWithoutAuth(t *testing.T) {
 		ctlr := api.NewController(conf)
 		ctlr.Config.Storage.RootDirectory = t.TempDir()
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
@ -189,11 +200,14 @@ func TestTLSBadCerts(t *testing.T) {
 	Convey("Make a new controller", t, func() {
 		caCert, err := os.ReadFile(CACert)
 		So(err, ShouldBeNil)
 		caCertPool := x509.NewCertPool()
 		caCertPool.AppendCertsFromPEM(caCert)
 		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
 		defer func() { resty.SetTLSClientConfig(nil) }()
 		conf := config.New()
 		conf.HTTP.Port = SecurePort3
 		conf.HTTP.TLS = &config.TLSConfig{
@ -204,6 +218,7 @@ func TestTLSBadCerts(t *testing.T) {
 		ctlr := api.NewController(conf)
 		ctlr.Config.Storage.RootDirectory = t.TempDir()
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
--- a/pkg/cli/client/config_cmd.go
+++ b/pkg/cli/client/config_cmd.go
@ -223,7 +223,7 @@ func getConfigNames(configPath string) (string, error) {
 	var builder strings.Builder
-	writer := tabwriter.NewWriter(&builder, 0, 8, 1, '\t', tabwriter.AlignRight) //nolint:gomnd
+	writer := tabwriter.NewWriter(&builder, 0, 8, 1, '\t', tabwriter.AlignRight) //nolint:mnd
 	for _, val := range configs {
 		configMap, ok := val.(map[string]interface{})
--- a/pkg/cli/client/config_cmd_test.go
+++ b/pkg/cli/client/config_cmd_test.go
@ -20,26 +20,33 @@ import (
 func TestConfigCmdBasics(t *testing.T) {
 	Convey("Test config help", t, func() {
 		args := []string{"--help"}
 		configPath := makeConfigFile("showspinner = false")
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
-		So(buff.String(), ShouldContainSubstring, "Usage")
+
 		So(err, ShouldBeNil)
 		So(buff.String(), ShouldContainSubstring, "Usage")
 		Convey("with the shorthand", func() {
 			args[0] = "-h"
 			configPath := makeConfigFile("showspinner = false")
 			defer os.Remove(configPath)
 			cmd := client.NewConfigCommand()
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(buff.String(), ShouldContainSubstring, "Usage")
 			So(err, ShouldBeNil)
 		})
@ -47,14 +54,17 @@ func TestConfigCmdBasics(t *testing.T) {
 	Convey("Test config no args", t, func() {
 		args := []string{}
 		configPath := makeConfigFile("showspinner = false")
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(buff.String(), ShouldContainSubstring, "Usage")
 		So(err, ShouldNotBeNil)
 	})
@ -63,8 +73,10 @@ func TestConfigCmdBasics(t *testing.T) {
 func TestConfigCmdMain(t *testing.T) {
 	Convey("Test add config", t, func() {
 		args := []string{"add", "configtest1", "https://test-url.com"}
 		file := makeConfigFile("")
 		defer os.Remove(file)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -83,6 +95,7 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test error on home directory", t, func() {
 		args := []string{"add", "configtest1", "https://test-url.com"}
 		file := makeConfigFile("")
 		defer os.Remove(file)
@ -103,6 +116,7 @@ func TestConfigCmdMain(t *testing.T) {
 		if err != nil {
 			panic(err)
 		}
 		err = os.Setenv("HOME", home)
 		if err != nil {
 			log.Fatal(err)
@ -111,6 +125,7 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test error on home directory at new add config", t, func() {
 		args := []string{"add", "configtest1", "https://test-url.com"}
 		file := makeConfigFile("")
 		defer os.Remove(file)
@ -131,6 +146,7 @@ func TestConfigCmdMain(t *testing.T) {
 		if err != nil {
 			panic(err)
 		}
 		err = os.Setenv("HOME", home)
 		if err != nil {
 			log.Fatal(err)
@ -139,8 +155,10 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test add config with invalid format", t, func() {
 		args := []string{"--list"}
 		configPath := makeConfigFile(`{"configs":{"_name":"configtest","url":"https://test-url.com","showspinner":false}}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -152,8 +170,10 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test add config with invalid URL", t, func() {
 		args := []string{"add", "configtest1", "test..com"}
 		file := makeConfigFile("")
 		defer os.Remove(file)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -166,8 +186,10 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test remove config entry successfully", t, func() {
 		args := []string{"remove", "configtest"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -184,8 +206,10 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test remove missing config entry", t, func() {
 		args := []string{"remove", "configtest"}
 		configPath := makeConfigFile(`{"configs":[]`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -198,8 +222,10 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test remove bad config file content", t, func() {
 		args := []string{"remove", "configtest"}
 		configPath := makeConfigFile(`{"asdf":[]`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -212,8 +238,10 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test remove bad config file entry", t, func() {
 		args := []string{"remove", "configtest"}
 		configPath := makeConfigFile(`{"configs":[asdad]`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -227,12 +255,15 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test remove config bad permissions", t, func() {
 		args := []string{"remove", "configtest"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer func() {
 			_ = os.Chmod(configPath, 0o600)
 			os.Remove(configPath)
 		}()
 		err := os.Chmod(configPath, 0o400) // Read-only, so we fail only on updating the file, not reading
 		So(err, ShouldBeNil)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -245,122 +276,154 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test fetch all config", t, func() {
 		args := []string{"--list"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(buff.String(), ShouldContainSubstring, "https://test-url.com")
 		So(err, ShouldBeNil)
 		Convey("with the shorthand", func() {
 			args := []string{"-l"}
 			configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 			defer os.Remove(configPath)
 			cmd := client.NewConfigCommand()
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(buff.String(), ShouldContainSubstring, "https://test-url.com")
 			So(err, ShouldBeNil)
 			So(buff.String(), ShouldContainSubstring, "https://test-url.com")
 		})
 		Convey("From empty file", func() {
 			args := []string{"-l"}
 			configPath := makeConfigFile(``)
 			defer os.Remove(configPath)
 			cmd := client.NewConfigCommand()
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(err, ShouldBeNil)
 			So(strings.TrimSpace(buff.String()), ShouldEqual, "")
 		})
 	})
 	Convey("Test fetch a config", t, func() {
 		args := []string{"configtest", "--list"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(err, ShouldBeNil)
 		So(buff.String(), ShouldContainSubstring, "url = https://test-url.com")
 		So(buff.String(), ShouldContainSubstring, "showspinner = false")
 		So(err, ShouldBeNil)
 		Convey("with the shorthand", func() {
 			args := []string{"configtest", "-l"}
 			configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 			defer os.Remove(configPath)
 			cmd := client.NewConfigCommand()
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(err, ShouldBeNil)
 			So(buff.String(), ShouldContainSubstring, "url = https://test-url.com")
 			So(buff.String(), ShouldContainSubstring, "showspinner = false")
 			So(err, ShouldBeNil)
 		})
 		Convey("From empty file", func() {
 			args := []string{"configtest", "-l"}
 			configPath := makeConfigFile(``)
 			defer os.Remove(configPath)
 			cmd := client.NewConfigCommand()
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(err, ShouldBeNil)
 			So(strings.TrimSpace(buff.String()), ShouldEqual, "")
 		})
 	})
 	Convey("Test fetch a config val", t, func() {
 		args := []string{"configtest", "url"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(buff.String(), ShouldEqual, "https://test-url.com\n")
 		So(err, ShouldBeNil)
 		So(buff.String(), ShouldEqual, "https://test-url.com\n")
 		Convey("From empty file", func() {
 			args := []string{"configtest", "url"}
 			configPath := makeConfigFile(``)
 			defer os.Remove(configPath)
 			cmd := client.NewConfigCommand()
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(err, ShouldNotBeNil)
 			So(buff.String(), ShouldContainSubstring, "does not exist")
 		})
 	})
 	Convey("Test add a config val", t, func() {
 		args := []string{"configtest", "showspinner", "false"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com"}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -380,23 +443,29 @@ func TestConfigCmdMain(t *testing.T) {
 		Convey("To an empty file", func() {
 			args := []string{"configtest", "showspinner", "false"}
 			configPath := makeConfigFile(``)
 			defer os.Remove(configPath)
 			cmd := client.NewConfigCommand()
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(err, ShouldNotBeNil)
 			So(buff.String(), ShouldContainSubstring, "does not exist")
 		})
 	})
 	Convey("Test overwrite a config", t, func() {
 		args := []string{"configtest", "url", "https://new-url.com"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -418,8 +487,10 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test reset a config val", t, func() {
 		args := []string{"configtest", "showspinner", "--reset"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -440,29 +511,37 @@ func TestConfigCmdMain(t *testing.T) {
 	Convey("Test reset a url", t, func() {
 		args := []string{"configtest", "url", "--reset"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(err, ShouldNotBeNil)
 		So(buff.String(), ShouldContainSubstring, "cannot reset")
 	})
 	Convey("Test add a config with an existing saved name", t, func() {
 		args := []string{"add", "configtest", "https://test-url.com/new"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"configtest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := client.NewConfigCommand()
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(err, ShouldNotBeNil)
 		So(buff.String(), ShouldContainSubstring, "cli config name already added")
 	})
 }
--- a/pkg/cli/client/cve_cmd_internal_test.go
+++ b/pkg/cli/client/cve_cmd_internal_test.go
@ -47,36 +47,44 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE help", t, func() {
 		args := []string{"--help"}
 		configPath := makeConfigFile("")
 		defer os.Remove(configPath)
 		cmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(buff.String(), ShouldContainSubstring, "Usage")
 		So(err, ShouldBeNil)
 	})
 	Convey("Test CVE help - with the shorthand", t, func() {
 		args := []string{"-h"}
 		configPath := makeConfigFile("")
 		defer os.Remove(configPath)
 		cmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(buff.String(), ShouldContainSubstring, "Usage")
 		So(err, ShouldBeNil)
 	})
 	Convey("Test CVE no url", t, func() {
 		args := []string{"affected", "CVE-cveIdRandom", "--config", "cvetest"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -89,8 +97,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE invalid url", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--url", "invalidUrl"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewCVECommand(new(searchService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -104,8 +114,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE invalid url port", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--url", "http://localhost:99999"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewCVECommand(new(searchService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -118,8 +130,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE unreachable", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--url", "http://localhost:9999"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewCVECommand(new(searchService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -131,8 +145,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE url from config", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, baseURL))
 		defer os.Remove(configPath)
 		cmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -161,8 +177,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test debug flag", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--debug", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, baseURL))
 		defer os.Remove(configPath)
 		cmd := NewCVECommand(new(searchService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -177,8 +195,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE by name and CVE ID - long option", t, func() {
 		args := []string{"affected", "CVE-CVEID", "--repo", "dummyImageName", "--url", baseURL}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -195,8 +215,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE by name and CVE ID - using shorthand", t, func() {
 		args := []string{"affected", "CVE-CVEID", "--repo", "dummyImageName", "--url", baseURL}
 		buff := bytes.NewBufferString("")
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
@ -211,8 +233,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE by image name - in text format", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--url", baseURL}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -241,8 +265,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE by image name - in text format - in verbose mode", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--url", baseURL, "--verbose"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -278,8 +304,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE by image name - in json format", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--url", baseURL, "-f", "json"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -298,8 +326,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test CVE by image name - in yaml format", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--url", baseURL, "-f", "yaml"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -316,24 +346,30 @@ func TestSearchCVECmd(t *testing.T) {
 	})
 	Convey("Test CVE by image name - invalid format", t, func() {
 		args := []string{"list", "dummyImageName:tag", "--url", baseURL, "-f", "random"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err := cveCmd.Execute()
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		So(err, ShouldNotBeNil)
 		So(strings.TrimSpace(str), ShouldContainSubstring, zerr.ErrInvalidOutputFormat.Error())
 	})
 	Convey("Test images by CVE ID - positive", t, func() {
 		args := []string{"affected", "CVE-CVEID", "--repo", "anImage", "--url", baseURL}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -342,14 +378,17 @@ func TestSearchCVECmd(t *testing.T) {
 		err := cveCmd.Execute()
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		So(strings.TrimSpace(str), ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE anImage tag os/arch 6e2f80bf false 123kB") //nolint:lll
 		So(err, ShouldBeNil)
 	})
 	Convey("Test images by CVE ID - positive with retries", t, func() {
 		args := []string{"affected", "CVE-CVEID", "--repo", "anImage", "--url", baseURL}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		mockService := mockServiceForRetry{succeedOn: 2} // CVE info will be provided in 2nd attempt
 		cveCmd := NewCVECommand(&mockService)
 		buff := bytes.NewBufferString("")
@ -369,8 +408,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test images by CVE ID - failed after retries", t, func() {
 		args := []string{"affected", "CVE-CVEID", "--url", baseURL}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		mockService := mockServiceForRetry{succeedOn: -1} // CVE info will be unavailable on all retries
 		cveCmd := NewCVECommand(&mockService)
 		buff := bytes.NewBufferString("")
@ -390,8 +431,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test images by CVE ID - invalid CVE ID", t, func() {
 		args := []string{"affected", "CVE-invalidCVEID", "--config", "cvetest"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -403,8 +446,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test images by CVE ID - invalid url", t, func() {
 		args := []string{"affected", "CVE-CVEID", "--url", "invalidURL"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -418,8 +463,10 @@ func TestSearchCVECmd(t *testing.T) {
 	Convey("Test fixed tags by and image name CVE ID - positive", t, func() {
 		args := []string{"fixed", "fixedImage", "CVE-CVEID", "--url", baseURL}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -428,14 +475,17 @@ func TestSearchCVECmd(t *testing.T) {
 		err := cveCmd.Execute()
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		So(err, ShouldBeNil)
 		So(strings.TrimSpace(str), ShouldEqual, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE fixedImage tag os/arch 6e2f80bf false 123kB") //nolint:lll
 	})
 	Convey("Test fixed tags by and image name CVE ID - invalid image name", t, func() {
 		args := []string{"affected", "CVE-CVEID", "--image", "invalidImageName", "--config", "cvetest"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"cvetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cveCmd := NewCVECommand(NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -487,10 +537,12 @@ func TestCVECommandGQL(t *testing.T) {
 		Convey("cveid db download wait", func() {
 			count := 0
 			args := []string{"affected", "CVE-12345", "--config", "cvetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			args := []string{"affected", "CVE-12345", "--config", "cvetest"}
 			defer os.Remove(configPath)
 			cmd := NewCVECommand(mockService{
 				getTagsForCVEGQLFn: func(ctx context.Context, config SearchConfig, username, password,
 					imageName, cveID string) (*zcommon.ImagesForCve, error,
@ -534,10 +586,12 @@ func TestCVECommandGQL(t *testing.T) {
 		Convey("fixed db download wait", func() {
 			count := 0
 			args := []string{"fixed", "repo", "CVE-2222", "--config", "cvetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			args := []string{"fixed", "repo", "CVE-2222", "--config", "cvetest"}
 			defer os.Remove(configPath)
 			cmd := NewCVECommand(mockService{
 				getFixedTagsForCVEGQLFn: func(ctx context.Context, config SearchConfig, username, password,
 					imageName, cveID string) (*zcommon.ImageListWithCVEFixedResponse, error,
@ -571,8 +625,10 @@ func TestCVECommandGQL(t *testing.T) {
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(err, ShouldBeNil)
 			space := regexp.MustCompile(`\s+`)
 			str := space.ReplaceAllString(buff.String(), " ")
 			actual := strings.TrimSpace(str)
@ -582,10 +638,12 @@ func TestCVECommandGQL(t *testing.T) {
 		Convey("image db download wait", func() {
 			count := 0
 			args := []string{"list", "repo:vuln", "--config", "cvetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			args := []string{"list", "repo:vuln", "--config", "cvetest"}
 			defer os.Remove(configPath)
 			cmd := NewCVECommand(mockService{
 				getCveByImageGQLFn: func(ctx context.Context, config SearchConfig, username, password,
 					imageName, searchedCVE string) (*cveResult, error,
--- a/pkg/cli/client/cve_cmd_test.go
+++ b/pkg/cli/client/cve_cmd_test.go
@ -95,8 +95,10 @@ func TestNegativeServerResponse(t *testing.T) {
 		Convey("Status Code Not Found", func() {
 			args := []string{"list", "zot-cve-test:0.0.1", "--config", "cvetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cveCmd := client.NewCVECommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cveCmd.SetOut(buff)
@ -186,8 +188,10 @@ func TestNegativeServerResponse(t *testing.T) {
 		}
 		args := []string{"fixed", "zot-cve-test", "CVE-2019-9923", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -383,15 +387,19 @@ func TestCVEDiffList(t *testing.T) {
 	Convey("Test CVE by image name - GQL - positive", t, func() {
 		args := []string{"diff", "repo:image", "repo:base-image", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err = cveCmd.Execute()
 		fmt.Println(buff.String())
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
@ -401,9 +409,9 @@ func TestCVEDiffList(t *testing.T) {
 	})
 	Convey("Errors", t, func() {
 		// args := []string{"diff", "repo:image", "repo:base-image", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		Convey("Set wrong number of params", func() {
@ -538,8 +546,10 @@ func TestServerCVEResponse(t *testing.T) {
 	Convey("Test CVE by image name - GQL - positive", t, func() {
 		args := []string{"list", "zot-cve-test:0.0.1", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -549,6 +559,7 @@ func TestServerCVEResponse(t *testing.T) {
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
 		So(err, ShouldBeNil)
 		So(str, ShouldContainSubstring, "ID SEVERITY TITLE")
 		So(str, ShouldContainSubstring, "CVE")
@ -556,8 +567,10 @@ func TestServerCVEResponse(t *testing.T) {
 	Convey("Test CVE by image name - GQL - search CVE by title in results", t, func() {
 		args := []string{"list", "zot-cve-test:0.0.1", "--cve-id", "CVE-C1", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -567,6 +580,7 @@ func TestServerCVEResponse(t *testing.T) {
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
 		So(err, ShouldBeNil)
 		So(str, ShouldContainSubstring, "ID SEVERITY TITLE")
 		So(str, ShouldContainSubstring, "CVE-C1")
@ -575,18 +589,24 @@ func TestServerCVEResponse(t *testing.T) {
 	Convey("Test CVE by image name - GQL - search CVE by id in results", t, func() {
 		args := []string{"list", "zot-cve-test:0.0.1", "--cve-id", "CVE-2", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err = cveCmd.Execute()
 		So(err, ShouldBeNil)
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
-		So(err, ShouldBeNil)
+
 		So(str, ShouldContainSubstring, "ID SEVERITY TITLE")
 		So(str, ShouldContainSubstring, "CVE-2")
 		So(str, ShouldNotContainSubstring, "CVE-1")
@ -594,8 +614,10 @@ func TestServerCVEResponse(t *testing.T) {
 	Convey("Test CVE by image name - GQL - search nonexistent CVE", t, func() {
 		args := []string{"list", "zot-cve-test:0.0.1", "--cve-id", "CVE-100", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -605,14 +627,17 @@ func TestServerCVEResponse(t *testing.T) {
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
 		So(err, ShouldBeNil)
 		So(str, ShouldContainSubstring, "No CVEs found for image")
 	})
 	Convey("Test CVE by image name - GQL - invalid image", t, func() {
 		args := []string{"list", "invalid:0.0.1", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -624,8 +649,10 @@ func TestServerCVEResponse(t *testing.T) {
 	Convey("Test CVE by image name - GQL - invalid image name and tag", t, func() {
 		args := []string{"list", "invalid:", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -637,56 +664,71 @@ func TestServerCVEResponse(t *testing.T) {
 	Convey("Test CVE by image name - GQL - invalid cli output format", t, func() {
 		args := []string{"list", "zot-cve-test:0.0.1", "-f", "random", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err = cveCmd.Execute()
 		So(err, ShouldNotBeNil)
 		So(buff.String(), ShouldContainSubstring, "invalid cli output format")
 	})
 	Convey("Test images by CVE ID - GQL - positive", t, func() {
 		args := []string{"affected", "CVE-2019-9923", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err := cveCmd.Execute()
 		So(err, ShouldBeNil)
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
-		So(err, ShouldBeNil)
+
 		So(str, ShouldEqual, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE zot-cve-test 0.0.1 linux/amd64 db573b01 false 854B")
 	})
 	Convey("Test images by CVE ID - GQL - invalid CVE ID", t, func() {
 		args := []string{"affected", "CVE-invalid", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err := cveCmd.Execute()
 		So(err, ShouldBeNil)
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
