From e670e6c608cb4c9cd176c399f4923d901fe02474 Mon Sep 17 00:00:00 2001
From: Jess Lowe <86962800+jess-lowe@users.noreply.github.com>
Date: Wed, 29 Jan 2025 16:51:28 +1100
Subject: [PATCH 1/6] docs: Update README.md with new logo (#1545)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Logos are done 🎉
---
 README.md                                     |   7 +++-
 docs/images/osv-scanner-OSV-logo-darkmode.png | Bin 0 -> 8966 bytes
 docs/images/osv-scanner-OSV-logo-darkmode.svg |  29 ++++++++++++++++
 .../images/osv-scanner-OSV-logo-lightmode.png | Bin 0 -> 9236 bytes
 .../images/osv-scanner-OSV-logo-lightmode.svg |  21 ++++++++++++
 .../images/osv-scanner-full-logo-darkmode.png | Bin 0 -> 17639 bytes
 .../images/osv-scanner-full-logo-darkmode.svg |  32 ++++++++++++++++++
 .../osv-scanner-full-logo-lightmode.png       | Bin 0 -> 18973 bytes
 .../osv-scanner-full-logo-lightmode.svg       |  28 +++++++++++++++
 docs/images/osv-scanner-icon-darkmode.png     | Bin 0 -> 4590 bytes
 docs/images/osv-scanner-icon-darkmode.svg     |  27 +++++++++++++++
 docs/images/osv-scanner-icon-lightmode.png    | Bin 0 -> 4830 bytes
 docs/images/osv-scanner-icon-lightmode.svg    |  23 +++++++++++++
 13 files changed, 166 insertions(+), 1 deletion(-)
 create mode 100644 docs/images/osv-scanner-OSV-logo-darkmode.png
 create mode 100644 docs/images/osv-scanner-OSV-logo-darkmode.svg
 create mode 100644 docs/images/osv-scanner-OSV-logo-lightmode.png
 create mode 100644 docs/images/osv-scanner-OSV-logo-lightmode.svg
 create mode 100644 docs/images/osv-scanner-full-logo-darkmode.png
 create mode 100644 docs/images/osv-scanner-full-logo-darkmode.svg
 create mode 100644 docs/images/osv-scanner-full-logo-lightmode.png
 create mode 100644 docs/images/osv-scanner-full-logo-lightmode.svg
 create mode 100644 docs/images/osv-scanner-icon-darkmode.png
 create mode 100644 docs/images/osv-scanner-icon-darkmode.svg
 create mode 100644 docs/images/osv-scanner-icon-lightmode.png
 create mode 100644 docs/images/osv-scanner-icon-lightmode.svg

diff --git a/README.md b/README.md
index d8f33fe0a12..47ece1aeb00 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,9 @@
-# OSV-Scanner
+<picture>
+    <source srcset="/docs/images/osv-scanner-full-logo-darkmode.svg"  media="(prefers-color-scheme: dark)">
+    <img src="/docs/images/osv-scanner-full-logo-lightmode.svg">
+</picture>
+
+---
 
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/google/osv-scanner/badge)](https://scorecard.dev/viewer/?uri=github.com/google/osv-scanner)
 [![Go Report Card](https://goreportcard.com/badge/github.com/google/osv-scanner)](https://goreportcard.com/report/github.com/google/osv-scanner)
diff --git a/docs/images/osv-scanner-OSV-logo-darkmode.png b/docs/images/osv-scanner-OSV-logo-darkmode.png
new file mode 100644
index 0000000000000000000000000000000000000000..b86573edf182249f26602fdd24ad24e66b7c9d1c
GIT binary patch
literal 8966
zcmXY1Wmr_-*QFEzVPHr>h8l(j0SW2uMnGxlM!I2sgyg^w(lE4i2+|Ew3KD~)jC6PR
ze|+Be!@c)>Id`w;+`ZRY`<@f6rJ+cOPmPa(fkCLOB&UOcfeA;C<DWf6-|5IqlhF^n
zk4o=7Ffa&!|1QkQKf!kx81xv*a?)>ov-fjUoxqBjs1Q9XN$}|N3Pmoj%dMV00eWn~
zc9WCuls|G>sR(?ZYqRuqQ;&Qayy%I{|GR15N^RNgI6L5py&JYKkRrwzCtx1cPxW*!
zHpvn23Kv_J`{ETxcg2c|rG{jY4GgK7q$eR)T;BRgFN6HWvAmW312h!*r}8dIFY!3x
zki_iu(=bc|B^o=-o}=$azxH1oZWEbd;C7E4J(Bia>aXUSUs2PMzF);grVCTudho3u
zIy$gR7p`Cd^FTL(#6*wn4m}zG0cEvLhdUNp8fWBHv%|!1ZWSdU@@h*bAvqJMD}ady
z6+ng)V{s527Dr~XP8x`7Ur9r$X|{#k-YA$iTqzBhO4L2AB$!iy#>1=FNg2=H=u1n@
zONCQ!3APjH?&X8vqstWv@e~ema^2)#e3BBl6fBE(&oq#>Gx7>{0kQ!C-)C`_NNVf#
z^fB3D?bHe*Z<1Vf0w98T+N*2gO-<TSCiDYU>HR}NpJqN?IGjC$YKA*?7(p=YdELMK
zsEzsg1Eiv4u_IT(CX+(o%8ytM<w}9~_j)gM{|a|<F6`{078mLE!W0dV(t3(%pD$-g
zdwJ}TRb;A+d-);uD^N#$IlU;-&~s7FWuh)@v3H;EoIg*MGNbh8ZTDyil)(fGsj@4f
zqFuoW$_wtg)H<;JS=!zV$--dnq|**M#t_i2F3g2dWz@Orb}PiZo$Pc7ABs4$#Grdp
z6hU2y&^nm)B5`0C{w3nz#hLi}jHIj%SSUt^$H*Y6#{~RZ-!p!Ct}Z3QO1XFI;@U?u
zIh-$RlEbG=pjURrRDPJV!9dF)R41fwp*oXe6=5j1Q5>-tDys1~NQsH3-COr8pPjZ^
zS5j-WL3`Djq*w3sBnW9cRrk?(_|@;syef8Lytz4Rr<x>3^kT)Bq}9DNh;g=}Getye
zkxQS;Sc=%k7sbxSlyH{=)k1wr`<hPC6Z~vI?rijqrI;<Hb-V3nr3RL4yWP0et_5<H
z1r)ZBKEt~F-8BYagPzU&(A%Nn&jn_yGE#=6(pL=U?0f)6<gKg}EQ7A4Gdk%c=xx5V
z-Cx73QgIBRoQ(HK{M+ey2&qS61GGW=xL&@hIx~&N>P(?E=whX-bIO0+Y-BN>|99D-
zn)X0PVnP4Y>cmJrheOd=&#-SeIm2D>MJ1~Ir>^^6YfK)B2Ry%wuMYlhA17d@c6!-d
zA|oh!J?KJ=1zed6h>S99D9>AV8Yk@YFY=UX<+&K^qu_oL8rca&IBO6u`vb8vExi6R
zi&~U0s$i~JHKaEC!Q}K>w_{^&or5Rnq3mr`k6;qlYYG_1;bg*j?*-E)d2S)ms)lU2
zY<INyh*M<kBzuLS*aj2-;e>F<+2HC5=6Hy2v-{oO?Z^AO=^w7|J49bh27v^;-$}1C
zFpXXg4jh29l*aWlp21af2U+gJ)G?J=psgbg5?@b2JjU}c#l(Zxi$Z9`-kAEgK2Bf!
zaqYTka$3x$&q6M1EEL)P-h$Josnr-|Wyc{m`2<{TRHbx|OLb<9@fwF`F}yd8P}io9
z%gavM2LNit4wlF3rSH>pRP92_zsrR1RBAQqN+M|an-YiFy&{*Aqr&(4ryhDfL6Ix@
ziW|WRZ9JWg{&#<mP@AoWA>+dBw?_(i@<sAN>^V3_WB^%boy$RY`S7^N&hK&ZpX@Qq
zzRMzhwktmNEEC;JKO9y{=7lrr80^g10{BT!Fx|g6b}Ie>xV$VIX~?ifK`Lq;j>k8j
z&gEAiKq1#>HFhQ)bLQ8Jb6uB{9hxDUyZ7!mLpdd>-vu4Sd?IUTZ3qGh^aP%=F9PYC
zWPMGS28{m;wJKh`MREm69lV)iD$I#v`#%KtARjaTd!P6N@jKgy%GWeu>!0~UZi{&&
zZo_0|>Qv(v2*YS*-_%RI3}_kKU+fJ$5s==voVNx~#;W0F=;HD}SxA9`n?qiWD500&
zms!W%@2UHm#%%z#JWODWla>b&aKM8=9X@DJIKHRvhFvlQwVDwygB|<QteVGu<Gf^O
znmbiL6Oz)8;N}~(<-bIw6T{Qpn=)oW4?-DNx3t0c9|#6aA)VbB`Qf*&?Gyet+cgsV
zk`gzcFpV%?Yw(DR)VH3{0(>fc;P3Td9*%Z1)3%9?`BAl97`yr5KYp(TK;x)fYG?7z
z1&|N43u`yovG_wG>kc2&2EO@xs&VPrjbKg0i>&bj<?XdA?tVtlUFP2Tbr@x7oJQy(
zOs^asy{2Zklqg$LAMC#yF<S8eFdf8ZPgI;X0U|@37<?TUG4;_ums*W;O-ayfGCCIs
zah7b4&g66gv<j+xn@JacVY4BA&~bNj2wDod0>J*v;iz)hJ`DcA?YiPJnn943>5-Sd
z(unFJ)gt)z%4jefu5^}+4=0e$oz=I*gzreFiXzK6=(&(F6Ep5VoRJu@v`exy0(ffG
ztfw2|5Ae=E64pO>BsNv8_2bm2kUqy$gDG&O>e*ub!Prc-w3w?k3Of@_<s*Lk&Ymq}
zFEhLR_9U+qgCv&2I#fuY=kE)cKx)=~v1`sXAs~~-yN<4NhgSr@Nv(*6!|Qf9gL7_F
zW-_^5?Yi?vfoGzh29`Uwu%{sKX4b|6TOg0|j^-_H>8uAdh67R`e04MyhER#Z?fzSe
z+LIKykpwo{j4MDcNtRKwLw%S#8ErpH|1$A3!ADP(K!V@w?(1Z%a+A~Fv`_mzDT0|P
zpK{%i$0w&}q_p~c5NJ$%jgWtwSiVNr)dd3VtU*r_Gppb-*ud3Vs=Q`$qCVNyY>&tE
zZGs2*b(J6yp3~CV<@W@fd%Edd7wJAa!y5U~>g0O2>-bM!03attmX21e)B8~8D2v;P
zX$oA!WG)+{p0c$xa@F!os3rH^&=`I!6Qg}glXGK+heVE|)bC@<FV|cOimUpe|ME_x
z_3}t|LHV@o3>UV_gSZnC8nA6rdDRUfr{<8Ito^-^y$5SgXdCs$Erox@NrcnRC^-wm
zHiKkMF^}_Q9RTZ{HM;TanTs!%{Ens`3Jcfw5Dou|-_d8RV~4TYNfe=fF+R-+L|Qlm
z_AU(sb(Nwa>Fx1I1xl^7EcO*Zn-Acbsrz~^e9f09yImYPm+1;<s_JqN0#GO!qoCGA
zS{%oYrOHy}s=Mg7@N-B{CvWQzzOl>^S|@=MH&v-Le!3j@@&)K${bN?z;D@1kn;yRx
zV&W1(mkTv2F`lgEg&gL6xE6Qw`CRKyuIbYS6M;kTHr4%biV8hG$U4DSv*Y;OA7Mg<
ziU`RY#MlW)SNP#%8`XZh;;6$V4}Nzx5KuiUw^3WBSI)%<>{@u5Nl;bU91zteP6t$<
z!b*vqwLya2s7(|$WylT+nOjhnpr?xW8))@;dQMUx@LgCcI!f-0u^@EWc};^h&I^_P
zja0k`2Aw5KXn=Vu)xqA_BdV;fP>ZHXiKpUDlTOc5jcj=c_Ot+XD9x&mG<Vd_SZg<y
zdTzG<q4(E9r{ksXf8u|Lc&jKjALsopILeTmoN%i0dCe)N!{33mSu&r0*`R19cJt+l
z^Fpzt-SZAOdu^0>a$x?CyS7cQ=<q!y5_<keiV?k0AY3Dn!0{_=?myy!w|BOs!%L~6
z=`qS2ySNDe&|`o9vR31^q=f(O1C6WIg9LLPewS=Ubi^K7u8ZJGxtFY0_iChY!IPyy
z?hT*<ri!qH%)w=|w8HRKj%zRrub*&=`oEP}-p73$I1i$t_YA@&(1=qDsnjb!H&F%u
z+Qjcb^uNYTtgbrvP<<|gOYZZTtlRl3QKZP_&dsrbW{{)Io8*Vp!miaD&~vSI{G6}E
z1aoNovyfde23<1lZxYH<hC_$9TUzalU&Y%$oz<0YZ+q*upub$jV3+@iYsA4IRoIuo
zFNe7y`vKL5h4cpR;{J?CkP^%dlPhpzCPHB*&r_NaV0!I|*s)=X@1H*sl1sQxRB(78
zMvl`oy|)3LhMS^a9=Em-M(yoL5G)>^lbO6-kn8c!qcuK*ze)Kqq@X#2mGr4PhB%+S
z!nnb3Sj=_#VlGw^^ztG|yoL84eo0$5%Y5Y1iObT8I%B49{2hB$>Wr8)5y_iu$yh-8
zwwOaLCtyo7d!bhk_lvOe3lGZ2;K$(!A2fXY(fS_%8dX@A-9$JNQ;v7~nQO}DaFLAM
zNTqHCryZGOEXJ~>HZr5np5u}m^{g3w3HJlnd5>pTD7-%j+SInG@o9#(k4I-5s5?hW
z&|cTahcU#xPwYl3MUD6vITEZN8zs8aS7Jk|leFeHQUnbz;m!_Yv><0da3UH|Ip^50
z;tkC$Kz5@YB69h9tL+PS&?=pAU|_)Y`YpmF=(t|<Aq~1M*R7z!#pr@gjY{pYLt$WT
zT||%kLNgR+D59ou0wFB37*Qp)E^c%2=X!lREhOaQ;$!^yz1`G1m#=4|Qz8C4y#zBn
zpr!ZzEtjzu*N-#zfZisCKYK^`g{vPNtrA6?93oCWyQ=DS4M2DVmk1nbTTaJN3YutV
z8Hv)@@lQw;VTpreV5}RKY$mB$cew=<enws<+k|a+{6Gk5@;GxNLLP88B_3wIzN})j
z1S=;yY4u=_h<$<WJpYjO({`F4yn&Jls?o48mJ&>4qgzl2IZre94l|!8=5>w{c4SmG
zSt*mOM+wu7+uddN{Ee#<eJ%I@j_|SdZpA}V?DBZfWag5;hv*<)^&sD(SEwvP4!`X1
zR()h@tSk2ZZjkVKT0;Us6taixuwcgjO|S8m1K?bmVrfKj>|s(hL?-0uQ`s(gv7h&K
z#lYM;ozO4t$Fb}C1GHC0yjbivk(N_2ocB%M@$x!{J<E92(4R;QfuD?weeg|8!B>j9
zZ=BCNl*zz1DXtjR=-IuazJ;AisD=JB63!A$ciM$>SCl+K$8(R~L6UD0{h=pcBMgoE
z;|~kVXNly$oUtnMi4O!n^u?r?D0`N@%Rk8H*(IZMYGcjcBWoXvevJn6gl1+`*0RM9
z8Mu5lR+g6gNJEKOlsG-<;R*gx>)TKVZkP3ji^_@u4)gSfa7!cGobcYGlqC%oD*txj
zPRiH>ei!7<^rzRk2IR<^sa5JXzM83YWB1WFz3x~w6TfZ~bPiOnpK#56|B$>fS4{H{
zEZw`>afKk8RoEXV2!v@-f5w_uv$GQ2U1h99GrlpvW86y!SRFo1c`MaAtNC|JLxMJD
z|C$&UW=NiBV>vEXf9H{TH%MT%zfd~+Oe?f*?CjWlmy@)t_7hv9mQ0dXu3VKXc*t|~
z;<`a5IyBVr-GvkwxYabiAm$5wC|a>PcS8$^3+PXX)6YW3T$6_exAGRhyY(qLW9miz
zjuS$y0+K{m`rTCX&HS(h!h+U4USKj#2nz=a&h9sp6W~N@jw0A4+<$kRP7~HcF9-Rr
zn*UgCtIa2XHG$<4w+Wq1c{nUox4Yc69`+wytMxYaU5#(*AHw=(HvE1G!`3$_Vf?CD
z_qdUdL)a5kgYynHN|YJiM1o~cm?cg2LQtKMDQ0}vN(J-OL{Scg317{`H61yP<5}12
z1TBt~vgGaH)jLoh-!Cyz|I?o*Mqw<2AtJ&%n=Y$M?;HZBh1>4TZU96fzQ;!zLWj5R
zNs!&&tf`0iaf_p#j8+t{1>ei-O&5I@_?D-}GSE4b0hzM=;l05Oto`uq@tx%>D$m--
zCp+OuhTTEx0WEKRy4*Tp)NfBKdjq6A?LYF=7jSAy6xAUEXN9Nl@Q(Tj5`yhpFH_hi
zs1zAFshC1aGr$3HNyn|9qxBf1AQ_zzX49S|7s;Ey5z`PpkW#^MZY{J!<2T^BQ9Sr3
zUGIBLiI@Id{C;S9I7Hhz#jXngY~aJ{&q+<{AET&FU(d}5bcE{}!dS)d%=Cl8r)6>x
zIm*9}D=KGRSCo!_k1V}gh3tr)^8U2Q;^w=rTk5GvW@EynsdL8G!79)#20F~o(=*Av
zIunZl$(&1rNbDs-c6K8R-Tb!`X#Pb&b_Lw5tS*F{uPo=Fc+5knac9X1qsud}k=VaU
zYuB;2JCkoYOVaygywSSw9%nWrK8}`JfS}A$-z%xR^_I|P;O>HE(<r@y@y480LHCW<
zazw}?x;NB>dZ5ebK{Zv*GP`_FbGGO3Cdeoo4AEneMjH+^#e>i~!Dw6a`l;n;t<(I3
zZ^BrRwM%;4xVzQu<X=;}BY%12+OF2b%8G=efUta=*zqr_<uuJMJQB&Cb!L8$lQ<PW
z`ct4?Cr`$Cg6v_R=iK5nS|G-c1Y+sy%D9MY6M==G8+kn2oPK<V#o*rh!RK$IsWSdi
zIB)Fn7*XRZe>)^67{|(JRs6q_D)1_bX>`}-!)mMZ86>7WymnwtE{GzQlab9p+j>m2
z8Sz}*9U5o*S0n?3HyicD3FE<^z7?<EWuPlEb7r&`>4lxb(G|9%QQ`529sgPBFR+xW
zw2pjro=kw=2zhk>zMH|=LT|9Vl_4W{Xbo0DmeenN6b^c3L6j=>D<Di$%k3{?hg<n#
z+BSy3`=yV8bP{e)))T=gyEvW6@STyp@+xJpxvWY!X2=t{w94tG3f)79{Re$?t4_4j
z(87L5o{?6;TJue|MHR{n>DF8Hbq4m56U<&^mg7bJYVh?AGvlKEJ}X_-jQTPLi}T2F
zkNjp)o}mV)Lx`cIgu^@RuvXl^&lhL6^#*N1*q{4`87k@MYk#PUU%ee?rl>szea$rl
zn=_$D&pYvz3{Hdci+61jZAst0A8TP{!Yv)<%cDqgt1c8<`Wn$tv~q>E_Y@ZaZTl97
z=@Dgb)uq0IQshos-&>go)mmMGM{<?8deKH}&*dV=M{AY;V*riEg#5mBtvc8o+p4@%
z4(%U+Sd1+<!<k~1s^0b0G!CXs700<>s|1~2af4?{RYPiCjlB3A@veJ-+)9FUVfgf{
z+1d?^BgdkhZ8x7;cGl-1=3;LeK)sOm^fD<9fhSP&XF3q!+*<8wPGo`H49WO@p`y=f
zP<9C6Lw(*K?ttA}WT?N~e{^817nyobzWY3v!>VnE_UFLR>2oO)N<lOUmD)RkTCoJx
zrmWXKw?`W)ab~7h=HYzfG<D!Kw<K&sM9OWuD0UA-E3Hd;>WjD1tQ5R|6h4!Y8Fkcj
z=Ni;*a@=Ab_u?2B;d|3;g?ny}%gWo*v$Dt55*lVz0Rg(*lkaV?I&Dfex;5uH;=cgA
zUP`u`kNFyGF1$_YJnplPE{g2cO-}>*RxF1FlWIeW54hh#9SeJnXSDDZ*$v!HdbB6K
zG>G7DoJLa9h(C1Q@HGbBXDH!C#p4!akr^@%La9K?G<=UE^|<X>x?(bCMiskv5BVik
z)bf<)QY9Z?P1;M!({iM5eNf})>TC2AwI4V#K<}G3gabIEpyAYq+XZy`TX3e7f1JLF
zMnm&$=jYdNk(p|tVw?E@wyz_qua}q->D6(Zu4F=~RT*~FvdZyP;vN}(g}Z|U$;}^)
zb7xP^`R$)S4I}>MI4!uD-ldZ_#K3R#^F_#_Yc@bD`RGb+@rk$lnh0b&Ptbk))nx}@
zuKz*f@{&#QN;VX(y>JhAccJL`?@{zO(;glB@4m|POo`?LFc{!1nmBMIB@?ZS=cR!~