-		So(err, ShouldBeNil)
+
 		So(str, ShouldNotContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
 	})
 	Convey("Test images by CVE ID - GQL - invalid cli output format", t, func() {
 		args := []string{"affected", "CVE-2019-9923", "-f", "random", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -699,25 +741,32 @@ func TestServerCVEResponse(t *testing.T) {
 	Convey("Test fixed tags by image name and CVE ID - GQL - positive", t, func() {
 		args := []string{"fixed", "zot-cve-test", "CVE-2019-9923", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err := cveCmd.Execute()
 		So(err, ShouldBeNil)
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
 		So(err, ShouldBeNil)
 		So(str, ShouldEqual, "")
 	})
 	Convey("Test fixed tags by image name and CVE ID - GQL - random cve", t, func() {
 		args := []string{"fixed", "zot-cve-test", "random", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
@ -727,81 +776,104 @@ func TestServerCVEResponse(t *testing.T) {
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
 		So(err, ShouldBeNil)
 		So(strings.TrimSpace(str), ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
 	})
 	Convey("Test fixed tags by image name and CVE ID - GQL - random image", t, func() {
 		args := []string{"fixed", "zot-cv-test", "CVE-2019-20807", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err := cveCmd.Execute()
 		So(err, ShouldNotBeNil)
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
-		So(err, ShouldNotBeNil)
+
 		So(strings.TrimSpace(str), ShouldNotContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
 	})
 	Convey("Test fixed tags by image name and CVE ID - GQL - invalid image", t, func() {
 		args := []string{"fixed", "zot-cv-test:tag", "CVE-2019-20807", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err := cveCmd.Execute()
 		So(err, ShouldNotBeNil)
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		str = strings.TrimSpace(str)
-		So(err, ShouldNotBeNil)
+
 		So(strings.TrimSpace(str), ShouldNotContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
 	})
 	Convey("Test CVE by name and CVE ID - GQL - positive", t, func() {
 		args := []string{"affected", "CVE-2019-9923", "--repo", "zot-cve-test", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err := cveCmd.Execute()
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		So(err, ShouldBeNil)
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		So(strings.TrimSpace(str), ShouldEqual,
 			"REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE zot-cve-test 0.0.1 linux/amd64 db573b01 false 854B")
 	})
 	Convey("Test CVE by name and CVE ID - GQL - invalid name and CVE ID", t, func() {
 		args := []string{"affected", "CVE-20807", "--repo", "test", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
 		cveCmd.SetErr(buff)
 		cveCmd.SetArgs(args)
 		err := cveCmd.Execute()
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		So(err, ShouldBeNil)
 		space := regexp.MustCompile(`\s+`)
 		str := space.ReplaceAllString(buff.String(), " ")
 		So(strings.TrimSpace(str), ShouldNotContainSubstring, "REPOSITORY TAG OS/ARCH SIGNED SIZE")
 	})
 	Convey("Test CVE by name and CVE ID - GQL - invalid cli output format", t, func() {
 		args := []string{"affected", "CVE-2019-9923", "--repo", "zot-cve-test", "-f", "random", "--config", "cvetest"}
 		configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url))
 		defer os.Remove(configPath)
 		cveCmd := client.NewCVECommand(client.NewSearchService())
 		buff := bytes.NewBufferString("")
 		cveCmd.SetOut(buff)
--- a/pkg/cli/client/elevated_test.go
+++ b/pkg/cli/client/elevated_test.go
@ -26,6 +26,7 @@ import (
 func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 	Convey("Privileged certs - Make a new controller", t, func() {
 		cmd := exec.Command("mkdir", "-p", "/etc/containers/certs.d/127.0.0.1:8089/") //nolint: gosec
 		_, err := cmd.Output()
 		if err != nil {
 			panic(err)
@ -41,6 +42,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 		for _, file := range clientGlob {
 			cmd = exec.Command("cp", file, "/etc/containers/certs.d/127.0.0.1:8089/")
 			res, err := cmd.CombinedOutput()
 			if err != nil {
 				panic(string(res))
@ -49,6 +51,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 		for _, file := range caGlob {
 			cmd = exec.Command("cp", file, "/etc/containers/certs.d/127.0.0.1:8089/")
 			res, err := cmd.CombinedOutput()
 			if err != nil {
 				panic(string(res))
@ -59,6 +62,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 		for _, file := range allGlob {
 			cmd = exec.Command("chmod", "a=rwx", file)
 			res, err := cmd.CombinedOutput()
 			if err != nil {
 				panic(string(res))
@ -73,7 +77,9 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 		caCertPool.AppendCertsFromPEM(caCert)
 		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
 		defer func() { resty.SetTLSClientConfig(nil) }()
 		conf := config.New()
 		conf.HTTP.Port = SecurePort2
 		conf.HTTP.TLS = &config.TLSConfig{
@ -84,14 +90,17 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 		ctlr := api.NewController(conf)
 		ctlr.Config.Storage.RootDirectory = t.TempDir()
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		Convey("Certs in privileged path", func() {
 			configPath := makeConfigFile(
 				fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
 					BaseSecureURL2, constants.RoutePrefix, constants.ExtCatalogPrefix))
 			defer os.Remove(configPath)
 			args := []string{"list", "--config", "imagetest"}
@ -100,6 +109,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 			imageCmd.SetOut(imageBuff)
 			imageCmd.SetErr(imageBuff)
 			imageCmd.SetArgs(args)
 			err := imageCmd.Execute()
 			So(err, ShouldBeNil)
 		})
--- a/pkg/cli/client/image_cmd_internal_test.go
+++ b/pkg/cli/client/image_cmd_internal_test.go
@ -35,26 +35,33 @@ import (
 func TestSearchImageCmd(t *testing.T) {
 	Convey("Test image help", t, func() {
 		args := []string{"--help"}
 		configPath := makeConfigFile("")
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err := cmd.Execute()
 		So(buff.String(), ShouldContainSubstring, "Usage")
 		So(err, ShouldBeNil)
 		Convey("with the shorthand", func() {
 			args[0] = "-h"
 			configPath := makeConfigFile("")
 			defer os.Remove(configPath)
 			cmd := NewImageCommand(new(mockService))
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(buff.String(), ShouldContainSubstring, "Usage")
 			So(err, ShouldBeNil)
 		})
@ -62,8 +69,10 @@ func TestSearchImageCmd(t *testing.T) {
 	Convey("Test image no url", t, func() {
 		args := []string{"name", "dummyIdRandom", "--config", "imagetest"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -97,6 +106,7 @@ func TestSearchImageCmd(t *testing.T) {
 		if err != nil {
 			panic(err)
 		}
 		err = os.Setenv("HOME", home)
 		if err != nil {
 			log.Fatal(err)
@ -105,8 +115,10 @@ func TestSearchImageCmd(t *testing.T) {
 	Convey("Test image no params", t, func() {
 		args := []string{"--url", "someUrl"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -118,8 +130,10 @@ func TestSearchImageCmd(t *testing.T) {
 	Convey("Test image invalid url", t, func() {
 		args := []string{"name", "dummyImageName", "--url", "invalidUrl"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(searchService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -133,8 +147,10 @@ func TestSearchImageCmd(t *testing.T) {
 	Convey("Test image invalid url port", t, func() {
 		args := []string{"name", "dummyImageName", "--url", "http://localhost:99999"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(searchService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -146,8 +162,10 @@ func TestSearchImageCmd(t *testing.T) {
 		Convey("without flags", func() {
 			args := []string{"list", "--url", "http://localhost:99999"}
 			configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
 			defer os.Remove(configPath)
 			cmd := NewImageCommand(new(searchService))
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -161,8 +179,10 @@ func TestSearchImageCmd(t *testing.T) {
 	Convey("Test image unreachable", t, func() {
 		args := []string{"name", "dummyImageName", "--url", "http://localhost:9999"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(searchService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -174,8 +194,10 @@ func TestSearchImageCmd(t *testing.T) {
 	Convey("Test image url from config", t, func() {
 		args := []string{"name", "dummyImageName", "--config", "imagetest"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -191,8 +213,10 @@ func TestSearchImageCmd(t *testing.T) {
 	Convey("Test image by name", t, func() {
 		args := []string{"name", "dummyImageName", "--url", "http://127.0.0.1:8080"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		imageCmd := NewImageCommand(new(mockService))
 		buff := &bytes.Buffer{}
 		imageCmd.SetOut(buff)
@ -233,8 +257,10 @@ func TestListRepos(t *testing.T) {
 	Convey("Test listing repositories with debug flag", t, func() {
 		args := []string{"list", "--config", "config-test", "--debug"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"config-test","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewRepoCommand(new(searchService))
 		buff := bytes.NewBufferString("")
@ -272,6 +298,7 @@ func TestListRepos(t *testing.T) {
 		if err != nil {
 			panic(err)
 		}
 		err = os.Setenv("HOME", home)
 		if err != nil {
 			log.Fatal(err)
@ -280,9 +307,11 @@ func TestListRepos(t *testing.T) {
 	Convey("Test listing repositories error", t, func() {
 		args := []string{"list", "--config", "config-test"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"config-test",
        	"url":"https://invalid.invalid","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewRepoCommand(new(searchService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -294,8 +323,10 @@ func TestListRepos(t *testing.T) {
 	Convey("Test unable to get config value", t, func() {
 		args := []string{"list", "--config", "config-test-nonexistent"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"config-test","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewRepoCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -307,8 +338,10 @@ func TestListRepos(t *testing.T) {
 	Convey("Test error - no url provided", t, func() {
 		args := []string{"list", "--config", "config-test"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"config-test","url":"","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewRepoCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -320,9 +353,11 @@ func TestListRepos(t *testing.T) {
 	Convey("Test error - spinner config invalid", t, func() {
 		args := []string{"list", "--config", "config-test"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"config-test",
       		"url":"https://test-url.com","showspinner":invalid}]}`)
 		defer os.Remove(configPath)
 		cmd := NewRepoCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -334,9 +369,11 @@ func TestListRepos(t *testing.T) {
 	Convey("Test error - verifyTLSConfig fails", t, func() {
 		args := []string{"list", "--config", "config-test"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"config-test",
        	"verify-tls":"invalid", "url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewRepoCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -350,8 +387,10 @@ func TestListRepos(t *testing.T) {
 func TestOutputFormat(t *testing.T) {
 	Convey("Test text", t, func() {
 		args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "text"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -367,8 +406,10 @@ func TestOutputFormat(t *testing.T) {
 	Convey("Test json", t, func() {
 		args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "json"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -396,8 +437,10 @@ func TestOutputFormat(t *testing.T) {
 	Convey("Test yaml", t, func() {
 		args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "yaml"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -430,11 +473,13 @@ func TestOutputFormat(t *testing.T) {
 		Convey("Test yml", func() {
 			args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "yml"}
 			configPath := makeConfigFile(
 				`{"configs":[{"_name":"imagetest",` +
 					`"url":"https://test-url.com","showspinner":false}]}`,
 			)
 			defer os.Remove(configPath)
 			cmd := NewImageCommand(new(mockService))
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -468,8 +513,10 @@ func TestOutputFormat(t *testing.T) {
 	Convey("Test invalid", t, func() {
 		args := []string{"name", "dummyImageName", "--config", "imagetest", "-f", "random"}
 		configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","url":"https://test-url.com","showspinner":false}]}`)
 		defer os.Remove(configPath)
 		cmd := NewImageCommand(new(mockService))
 		buff := bytes.NewBufferString("")
 		cmd.SetOut(buff)
@ -778,7 +825,6 @@ func TestImagesCommandGQL(t *testing.T) {
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			defer os.Remove(configPath)
 			args := []string{"cve", "repo:vuln", "--config", "imagetest"}
 			cmd := NewImageCommand(mockService{})
 			buff := bytes.NewBufferString("")
@ -796,9 +842,11 @@ func TestImagesCommandGQL(t *testing.T) {
 		Convey("CVE errors", func() {
 			count := 0
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			defer os.Remove(configPath)
 			args := []string{"cve", "repo:vuln", "--config", "imagetest"}
 			cmd := NewImageCommand(mockService{
 				getCveByImageGQLFn: func(ctx context.Context, config SearchConfig, username, password,
@ -920,7 +968,6 @@ func TestImageCommandREST(t *testing.T) {
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			defer os.Remove(configPath)
 			args := []string{"base", "repo:derived", "--config", "imagetest"}
 			cmd := NewImageCommand(NewSearchService())
 			buff := bytes.NewBufferString("")
@ -949,7 +996,6 @@ func TestImageCommandREST(t *testing.T) {
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			defer os.Remove(configPath)
 			args := []string{"digest", image.DigestStr(), "--config", "imagetest"}
 			cmd := NewImageCommand(NewSearchService())
 			buff := bytes.NewBufferString("")
@ -969,7 +1015,6 @@ func TestImageCommandREST(t *testing.T) {
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			defer os.Remove(configPath)
 			args := []string{"list", "--config", "imagetest"}
 			cmd := NewImageCommand(NewSearchService())
 			buff := bytes.NewBufferString("")
@ -994,7 +1039,6 @@ func TestImageCommandREST(t *testing.T) {
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			defer os.Remove(configPath)
 			args := []string{"name", "repo:img", "--config", "imagetest"}
 			cmd := NewImageCommand(NewSearchService())
 			buff := bytes.NewBufferString("")
@ -1011,11 +1055,12 @@ func TestImageCommandREST(t *testing.T) {
 			vulnImage := CreateDefaultVulnerableImage()
 			err := UploadImage(vulnImage, baseURL, "repo", "vuln")
 			So(err, ShouldBeNil)
 			args := []string{"cve", "repo:vuln", "--config", "imagetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`,
 				baseURL))
 			args := []string{"cve", "repo:vuln", "--config", "imagetest"}
 			defer os.Remove(configPath)
 			cmd := NewImageCommand(mockService{})
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
--- a/pkg/cli/client/image_cmd_test.go
+++ b/pkg/cli/client/image_cmd_test.go
@ -11,6 +11,7 @@ import (
 	"os"
 	"path"
 	"regexp"
 	"strconv"
 	"strings"
 	"testing"
 	"time"
@ -59,8 +60,10 @@ func TestSignature(t *testing.T) {
 		}
 		ctlr := api.NewController(conf)
 		ctlr.Config.Storage.RootDirectory = currentDir
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		image := CreateDefaultImage()
@ -135,6 +138,7 @@ func TestSignature(t *testing.T) {
 		ctlr.Config.Storage.RootDirectory = currentDir
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		err = UploadImage(CreateDefaultImage(), url, repoName, "0.0.1")
@ -189,6 +193,7 @@ func TestSignature(t *testing.T) {
 		ctlr.Config.Storage.RootDirectory = currentDir
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		err = UploadImage(CreateDefaultImage(), url, repoName, "0.0.1")
@ -257,9 +262,9 @@ func TestDerivedImageList(t *testing.T) {
 			buff := &bytes.Buffer{}
 			searchConfig.ResultWriter = buff
 			err := client.SearchDerivedImageListGQL(searchConfig, "repo7:test:2.0")
 			actual := strings.TrimSpace(space.ReplaceAllString(buff.String(), " "))
 			So(err, ShouldBeNil)
 			actual := strings.TrimSpace(space.ReplaceAllString(buff.String(), " "))
 			So(actual, ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
 			So(actual, ShouldContainSubstring, "repo7 test:1.0 linux/amd64 9d9461ed false 860B")
 		})
@ -353,17 +358,21 @@ func TestOutputFormatGQL(t *testing.T) {
 		ctlr.Config.Storage.RootDirectory = t.TempDir()
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		err := uploadManifest(url)
 		t.Logf("%s", ctlr.Config.Storage.RootDirectory)
 		So(err, ShouldBeNil)
 		t.Logf("%s", ctlr.Config.Storage.RootDirectory)
 		Convey("Test json", func() {
 			t.Logf("%s", ctlr.Config.Storage.RootDirectory)
 			args := []string{"name", "repo7", "--config", "imagetest", "-f", "json"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -408,8 +417,10 @@ func TestOutputFormatGQL(t *testing.T) {
 		Convey("Test yaml", func() {
 			args := []string{"name", "repo7", "--config", "imagetest", "-f", "yaml"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -457,8 +468,10 @@ func TestOutputFormatGQL(t *testing.T) {
 		Convey("Test yml", func() {
 			args := []string{"name", "repo7", "--config", "imagetest", "-f", "yml"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -506,8 +519,10 @@ func TestOutputFormatGQL(t *testing.T) {
 		Convey("Test invalid", func() {
 			args := []string{"name", "repo7", "--config", "imagetest", "-f", "random"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -534,17 +549,21 @@ func TestServerResponseGQL(t *testing.T) {
 		ctlr.Config.Storage.RootDirectory = t.TempDir()
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		err := uploadManifest(url)
 		t.Logf("%s", ctlr.Config.Storage.RootDirectory)
 		So(err, ShouldBeNil)
 		Convey("Test all images config url", func() {
 			t.Logf("%s", ctlr.Config.Storage.RootDirectory)
 			args := []string{"list", "--config", "imagetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := &bytes.Buffer{}
 			cmd.SetOut(buff)
@ -560,8 +579,10 @@ func TestServerResponseGQL(t *testing.T) {
 			So(actual, ShouldContainSubstring, "repo7 test:1.0 linux/amd64 51e18f50 false 528B")
 			Convey("Test all images invalid output format", func() {
 				args := []string{"list", "--config", "imagetest", "-f", "random"}
 				configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 				defer os.Remove(configPath)
 				cmd := client.NewImageCommand(client.NewSearchService())
 				buff := bytes.NewBufferString("")
 				cmd.SetOut(buff)
@ -575,8 +596,10 @@ func TestServerResponseGQL(t *testing.T) {
 		Convey("Test all images verbose", func() {
 			args := []string{"list", "--config", "imagetest", "--verbose"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -600,17 +623,22 @@ func TestServerResponseGQL(t *testing.T) {
 		Convey("Test all images with debug flag", func() {
 			args := []string{"list", "--config", "imagetest", "--debug"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(err, ShouldBeNil)
 			space := regexp.MustCompile(`\s+`)
 			str := space.ReplaceAllString(buff.String(), " ")
 			actual := strings.TrimSpace(str)
 			So(actual, ShouldContainSubstring, "GET")
 			So(actual, ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
@ -620,17 +648,22 @@ func TestServerResponseGQL(t *testing.T) {
 		Convey("Test image by name config url", func() {
 			args := []string{"name", "repo7", "--config", "imagetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
 			cmd.SetErr(buff)
 			cmd.SetArgs(args)
 			err := cmd.Execute()
 			So(err, ShouldBeNil)
 			space := regexp.MustCompile(`\s+`)
 			str := space.ReplaceAllString(buff.String(), " ")
 			actual := strings.TrimSpace(str)
 			So(actual, ShouldContainSubstring, "REPOSITORY TAG OS/ARCH DIGEST SIGNED SIZE")
 			So(actual, ShouldContainSubstring, "repo7 test:2.0 linux/amd64 51e18f50 false 528B")
@ -638,8 +671,10 @@ func TestServerResponseGQL(t *testing.T) {
 			Convey("invalid output format", func() {
 				args := []string{"name", "repo7", "--config", "imagetest", "-f", "random"}
 				configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 				defer os.Remove(configPath)
 				cmd := client.NewImageCommand(client.NewSearchService())
 				buff := bytes.NewBufferString("")
 				cmd.SetOut(buff)
@ -653,8 +688,10 @@ func TestServerResponseGQL(t *testing.T) {
 		Convey("Test image by digest", func() {
 			args := []string{"digest", "51e18f50", "--config", "imagetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -675,8 +712,10 @@ func TestServerResponseGQL(t *testing.T) {
 			Convey("nonexistent digest", func() {
 				args := []string{"digest", "d1g35t", "--config", "imagetest"}
 				configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 				defer os.Remove(configPath)
 				cmd := client.NewImageCommand(client.NewSearchService())
 				buff := bytes.NewBufferString("")
 				cmd.SetOut(buff)
@ -689,8 +728,10 @@ func TestServerResponseGQL(t *testing.T) {
 			Convey("invalid output format", func() {
 				args := []string{"digest", "51e18f50", "--config", "imagetest", "-f", "random"}
 				configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 				defer os.Remove(configPath)
 				cmd := client.NewImageCommand(client.NewSearchService())
 				buff := bytes.NewBufferString("")
 				cmd.SetOut(buff)
@ -704,8 +745,10 @@ func TestServerResponseGQL(t *testing.T) {
 		Convey("Test image by name nonexistent name", func() {
 			args := []string{"name", "repo777", "--config", "imagetest"}
 			configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url))
 			defer os.Remove(configPath)
 			cmd := client.NewImageCommand(client.NewSearchService())
 			buff := bytes.NewBufferString("")
 			cmd.SetOut(buff)
@ -782,7 +825,9 @@ func TestServerResponse(t *testing.T) {
 			buff := &bytes.Buffer{}
 			searchConfig.ResultWriter = buff
 			searchConfig.Verbose = true
 			defer func() { searchConfig.Verbose = false }()
 			err := client.SearchAllImages(searchConfig)
 			So(err, ShouldBeNil)
@ -1037,8 +1082,10 @@ func TestImagesSortFlag(t *testing.T) {
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err = cmd.Execute()
 		So(err, ShouldBeNil)
 		str = buff.String()
 		So(strings.Index(str, "b-repo"), ShouldBeLessThan, strings.Index(str, "a-repo"))
@ -1047,9 +1094,11 @@ func TestImagesSortFlag(t *testing.T) {
 		cmd.SetOut(buff)
 		cmd.SetErr(buff)
 		cmd.SetArgs(args)
 		err = cmd.Execute()
 		str = buff.String()
 		So(err, ShouldBeNil)
 		str = buff.String()
 		So(strings.Index(str, "b-repo"), ShouldBeLessThan, strings.Index(str, "a-repo"))
 	})
 }
@ -1130,7 +1179,7 @@ func uploadManifest(url string) error {
 	_, _ = resty.R().
 		SetContentLength(true).
-		SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
+		SetHeader("Content-Length", strconv.Itoa(len(cblob))).
 		SetHeader("Content-Type", "application/octet-stream").
 		SetQueryParam("digest", cdigest.String()).
 		SetBody(cblob).
@ -1236,7 +1285,7 @@ func uploadManifestDerivedBase(url string) error {
 	_, _ = resty.R().
 		SetContentLength(true).
-		SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))).
+		SetHeader("Content-Length", strconv.Itoa(len(cblob))).
 		SetHeader("Content-Type", "application/octet-stream").
 		SetQueryParam("digest", cdigest.String()).
 		SetBody(cblob).
--- a/pkg/cli/client/search_cmd_test.go
+++ b/pkg/cli/client/search_cmd_test.go
@ -45,8 +45,10 @@ func TestReferrerCLI(t *testing.T) {
 		}
 		ctlr := api.NewController(conf)
 		ctlr.Config.Storage.RootDirectory = rootDir
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		repo := repoName
@ -144,6 +146,7 @@ func TestReferrerCLI(t *testing.T) {
 		ctlr.Config.Storage.RootDirectory = rootDir
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		repo := repoName
@ -239,6 +242,7 @@ func TestFormatsReferrersCLI(t *testing.T) {
 		ctlr.Config.Storage.RootDirectory = rootDir
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		repo := repoName
@ -443,6 +447,7 @@ func TestSearchCLI(t *testing.T) {
 		ctlr.Config.Storage.RootDirectory = rootDir
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		const (
@ -557,6 +562,7 @@ func TestFormatsSearchCLI(t *testing.T) {
 		ctlr.Config.Storage.RootDirectory = rootDir
 		cm := test.NewControllerManager(ctlr)
 		cm.StartAndWait(conf.HTTP.Port)
 		defer cm.StopServer()
 		const (
--- a/pkg/cli/client/server_info_cmd.go
+++ b/pkg/cli/client/server_info_cmd.go
@ -67,7 +67,7 @@ func GetServerStatus(config SearchConfig) error {
 		switch {
 		case errors.Is(err, zerr.ErrUnauthorizedAccess):
 			serverInfo.Status = StatusUnknown
-			serverInfo.ErrorMsg = fmt.Sprintf("unauthorised access, %s", getCredentialsSuggestion(username))
+			serverInfo.ErrorMsg = "unauthorised access, " + getCredentialsSuggestion(username)
 		case errors.Is(err, zerr.ErrBadHTTPStatusCode), errors.Is(err, zerr.ErrURLNotFound):
 			serverInfo.Status = StatusOffline
 			serverInfo.ErrorMsg = fmt.Sprintf("%s: request at %s failed", zerr.ErrAPINotSupported.Error(),
@ -99,7 +99,7 @@ func GetServerStatus(config SearchConfig) error {
 		serverInfo.ErrorMsg = fmt.Sprintf("%s%s endpoint is not available", constants.RoutePrefix, constants.ExtMgmt)
 	case errors.Is(err, zerr.ErrUnauthorizedAccess):
 		serverInfo.Status = StatusOnline
-		serverInfo.ErrorMsg = fmt.Sprintf("unauthorised access, %s", getCredentialsSuggestion(username))
+		serverInfo.ErrorMsg = "unauthorised access, " + getCredentialsSuggestion(username)
 	case errors.Is(err, zerr.ErrBadHTTPStatusCode):
 		serverInfo.Status = StatusOnline
 		serverInfo.ErrorMsg = fmt.Sprintf("%s: request at %s failed", zerr.ErrAPINotSupported.Error(),
@ -165,7 +165,7 @@ func (si *ServerInfo) ToText() (string, error) {
 		output = serverStatus
 	} else {
-		serverStatus := fmt.Sprintf("Server Status: %s", si.Status)
+		serverStatus := "Server Status: " + si.Status
 		serverInfo := fmt.Sprintf("Server Version: %s\n"+
 			"Dist Spec Version: %s\n"+
 			"Built with: %s",
--- a/pkg/cli/client/service.go
+++ b/pkg/cli/client/service.go
@ -113,8 +113,8 @@ func (service searchService) getDerivedImageListGQL(ctx context.Context, config
 		}`, derivedImage, Flag2SortCriteria(config.SortBy))
 	result := &common.DerivedImageListResponse{}
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
 		return nil, errResult
 	}
@ -261,8 +261,8 @@ func (service searchService) getBaseImageListGQL(ctx context.Context, config Sea
 		}`, baseImage, Flag2SortCriteria(config.SortBy))
 	result := &common.BaseImageListResponse{}
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
 		return nil, errResult
 	}
@ -298,7 +298,6 @@ func (service searchService) getImagesGQL(ctx context.Context, config SearchConf
 	result := &common.ImageListResponse{}
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
 		return nil, errResult
 	}
@ -334,7 +333,6 @@ func (service searchService) getImagesForDigestGQL(ctx context.Context, config S
 	result := &common.ImagesForDigest{}
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
 		return nil, errResult
 	}
@ -361,7 +359,6 @@ func (service searchService) getCveByImageGQL(ctx context.Context, config Search
 	result := &cveResult{}
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
 		return nil, errResult
 	}
@ -398,7 +395,6 @@ func (service searchService) getTagsForCVEGQL(ctx context.Context, config Search
 	result := &common.ImagesForCve{}
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
 		return nil, errResult
 	}
@ -448,7 +444,6 @@ func (service searchService) getFixedTagsForCVEGQL(ctx context.Context, config S
 	result := &common.ImageListWithCVEFixedResponse{}
 	err := service.makeGraphQLQuery(ctx, config, username, password, query, result)
 	if errResult := checkResultGraphQLQuery(ctx, err, result.Errors); errResult != nil {
 		return nil, errResult
 	}
@ -470,9 +465,9 @@ func (service searchService) getReferrers(ctx context.Context, config SearchConf
 	}
 	referrerResp := &ispec.Index{}
 	_, err = makeGETRequest(ctx, referrersEndpoint, username, password, config.VerifyTLS,
 		config.Debug, &referrerResp, config.ResultWriter)
 	if err != nil {
 		if common.IsContextDone(ctx) {
 			return referrersResult{}, nil
@ -578,9 +573,9 @@ func getImage(ctx context.Context, config SearchConfig, username, password, imag
 	}
 	tagList := &tagListResp{}
 	_, err = makeGETRequest(ctx, tagListEndpoint, username, password, config.VerifyTLS,
 		config.Debug, &tagList, config.ResultWriter)
 	if err != nil {
 		if common.IsContextDone(ctx) {
 			return
@ -881,7 +876,7 @@ func (cve cveResult) stringPlainText() string {
 		id := ellipsize(cveListItem.ID, cveIDWidth, ellipsis)
 		title := ellipsize(cveListItem.Title, cveTitleWidth, ellipsis)
 		severity := ellipsize(cveListItem.Severity, cveSeverityWidth, ellipsis)
-		row := make([]string, 3) //nolint:gomnd
+		row := make([]string, 3) //nolint:mnd
 		row[colCVEIDIndex] = id
 		row[colCVESeverityIndex] = severity
 		row[colCVETitleIndex] = title
@ -1236,7 +1231,7 @@ func addManifestToTable(table *tablewriter.Table, imageName, tagName string, man
 	imgSize, _ := strconv.ParseUint(manifest.Size, 10, 64)
 	size := ellipsize(strings.ReplaceAll(humanize.Bytes(imgSize), " ", ""), sizeWidth, ellipsis)
 	isSigned := manifest.IsSigned
-	row := make([]string, 8) //nolint:gomnd
+	row := make([]string, 8) //nolint:mnd
 	row[colImageNameIndex] = imageName
 	row[colTagIndex] = tagName
@ -1264,7 +1259,7 @@ func addManifestToTable(table *tablewriter.Table, imageName, tagName string, man
 			layerDigestStr := ellipsize(layerDigest.Encoded(), digestWidth, "")
-			layerRow := make([]string, 8) //nolint:gomnd
+			layerRow := make([]string, 8) //nolint:mnd
 			layerRow[colImageNameIndex] = ""
 			layerRow[colTagIndex] = ""
 			layerRow[colDigestIndex] = ""
--- a/pkg/cli/client/utils.go
+++ b/pkg/cli/client/utils.go
@ -143,7 +143,7 @@ func printImageTableHeader(writer io.Writer, verbose bool, maxImageNameLen, maxT
 		table.SetColMinWidth(colLayersIndex, layersWidth)
 	}
-	row := make([]string, 8) //nolint:gomnd
+	row := make([]string, 8) //nolint:mnd
 	// adding spaces so that repository and tag columns are aligned
 	// in case the name/tag are fully shown and too long
--- a/pkg/cli/client/utils_internal_test.go
+++ b/pkg/cli/client/utils_internal_test.go
@ -63,7 +63,7 @@ func StartTestHTTPServer(routes HTTPRoutes, port string) *http.Server {
 	}
 	server := &http.Server{ //nolint:gosec
-		Addr:    fmt.Sprintf(":%s", port),
+		Addr:    ":" + port,
 		Handler: mux,
 	}
@ -81,6 +81,7 @@ func StartTestHTTPServer(routes HTTPRoutes, port string) *http.Server {
 func TestDoHTTPRequest(t *testing.T) {
 	Convey("doHTTPRequest nil result pointer", t, func() {
 		port := test.GetFreePort()
 		server := StartTestHTTPServer(nil, port)
 		defer server.Close()
@ -105,6 +106,7 @@ func TestDoHTTPRequest(t *testing.T) {
 				AllowedMethods: []string{http.MethodGet},
 			},
 		}, port)
 		defer server.Close()
 		url := fmt.Sprintf("http://127.0.0.1:%s/test", port)
--- a/pkg/cli/server/config_reloader_test.go
+++ b/pkg/cli/server/config_reloader_test.go
@ -87,6 +87,7 @@ func TestConfigReloader(t *testing.T) {
 		// So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "serve", cfgfile.Name()}
 		go func() {
 			err = cli.NewServerRootCmd().Execute()
 			So(err, ShouldBeNil)
@ -203,6 +204,7 @@ func TestConfigReloader(t *testing.T) {
 		// So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "serve", cfgfile.Name()}
 		go func() {
 			err = cli.NewServerRootCmd().Execute()
 			So(err, ShouldBeNil)
@ -321,6 +323,7 @@ func TestConfigReloader(t *testing.T) {
 		// So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "serve", cfgfile.Name()}
 		go func() {
 			err = cli.NewServerRootCmd().Execute()
 			So(err, ShouldBeNil)
@ -443,6 +446,7 @@ func TestConfigReloader(t *testing.T) {
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "serve", cfgfile.Name()}
 		go func() {
 			err = cli.NewServerRootCmd().Execute()
 			So(err, ShouldBeNil)
@ -568,6 +572,7 @@ func TestConfigReloader(t *testing.T) {
 		// So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "serve", cfgfile.Name()}
 		go func() {
 			err = cli.NewServerRootCmd().Execute()
 			So(err, ShouldBeNil)
--- a/pkg/cli/server/extensions_test.go
+++ b/pkg/cli/server/extensions_test.go
@ -62,6 +62,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
 		content = fmt.Sprintf(`{
@ -101,6 +102,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
 	})
@ -108,6 +110,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s", "storageDriver": {"name": "s3"}},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -118,6 +121,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
 	})
@ -125,6 +129,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -134,7 +139,9 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldBeNil)
 	})
@ -142,6 +149,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -152,7 +160,9 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
 	})
@ -160,6 +170,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -171,6 +182,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
 	})
@ -178,6 +190,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -197,6 +210,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -216,6 +230,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{"storage":{"rootDirectory":"%s"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -226,6 +241,7 @@ func TestVerifyExtensionsConfig(t *testing.T) {
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
 	})
 }
@ -235,7 +251,9 @@ func TestValidateExtensionsConfig(t *testing.T) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{
 			"storage": {
 				"rootDirectory": "%/tmp/zot"
@ -264,9 +282,12 @@ func TestValidateExtensionsConfig(t *testing.T) {
 	Convey("Test missing extensions for UI to work", t, func(c C) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{
 			"storage": {
 				"rootDirectory": "%/tmp/zot"
@ -294,6 +315,7 @@ func TestValidateExtensionsConfig(t *testing.T) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{
@ -326,6 +348,7 @@ func TestValidateExtensionsConfig(t *testing.T) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{
@ -374,7 +397,9 @@ func TestServeExtensions(t *testing.T) {
 		baseURL := GetBaseURL(port)
 		logFile, err := os.CreateTemp("", "zot-log*.txt")
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
 		tmpFile := t.TempDir()
 		content := fmt.Sprintf(`{
@ -394,12 +419,14 @@ func TestServeExtensions(t *testing.T) {
 		cfgfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(cfgfile.Name()) // clean up
 		_, err = cfgfile.WriteString(content)
 		So(err, ShouldBeNil)
 		err = cfgfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "serve", cfgfile.Name()}
 		go func() {
 			Convey("run", t, func() {
 				err = cli.NewServerRootCmd().Execute()
@ -408,7 +435,9 @@ func TestServeExtensions(t *testing.T) {
 		}()
 		WaitTillServerReady(baseURL)
 		data, err := os.ReadFile(logFile.Name())
 		So(err, ShouldBeNil)
 		So(string(data), ShouldContainSubstring, "\"Extensions\":null")
 	})
@ -418,7 +447,9 @@ func TestServeExtensions(t *testing.T) {
 		baseURL := GetBaseURL(port)
 		logFile, err := os.CreateTemp("", "zot-log*.txt")
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
 		tmpFile := t.TempDir()
 		content := fmt.Sprintf(`{
@ -440,6 +471,7 @@ func TestServeExtensions(t *testing.T) {
 		cfgfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(cfgfile.Name()) // clean up
 		_, err = cfgfile.WriteString(content)
 		So(err, ShouldBeNil)
 		err = cfgfile.Close()
@ -476,6 +508,7 @@ func testWithMetricsEnabled(t *testing.T, rootDir string, cfgContentFormat strin
 	So(err, ShouldBeNil)
 	defer os.Remove(cfgfile.Name()) // clean up
 	_, err = cfgfile.WriteString(content)
 	So(err, ShouldBeNil)
 	err = cfgfile.Close()
@ -589,6 +622,7 @@ func TestServeMetricsExtension(t *testing.T) {
 		logFile, err := os.CreateTemp("", "zot-log*.txt")
 		So(err, ShouldBeNil)
 		tmpFile := t.TempDir()
 		defer os.Remove(logFile.Name()) // clean up
 		content := fmt.Sprintf(`{
@ -613,18 +647,21 @@ func TestServeMetricsExtension(t *testing.T) {
 		cfgfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(cfgfile.Name()) // clean up
 		_, err = cfgfile.WriteString(content)
 		So(err, ShouldBeNil)
 		err = cfgfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "serve", cfgfile.Name()}
 		go func() {
 			Convey("run", t, func() {
 				err = cli.NewServerRootCmd().Execute()
 				So(err, ShouldBeNil)
 			})
 		}()
 		WaitTillServerReady(baseURL)
 		resp, err := resty.R().Get(baseURL + "/metrics")
@ -684,7 +721,9 @@ func TestServeSyncExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring,
 			"\"Extensions\":{\"Search\":null,\"Sync\":{\"Enable\":true")
 	})
@ -730,7 +769,9 @@ func TestServeSyncExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring,
 			"\"Extensions\":{\"Search\":null,\"Sync\":{\"Enable\":true")
 	})
@ -766,7 +807,9 @@ func TestServeSyncExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring,
 			"\"Extensions\":{\"Search\":null,\"Sync\":{\"Enable\":false")
 	})
@ -800,7 +843,9 @@ func TestServeScrubExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		dataStr := string(data)
 		So(dataStr, ShouldContainSubstring,
 			"\"Extensions\":{\"Search\":null,\"Sync\":null,\"Metrics\":null,\"Scrub\":{\"Enable\":true,\"Interval\":86400000000000},\"Lint\":null") //nolint:lll // gofumpt conflicts with lll
@ -832,7 +877,9 @@ func TestServeScrubExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		// Even if in config we specified scrub interval=1h, the minimum interval is 2h
 		dataStr := string(data)
 		So(dataStr, ShouldContainSubstring, "\"Scrub\":{\"Enable\":true,\"Interval\":3600000000000}")
@ -864,7 +911,9 @@ func TestServeScrubExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		dataStr := string(data)
 		So(dataStr, ShouldContainSubstring,
 			"\"Extensions\":{\"Search\":null,\"Sync\":null,\"Metrics\":null,\"Scrub\":{\"Enable\":true,\"Interval\":86400000000000},\"Lint\":null") //nolint:lll // gofumpt conflicts with lll
@ -896,7 +945,9 @@ func TestServeScrubExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		dataStr := string(data)
 		So(dataStr, ShouldContainSubstring, "\"Scrub\":{\"Enable\":false,\"Interval\":86400000000000}")
 		So(dataStr, ShouldContainSubstring, "scrub config not provided, skipping scrub")
@ -935,7 +986,9 @@ func TestServeLintExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring,
 			"\"Extensions\":{\"Search\":null,\"Sync\":null,\"Metrics\":null,\"Scrub\":null,\"Lint\":{\"Enable\":true,\"MandatoryAnnotations\":") //nolint:lll // gofumpt conflicts with lll
 	})
@ -964,7 +1017,9 @@ func TestServeLintExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring,
 			"\"Extensions\":{\"Search\":null,\"Sync\":null,\"Metrics\":null,\"Scrub\":null,\"Lint\":{\"Enable\":false,\"MandatoryAnnotations\":null}") //nolint:lll // gofumpt conflicts with lll
 	})
@ -1045,7 +1100,9 @@ func TestServeSearchEnabledCVE(t *testing.T) {
 		tempDir := t.TempDir()
 		logPath, err := runCLIWithConfig(tempDir, content)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		// to avoid data race when multiple go routines write to trivy DB instance.
 		WaitTillTrivyDBDownloadStarted(tempDir)
@ -1100,6 +1157,7 @@ func TestServeSearchEnabledNoCVE(t *testing.T) {
 		tempDir := t.TempDir()
 		logPath, err := runCLIWithConfig(tempDir, content)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		substring := `"Extensions":{"Search":{"Enable":true,"CVE":null}` //nolint:lll // gofumpt conflicts with lll
@ -1148,7 +1206,9 @@ func TestServeSearchDisabled(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		dataStr := string(data)
 		So(dataStr, ShouldContainSubstring,
 			`"Search":{"Enable":false,"CVE":{"UpdateInterval":10800000000000,"Trivy":null}`)
@ -1186,6 +1246,7 @@ func TestServeMgmtExtension(t *testing.T) {
 		logPath, err := runCLIWithConfig(t.TempDir(), content)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		found, err := ReadLogFileAndSearchString(logPath, "setting up mgmt routes", 10*time.Second)
 		if !found {
@ -1218,6 +1279,7 @@ func TestServeMgmtExtension(t *testing.T) {
 		logPath, err := runCLIWithConfig(t.TempDir(), content)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		found, err := ReadLogFileAndSearchString(logPath,
 			"skip enabling the mgmt route as the config prerequisites are not met", 10*time.Second)
@ -1249,6 +1311,7 @@ func TestServeMgmtExtension(t *testing.T) {
 		logPath, err := runCLIWithConfig(t.TempDir(), content)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		found, err := ReadLogFileAndSearchString(logPath,
 			"skip enabling the mgmt route as the config prerequisites are not met", 10*time.Second)
@ -1291,6 +1354,7 @@ func TestServeImageTrustExtension(t *testing.T) {
 		logPath, err := runCLIWithConfig(t.TempDir(), content)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		found, err := ReadLogFileAndSearchString(logPath,
 			"skip enabling the image trust routes as the config prerequisites are not met", 10*time.Second)
@ -1327,6 +1391,7 @@ func TestServeImageTrustExtension(t *testing.T) {
 		logPath, err := runCLIWithConfig(t.TempDir(), content)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		found, err := ReadLogFileAndSearchString(logPath,
 			"skip enabling the image trust routes as the config prerequisites are not met", 10*time.Second)
@ -1365,6 +1430,7 @@ func TestServeImageTrustExtension(t *testing.T) {
 		logPath, err := runCLIWithConfig(t.TempDir(), content)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		found, err := ReadLogFileAndSearchString(logPath,
 			"setting up image trust routes", 10*time.Second)
@ -1400,6 +1466,7 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := `{
 			"distSpecVersion": "1.1.0",
 			"storage": {
@ -1458,7 +1525,9 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldNotContainSubstring, "overlapping sync content")
 	})
@ -1466,6 +1535,7 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := `{
 			"distSpecVersion": "1.1.0",
 			"storage": {
@ -1522,7 +1592,9 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"infra/*")
 	})
@ -1530,6 +1602,7 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := `{
 			"distSpecVersion": "1.1.0",
 			"storage": {
@ -1584,7 +1657,9 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"**")
 	})
@ -1592,6 +1667,7 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := `{
 			"distSpecVersion": "1.1.0",
 			"storage": {
@ -1649,7 +1725,9 @@ func TestOverlappingSyncRetentionConfig(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring, "overlapping sync content\":{\"Prefix\":\"prod/*")
 	})
 }
@ -1714,7 +1792,9 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldNotContainSubstring,
 			"using both sync and remote storage features needs config.Extensions.Sync.DownloadDir to be specified")
 	})
@ -1723,11 +1803,14 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
 		port := GetFreePort()
 		logFile, err := os.CreateTemp("", "zot-log*.txt")
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{
 			"distSpecVersion": "1.1.0",
 			"storage": {
@ -1781,7 +1864,9 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
 		data, err := os.ReadFile(logFile.Name())
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
 		So(string(data), ShouldContainSubstring,
 			"using both sync and remote storage features needs config.Extensions.Sync.DownloadDir to be specified")
 	})
@ -1790,11 +1875,14 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
 		port := GetFreePort()
 		logFile, err := os.CreateTemp("", "zot-log*.txt")
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := fmt.Sprintf(`{
 			"distSpecVersion": "1.1.0",
 			"storage": {
@ -1853,6 +1941,7 @@ func TestSyncWithRemoteStorageConfig(t *testing.T) {
 		data, err := os.ReadFile(logFile.Name())
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
 		So(string(data), ShouldContainSubstring,
 			"using both sync and remote storage features needs config.Extensions.Sync.DownloadDir to be specified")
 	})
--- a/pkg/cli/server/root.go
+++ b/pkg/cli/server/root.go
@ -590,6 +590,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
 					defaultDBDownloadURL := "ghcr.io/aquasecurity/trivy-db"
 					log.Info().Str("url", defaultDBDownloadURL).Str("component", "config").
 						Msg("using default trivy-db download URL.")
 					config.Extensions.Search.CVE.Trivy.DBRepository = defaultDBDownloadURL
 				}
@ -597,6 +598,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
 					defaultJavaDBDownloadURL := "ghcr.io/aquasecurity/trivy-java-db"
 					log.Info().Str("url", defaultJavaDBDownloadURL).Str("component", "config").
 						Msg("using default trivy-java-db download URL.")