zpf&o`%S~V|f{fJqkM0yvtz>k^sD&TH>9_)3NYu}{W5`y1E<Yjx(=H#PvS4{jy`g{J
zh>-syU!pz9&WT6Ki}ck@vk=t@2@jlV5d1E9zIAcx%2bb4?cR1(P=t3)yzbT&tAcf#
z4L9pC2{>(kNnfwc&F4w`XXJ<95hFevKdQeduOd}mvJ?O(O%!zSGPOF|dg#=~%<`M-
zJN#U(S(I!VZYX`r3E90u5Nto2ZH~!E<w^X{@uvkqvjC$E3dU;GpHMx4kZBqQL+>%E
zw2j4L-s&ke*GEHP<$P=qU`OtWMF3AYUh5DU583$u*4`#V$B~58Z*0tap26_gAX-uN
zb;DAgGwhhQD%vysE9X6g0EXAq2w7Gso~U!pN|?b)02RTScL^l}pBw3mek?)vM973R
z1k(uo!M40SU#R`J`sghc3$^KB|7K%s@C%o?d+&)nZ|50Ci(Cqa6+VGf&xx{>6a|ai
zNiGY_b+$R<pU(7%nVb<{j%2xRQxb!gu#C_1_#-si1&}2_mVH5{W8P)2BDu^%RTjF1
zJ?+>?E+Q>U-tK+B!_LS$DM%oxeJ4+UFt|JGh+J&<Ke9OwUO>QBWTMR8-uvx*98cS;
zOyh`%(g315eyJGbiqAO8l@DNA709kZ!^}FV2ufQPC1TZ|M^NU7Q}B8-VagYf=~Gd{
zF*10b#!MTjI*lh<Wm#}BgN^-P88Mk9Cs1XKTd5>|&jABzY&K1h-=MeNF6)l%0Z#{I
z-<hn5BvB~OR;?O5Q6=$aqY&Jpr{qs7?W^%ieU@Pp$_9*}f}j;ZE;S_BG#jmjvBTa6
z(eOVUWVhW+BdFlE$QyCb<W#OTcH71y$reLBMk{$RSwry;$c2z(4IgS{?4q7(b(vq7
zjXnu4ljtTZjc9zgXqP}7c~7aVQllF{7uzf1ZYfUuRhKNfg}nx<lrj<USxhs749@M2
zEnu*4{vt(BPAy82CZqq2?~Vu$74DE<)_?Gv0`zBGVnQ*_T==Y>p<C%}PsR_Nc8?<8
z%kgzc*i<#FD9@o3T#=uRVNNUgyX{bLiff%!GPadWfc8L_Dmut^5HtXj_roE^`IFX4
z#IL@mDtj>+1G_`s{;(&`(?1m~7>~=<UWdKwR!H^v(B@X);-N>P0VHO#*5vhSx51ru
zFfOP+LjPhGHDZd1MZ@b5VQWL)*90<>)Gi0;es=@z1z1=7<mN;-*a1J3v9M0Kr!IL{
zpF&ENe^a_zVUvI5s|&Sz(K;sPyDP%OYI3)gwNA?IQ-V8-+IwNt8O%_EH$-$Y=sl3`
zh5%?S4Ov@>m$@}+FKLCh+)2kd<pcwM;U0$SG$s3`s_(__P_qQsG<GBqimB&*Q6nXW
zOK!M7skeRYqfP3|4hC{G5vF_$PbU=WpGEnJD(?p&Q~qm6NLMd8KZ@mCfN`01y{g9n
zOD_?$@HIH{5iMAI67>oEG(hjH#E*#&ZmAI`%MCTwL$wDj=(e=tN1X)@;8YdKOA6ul
zYkn5THwx*@^z?@jP+Ah@Xl;(@rz5(}{{d6lqc6o%%onAY2Y%&4gh;EFH5p~R?miFv
zKIG>iDM#Ki-MO9^kfSw9DvbMrvdzF(upjikaq|b33uJYa>`NlOkznT6*o?0;es*r|
zppw|TF!E&uv6$>RizLCL`sgkW*`{|3;MpKhtmh|h<?#DWX4();Z<=2>C(mt?*8hXH
z^;k`jW(@R<Z>&{t_yY14ttnR$=e@;0VrzJ#P_oR4Ki)bxWb*A#!NCK;cp;f;37iXT
zqZ@z3u#)~(XR?te%KO_{SY7(Z)yLlUn;2G$adiehVcyCgzrT`$-apt{SD(ainMtab
zD5mbGFa|!k#=$|BBlYh6*ctPgZgm>8y1sb!2EHr{R;`a3uC6kZUY8eXbRFQA!K5jE
zcdfxdQR_z9wtm)@qSSwiuhiPqORk4_C4(%Vm#=2C#=g{}<30V%VW#-U!+hB^5DctM
zd^TGvPk9@3>=XbkK9-<20|sT&t|iQ6gT=$kcCRGV+(<83IB(z$vE#pP&$MD=b;JWb
zfEJs=n{Mr*e0pKTw}@me{}j%yv>9yWXs5;gY-4FXDbJTEMQxdsXRQ=~S8bN2k#Gxn
zY>v`)Z5gkQ#CRxdGF-z3{?|;hy}ci8CQLWT;k3w-H+0SMnNa5@9YJ-d3NR#`PBF@5
zxpBdEA@9DTly{!jQ`{^Hj^_%&5(KkWuo$-9<_d*>PWmfoDmg6ZFsZb-G@yos6mL~a
z()=2k*=^!SXTJ=E)oy`yPUE?Zjgka+_>+W#PWYyu5jH_@t6eQL8d*^mzAgZ;HDOn4
zsHuF_7U|uydf1eLx&`8InlJPQWb&yRxVMf(d$_vr6a6FQm_hDoVgOt+sTZeimu6hr
zKx$GpJ8+fVVNzJCC9E14x@}WPi*#{7g=4>EowWWbs!&328R$lWKg%Cc<SV7jQu`u>
z?d95ezIOdM;fLbNRhKCv(@EJx!8)21d@WKW^+}G$=65eu;<Qx=q4Rb7LQ~jc#wD8`
zo*8UacG?a!GA~h53xyiCTs8MfM1vf(nEM{RCyXM#h}TaVMA6|Li#2cY3XV}9<ufg;
zo@p_<lZKQh$RO{PH2sU?x;E*1O;q#zgd@9RGcwYNiH~^7BzOYi^vz6iO`_EW-*Mg^
zZu8l5)20rqQp?ot7i(A&Ue_NC`q6X|XvKVlhO9cjoSA^iqyvewre6!#Y~|}WSL-iS
z<vXLqzkv!NnPp85VZ_WY9h>jfE=muUUL08#9&oB~EtTNlIFKB_m|4Me@Hz}|v7@$+
z(4oHABYKn=K3+0kAzw+Oyya$A|GNS1cG*2=OfhX&$A5-oTw#)k!i^ir*sWUzETmNM
zsi)y|$%(F0GuH(3bJ1(XMrmF#g4oVyk79+6ZJlQO(|TcUfm@OWRDXi#>xHG%4cjQH
zO_J$Q{n*G^JKauoQ@u5cU>ISR(~4OLC*sGDho!7k9tFwF6)R{}j`gx*fUqsa6D5sl
zF(dR!dhnbuy*m}!tt97kxrr7nlN86j3g4psQsNj_j=u7#zMxBM%73{V=gj`qeyRl8
zUAjKZ^~2kN%&7SfSeQq&6t3Sf1h=Gpq@)zwTG8Bk?Hz<&Qp-ipw(Bw-KZJpSRr&8M
zKq)*zlaQ)nfN)Vr5y@a;g<S2E5GoyCE0*57d8%b8<{d;@0tXUn(HSb`Q1Yq+^nRe+
z0_o(VwU>q(S8q$%X;MPs$e4SAh8on=LHvni#9GxJQIgeGb8`cG|EX1P7Yr!w!_te9
z`+Uz={jm~g7ldLOpiunxa;176;>uedVH0)DdQ1xBSV#ic3UcL`llNdFhl~B9y_FcA
zqK*V>vuJHv(&%*{(NP<fDXCp`BfojJC~$$2U;Z7lOrV|n_6e4=B@$i=n7LF4;NH%c
z>-$D<5cBN(cE%E%1uB2VfS%YnsX%)MQQp2a%?VcpSY_j!FE8a0Ip*|pAvfzwS1=1}
ze+w+K$OPHYoWEg4?_@iA!!I2;uJ>*j>Dg$Je`_vbtb$rB->Y;xPmGQFkuvT;aU}0|
zhVysBvc_%!j90*3k!TENR_izW<6xRAFP+?9a;*QEtUZO%AY-4?77=BYJ28a0f`)`m
zkdeXh-|?J_L5gx*AirpB-hH9>?d4Ssd5i@V0NRz9Ig&wJfK?JjVWDJ2!~CMG9}Vw0
z*gUj6KG{uBYn9n8fTozG`{9Fbn^*wYyO=c@8aJg-)oM(KTdoSwQ=!t;#1h2QvIH00
zS$vJ8=HVq@Q2k4_z+#>HfOZlodQt;yvFSwxiJcBscvLyEAV$(#ZWVExJ<HSDGL@HT
z55)d#NEovakFkFrJR!TzE2wR%kTZ1@D_H0@Ie_>+DCp4cq?7Q1t#$VL!8Ko|>~paL
z7N0US^X23)WA~Vp@^_09JzbEYn5ahRGQyc#X3~RU@;K>TgC2j57qWNiH3>ODNZ&-N
zWI{om3bXJ}{x%LDjJvSsW497L@ZXUSy5*xT%wGo(jlqf61A};R10zJ_M2<*KqDMM!
YQf9{{1#I*g77Pq!c@4R08S~Kp0sf(pg8%>k

literal 0
HcmV?d00001

diff --git a/docs/images/osv-scanner-OSV-logo-darkmode.svg b/docs/images/osv-scanner-OSV-logo-darkmode.svg
new file mode 100644
index 00000000000..955358c008a
--- /dev/null
+++ b/docs/images/osv-scanner-OSV-logo-darkmode.svg
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Layer_2" data-name="Layer 2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 142">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #fff;
+      }
+
+      .cls-2 {
+        fill: #e60013;
+      }
+
+      .cls-3 {
+        fill: #ee2525;
+      }
+    </style>
+  </defs>
+  <g id="Layer_1" data-name="Layer 1">
+    <g>
+      <path class="cls-1" d="M183.91,38.25c0-9.22,8.24-16.47,22.36-16.47,12.55,0,24.91,4.9,37.26,14.12l12.94-18.24C242.55,6.48,226.66.4,206.66.4c-27.26,0-46.87,16.08-46.87,40.01,0,25.5,16.47,34.12,45.69,41.18,25.49,5.88,30.99,11.18,30.99,21.18,0,10.59-9.41,17.45-24.32,17.45-17.06,0-30.2-6.47-43.34-17.85l-14.51,17.26c16.47,14.71,36.28,21.96,57.27,21.96,28.83,0,49.03-15.3,49.03-41.18,0-22.94-15.1-33.34-44.12-40.4-26.28-6.28-32.55-10.98-32.55-21.77h0Z"/>
+      <polygon class="cls-1" points="332.73 107.87 291.36 2.36 264.68 2.36 321.75 140.62 342.93 140.62 400 2.36 373.92 2.36 332.73 107.87 332.73 107.87"/>
+      <circle class="cls-2" cx="70.6" cy="71" r="11.4"/>
+      <path class="cls-3" d="M89.01,64.14c15-5.29,33.01-11.22,48.17-16.7-4.65-13.22-13.11-24.64-24.08-32.93-3.69,4.46-16.82,20.63-30.41,41.02,2.83,2.21,5.04,5.18,6.32,8.61Z"/>
+      <path class="cls-2" d="M112.82,14.41l-30.6,40.7c3.15,2.3,5.57,5.51,6.92,9.24l47.99-17.02c-4.71-13.24-13.25-24.66-24.3-32.92Z"/>
+      <path class="cls-1" d="M139.42,55.29l-23.33,8.02c.47,2.63.75,5.32.75,8.08,0,25.49-20.66,46.15-46.15,46.15s-46.15-20.66-46.15-46.15,20.66-46.15,46.15-46.15c7.5,0,14.56,1.79,20.81,4.97l14.97-20C95.95,4,83.7.4,70.6.4,31.61.4,0,32.01,0,71s31.61,70.6,70.6,70.6,70.6-31.61,70.6-70.6c0-5.4-.63-10.65-1.78-15.71Z"/>
+      <path class="cls-1" d="M90.25,72.21c-.53,10.41-9.11,18.69-19.65,18.69s-19.7-8.82-19.7-19.7,8.82-19.7,19.7-19.7c1.57,0,3.08.24,4.54.59l8.33-11.13c-1.53-.65-3.11-1.23-4.77-1.65-17.62-4.48-35.53,6.18-40.01,23.8-4.48,17.62,6.18,35.53,23.8,40.01,17.62,4.48,35.53-6.18,40.01-23.8.99-3.9,1.2-7.8.8-11.58l-13.05,4.49Z"/>
+    </g>
+  </g>
+</svg>
\ No newline at end of file
diff --git a/docs/images/osv-scanner-OSV-logo-lightmode.png b/docs/images/osv-scanner-OSV-logo-lightmode.png
new file mode 100644
index 0000000000000000000000000000000000000000..45248ec5006ac86118eee75223aa27dc54ec845a
GIT binary patch
literal 9236
zcmV+vB<tIWP)<h;3K|Lk000e1NJLTq00EEy0052%1^@s69~54b00009a7bBm000XT
z000XT0n*)m`~UzT07*naRCt{2olT4!$92d5HA_(n9AHVqie!q;3@u8tP!R7bmt3N7
zcnJ)|ftIHrKms-qCpqMxCGvSPXW;;GkOW!+&c$)S-h&Z1K)_u%2#{RZ>%@Q$2Dobk
z2FI4fnTU}@DUdjTVMpZdR1Woew|6)*-CbSvs=B9tz`&+<r(W$$b-j8Y^`4MYqNb*%
zrluw@CtOd!1wx1w0H*-7=mq-s%8a-5=>-4}0PF&Qlrl0u!y1<eAzD!DBDp5g)(4>0
z#Dm1Yqxio|DIYxk>oqmyMpW4Xp^adLULB}Sp=m+X5Nh){d`T&HEy$@c3>_vqP-~<G
z;DSYQdr%4{f?6m2dY#minMx@TQW&dH8$t)bqPy8(2(?i}0HS)M@B>;S9UQF_mumz#
zI($S>>m+hIn=ynCs{q!R#6?odE|aXvB82Dw=(5Nvy8@vTWB|1x*sv~4F@V}6wxpC>
zj^{F02q8{Et&sr0veU_AV;e_nrSEbg^x5^nqiBax%2Nz-Dvc0g3&5)kqP9z^KuV-E
zrZEJt1z@ALOzc4?u>injw=*fk9)J)Im5C4{1m9<PMM@bm$*LS=Vc%sEcd0ZAgib=S
zIbDWRWL5?MHUNZmpw$cs6W(S#!v)(=iX`L|N(Z*vOyYK=lpQ8nl|u;81#pc))Idtv
z@?L?E;#i}XYk##(VymR<+HFx*Dy%rh8A2U8Hn<KQLWo`P9o){<&ww66h(36{GFPRP
z8x00QS_mOpWIBHYrBSP_JOK6gT?TMh2oaJgT9W}<D_a0=q58@LP;2EHfR7m0$_9gs
z7_OjwrJw^8mrFkc0Phrt5aN^&Vgt&LS7zUJ5o$$}5h27HR2CCQ(9lO%)(W}JhPK8Z
zBVdwKH3B9%o3Z8Vl>#CET_3<}ZfD{R@#fGaS6&T42aO28>!`kUnuU0+Y*<_?p`~%h
zSrkG9OtLBgedk;U?lAs8UMLVDM2CEL^Wdt|;Tq~w*&!6v?PEUNRe5<0K%Wj{rr~sB
ztuo500s)hpz2sdbrwW8lk+JW(jOn;s>_{m&A6{>vlj&{L2aQ=Q0=OoG=#yXE2o%`f
zHZ@)fuh#C{Tm(#Vj_pIv6bRjL?PGp@*I5~&K8*o5jCb5{J&zL61aQl+TPrj)P8I@2
zS*3+6a*hnSI8*cxb_GIKM+o31>QiJER_psAhnLx2cRi1i@*03$6V?b-Q5Y1SQ8of5
zIc0|{Yi(<MFJe_7q$wlJZ+2B)*3)Vuy>qVp*Y7>w{!6C$IDssWdd(E$&>Ar?R%l?1
zEHueeQ8R_a1#1qvkICn{NJzfx4b)agR#I=|zH_eqh0zG#0)P`Iuy^uF(fQ;L?o`TJ
zp><Qct<16qAkZzNLz~t|W~VfjZ7F4~M5e&_d`#SrSQH4Idg|2N><j_4X1T8JHQT2E
ze1JqxmxTok8x1T!^G1)$#b6cY5*qWy5Wt#lSrq2_Sf^_@?qnD%1Wc?^X4Qq2$g--H
zM?O;H9*qX>V5}k7!2uQz4)Ep&?WI?&&W-^(<wmaOQDGJV+$eD0A~ZLZR02j>rGc{4
zSc2!%4jR@JNMZx1v#j!w8uxhjv+b?X2+vIV*=U4?habzG_s+L})5`4l*h1~@v`yTz
zCO5Q3xh&nfw8><+K9{L+Gb;)tp**ToHJ5{(w1ztGJ>UM~!NF{$EG5LjKK}9j7ni<d
zbaqTo(7e7RXrHx$MGL!z=8;Cz<b9S35irRKr~SaV0;!dUHmUbL?w@Zr4-W9PEQ3i2
z@#vvkFPjpf_0x4dk2zr5Kw0=L)b+8PK(0p)3w?XmA;YKwsg*||QsW*62iTPoBI|%s
z0wq);b*7$u1~9N8(|YCVu6enx2X_pv%(R(l-^Q}AYUNRg^$f17@9yv8mvsgg0yy!6
z_`PR-bm!|@vtxp}n_3z>Q0uu*uiaS+p4R^g{j&q0MgR8kdAMk*_d0W?+||0I59@O>
zkW#j0&c%cRsg*||Qtx}*e_`n>j~>cDD<VV)$b}R5t!LlpeY40oHepT;ox~<A^sFcU
zef)AA+qo{KG#Y%Rs>mFF*PfJeCH>c`4P)2ARE2FyfkbfsV3d*6`yL;(mtJ}JvE0ey
zx|&9#frBTW5Wn>F5AS@x=vbz4XnnAD_oKsB2g(Jp3SM`el?|BrvggaX7a*$wW7omd
z`!|IZhzF;}qU_NBMq~ed7e_9Mm{#It;tQPVO8D@lrBna+Q~CC2gr7Aa3jok);HOXh
zj5y=ljdjLTRg&vaErgwX7Kt(x0qh^Zh5$OYHeVsc1Mn!rO(|u-AjeCnw98EfQJFsH
zLJEY^Ez4BkF7|8hLix1&MFu0+#0rkw6L}t>EOC!J`}=5XPH!p;3wZm}Z}ooO^teS}
zJXHad@n$LxU;?thy0B-JSdAYr9sp9U_9{acvpMe8WwP|N6$ovfx3u2OM_hh*3qWLh
z(NRD#fZ7CRZHB3FkN00#`s%}n@(<0;?l>n-;NPBov-f#h<L80#R0XIyP#s@4AhJr<
z=w(WgSg$9=?1G$FR-@`L)*#F5>eNyo^oR7}Z@T3UfY9Y4BW1FN$4``5;~w9(U8d}b
zlYV4oF}gv$Rvt+VDiXF6JLBniE`#Ze9-qt#T33NY@H1$>3FXu7yPil4Z3F?-M$kmI
zxW~Jr5uUO?H;hi4z-L_-Uu1G$4FRn9v^KJkxLB!MPtI7%ZW_#%<hinamqlTGPBI@j
za$h9$w9LdN)Pf3pTU1iY2U5xn%BOxg?O}fSvHUKF@=$X_V>H6|IAl$OEH#eUhj(iu
z3$%XL0Gz{7!beuFbH;g?n@!DCeJlzYa6Bhr9&0t10-=Z9r=a;ZJXIW%NDE56|Kd_;
zBWOO0g9Ci({`vMlaLOEm!xgb(`fdj|Qp!HX%`PF^CcOtYC1JQO`UOmKd?8?xlk5A-
zYk`D0f8Q1ZDARnk42mNQ|GTvGg+~vilXU3)eO&qA#ih@=kPVf+W}7a93>HWcu0W+A
z&mwRX>j|0UEEXt5Un&^84({aLPcthJa$Wgw)BHM=FFSHQ5mS8l($cAi59Lj!=8%se
zCB*)|{1-RU(Xu@Lph{~6IOf*6h{@K-RackoNNH^{i3^zIxQ6S(X_)s7nG}d86;g))
zE=eiZ%8*5qhld}_?~V?RH;3Zp-~gX_?|j>ZU)gp%t<<ioS&(8}!SM}y$AfxNA(Na7
zls;T_IG)RaPS$Ex3&eGW)IBJxqjH<U`!6hgl{@Y+jnM)A%Jm#95V@X!O~@Jv09=8x
zM!2f9PK6ZP9+S9A2h%C;%;EV7b>5V!Kq&g}vQ)`7RPKJ?;T){+L3`<yN001X7R<|N
zgp>Erx7n05Q<I=RgAC_LDMKlxPdBu=tRUwK(=uENGSqof77L`SGq52xDNydqLt%^$
zUs^i#=%M^~S8<PN?C;|@?w@aSl@zhgycgbc2v@VICfz@&Dja{?rtSfKrr(`Th_3E@
zSTCAJ{?iqDwJ<xN+ozY2I$E6fJ@OzW8Y78K@MK5TR1_)Y1G<^c;k^h@!B`h#*TGQt
zjWcheJG^mjO?l91Wff|JEOOG0>ug0(JtQ()NhbPx*hC1(6DM%a_6>E8dTLV2!e#Jl
z^kA-!Rk@q#O#5$Y)2LZYbzwQQK8!05A;gLhBBYYjH=#~NMcp)uG|mkGeHuUYQrrhG
zE`4tQk^IwwvaKQ|1X&@aC(CzIV+Y#M^WL7<C18@n0x4gP{kKr8YE}%STV!BOc1$V{
zAw-9?_-&}o-j+ESE0a@czxe2p{Ems{P_`Kz;FS+wT1x$UN<bC<hB6Z}$qAU`aKRBg
zAEMy*Gf{!isg2wEFqVQSglLiCxCOqyV?FJ{+PlxUBa_XcY$7EZ4?mWF<9Z$j=(wK1
zJVSR2IO=0HnX>x0;0T`Qa=lMtngzn0TOBv}DV%LZjcx9NR{`#%HitUjUOU+Lt_bB!