 					config.Extensions.Search.CVE.Trivy.JavaDBRepository = defaultJavaDBDownloadURL
 				}
 			}
@ -618,7 +620,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
 			}
 			if config.Extensions.Scrub.Interval == 0 {
-				config.Extensions.Scrub.Interval = 24 * time.Hour //nolint: gomnd
+				config.Extensions.Scrub.Interval = 24 * time.Hour //nolint:mnd
 			}
 		}
@ -651,7 +653,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
 	// apply deleteUntagged default
 	for idx := range config.Storage.Retention.Policies {
-		if !viperInstance.IsSet("storage::retention::policies::" + fmt.Sprint(idx) + "::deleteUntagged") {
+		if !viperInstance.IsSet("storage::retention::policies::" + strconv.Itoa(idx) + "::deleteUntagged") {
 			config.Storage.Retention.Policies[idx].DeleteUntagged = &defaultVal
 		}
 	}
@ -720,7 +722,9 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper, log z
 		// apply deleteUntagged default
 		for idx := range storageConfig.Retention.Policies {
-			deleteUntaggedKey := "storage::subpaths::" + name + "::retention::policies::" + fmt.Sprint(idx) + "::deleteUntagged"
+			deleteUntaggedKey := fmt.Sprintf("storage::subpaths::%s::retention::policies::%d::deleteUntagged",
 				name, idx,
 			)
 			if !viperInstance.IsSet(deleteUntaggedKey) {
 				storageConfig.Retention.Policies[idx].DeleteUntagged = &defaultVal
 			}
--- a/pkg/cli/server/root_test.go
+++ b/pkg/cli/server/root_test.go
@ -122,12 +122,15 @@ func TestVerify(t *testing.T) {
 	Convey("Test verify bad config", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"log":{}}`)
 		_, err = tmpfile.Write(content)
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -136,7 +139,9 @@ func TestVerify(t *testing.T) {
 	Convey("Test verify config with no extension", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot"},
 							"log":{"level":"debug"}}`)
@ -144,6 +149,7 @@ func TestVerify(t *testing.T) {
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -152,7 +158,9 @@ func TestVerify(t *testing.T) {
 	Convey("Test verify config with dotted config name", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", ".zot-test*")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`
 distspecversion: 1.1.0
 http:
@ -168,6 +176,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -566,7 +575,9 @@ storage:
 	Convey("Test verify with bad gc retention repo patterns", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{
 			"distSpecVersion": "1.1.0",
 			"storage": {
@ -607,14 +618,18 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
 	})
 	Convey("Test verify with bad gc image retention tag regex", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{
 			"distSpecVersion": "1.1.0",
 			"storage": {
@ -647,7 +662,9 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		So(cli.NewServerRootCmd().Execute(), ShouldNotBeNil)
 	})
@ -710,7 +727,9 @@ storage:
 	Convey("Test verify storage driver different than s3", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot", "storageDriver": {"name": "gcs"}},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
@ -718,6 +737,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -726,7 +746,9 @@ storage:
 	Convey("Test verify subpath storage driver different than s3", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot", "storageDriver": {"name": "s3"},
 							"subPaths": {"/a": {"rootDirectory": "/zot-a","storageDriver": {"name": "gcs"}}}},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
@ -735,6 +757,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -743,13 +766,16 @@ storage:
 	Convey("Test verify subpath storage config", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot",
 							"subPaths": {"/a": {"rootDirectory": "/zot-a"},"/b": {"rootDirectory": "/zot-a"}}},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
 		err = os.WriteFile(tmpfile.Name(), content, 0o0600)
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -762,6 +788,7 @@ storage:
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
 		err = os.WriteFile(tmpfile.Name(), content, 0o0600)
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -773,6 +800,7 @@ storage:
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
 		err = os.WriteFile(tmpfile.Name(), content, 0o0600)
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -784,6 +812,7 @@ storage:
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
 		err = os.WriteFile(tmpfile.Name(), content, 0o0600)
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -795,6 +824,7 @@ storage:
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
 		err = os.WriteFile(tmpfile.Name(), content, 0o0600)
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -806,6 +836,7 @@ storage:
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
 		err = os.WriteFile(tmpfile.Name(), content, 0o0600)
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -817,6 +848,7 @@ storage:
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}}}`)
 		err = os.WriteFile(tmpfile.Name(), content, 0o0600)
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -825,7 +857,9 @@ storage:
 	Convey("Test verify w/ authorization and w/o authentication", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 		 					"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							 "accessControl":{"repositories":{},"adminPolicy":{"users":["admin"],
@ -834,6 +868,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -842,7 +877,9 @@ storage:
 	Convey("Test verify w/ authorization and w/ authentication", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1},
@ -852,6 +889,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -860,7 +898,9 @@ storage:
 	Convey("Test verify anonymous authorization", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 		 					"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							 "accessControl":{"repositories":{"**":{"anonymousPolicy": ["read", "create"]},
@ -870,6 +910,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -878,7 +919,9 @@ storage:
 	Convey("Test verify admin policy authz is not allowed if no authn is configured", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 		 					"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 								"accessControl":{
@ -896,6 +939,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -904,7 +948,9 @@ storage:
 	Convey("Test verify default policy authz is not allowed if no authn is configured", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 								"accessControl":{
@ -918,6 +964,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -926,7 +973,9 @@ storage:
 	Convey("Test verify authz per user policies fail if no authn is configured", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 								"accessControl":{
@ -945,6 +994,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -953,7 +1003,9 @@ storage:
 	Convey("Test verify w/ sync and w/o filesystem storage", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot", "storageDriver": {"name": "s3"}},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -963,6 +1015,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -971,7 +1024,9 @@ storage:
 	Convey("Test verify w/ sync and w/ filesystem storage", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -981,6 +1036,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -989,7 +1045,9 @@ storage:
 	Convey("Test verify with bad sync prefixes", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1000,6 +1058,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1008,7 +1067,9 @@ storage:
 	Convey("Test verify with bad sync content config", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1019,6 +1080,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1027,7 +1089,9 @@ storage:
 	Convey("Test verify with good sync content config", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1038,6 +1102,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -1046,7 +1111,9 @@ storage:
 	Convey("Test verify with bad authorization repo patterns", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1},
@ -1055,6 +1122,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1063,7 +1131,9 @@ storage:
 	Convey("Test verify sync config default tls value", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1074,6 +1144,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -1082,7 +1153,9 @@ storage:
 	Convey("Test verify sync without retry options", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"htpasswd":{"path":"test/data/htpasswd"},"failDelay":1}},
@ -1092,6 +1165,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1100,7 +1174,9 @@ storage:
 	Convey("Test verify config with unknown keys", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
 							"http": {"url": "127.0.0.1", "port": "8080"},
 							"log": {"level": "debug"}}`)
@ -1108,6 +1184,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1116,7 +1193,9 @@ storage:
 	Convey("Test verify openid config with missing parameter", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"openid":{"providers":{"oidc":{"issuer":"http://127.0.0.1:5556/dex"}}}}},
@ -1125,6 +1204,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1133,7 +1213,9 @@ storage:
 	Convey("Test verify oauth2 config with missing parameter", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"openid":{"providers":{"github":{"clientid":"client_id"}}}}},
@ -1142,6 +1224,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1150,7 +1233,9 @@ storage:
 	Convey("Test verify openid config with unsupported provider", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"openid":{"providers":{"unsupported":{"issuer":"http://127.0.0.1:5556/dex"}}}}},
@ -1159,6 +1244,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1167,7 +1253,9 @@ storage:
 	Convey("Test verify openid config without apikey extension enabled", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
 							"http":{"address":"127.0.0.1","port":"8080","realm":"zot",
 							"auth":{"openid":{"providers":{"oidc":{"issuer":"http://127.0.0.1:5556/dex",
@ -1177,6 +1265,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -1185,7 +1274,9 @@ storage:
 	Convey("Test verify config with missing basedn key", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
 							"http": {"auth": {"ldap": {"address": "ldap", "userattribute": "uid"}},
 							"address": "127.0.0.1", "port": "8080"},
@ -1194,6 +1285,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1202,7 +1294,9 @@ storage:
 	Convey("Test verify config with missing address key", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
 							"http": {"auth": {"ldap": {"basedn": "ou=Users,dc=example,dc=org", "userattribute": "uid"}},
 							"address": "127.0.0.1", "port": "8080"},
@ -1211,6 +1305,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1219,7 +1314,9 @@ storage:
 	Convey("Test verify config with missing userattribute key", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
 							"http": {"auth": {"ldap": {"basedn": "ou=Users,dc=example,dc=org", "address": "ldap"}},
 							"address": "127.0.0.1", "port": "8080"},
@ -1228,6 +1325,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldNotBeNil)
@ -1236,7 +1334,9 @@ storage:
 	Convey("Test verify good config", t, func(c C) {
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name()) // clean up
 		content := []byte(`{"distSpecVersion": "1.0.0", "storage": {"rootDirectory": "/tmp/zot"},
 							"http": {"address": "127.0.0.1", "port": "8080"},
 							"log": {"level": "debug"}}`)
@ -1244,6 +1344,7 @@ storage:
 		So(err, ShouldBeNil)
 		err = tmpfile.Close()
 		So(err, ShouldBeNil)
 		os.Args = []string{"cli_test", "verify", tmpfile.Name()}
 		err = cli.NewServerRootCmd().Execute()
 		So(err, ShouldBeNil)
@ -1446,6 +1547,7 @@ func TestApiKeyConfig(t *testing.T) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
@ -1466,6 +1568,7 @@ func TestApiKeyConfig(t *testing.T) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
@ -1484,6 +1587,7 @@ func TestApiKeyConfig(t *testing.T) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{"distSpecVersion":"1.1.0","storage":{"rootDirectory":"/tmp/zot"},
@ -1527,6 +1631,7 @@ func TestServeAPIKey(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring, "\"APIKey\":true")
 	})
@ -1553,6 +1658,7 @@ func TestServeAPIKey(t *testing.T) {
 		So(err, ShouldBeNil)
 		data, err := os.ReadFile(logPath)
 		So(err, ShouldBeNil)
 		defer os.Remove(logPath) // clean up
 		So(string(data), ShouldContainSubstring, "\"APIKey\":false")
 	})
@ -1568,7 +1674,9 @@ func TestLoadConfig(t *testing.T) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot",
 							"subPaths": {"/a": {"rootDirectory": "/tmp/zot","dedupe":"true","gc":"true","gcDelay":"1s","gcInterval":"1s"},
 							"/b": {"rootDirectory": "/zot-a","dedupe":"true","gc":"true","gcDelay":"1s"}}},
@ -1634,6 +1742,7 @@ func TestLoadConfig(t *testing.T) {
 		config := config.New()
 		tmpfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(tmpfile.Name())
 		content := []byte(`{"storage":{"rootDirectory":"/tmp/zot",
@ -1812,12 +1921,15 @@ func TestScrub(t *testing.T) {
 		Convey("bad config", func(c C) {
 			tmpfile, err := os.CreateTemp("", "zot-test*.json")
 			So(err, ShouldBeNil)
 			defer os.Remove(tmpfile.Name()) // clean up
 			content := []byte(`{"log":{}}`)
 			_, err = tmpfile.Write(content)
 			So(err, ShouldBeNil)
 			err = tmpfile.Close()
 			So(err, ShouldBeNil)
 			os.Args = []string{"cli_test", "scrub", tmpfile.Name()}
 			err = cli.NewServerRootCmd().Execute()
 			So(err, ShouldNotBeNil)
@ -1837,7 +1949,9 @@ func TestScrub(t *testing.T) {
 			tmpfile, err := os.CreateTemp("", "zot-test*.json")
 			So(err, ShouldBeNil)
 			defer os.Remove(tmpfile.Name()) // clean up
 			content := []byte(fmt.Sprintf(`{
 				"storage": {
 					"rootDirectory": "%s"
@ -1867,7 +1981,9 @@ func TestScrub(t *testing.T) {
 			tmpfile, err := os.CreateTemp("", "zot-test*.json")
 			So(err, ShouldBeNil)
 			defer os.Remove(tmpfile.Name()) // clean up
 			content := []byte(fmt.Sprintf(`{
 				"storage": {
 					"rootDirectory": ""
@ -1884,6 +2000,7 @@ func TestScrub(t *testing.T) {
 			So(err, ShouldBeNil)
 			err = tmpfile.Close()
 			So(err, ShouldBeNil)
 			os.Args = []string{"cli_test", "scrub", tmpfile.Name()}
 			err = cli.NewServerRootCmd().Execute()
 			So(err, ShouldNotBeNil)
@ -1901,27 +2018,29 @@ func TestScrub(t *testing.T) {
 				panic(err)
 			}
-			if err := os.MkdirAll(fmt.Sprintf("%s/blobs", repo), 0o755); err != nil {
+			if err := os.MkdirAll(repo+"/blobs", 0o755); err != nil {
 				panic(err)
 			}
-			if _, err = os.Stat(fmt.Sprintf("%s/oci-layout", repo)); err != nil {
+			if _, err = os.Stat(repo + "/oci-layout"); err != nil {
 				content := []byte(`{"imageLayoutVersion": "1.0.0"}`)
-				if err = os.WriteFile(fmt.Sprintf("%s/oci-layout", repo), content, 0o600); err != nil {
+				if err = os.WriteFile(repo+"/oci-layout", content, 0o600); err != nil {
 					panic(err)
 				}
 			}
-			if _, err = os.Stat(fmt.Sprintf("%s/index.json", repo)); err != nil {
+			if _, err = os.Stat(repo + "/index.json"); err != nil {
 				content := []byte(`not a JSON content`)
-				if err = os.WriteFile(fmt.Sprintf("%s/index.json", repo), content, 0o600); err != nil {
+				if err = os.WriteFile(repo+"/index.json", content, 0o600); err != nil {
 					panic(err)
 				}
 			}
 			tmpfile, err := os.CreateTemp("", "zot-test*.json")
 			So(err, ShouldBeNil)
 			defer os.Remove(tmpfile.Name()) // clean up
 			content := []byte(fmt.Sprintf(`{
 				"storage": {
 					"rootDirectory": "%s"
--- a/pkg/cli/server/stress_test.go
+++ b/pkg/cli/server/stress_test.go
@ -52,6 +52,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
 			if err != nil {
 				t.Logf("error when reading zot log file:\n%s\n", err)
 			}
 			t.Logf("\n\n Zot log file content:\n%s\n", string(data))
 			os.Remove(logFile.Name())
 		}()
@ -67,6 +68,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
 			if err != nil {
 				t.Logf("error when listing storage files:\n%s\n", err)
 			}
 			t.Logf("Listing Storage root FS:\n%s\n", out)
 		}()
@ -94,6 +96,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
 		cfgfile, err := os.CreateTemp("", "zot-test*.json")
 		So(err, ShouldBeNil)
 		defer os.Remove(cfgfile.Name()) // clean up
 		_, err = cfgfile.WriteString(content)
 		So(err, ShouldBeNil)
@ -104,10 +107,12 @@ func TestStressTooManyOpenFiles(t *testing.T) {
 			"copy", "--format=oci", "--insecure-policy", "--dest-tls-verify=false",
 			"docker://public.ecr.aws/zomato/alpine:3.11.3", fmt.Sprintf("oci:%s:alpine", dir),
 		}
 		out, err := exec.Command("skopeo", skopeoArgs...).Output()
 		if err != nil {
 			t.Logf("\nerror on skopeo copy:\n%s\n", err)
 		}
 		So(err, ShouldBeNil)
 		t.Logf("\nCopy test image locally:\n%s\n", out)
@ -122,6 +127,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
 				worker(i, port, dir)
 			}()
 		}
 		wg.Wait()
 		_, err = setMaxOpenFilesLimit(initialLimit)
@ -142,6 +148,7 @@ func TestStressTooManyOpenFiles(t *testing.T) {
 			if err != nil {
 				t.Logf("error when reading zot scrub file:\n%s\n", err)
 			}
 			t.Logf("\n\n Zot scrub file content:\n%s\n", string(data))
 			os.Remove(scrubFile.Name())
 		}()
@ -170,6 +177,7 @@ func worker(id int, zotPort, rootDir string) {
 			"copy", "--format=oci", "--insecure-policy", "--dest-tls-verify=false",
 			sourceImg, destImg,
 		}
 		err := exec.Command("skopeo", skopeoArgs...).Run()
 		if err != nil { //nolint: wsl
 			continue // we expect clients to receive errors due to FD limit reached on server
--- a/pkg/common/common_test.go
+++ b/pkg/common/common_test.go
@ -46,10 +46,12 @@ func TestCommon(t *testing.T) {
 	Convey("test dirExists()", t, func() {
 		exists := common.DirExists("testdir")
 		So(exists, ShouldBeFalse)
 		tempDir := t.TempDir()
 		file, err := os.Create(path.Join(tempDir, "file.txt"))
 		So(err, ShouldBeNil)
 		isDir := common.DirExists(file.Name())
 		So(isDir, ShouldBeFalse)
 	})
@ -75,6 +77,7 @@ func TestCommon(t *testing.T) {
 		So(err, ShouldBeNil)
 		So(localSockets, ShouldNotBeEmpty)
 		So(localSockets, ShouldContain, "127.0.0.1:8765")
 		for _, socket := range localSockets {
 			lastColonIndex := strings.LastIndex(socket, ":")
 			So(socket[lastColonIndex+1:], ShouldEqual, "8765")
@ -86,6 +89,7 @@ func TestCommon(t *testing.T) {
 		So(err, ShouldBeNil)
 		So(localSockets, ShouldNotBeEmpty)
 		So(localSockets, ShouldContain, "[::1]:8766")
 		for _, socket := range localSockets {
 			lastColonIndex := strings.LastIndex(socket, ":")
 			So(socket[lastColonIndex+1:], ShouldEqual, "8766")
@ -94,9 +98,10 @@ func TestCommon(t *testing.T) {
 	Convey("Test GetIPFromHostName with valid hostname", t, func() {
 		addrs, err := common.GetIPFromHostName("github.com")
 		// we can't check the actual addresses here as they can change
 		So(err, ShouldBeNil)
 		So(addrs, ShouldNotBeEmpty)
 		// we can't check the actual addresses here as they can change
 	})
 	Convey("Test GetIPFromHostName with non-existent hostname", t, func() {
--- a/pkg/common/http_client.go
+++ b/pkg/common/http_client.go
@ -39,7 +39,6 @@ func loadPerHostCerts(caCertPool *x509.CertPool, host string) *tls.Config {
 	if DirExists(clientCertsDir) {
 		tlsConfig, err := GetTLSConfig(clientCertsDir, caCertPool)
 		if err == nil {
 			return tlsConfig
 		}
@ -49,7 +48,6 @@ func loadPerHostCerts(caCertPool *x509.CertPool, host string) *tls.Config {
 	clientCertsDir = filepath.Join(certsPath, host)
 	if DirExists(clientCertsDir) {
 		tlsConfig, err := GetTLSConfig(clientCertsDir, caCertPool)
 		if err == nil {
 			return tlsConfig
 		}
--- a/pkg/compliance/v1_0_0/check.go
+++ b/pkg/compliance/v1_0_0/check.go
@ -39,7 +39,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 		defer outputJSONExit()
 	}
-	baseURL := fmt.Sprintf("http://%s", net.JoinHostPort(config.Address, config.Port))
+	baseURL := "http://" + net.JoinHostPort(config.Address, config.Port)
 	storageInfo := config.StorageInfo
@ -62,6 +62,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 			So(resp.String(), ShouldNotBeEmpty)
 			So(resp.Header().Get("Content-Type"), ShouldEqual, constants.DefaultMediaType)
 			var repoList api.RepositoryList
 			err = json.Unmarshal(resp.Body(), &repoList)
 			So(err, ShouldBeNil)
@ -84,6 +85,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			So(resp.String(), ShouldNotBeEmpty)
 			result, ok := resp.Result().(*api.RepositoryList)
 			So(ok, ShouldBeTrue)
 			if !config.Compliance {
 				// stricter check for zot ci/cd
 				So(len(result.Repositories), ShouldBeGreaterThan, 0)
@ -107,6 +109,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			resp, err = resty.R().Get(baseURL + "/v2/repo1/tags/list")
 			So(err, ShouldBeNil)
 			if !config.Compliance {
 				// stricter check for zot ci/cd
 				So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@ -128,6 +131,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			resp, err = resty.R().Get(baseURL + "/v2/repo2/tags/list")
 			So(err, ShouldBeNil)
 			if !config.Compliance {
 				// stricter check for zot ci/cd
 				So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@ -138,6 +142,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			content := []byte("this is a blob1")
 			digest := godigest.FromBytes(content)
 			So(digest, ShouldNotBeNil)
 			resp, err = resty.R().Put(loc)
 			So(err, ShouldBeNil)
 			So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
@ -221,6 +226,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			resp, err = resty.R().Get(baseURL + "/v2/repo10/repo20/repo30/tags/list")
 			So(err, ShouldBeNil)
 			if !config.Compliance {
 				// stricter check for zot ci/cd
 				So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@ -231,6 +237,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			content := []byte("this is a blob3")
 			digest := godigest.FromBytes(content)
 			So(digest, ShouldNotBeNil)
 			resp, err = resty.R().Put(loc)
 			So(err, ShouldBeNil)
 			So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
@ -271,6 +278,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			So(loc, ShouldNotBeEmpty)
 			var buf bytes.Buffer
 			chunk1 := []byte("this is the first chunk1")
 			nbytes, err := buf.Write(chunk1)
 			So(nbytes, ShouldEqual, len(chunk1))
@ -315,6 +323,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			So(err, ShouldBeNil)
 			So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
 			blobLoc := test.Location(baseURL, resp)
 			So(err, ShouldBeNil)
 			So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
 			So(blobLoc, ShouldNotBeEmpty)
@ -339,6 +348,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			So(loc, ShouldNotBeEmpty)
 			var buf bytes.Buffer
 			chunk1 := []byte("this is the first chunk2")
 			nbytes, err := buf.Write(chunk1)
 			So(nbytes, ShouldEqual, len(chunk1))
@ -383,6 +393,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			So(err, ShouldBeNil)
 			So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
 			blobLoc := test.Location(baseURL, resp)
 			So(err, ShouldBeNil)
 			So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
 			So(blobLoc, ShouldNotBeEmpty)
@ -466,6 +477,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			resp, err = resty.R().Get(loc)
 			So(err, ShouldBeNil)
 			So(resp.StatusCode(), ShouldEqual, http.StatusNoContent)
 			content := []byte("this is a blob5")
 			digest := godigest.FromBytes(content)
 			So(digest, ShouldNotBeNil)
@ -606,9 +618,11 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 			if strings.HasPrefix(nextURL, "<") || strings.HasPrefix(nextURL, "\"") {
 				nextURL = nextURL[1:]
 			}
 			if strings.HasSuffix(nextURL, ">") || strings.HasSuffix(nextURL, "\"") {
 				nextURL = nextURL[:len(nextURL)-1]
 			}
 			nextURL = baseURL + nextURL
 			resp, err = resty.R().Get(nextURL)
--- a/pkg/debug/pprof/pprof_test.go
+++ b/pkg/debug/pprof/pprof_test.go
@ -31,6 +31,7 @@ func TestProfilingAuthz(t *testing.T) {
 		testCreds := test.GetCredString(adminUsername, adminPassword) +
 			test.GetCredString(username, password)
 		htpasswdPath := test.MakeHtpasswdFileFromString(testCreds)
 		defer os.Remove(htpasswdPath)
 		conf := config.New()
@ -41,6 +42,7 @@ func TestProfilingAuthz(t *testing.T) {
 			ctlr := api.NewController(conf)
 			cm := test.NewControllerManager(ctlr)
 			cm.StartAndWait(port)
 			defer cm.StopServer()
 			// unauthenticated clients should have access to /v2/
@ -103,6 +105,7 @@ func TestProfilingAuthz(t *testing.T) {
 			ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password")
 			cm := test.NewControllerManager(ctlr)
 			cm.StartAndWait(port)
 			defer cm.StopServer()
 			// unauthenticated clients should not have access to /v2/
@ -160,6 +163,7 @@ func TestProfilingAuthz(t *testing.T) {
 			ctlr := api.NewController(conf)
 			cm := test.NewControllerManager(ctlr)
 			cm.StartAndWait(port)