zMkD-=>p2*p${9LkA!L#hFv+nB#c4S*Aq%HkKc+zF);agRk8aU)ONw*sg1;^55Gk9~
z{qybS!9M<$X+Fjnjd1e*3rk;gJ&%Gc&&h3Np9z`dT&Df2>;w!l_DrO>PqILQqJ!pS
zyJ+bJ(%2E))apvLoDL4~Jt^~-&i8@Qf&6oe!*kuy=rYNvnE(aTx0%EROmeJ1haHZl
zTt+T>x>g{=qVgzL`X=0zT1oA<@XopRw?-p;ifKN^8IAC~t&4?>7ep`D*;vlux|v?~
z(k20ejG?J+t;ZAyX+O?We7DFZB81q0N~3kb9#ur0$~))Uzdst`3tSVjL8F162qAvK
zq6n@AL}5kT8>NH}T6Hizoq$0`XlkHw3xrd9?-g-fQLtRM&1X?k;~w{#?bc|7zhjz@
zQ5p>#oOlA?e)1{ttDk<W_lckT(Vc&_D6VgD>?F$oqFRYKrEWGg1IDg{#=eJf1=2A!
za0axM6}hdrgXKw5J0J>y?;xdAj89O1^t~sa5`S>!ZtujiZ}cua-MjN245A|j88NjI
zaZAV~XSJl?aljyB+vJV?Lj}U@zS_}k@<UqMmD>tXagUjGcmAi<{)Ut|!!;pYga8&!
z;H{HSifhmHdkfFL*;{$Kcjs%&)8H<4xC~V}pu;S8?qO^;wTP0XZ!>1Uh9(C)tc67#
z2f6y4U(`_`^da|QFJL~vkxM1Qkww;mGA;L{lrw{|_nPfhsGz==2mv%2c)QWS))Obi
zmp=J}J5DPdGuKNRXA?l>8kG4AB{SS+5S99@`UKPdTd3~UB$5hb3q0v#J5tJy&KoTh
z7mEubZUKm9Z6vWtJnMJvHQOx!cK|$TaE?Y;SirE+z&}56QhfQ7Ke*F(J)b0Wf5%n3
z<RO$#c%xP%JTQLWFPEj9zYwAi`|*$Uv<uI9Nh%Po&J>q)Itx<V!<6f40ChK@@KydK
z_nPe<fEP`TSCmErKW;4GTMG^Gm8XAr=libbGY!h7bCnPg6W0aWs9IH5-!S|v&%%03
z2oo?`Wv5Lal7y6!rK~ogWkMNrT@9f&h;G4g9^+oK?ZYOBMgtEU4crm}fAP#4z5jGQ
zpDZvwKv~&_I$VUVCsIWiT+uN@DW&(pbRk3t`|%Ge$}|q5bNLE&o4%}}_+s0GYK_}1
zIL<^G3wX)KxLFVa`wI)$J$X|6`kA}EC!c+@_j!}bgUZBgQ0laC$j!jjLpuwv0=OZB
zctB<POBImy9XbVv45Ajv+VK`rrX1@lv@vLGfpEn?ayNZ3bXwVlO1-t}<9_e?_Sg6K
z@w+x<#0Y^=qk*1iVEx%QdfzlZzF2`uD@+!4vlf_SbZh96IbK$i4rB6!cFdInrgd*T
zcpeigkUs1OaI`ibI`tO0^TFx|wW&mefNV5y2f*Kd`mLVvj179ISD`GviR-~uhd)NQ
zhAFn8GWDXe1ZsVQvE!+?-3pl!3a;34$HoeTBY=KAt@OtvsEeTPrsCxEasPaK>(L`~
z7G0x(w?zY62mAQa*+I{25bQ{41jx3KwNkJ%&ZP^t7esX#fRqW8Lg~AlOj#h;AV<o(
z*4|?qCM#?Rpk>Qq7EpH`I0ERoH=cs#-2lK!o)3=Fa63@<K4SU+cFzuaxlWnyezyJJ
z2M72}p7$gX0v|RS*g81CA9<iOl2|*<0Bq@uwy70LMwq^DFN5h!*@sp=Feh+)v$Tfh
zskKOODRa!@Ub7uQxoxIyruUld0VvHg%ZA=);FZw`Z{;cDE(CtuXyBg?4)EpY`n`VE
z_hlRVFj%*WV)3q)kqJ#F0MCKOCQYcUn#%wngs2tDbVAs-Iv0fyfrnXj0fP*y^~VI%
zeF)oMU~X3uZFnDP%FCp6?={;iPzyNEDSQYZI6LU2W|U=#hX{e6hz7m`i7%hI+cR2w
z%AnFnV%;ssl-B5y0gi(4x|xZUfH9c9Ev57(n~o`XZv9zpfX4!fG~UxGAg`PD3siC>
zLVg#{B7mD@wanz%H+x?c0{atw^r+FmcZ9%iKiBVl;>=sUUo)vZgb)E`)_nxENI5d>
zOtJ>Q(t1tPgmPWn6hcTL#1?&L-nm(9L)I8aeXLhK>r5Fi$Ovr<;8GwuSt=b(S(|At
z0<t`cHlezaMTsmd96cP32L4M3{Px*F@8p@gy<d5*-}^=Z`4gd}1Di_2de#iN9s?+A
zZytCR>O1>rPL)Z>Bqv~!GZRu|wx1(oO`~SP)n-*E2&{YGV5ZOSUbB4)=1Pd)AZ0X_
zlTV62ZZz;G08XE|+xtZuN@I*l+)tp?*pBOYIN&j5;&?vRVQe-PFv!S4z#xOA_lf{u
zJ%v~2?to@$aq5K`3nfQ(&JKDVgX0x~DYu?2uf7Bq3^}NLoi4^|;99l#Ov03T#`27E
zSs=M6;H!*g{gA8=(`j=T?ls#T!($eK<5F9TK?VST%<xN?A9vOy7NOSdT_HqN(OxDY
zc)sI+LB>?*?u%{ZVYF$~EI1U%j>dahnzEvlp9h-breS<ssz24ycxxqGSV`!_*ui`&
zk(dhrZV4fFtK{CIxEF_I;5wKdFvtiQWB~Bg0s){KK<uadyrVg88b-zyLbQYsYgFFg
zw&u8%Qy{=$Or!<914$KGhAQ~DTOo^tt7p2CbY4n~u$>V(;B?XXsz7uD=xOeomgcx=
zXq%*CO5-k+AGk<uoXXZ^l2SgPy!Lh1bMc5}D2pVb0+^+Ru`08xvL*q83@#-Mz+VNT
zMTVQ_uDaeGLkMxou+o?-s3iZ(sP<ivyj%cqTL{rDc?vMc2H13DwQ(q}kU_>Fl~N!+
zLrNog!LL>t1&~tiQg!F6sAD5Zt^p{mTZ@t=Di=(r@56TRe3QG)z`Q9CmnYUf%6Ti?
zYowGLP_D^!)QTjg3FX%6x}Jz8A%l#|%$8cfAR}auaSUG-NMGko8BSeV<7ObsC8)CW
zxhNeJ8|k7}B;#D8%ZO!jX>s}S0}dhd`P;7Twr8u&!YnGKK#-oj6={x}#>{b<(*{c&
zNG-wyMZ$5r*>_$A5P4PyY9@4tVVglzz#s$Q$@*dqp2u(~5YE$2+U6NrlAAVeM|0f1
z#(T<k+B8nANT@2o71XJ}%TRHVG94~L1{uptpNZ|@dE9Q99S#MOJ5XG}6q~8(sgK8X
z&9SGkb9T^+QhukSId)(3eYWYlo<LTllp&@5p2K`wC5up&NGX&E-DTkTuB>kE^m*G(
zmf7MCp2sx6a5~fU!RjoY<qW2J7iN9rSr(v{39G3{J36xRP{w*pQp$e9DtQ^|ATe*s
zWD!7EqL@g?AY;|?=fRP>+hve35v~}B&Z$TDLR>KGhh&9xG{+w2N?NO1s(qsqK-b;e
z%Cb2)gHnLk63S#9^K++U8TMj<rs44GFT!q&!gl;)$K`>p0UmcmOXEF}rmP_C7iiNj
zTA=UB*+DPN@O!!^kVx}=w$0^AZM39Jx^$=H98}C?8`aL_TBd&7UPEpfj%HI<tOTl6
zW;^>bv^@SyxD<$v1)>`iYEo(FnNUmG4)Sk^LjaeuC=W_2)-A1``|oGEJXXnCTfm{4
zE0j{MN-0kPxCmvPR51wuT1hS&h72-n1=9lyV<s86?(@#2KstHfKxUclX*W|jhqHs;
z?%6?a1?tq9CTjq-nY6O>Lnn%y@*<7*a0Eyr1{q!;rHsfr=}=Fbswouj;~`~jHpSF+
zFtj{=DgtVAzr`TyblyyXf=y<&rIfk+kN2AG7Stx3+=%-CcGF@V<IpYOYkA(2Aotu!
z<`(SVbiYcszvmu0!LL9)Lmia!vgkV9o$(f?reZ^~I*mXsLess6#$jvhHVq-A)b0M4
zm)xDeNQ>VsAk)caM;l8KrL5I8jryV6-o!4txba#B$PKazrA(~%jyJ>*K+9DcXcovy
z>cjrpzGBKH#PBR?9WqT5XJK)eh@HG|FmNOFb?&A+w22hC)T33;pX73!fGb-rz9@-+
zd<Vd3s6>rT_#Kd6guC+QnP6--6_^;LK;~s0yzm0V3WQ@*(AAbjKd2jAN`yA?2*nnU
z?%x{}keQW%&nH!%pxf|UQp$i_BR(sWHQ!?);JNE?!BEMUz`z)@82I7^h!sf0Agig9
z=|CS;(V*oG+m%U4Nku58JO<DYjB%K=5rd3MGC`Se)OyN_?Yj_#A#Vgn@<JhNj1-XV
zIHVWW2f%BA0Qz5!2^0Gob!}@I80!$~^RWRH<SS~nc6Cnpq?m2@8USkdl@Umptm3G=
ziVs$a*KRB#WROu*kp?CvkwVBIBO6jmNGSo8-!Cn{9soEM%gpnF(z>SR(AAyC*qj1`
zpWAMMd4vq#odmE_^fRkp6TiPxhS!qrtMD_y@L6$uMymzp*S9>k(Diqad?ibnM6gd0
zQ@IN>C$&YW^xD1<BFyVn6GE&AAvP$>;s(qG%L1J@k?)$r{V<fOXLXHXq>7h>I4VQ$
z3a{N*1c&=3(0LP6*FkUGR{*8)0)_8f<Y6FH4Wir_NROSy5K4jW(res})PZ`qJFv4r
zv~%$b-Z#m^rj#;ZkTdttp(X@>%VY1qV*{!ES;>9JLI@GUZsVvusY>qnL&EfGfzMP9
z3YdtdTv@)nq7s<&g}$@;rTyK8%xkgl`ftwoxok0f7Tuh4IyH~a;Gqjk7AqZ+m#*#`
zrIc&%D}$v7dnn*GAnSwc_Op|QHS>&A)&NH_!I&natRjRAG6KuLpBHCMqh>K)&OKt1
z+bnoDBS879!VaNM6k7KxDE7gXIkT-h&zfRzE0Ho3Sd=`?rkZpiFe|p7#n8uRa9n|K
z252%BJe&l5kR6m)i3|aBWU-+18fxofURVR)T5mDQDGJA4l}UjxrO|s8JdZi1K$zWF
zO%%}DB~~JZl?N@@Yv!gj6E98Yd4kqDm$lhql2eqBLB{2bhg{p=jnk%4vzXM8Fl3Z}
ztw<gIgc2!BOk@wLa9z=KSkBXkvwq7pM@UtXp=^gGYe>FkQ^BksGNsXbX?+0h6-Z%u
zQsvOE!fpP17B-<Qk3yR<rCVPxGo?&~jIwHG!?BV0l_olykU>V8bz!@3qE>NLE*?`L
zjG8^hNPA7G?onI>Pi5ge457-iYX{6@$XesLs}r*)Jt^8&1Ar&V#rL9$hcH=X&6LCf
z>%nu&;}>F*1p@G!Ot0n4c$f$+s1^8Qjch`>tO}nX$W-P&iFj)|&m-gq_n~f<PdK}o
zPL~>OU-k?wk6(z13WR+0+-*B^mlc@=xwN`ah3YshsU$m4jh6~r9SK74=IIZm<9^FE
z6RFF|9A^vmmFnu0V7hJVW7F5*dCW8m1mLN^pJWjRdo)Wa`;<c;D-w>A+a{Fa=$Lf<
zP>BTFC8Ecvt&bY-p#xfIS<JK=et~7Vq2=)lGgW~|GkrMnvJ4<H+1w_fNLm1{z<kEm
z4uGprJ>LV<F$21AdD-Nc85qJ71tNs#mf><+jZ-+*>M?7Bo=e-o^T^`(Mwn%R0Q^=6
zU_prhhpw$qO1Ubf6i@;8btr|BHSj)wQW)z{O@U66wXtC%)s+_M4b$Uhz{=l~7yA3J
z0l3B8ns|=syPiN^Bu}%c<uMm~U|F6Q2e>p2tMN|#1tB8vrj5qz!9dz;9!P0Tio^7|
zeUT28#}F#;?^J=%!+Lw{KYL#-);0{!qjqIzmoPmqn^MYvp(3ys&tMkPED*qr6#`hY
zL}o!&N;Kis=b8g>c-O;)@&JG}*9(^(&}hPsE(;-cOVGdDCS|&(!3HIK*iPY(gXw`~
zIi<P0o2o#_59cbIDOMtL^UzShob#?nl0Da%SBZ4xY5wJ9sAgatwn=#cDOTI{&&r(T
z6<QuY4yFf|<&?sG1!S{802M%Tm46;9k&YwzEKqOt2>b!_BwY2DW)UJiw|)^SF4DC=
z8^7o<$SB3hcM2hcj1AaLr{6PB>WGa@3WUt5uHC83q|zG(DaStC#F}C@U1xo0q$^(&
zLPT^jp9ccl0$i_wB9N=uc3nK%7GP<t4<JJj{n#%Hu?zk-o8#<3HNEdUo`(^rjLU0|
zr{O$kS1<@Vgz6wys)sKR7TY-|@vmiSPMAI?TMVU?rHb!mbz#K>HYSmiWdL`}ZjA^b
zIzos(+$#^DKw~Qt&_iD&X<!k+>lL>~x(qT(<2soJSx~;!!^=wOdIEXLr9j9xch%Bd
z@^VcG(Kk^;ixVM4O9-(AbxQJ~h3K}+YM+!KVM_i50J~*BT#Q538Hal_VvxZ>SuN4h
z%{!M1>+ntP?uJZb2g-#Jxt_>0=w#f5+aUQk0{|<otPje#ieSerI)GXep@p&8AO#zN
zr~Bl&D!7JeU47(w9y!^jwiKlzuL~<?6@FC(y#N(tk9@naEQDC0;P74er91!?OLCcY
z6Tx0gtqI@;t%;5$8CGFd9(z?#9)OdU6eb8=Pe2DP1wvntkJ|DA)TZ%32(jVn{s^Vy
z29$Jg8~!N{0J!QhU67P2M?yyOaM59qX9Q;D0hDwDn?ae}L0&hFnu(NB`vrAxKzjb#
zg<4FVB7bX!&!PpDWU%GI-<<XeZGIM>ubV!7Pp4dd1}UFU*TLt~a{YH(_#AgVc-FGK
zx~@Mf-IrDjBnh1)FBckwk0I2eis*m)QsWe!sF@YNI`AVPo(1+AV@W9K;ie1OV+^5`
z{f5pOumM>}8{kisFQxxI4TtsQ@^aeM^H`L^3Iy;nsGgSrj;fIMal9hwc!9;T|D7&_
z=G<<XtPG%($(D4Gh(St~yVre^i!T0d4ulX7;NN;nQtASsrWA<HY?>M~452I!C#P*%
zBfIe5QX4|8<p{v8t&Nqeja7QN{7eQ?%9ca<R`KMb?kq~Jyp1RjpjIND<N0z4EdT%m
zx=BPqR8)BY0Ns7z?y6{tJt(Vm7YPeB%Y#qp+sRi4ep#`XWLX2a8DJ>AUWC#sZ(|As
zsFjGPI9DFPq5CRCy*7MeM@rdoJqg=*>|(zn%YIMEqyhnICE^)gD36##sdgV9=6U30
zU)F|AJWAY1;=KNx33M+KPK7>@4wTtn;|{Ns2cXslop{T3$*YQ7_i1g|gj{sK)yFDL
z)2LY(S0F&GL_EMd<&lK4POi9~#~iZ<x9u5R5W1eg7+u#BFo6{X0vuB!w(IlP9A^*8
zH1<+?#E|dzW%ze8tU5zDuD<Mu(Deio?8u6gjj^UcfJ2wXDuC-Y<<uOq4TqNm^Fm5)
z1@$3=lQrKD7dD^`+ZWeq=z0RCu&O{}q?Bt=E(@OuFjkFqDW&V;h`C7|GV1kVpY^h5
z{S+j0JprhuQK9Qen1V%t0EaG%4(hmwX@*d_{9V@*DFUsJ6{ynuHRjnY`x+^V^rP8S
znTkB7!lpogLzhJd{+N<wX9ub@NhL0VNh$l3rBz!aW+`>K48yqIz(dFKjl!xxfJ2u>
z0N@hpO`-_vQp!$Mf^kX68fl?EXqcc@9>)pcZr|Ci+Vje;Kw{|B+(I2d&C3qd1+cE`
ziP$7@(71@&t)<JAT6r9YVuY?N_Rx`BYZ$+Yt~Ci&ST2PBh4x%Bgz6jM+5~q3mFDiE
zUL#o;LUo&rTu;PDsI1OyX0fHOdo>AX7Dy5)WketDI%>DpB(6i<?U+mD0VuZ?t&uBm
z9|-lC9jLVuxt@rxP%M_)s;%U+>xBY|A-7Bm^}UgpO#tVllxt;6&$UIZNTxD`YExXA
zdq9o}D=v=(FI-rYpfb!|l&9OFNj9O}RejeJ@f~t)tzo{4cWy#m5UdqP4j7wFRW^~q
zD+?qErE~@WPGf#tTd~Cv)XF0pWRa{ul|`AitgSeqVjfGAm>{f}9Cp05K*pg`;Bo8E
zDxEe5Q2x=d-UNzM;dPQ^6KcIgt|wAvn3_%P(E+EDltzIhp)863?%RRtGK5MctTzFR
z&<3#zwN}cmOa@RV*|4@w&B4$qv-C})W>HE7lB7h+Bvu+*Rk=A{CP<ldpw>wTJihOu
z)N95vmYYpgqG{ADO0PhYBu<<ixZfm(P(8G_07Uax0o7;d;L)Mi3j8^I>_Bz&+^W|M
z4?>7O?0o;%sgP`Csgwd4hZM>Ry*f}S!ZsF4tSk;+^}}B-D0Y%uCoTH7%|plzfIg1a
qOk`13%@l+XYfuMI(^Nhg=Kld@C$cqX9RrpC0000<MNUMnLSTX_;!gem

literal 0
HcmV?d00001

diff --git a/docs/images/osv-scanner-OSV-logo-lightmode.svg b/docs/images/osv-scanner-OSV-logo-lightmode.svg
new file mode 100644
index 00000000000..4b92c5d8fde
--- /dev/null
+++ b/docs/images/osv-scanner-OSV-logo-lightmode.svg
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Layer_2" data-name="Layer 2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 400 142">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #ed2927;
+      }
+
+      .cls-2 {
+        fill: #e31e26;
+      }
+    </style>
+  </defs>
+  <path d="M183.91,39.25c0-9.22,8.24-16.47,22.36-16.47,12.55,0,24.91,4.9,37.26,14.12l12.94-18.24c-13.92-11.18-29.81-17.26-49.81-17.26-27.26,0-46.87,16.08-46.87,40.01,0,25.5,16.47,34.12,45.69,41.18,25.49,5.88,30.99,11.18,30.99,21.18,0,10.59-9.41,17.45-24.32,17.45-17.06,0-30.2-6.47-43.34-17.85l-14.51,17.26c16.47,14.71,36.28,21.96,57.27,21.96,28.83,0,49.03-15.3,49.03-41.18,0-22.94-15.1-33.34-44.12-40.4-26.28-6.28-32.55-10.98-32.55-21.77h0Z"/>
+  <polygon points="332.73 108.87 291.36 3.36 264.68 3.36 321.75 141.62 342.93 141.62 400 3.36 373.92 3.36 332.73 108.87 332.73 108.87"/>
+  <circle class="cls-2" cx="70.6" cy="72" r="11.4"/>
+  <path class="cls-1" d="M89.01,65.14c15-5.29,33.01-11.22,48.17-16.7-4.65-13.22-13.11-24.64-24.08-32.93-3.69,4.46-16.82,20.63-30.41,41.02,2.83,2.21,5.04,5.18,6.32,8.61Z"/>
+  <path class="cls-2" d="M112.82,15.41l-30.6,40.7c3.15,2.3,5.57,5.51,6.92,9.24l47.99-17.02c-4.71-13.24-13.25-24.66-24.3-32.92Z"/>
+  <path d="M139.42,56.29l-23.33,8.02c.47,2.63.75,5.32.75,8.08,0,25.49-20.66,46.15-46.15,46.15s-46.15-20.66-46.15-46.15,20.66-46.15,46.15-46.15c7.5,0,14.56,1.79,20.81,4.97l14.97-20c-10.51-6.22-22.76-9.82-35.87-9.82C31.61,1.4,0,33.01,0,72s31.61,70.6,70.6,70.6,70.6-31.61,70.6-70.6c0-5.4-.63-10.65-1.78-15.71Z"/>
+  <path d="M90.25,73.21c-.53,10.41-9.11,18.69-19.65,18.69s-19.7-8.82-19.7-19.7,8.82-19.7,19.7-19.7c1.57,0,3.08.24,4.54.59l8.33-11.13c-1.53-.65-3.11-1.23-4.77-1.65-17.62-4.48-35.53,6.18-40.01,23.8-4.48,17.62,6.18,35.53,23.8,40.01,17.62,4.48,35.53-6.18,40.01-23.8.99-3.9,1.2-7.8.8-11.58l-13.05,4.49Z"/>
+</svg>
\ No newline at end of file
diff --git a/docs/images/osv-scanner-full-logo-darkmode.png b/docs/images/osv-scanner-full-logo-darkmode.png
new file mode 100644
index 0000000000000000000000000000000000000000..0200a5e694b6ff46ff4464cf8021b8ef4077365d
GIT binary patch
literal 17639
zcmce8hdZ2K&~^|+j~aD_M2k*ztAr#(jV^lc(OZ<&OAx*HM2T3e9&PnrqxUX|Wz}7*
z@~z+ZzTcnlJ=e87*DmLoGiT1sJ@?GnXm!>1MEJD$j~+cDQdE%Fc=QPS;U4@12mMp<
zc_JbD7oLlPzWbv`1Y{2{jLDV2n@5kHKT?#J)$++XT#<F7Yn(-#w0~Y{%6O&rTA&t_
zlhefpTSsSo4F5a$`8hswRmUNvp)a;w#q&x0Nm}3UzjQwZLpzzIG`_MYjrL(o+}`}s
zg2L%qFcMd6*ViA3e)0F0|9@A>p>!GNbLRiO_Bqtq|M#95pW<uO|6Z8k|L^UP|Bv^W
zHzJ<c_^+{4)9+hU^hgG$u5Vq5mf65D|0CDH7zO)lrr&}lcR4)wAi?#Oyt(F2cMII0
zH;|vex}>CO`WD`<Hqww_xSt{C@(bkrEru7!W0;XNkps`k-qxgi=N?4dx^nhO1k7r?