 			defer cm.StopServer()
 			// unauthenticated clients should have access to /v2/
--- a/pkg/exporter/api/controller_test.go
+++ b/pkg/exporter/api/controller_test.go
@ -93,6 +93,7 @@ func TestNewExporter(t *testing.T) {
 	Convey("Make an exporter controller", t, func() {
 		exporterConfig := api.DefaultConfig()
 		So(exporterConfig, ShouldNotBeNil)
 		exporterPort := GetFreePort()
 		serverPort := GetFreePort()
 		exporterConfig.Exporter.Port = exporterPort
@ -131,6 +132,7 @@ func TestNewExporter(t *testing.T) {
 			Convey("When zot server is running", func() {
 				servercConfig := zotcfg.New()
 				So(servercConfig, ShouldNotBeNil)
 				baseURL := fmt.Sprintf(BaseURL, serverPort)
 				servercConfig.HTTP.Port = serverPort
 				servercConfig.BinaryType = "minimal"
@ -140,6 +142,7 @@ func TestNewExporter(t *testing.T) {
 				So(serverController, ShouldNotBeNil)
 				dir := t.TempDir()
 				serverController.Config.Storage.RootDirectory = dir
 				go func(ctrl *zotapi.Controller) {
 					if err := ctrl.Init(); err != nil {
@ -151,6 +154,7 @@ func TestNewExporter(t *testing.T) {
 						panic(err)
 					}
 				}(serverController)
 				defer func(ctrl *zotapi.Controller) {
 					_ = ctrl.Server.Shutdown(context.TODO())
 				}(serverController)
@ -160,6 +164,7 @@ func TestNewExporter(t *testing.T) {
 					if err == nil {
 						break
 					}
 					time.Sleep(SleepTime)
 				}
@ -223,10 +228,12 @@ func TestNewExporter(t *testing.T) {
 					if err != nil {
 						panic(err)
 					}
 					reqsSize := int(nBig.Int64())
 					for i := 0; i < reqsSize; i++ {
 						monitoring.IncDownloadCounter(serverController.Metrics, "dummyrepo")
 					}
 					time.Sleep(SleepTime)
 					go func() {
@ -303,16 +310,19 @@ func TestNewExporter(t *testing.T) {
 				})
 				Convey("Collecting data: Test that concurent Summary observation requests works properly", func() {
 					var latencySum float64
 					nBig, err := rand.Int(rand.Reader, big.NewInt(1000))
 					if err != nil {
 						panic(err)
 					}
 					reqsSize := int(nBig.Int64())
 					for i := 0; i < reqsSize; i++ {
 						latency := getRandomLatency()
 						latencySum += latency.Seconds()
 						monitoring.ObserveHTTPRepoLatency(serverController.Metrics, "/v2/dummyrepo/manifests/testreference", latency)
 					}
 					time.Sleep(SleepTime)
 					go func() {
@ -372,6 +382,7 @@ func TestNewExporter(t *testing.T) {
 						err = pmMetric.Write(&metric)
 						So(err, ShouldBeNil)
 						if latency.Seconds() < fvalue {
 							So(*metric.Counter.Value, ShouldEqual, 1)
 						} else {
@ -415,6 +426,7 @@ func TestNewExporter(t *testing.T) {
 						err = pmMetric.Write(&metric)
 						So(err, ShouldBeNil)
 						if latency.Seconds() < fvalue {
 							So(*metric.Counter.Value, ShouldEqual, 1)
 						} else {
@ -440,9 +452,11 @@ func TestNewExporter(t *testing.T) {
 							latency = time.Duration(pvalue*float64(time.Second)) +
 								getRandomLatencyN(int64(dBuckets[0]*float64(time.Second)))
 						}
 						latencySum += latency.Seconds()
 						monitoring.ObserveHTTPMethodLatency(serverController.Metrics, "GET", latency)
 					}
 					time.Sleep(SleepTime)
 					go func() {
@ -489,11 +503,14 @@ func TestNewExporter(t *testing.T) {
 					if err != nil {
 						panic(err)
 					}
 					workersSize := int(nBig.Int64())
 					for i := 0; i < workersSize; i++ {
 						wg.Add(1)
 						go func() {
 							defer wg.Done()
 							m := serverController.Metrics.ReceiveMetrics()
 							json := jsoniter.ConfigCompatibleWithStandardLibrary
@ -503,6 +520,7 @@ func TestNewExporter(t *testing.T) {
 							}
 						}()
 					}
 					wg.Wait()
 				})
 				Convey("Negative testing: Increment a counter that does not exist", func() {
--- a/pkg/exporter/api/exporter.go
+++ b/pkg/exporter/api/exporter.go
@ -171,7 +171,7 @@ func GetCollector(c *Controller) *Collector {
 }
 func runExporter(c *Controller) {
-	exporterAddr := fmt.Sprintf(":%s", c.Config.Exporter.Port)
+	exporterAddr := ":" + c.Config.Exporter.Port
 	server := &http.Server{
 		Addr:              exporterAddr,
 		IdleTimeout:       idleTimeout,
--- a/pkg/extensions/extension_image_trust.go
+++ b/pkg/extensions/extension_image_trust.go
@ -175,8 +175,8 @@ func SetupImageTrustExtension(conf *config.Config, metaDB mTypes.MetaDB, log log
 	if conf.Storage.RemoteCache {
 		endpoint, _ := conf.Storage.CacheDriver["endpoint"].(string)
 		region, _ := conf.Storage.CacheDriver["region"].(string)
 		imgTrustStore, err = imagetrust.NewAWSImageTrustStore(region, endpoint)
 		imgTrustStore, err = imagetrust.NewAWSImageTrustStore(region, endpoint)
 		if err != nil {
 			return err
 		}
--- a/pkg/extensions/extension_image_trust_test.go
+++ b/pkg/extensions/extension_image_trust_test.go
@ -6,6 +6,7 @@ package extensions_test
 import (
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
@ -42,7 +43,7 @@ import (
 type errReader int
 func (errReader) Read(p []byte) (int, error) {
-	return 0, fmt.Errorf("test error") //nolint:goerr113
+	return 0, errors.New("test error") //nolint:goerr113
 }
 func TestSignatureHandlers(t *testing.T) {
@ -179,6 +180,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		conf := config.New()
 		conf.HTTP.Port = port
 		if cacheDriverParams != nil {
 			conf.Storage.CacheDriver = cacheDriverParams
 		}
@ -251,7 +253,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 			options.KeyOpts{KeyRef: path.Join(keyDir, "cosign.key"), PassFunc: generate.GetPass},
 			options.SignOptions{
 				Registry:          options.RegistryOptions{AllowInsecure: true},
-				AnnotationOptions: options.AnnotationOptions{Annotations: []string{fmt.Sprintf("tag=%s", tag)}},
+				AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=" + tag}},
 				Upload:            true,
 			},
 			[]string{fmt.Sprintf("localhost:%s/%s@%s", port, repo, image.DigestStr())})
@ -299,6 +301,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		conf := config.New()
 		conf.HTTP.Port = port
 		if cacheDriverParams != nil {
 			conf.Storage.CacheDriver = cacheDriverParams
 		}
@ -353,7 +356,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		So(err, ShouldBeNil)
 		// upload the certificate
-		certificateContent, err := os.ReadFile(path.Join(rootDir, "notation/localkeys", fmt.Sprintf("%s.crt", certName)))
+		certificateContent, err := os.ReadFile(path.Join(rootDir, "notation/localkeys", certName+".crt"))
 		So(err, ShouldBeNil)
 		So(certificateContent, ShouldNotBeNil)
@ -402,6 +405,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		conf := config.New()
 		conf.HTTP.Port = port
 		if cacheDriverParams != nil {
 			conf.Storage.CacheDriver = cacheDriverParams
 		}
@ -486,7 +490,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		So(err, ShouldBeNil)
 		// upload the certificate
-		certificateContent, err := os.ReadFile(path.Join(rootDir, "notation/localkeys", fmt.Sprintf("%s.crt", certName)))
+		certificateContent, err := os.ReadFile(path.Join(rootDir, "notation/localkeys", certName+".crt"))
 		So(err, ShouldBeNil)
 		So(certificateContent, ShouldNotBeNil)
@ -564,6 +568,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		conf := config.New()
 		conf.HTTP.Port = port
 		if cacheDriverParams != nil {
 			conf.Storage.CacheDriver = cacheDriverParams
 		}
@ -666,7 +671,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 			options.KeyOpts{KeyRef: path.Join(keyDir, "cosign.key"), PassFunc: generate.GetPass},
 			options.SignOptions{
 				Registry:          options.RegistryOptions{AllowInsecure: true},
-				AnnotationOptions: options.AnnotationOptions{Annotations: []string{fmt.Sprintf("tag=%s", tag)}},
+				AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=" + tag}},
 				Upload:            true,
 			},
 			[]string{fmt.Sprintf("localhost:%s/%s@%s", port, repo, image.DigestStr())})
@ -729,6 +734,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		globalDir := t.TempDir()
 		port := test.GetFreePort()
 		testCreds := test.GetCredString("admin", "admin") + "\n" + test.GetCredString("test", "test")
 		htpasswdPath := test.MakeHtpasswdFileFromString(testCreds)
 		defer os.Remove(htpasswdPath)
@ -741,6 +747,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 				Actions: []string{},
 			},
 		}
 		if cacheDriverParams != nil {
 			conf.Storage.CacheDriver = cacheDriverParams
 		}
@ -825,6 +832,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		conf := config.New()
 		conf.HTTP.Port = port
 		if cacheDriverParams != nil {
 			conf.Storage.CacheDriver = cacheDriverParams
 		}
@ -856,14 +864,16 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		// Write image
 		image := CreateRandomImage()
 		err = WriteImageToFileSystem(image, repo, tag, storeController)
 		So(err, ShouldBeNil)
 		// Write signature
 		sig := CreateImageWith().RandomLayers(1, 2).RandomConfig().Build()
-		So(err, ShouldBeNil)
+
 		ref, err := signature.GetCosignSignatureTagForManifest(image.Manifest)
 		So(err, ShouldBeNil)
 		err = WriteImageToFileSystem(sig, repo, ref, storeController)
 		So(err, ShouldBeNil)
@ -874,6 +884,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		ctlrManager := test.NewControllerManager(ctlr)
 		ctlrManager.StartAndWait(port)
 		defer ctlrManager.StopServer()
 		strQuery := fmt.Sprintf(imageQuery, repo, tag)
@ -929,6 +940,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		conf := config.New()
 		conf.HTTP.Port = port
 		if cacheDriverParams != nil {
 			conf.Storage.CacheDriver = cacheDriverParams
 		}
@ -985,6 +997,7 @@ func RunSignatureUploadAndVerificationTests(t *testing.T, cacheDriverParams map[
 		// Make sure the write to disk fails
 		So(os.Chmod(globalDir, 0o000), ShouldBeNil)
 		defer func() {
 			So(os.Chmod(globalDir, 0o755), ShouldBeNil)
 		}()
--- a/pkg/extensions/extension_scrub.go
+++ b/pkg/extensions/extension_scrub.go
@ -68,7 +68,7 @@ func (gen *taskGenerator) Next() (scheduler.Task, error) {
 	if repo == "" {
 		gen.done = true
-		return nil, nil
+		return nil, nil //nolint:nilnil
 	}
 	gen.lastRepo = repo
--- a/pkg/extensions/extension_ui_test.go
+++ b/pkg/extensions/extension_ui_test.go
@ -31,6 +31,7 @@ func TestUIExtension(t *testing.T) {
 		// stdout and a file
 		logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
 		So(err, ShouldBeNil)
 		logPath := logFile.Name()
 		defer os.Remove(logPath)
--- a/pkg/extensions/extension_userprefs_test.go
+++ b/pkg/extensions/extension_userprefs_test.go
@ -73,11 +73,13 @@ func TestHandlers(t *testing.T) {
 		extensions.PutStar(response, request, mockmetaDB, log)
 		res := response.Result()
 		So(res.StatusCode, ShouldEqual, http.StatusBadRequest)
 		defer res.Body.Close()
 		extensions.PutBookmark(response, request, mockmetaDB, log)
 		res = response.Result()
 		So(res.StatusCode, ShouldEqual, http.StatusBadRequest)
 		defer res.Body.Close()
 	})
@ -88,11 +90,13 @@ func TestHandlers(t *testing.T) {
 		extensions.PutStar(response, request, mockmetaDB, log)
 		res := response.Result()
 		So(res.StatusCode, ShouldEqual, http.StatusNotFound)
 		defer res.Body.Close()
 		extensions.PutBookmark(response, request, mockmetaDB, log)
 		res = response.Result()
 		So(res.StatusCode, ShouldEqual, http.StatusNotFound)
 		defer res.Body.Close()
 	})
@ -111,15 +115,19 @@ func TestHandlers(t *testing.T) {
 			response := httptest.NewRecorder()
 			extensions.PutBookmark(response, request, mockmetaDB, log)
 			res := response.Result()
 			So(res.StatusCode, ShouldEqual, http.StatusNotFound)
 			defer res.Body.Close()
 			So(res.StatusCode, ShouldEqual, http.StatusNotFound)
 			response = httptest.NewRecorder()
 			extensions.PutStar(response, request, mockmetaDB, log)
 			res = response.Result()
 			So(res.StatusCode, ShouldEqual, http.StatusNotFound)
 			defer res.Body.Close()
 			So(res.StatusCode, ShouldEqual, http.StatusNotFound)
 		})
 		Convey("ErrUserDataNotAllowed", func() {
@ -137,15 +145,19 @@ func TestHandlers(t *testing.T) {
 			response := httptest.NewRecorder()
 			extensions.PutBookmark(response, request, mockmetaDB, log)
 			res := response.Result()
 			So(res.StatusCode, ShouldEqual, http.StatusForbidden)
 			defer res.Body.Close()
 			So(res.StatusCode, ShouldEqual, http.StatusForbidden)
 			response = httptest.NewRecorder()
 			extensions.PutStar(response, request, mockmetaDB, log)
 			res = response.Result()
 			So(res.StatusCode, ShouldEqual, http.StatusForbidden)
 			defer res.Body.Close()
 			So(res.StatusCode, ShouldEqual, http.StatusForbidden)
 		})
 		Convey("ErrUnexpectedError", func() {
@ -162,15 +174,19 @@ func TestHandlers(t *testing.T) {
 			}
 			response := httptest.NewRecorder()
 			extensions.PutBookmark(response, request, mockmetaDB, log)
 			res := response.Result()
 			So(res.StatusCode, ShouldEqual, http.StatusInternalServerError)
 			defer res.Body.Close()
 			So(res.StatusCode, ShouldEqual, http.StatusInternalServerError)
 			response = httptest.NewRecorder()
 			extensions.PutStar(response, request, mockmetaDB, log)
 			res = response.Result()
 			So(res.StatusCode, ShouldEqual, http.StatusInternalServerError)
 			defer res.Body.Close()
 			So(res.StatusCode, ShouldEqual, http.StatusInternalServerError)
 		})
 	})
 }
--- a/pkg/extensions/extensions_test.go
+++ b/pkg/extensions/extensions_test.go
@ -5,7 +5,6 @@ package extensions_test
 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
 	"os"
@ -51,6 +50,7 @@ func TestEnableExtension(t *testing.T) {
 		So(err, ShouldBeNil)
 		conf.Log.Level = "info"
 		conf.Log.Output = logFile.Name()
 		defer os.Remove(logFile.Name()) // cleanup
 		ctlr := api.NewController(conf)
@ -87,6 +87,7 @@ func TestMetricsExtension(t *testing.T) {
 		}
 		conf.Log.Level = "info"
 		conf.Log.Output = logFile.Name()
 		defer os.Remove(logFile.Name()) // cleanup
 		ctlr := api.NewController(conf)
@ -146,6 +147,7 @@ func TestMgmtExtension(t *testing.T) {
 		defer func() {
 			conf.HTTP.Auth.HTPasswd.Path = ""
 			os.Remove(htpasswdPath)
 		}()
@ -177,6 +179,7 @@ func TestMgmtExtension(t *testing.T) {
 		found, err := test.ReadLogFileAndSearchString(logFile.Name(),
 			"setting up mgmt routes", mgmtReadyTimeout)
 		So(err, ShouldBeNil)
 		defer func() {
 			if !found {
 				data, err := os.ReadFile(logFile.Name())
@ -363,6 +366,7 @@ func TestMgmtExtension(t *testing.T) {
 		defer func() {
 			conf.HTTP.Auth.HTPasswd.Path = ""
 			os.Remove(htpasswdPath)
 		}()
@ -448,6 +452,7 @@ func TestMgmtExtension(t *testing.T) {
 		defer func() {
 			conf.HTTP.Auth.HTPasswd.Path = ""
 			os.Remove(htpasswdPath)
 		}()
@ -733,6 +738,7 @@ func TestMgmtExtension(t *testing.T) {
 		defer func() {
 			conf.HTTP.Auth.HTPasswd.Path = ""
 			os.Remove(htpasswdPath)
 		}()
@ -865,6 +871,7 @@ func TestMgmtWithBearer(t *testing.T) {
 	Convey("Make a new controller", t, func() {
 		authorizedNamespace := "allowedrepo"
 		unauthorizedNamespace := "notallowedrepo"
 		authTestServer := authutils.MakeAuthTestServer(ServerKey, unauthorizedNamespace)
 		defer authTestServer.Close()
@ -915,19 +922,21 @@ func TestMgmtWithBearer(t *testing.T) {
 		So(err, ShouldBeNil)
 		So(resp, ShouldNotBeNil)
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		var goodToken authutils.AccessTokenResponse
 		err = json.Unmarshal(resp.Body(), &goodToken)
 		So(err, ShouldBeNil)
 		resp, err = resty.R().
-			SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
+			SetHeader("Authorization", "Bearer "+goodToken.AccessToken).
 			Get(baseURL + "/v2/")
 		So(err, ShouldBeNil)
 		So(resp, ShouldNotBeNil)
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		resp, err = resty.R().SetHeader("Authorization",
-			fmt.Sprintf("Bearer %s", goodToken.AccessToken)).Options(baseURL + "/v2/")
+			"Bearer "+goodToken.AccessToken).Options(baseURL + "/v2/")
 		So(err, ShouldBeNil)
 		So(resp, ShouldNotBeNil)
 		So(resp.StatusCode(), ShouldEqual, http.StatusNoContent)
@ -949,7 +958,7 @@ func TestMgmtWithBearer(t *testing.T) {
 		So(err, ShouldBeNil)
 		resp, err = resty.R().
-			SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
+			SetHeader("Authorization", "Bearer "+goodToken.AccessToken).
 			Post(baseURL + "/v2/" + authorizedNamespace + "/blobs/uploads/")
 		So(err, ShouldBeNil)
 		So(resp, ShouldNotBeNil)
@ -969,12 +978,14 @@ func TestMgmtWithBearer(t *testing.T) {
 		So(err, ShouldBeNil)
 		So(resp, ShouldNotBeNil)
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		var badToken authutils.AccessTokenResponse
 		err = json.Unmarshal(resp.Body(), &badToken)
 		So(err, ShouldBeNil)
 		resp, err = resty.R().
-			SetHeader("Authorization", fmt.Sprintf("Bearer %s", badToken.AccessToken)).
+			SetHeader("Authorization", "Bearer "+badToken.AccessToken).
 			Post(baseURL + "/v2/" + unauthorizedNamespace + "/blobs/uploads/")
 		So(err, ShouldBeNil)
 		So(resp, ShouldNotBeNil)
--- a/pkg/extensions/get_extensions_disabled_test.go
+++ b/pkg/extensions/get_extensions_disabled_test.go
@ -37,7 +37,9 @@ func TestGetExensionsDisabled(t *testing.T) {
 		logFile, err := os.CreateTemp("", "zot-log*.txt")
 		So(err, ShouldBeNil)
 		conf.Log.Output = logFile.Name()
 		defer os.Remove(logFile.Name()) // clean up
 		ctlr := makeController(conf, t.TempDir())
--- a/pkg/extensions/imagetrust/image_trust.go
+++ b/pkg/extensions/imagetrust/image_trust.go
@ -18,7 +18,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/session"
 	smanager "github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/aws/aws-secretsmanager-caching-go/secretcache"
-	smithy "github.com/aws/smithy-go"
+	"github.com/aws/smithy-go"
 	godigest "github.com/opencontainers/go-digest"
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
@ -225,7 +225,7 @@ func (gen *sigValidityTaskGenerator) Next() (scheduler.Task, error) {
 		gen.log.Info().Msg("finished generating tasks for updating signatures validity")
-		return nil, nil
+		return nil, nil //nolint:nilnil
 	}
 	return NewValidityTask(gen.metaDB, gen.repos[gen.repoIndex], gen.log), nil
--- a/pkg/extensions/imagetrust/image_trust_test.go
+++ b/pkg/extensions/imagetrust/image_trust_test.go
@ -19,7 +19,7 @@ import (
 	awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
-	smithy "github.com/aws/smithy-go"
+	"github.com/aws/smithy-go"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	guuid "github.com/gofrs/uuid"
 	"github.com/notaryproject/notation-go"
@ -267,7 +267,7 @@ func TestVerifySignatures(t *testing.T) {
 				options.KeyOpts{KeyRef: path.Join(cosignDir, "cosign.key"), PassFunc: generate.GetPass},
 				options.SignOptions{
 					Registry:          options.RegistryOptions{AllowInsecure: true},
-					AnnotationOptions: options.AnnotationOptions{Annotations: []string{fmt.Sprintf("tag=%s", tag)}},
+					AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=" + tag}},
 					Upload:            true,
 				},
 				[]string{fmt.Sprintf("localhost:%s/%s@%s", port, repo, image.DigestStr())})
@ -280,11 +280,14 @@ func TestVerifySignatures(t *testing.T) {
 			So(err, ShouldBeNil)
 			var index ispec.Index
 			err = json.Unmarshal(indexContent, &index)
 			So(err, ShouldBeNil)
-			var rawSignature []byte
+			var (
-			var sigKey string
+				rawSignature []byte
 				sigKey       string
 			)
 			for _, manifest := range index.Manifests {
 				if manifest.Digest != image.Digest() {
@ -460,11 +463,14 @@ func TestVerifySignatures(t *testing.T) {
 			So(err, ShouldBeNil)
 			var index ispec.Index
 			err = json.Unmarshal(indexContent, &index)
 			So(err, ShouldBeNil)
-			var rawSignature []byte
+			var (
-			var sigKey string
+				rawSignature []byte
 				sigKey       string
 			)
 			for _, manifest := range index.Manifests {
 				if manifest.Digest != image.Digest() {
@ -1182,6 +1188,7 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
 		rootDir := t.TempDir()
 		logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
 		So(err, ShouldBeNil)
 		logPath := logFile.Name()
 		defer os.Remove(logPath)
@ -1246,7 +1253,7 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
 				options.KeyOpts{KeyRef: path.Join(keyDir, "cosign.key"), PassFunc: generate.GetPass},
 				options.SignOptions{
 					Registry:          options.RegistryOptions{AllowInsecure: true},
-					AnnotationOptions: options.AnnotationOptions{Annotations: []string{fmt.Sprintf("tag=%s", tag)}},
+					AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=" + tag}},
 					Upload:            true,
 				},
 				[]string{fmt.Sprintf("localhost:%s/%s@%s", port, repo, image.DigestStr())})
@ -1256,11 +1263,14 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
 			So(err, ShouldBeNil)
 			var index ispec.Index
 			err = json.Unmarshal(indexContent, &index)
 			So(err, ShouldBeNil)
-			var rawSignature []byte
+			var (
-			var sigKey string
+				rawSignature []byte
 				sigKey       string
 			)
 			for _, manifest := range index.Manifests {
 				if manifest.Digest != image.Digest() {
@ -1347,8 +1357,10 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
 			err = json.Unmarshal(indexContent, &index)
 			So(err, ShouldBeNil)
-			var rawSignature []byte
+			var (
-			var sigKey string
+				rawSignature []byte
 				sigKey       string
 			)
 			for _, manifest := range index.Manifests {
 				blobContent, err := ctlr.StoreController.DefaultStore.GetBlobContent(repo, manifest.Digest)
@ -1360,6 +1372,7 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
 				So(err, ShouldBeNil)
 				t.Logf("Processing manifest %v", notationSig)
 				if notationSig.Config.MediaType != notreg.ArtifactTypeNotation ||
 					notationSig.Subject.Digest != image.Digest() {
 					continue
@ -1379,8 +1392,8 @@ func RunVerificationTests(t *testing.T, dbDriverParams map[string]interface{}) {
 			certificateContent, err := os.ReadFile(
 				path.Join(notationDir,
-					fmt.Sprintf("notation/truststore/x509/ca/%s", certName),
+					"notation/truststore/x509/ca/"+certName,
-					fmt.Sprintf("%s.crt", certName),
+					certName+".crt",
 				),
 			)
 			So(err, ShouldBeNil)
--- a/pkg/extensions/imagetrust/notation.go
+++ b/pkg/extensions/imagetrust/notation.go
@ -189,7 +189,6 @@ func (cloud *CertificateAWSStorage) InitTrustpolicy(trustpolicy []byte) error {
 		}
 		_, err = cloud.secretsManagerClient.DeleteSecret(context.Background(), deleteSecretParam)
 		if err != nil {
 			return err
 		}
@ -210,7 +209,6 @@ func (cloud *CertificateAWSStorage) recreateSecret(secretInputParam *secretsmana
 	for i := 0; i < maxAttempts; i++ {
 		_, err = cloud.secretsManagerClient.CreateSecret(context.Background(), secretInputParam)
 		if err == nil {
 			return nil
 		}
@ -494,7 +492,6 @@ func (cloud *CertificateAWSStorage) StoreCertificate(
 	}
 	_, err := cloud.secretsManagerClient.CreateSecret(context.Background(), secretInputParam)
 	if err != nil && IsResourceExistsException(err) {
 		return nil
 	}
@ -540,6 +537,7 @@ func parseAndValidateCertificateContent(certificateContent []byte) ([]*x509.Cert
 			if err != nil {
 				return []*x509.Certificate{}, false, fmt.Errorf("%w: %w", zerr.ErrInvalidCertificateContent, err)
 			}
 			certs = append(certs, cert)
 			block, rest = pem.Decode(rest)
 		}
--- a/pkg/extensions/lint/lint_test.go
+++ b/pkg/extensions/lint/lint_test.go
@ -9,6 +9,7 @@ import (
 	"net/http"
 	"os"
 	"path"
 	"strconv"
 	"testing"
 	godigest "github.com/opencontainers/go-digest"
@ -60,7 +61,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		manifestBlob := resp.Body()
 		var manifest ispec.Manifest
 		err = json.Unmarshal(manifestBlob, &manifest)
 		So(err, ShouldBeNil)
@ -106,7 +109,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		manifestBlob := resp.Body()
 		var manifest ispec.Manifest
 		err = json.Unmarshal(manifestBlob, &manifest)
 		So(err, ShouldBeNil)
@ -152,7 +157,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		manifestBlob := resp.Body()
 		var manifest ispec.Manifest
 		err = json.Unmarshal(manifestBlob, &manifest)
 		So(err, ShouldBeNil)
@ -204,7 +211,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		manifestBlob := resp.Body()
 		var manifest ispec.Manifest
 		err = json.Unmarshal(manifestBlob, &manifest)
 		So(err, ShouldBeNil)
@ -221,7 +230,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		configBlob := resp.Body()
 		var imageConfig ispec.Image
 		err = json.Unmarshal(configBlob, &imageConfig)
 		So(err, ShouldBeNil)
@ -239,13 +250,13 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		// upload image config blob
 		resp, err = resty.R().
-			Post(fmt.Sprintf("%s/v2/zot-test/blobs/uploads/", baseURL))
+			Post(baseURL + "/v2/zot-test/blobs/uploads/")
 		So(err, ShouldBeNil)
 		loc := test.Location(baseURL, resp)
 		_, err = resty.R().
 			SetContentLength(true).
-			SetHeader("Content-Length", fmt.Sprintf("%d", len(configContent))).
+			SetHeader("Content-Length", strconv.Itoa(len(configContent))).
 			SetHeader("Content-Type", "application/octet-stream").
 			SetQueryParam("digest", configBlobDigestRaw.String()).
 			SetBody(configContent).