zxRd{d<iC+&dwVA*{GJRNKhvbmOl#mWMOAc;9d2<%dX*-(OGz5_h$%K|pD2x^<clCX
z#{*eyG36aC)kw^>(;Ce@Xk^=J=cC4(mH_R)jSq4TOlo0<o2k1+fF^c@NakgBlC<At
z7V&o<#S5;>Z8o=Vf1PPd((Hf%M7>@e;Jz-9o~FO-F9YX)#7PH-A?mwC_<qOG!HkKd
z?QI^`&9bJCo?Q~#-qAE^slYOsuAnnS)@U+I`MnCXvr`2C@q2kw<biSXS8EnNd|D)3
z1wWu7_%KwLi@B>ucOX>A7v>CRwQepFB7L}Ag&Slx=;;!2G*w+(k~z6-=Zh-(*he9L
z+c`BjRlInz-4U-B4BT%7rYZczb98a`s(v13)zCVaAXm0T-ftNBM+*?WeGm$>kBl7*
z2_EdPn~B=Qper&g7>SUJ<B+*bGJr|h9WzWcTypQ<N4KUKrx)QsMN`g#ustZXGV^Hl
z)bHe1l)8#Wu<b+tn_kZc5{lX3{2T;B>^|qdK>r6}#G?%*s5us5tPm`?4kF$Ox;3uX
z)VG-0oYMIxk(DRN6(rn;{*#mw-UlQ7p>1CPv2N8TX!+e0crWZE^i|y~w5e>B(-@<h
zIDcGk!TxsS#DKXHJieb{ad@D`dXU%ByEw<{B=qoj`G~XpY07!ca3Yy@zLgG=`2rZP
zql<vrr)2+8$oMXANkEl<52iekD?F8Tvwn`jVnL}Uf3Ylwlj3F0S9e%To_)eo*vct(
zHhWp}?0*AVJ}<VU7|ZmU?Gnz1fN}Us=Z!TqiJyKxrKDRY$xRgL=e0P*L4C9GW{?^W
zCFZATr<sNR3%GG^)a!t#7!W<IQsUi*0d_-Ej3-1NET0J-i{O)eJ|!if%_Z?)Atre9
z#U~Oo93|TAtnag>{;kOUEAZe8V>^sHtv4{b=JsKAiqyq$@i`s!rx>FT5?df9h4a?e
zfYRo)BkD_XKWGHuZy_vWhwQ~_@Z^l@&TG{j1zMpr4v|!>LgEt)2a{*f2TTu&t!Xq&
z2k@!~xjYk}H!JR}*|7xWSKEA!LjCOK^>g~GuDWmCaW9s7@j|N9F{YhXrR&@?G$3%X
zMe{)oUlR=8ZO~hh9&Hg~<H^c)$=ya+;S(hq`S5oLdAY{c;Cp|RNIfIM#_Rv}4*h9s
zcSE<{%gV_A_K&I?K1H6HY?pT#r$&^T;{x9;>Q8nr@`uO@`em^?UV$EuiBKrR3F0VC
zQm-k-LidGtNQJi4tw%R5BuwrK>tJhyd`|8`jBV{EE+Dj{Cd*PpcOLMKE<pN=rdjr{
zQ0&iRY5;iF&-zo{AF_^wy7Xxki|fx?XWZsSU+Fl>C^xcS^1myc-wq}`!0_`nV*MY<
zVl-?h#vo%gAz>|k9U-C*!;wqPty5o~-tNWC)u@wD;*<5A0tlcNqw*K6<E;XJKWIs$
zPKl<z2>k0fsF%L_E%<(8N%cQJ3*)kSw?Rl3Wm|R<7-)@3+M*&rv~C{^ZW#d`Q<p~}
zGHI%7u?G=%on2|8$n^w|pM%4aB>YzxhpFPii#R>~RqPWy56hIPnEKJ@D-Lr2td5td
z3fERDQ2L8|+lV-qc4$agwbQ8K%6FQdfF*i&Jz)RPf#B8GkT8o{8Mrlx2)n|6&Y$K(
zB6<Mq7K*)vaVU!Hvpbd+TfBEM(djtE%7AR{X(kWyQgU}q9dayI6`fH*Gp0dtsI<3*
zfdaSmTs(cS*Q;mn*f-dCsQp^r4Pkgt17xI&W~k%%IL=IJm#MNkhGdT~&a?FLF`lz}
zf{SCFb6&hV#Y>6@Ls!0?tL8%g=hDvOMJ2?&qZ|a1GScOK+5-9vftOgEbyR)26T@BY
ztDFe#iq4TcmK<&EOH=;3hQW*fDo!bG9Qqygr9;5dMDRz>&ZL}5&wp`3exv?ePqyn$
zs+#3d&2sv2Jk}7q8I2ncZiavN(N5Z7=$wjbb-@M)mHddEi`2Qsq!QN_Z-YUKHnk7e
zRbYn{JZFh;LGAr@bSy4-)VBJ%&hHLIGh11CzfB?2+WW6)_uYeO)$EY6Pw)5L61DMe
zI6!kHS9e;+mqNNj3L}4a3CQq7i*%GjM*e*D7$35U7=L%Rta<tjVGt<&PUyI|FsF(z
z-S^f0%;mBOFJ5OS!L=H+)jFcSoN^XWOc-IWruLxKL1UOqVMy4m)9AeZ5$`;|A!1@K
zxxeL0fddhTw(tfeRe@vfaIOUwlD1v;kSJ}ROfGU9UbvpRQVyW`CH);Z+gH>r9fSzN
z#^pU8g-G;bMhHRM&t_*Z9;}90EQ*2MF({s&AZi<b*zvaw<xBi~q*9j~8w4DF3}O^8
zUCZ)4zTH#tGo|6Zy4^nEX>9Aa_pdbqKt`JTsz+2_!I1G+^gyoR=)_Sh=t6-s--=a$
z`#NK!TZ6T@(#Ka3gCExVMNUO0wmkIX1vgdYdvl^5W<^S)H6pVic5DNVA#scf*cHY@
zO=!cQy4n5Eu&S%8?UTwlk3*@-li?3-oj7s1n!YVrX5(71SVn<tN1YUc>-WsYAS2is
zi;Zz)|IG)0tOw1zP<WW}H{>{Bc7mAAC0F-6Isbn%4E;*U4n7`NpVt-jop4vHrJ)KF
zw{V}Ba5w2v0R&B<Rmo#c(~`B7%z`~EXEY%3!f6lVPy`kjThYlz&A%h3(n`#q`Ibk{
z-*;I=U9|(;$NDb<pIX)T^v%Qa<Dch0nafFp2V*wsmEPiViEbK=`*E4NHGsQIt#U(f
z8y-8Qp~(6wk=1fEEvMq9#bM8x^lo_|$}?*7z^OT`K)-7t)ty$WtYLEt-dsY8W9nyB
zD4d}uWFht1?p$Xlh?(}L6_N9i2a8rPGk=WFdm`;&o=pdylI{m>ovR#GgTuwjF$QUt
z4*p(TK@E7ERV&=sUp%&T|IO=FA9(M7<QqrZzSgvJEQ_qPFLiU%_`i-w>Q$**U}^00
zjb<DN6O`(JkLv&3G=$cB#r;i(N<J~znpt%-)bF+f@I(~bObYvJe)Dq?Wm_PxDkGQt
z`|@<vgaRWcmG{+?#iWMM+S1Bm7~^kE`duzZ3H{!~Y6H4vu?8O$B=7dxvcTmVk+|Cc
ztAB_1MNH2Hb!;~@EPL4;MOpHsIR_K;p2xz`Z!y;lqkAr|TWc6>Gta~iaFYLq%i2@Z
zVS_0f9PfG}Zn^jVRD%9j75;&NBSB?J#{XDRPl8fB-RToDV>67Bx0_!G`|Qxmx|;O4
z!~LInUsoZaTDso)*%BwHlvSl+1sI4tNx|8#m!oN9R}d8j93F`Dk-vQGhtqWj$zJBG
zK)int_}$-jETd9uBujj?q^WHFWO@Sh<pnez<d1f!zNbFBZT-{Bg|UXjPBfFi@~L{d
zyj6)ZB)-AA`}K*0qm0QS)E4!N`p9E;F1Fezw|S^Awy!Xjf@;3y$Hv-1c)hz(pLs<6
z!iL)H9ei%N)_%9eMjCCW7L==rGqv|9p}BcK!Bz>0b7%@tgx(ieQ;thA9oSu}xj^Q7
z0G^4P=c$jbSo#8)$Rl7xTWtg0!cX|%F4E~FQ}1%<68DfuDtM0L@Jf{OS%-7tu;^F+
zTY50)o5ehQR;eE0{vk(dn`oA|wQp78$H5Envb<Zd-F^9^%C$A3a->4z%^y>3dCL|t
zwY5w+IB!7j6w*rM_@Y=w?lC?Phpy`CU2}2DN0#Mumt+%k)THe{{j`abBE=6a?$4gq
z>)?yrE$Z7<PsWAyW_82qL+1eQnooYKevDx?kI*n1SIDiS^3ARt@=&YC+`(vp^Zt?9
zW1$p&l*@Y`OWCoq9b78Al6C@Z?>8TNW!rk!9_n=nid1IhkgMMSbx(ENebH$oJRn5D
z#*g)Zbw_D4LwEu0R=ymyb#v}tY|#cbZkL@M>-DH*IUVvMK7cWF3B9qKEPSigBy|w)
z#Q~-I-M>kMPQ<P5*rpY!f294!$o>P(x3Y0}4ALaON4uKO5Gfg+WZS$hw|aa!t)f*a
z+hjTzs!1MRIIXI`!W(J%dc|}ro673?@AEqBgEi;;yDRQ;xOVW}-Cw<Xskdkt{q%LK
z47sD2KFE5v^$q|R@&(xzKss#}mXumUB@a-4CFh8Z=F!lF+t+JZ3LPl8bB1VP3P(g9
zUme5={L`l6#mdWG1hQ@7<je8)n7~YLQv@1z%JAv-{1pu21N?ihQ!I!-g~`4h0*}cp
zo3DM8Tfm4iLXb-IBxL%P>J>;^PnZLz8n+8>9kzOy2s4{REH2vm90@){b}z`VGaAYu
zQkq9jXCh#R&*XDkPpk8_qmWlQ6}PadNN*AfogxD&Ite9qkCInhZ(0t(3zTX$gUwRm
zHg&ukN`RoN!L8i>7{lPMldP@uxSJPS2L<SjE0H4jH+G~fW(E36T@)xp^?Zci&qY^v
zK47V&qR&(k6UgD;3oYew68d5nO-CqN=Pc2El#YFe9Kk9dDV_{LP`dW_$|?Kn>iH!w
z53*Uhh~N#4>A$7H=-T}dsH@WxZ${Mg9+{(k{|o*YRE5}*1`=SEJL0#KmnMo?2q|5O
zG!((HP@X<(7IE-rTu&y=;x_%~2)K|eBSH#Kyh2N^k0MKy%RIy#b%wh2j^;c8?V5X#
zn5fp0uElfS6o!|N5BhJzi2^?yz8I<Y?h%^Jzm0Rn#_POZyf<B&lC)Flv*>$uc^&>5
zIl_-vxr+;E)D97k{TLpQ2TJ_RvMvFGHuoRZX6V<m{L~9zE5^p#*l%&mt7F{~>NnTC
zH?3wu9`0S^;O`dcYmlWy5L(?9UrK{d=ugqU)pO#`ED{6hX3|B5^LKZ+IqfrHyWAie
zx}rUFYuLiwJnfJX=F5F;bdvrjw}y5vmiy@ifI!DkUDafR@IdY^RK+VDP`A?S2Sal2
z`we}J!%j;kd?%v*eAC4ptTMns?HRjbGZ$M0g2vFy8t<Iv(lgg}K6u`2Y(#7kJ`C#?
zD?EmYv-*ci^U2d$tT52}RObpy$3oIL!L?BT<>Oc8oI(bsTs+mlNOK8m!`#FGWbvL7
z?(G26Yg@*uiOB10S3(ctGrC#bk@|7L?iySP$F7#50H(+k6f&h;Oc<e%D*HPIIUnSk
z_#04+r{CMufahF|s<aXhUKa%CUURzw&7X9d#8r@JR)1AviO0LZqZm7h|Gdh#EYse1
zPjK0jCUmnFziOyH3xhLzV&fF_aRIALwGOqu;l^9_o3(2vLO*=TA3Rdkw*sj2@>7Mi
zysUcU6Iwq7N^(x<*SyT5J-yCz^Nauvvph!0QGJSmE;(7x@1C>KJf`(}irMM8`K9M|
z_hRw=$3E}LISEHh*H{B7U%i9{{5YxLt}lBZ98VxzXA>+gg&Q{^a5-9G)bbuW`w$$;
zHu7m%R;#vj{s`f#?<>ne##;29Qsh5U-cpY!x>#3_sPXHw3MRs=+3yiY$r#g+Q*Hq~
z5ErD_DGf~pBL%&FT%viyf*IMGurm&(%a$W*y8L)o7Nz;`FZRhaY(U>#d!)K%-4|3k
z(w?##x?B$GQrgju;WiMaKpERIHIKR}{Q5d9^nY0cC!6~bfD3hrRC3Kj^*-*M2E`hQ
zcybnpNP(A7zCT$;Y{J2fdXPF*LlSliwF9ly!k|f|uAsWQ?J&=NJwL6|ig#Z2LknH@
z$!pZQ_qAQnWR6P6Wz>bBkl9)DMEj6iOi%z;xXtC*OB2^iSeIB@U*`7>Nee&LZI&J3
ze~iqG_LFa0y^a%IEwfUUhvU6<B~t!~rZ7z%V-QU%JxilaPb(x_dN$dZS~fgx^n|^P
zNI;)N0ZAb+@vrA%;BDOf*CstFfo}~JtVTCX&*17_NQXBKb`8PXQo(O{%?3}HXt{2M
z!ugMsE|bJJ>)TWfopOc}(~T@p34MsPn)ElbmmZ?D=&81imF4jBuw;Fmh|c||vE|ei
zBs}wck2XK`8H*-lBJ8=@zQwm)sHwhzrjA8^cSZ_;3rw@-J((U7&P#yOv0h<?le6b+
zv_S7dx^V=E_7Par2hgyC&p{^9O9_5laahACwmCyd=^W)QEsKS*ReMj9%l2}He8)wJ
z+q1H04a_BW9HWeiR!P)`;~NP&yUK{Q`e|Ph@??H~{@c10qbxo}?2n${D!hmnn;`#H
ziOMRQ`d((V`>+{SOoWGQ7e8Fdhv0_z#^=<>`^%}%T#n>w@5uE5voWeE-j*+Wl0_<#
z)4yP(_^-Qv+MN)wl>(rZ)w~1IP|h%%+&yhuP#d2TTEHrs$&%#;ffNQ|>|=Zzgv+~;
z*u=Ky-o@2i6ANwKt6pnBTy~P)EN%y2hHHaAw5}&$v5qPF)u@mDMzFMEOJPZ)W6>x&
zp!28#;Nqn<K-?PB&;=YJbB^ULk#!E&E7u46GH6gr_;~W!r2otJjd}E=r{4dPO-N&e
zA2Cchgwpm^vuy}FXX;Gcr0m~7pQZ43n*8wI6^3Vw1+)xeV;^4SSiIYyyiM28Dq2c@
z%2j}{Um;jXKgKW!xjYjP^$A3yD&Wt@2ao(LGb;#6Uu%!;d^N#^_9R!L&ACK4D65(H
z9&sVUl_B8Gqw6IYPMDhU1~QTT@c0*2s#J)N$-=H(OSmN`D-p@%N{XUl)BIPs>95X@
zmS=EFT0*LRJMDTAQRrL>DX5Htp3#m`S3<fK1F-`G5oZ!qTByFXNAegbvOugrG2hl~
zv^HkYiLcW?{KS%}TPlgNU$R)A)EE%pUbN+5b^=OAr4vB!l_Ta@+0TH&G_?xq4UWRa
zXpvSo+D$%f85-}?_O-ihr`W093B}&GIAyG2Xu=1*lkO>0W?=^;C8X0PBBdSP7idc-
zX*|DwN*6(7jea!7H^>^On(IdZ!aaC&F}0a@Lxk(mb@$-b$^x1T_#9`H4S~gXNVA*n
zmASqu^?GIV1Px=;FLMQWu58Iu{bD^SB!<3F^}lii15?q$1ondT+tCWz&2UxI3Y&Ue
zdMO!y+XA$qRT?y@dEWl~I3>ScPG}n$&^N8V9*|^E0D;5iXu5@ROoAEH=ja7&(=@X#
ziOS^^$LNV!#N>&ChcAN6QqjR}Ze4KwN`Z#=r<hc37l$=K;Tmzl-C$VyVqCUEt8RNr
znq#4=DEq0Z_UE!di&pXug44B4_LAzrM)%3jRjG^oS5}mNA-VHdY3FBn2K$%fY1`*F
zyQMpz`??#{s=>IVZdcN2;WPyrb~OL!@9#IdTU7<wJ(7libcPADRe-OFP*f=9C9JA5
zUUYoONrt+%_u_<C6TiqLho@|&wE`dpupO6Z_~3|Ubw^E{IV$%C%M#$!PjsiW^OA9{
z2)<W|`dVL67Mh{yDw}8Uec2Q~cL8fnD^2zk1RrK42Xd_1OcI;#&WDx2jyUZEvJ6iD
zO?~_L72eR*z@6j+fHd$#Zl|I7$mpR!Q?Zg=2q8ifCRU~>qJK$nciZ;$a{S+)({Y;F
zbVVSI-`jZ0QX|Z8N+}|fwRZuX8?xcfFt1Op50ZyXTf#j~AaFhMeZHiLjxgZ#H{;u-
z+nMbaMHmr+hSOFwM@$MU&)_uQ^C(LCk!mLPi~X7H1!%-z1<rkOj%K1;!PznqBB1d+
z8<J~wJA<DeU^G{ZFACfxJ#XK!Gbvp;M*iB#7d*|1@;Q2cgZj*kPx0mW?lUI^`}uM7
z`S7qNHV6P&U&rq5=dy>nU*vfxk=|4s6HxFRD+VsGekz#Yq^oq6zsl<dXf+bAqG2o1
ziQ035TEg^11YM3r?r|2#`!0}mHBXmeUl6CEsWb2%hscq{Gg{5`mhJSm^3`Vh0ARvx
zylmL2;Y^6hcK*9^cj5MN8%ZkV30akLv|&gXpCRZL110qd2G~!#M>1hGi6L^ehVu<W
zA~~S#RM_}HAKa8zXmJzd+GiYMYmUfWF~i2Wk4YSTZMJnUALH+CC+{<ItIt1`{*8TG
z^T(ceILrn9T%M3B(1P+geKToht(fR<p1&Gn*uL`H-jp~p+~s2puu5jQvNZ|O$<pfd
z@XkvTf+0H-M!ov-q3t8yUKzHiOv;nxSnZOY35;&%ZBMtYoWRf|gFL|G9FbQ3+(`BK
zQBGZQ2S<(mry)Fw2*SzZ+R9INz8~_)RaVR2y?S_WFv#x?s3>TH8WfU!vGXAVe+_<x
z;}_}6DwJcMU$q<d%?8IMTn(KVuthY)*ap9eFD49-Fo>My*2jgT5k{fZ6kVF%&f6!%
z5o4aCN1kys9@O@{Ls}XhJxX(=_oy+ucC@9g-_s8%R>S@Y30?8x!pm6>IgY9ZnOeYA
z6Acm3nag=Q^u>m5H$(?)9%DOWX*+p>BLRV-p3UwpYhH&Y5l)()CT(VP^`47pACE}v
zO(Z!N@L4)XB0O~6^LTE@cZ@ch?)BfU26rW>Pu7^A49wQbkZHtKieidW8%Qz#-c@~$
zRY5_nzIDpIQ|0BKQTO0G1*wIwr~K-Bt_h0y%5|FS@VuQBp8H!>k_XFi2h09~q?_%9
zg^xBMhqeuj;aP#allSdx#$j@b)?j0t00E*eD`9>=2i<uqq$os}#~hYI>5+To(V(jS
zKx35cp!XxspY(_s-_a1a8hjJ-h9Er?aSk=lqJ_wxthbXVVzaA^lVjVoFT>{6vYX&#
z{t+|d5(C=-1-eRs@TMv-W`88UMKtz4mXZa56zqTs1>m76Y5N5k7mVa8lfo?k3^^EL
zUV(k=k5SOJq-U=-rOWdN4+?&>2X~1{{h5$Lg&9rU6U^K3wpqzIcYY=rxHtJwtJL8#
zo}6%hUvfl>_K>ede~($LMWx+{>&dC>jI{e&iS79Ot9sAs{WZC-!H#D4jOYp%pQ)WZ
zArd0RAvkSXW=U{^)g_|G_`{tCDYScT@GZwZ;pyFqGs$f~!RhslNM_>SW9f0&b(;UG
zyRIJJ_ZW{`==g%VB(k=AfKB}}C;*{SbdYcE^kE1!@0YaZzVntxwyU6%O>ghQPxlgr
zk*{PeB#)1ddau6(AlP7gBAWG6xEE+DZ!L4wVBIl2=wWFXvO$rMej|4@_&Cy!GztUa
zMjplXieHIlOi9z#zT9{`pft%#@S&`8cPC}4kTud$3I1x1Jm27yMuw;&Os25EE&bDg
z=(4xn3U!g5d7j(;v~cNs0K~!M6yrep?`h@yHZ3ZT?lhZlQ9IOmHpyn9kmc5IOt9N~
zY(u{_^7!AH_BJW|xuZK!5SDjFT*7^vX*tZTK>hl%ZV-?xOzA6GF4w%dpZCLzWOBXu
zR-y5FJndd;4H*J7ytou`zb>uiZMY4GzjwBGyw8)$-EWjZ-R_O@(0t&X+2K4MMh8zA
znn?tRD(IP!TmuoP-i+$F+{~Fo8!YiU?|FiKXP7tidArqj0AeMnpbA~jG3r^|bvHs|
z`IKGSC49?~RkL!^yROx6BE*fKRc_Ji={x@xe5^eB&@fXZilgO1P6>}J<W|)th3@6!
z7H6n<TDpCEEk)NW{3_Is?mUKZxcf>9bjjqz$(<J>0}IvkJ!oy$jfeUU9FP7HoAv6^
zkx2R2jO&;`wpP6hkD4+5PN1_yROcYwcFiO97$2q8`cHqB(m>z|8vU1v`a44`xb#Fp
zhrDQvBBW<ME&_JFH>07Cy*QQXx5hFjrjW!jNRI{awH$Gm2RlW!Ww;x>q8k>P`obSx
z@yPrPzvF{1kAg_SnOAHZdAn&Ou93iM!3N<P`I!6YSD&N2L)q9QbX7oOYmQ1=b*G3b
zZOj{Qs8aFla~WC6{vpPaPPw8wLI^?Qhf5HDVnCxw4oW%<ZVg>T&hI`&`5|DXDStT|
zoV2Jpjh{A|)Nrfs6^?`7uRT{hTLj$%o?AB@!eJXe=??z`H^<O$GwTW4GwIzwgSiqZ
z7*n((l?1Zg33fiJc}fbA+oaRttnspkG$#@-Oa?`|-=D4vx#wh)fI}jPe7zTuJDDmO
z?m9iJLfI$^8+L_^Au-`Xz!Lvfe$c2HXq5IIikffNg$Vyr(Yq6}TTM^Z6eEZf7#nDJ
z4ph0}*XP-)Hk33qcy=ojg0<0rjn5e=UI)BWS$hXsiu4<Uuz9qZShN2%R}OxoAR>_&
z(>TBS{N6Nl@s*Vov;A>q8JJ;czQl|Dhbz0>5LFGhgqn*`%G|)iWB$2W9)w5kIIFn5
zc=?gTXgi9cU7)Rv%bl!7Pcl}lz(eW!x!F39bSKj{?G2BUR?NLUZ@f(d^WFZ6$>5g6
za&O3GvWS;mM)Cjl0u&>dA}BD!++l)hlU}<CALsj9``eq$P?3hn-$%k?#S?!gWT`*J
z0Tncnqy}03DgcbCLUf|g%I0L_rg}39?Z$&JFR|;{u9~BIBk(fGLh*zG7s6O9-?o-m
zQ*xb4X=@tKZVGZ3Zq~My=j17kuRHU3^NbJcp4$K5+4Dxom;lBd8LqB3!u};qCsy4D
zyMD%~E$4)-8Ylc-8DmnPXB)0iv%H^iOUnfDTN6e|@mYQoVh_*&x$nOubPD#|({wD!
z&i0<4Z2IPkP1uH*R=TP|u={PON5u96XZ17P{vw*==Nm}4t*l(;RCoN%>6JVjCJ&J;
zyau8v{IfD<-^O=@pzze8YA)W!Z5q>4@D!SQonLTzmLekM9L@MN&s=8%D=pO^(VB4q
zG{~gBcj4k;aOX!^zK)T`I9?rrq#d@uOb%qoS{BEbvsXt9H#dSYBP?tkCH$>9(8+~H
z>aEN|sp$uCp($}0`)s5hj<?bs)`ZxJU~1=T8$qO7YaN<{QS<15W5x2T`zS#p)44Tt
z3tR|J3Hf|+f-QLQDx<UG?q#6kyTU5l2k~aG=6DEDUI!^h9NZOf5s>IDr(>>m2DrD5
z5K=$r?DTfHU-_|RlI3zbyNgbQ2MrwaE7DHWjeQvGlQws@U84qBe7#;36F%!uvlXy5
zdO|I{y#)PIZzE>iF!1|zVimkza&0Qae+|VTKGR%9cRJ={ESe@1?{oNSv%YY|v8#aT
z$T(cP$6@y`PK>iv`h>PQ8rWxDd>#hnBU_JnyxP2;5F4A9@&s<!xu`d^^y6?z|G+qG
zM(TAuFg20Cdv?#e(TOgFm9>x(%Uk?p{>5jAviNzMWD5w`i+u~<YF*L4LXO5_=v6BV
z+?4F6$)xU4zCq-garjx(+&AE#S$Sxnqe_nhqhOq=8FA?!XD#yrzBHcA`o@4OO102X
zIk<!9TkhEn6vLs>?;{dN83TKp->&Ri=+cp_`=<1nuBE6Z%iHFDR{Fp$@2S&e28+!5
zx$R^l(SDm6SG3tEyuZO)=XWYtE2``ut~|+{W}HHPdh>{S=;xNht4(Vf(2L}NJ>m(p
z6qHxjWmXI?!vwIx18`e7uwE?vGpq#_$aGe%7@CF_tL+IAteOQ+i$9Q)IYVW+Lnp7w
z(c8I%#q!x*tXhdP$7<sE{uyBSTdE3s-s_F}7FJJeukC8@(+nM()S5XDj*I0YG`&74
z%?ObxO=Co!$^4al!!D>kkHlIL&Ynh~wcX(9_?NVjgOdr%`Wt3MCx2R77V0#7SKJ>_
zSH>`O{OTas4Tn%8kIKOS^cJK0d0myt<`*qus}uxrVvT2FmC0KuG@Wi}P{&?Vw}4OO
zA3kgkkni~C7vuoP;t9o@<u!|uU4AV~z{@a6%y8rV^(t$MJjvDi9=zu(Xd=O>g|xMX
zVOMo$`_*GYoB0AAKk6>$l&SqEXxe0TGda%v-Hql_*1+7e;F(~6^beN7&i9T_bL<xk
z(25gRG-|a=@)uzNrlZqfitXT<ykKEZY~rVa3Z8E<WWO`iqow<&qhEEE`zCLT9y2`P
zbC489o_%CH`BrbUQ$v7iJMd{U+UQre)?&3oSNx>SXzVq|1eAdpE4ndif0NMj5w^OC
zDy8yUyNk+|k=|*bbcFobT!ZG3-BZl5o?fu1&2UOr!_TS-D=i!}bxqZ>3>Q_hn=$<!
zbWu9rStfjX0Ypn7jqYQi#Eu)jYuRaU+|EQSRNn`Z_d7~|`4UXD9Qn_14Xp_wgFDqV
z8QHnBwO*Z1Y@Y*o%V<$jB|aG=e&CH?<Z~9f1detl%8b>T$`&hAwN^Czab~ra9Ga0p
z>0RX(r|=mlgfbAW5I^RrsIOGBLfGQ`(3bS+?w*85Jo5PjaCR3T<h6H8q4Xf$zXA8w
z%xvbGgjtU=&WU8q@D>845sO1CakQMi=oPduD43Azy(1YBy2YUvs`8gbGYt>z47-HS
zf_~y&OYqwH-DLl=(MPc#vNTlc-;F?I52tY&m~6F6!9Cx2synP<v6)#ug3_Kv2bB)=
zLr)h<%od$EFL4Phyek>0=S*$BqA5|#JThmx*o#LKO5?YbRO+_XQkH|a1N14sD^$~)
zF~e;i6k3d~+6~M(zc5)dK=+ZfTq>K5_cRpu19BInhA9^FtY(((x&*LXqPocffxfLv
zJ5Q6LBs%$YPOG)xvZj8VdYcZ?V*)QVWwRf5@hPP2t^I7-EPqGTVEV-dDJL&{^_>ks
z9f+^DX*F-gRyP{A<!MMylLTQjt+;nMcReBA)yScMQ9m&J#7e)^4|XSRV;CyWTU-GP
z?!p<z^F-@TE_x|mi?qtf{5dE)V;nBISq}u7mT!E0z!iU7ko%A8fWzX}jizRCx!;!h
zv8Y};dR?}}<XJ6GRK4JX>#s`nUDmYs9A%3&ly1Od{iIWQQ~rn{sa@JxR3n+J5%1JT
z0Mr7Cyeb3!);Ht=W=f&+=8YQ`{&Vp&^nQ%XSohsWo%0Kqk)nMek)RrUdSN|ja7tT>
z=7ar3l7(h-Jgl!=H2iDEq4Kkn#WD}ls$4fR2Zap=!xSf_cwk^5)KA0z$J%5u0oU=_
zKe*SaPvd3ad5O{8tx@e=WzaPmmo9C<^Cm%{8mRso018Bbd<x^>ioui3us^g>MwP$b
zX5?z^%WIm?_ZvNCaE_OeMZ?kob)IzTT|LtuT_I7FzPLiydXP`nG)k~>aGZaDm|^&e
zLorh2TlJkA3>ffM{`soFCrGt6-N`jaPhQ7@SD!rISLM}tD)#ehjqBw{>E{F#01JlF
z3akrsv5ZReHt?JkR;G0VA3zWxIz%M6gp9ohh^E-o^%&GwEBkV+8Wo49aN5o3gS)-w
z-D?yK;wor2L1S`^_GAdVn0?MIlEq;kPcTC0aeLczE4@WP(5uM{3nOo%{agfpIraM>
zb$Oi<(LUNAjVWu9CpuqPeXA{MjEDuJeUntw|L~$+=S1RK+C6k-hc{nxHC#EekZW%(
zxTV+xcjbiy*q!}_H}@7EeO@x?mq+M$A*-25X<;R03ltr9V|>2k4FY%VmOh!6qJU`?
z%S9FMoW<IomDooBUktToH<0Czk{xhuX%$xn-6-t`cQM!EnV|sT>*P0OUv9Gfh$TF>
zlU^%vI;_WI-36>=b9>>Cv#VbwQ4tX8O0GnfhmAVMb8Jx~(Un{#>B#wfy8$;Un(}Wm
zc~<W0?_s7XRVnqZ*UXci7T&*77n1S?VNL1@>K{fB+|^^un=g<R5aTJ4PELXrOA6yD
z=V-XpwQ+kPsC18-PC0+`*}C`+<mV~YZ3wfVf6c<DNP!QHdAZ{K;z*&BS})Wqrt)LV
zVX|-g4BfCq*AF-F=J`xc{J_kk0wtqh(t}H+#ty_vq0)&{kJWPYIGKUP`<E4n2>&U%
zxoF#ZfU@k!3y-3KJ`JO>To7^3XFx15vQABxq0_@yFiQ`WuW|0^dy)OL4>%BC*bSW`
zI3=QuNbYhcmhwE8Ubbc2g}K;YQ$^mPoB-^oVy!ng<=ebm+QtdaOSD|<-dEK{LfzM$
zVykoL0=DKHIwUiB>3@My-jw;>we$w>M2vJnci`s1howFW3CF>$=?rU0-n05g;xH7j
zH|<XVYd(ty%VTGBKpGSES2O|20FB+F^W+je8Pt|$)#g#Jo;jankI;QUJJ#>d3!@Ys
zpG{LH{P8I`e)$W{sv$37rHJ6b(Brgj#H+^y>j9lO3ujnW^_5+p6PN@9P}byQQTcY*
zw4#J%-68Joj%yXup^J^%?J0*zm-$otkwkkAn~df)QT_pmNuJ;uLJ(7a8{z{2#fMLV
zVCORQ^9CS)(b(@^<DVHTOVu%^7Xd|x$<v=lS8yuA<bVr|OWa}AEJl}Hd*8Tr>XH}U
za`%sdbcOW}w8m1FYnz{G;u0!R4+s-mO-J7y@>EVp`7pOM_pHuHyIopt6@IWaVIg5k
zhV&#u(VcpTRKJ=b*0(m~Zvun6pt2R;%mnSE%rUyD%BOfl_V!QV#ugY|Od@HO<hM%!
zb*ekc=$LAePnK%ZB{OTm*o!>Rmd_x+mnlRC&bNI(yH}H?lX<$2sR=%%eV<lEQ5$|&
zenXn5xA>qvwC`V6Z^Fj!#tRBCG{vPQ+y@@B9g7@C1rU#eD%0-|;X7*#%~;6jJJNmH
zeEnUzl)>!{072A!7|6>E4=dTvUm)~a*>+k^cQX^p_B|%buG(}3UbMj2@Il?$q?iZm
z)k?@Ex#~k_5r-%IVp9;`TkL`wMsO;sO+hSy0bxD*JGRPD=S-i*;XBa2^8P^UTZRMI
zj~~4vLAr_e-Ya~L!f+*f1PRq_x9(PSj#@Dl#~}9Xn9yZo6?1luz)0Yn+>%W#LUR*7
z#mUUPrD5JNy5%3gho<*KxV?{`P(*;cO8VQ|Y$&<7+63LYH<Z4$As}dgmze6O6D(2H
z>G(wTFSs`^HzR+LA65U+rUyiojRrxPNe(wlb4+Z^=p9^tK5vrTj5*&@Z*=Ez-ac+U
z52U!0>}}X(H`@t8_w@=J{lh0Tn=9^L_j4QG3<A-KUvi`o6Yb!j7>E_?jR-Z84?lAV
zPD<l2>Fs$|jpq)DrM&ktV%UcxPT~?<6XXTR7Inv+0DrNJ*boA_lWgWnn#nv-2qFpP
zLtGs{R}(kAb~u1Q*w{Q^rgo=39@6#(WRhm!CT%P~r1eigcW{{9`~~VUe)p*biF4*>
zh|ACCg}TCKC+|Vecr5>XVP}ciPP!bwtBlMViO!F%u<B=aUEcCbm|Cs|%b^R(d`vNq
ztpa;hA4_-F(6r%<b0btGx&??qU5I~xUI8A`!Buul$rqaD#|>!z!UQ8{f4o*OAr|SG
zr9?<YO!_is>i&FBilRsXp5#&L`4^2y8-A^Bz<Y=VmXq$?ToRLvw!9Z_)RXxSW#)WU
zILO}@m!D)`Vjn2o{N`$O=kiW=;8Oqcb>@KF>f+$7{5Bs8j&sX2C3TmSA4SOME93QA
z*tU<pv1f-+S0PFIb~|!V1Z?4DJKfsptUp2d!uRRB^^nWR!<5&2hU@M>2hE4qq8aLR
z3yfbv3H*tZs83&S;BF$YKYU?Kaoo_Gg>T=g?nB0ZyeXBAQIOQ_aj^J&Vt^-1#e#$X
z-fT^VN$>f;#^8hMK|jZW0EPbIZgEP2n}2Oph2l25mtJ|a{WaU302&XLL!}u~<Xe)o
z9oN3U<Ip#e8BwvFzy=CI#CCT=W%SaWHfa_2Uy6LkE?md;Ulo?}@|!%K0Wmt5DxK^h
z*(e?$&iz6kcI3F>nuTng$?-~te>R=teJYdGl;-+4MrCa|E=AEmTpFYFjA+V7<c+i3
z<%dj^S5(SR6{BEa?@<x-t$uj*%(tC~K23A;cIongx%BgQ{89(x?66}Zg)o)@Ij+H`
z9`Oca6p_<uP%g9g5MSIM!h2QYv0=@UU+7UrUiYjG?_u%6i^X3AA`<gtNu>d`-7`UR
zuPUIY&H&tf|2MK|58;V!{h#1fe{#nLX|wnZEARu~Nt@G%<z+KVo95Ptbz4gqZMG~3
zu`4iH9sgD{p&jW3tgrAT)p;epNkO#wPS2gK*Og_Gx0`s&Ws#@8m3J$VDSU$NG~m7)
zrkCb(bgAf0GZ?7`Vp{MhLc0W>*yxoy4tPxC+^giee>xT2{tGWY(9nG@7bi!<OO)mr
z6&+RNp>h+g&Mp0|)Qw#(*qAgCbP$EQ^N;VV(g=d0sTo0nEB-f4$oT@lZ->t=qs>AJ
z)*z3z<Mkq|Xx6jFg^Cso0}=~H(qHRMe8QrfDz21?5Qpi<?sKc*dY1M8t!^>6DU&a)
zFS!D^2GJmbB)4~h*uO2EeV*byEO3-)u@c?jo{Ua3X4;cr7h)Hpw$Y$pdrEg5Xo<rd
zOwQ_l7@OtR(^QQgt@7R*A-jak^%GbXE;A)DHH6C7+Iwl2g+Cg(eMDz*y8^dNLVEAq
zl!eMsyoin_ru<lAnkp&+A5bq`J$$)$>=E^K6ZB=^(lb_<mVq5*6_|_}`PDTuGmAqs
z>JI!-f-6(vrTUXuu^We=FR%lGG>qR-hN?<=ouv`4WxH@s2Ux)nzvrTTN8M|Gl14H<
zEdAj8-P1r7)wDMCUI(LVzBa76pQRx}TL<<Y7T_0wIlbzK!T8Jbl}&KSpj`HQXdvCy
zHNP(#d(^<WAtvZu>zyAs7tWl<<dz_p1_<?hZO(hJv`tb%6YZ>kZkHoaF9NXV)%Y&#
z<P&<o@rtf{>?at%{wWSy^V^Fw*Kl!4vN^H)Kr~UsieIwa=hLbi5!mk4W5PpJZdyag
z=B3^|9o=4rfXnyjzF$5gcpkq^ml#J(MDb?v79I3te{guvTkDw$YbPA1of9n*5<G@d
zMO_VeAi2TJChgO~*q03U8t-}J7Q)ChNB`2CH|i~Yl9*u;0l-tJogB$GvUoo(X%WY-
zyK-s5mZBACtC3jJ7PS0?9MeyOyND$oy-X#EmFDyKO7vWVr|~Cw8bck-OQA=iM5F-7
z@|l$`C3ny({;-~E%3xFKN8{d8^61@^!_GVl$EC=Keb3K8VL*IhHGIa}UnaYj#0r2W
z8FVA)-yk!heC(J_?laC6MVaY{NZB8^3|f@#LRlY2^!Z$`iXDsCA>UoUyS{a#MMx+L
z6WW$0x&Cv7r{{cpvSZWw8VxgkPzua?=Q?JX|8005#QctKX`}J2a<|WFqagS`VH1$g
z#$HRI{SQBCz|xRh8hS!!f5xIIhmFq^fSBcPu>563PqIvpGBW>M)Et9532Nj$%&ad*
zA3CucshvPK4-};X*jr0rEV^hGVSxRR?j_->S+ZVC@ImsAub0W5{7WVOooW#L2HrhZ
zRyOPXps2dw+@&YKtv;%N&M}t~g1e|LCD$*m@v|#=$<W<n1e3f%#P*XsnqphWru+QI
z(vFV=rR(0%oDQV46vB2s$d>7cn{fE;H*O!GJ1f>ee0QO$l8bQ}<op}k-Xw4izX|e?