@ -290,12 +301,13 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		manifestBlob := resp.Body()
 		var manifest ispec.Manifest
 		err = json.Unmarshal(manifestBlob, &manifest)
 		So(err, ShouldBeNil)
 		manifest.Annotations = make(map[string]string)
 		manifest.Annotations["annotation1"] = "testFail1"
 		configDigest := manifest.Config.Digest
@ -306,7 +318,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		configBlob := resp.Body()
 		var imageConfig ispec.Image
 		err = json.Unmarshal(configBlob, &imageConfig)
 		So(err, ShouldBeNil)
@ -324,13 +338,13 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		// upload image config blob
 		_, err = resty.R().
-			Post(fmt.Sprintf("%s/v2/zot-test/blobs/uploads/", baseURL))
+			Post(baseURL + "/v2/zot-test/blobs/uploads/")
 		So(err, ShouldBeNil)
 		loc := test.Location(baseURL, resp)
 		_, err = resty.R().
 			SetContentLength(true).
-			SetHeader("Content-Length", fmt.Sprintf("%d", len(configContent))).
+			SetHeader("Content-Length", strconv.Itoa(len(configContent))).
 			SetHeader("Content-Type", "application/octet-stream").
 			SetQueryParam("digest", configBlobDigestRaw.String()).
 			SetBody(configContent).
@ -375,7 +389,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		manifestBlob := resp.Body()
 		var manifest ispec.Manifest
 		err = json.Unmarshal(manifestBlob, &manifest)
 		So(err, ShouldBeNil)
@ -430,7 +446,9 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusOK)
 		manifestBlob := resp.Body()
 		var manifest ispec.Manifest
 		err = json.Unmarshal(manifestBlob, &manifest)
 		So(err, ShouldBeNil)
--- a/pkg/extensions/monitoring/common.go
+++ b/pkg/extensions/monitoring/common.go
@ -23,6 +23,7 @@ func GetDirSize(path string) (int64, error) {
 		if err != nil {
 			return err
 		}
 		if !info.IsDir() {
 			size += info.Size()
 		}
--- a/pkg/extensions/monitoring/extension.go
+++ b/pkg/extensions/monitoring/extension.go
@ -220,8 +220,8 @@ func IncDownloadCounter(ms MetricServer, repo string) {
 func SetStorageUsage(ms MetricServer, rootDir, repo string) {
 	ms.ForceSendMetric(func() {
 		dir := path.Join(rootDir, repo)
 		repoSize, err := GetDirSize(dir)
 		repoSize, err := GetDirSize(dir)
 		if err == nil {
 			repoStorageBytes.WithLabelValues(repo).Set(float64(repoSize))
 		}
--- a/pkg/extensions/monitoring/minimal.go
+++ b/pkg/extensions/monitoring/minimal.go
@ -439,6 +439,7 @@ func (ms *metricServer) HistogramObserve(hv *HistogramValue) {
 		cachedH := ms.cache.Histograms[index]
 		cachedH.Count++
 		cachedH.Sum += hv.Sum
 		for _, fvalue := range GetBuckets(hv.Name) {
 			if hv.Sum <= fvalue {
 				cachedH.Buckets[ms.bucketsF2S[fvalue]]++
@ -478,6 +479,7 @@ func IncHTTPConnRequests(ms MetricServer, lvs ...string) {
 func ObserveHTTPRepoLatency(ms MetricServer, path string, latency time.Duration) {
 	var lvs []string
 	match := re.FindStringSubmatch(path)
 	if len(match) > 1 {
--- a/pkg/extensions/monitoring/monitoring_test.go
+++ b/pkg/extensions/monitoring/monitoring_test.go
@ -90,9 +90,10 @@ func TestExtensionMetrics(t *testing.T) {
 		conf := config.New()
 		conf.HTTP.Port = port
 		var disabled bool
 		conf.Storage.RootDirectory = t.TempDir()
 		conf.Extensions = &extconf.ExtensionConfig{}
 		var disabled bool
 		conf.Extensions.Metrics = &extconf.MetricsConfig{BaseConfig: extconf.BaseConfig{Enable: &disabled}}
 		ctlr := api.NewController(conf)
@ -169,6 +170,7 @@ func TestMetricsAuthentication(t *testing.T) {
 		metricsuser := generateRandomString()
 		metricspass := generateRandomString()
 		content := test.GetCredString(username, password) + "\n" + test.GetCredString(metricsuser, metricspass)
 		htpasswdPath := test.MakeHtpasswdFileFromString(content)
 		defer os.Remove(htpasswdPath)
@ -233,6 +235,7 @@ func TestMetricsAuthorization(t *testing.T) {
 		metricsuser := generateRandomString()
 		metricspass := generateRandomString()
 		content := test.GetCredString(username, password) + "\n" + test.GetCredString(metricsuser, metricspass)
 		htpasswdPath := test.MakeHtpasswdFileFromString(content)
 		defer os.Remove(htpasswdPath)
--- a/pkg/extensions/scrub/scrub.go
+++ b/pkg/extensions/scrub/scrub.go
@ -15,14 +15,14 @@ import (
 // Scrub Extension for repo...
 func RunScrubRepo(ctx context.Context, imgStore storageTypes.ImageStore, repo string, log log.Logger) error {
-	execMsg := fmt.Sprintf("executing scrub to check manifest/blob integrity for %s", path.Join(imgStore.RootDir(), repo))
+	execMsg := "executing scrub to check manifest/blob integrity for " + path.Join(imgStore.RootDir(), repo)
 	log.Info().Msg(execMsg)
 	results, err := storage.CheckRepo(ctx, repo, imgStore)
 	if err != nil {
-		errMessage := fmt.Sprintf("failed to run scrub for %s", path.Join(imgStore.RootDir(), repo))
+		errMessage := "failed to run scrub for " + path.Join(imgStore.RootDir(), repo)
 		log.Error().Err(err).Msg(errMessage)
-		log.Info().Msg(fmt.Sprintf("scrub unsuccessfully completed for %s", path.Join(imgStore.RootDir(), repo)))
+		log.Info().Msg("scrub unsuccessfully completed for " + path.Join(imgStore.RootDir(), repo))
 		return err
 	}
@ -47,7 +47,7 @@ func RunScrubRepo(ctx context.Context, imgStore storageTypes.ImageStore, repo st
 		}
 	}
-	log.Info().Msg(fmt.Sprintf("scrub successfully completed for %s", path.Join(imgStore.RootDir(), repo)))
+	log.Info().Msg("scrub successfully completed for " + path.Join(imgStore.RootDir(), repo))
 	return nil
 }
--- a/pkg/extensions/scrub/scrub_test.go
+++ b/pkg/extensions/scrub/scrub_test.go
@ -5,7 +5,6 @@ package scrub_test
 import (
 	"context"
 	"fmt"
 	"os"
 	"path"
 	"testing"
@ -289,7 +288,7 @@ func TestRunScrubRepo(t *testing.T) {
 		data, err := os.ReadFile(logFile.Name())
 		So(err, ShouldBeNil)
 		So(string(data), ShouldContainSubstring,
-			fmt.Sprintf("failed to run scrub for %s", imgStore.RootDir()))
+			"failed to run scrub for "+imgStore.RootDir())
 		So(os.Chmod(path.Join(dir, repoName), 0o755), ShouldBeNil)
 	})
 }
--- a/pkg/extensions/search/convert/convert_internal_test.go
+++ b/pkg/extensions/search/convert/convert_internal_test.go
@ -161,6 +161,7 @@ func TestCVEConvert(t *testing.T) {
 		Convey("Add CVE Summary to RepoSummary", func() {
 			var repoSummary *gql_generated.RepoSummary
 			So(repoSummary, ShouldBeNil)
 			updateRepoSummaryVulnerabilities(ctx,
--- a/pkg/extensions/search/cve/cve.go
+++ b/pkg/extensions/search/cve/cve.go
@ -212,12 +212,14 @@ func (cveinfo BaseCveInfo) GetImageListWithCVEFixed(ctx context.Context, repo, c
 	if len(vulnerableTags) != 0 {
 		cveinfo.Log.Info().Str("repository", repo).Str("cve-id", cveID).
 			Interface("tags", vulnerableTags).Msg("vulnerable tags")
 		fixedTags = GetFixedTags(allTags, vulnerableTags)
 		cveinfo.Log.Info().Str("repository", repo).Str("cve-id", cveID).
 			Interface("tags", fixedTags).Msg("fixed tags")
 	} else {
 		cveinfo.Log.Info().Str("repository", repo).Str("cve-id", cveID).
 			Msg("image does not contain any tag that have given cve")
 		fixedTags = allTags
 	}
--- a/pkg/extensions/search/cve/cve_test.go
+++ b/pkg/extensions/search/cve/cve_test.go
@ -157,16 +157,14 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:2a9b097b4e4c613dd8185eba55163201a221909f3d430f8df87cd3639afc5929","size":1240,"annotations":{"org.opencontainers.image.ref.name":"commit-aaa7c6e7-squashfs"},"platform":{"architecture":"amd64","os":"linux"}}]}
+	content = `{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:2a9b097b4e4c613dd8185eba55163201a221909f3d430f8df87cd3639afc5929","size":1240,"annotations":{"org.opencontainers.image.ref.name":"commit-aaa7c6e7-squashfs"},"platform":{"architecture":"amd64","os":"linux"}}]}`
 	`)
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-invalid-blob", "index.json"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"config"{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:4b37d4133908ac9a3032ba996020f2ad41354a616b071ca7e726a1df18a0f354","size":1691},"layers":[{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:a01a66356aace53222e92fb6fd990b23eb44ab0e58dff6f853fa9f771ecf3ac5","size":54996992},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:91c26d6934ef2b5c5c4d8458af9bfc4ca46cf90c22380193154964abc8298a7a","size":52330496},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:f281a550ca49746cfc6b8f1ac52f8086b3d5845db2ca18fde980dab62ae3bf7d","size":23343104},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:7ee02568717acdda336c9d56d4dc6ea7f3b1c553e43bb0c0ecc6fd3bbd059d1a","size":5910528},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:8fb33b130588b239235dedd560cdf49d29bbf6f2db5419ac68e4592a85c1f416","size":123269120},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:1b49f0b33d4a696bb94d84c9acab3623e2c195bfb446d446a583a2f9f27b04c3","size":113901568}],"annotations":{"com.cisco.stacker.git_version":"7-dev19-63-gaaa7c6e7","ws.tycho.stacker.git_version":"0.3.26"}}
+	content = `{"schemaVersion":2,"config"{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:4b37d4133908ac9a3032ba996020f2ad41354a616b071ca7e726a1df18a0f354","size":1691},"layers":[{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:a01a66356aace53222e92fb6fd990b23eb44ab0e58dff6f853fa9f771ecf3ac5","size":54996992},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:91c26d6934ef2b5c5c4d8458af9bfc4ca46cf90c22380193154964abc8298a7a","size":52330496},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:f281a550ca49746cfc6b8f1ac52f8086b3d5845db2ca18fde980dab62ae3bf7d","size":23343104},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:7ee02568717acdda336c9d56d4dc6ea7f3b1c553e43bb0c0ecc6fd3bbd059d1a","size":5910528},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:8fb33b130588b239235dedd560cdf49d29bbf6f2db5419ac68e4592a85c1f416","size":123269120},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:1b49f0b33d4a696bb94d84c9acab3623e2c195bfb446d446a583a2f9f27b04c3","size":113901568}],"annotations":{"com.cisco.stacker.git_version":"7-dev19-63-gaaa7c6e7","ws.tycho.stacker.git_version":"0.3.26"}}`
 	`)
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-invalid-blob", "blobs/sha256", "2a9b097b4e4c613dd8185eba55163201a221909f3d430f8df87cd3639afc5929"), content)
 	if err != nil {
@ -181,8 +179,8 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
 	}
 	il := ispec.ImageLayout{Version: ispec.ImageLayoutVersion}
 	buf, err = json.Marshal(il)
 	buf, err = json.Marshal(il)
 	if err != nil {
 		return err
 	}
@ -196,49 +194,51 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`)
+	//nolint:goconst
 	content = `{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "index.json"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:c5c2fd2b07ad4cb025cf20936d6bce6085584b8377780599be4da8a91739f0e8","size":1738},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:3414b5ef0ad2f0390daaf55b63c422eeedef6191d47036a69d8ee396fabdce72","size":58993484},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:a3b04fff744c13dfa4883e01fa35e01af8daa7f72d9e9b6b7fad1f28843846b6","size":55631733},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:754f517f58f302190aa94e025c25890c18e1e811127aed1ef25c189278ec4ab0","size":113612795},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:ec004cd43488b803d6e232599e83a3164394d44fcd9f44755fed7b5791087ede","size":108889651}],"annotations":{"ws.tycho.stacker.git_version":"0.3.19"}}`)
+	content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:c5c2fd2b07ad4cb025cf20936d6bce6085584b8377780599be4da8a91739f0e8","size":1738},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:3414b5ef0ad2f0390daaf55b63c422eeedef6191d47036a69d8ee396fabdce72","size":58993484},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:a3b04fff744c13dfa4883e01fa35e01af8daa7f72d9e9b6b7fad1f28843846b6","size":55631733},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:754f517f58f302190aa94e025c25890c18e1e811127aed1ef25c189278ec4ab0","size":113612795},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:ec004cd43488b803d6e232599e83a3164394d44fcd9f44755fed7b5791087ede","size":108889651}],"annotations":{"ws.tycho.stacker.git_version":"0.3.19"}}`
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-04-08T05:08:43.590117872Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:12:31.0513552Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`)
+	content = `{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-04-08T05:08:43.590117872Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:12:31.0513552Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "c5c2fd2b07ad4cb025cf20936d6bce6085584b8377780599be4da8a91739f0e8"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`)
+	//nolint:goconst
 	content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-05-11T18:17:24.516727354Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:12:31.0513552Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`)
+	content = `{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-05-11T18:17:24.516727354Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:12:31.0513552Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:1fc1d045b241b04fea54333d76d4f57eb1961f9a314413f02a956b76e77a99f0","size":1218},"layers":[{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:c40d72b1556293c00a3e4b6c64c46ef4c7ae4d876dc18bad942b7d1903e8e5b7","size":54745420},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:4115890e3e2563e545e03f264bfecb0097e24e02306ae3e7668dea52e00c6cc2","size":52213357},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:91859e13e0cf704d5405199d73a2d1a0718391dbb183a77c4cb85d99e923ff57","size":109479329},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:20aef84d8098d47a0643a2f99ce05f0deed957b3a259fb708c538f23ed97cc82","size":103996238}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`)
+	content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:1fc1d045b241b04fea54333d76d4f57eb1961f9a314413f02a956b76e77a99f0","size":1218},"layers":[{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:c40d72b1556293c00a3e4b6c64c46ef4c7ae4d876dc18bad942b7d1903e8e5b7","size":54745420},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:4115890e3e2563e545e03f264bfecb0097e24e02306ae3e7668dea52e00c6cc2","size":52213357},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:91859e13e0cf704d5405199d73a2d1a0718391dbb183a77c4cb85d99e923ff57","size":109479329},{"mediaType":"application/vnd.oci.image.layer.squashfs","digest":"sha256:20aef84d8098d47a0643a2f99ce05f0deed957b3a259fb708c538f23ed97cc82","size":103996238}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-05-11T18:17:24.516727354Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-05-11T19:30:02.467956112Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`)
+	content = `{"created": "2020-04-08T05:32:49.805795564Z","author": "","architecture": "amd64","os": "linux","config": {"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs": {"type": "layers","diff_ids": []},"history": [{"created": "2020-05-11T18:17:24.516727354Z","created_by": "stacker umoci repack"}, {"created": "2020-04-08T05:08:53.213437118Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:12:15.999154739Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-05-11T19:30:02.467956112Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:20:38.068800557Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:21:01.956154957Z","created_by": "stacker build","author": "","empty_layer": true}, {"created": "2020-04-08T05:32:24.582132274Z","created_by": "stacker umoci repack","author": ""}, {"created": "2020-04-08T05:32:49.805795564Z","created_by": "stacker build","author": "","empty_layer": true}]}`
 	err = makeTestFile(path.Join(dbDir, "zot-squashfs-test", "blobs/sha256", "1fc1d045b241b04fea54333d76d4f57eb1961f9a314413f02a956b76e77a99f0"), content)
 	if err != nil {
@ -252,21 +252,21 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`)
+	content = `{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`
 	err = makeTestFile(path.Join(dbDir, "zot-invalid-layer", "index.json"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`)
+	content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`
 	err = makeTestFile(path.Join(dbDir, "zot-invalid-layer", "blobs/sha256", "eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"created":"2020-05-11T19:12:23.239785708Z","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs":{"type":"layers","diff_ids":["sha256:8817d297aa60796f41f559ba688d29b31830854014091233575d474f3a6e808e","sha256:dd5a09481ae1f5caf8d1dbc87bc7f86a01af030796467ba25851ad69964d226d","sha256:a8bce2aaf5ce6f1a5459b72de64927a1e507a911453789bf60df06752222cacd","sha256:dc0b750a934e8f376af23de6dcab1af282967498844a6510aed2c61277f20c11"]},"history":[{"created":"2020-05-11T18:17:24.516727354Z","created_by":"stacker umoci repack"},{"created":"2020-05-11T18:17:33.111086359Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:18:43.147035914Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:19:03.346279546Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:27:01.623678656Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:27:23.420280147Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T19:11:54.886053615Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T19:12:23.239785708Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true}]`)
+	content = `{"created":"2020-05-11T19:12:23.239785708Z","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs":{"type":"layers","diff_ids":["sha256:8817d297aa60796f41f559ba688d29b31830854014091233575d474f3a6e808e","sha256:dd5a09481ae1f5caf8d1dbc87bc7f86a01af030796467ba25851ad69964d226d","sha256:a8bce2aaf5ce6f1a5459b72de64927a1e507a911453789bf60df06752222cacd","sha256:dc0b750a934e8f376af23de6dcab1af282967498844a6510aed2c61277f20c11"]},"history":[{"created":"2020-05-11T18:17:24.516727354Z","created_by":"stacker umoci repack"},{"created":"2020-05-11T18:17:33.111086359Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:18:43.147035914Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:19:03.346279546Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:27:01.623678656Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:27:23.420280147Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T19:11:54.886053615Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T19:12:23.239785708Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true}]`
 	err = makeTestFile(path.Join(dbDir, "zot-invalid-layer", "blobs/sha256", "5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6"), content)
 	if err != nil {
@ -280,21 +280,21 @@ func generateTestData(dbDir string) error { //nolint: gocyclo
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`)
+	content = `{"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.25"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:45df53588e59759a12bd3eca553cdc9063939baac9a28d7ebb6101e4ec230b76","size":873,"annotations":{"org.opencontainers.image.ref.name":"0.3.22-squashfs"},"platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:71448405a4b89539fcfa581afb4dc7d257f98857686b8138b08a1c539f313099","size":886,"annotations":{"org.opencontainers.image.ref.name":"0.3.19"},"platform":{"architecture":"amd64","os":"linux"}}]}`
 	err = makeTestFile(path.Join(dbDir, "zot-no-layer", "index.json"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`)
+	content = `{"schemaVersion":2,"config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a6","size":1740},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:f8b7e41ce10d9a0f614f068326c43431c2777e6fc346f729c2a643bfab24af83","size":59451113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:9ca9274f196b56a708a7a672d3de88184c0158a30744d355dd0411f3a6850fa6","size":55685756},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:6c1ca50788f93937e9ce9341b564f86cbbcd28e367ed6a57cfc776aee4a9d050","size":113726186},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:d1a92139df86bdf00c818db75bf1ecc860857d142b426e9971a62f5f90e2aa57","size":108755643}],"annotations":{"ws.tycho.stacker.git_version":"0.3.25"}}`
 	err = makeTestFile(path.Join(dbDir, "zot-no-layer", "blobs/sha256", "eca04f027f414362596f2632746d8a178362170b9ac9af772011fedcc3877ebb"), content)
 	if err != nil {
 		return err
 	}
-	content = fmt.Sprint(`{"created":"2020-05-11T19:12:23.239785708Z","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs":{"type":"layers","diff_ids":["sha256:8817d297aa60796f41f559ba688d29b31830854014091233575d474f3a6e808e","sha256:dd5a09481ae1f5caf8d1dbc87bc7f86a01af030796467ba25851ad69964d226d","sha256:a8bce2aaf5ce6f1a5459b72de64927a1e507a911453789bf60df06752222cacd","sha256:dc0b750a934e8f376af23de6dcab1af282967498844a6510aed2c61277f20c11"]},"history":[{"created":"2020-05-11T18:17:24.516727354Z","created_by":"stacker umoci repack"},{"created":"2020-05-11T18:17:33.111086359Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:18:43.147035914Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:19:03.346279546Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:27:01.623678656Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:27:23.420280147Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T19:11:54.886053615Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T19:12:23.239785708Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true}]`)
+	content = `{"created":"2020-05-11T19:12:23.239785708Z","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]},"rootfs":{"type":"layers","diff_ids":["sha256:8817d297aa60796f41f559ba688d29b31830854014091233575d474f3a6e808e","sha256:dd5a09481ae1f5caf8d1dbc87bc7f86a01af030796467ba25851ad69964d226d","sha256:a8bce2aaf5ce6f1a5459b72de64927a1e507a911453789bf60df06752222cacd","sha256:dc0b750a934e8f376af23de6dcab1af282967498844a6510aed2c61277f20c11"]},"history":[{"created":"2020-05-11T18:17:24.516727354Z","created_by":"stacker umoci repack"},{"created":"2020-05-11T18:17:33.111086359Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:18:43.147035914Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:19:03.346279546Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T18:27:01.623678656Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T18:27:23.420280147Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true},{"created":"2020-05-11T19:11:54.886053615Z","created_by":"stacker umoci repack","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI"},{"created":"2020-05-11T19:12:23.239785708Z","created_by":"stacker build","author":"root@jenkinsProduction-Atom-Full-Build-c3-master-159CI","empty_layer":true}]`
 	err = makeTestFile(path.Join(dbDir, "zot-no-layer", "blobs/sha256", "5f00b5570a5561a6f9b7e66e4f26e2e30c4d09b43a8d3f993f3c1c99be6137a"), content)
 	if err != nil {
@ -423,6 +423,7 @@ func TestCVESearchDisabled(t *testing.T) {
 		conf.HTTP.Port = port
 		username, seedUser := test.GenerateRandomString()
 		password, seedPass := test.GenerateRandomString()
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
 		defer os.Remove(htpasswdPath)
@ -491,6 +492,7 @@ func TestCVESearch(t *testing.T) {
 		conf.HTTP.Port = port
 		username, seedUser := test.GenerateRandomString()
 		password, seedPass := test.GenerateRandomString()
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
 		defer os.Remove(htpasswdPath)
@ -560,15 +562,17 @@ func TestCVESearch(t *testing.T) {
 		So(err, ShouldBeNil)
 		So(resp, ShouldNotBeNil)
 		So(resp.StatusCode(), ShouldEqual, 401)
-		var apiErr apiErr.Error
+
-		err = json.Unmarshal(resp.Body(), &apiErr)
+		var apiError apiErr.Error
 		err = json.Unmarshal(resp.Body(), &apiError)
 		So(err, ShouldBeNil)
 		resp, err = resty.R().Get(baseURL + constants.FullSearchPrefix)
 		So(err, ShouldBeNil)
 		So(resp, ShouldNotBeNil)
 		So(resp.StatusCode(), ShouldEqual, 401)
-		err = json.Unmarshal(resp.Body(), &apiErr)
+		err = json.Unmarshal(resp.Body(), &apiError)
 		So(err, ShouldBeNil)
 		// with creds, should get expected status code
@ -587,14 +591,17 @@ func TestCVESearch(t *testing.T) {
 		var cveResult CveResult
 		contains := false
 		resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
 		err = json.Unmarshal(resp.Body(), &cveResult)
 		So(err, ShouldBeNil)
 		for _, err := range cveResult.Errors {
 			result := strings.Contains(err.Message, "no reference provided")
 			if result {
 				contains = result
 			}
 		}
 		So(contains, ShouldBeTrue)
 		resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
@ -746,16 +753,18 @@ func TestCVESearch(t *testing.T) {
 func TestCVEStruct(t *testing.T) { //nolint:gocyclo
 	Convey("Unit test the CVE struct", t, func() {
-		const repo1 = "repo1"
+		const (
-		const repo2 = "repo2"
+			repo1         = "repo1"
-		const repo3 = "repo3"
+			repo2         = "repo2"
-		const repo4 = "repo4"
+			repo3         = "repo3"
-		const repo5 = "repo5"
+			repo4         = "repo4"
-		const repo6 = "repo6"
+			repo5         = "repo5"
-		const repo7 = "repo7"
+			repo6         = "repo6"
-		const repo8 = "repo8"
+			repo7         = "repo7"
-		const repo100 = "repo100"
+			repo8         = "repo8"
-		const repoMultiarch = "repoIndex"
+			repo100       = "repo100"
 			repoMultiarch = "repoIndex"
 		)
 		params := boltdb.DBParameters{
 			RootDir: t.TempDir(),
--- a/pkg/extensions/search/cve/pagination_test.go
+++ b/pkg/extensions/search/cve/pagination_test.go
@ -154,6 +154,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.CriticalCount, ShouldEqual, 1)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				previousSeverity := 4
 				for _, cve := range cves {
 					So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
 					previousSeverity = severityToInt[cve.Severity]
@ -173,6 +174,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.CriticalCount, ShouldEqual, 6)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				previousSeverity = 4
 				for _, cve := range cves {
 					So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
 					previousSeverity = severityToInt[cve.Severity]
@ -198,6 +200,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.HighCount, ShouldEqual, 1)
 				So(cveSummary.CriticalCount, ShouldEqual, 1)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				for i, cve := range cves {
 					So(cve.ID, ShouldEqual, cveIds[i])
 				}
@ -216,6 +219,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.HighCount, ShouldEqual, 6)
 				So(cveSummary.CriticalCount, ShouldEqual, 6)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				for i, cve := range cves {
 					So(cve.ID, ShouldEqual, cveIds[i])
 				}
@ -234,6 +238,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.HighCount, ShouldEqual, 6)
 				So(cveSummary.CriticalCount, ShouldEqual, 6)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				for i, cve := range cves {
 					So(cve.ID, ShouldEqual, cveIds[i])
 				}
@ -252,6 +257,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.CriticalCount, ShouldEqual, 6)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				previousSeverity := 4
 				for _, cve := range cves {
 					So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
 					previousSeverity = severityToInt[cve.Severity]
@ -323,6 +329,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.CriticalCount, ShouldEqual, 1)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				previousSeverity := 4
 				for _, cve := range cves {
 					So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
 					previousSeverity = severityToInt[cve.Severity]
@ -346,6 +353,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.HighCount, ShouldEqual, 6)
 				So(cveSummary.CriticalCount, ShouldEqual, 6)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				for i, cve := range cves {
 					So(cve.ID, ShouldEqual, cveIds[i+20])
 				}
@ -410,6 +418,7 @@ func TestCVEPagination(t *testing.T) {
 				So(cveSummary.CriticalCount, ShouldEqual, 1)
 				So(cveSummary.MaxSeverity, ShouldEqual, "CRITICAL")
 				previousSeverity := 4
 				for _, cve := range cves {
 					So(severityToInt[cve.Severity], ShouldBeLessThanOrEqualTo, previousSeverity)
 					previousSeverity = severityToInt[cve.Severity]
--- a/pkg/extensions/search/cve/scan.go
+++ b/pkg/extensions/search/cve/scan.go
@ -142,7 +142,7 @@ func (gen *scanTaskGenerator) Next() (scheduler.Task, error) {
 		gen.done = true
-		return nil, nil
+		return nil, nil //nolint:nilnil
 	}
 	// Since imageMeta will always contain just un-scanned images we can pick
--- a/pkg/extensions/search/cve/scan_test.go
+++ b/pkg/extensions/search/cve/scan_test.go
@ -47,6 +47,7 @@ func TestScanGeneratorWithMockedData(t *testing.T) { //nolint: gocyclo
 		logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
 		logPath := logFile.Name()
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
@ -484,6 +485,7 @@ func TestScanGeneratorWithRealData(t *testing.T) {
 		logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
 		logPath := logFile.Name()
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
--- a/pkg/extensions/search/cve/trivy/scanner.go
+++ b/pkg/extensions/search/cve/trivy/scanner.go
@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"path"
 	"strconv"
 	"strings"
 	"sync"
@ -99,7 +100,7 @@ func NewScanner(storeController storage.StoreController,
 	// Add the schema version if the tag is not specified for backward compatibility.