zu#HSnYyZwJbY6V^x=&k<IjIqiuaU9k0oi5&SsML@HR#UKr(7MWa(!d`!an;7`9zKJ
zwB=`vJ!{UNpRFlmGq?;vh|Y0`NSLK{E!uS*(Zm#hr<!YF@;`;vnPxa{Cm8v3`lRLI
z>|R>(qv?Y7DF0heMvihg<%q8@uO-~n45rwWVz6*7#I|A<$Sh#QaDo)YRr*TP9X8ET
zj@)y$z0s&E#0p31?ee7uU!vK%=5MVM6+$}wyxUX3Ei8vNR0v#Jann!sPp?=?=Yd;=
zp0C&%{D%DORs{0KO-?^rIBg^ZTF^T=xO_DUszB#xaK$9v6i>!5xh-MraA0USV97tF
zfk6q4H<$(V<21#%t<)MSaq&Xq=Orq(*Bojhh$%u=2%Cz>D{%?O2e+(q%{=!9IAy4F
z5<i#O>0Ohb339MRwJO@i0wwvr1(b$NYHTQ#S8enDeJLlZ@Gq-|1n|TO{NC%H=%kVA
zcYixK2aBGb1x@u5^njmRj)z0tM-^aj5;gF;9<64v4Tfa79CH&irLMd&u|Ni@Qj9^H
za!jjV(f-i^ciJKfq__T~4_T7SJ=|(IyP<YU@D%gr!(u2W@rs}WBMT0pgBRU2p_Q`i
z8wh-HD_lAZH${=DJ8MgD@R<10L0@M_eKkQcG;AFi%X_?3&Ug6+>NHPSz9c2<UWHx>
z_<pPaj#Fuo^t771<%X7Ov}`>A40!!1f1g44j<#EV$+8EZA_QB|ZNADSnPgstAtYkA
zr^#0>eU7-ZllKzFF*m0>>Gkg!x+=)}m=K=snZfq6Ti8sjVa{!<z?ElQ4y|N~W=s0W
z0R@1$)BbT5n)N)+5@5Bk_eaYlK~w9(#rZ@j{x9CpYEjp}>C*NMQZ5*?F&)f%!0BS#
zJ&%)3Ufy_WGu`rONO%+O%-?yx^G1gIyNsGsHYV$Wr{EWVfqpCfxQ>0N&g-Nt(Yz31
z&-xo*?iy(mlpg`tlRrFF7s%5^F<jhG&Pn2J`-n9`2NN@rZV&_xVZ8;95w=u`-@t!V
zAH~n9zgsG@>K7=&X?Hx_U9HZFZF*i+K&lteB_C^(aE!l3K1w%fsnz}>zQXPe)rJXu
z!}k}6pnePOe#UJH)3dREl%xwKUR<1y3EWp$H*@BY7c1M;F>z?jt`PA|Lft2RWxa|1
zb4@u?&*O#!EO_-Sjp*|C#%_LnI}%q|&S)|4l}M3Otm+^y`)Qu`tesLTcuJ+KY@A_V
zwafS=`_zN68Z0Mx5j>(vkC0>qf2&3wNP{uopM_myTI7#P7hU;hJ+>;rpJlKhFXcc~
z8Romt+0VQgF)h?xT1yBNIB&wo#(Voxn&Eh%y47MGG=C|Y?$zA2xGOCNj^nW+*;0&Q
zU=P!dgw&aCq)3{sef-7p&HWTk0kui>{1R`K#|0U8l2WG;<kIsCZi~I^!+BjMm2PlK
zQo`_E(I}YPjUY#<$$rvtA2KQdHoC=iIO929kZ=lUUk5257mDmHs)E(<hKOd7Rk1)>
zF&oO~vHTlUA>nfOfWwZtrI(Gj5UTmMM0b$7e2GKw{nw&3h4z5q9Btt{^+9zpxEWUm
zD0c`?1bLq`l)O?*OcpZQmp;uQ*(abTb?i~*p@**8|2u2lUCYD})S-E@0ouK!;X<RD
z8sep7!Tv{IiTM)?wJzZfi~R;*L3%`UQ}5!~@zfvbVf(RPxfKI!TcE_>Fu_Ugx40<4
zs>Rv`%j{pGM8#*UD`UrlWJLOm?E;1^D`xsTfHk!zRI^3H=2geQ0af{;ct3E(&2ZB)
zB>gUAM%V`MYExA>@?bWxk{9<Fy=y!%LB+8c!&>N$xPLow=^f*j&Nb3?$niU_1)`}Z
zT0+}2?2a0`GVgwL^RDw1H4f*eV*<yK^91Aq?s?We<6@4C%^7Y3^Ob`yvOz!vdPJ`g
z37K>D09X$jZOkhNg`g!uk2b3IHI~N&&n~TN#}&P!a-$R&xf>q)&dEte)B*VD-9nsJ
zIA*0qyGuzf5@%2bxT4nE=<}9;T1IHG3EUHu5?s(9@9l^~vXk;@c9~dt_Xps4DAF}7
zV#{UgOB@Ev7Q@B)EVpaR1B^}j+T+kd0fOE6NgwCNo^d^~Zp6@tllcYtiC}=i=G|&j
z9XIML@Hr4o(0~1{Z>@U?KNJs3`;Bbr7epoHTx*+!R9FdhHk4naIx*>`+bes7szD&k
zf$wZ#h`w-}cV-i&A}&hM+}7%rUU54ybWiX<a`c|}1e9(IT6qbenmZ7R!@VLDFH_7`
zYQ^alGbQ!|UgQfmbc&C%EI%tgCxDu+IeV{rigSss-}?0r=w+HA_4UXq@7kkMxVU6L
zE3W0W^{#Flz)uVs+C$y^N}(3@;_?Cs%<50du~a`zN*ii!QC7eY@@9;MI5e6|k0MUs
zDwl?#w_{CpZy!Rq?aaJiV+vsn|Ci_OZ9ev3i@c?RLalazWy^8Q`!-0(1<M8rnDwe<
zXZ#G9F^4qCJM(a!Sgt|5l_yR;qaidyr6ox|y$=#xkozUWBsmHgW^(ezhnf+6s+8^W
z+|`S$W6FOtHXn}Rh==S?=;D|avz!i7xqWMH2SHXf_$qA0N-oU{p6b8Tu3;j1je%0t
zu%wjo9{G1nLrTgo9%?2kbXDP%Q+NN8r@gzTA6i_|_tKwr4P%HkU61eTs_%lVUu?>$
z04U-NQbGF?0X(zss&HeI`~jQ66L+TUdsbKA2Vsu{K0W#0B~ej?KQN#rmGT>bZ==Z;
z6dBkbALQhjG1$_qVj+%mODh%B7=(SUfKEd1cxNA#Qp|1h%Z#y@a%??YZELrH<3%5E
zUg7$80Si%PApW&NZv1~SQQP2mon6opDV$Lqbd}CDICr|3_@7HxV3^9HJ>e$iC7#u@
zzT-^S<rk437>ZCI^l91!h@Y`1b2ZQnWr7bNZ95*)urZ4S%^!FCdr*o*{~30@-@Mp(
zf@zusPaS7HzJ<ujUB(jK_0^@krVsf+n6csiJqN?lk;o2S&T6(G;AF;e$~N6V%#FnA
zG5&5f&~iq*9Y!u(3gi4&6{WChPr<dE8WNT{%#F4N;$I=Mx69_4nY$@Md<*^9RO&i%
z{uw5NAdZ|y){jk%+b!Oi%Key!1QJDLp<%LnF?NFo!vF|WXG`xd%hXEAE)MpGw?%|P
z!hK2UX!`tdcF#ouw;Le^&NJKEi-3SWsaj!Ipk&y>MgE@xFB6gu-k-sNiobUHW8`<f
zO3s;Kd^dqSYB)cm^kYn?eo5Gs7oM-F`%;kU(K0K$U*|ciVijcEK)#5AXf|GBa!OM~
zZ_QSj6Y!pMSB7amXorvh$F8Ghfs!hd(Vc38m3ub$hH~Xa%M+qH)wD1Ak)ZV}i~z=@
zd?hY-gW*IZGTPNjI`;>L+Hu_ZQuDMjo8D!rTdmt$%SE1Q{`7_uzCs{;Qb*1!)vtih
z_D|3bOQT*8_)X#!PRn}=zGWCWqU#^o+zanj{qS_#r!TKQ6(Hf2U2fCpLqR=HaU?az
z*6$gzTgM99DrrEFW5F%_-!TK{9`h~kLz!13^Ovox@yJrx&lDLmhzu5$9`=)6+p9fy
zqVk|ZYnKtCG}mVI84L}>O*%)_fW?{tVI&yAn{$owPIjJeDOE9u`zc=16zSm;`FB=l
zF4ld#3j+K~%tM-3Eozg+`LYTEwMhOAn3S^%expaE_gC4u<NKqHBU-T8b>{w&JI&Fv
zL+t8ybTc{U`HF&=cnRum<t6>|G^LWvNQr@S^tT5*4u1GvfHD}<ZO1Ee={c`2oxjt<
z9sDRrY0A@P!Vc!cxw`NxEID<e(bfz!6-Dfn=(5Yq>&6hR2lmkZ<zHj#yk0L+G)Oh~
zwfcrW=Nm=H(F(Fr7V(p)t99?oefwLn-=1WjKk$BoFAJ?Mm^tBa*Bpx5Xz^E6lsx&h
znzX>`;R~rB8NKW&^z4L3`rIP7nJ1DSB=hi7a;i9I4IS&p;yS@QF8Q%mI8sk&!USR7
zxgWfg2$4O`N`MJ>?i~k6=dD_7tx>>dpv-TDPsx&X^GNA5yd_R>yt<}N$FCpDQ$tGl
zLtmo^3%geZE%2!Wdjs=10F~k&(1p%Qhw8{9T=3MV#hQ$#^f%Z9i0SQ?<zh>2#KIV4
z{F-ye6CCO?eiLi$9Pv<n{){q;rr*peJ+!xjuQ`3zvqJEyvt2et%*Y!?XF6>FKYjFy
zupQvxGII#h2(4jemfQEC<r`^R3FJ}EyNg;p{d48~4_}_FhLFy2!Y#t{ZY*d^D|K<5
z>LA7VJ5XOk?;hR#k9v8t?N#--*~Y(a-sV<#@*-Pdj#AO7%}Lw<HCV5*vW<ZP@=O%1
zRDOcpiuKpvk44Qz0RE+En^Y_5CkBTXJ3X7<ZGT<`U+2_$I30sNMEa*X%MsYUnhz(N
zwaMnxfveG!Rpa2#Rp1hB*zxUA+>cEW39s9xOXs>@)ht|`vRQr!_uKKfO8(Ue-Ps5J
zz$nkhK4$6iY%jDiDJiTQ%%IaD=XaXSN~!3^5ogk)W_8rW1%IxFH<;bPCok@t!-?K#
zV#Ayv&>5DYJ~UdiY+K2*aPm?C$aZt;1T^zFY4>#h+1j%BCtf6MLHQ($_ddt<5{o8n
zwQjz9y72$Z@wkM|e*d;z@dvCfeZTSG>AcW@fVr<q4wc(%;oF<y>KFgxBVSU><l~1^
ze4fYryHdg4eO>*Q$qqx&)dzCd988b+d129m2gSM{>>hosUv}oB+Z)E0flpqCABY!R
zU%ypnv59Ws`|tif$@P~d{qN6}Ydn0xK5M#ta^`XEM|P_P_U|n;Z0$Le>*TQP?uYx&
zPtT9lSYce3=&&>M<okV%OZj+Xio|ZQ3rfai_+M`|EBW_^{THi{{IydN^ILYN|B+0!
zteUseKK@_Gm-#i(|NElD?yvooqMu#)D{l1*`^dV}tK=_#EGdcs9tco)e*gA4t0ML~
zJKwfV-+$)sge8}B>(^cXH>ES!Z6R<s=9D$SBPSLz9E~_T-Cp)rUoc1W1z=fvOrd7l
z#wk(?>w$w6y)}O$v;&%g)VC+ye=l35o+G@kIp}uV!lQLzi7M~CSh+x(^ueIz|B`hL
z;7!XQV##s`kOdH+f&FL>4y0o`XwLrdpMgW+Y5etsty;j7OBg&|{an^LB{Ts5k$e_u

literal 0
HcmV?d00001

diff --git a/docs/images/osv-scanner-full-logo-darkmode.svg b/docs/images/osv-scanner-full-logo-darkmode.svg
new file mode 100644
index 00000000000..fe7b310ef02
--- /dev/null
+++ b/docs/images/osv-scanner-full-logo-darkmode.svg
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Layer_2" data-name="Layer 2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1270 142">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #fff;
+      }
+
+      .cls-2 {
+        fill: #e60013;
+      }
+    </style>
+  </defs>
+  <g id="Layer_1" data-name="Layer 1">
+    <g>
+      <path class="cls-1" d="M184.35,37.84c0-9.22,8.24-16.47,22.36-16.47,12.55,0,24.91,4.9,37.26,14.12l12.94-18.24C242.99,6.07,227.1,0,207.1,0c-27.26,0-46.87,16.08-46.87,40.01,0,25.5,16.47,34.12,45.69,41.18,25.49,5.88,30.99,11.18,30.99,21.18,0,10.59-9.41,17.45-24.32,17.45-17.06,0-30.2-6.47-43.34-17.85l-14.51,17.26c16.47,14.71,36.28,21.96,57.27,21.96,28.83,0,49.03-15.3,49.03-41.18,0-22.94-15.1-33.34-44.12-40.4-26.28-6.28-32.55-10.98-32.55-21.77h0Z"/>
+      <polygon class="cls-1" points="333.17 107.46 291.8 1.95 265.12 1.95 322.19 140.21 343.37 140.21 400.44 1.95 374.36 1.95 333.17 107.46 333.17 107.46"/>
+      <circle class="cls-2" cx="71.04" cy="70.59" r="11.4"/>
+      <path class="cls-2" d="M113.26,14l-30.6,40.7c3.15,2.3,5.57,5.51,6.92,9.24l47.99-17.02c-4.71-13.24-13.25-24.66-24.3-32.92Z"/>
+      <path class="cls-1" d="M139.86,54.89l-23.33,8.02c.47,2.63.75,5.32.75,8.08,0,25.49-20.66,46.15-46.15,46.15s-46.15-20.66-46.15-46.15,20.66-46.15,46.15-46.15c7.5,0,14.56,1.79,20.81,4.97l14.97-20C96.39,3.59,84.14,0,71.04,0,32.05,0,.44,31.6.44,70.59s31.61,70.6,70.6,70.6,70.6-31.61,70.6-70.6c0-5.4-.63-10.65-1.78-15.71Z"/>
+      <path class="cls-1" d="M90.69,71.8c-.53,10.41-9.11,18.69-19.65,18.69s-19.7-8.82-19.7-19.7,8.82-19.7,19.7-19.7c1.57,0,3.08.24,4.54.59l8.33-11.13c-1.53-.65-3.11-1.23-4.77-1.65-17.62-4.48-35.53,6.18-40.01,23.8-4.48,17.62,6.18,35.53,23.8,40.01,17.62,4.48,35.53-6.18,40.01-23.8.99-3.9,1.2-7.8.8-11.58l-13.05,4.49Z"/>
+    </g>
+  </g>
+  <path class="cls-1" d="M1111.75,96.05h76.52c.2-2.36.39-4.34.39-6.51,0-30.17-16.76-56.21-49.9-56.21-29.78,0-50.88,24.46-50.88,54.44,0,32.34,23.27,54.23,53.45,54.23,19.13,0,32.74-7.69,42.6-19.52l-14.01-12.42c-8.28,8.09-16.57,12.42-28.2,12.42-15.38,0-27.22-9.47-29.98-26.43h0ZM1111.55,80.28c2.17-16.17,12.42-27.41,27.02-27.41,15.78,0,24.85,12.03,26.43,27.41h-53.45Z"/>
+  <path class="cls-1" d="M528.56,38.07c0-9.27,8.28-16.57,22.48-16.57,12.62,0,25.05,4.93,37.47,14.2l13.02-18.34C587.52,6.12,571.55,0,551.43,0c-27.41,0-47.13,16.18-47.13,40.23,0,25.64,16.57,34.32,45.95,41.42,25.64,5.91,31.16,11.24,31.16,21.3,0,10.65-9.47,17.55-24.45,17.55-17.16,0-30.37-6.51-43.59-17.95l-14.59,17.35c16.57,14.79,36.48,22.09,57.59,22.09,28.99,0,49.3-15.38,49.3-41.42,0-23.07-15.18-33.53-44.37-40.63-26.43-6.31-32.74-11.04-32.74-21.89h0Z"/>
+  <path class="cls-1" d="M1232.96,102.36c0-27.61,14.6-41.22,35.5-41.22h1.38v-25.24c-18.34-.79-30.37,9.86-36.88,25.44v-23.47h-23.86v104.13h23.86v-39.64h0Z"/>
+  <path class="cls-1" d="M720.18,122.48l-14.4-14.2c-7.49,7.69-15.78,13.02-27.02,13.02-18.34,0-31.16-14.99-31.16-33.73s12.62-33.33,29.98-33.33c12.03,0,19.72,5.32,27.02,13.02l14.79-15.98c-9.66-10.65-21.89-17.95-41.62-17.95-31.16,0-54.04,24.85-54.04,54.63s22.88,54.04,53.84,54.04c20.31,0,32.34-8.09,42.6-19.52h0Z"/>
+  <path class="cls-1" d="M997.82,83.24c0-16.18,9.67-25.84,23.47-25.84s22.29,9.27,22.29,25.44v59.17h23.86v-66.27c0-24.26-13.61-40.04-37.08-40.04-16.17,0-25.83,8.48-32.54,18.34v-16.17h-23.86v104.13h23.86v-58.77h0Z"/>
+  <path class="cls-1" d="M879.39,83.24c0-16.17,9.67-25.84,23.47-25.84s22.29,9.27,22.29,25.44v59.17h23.86v-66.27c0-24.26-13.61-40.04-37.08-40.04-16.17,0-25.83,8.48-32.54,18.34v-16.17h-23.86v104.13h23.86v-58.77h0Z"/>
+  <path class="cls-1" d="M830.57,139.84v-61.73c0-27.81-14.99-43.98-45.75-43.98-16.96,0-28.2,3.55-39.64,8.68l6.51,19.13c9.47-3.95,18.15-6.51,29.78-6.51,16.57,0,25.64,7.89,25.64,22.29v2.56c-8.09-2.56-16.17-4.34-28.8-4.34-24.26,0-42.2,11.04-42.2,33.53v.39c0,20.9,17.35,32.15,37.08,32.15,15.78,0,26.63-6.51,33.72-14.99v12.82h23.67ZM807.49,102.17c0,13.02-11.84,21.89-27.61,21.89-11.24,0-20.12-5.53-20.12-15.38v-.39c0-10.65,8.88-16.77,23.87-16.77,9.27,0,17.75,1.77,23.86,4.14v6.51h0Z"/>
+  <rect class="cls-1" x="413.5" y="58.51" width="55" height="26"/>
+</svg>
\ No newline at end of file
diff --git a/docs/images/osv-scanner-full-logo-lightmode.png b/docs/images/osv-scanner-full-logo-lightmode.png
new file mode 100644
index 0000000000000000000000000000000000000000..8e86e7011e7f7179028f3a3b433f9b8c3c9eb0ad
GIT binary patch
literal 18973
zcma&ObySqy8#X%B(BaS>(p`>pt28K50s_({UBb{IN_Urp^w1zRfYJ@Z&>$cn9Rf1M
zd3e9?ch>py%vu91n0aPD_rB}8?rRgJt@(lwj|L9}0uibxE4>1NupWM{!~p|eMVJx@
zfN!`i%7*SB5I*GLi8i$ya03D{fmD>_U;AVqENi`5`nCW*jx_Ste6PzM4X=<Qw!sqP
z!TIltp}Yi-SPuF3$~6RDtYLR>Yegl4mBP;#H9^k#b7m3~flISIg8>1$Gp((-srgQZ
zAO5OJ`1t!{KKkE7V=>TQKj`EC9yb>G@&EhzBNZnr%l{r=yr}>E9*2Mo^1rt~`v1O0
zP+M8)e-E?&&vg)T%>VD}gM$_RcS#m>jPU=xTnY34&j*0+|C$7oSgB-!lsDu45v^W>
z*7WW!ot!cwySblr4<w$`2a*2Uzzy=2^!K}D5Nfm=3DSMc^671AkyG1(lS8xaU?8LY
z^ink{^1shLZwu}3f3fO${2ct411{ffeCH?SBIFGsaCF(BfCkxu`9tXj6GbCCUM!$C
zXXJ&{kbb=b`dHvcQMQ|wulOSuy#+x_YrcuUDVktbBnc1p*&$EDBU3dyCh(GTLtmTF
z(WQWgrr;sSF%;GfT3;ArVtLnwb-dsP>Dpo#QE#TH{*az25!c~%n5ko}O8%5NSJL{5
z`!mY~E<ux1WsSGX9=HkC5$<Hsiud0Zu{+NMD;TmY5GjwX1!|wBVg>OagYmFuhgii7
z5G#-Q>kK2Nz(k9FKYXePb3-)Wp#6+%wBs(Wd(Ndcg^tiF{&m-nz*liOCTNPeU90Ce
zY6*2Rtx?EIXMWg{Dd8bG^VFh){LQ58^7Gm-`mZD6+ODOfN}Y07p>xek-PY&6!>YPO
zQYNz{T**T;Y(EhEvK3LEZ=?yNwANDmDM^7%o=lEr*XA_Dr-Wl9X^UWcH-ZEs>Awn!