 	if t, ok := dbRepositoryRef.(name.Tag); ok && t.TagStr() == "" {
-		dbRepositoryRef = t.Tag(fmt.Sprint(db.SchemaVersion))
+		dbRepositoryRef = t.Tag(strconv.Itoa(db.SchemaVersion))
 	}
 	var javaDBRepositoryRef name.Reference
@ -111,7 +112,7 @@ func NewScanner(storeController storage.StoreController,
 		// Add the schema version if the tag is not specified for backward compatibility.
 		if t, ok := javaDBRepositoryRef.(name.Tag); ok && t.TagStr() == "" {
-			javaDBRepositoryRef = t.Tag(fmt.Sprint(javadb.SchemaVersion))
+			javaDBRepositoryRef = t.Tag(strconv.Itoa(javadb.SchemaVersion))
 		}
 	}
--- a/pkg/extensions/search/cve/update_test.go
+++ b/pkg/extensions/search/cve/update_test.go
@ -28,6 +28,7 @@ func TestCVEDBGenerator(t *testing.T) {
 	Convey("Test CVE DB task scheduler reset", t, func() {
 		logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
 		logPath := logFile.Name()
 		So(err, ShouldBeNil)
 		defer os.Remove(logFile.Name()) // clean up
--- a/pkg/extensions/search/digest_test.go
+++ b/pkg/extensions/search/digest_test.go
@ -201,6 +201,7 @@ func TestDigestSearchHTTP(t *testing.T) {
 		So(resp, ShouldNotBeNil)
 		So(err, ShouldBeNil)
 		So(resp.StatusCode(), ShouldEqual, 200)
 		var responseStruct2 ImgResponseForDigest
 		err = json.Unmarshal(resp.Body(), &responseStruct2)
--- a/pkg/extensions/search/resolver.go
+++ b/pkg/extensions/search/resolver.go
@ -303,6 +303,7 @@ func getCVEDiffListForImages(
 		if err != nil {
 			return nil, err
 		}
 		resultSubtrahend = getImageIdentifier(subtrahend)
 	} else {
 		// search for base images
@ -1124,6 +1125,7 @@ func filterDerivedImages(image *gql_generated.ImageSummary) mTypes.FilterFunc {
 			if manifestDigest == *image.Manifests[i].Digest {
 				return false
 			}
 			imageLayers := image.Manifests[i].Layers
 			addImageToList = false
--- a/pkg/extensions/search/resolver_test.go
+++ b/pkg/extensions/search/resolver_test.go
@ -36,6 +36,7 @@ var ErrTestError = errors.New("TestError")
 func TestResolverGlobalSearch(t *testing.T) {
 	Convey("globalSearch", t, func() {
 		const query = "repo1"
 		Convey("MetaDB SearchRepos error", func() {
 			mockMetaDB := mocks.MetaDBMock{
 				SearchReposFn: func(ctx context.Context, searchText string,
@ -77,6 +78,7 @@ func TestResolverGlobalSearch(t *testing.T) {
 					return []mTypes.FullImageMeta{}, ErrTestError
 				},
 			}
 			const query = "repo1:1.0.1"
 			mockCve := mocks.CveInfoMock{}
@ -292,6 +294,7 @@ func TestRepoListWithNewestImage(t *testing.T) {
 					}, nil
 				},
 			}
 			Convey("MetaDB missing requestedPage", func() {
 				responseContext := graphql.WithResponseContext(context.Background(), graphql.DefaultErrorPresenter,
 					graphql.DefaultRecover)
@ -560,6 +563,7 @@ func TestGetImageSummaryError(t *testing.T) {
 func TestImageListError(t *testing.T) {
 	Convey("getImageList", t, func() {
 		testLogger := log.NewLogger("debug", "/dev/null")
 		Convey("no page requested, SearchRepoFn returns error", func() {
 			mockMetaDB := mocks.MetaDBMock{
 				FilterTagsFn: func(ctx context.Context, filterRepoTag mTypes.FilterRepoTagFunc, filterFunc mTypes.FilterFunc,
--- a/pkg/extensions/search/search_test.go
+++ b/pkg/extensions/search/search_test.go
@ -681,6 +681,7 @@ func TestRepoListWithNewestImage(t *testing.T) {
 		// stdout and a file
 		logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
 		So(err, ShouldBeNil)
 		logPath := logFile.Name()
 		defer os.Remove(logPath)
@ -813,6 +814,7 @@ func TestGetReferrersGQL(t *testing.T) {
 		ctlr := api.NewController(conf)
 		ctlrManager := NewControllerManager(ctlr)
 		ctlrManager.StartAndWait(port)
 		defer ctlrManager.StopServer()
 		// =======================
@ -937,6 +939,7 @@ func TestGetReferrersGQL(t *testing.T) {
 		ctlr := api.NewController(conf)
 		ctlrManager := NewControllerManager(ctlr)
 		ctlrManager.StartAndWait(port)
 		defer ctlrManager.StopServer()
 		// =======================
@ -1061,6 +1064,7 @@ func TestGetReferrersGQL(t *testing.T) {
 		conf.Extensions.Search.CVE = nil
 		ctlr := api.NewController(conf)
 		ctlrManager := NewControllerManager(ctlr)
 		ctlrManager.StartAndWait(port)
 		defer ctlrManager.StopServer()
@ -1253,6 +1257,7 @@ func TestExpandedRepoInfo(t *testing.T) {
 		ctlr := api.NewController(conf)
 		ctlrManager := NewControllerManager(ctlr)
 		ctlrManager.StartAndWait(port)
 		defer ctlrManager.StopServer()
 		annotations := make(map[string]string)
@ -1336,12 +1341,15 @@ func TestExpandedRepoInfo(t *testing.T) {
 		So(err, ShouldBeNil)
 		found := false
 		for _, m := range responseStruct.ImageSummaries {
 			if m.Manifests[0].Digest == testManifestDigest.String() {
 				found = true
 				So(m.IsSigned, ShouldEqual, false)
 			}
 		}
 		So(found, ShouldEqual, true)
 		err = signature.SignImageUsingCosign("zot-cve-test:0.0.1", port, false)
@ -1361,12 +1369,14 @@ func TestExpandedRepoInfo(t *testing.T) {
 		So(err, ShouldBeNil)
 		found = false
 		for _, m := range responseStruct.ImageSummaries {
 			if m.Manifests[0].Digest == testManifestDigest.String() {
 				found = true
 				So(m.IsSigned, ShouldEqual, true)
 			}
 		}
 		So(found, ShouldEqual, true)
 		query = `{
@ -1408,12 +1418,15 @@ func TestExpandedRepoInfo(t *testing.T) {
 		So(err, ShouldBeNil)
 		found = false
 		for _, m := range responseStruct.ImageSummaries {
 			if m.Manifests[0].Digest == testManifestDigest.String() {
 				found = true
 				So(m.IsSigned, ShouldEqual, false)
 			}
 		}
 		So(found, ShouldEqual, true)
 		err = signature.SignImageUsingCosign("zot-test@"+testManifestDigest.String(), port, false)
@ -1433,12 +1446,14 @@ func TestExpandedRepoInfo(t *testing.T) {
 		So(err, ShouldBeNil)
 		found = false
 		for _, m := range responseStruct.ImageSummaries {
 			if m.Manifests[0].Digest == testManifestDigest.String() {
 				found = true
 				So(m.IsSigned, ShouldEqual, true)
 			}
 		}
 		So(found, ShouldEqual, true)
 		manifestDigest := uploadedImage.ManifestDescriptor.Digest
@ -1474,6 +1489,7 @@ func TestExpandedRepoInfo(t *testing.T) {
 		ctlr := api.NewController(conf)
 		ctlrManager := NewControllerManager(ctlr)
 		ctlrManager.StartAndWait(port)
 		defer ctlrManager.StopServer()
 		image := CreateImageWith().RandomLayers(1, 20).DefaultConfig().Build()
@ -1709,6 +1725,7 @@ func TestExpandedRepoInfo(t *testing.T) {
 		So(len(responseStruct.Summary.Platforms), ShouldNotEqual, 5)
 		found := false
 		for _, is := range responseStruct.ImageSummaries {
 			if is.Tag == "1.0.0" {
 				found = true
@ -1716,9 +1733,11 @@ func TestExpandedRepoInfo(t *testing.T) {
 				So(len(is.Manifests), ShouldEqual, 2)
 			}
 		}
 		So(found, ShouldBeTrue)
 		found = false
 		for _, is := range responseStruct.ImageSummaries {
 			if is.Tag == "2.0.0" {
 				found = true
@ -1726,6 +1745,7 @@ func TestExpandedRepoInfo(t *testing.T) {
 				So(len(is.Manifests), ShouldEqual, 3)
 			}
 		}
 		So(found, ShouldBeTrue)
 	})
 }
@ -2113,12 +2133,14 @@ func TestDerivedImageList(t *testing.T) {
 		err = json.Unmarshal(resp.Body(), responseStruct)
 		So(err, ShouldBeNil)
 		for _, err := range responseStruct.Errors {
 			result := strings.Contains(err.Message, "no reference provided")
 			if result {
 				contains = result
 			}
 		}
 		So(contains, ShouldBeTrue)
 	})
 }
@ -2759,12 +2781,14 @@ func TestBaseImageList(t *testing.T) {
 		err = json.Unmarshal(resp.Body(), responseStruct)
 		So(err, ShouldBeNil)
 		for _, err := range responseStruct.Errors {
 			result := strings.Contains(err.Message, "no reference provided")
 			if result {
 				contains = result
 			}
 		}
 		So(contains, ShouldBeTrue)
 	})
 }
@ -3132,10 +3156,12 @@ func TestGlobalSearch(t *testing.T) {
 		allExpectedRepoInfoMap := make(map[string]zcommon.RepoInfo)
 		allExpectedImageSummaryMap := make(map[string]zcommon.ImageSummary)
 		for _, repo := range repos {
 			repoInfo, err := olu.GetExpandedRepoInfo(repo)
 			So(err, ShouldBeNil)
 			allExpectedRepoInfoMap[repo] = repoInfo
 			for _, image := range repoInfo.ImageSummaries {
 				imageName := fmt.Sprintf("%s:%s", repo, image.Tag)
 				allExpectedImageSummaryMap[imageName] = image
@ -3203,6 +3229,7 @@ func TestGlobalSearch(t *testing.T) {
 		newestImageMap := make(map[string]zcommon.ImageSummary)
 		actualRepoMap := make(map[string]zcommon.RepoSummary)
 		for _, repo := range responseStruct.Repos {
 			newestImageMap[repo.Name] = repo.NewestImage
 			actualRepoMap[repo.Name] = repo
@ -3350,6 +3377,7 @@ func TestGlobalSearch(t *testing.T) {
 		// stdout and a file
 		logFile, err := os.CreateTemp(t.TempDir(), "zot-log*.txt")
 		So(err, ShouldBeNil)
 		logPath := logFile.Name()
 		defer os.Remove(logPath)
@ -3477,10 +3505,12 @@ func TestGlobalSearch(t *testing.T) {
 		allExpectedRepoInfoMap := make(map[string]zcommon.RepoInfo)
 		allExpectedImageSummaryMap := make(map[string]zcommon.ImageSummary)
 		for _, repo := range repos {
 			repoInfo, err := olu.GetExpandedRepoInfo(repo)
 			So(err, ShouldBeNil)
 			allExpectedRepoInfoMap[repo] = repoInfo
 			for _, image := range repoInfo.ImageSummaries {
 				imageName := fmt.Sprintf("%s:%s", repo, image.Tag)
 				allExpectedImageSummaryMap[imageName] = image
@ -3544,6 +3574,7 @@ func TestGlobalSearch(t *testing.T) {
 		newestImageMap := make(map[string]zcommon.ImageSummary)
 		actualRepoMap := make(map[string]zcommon.RepoSummary)
 		for _, repo := range responseStruct.Repos {
 			newestImageMap[repo.Name] = repo.NewestImage
 			actualRepoMap[repo.Name] = repo
@ -3572,6 +3603,7 @@ func TestGlobalSearch(t *testing.T) {
 			// RepoInfo object does not provide vulnerability information so we need to check differently
 			t.Logf("Found vulnerability summary %v", repoSummary.NewestImage.Vulnerabilities)
 			if repoName == "repo1" { //nolint:goconst
 				So(repoSummary.NewestImage.Vulnerabilities.Count, ShouldEqual, 4)
 				// There are 4 vulnerabilities in the data used in tests
@ -3800,6 +3832,7 @@ func TestGlobalSearch(t *testing.T) {
 		So(len(results.Repos), ShouldEqual, 0)
 		expectedRepos := []string{"repo1", "repo2", "repo3", "repo4", "repo5"}
 		for _, image := range results.Images {
 			So(image.Tag, ShouldEqual, "tag1")
 			So(image.RepoName, ShouldBeIn, expectedRepos)
@ -3812,6 +3845,7 @@ func TestGlobalSearch(t *testing.T) {
 		So(len(results.Repos), ShouldEqual, 0)
 		expectedRepos = []string{"repo2", "repo4"}
 		for _, image := range results.Images {
 			So(image.Tag, ShouldEqual, "tag-multi")
 			So(image.RepoName, ShouldBeIn, expectedRepos)
@ -3824,9 +3858,11 @@ func TestGlobalSearch(t *testing.T) {
 		So(len(results.Repos), ShouldEqual, 0)
 		expectedRepos = []string{"repo1", "repo2", "repo3", "repo4", "repo6"}
 		for _, image := range results.Images {
 			So(image.Tag, ShouldEqual, "tag2")
 			So(image.RepoName, ShouldBeIn, expectedRepos)
 			if image.RepoName == "repo6" {
 				So(len(image.Manifests), ShouldEqual, 3)
 			} else {
@ -3840,6 +3876,7 @@ func TestGlobalSearch(t *testing.T) {
 		So(len(results.Repos), ShouldEqual, 0)
 		expectedRepos = []string{"repo2", "repo4"}
 		for _, image := range results.Images {
 			So(image.Tag, ShouldContainSubstring, "multi")
 			So(image.RepoName, ShouldBeIn, expectedRepos)
@ -3852,6 +3889,7 @@ func TestGlobalSearch(t *testing.T) {
 		So(len(results.Repos), ShouldEqual, 0)
 		expectedRepos = []string{"repo1", "repo2", "repo3", "repo4", "repo5", "repo6"}
 		for _, image := range results.Images {
 			So(image.Tag, ShouldContainSubstring, "tag")
 			So(image.RepoName, ShouldBeIn, expectedRepos)
@ -4152,11 +4190,14 @@ func TestImageList(t *testing.T) {
 		buf, _, _, err := imageStore.GetImageManifest(repos[0], tags[0])
 		So(err, ShouldBeNil)
 		var imageManifest ispec.Manifest
 		err = json.Unmarshal(buf, &imageManifest)
 		So(err, ShouldBeNil)
 		var imageConfigInfo ispec.Image
 		imageConfigBuf, err := imageStore.GetBlobContent(repos[0], imageManifest.Config.Digest)
 		So(err, ShouldBeNil)
 		err = json.Unmarshal(imageConfigBuf, &imageConfigInfo)
@ -4749,7 +4790,7 @@ func RunMetaDBIndexTests(baseURL, port string) {
 		responseImage := responseImages[0]
 		So(len(responseImage.Manifests), ShouldEqual, 3)
-		err = signature.SignImageUsingCosign(fmt.Sprintf("repo@%s", multiarchImage.DigestStr()), port, false)
+		err = signature.SignImageUsingCosign("repo@"+multiarchImage.DigestStr(), port, false)
 		So(err, ShouldBeNil)
 		resp, err = resty.R().Get(baseURL + graphqlQueryPrefix + "?query=" + url.QueryEscape(query))
@ -5502,6 +5543,7 @@ func TestMetaDBWhenDeletingImages(t *testing.T) {
 			for _, manifest := range indexContent.Manifests {
 				manifestBlob, _, _, err := storage.GetImageManifest(repo, manifest.Digest.String())
 				So(err, ShouldBeNil)
 				var manifestContent ispec.Manifest
 				err = json.Unmarshal(manifestBlob, &manifestContent)
@ -5520,7 +5562,9 @@ func TestMetaDBWhenDeletingImages(t *testing.T) {
 			// check notation signature
 			manifest1Blob, err := json.Marshal(image1.Manifest)
 			So(err, ShouldBeNil)
 			manifest1Digest := godigest.FromBytes(manifest1Blob)
 			So(sigManifestContent.Subject, ShouldNotBeNil)
 			So(sigManifestContent.Subject.Digest.String(), ShouldEqual, manifest1Digest.String())
@ -5744,6 +5788,7 @@ func TestSearchSize(t *testing.T) {
 		configSize := uploadedImage.ConfigDescriptor.Size
 		manifestSize := uploadedImage.ManifestDescriptor.Size
 		layersSize := int64(0)
 		for _, l := range uploadedImage.Layers {
 			layersSize += int64(len(l))
 		}
@ -6025,6 +6070,7 @@ func TestImageSummary(t *testing.T) {
 		contains := false
 		resp, err = resty.R().Get(targetURL)
 		So(resp, ShouldNotBeNil)
 		So(err, ShouldBeNil)
 		So(resp.StatusCode(), ShouldEqual, 200)
@ -6032,12 +6078,14 @@ func TestImageSummary(t *testing.T) {
 		err = json.Unmarshal(resp.Body(), &imgSummaryResponse)
 		So(err, ShouldBeNil)
 		for _, err := range imgSummaryResponse.Errors {
 			result := strings.Contains(err.Message, "no reference provided")
 			if result {
 				contains = result
 			}
 		}
 		So(contains, ShouldBeTrue)
 		t.Log("starting Test retrieve image based on image identifier")
@ -6214,6 +6262,7 @@ func TestImageSummary(t *testing.T) {
 		tagTarget := "latest"
 		err := UploadImage(image, baseURL, repoName, tagTarget)
 		So(err, ShouldBeNil)
 		var (
 			imgSummaryResponse zcommon.ImageSummaryResult
 			strQuery           string
--- a/pkg/extensions/search/userprefs_test.go
+++ b/pkg/extensions/search/userprefs_test.go
@ -42,6 +42,7 @@ func TestUserData(t *testing.T) {
 		content := test.GetCredString(adminUser, adminPassword) +
 			test.GetCredString(simpleUser, simpleUserPassword)
 		htpasswdPath := test.MakeHtpasswdFileFromString(content)
 		defer os.Remove(htpasswdPath)
@ -604,6 +605,7 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) {
 		simpleUser := "simpleUser"
 		simpleUserPassword := "simpleUserPass"
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword))
 		defer os.Remove(htpasswdPath)
@ -798,6 +800,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) {
 		simpleUser := "simpleUser"
 		simpleUserPassword := "simpleUserPass"
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword))
 		defer os.Remove(htpasswdPath)
--- a/pkg/extensions/sync/content_internal_test.go
+++ b/pkg/extensions/sync/content_internal_test.go
@ -149,8 +149,10 @@ func TestGetContentByLocalRepo(t *testing.T) {
 		for _, test := range testCases {
 			cm := NewContentManager(test.content, log.Logger{})
 			actualResult := cm.getContentByLocalRepo(test.repo)
 			if test.expected == -1 {
 				var tnil *syncconf.Content = nil
 				So(actualResult, ShouldEqual, tnil)
 			} else {
 				So(actualResult, ShouldEqual, &test.content[test.expected])
@ -239,6 +241,7 @@ func TestFilterTags(t *testing.T) {
 			cm := NewContentManager(test.content, log.NewLogger("debug", ""))
 			actualResult, err := cm.FilterTags(test.repo, test.tags)
 			So(actualResult, ShouldResemble, test.filteredTags)
 			if test.err {
 				So(err, ShouldNotBeNil)
 			} else {
--- a/pkg/extensions/sync/destination.go
+++ b/pkg/extensions/sync/destination.go
@ -295,7 +295,7 @@ func getTempRootDirFromImageReference(imageReference types.ImageReference, repo,
 	if strings.HasSuffix(imageReference.StringWithinTransport(), reference) {
 		tmpRootDir = strings.ReplaceAll(imageReference.StringWithinTransport(), fmt.Sprintf("%s:%s", repo, reference), "")
 	} else {
-		tmpRootDir = strings.ReplaceAll(imageReference.StringWithinTransport(), fmt.Sprintf("%s:", repo), "")
+		tmpRootDir = strings.ReplaceAll(imageReference.StringWithinTransport(), repo+":", "")
 	}
 	return tmpRootDir
--- a/pkg/extensions/sync/httpclient/client.go
+++ b/pkg/extensions/sync/httpclient/client.go
@ -438,7 +438,7 @@ func parseAuthHeader(resp *http.Response) (challengeParams, error) {
 		elem := strings.ReplaceAll(elem, "\"", "")
 		elemSplit := strings.Split(elem, "=")
-		if len(elemSplit) != 2 { //nolint: gomnd
+		if len(elemSplit) != 2 { //nolint:mnd
 			return params, zerr.ErrParsingAuthHeader
 		}
--- a/pkg/extensions/sync/references/cosign.go
+++ b/pkg/extensions/sync/references/cosign.go
@ -156,7 +156,6 @@ func (ref CosignReference) SyncReferences(ctx context.Context, localRepo, remote
 			err = meta.SetImageMetaFromInput(ctx, localRepo, cosignTag, ispec.MediaTypeImageManifest,
 				referenceDigest, manifestBuf, ref.storeController.GetImageStore(localRepo),
 				ref.metaDB, ref.log)
 			if err != nil {
 				return refsDigests, fmt.Errorf("failed to set metadata for cosign reference in '%s@%s': %w",
 					localRepo, subjectDigestStr, err)
--- a/pkg/extensions/sync/service.go
+++ b/pkg/extensions/sync/service.go
@ -7,6 +7,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
 	"strconv"
 	"github.com/containers/common/pkg/retry"
 	"github.com/containers/image/v5/copy"
@ -247,7 +248,7 @@ func (service *BaseService) GetNextRepo(lastRepo string) (string, error) {
 			if targetIdx != service.clusterConfig.Proxy.LocalMemberClusterSocketIndex {
 				service.log.Debug().
 					Str(constants.RepositoryLogKey, lastRepo).
-					Str("targetMemberIndex", fmt.Sprintf("%d", targetIdx)).
+					Str("targetMemberIndex", strconv.FormatUint(targetIdx, 10)).
 					Str("targetMember", targetMember).
 					Msg("skipping sync of repo not managed by local instance")
--- a/pkg/extensions/sync/sync.go
+++ b/pkg/extensions/sync/sync.go
@ -114,7 +114,7 @@ func (gen *TaskGenerator) Next() (scheduler.Task, error) {
 	defer gen.lock.Unlock()
 	if time.Since(gen.lastTaskTime) <= gen.waitTime {
-		return nil, nil
+		return nil, nil //nolint:nilnil
 	}
 	if err := gen.Service.SetNextAvailableURL(); err != nil {
@ -136,7 +136,7 @@ func (gen *TaskGenerator) Next() (scheduler.Task, error) {
 		gen.log.Info().Str("component", "sync").Msg("finished syncing all repositories")
 		gen.done = true
-		return nil, nil
+		return nil, nil //nolint:nilnil
 	}
 	gen.lastRepo = repo
--- a/pkg/extensions/sync/sync_internal_test.go
+++ b/pkg/extensions/sync/sync_internal_test.go
@ -7,6 +7,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
 	"path"
@ -45,7 +46,7 @@ const (
 	host = "127.0.0.1:45117"
 )
-var ErrTestError = fmt.Errorf("testError")
+var ErrTestError = errors.New("testError")
 func TestInjectSyncUtils(t *testing.T) {
 	Convey("Inject errors in utils functions", t, func() {
@ -62,6 +63,7 @@ func TestInjectSyncUtils(t *testing.T) {
 		injected = inject.InjectFailure(0)
 		_, err = getPolicyContext(log.NewLogger("debug", ""))
 		if injected {
 			So(err, ShouldNotBeNil)
 		} else {
@ -75,6 +77,7 @@ func TestInjectSyncUtils(t *testing.T) {
 		ols := NewOciLayoutStorage(storage.StoreController{DefaultStore: imageStore})
 		_, err = ols.GetImageReference(testImage, testImageTag)
 		if injected {
 			So(err, ShouldNotBeNil)
 		} else {
--- a/pkg/extensions/sync/sync_test.go
+++ b/pkg/extensions/sync/sync_test.go
--- a/pkg/log/log.go
+++ b/pkg/log/log.go
@ -46,6 +46,7 @@ func NewLogger(level, output string) Logger {
 		if err != nil {
 			panic(err)
 		}
 		log = zerolog.New(file)
 	}
--- a/pkg/log/log_test.go
+++ b/pkg/log/log_test.go
@ -55,7 +55,9 @@ func TestAuditLogMessages(t *testing.T) {
 		username, seedUser := test.GenerateRandomString()
 		password, seedPass := test.GenerateRandomString()
 		htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
 		defer os.Remove(htpasswdPath)
 		conf.HTTP.Auth = &config.AuthConfig{
 			HTPasswd: config.AuthHTPasswd{
 				Path: htpasswdPath,
@ -98,15 +100,19 @@ func TestAuditLogMessages(t *testing.T) {
 				// wait until the file is populated
 				byteValue, _ := io.ReadAll(auditFile)
 				for {
 					if len(byteValue) != 0 {
 						break
 					}
 					time.Sleep(100 * time.Millisecond)
 					byteValue, _ = io.ReadAll(auditFile)
 				}
 				var auditLog AuditLog
 				err = json.Unmarshal(byteValue, &auditLog)
 				if err != nil {
 					panic(err)
@ -131,15 +137,19 @@ func TestAuditLogMessages(t *testing.T) {
 				// wait until the file is populated
 				byteValue, _ := io.ReadAll(auditFile)
 				for {
 					if len(byteValue) != 0 {
 						break
 					}
 					time.Sleep(100 * time.Millisecond)
 					byteValue, _ = io.ReadAll(auditFile)
 				}
 				var auditLog AuditLog
 				err = json.Unmarshal(byteValue, &auditLog)
 				if err != nil {
 					panic(err)
@ -166,11 +176,14 @@ func TestAuditLogMessages(t *testing.T) {
 				// wait until the file is populated
 				byteValue, _ = io.ReadAll(auditFile)
 				for {
 					if len(byteValue) != 0 {
 						break
 					}
 					time.Sleep(100 * time.Millisecond)
 					byteValue, _ = io.ReadAll(auditFile)
 				}
@ -194,11 +207,14 @@ func TestAuditLogMessages(t *testing.T) {
 				// wait until the file is populated
 				byteValue, _ = io.ReadAll(auditFile)
 				for {
 					if len(byteValue) != 0 {
 						break
 					}
 					time.Sleep(100 * time.Millisecond)
 					byteValue, _ = io.ReadAll(auditFile)
 				}
@ -227,15 +243,19 @@ func TestAuditLogMessages(t *testing.T) {
 				// wait until the file is populated
 				byteValue, _ := io.ReadAll(auditFile)
 				for {
 					if len(byteValue) != 0 {
 						break
 					}
 					time.Sleep(100 * time.Millisecond)
 					byteValue, _ = io.ReadAll(auditFile)
 				}
 				var auditLog AuditLog
 				err = json.Unmarshal(byteValue, &auditLog)
 				if err != nil {
 					panic(err)
@ -257,16 +277,20 @@ func TestAuditLogMessages(t *testing.T) {
 				resp, err = resty.R().SetBasicAuth(username, password).
 					SetHeader("Content-Type", "application/octet-stream").
 					SetHeader("Content-Range", contentRange).SetBody(chunk).Patch(loc)
 				So(err, ShouldBeNil)
 				So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
 				// wait until the file is populated
 				byteValue, _ = io.ReadAll(auditFile)
 				for {
 					if len(byteValue) != 0 {
 						break
 					}
 					time.Sleep(100 * time.Millisecond)
 					byteValue, _ = io.ReadAll(auditFile)
 				}
--- a/pkg/meta/boltdb/boltdb.go
+++ b/pkg/meta/boltdb/boltdb.go
@ -1268,6 +1268,7 @@ func (bdw *BoltDB) UpdateSignaturesValidity(ctx context.Context, repo string, ma
 		}
 		manifestSignatures := proto_go.ManifestSignatures{Map: map[string]*proto_go.SignaturesInfo{"": {}}}
 		for sigType, sigs := range protoRepoMeta.Signatures[manifestDigest.String()].Map {
 			if zcommon.IsContextDone(ctx) {
 				return ctx.Err()
@ -1378,6 +1379,7 @@ func (bdw *BoltDB) RemoveRepoReference(repo, reference string, manifestDigest go
 		/* try to find at least one tag pointing to manifestDigest
 		if not found then we can also remove everything related to this digest */
 		var foundTag bool
 		for _, desc := range protoRepoMeta.Tags {
 			if desc.Digest == manifestDigest.String() {
 				foundTag = true
@ -1883,6 +1885,7 @@ func (bdw *BoltDB) DeleteUserAPIKey(ctx context.Context, keyID string) error {
 func (bdw *BoltDB) GetUserAPIKeyInfo(hashedKey string) (string, error) {
 	var userid string
 	err := bdw.DB.View(func(tx *bbolt.Tx) error {
 		buck := tx.Bucket([]byte(UserAPIKeysBucket))
 		if buck == nil {
--- a/pkg/meta/boltdb/boltdb_test.go
+++ b/pkg/meta/boltdb/boltdb_test.go
@ -105,6 +105,7 @@ func TestWrapperErrors(t *testing.T) {
 		Convey("UpdateSignaturesValidity", func() {
 			boltdbWrapper.SetImageTrustStore(imgTrustStore{})
 			digest := image.Digest()
 			ctx := context.Background()
@ -689,6 +690,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": true,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
@ -711,6 +713,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": true,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			_, err = boltdbWrapper.ToggleStarRepo(ctx, "repo")
@ -814,6 +817,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": true,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
--- a/pkg/meta/convert/convert_proto.go
+++ b/pkg/meta/convert/convert_proto.go
@ -34,6 +34,7 @@ func GetProtoImageMeta(imageMeta mTypes.ImageMeta) *proto_go.ImageMeta {
 		if len(imageMeta.Manifests) == 0 {
 			return nil
 		}
 		manifestData := imageMeta.Manifests[0]
 		return GetProtoImageManifestData(manifestData.Manifest, manifestData.Config, manifestData.Size,
--- a/pkg/meta/dynamodb/dynamodb.go
+++ b/pkg/meta/dynamodb/dynamodb.go
@ -1415,6 +1415,7 @@ func (dwr *DynamoDB) RemoveRepoReference(repo, reference string, manifestDigest
 	} else {
 		// find all tags pointing to this digest
 		tags := []string{}
 		for tag, desc := range protoRepoMeta.Tags {
 			if desc.Digest == reference {
 				tags = append(tags, tag)
@ -1454,6 +1455,7 @@ func (dwr *DynamoDB) RemoveRepoReference(repo, reference string, manifestDigest
 	if err != nil {
 		return err
 	}
 	err = dwr.setProtoRepoMeta(repo, protoRepoMeta) //nolint: contextcheck
 	return err
@ -1519,7 +1521,6 @@ func (dwr *DynamoDB) ToggleBookmarkRepo(ctx context.Context, repo string) (
 func (dwr *DynamoDB) GetBookmarkedRepos(ctx context.Context) ([]string, error) {
 	userMeta, err := dwr.GetUserData(ctx)
 	if errors.Is(err, zerr.ErrUserDataNotFound) || errors.Is(err, zerr.ErrUserDataNotAllowed) {
 		return []string{}, nil
 	}
@ -1634,7 +1635,6 @@ func (dwr *DynamoDB) ToggleStarRepo(ctx context.Context, repo string) (
 func (dwr *DynamoDB) GetStarredRepos(ctx context.Context) ([]string, error) {
 	userMeta, err := dwr.GetUserData(ctx)
 	if errors.Is(err, zerr.ErrUserDataNotFound) || errors.Is(err, zerr.ErrUserDataNotAllowed) {
 		return []string{}, nil
 	}
@ -2179,7 +2179,6 @@ func (dwr *DynamoDB) createVersionTable() error {
 			TableName:        aws.String(dwr.VersionTablename),
 			UpdateExpression: aws.String("SET #V = :Version"),
 		})
 		if err != nil {
 			return err
 		}
--- a/pkg/meta/dynamodb/dynamodb_internal_test.go
+++ b/pkg/meta/dynamodb/dynamodb_internal_test.go
@ -12,7 +12,7 @@ import (
 	"github.com/rs/zerolog"
 	. "github.com/smartystreets/goconvey/convey"
-	"zotregistry.dev/zot/pkg/log" //nolint:go-staticcheck
+	"zotregistry.dev/zot/pkg/log"
 	"zotregistry.dev/zot/pkg/meta/version"
 	tskip "zotregistry.dev/zot/pkg/test/skip"
 )
@ -21,6 +21,7 @@ func TestWrapperErrors(t *testing.T) {
 	tskip.SkipDynamo(t)
 	const region = "us-east-2"
 	endpoint := os.Getenv("DYNAMODBMOCK_ENDPOINT")
 	uuid, err := guuid.NewV4()
--- a/pkg/meta/dynamodb/dynamodb_test.go
+++ b/pkg/meta/dynamodb/dynamodb_test.go
@ -32,6 +32,7 @@ func TestIterator(t *testing.T) {
 	tskip.SkipDynamo(t)
 	const region = "us-east-2"
 	endpoint := os.Getenv("DYNAMODBMOCK_ENDPOINT")
 	uuid, err := guuid.NewV4()
@ -710,6 +711,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": false,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			_, err := dynamoWrapper.ToggleBookmarkRepo(ctx, "unaccesible")
@ -722,6 +724,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": true,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			status, err := dynamoWrapper.ToggleBookmarkRepo(ctx, "repo")
@ -735,6 +738,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": false,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			dynamoWrapper.UserDataTablename = badTablename
@ -750,6 +754,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": false,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			repos, err := dynamoWrapper.GetBookmarkedRepos(ctx)
@ -771,6 +776,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": false,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			_, err := dynamoWrapper.ToggleStarRepo(ctx, "unaccesible")
@ -783,6 +789,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": false,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			dynamoWrapper.UserDataTablename = badTablename
@ -797,6 +804,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": true,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			dynamoWrapper.RepoMetaTablename = badTablename
@ -821,6 +829,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": true,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			dynamoWrapper.UserDataTablename = badTablename
@ -835,6 +844,7 @@ func TestWrapperErrors(t *testing.T) {
 			userAc.SetGlobPatterns("read", map[string]bool{
 				"repo": true,
 			})
 			ctx := userAc.DeriveContext(context.Background())
 			err := setBadUserData(dynamoWrapper.Client, userDataTablename, userAc.GetUsername())
@ -911,6 +921,7 @@ func TestWrapperErrors(t *testing.T) {
 			Convey("unmarshal error", func() {
 				err := setRepoLastUpdated("repo", []byte("bad-blob"), dynamoWrapper)
 				So(err, ShouldBeNil)
 				lastUpdated := dynamoWrapper.GetRepoLastUpdated("repo")
 				So(lastUpdated, ShouldEqual, time.Time{})
 			})
--- a/pkg/meta/dynamodb/iterator.go
+++ b/pkg/meta/dynamodb/iterator.go
@ -59,7 +59,7 @@ func (dii *BaseAttributesIterator) First(ctx context.Context) (types.AttributeVa
 	}
 	if len(scanOutput.Items) == 0 {
-		return nil, nil
+		return nil, nil //nolint:nilnil
 	}
 	dii.itemBuffer = scanOutput.Items
@ -72,7 +72,7 @@ func (dii *BaseAttributesIterator) First(ctx context.Context) (types.AttributeVa
 func (dii *BaseAttributesIterator) Next(ctx context.Context) (types.AttributeValue, error) {
 	if len(dii.itemBuffer) <= dii.currentItemIndex {
 		if dii.lastEvaluatedKey == nil {
-			return nil, nil
+			return nil, nil //nolint:nilnil
 		}
 		scanOutput, err := dii.Client.Scan(ctx, &dynamodb.ScanInput{
@ -85,7 +85,7 @@ func (dii *BaseAttributesIterator) Next(ctx context.Context) (types.AttributeVal
 		// all items have been scanned
 		if len(scanOutput.Items) == 0 {
-			return nil, nil
+			return nil, nil //nolint:nilnil
 		}
 		dii.itemBuffer = scanOutput.Items
--- a/pkg/meta/hooks.go
+++ b/pkg/meta/hooks.go
@ -72,6 +72,7 @@ func OnDeleteManifest(repo, reference, mediaType string, digest godigest.Digest,
 		if err != nil {
 			log.Error().Err(err).Str("component", "metadb").
 				Msg("failed to check if image is a signature or not")
 			manageRepoMetaSuccessfully = false
 		}
 	} else {
--- a/pkg/meta/meta_test.go
+++ b/pkg/meta/meta_test.go
@ -48,11 +48,12 @@ func getManifestDigest(md mTypes.ManifestMeta) string { return md.Digest.String(
 func TestBoltDB(t *testing.T) {
 	Convey("BoltDB creation", t, func() {
 		boltDBParams := boltdb.DBParameters{RootDir: t.TempDir()}
 		repoDBPath := path.Join(boltDBParams.RootDir, "meta.db")
 		defer os.Remove(repoDBPath)
 		boltDriver, err := boltdb.GetBoltDriver(boltDBParams)
 		So(err, ShouldBeNil)
 		defer os.Remove(repoDBPath)
 		log := log.NewLogger("debug", "")
@ -505,8 +506,6 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
 			retrievedImgMultiData, err := metaDB.GetImageMeta(imgMulti.Digest())
 			So(err, ShouldBeNil)
 			So(imgMulti.AsImageMeta(), ShouldEqual, retrievedImgMultiData)
 			// set subject on multiarch
 		})
 		Convey("GetFullImageMeta", func() {
@ -1378,8 +1377,8 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
 				ShouldResemble, "digest")
 			imageMeta, err := metaDB.GetImageMeta(image1.Digest)
 			fullImageMeta := convert.GetFullImageMeta(tag1, repoMeta, imageMeta)
 			So(err, ShouldBeNil)
 			So(fullImageMeta.Signatures["cosign"][0].SignatureManifestDigest, ShouldResemble, "digesttag")
 			So(fullImageMeta.Signatures["cosign"][0].LayersInfo[0].LayerDigest, ShouldResemble, "layer-digest")
@ -1503,7 +1502,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
 				certificateContent, err := os.ReadFile(path.Join(
 					tdir,
 					"notation/localkeys",
-					fmt.Sprintf("%s.crt", keyName),
+					keyName+".crt",
 				))
 				So(err, ShouldBeNil)
 				So(certificateContent, ShouldNotBeNil)
@ -1602,7 +1601,9 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
 				image3 = CreateRandomImage()
 				ctx    = context.Background()
 			)
 			_ = repo3
 			Convey("Search all repos", func() {
 				err := metaDB.SetRepoReference(ctx, repo1, tag1, image1.AsImageMeta())
 				So(err, ShouldBeNil)
@ -1688,6 +1689,7 @@ func RunMetaDBTests(t *testing.T, metaDB mTypes.MetaDB, preparationFuncs ...func
 				repoMetaList, err := metaDB.SearchRepos(ctx, "repo") //nolint: contextcheck
 				So(err, ShouldBeNil)
 				So(len(repoMetaList), ShouldEqual, 2)
 				for _, k := range repoMetaList {
 					So(k.Name, ShouldBeIn, []string{repo1, repo2})
 				}
--- a/pkg/meta/parse_test.go
+++ b/pkg/meta/parse_test.go
@ -348,6 +348,7 @@ func RunParseStorageTests(rootDir string, metaDB mTypes.MetaDB, log log.Logger)
 		storeController := storage.StoreController{DefaultStore: imageStore}
 		manifests := []ispec.Manifest{}
 		for i := 0; i < 3; i++ {
 			image := CreateRandomImage() //nolint:staticcheck
@ -389,6 +390,7 @@ func RunParseStorageTests(rootDir string, metaDB mTypes.MetaDB, log log.Logger)
 				}
 			}
 		}
 		buf, err = json.Marshal(index)
 		So(err, ShouldBeNil)
@ -429,6 +431,7 @@ func RunParseStorageTests(rootDir string, metaDB mTypes.MetaDB, log log.Logger)
 		// add mock cosign signature without pushing the signed image
 		image = CreateRandomImage()
 		So(err, ShouldBeNil)
 		signatureTag, err := signature.GetCosignSignatureTagForManifest(image.Manifest)
--- a/pkg/meta/proto/gen/config.pb.go
+++ b/pkg/meta/proto/gen/config.pb.go
@ -7,11 +7,12 @@
 package gen
 import (
 	reflect "reflect"
 	sync "sync"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
 	reflect "reflect"
 	sync "sync"
 )
 const (
--- a/pkg/meta/proto/gen/descriptor.pb.go
+++ b/pkg/meta/proto/gen/descriptor.pb.go
@ -7,10 +7,11 @@
 package gen
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
 	sync "sync"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 )
 const (
--- a/pkg/meta/proto/gen/index.pb.go
+++ b/pkg/meta/proto/gen/index.pb.go
@ -7,10 +7,11 @@
 package gen
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
 	sync "sync"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 )
 const (
--- a/pkg/meta/proto/gen/manifest.pb.go
+++ b/pkg/meta/proto/gen/manifest.pb.go
@ -7,10 +7,11 @@
 package gen
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
 	sync "sync"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 )
 const (
--- a/pkg/meta/proto/gen/meta.pb.go
+++ b/pkg/meta/proto/gen/meta.pb.go
@ -7,11 +7,12 @@
 package gen
 import (
 	reflect "reflect"
 	sync "sync"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
 	reflect "reflect"
 	sync "sync"
 )
 const (
--- a/pkg/meta/proto/gen/versioned.pb.go
+++ b/pkg/meta/proto/gen/versioned.pb.go
@ -7,10 +7,11 @@
 package gen
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
 	sync "sync"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 )
 const (
--- a/pkg/meta/version/version_test.go
+++ b/pkg/meta/version/version_test.go
@ -34,6 +34,7 @@ func TestVersioningBoltDB(t *testing.T) {
 		log := log.NewLogger("debug", "")
 		boltdbWrapper, err := boltdb.New(boltDriver, log)
 		defer os.Remove(path.Join(boltDBParams.RootDir, "meta.db"))
 		So(boltdbWrapper, ShouldNotBeNil)
 		So(err, ShouldBeNil)
--- a/Show more
+++ b/Show more