z*nl8R?eR6WOB^5<LRvxIM*OkFb2N#rVYZ;KaRu3_=TOxjLMZn_%Tu!mczwNhV^B^q
zm*T)C`@_oIxUS_2=%7NO_qUtIZJ2@^OvQPRuyOSHPUwuGG+5Ru64=MjzVL$bV3>;i
zawqQJDm3c%R2s=z6Tmp8?u1z<rvIvO9y~Ase-eymr42c&o9yK8wi=X7@Ux0_#l|uH
z0x{Mbdu>5dUdpRN=n*1D@LThv`s}DshxZBnep}1A$)ksL6f!@f<V==Vi8`_2bL=7L
zC6p*Vjg?;XAl<%HO)b)&Sp2+C3?A}+jQVj~rA?L=sTF2vH=duSL069Dh<bDVf7UQb
za<|cjzBrV4t_1yck4*qUM~DZpt4+NEJI*Aq?P3KP2`b~Xx9dY*SS80+qcZV-)b$l=
zb8ml=?>R}rZF~4D@@`<9S0x5>^S_WRr0{>vTu;&Drjx~fX%a;;a4Q^17(02iAWg8X
zi0wg^*2M2HEhyH>wpF~&RiE9j!ESzcY7!T;3~Di(6?rhr5AL04g^Zl1X7MgLZ0Y7$
zYh20(!SX$xL}>mPE_+NUE1BcJD{h=9%_%RuVz>8HtaQ!1Dr$ntErVP^f%U98B8zzs
zzW<KQGG9<_%DZlRel>jsjjZk6Z}j~s4`lx740Psbj|#DBnD~}ZES(Sg+ZYt@N8LMp
z&J-Q)6vd&<9DjVxp8a3=ApRE*8(z4B*?evw@so{;X{pc3DYM6$%|D6B9BV}c#)n4M
zXjgsF5pPLnheg^l;)yY@cE}iBNYQ8q33pRA<j~1V61+9(ZK_@BN_tpS2<7YNfLFT<
zes(ePM#49*=DJav!1JYzh@i6AM@51(69XdcJSW$|TkG&w;>EATi$2Qtbo+;l@{hpu
z!yYbSo5UoHCr&j#50UG%8$78Ay=;beO{;+@U&LL08M2N?{icw@@>9kK*`RoB(%3%H
zj0+P#F;vWryVv24ozHn(bj7PR7`Gsry~*@&b7sEdoSQ3d9ga(B$G}1$<6YD4pr621
zzu=a8gbWivi1w(w9^b*hby72|1i+f+2q3X>j*k(Sr^lU^Dj#@C6CNV%5mvuLzBc$D
zd5fb5Wm==%kmvmxa5?m@BhpK>pnsmnci&%jG>mr3SE>c7<mbonAS?9=zr20ZRjN=%
zSA`JdO7IpT=6Bu3*dIKz@MZijct85!lMTsja!|1@{eYq%xoZc(C}u}%^O<gP@#Bb4
zgG=>1=R`u(r3{soT3&j_nIx{9E#?#@kYfPbM=eRp!saZ{k(UqYq>#xMmrS(;g3Z!q
zr&R)T&yzQNWBl$Gv`K<kP4uLqH*_<;uI|TNnkmURIJrgnA5}kiL_s4qO+9XZ>A6X8
z)YZ4~xA6b+boEzkJT~P4NBFYSQW{AcU;iz&9UP7+B4ljzZhS3k-_Tn`$*M`4Gldij
zx5UAUFimwUK7?1rW-XP7=Dq#2;DF}CW#nHGk_js#jaFf}PouaE(%I~Y){>4ssLKgW
ztdnhl=8%20ye~NR2qe1Chdrss$S4ha#;1LjjY9k?9?IQI#9f6hNoZKdL7TujyKEqR
zd;jDHZ2k=OWYk|@ju&mIhvB=$=H7Z^wASFE{nJWWw28ZanC7`if5R;6_**Q8>14yi
zu>#Tt?)+wfcRMZn>DTGZ*^USAX;Dn~emRy~dzkAtycM(WnH3&ZySdoCvGL_hp^mi!
zbewh;(r1IqWZJxGaKTmyzjv#R1AOmi?wrf>I^6pcgK#WIrgA!a(=tsGp~z9ela5Vi
zv^C2C`AS}^8|chm=+){B_F5wOEGL<#epUoWQ*78TSp68iBZb=&C0ZU?oyE@I$E%&_
zUMwZYCb+=nu@rh{+mH?I_7OlXM9w?I_Ka^OeDWBjS0cZ)UXSRsJ_Y?&w3_!+(XL3W
zF|=`R6}d8e2m8%5p{F3AZ4hMmeuTY9#yWS%q^If8S#Xo256hfLy!r-cVGgUMA?qQe
zSk^?p0I7l$bT7dp_ri}UG@)jW_4F@MuN9x;h!kM0NGa(LxJ=?7+KIV&hNoc-K_)DE
zTxs}gKk}PEF6G*rm(p6|0Xh#!mpWa*ewr0;3zJ7}3cJPBtras~UE0r`x2Q^J!n7QP
zff(tBZ5F_=f@FP$gdXDN2f{F4JN0&nWeFCd$7e3mmV1%Am$l9$>ld=krqy<s=7HU|
zc{Pfbysu_(;ImvcOvGidV;-pHjDegRxD^d;Q{>L(f2{i!dN-->GWT?Fg~9FD8lNoS
zXCn5jQjUamL8EVpSZrs-zZVC!-F>Q$qWaIG1>(45LyoX;!3)ecHpj5-6_)Nquleb3
zioBwiZ2rSrfHSS{EJ*4MCECMQJbD@gPK`|l=Cr%w*!DZatn>FexYb@^<n$V`w_&Hh
z`)&Q_I)GW)FmXlU$OMM*)QE1sD#=Q$7w+^^!zt4rvG;JJkHojQwGCL7NMjeJ6SA?f
zS6S5T1dcyMAp7JV(hb|veSmDF3&bt8$Od$$$IXvqGM_`BDW>EZiaXf3MP_m`Jnzo$
z|H#Ss4x&L~TIX(qlr{S*{7CV^Jw=P|31ITOW|35^#t87Um7gW^zvD@4faYo_hzsr5
z@DCUn{JQnf&&pIGX7$K8^(iWqC*|x(1QW9vv3!D+BW}<UJakf~nmo|D$_>;O=3)<2
z7N3uUE!kWt?vWpfPQPmC3<Z>$PIket_GOx_<5mB=BQ9#dZzf>4lyKB&N+(ZUET%z?
z)PdSnYTK87znX4^Vk_5|HY$VePy62wYf{29`0X>iKV|f3UK$f5OidjQGE#^@Rfm6m
z87ogBIHV2|kPO)KbfT$}<9)dLq*=rmC+{Q8co*C(`SdUbR?J*ss#z@DRr&i%)cRbv
zpEI?Ru-r6KvO=4)H)BEcIk<@NBs=Gu%DTC4^=!wveCnlE2=DkD^1k*pXQ;;(p4G@Z
zLI}DR^%5oM6;hg_xmIrTi2T7BGON4M!|Sl;ceUphr-?x?F>$;FBlCLAJ8yt6^W&t1
zmp*IrqCR74s(@;+QJbzly_r6e(FCV%-Fd72cve5+3i`jLN-ku#nj;q|e$Q)-P1r5n
zkOvA-z84ol|96u<-V?b#GQ1X}{q@H04Z>@JXO)~f@mFV<bA}>^Z8Nt%rv+IkvU)*O
z#PF5DugkU5oPFn=VLF6XxZ7AAE9~h-_czOB`)m)X%peKrN!w|)aN*ZKOSmKt_8i7@
z)1uOa5<9Kx*7K;FGysS2Tx=Jamn|?MfN+M<-=N;Q`Qxs=a|}kCPn+---0KA#uKr6u
zD#NWcYGY5ppTT}3@y3_~$cQKH&9jiZv|bbW(hjjO>8}MI#<9--_x3nma(;QushD#v
zGG^(#{@(Am9}Bxg;`|46KiS_PuN5~|wW*6heo*=t(3C^4IY?hGM@9UU?JE9rbF^6d
zcP{Fqagy1Z%Jv?;m%-$`uPMLzc#5D;fN7mc3FU>%2=Hz?gly<cNmq@9;mQmf3Zi#h
zzv=T6f*73K=$PaN5)|J1w0hH_-RUpv<2&U0Z_QWol2X=+)xOBighi%no8n<-sQ>Cr
z&_t0t=JPBl8Z``{zTQqPR9oXNrj>(UTjVg&sdA7Yi4@%b@lfXJ(=It-S2mCMFtgMZ
zNz3$}`Az%gF<zMXVxc-M*IarcaL8zO9E<KV*@Eh8y|@GD+XdFW2T#g}0lO(w2!@l!
zb!oAo9v4})2*ckee^Tq0aM8~$qTW&(nc-6Zt^~`xsjg#{HV6IjbX$9c+VcC0Ylf|$
z4^j=V76@r}a+%Q2>)ay}HlTN4l-0}GiV+VOXFurFSzvP6qd;J!@6z(x;Y0q}bKo%r
z9yZ}Ghjyr6ejeYulj!ai*>MzT7<;mhI^|AwW$id0+I$<bs!zB))a@@h&!f#b{9g2e
z)^8LdCo`*=yRWvh=iN5O2oxypt}|Yh%g^teFKnDLdHSs;c*sJ?su*E3eN>hzZ+dQ(
zdLS2OoL)rFBS?id6ER8o&6;1}FpFKKV(mlzxp4>MYZ>OC41W3M56NT+M^bAntFKm+
zNd+<|R59Wq$2|w`<Y;$lu14N#$;9D@rLfM}FRuSHun?$?ztbgJ<ad^AopU%1Sd}XX
z&dcbRM5-%n)WxU3KtXfFb3Q>iY#87-s{+8D<J7yu+|PaT9LS1DIBy0r1Z2rLs8bv5
zR-Eo^ToYp3f>F?Skm0jZ<pP*hzDo!z&J#sCw6D5paJ1eb?`ILLN1y4;tvoLp!wC1s
zEC_iAFL?NypS4oGV-mO(9gQx*+Rv?d2_|G4*l_#%tR^~NH%BE~WG8xk5j4HCFk7H>
zwbCBEJXU^ck|0Btt4q*PSR!KX9vmPKTb3*6ckBVOpIoR-OQn*n`}vW2;~t7<KfRn5
z3B>R}pK~A6R{k*R@Qo6&$>Ub2Mwxaj&5w&q;xW2dQjBoXA{=aqJtb)zd(Tw=$n+fH
zFg4`(;8pbiKbhX^^IXidZrd!}eRtgJCys(Grv{NZoQ~M_b6yO=4U_m~7-_XE>Eo7+
zFFSdjG`%m^a2NdU2{z7|thl`zXTTb}xLWC4kjBM!GOlCg+x)SNAnKGg?;_ryYO=T>
z4H`^rNX~Mjbq}Lw#k}#q;E%q}|BREYx<#hCWjke{3F~EIK43mEL30yOn=-!Ex@TJH
z9xK-Y-7By1ofxO(SgK@Nsz{6j_z<y5<s44}mo*~Y*d{CFRS_`L=k^c1hjGhx%Y>#_
z-fL?aCgx(!JZIeSbu{*={`_=G)08<HSoX5_){dU@zht)EHlPoL*Omz!H$d|B^R*e?
zAEXWB`$3u*gFH$CdX_^!;4Eg$i^0=ixE4DzId?$*y{i5WLVo?H%bnsbQ6eAak@<w3
zR5e`KwjHuc&g5N0tjls2JSMRXdS6`6(2#=b>>P@xRroJkfwlY22o%WNj`~f8=z`o>
z=fSY2o{yv5d_G>-Q3T1>vvw>qCs>oQG6mw_M<x^O(m}8Mez&n$Fm=7akhI&-U5)OU
zk555PG5Ng*b&Y1)wUbdI<A1WEAblQnJ0sp$V1%J+oMr1o@hevgi3z0*8^c(qR%n?8
zO5#<HrXvAq7D@v1SOeT3zdZekbVX<<Kr?Flo04Kk#XZwain^&;Xm{(;r|)tBS^#=!
zj)w(}Du1@SS^RAINDoJZNj6Lo6e!XLm-Q_*?XCvn{9>3F*XE3g^MbBlGJ~rU0}d=^
z9S_{>=F{LxOizELjuo#6Nm^O_HYs~OmTuiD8j$*`fPki1kqFt(_Fc2GkQkn!!K@*1
z%XrS-ZgGMJ%@-~4zFT9pb^Qzy*7I^9pnaYBuUdJaDCQdbE-mip*Km61O&#QnVmf_9
z92>!h;l<h|5Q-4iKv|O6dndk+K$4ie<-J!3oZa7}$cPu(SGxjGAz+fRq8D{&hYAH>
zH-rf2is}o5IO%Tp`PVfIqIdGd>xxJvo3>uTZc^BGb(xZ)=Q?>vzC!D*0IM_qks20?
zl>}vp1GrqtR$@{9W~+@~x>5e_C007C(J4pClY%oesKJ2D8il3fr2u;S3on4!DKf23
zYWbeq&1ombbCvO=ty-hr3qe2G8CK&;FWTwq4>O}v`)W~2p3I#*<XWc9xgpV{!&*ie
zLyE09)LED-k%LSZer<e>DT$*hHMcS3{;$A7&MsVPm>iuh{&2@wctQaO>BrF(iFXpq
zVH8QF0)4}AM{<4YtiOPp)#Lq4fxRmaNa81{CL(x^k9+H3;L03B5yrAki={M|pAX2i
z^+<JpR}5aPr1QE*6R+ihD=65+`IUD}Qzg)nlms6*Y_d*3964sckkpw{aW3s=cPmtg
zFvUnKBd<ZUbXg6W@q)7ile&}G_>y^pWT`aHr%ByCbKyWQ<V8$I!OwjXk)<*3v!{%q
z)4fV?MRmz$+!(f)#D^{3ZjE1`ZmL|Hw5{ZT(BVwk2zidMdYKgwI&SwhdB_|^Q!pmn
zgcNygY>(aWHdTMHEonIJX_h}+Fapg^i?QTpK2}f}`3Y(u_6rDK0*dO7#TqLT+ML7{
zzcp6<w3l!p*LXcKzNS5F`znor4ALuIk{{Xy=u?YpMTy{-Dx7{q8suq=&V7pNw#u0Y
zJX+nK2R^3O+8uYae<GD!6wmu3r%O~o5Fqz0@{H^7g?Mn#YY&ThTz__y8C?521h~6l
z&Y5hXjwP0fi}EqWKRn7}voPEmG=FeBo%G5B(5K0nRxOC06}l04oXP9E@`OlVELGF}
zHLJz5$C47it4M60zM)=3ob}C4dR&!$!pK?iCkz1$yfR+)_hfTBr$_qKDFmD2d!|d>
zXA32_`_tvtlsr;@P1AU&cxJ8M*Wez*JZC&6Ww9n0?h(iz>$nRj`VS4$>CVYp9(=3`
z`T_Kd@Yk+=y|mWkomGHmxh;F)it@YtYAGQGsYeH2m#xX!IREKZ;Fn!7d`+#2iqAX4
zb9HuY_&jJ?tp)}<ZVp&ZMCY8)YK|mVDb#%WQ?14dw>D?ij>Gaznjf9nuMb{UXnqjq
z%L<1q7_MTMJO#YF`+Vo*Zgb}(pqh@(pQTGJhPS?25jl3JJA!Tc{VP-hH%C!p%;Jwa
zcP`YFJ6YcRWU})viEUS^#KuLTB);I+!jj@D^QY)6IXVl8qi;Owdqt;;>TC5W(Us1f
zdj*aZSLxA5V+R_(l9`Z%#=%8vvfunXweM!Pvx?T~9+tBv83YiRL;${Pv^!0y!2odu
z$u=4Ao3M<~TB5CC2g$}V9FgJ@(TscA>*fyKV&)GfdO#=pM$%rDWh<0rGn3(2@k&{y
zCj_RHx^*Gm|JC;4&eJ<yOYElFIk=yHm+$g4uP=9=m)b^0%GGlwuL^TmwX5-%1<7>$
zy-qUn6z!z4nl9|z`$?h<nEXvXTpwD1={Cf?hems)W<NawCCqo2PS=p{F~vR-Aekkc
zl1^p?5Nns%hxWO*f7)Vz@Ln}b8%_xxw~h&){rq^xihu_%T-X|5Abq&wtQdQ(ooT@Y
zw~4E=*b=BVjCcp<b;MSGM{+06ns)52RkkO9aMrYUDyEDj2>Eb$|Kjc%I_OIV1a9p$
zro_wSXjyeBMCm-ErjiB-{iUn8I@Tu>gJCEnM}-w4<Cqpi2_t^x`x(fTNAYt@y-$K(
z?FuH!TdG_Kxx9^j3Q{#>S0e)0B&?kL4>cFhlROmeT#ZK{ay_@WrCj+Jp16w%+?U9J
zFfUd=tnew>sEj!;(GndpjMMoSru;x-JUwzTU353k{dcb9umq}c*aku99QPxf?{|ry
zf^QEXZSj`@{H8KV>Fw=LpXBNqx-O)aKB+b-ovS}v)wq|d`zjg|){)vdI4YwQf4o;R
z{pm7Z?Au{ewYg0}b;OFZHqDR-((wG<fP;53T<xcV3!Y@flgJxQhiN5Jj~FG~9B^aM
zee_Qaz@F7qtl14bVF?;uIFcgwd}>p)NUxyF62+XDMnyM_MgCQEgSIz{*QL0?Y`~dF
z7Nx|u&YT1XkQLW$B1y<yZMyl=yp0YNLv~R}Vl+{d*fOyzEbqeWNJZDTW~Jw_3`OLX
zqKkHWFuB0C^<|VdIlt(L$=sP%1domH+&TQ4e~pI7;@>QAdWM6fk7nAks-8Jk$MfPG
zs}{G~)%+#O1AUZ8F~6|9rQiesY#EKOJAXYtxh_3)tSBk%@}7%qYqPajOey~5h3F*t
zpL&`KIqTM7G}(=@%`Iw=0BDNLCY0_#q%{oF>7@Ps-KEWwilaD95asDACN$kI<oIIu
zBEeTLm^z&1Ze~A8<coI9Wu?Loq_RFOQ+C@Q{K4HRksWL~U40)rYclZ6O4}f37_8QT
z)B6^@8;!}xiWvl?m_@*U-CGDL_{}62HHjYkJ{CiIqAw=Uy>_B`OwG<LWm_X2c95NC
zqk@N&*TRzA5xOfUZ-g9P-in2Fq^b39o$GQYyY~8dECA>qywVwvSd;f^oM*pfBqD(0
z$bD5U7Hn$IkMR|9@%jg56MaWeR)D^syh5$B*D*R2#|MA#&%Ov#%J_8qg*Rkiw6;^A
zY!`j~0?k$yt7ka9<Tl4zCG+Y}n}ispIqe(>Z!W30(eAhK`fG*eK<%FUKf~RFsZ0eI
zRn2u8&&{zeWj70<8g+Y555)cc6o+n`b@i|n>Foa!gbYGk5nlA)-WnDd%|3pSE#ir<
zJVD~+G8~=G$7wyi{Ig^-lVDyYwW!&pD|&30L4zz+d2z1EsS4rPn}Z2&o+1W`RE<~G
zH`wn4nY$d=#7V#C&~zM<D-T-jo?*<i2o4ffpKVpN!3Tkemsb;{bevYX`p>5BCxoB>
z)KgbFWiZJhK-jaVMWa^Mt=L^`FZTdKm{JBWm5)KRx%ad&%^poMqx7eiHcGrv7>|7X
z3i-Syy2lAUoQ5{%=mtSNF}eINBALlFWIN3Q3$dTs!NI|F-#C0(>GS5#pI_P#UllSS
zU7Nf=-dhkIyP$SysC;g;_^%v+Sby^=ulWy?Ij!ojJirpKi1S-;BoO3ZyFn9#!yern
z&Nsau?3F9^#LgmLFYZVQ*dXY=+3&`}4X#?rl7FAVg3$~K0PCg^T_W!^5Kadxe!Yi6
z0WLqb?#=`-={Ozrvr=G-D`TldSUoM?er!|+YQ8+YN7Q?#Qu-6P6y>lI)$u<zVV;Qe
z`r>|?r!RhP_+1#*xpX*T9|2r7W|PIgH@>TztGs5W)n`sb_(1l|yO;0@j98{MN{dV+
zIC0a8C?BV_#<3_Hl93shqXZ2kCR0Z`^AwPBwg-&~ubSA7B$s>Sa?w!Y_|^1i=q>7j
ziA<S~J}}BFI8!t6wPN#II`=_tQ4;cC+#g26aW&=`SlyV|ZLAesK&b#<F2+{6LA&Xr
z)Q|+G^+(~XUtQ5q+2rtBuROF~^yz~=UNhM_w^jTq$6Xh6RO|K9w_joaYe_6GTIDzB
z7f<4|kjWmY2|osY$+G6XSB<wyPSq1Qdt1CjM^nzQI(_-0^Lr}e3ecB{ATvVUD+A?X
z%_X6~fm^St?r@?vvsshHxLTduxSa>sKk?V`0OJ6V68I`Hx0GJT@NxX*U162o?<2;k
z>)k^8w|}1o-47?8L)E5Qf7Mg+Qj77DeZsSkpU7zStOB|_7H0Y>#?C#Ve5h^9LKFCJ
zyWg6{#Lc{SJX~#sj|1LaZ*q&{%k(%HQGDZyw#E~5|Fc9K|A{h^&2TPo?Vrtri`b;h
z9Q{5sdidw9*3;~4#F5`t=y_SmZ$GEZ@6U{MvwrL8#lgZf8E^T@kKBGtJA~punu-|2
zJr*`I6sX_$+pO@L*MDEEd3!m%P~5LtmI1ru*l%O~uyI-gB$(B1umB3&$sfmX^jYJ6
z2QUGoX8Z<7IcK4H2E2CDPS-7;5i9q`Ht#V#UVU*;ld_@JbR*`^NSIY#CSq4q+O_fe
zrXgpFCNM~&FrgM_r0Qo8VdfU8>1#kkITN(~#BFG!$*B7)|H}il73Sw>WP=4<0=^hz
zB5yH#$IGm*hA=g7WqCqgUwa4hO6x7J$cMo7kKJV}4uz`Em%ym8*X><7d3p>3^%7xh
z5|MG;hipcKhKPk|1td<LgQP6MDcYs)d_(Dehg}d8Gbme)#3jjaJ5a#PX88^%_gX+7
zf-T!>a8Ye%Ci$Zp96}T0g@zKQYf~Js%Y#!3=^G|ekY>>zSifj_&6!-w7c=HprVaj4
z7W5t(Cy-~h8m_^ysO>bdKB!(>X@)IjQWrR%hx8wR@#v(f^T+?R0IZmf?D`|}3Ubn)
zu_maG!W5)?^}%=IH|<7!E7i@1`AffNOMK&D<NS?7``TF($*i<7W;@Tm9;y45`s;IY
zr~kwb{uX*mclTA}tQxBEHp^Ns>-W$Pzd)UQZN)rnmLo&G)@ORN1ihj%+gYj1YD~u>
zL2(eeb{AJS*M3gnsZ9~7UQuwpNf#EO^jyFAzse`6YB{Pe5Ikj}dt>7)5p1@bkshx?
zhoPR8CM7q{sYTD5HkEJm><omv%QOBy@{fl%J|o$XNM%}2=WKqaV_5jd>2Fx%nlq0+
z|9GSW5;`|5rnT_muUWybR5X!rVSYu!`Ev?G@(qcX93M{%%u?awbBv94nyi9fr@9u%
zIMvDin0@fqTAeR&TQ+@w?G{Ll&h5m4EB1MJI1PNnQ}iuUs{-{wK)84bC9fk4{a6H;
z4-AH>NX_-LRY^B0r2qKE%)Xg3q8e~vLaY^gl5J-YW2<0YVlcaH5E54PL_S(FEX7rZ
zYl_0|!1d|Hh{%yq<$${$C#B>?mFU7&UuTj$e}2~jkGDzCROdQ=m=JjWxlp3;J9yYA
zgSw@F;okt=%HSTE`ha1+fNn+EqDZ3Z*0>>WtcXolFJab5c=v&qc9viD_}Zp>=S$9V
zZBC0Mg@R}RMSsdB;4G!#b<BB(Nh<tlxFiTcj563xk$KjZJbnrC|6@I|yA5#5SCA2R
zF6#Dj?Cj`TXWj)qhW6%{xq5zVcvfUCUCqCr;pDADlZiTc=uBn709VzMG4A&`thgT*
za3w>((kQPmc;oIW_k4XVGad0()hGeX(=B?zyR=D$kgfBmJ~qh+PQkOHyT0jAnXi_7
zoL1}cd_b1k;C+4IBGQw?atH@I=M8D9H*?PWr579qKB02pH64z;;6B)s*#OUv<68vZ
zIDWH#va-WtPCAaNyqGd>Oyo>{Db{(X5w?gny4GasBegEpk3L>H=@;14fsIE#%~?Sh
zc*I?G^)R5d{D^O*@_{`x8T;Jf<Ciyh4Sc@wZddc_PnG)NhJs&ksZ<dPj}6w{otyrT
z$!HSB?wm41zs2YDY7Tr)?ly_8q$_=xMS#~=BzMo1Hq7e3pZta4@+l)P7HvK~dsta3
zkr09vg|z!inQcA9b3iNO?tj}ocxEKQU*h6_OJag9hPx{$d=%Uh#LE0uQf(?p)8*J1
zDL-VM=MdXE&BNhL4(be<7pQ`oQB4PV(Z?7LY00Ega`O?k<L_=Mp2XvJkRl1E2kk{#
zY82ikX0z>5FWGQoc-d`may%ZCEe_tLx~yv>_}d{sig<%otW-v)(Tx=(Y2C>qNHRBw
z@w7lD&&WlZeVE=<R&-TykY)c9zjn(D#1|SkP1}(7zkUc^wvCEC=;rhGn%Ufmpe}9N
zf~Y$Zt*S5AtJW5~!D_SgI_3W`ZfS#x>R+E`M2ll^Sm?n*OcJH=8(=>N65qa)!cfFZ
zJKHal%Ug$y`0Ja6X1o%QdL{mb-zvj7o=hLDbtSOQ#m9;1S3v7hAU{W(Y?u_TBz!zE
ziZ*)(J)DS520xHZ><WtjeDNx)Z>D6>{OPZ4w^o~NP_$*b(u?)t8E&$n34V9naCwRt
zQybxk`EUUkh6}CPMbmRXSz;%O?7kOVXV&VdcP5c^>X7}kbCENXU_Jo<z=^}H`ahGT
z#U2fK-n#eC5eHvR@61IBX(O9OzS*TtoVOoBXZiaF6VK5Jh=?>9+DVaLeq^9o(4$`&
zg-i*JWv2nY>j2g%=A9dd4F*dQK4Z5S1NmbTC;pL$7+oPMgz3KVYFGMh_=t?YnqvO#
zZX0@*a+i|DR1}&StoR6TpUd0-78x3*jpMQvTXVEH7atlX7Z%(jeSw%iPZX4{X^YXA
zJ0wkBTXV#(Gky=w5*i9xuNMH7Bd5MuU1&U3YtZIYtmh@#v~y{+D_;=hFuS-Y*It-2
zE+DWbO)MEY`AgbAH&++UX{7Qcmj=~fAN9*U<>XsmI*+Tz^3tTIQSru}gDdsUIQ`qj
zW;H`#Xbjlf4=LJaD$ecgd+yW4)iTd<7DRtW-wqMn%%3fpS$*z<*)dzdJ|+@U6s;Be
zxi!l2B7;RYtE5sR2>~V$kFsh!a5$_bqOk%@L(*t`342%p<e8w#Yk(A^4rmf!i>=O*
z{KjvVMjy9zTr;%Z7^i5EvyRB2L(oV8QIISDNk)Y1-?uKQ5A9D~L=f{O^7`U-e29*u
znMO24>X|!SehcxiQU53|0|V|9o#>*6R8|Nz^FeQ8{Ws+eLwCVxBWs=DH;|aCMp0yk
zF*#XK8@K8Gt41^x5w36EdL6P1uT}f&=M(z|ep`Zkb@Op@O4-=!7nND=g9Kdk9Bp;c
z-mM^V)Bn86Q$FGIs+o)ARateiHQNRSTznmusP_zP?SE^lJAU+-d04pG($|35RA=dN
z9U;YUp%Is#CBA?<407Q@k;cC!<9E_?@|UvUC{TXmaU{`eU<hT_Jlld0U7Vc-bTv;d
z&UUAEi~&2vbL0$ek+$zwaQH}n?q9pC@?toqTM{AQttbPc<pp>;;DuwwsYx(BmTZYn
z=-#Ex*44E=kanz9zJ;}I-HJayM};g`vt@3-%aSW_coVFEATk(gz5^(o&Ku9;&K=)_
zxtn<P9~z#2ET%n8lg@b^C?}V0_;y>yKqIX6)j_w$B{Oz_Q~?J?*G5FfFnsjI&DE7U
zOkDOmkj<i2Se^Fh5XK9$_{b(tb<{H_HA#bXp5&KY$?~y-^{v-Gx2czr-eZYm@OcYx
zQ`Z&9k8$~VDi?X3RT$bl-XW<@A5+AgufF47C&0%|#XCEjI$blIqPf1fFfZmmvjEzH
zUR<wL=K|+m9kVmUKY}KV`XjmDhX5Ot<yg=Ol(w$WA{)cDkKev<$k*Y6D0A}7iHf(@
za~r#RSkH-orjc81O0wnN7_Y^zfHJmvQ5Rr{8WI|+u#S^e0>O(-nsy4mZ2-Wfnj};$
zIp_Td{1_*wvT)$!hQJ>CFm9`Y-XI|91D_eHi9CoqQDvCq$CV%cw{dC`Kt0tKPcGM4
zG5O-x@q!Te^r<T~C*3qdcsLNa_B#23Gh>cF>nn9|L(-e?x`F2UVfNUXJlTBa5y@x$
z*mAW{#){X^EB};XwZ3AqeP2?(x5;AJtK5W9W__C3aZTpZIL@gB$!+%2H?@dT5nI#h
zo^*~nVeavM^aM`Bq6|oDULC7MgjokDQH95j?Ee{0hERD$`~V6nkg;(BosfbC+?w#3
zs=i*yEM}gV1T(xNcwg?`*z-duM&-7Eji^St&u@7P8OWQ__f$xxD+_>m@_9KJ;f;3D
zBT^TGO6lf`N|yljb^+8v%qI7`J;G}Y#QuZjSC<|89h%E?SJTdKI;&zl!7XiJL_Tkz
z3t%D(KeYF5nQXhfA?G_h$njoJs8aCyCHH=oN;`hcbV1a`=}?$@?6za65dTY=u+j5T
z`m~Mf4$&d+Tck(oO<Qid+d2u<76~RgBC#P+&jRK%g|Sqm%Es24veCyblT@-6P9m%1
zJCDPndp7upsC`Gtg9N09B*zmQmdJjl$eHr{QM?zy@WY^GGWJ_ebv#}19{gFY*7!uz
z1)bf)-muM3_V~PQRMOM}hb{nsG2EMo8eY4W5EPnr@OtQbn#lCmvBOL>$?5~ir$52s
zr(<&l=#iy~W&5n@0%-bkA+V<t)0V#pHU|4Zj;r<rw>*V1>>_=5LBpMW)0@~%{aXPi
zs)h7PRfK?oX=zIZT1D4}-KBbtPlhhXr4|SUa{$Og4ODDNmD^pNA{!i&OZ%_9NvvU0
z#U`S;2C)5vp{hOE5KipU3oW(Xpi<2bC~}7vu-M}?rtviy?JN0(&+_2D)0;MieZj2w
zLXPnzzFd*kw%}gU?;Tz1>g*QLp$;5G)&CR*l9YAW<$pm=E+jwhc=mZ?mB`r@#+0xv
z2+czyGg_AN>ryQG*V5?vm%aa;2<=DeIid(5I7_I|)ctzMZD>uJ^rhOcUurWx5uMW0
z4HBP6Vp57yBEL!t#(xb!F`v4uJ~uII(XchKAw`$^9`<}E1z{fIlg7>X?sJtk`j3%R
z(4cAxz^=-#{6JF1)sBg3MjhczI0LgQqz+K#V7E4(1HVlATrSr*<RO+@J<1zWkOJDT
zFK%RFq$jTm0~MVz%b}x{&{5o=d$cQpH3(wLc@zo^YY-H`5NwQfKz5)J{B6wWT9cjR
zSur%GOhX5dgW6BGV;o}#)xeE{zppL5ya?GNjf>gXn<lDb)c_PsSfOE-&o1w5^1?sP
zDg&vLcuuI<8K8T=dA09~{(71W5036M#9Re52QH0T6Xk%oaKBkVzJ}D@vNg32!Ux7{
zW+HqZwGC?-GYfseZ2kRvysp7v>-IL3$XqthE${Qb>(oE~LJil*(Iz@>CR!RGMOe&@
zitX>y)7mdCWSU=9_SDKKHYi*Zv-Naz0jkN8@^LTMZX7mk9AxZ`CWi66qHFA}^~?Lj
z+x}0|)wQVv2Hg8yn;x@gs87<v%XpW(e@daF({~Y5y8zMqycz2{uc4|q4CVL<e?PCo
zVBa*R@$g*$kwvv+xRvJ-ax6^UwzMmExSL&QRE&0&Jij!m6d2pc1G<@-PZHWKuDi7a
zOQNYSE|!}eVsH1nbJ=#QELR9s!5m-|Hm;u)DPD|Ke=YA{yf;pn6$_#^@ZqGc$I%`6
zW7x)Cd#YvHeUY$K+@Z^FD{4Z&9Tiw?ik$e4+yD0FtkQI7UsWSwqmS^^=|jVmlr%Rx
zdE~yhQqHp;J2%aLA(<Ftmq^86^kQK|kVInmgN^~1cE%jSQfD(l9@Hf?k{JJ1_REdt
zlT><rJS+9*PMO&A(}KbDGuK2^_Ly0INly6H<ewHwt6X6p2kW33yDbETUsV?03<cCO
zKI&uDUvEPvBL?F}eY90DK5E-n-D*Qe;c;o>obU4vulal(yQ2gFLf1O22tbf&17UI$
zTsoa(^y3}m0hjl(r@RtRdK|id3GJPjTjyvkb@MJr(9rj}UU5o}t<e(Yb{lw2<cITV
zJZSyx{18J}uDQ$`0tn=hxD_B@4<L2O`vMeVm{a`==KRahTpJaMJ=d>*{$ahDirw#s
z#EbC@AVr{r%LcZoNSM(kc>8p^x+879Wwig9c<;16Eg+B*y|8!_;g9@b04Nd%gT>gE
z1k6oRc+#5d7erH}YBY(T08?$`6L+m9rZr}ECA7q-7GvRKwH?d#8vEf``O13K%cMbv
zrZXj_Ln>g$C%*!2ZfayjrpocgVb`K&%NJtI3$BXtB%pOf;Ui>Ee}b->&$gZ6^P!5^
z=&7Jj(zDIu;L2f%2Q%nr^(li#ytfMD9uNB9KB<6@U+(`Z*~Y|wgqv|Jf#$MXaJ8hE
zL6!!QT22Ri`NvhY9Pu#nk^{48oD*}ujL+0qx9CfJWlv6ED<GDwW4$H1EX}iT-D%r2
z5XvI?c%zg@rQ%f(d<ZEb4O=xxgUiFxH0xP4ng~Y*>vyin9IP`)2<5IBo;|RktEnDa
z7;lF?w?${I<R*s_JtA(2f6xx0HwkDD=2bM`t$#AU%kt>-w>*M8dMO2X-uZ<0a7+F^
zgp(H_>7>Hw&naM?hUlEQ=OLEW{wrr@A@g#7kzkB)hM5wsdRDCSkZ=y1oBC>vvv{^$
zwk6qnN~8>`)y04q1Z)KEwL9}CK+pyhV&Vx0(@28!mc#rA2s{&WcltUTWQyoS@qm6Z
z7(#wJ+?Vo}X&$$S$6d^F197HE^DN(Gu~)qzjWO@2exw$vfhMaK8F6Zn$5i0)tpUAw
z&O*5=CS{3(rt}v5WM8c~!K8VZYa+Zt_2U%KTd}Jw%rU;%8f1ui`O%W+Q*F90_ay|;
zzaXmOl=*o<RG<IauhH)P)&k%hzD}7KNQ{V1mS~;9C|il=kJgxvo<E|U2ZooT^?F0F
zPVrx6>vIdD9T#@{6UGq(>g@M;JJ}I*KiotzW?I~hM{4P`>rx4BOa!X9=}q%&>o#GP
zPgEpc(>efYR-#s&?%C)xUWOXT4$wi*$$LVivWIg=?lF$3KO_|@iM~`1z<m|ny-2lp
zlVy_1fB^*+*WOUUQ9&j%CA;+J<r+EzQ_NKoM-Ho7eLx3{{$UuJikeNk;23t=cIgu3
z`XpD7-g}$ajh=<E6}};1d`d#fvW<rf9X6)5^os;EZcW85Tvt_`&))&W2>J!6L$!7!
z#&Yc~I%hpA47)8XV|X=cAO&kl<5WN>ktvY{$h^|gENksR_b8F)J>e%m4y6AD8z$qd
z-wIH+yvIw^zbHUs*9^u}i5c7Tpuh7J*tqMQ>oVF@I{i0zhk5_B_K2P&pvCN|$N#qv
zHBgNdwzA>iQ2c6?eQU1+Y3>Sho1=SeoFvG1XI@lTh{l6Hit_`QX!SCYOJf82>2ju8
zEe>tjsw$GojEUFKS$s+0#r_5jVz5(Q;ibY;DhVCl&$IDnDYK_7Yo5X+#ylVHmPsfI
ztO7`43>--<`cD38vBf_-%$6_JqI?z~|4}(=IJ!&m@I*2I<A-PaA|Q&8e;RW;@un0&
z4Hq3B_q~B*9+Dn=_rO^US%>Lt!b$O@;?hixAImO-7B1YY<T%lNMbB%0A6+avc#w{&
z&=!_W<B+jqyjA;>l*yAUWJNO{_K?OpEa^=1{BB;6U0af&Ut`QTFVfM$V*q6ya;&8$
zR5KOcJ(RQ{8cHAq=xy==p^bX0)WQf5_sXpC2iM=fZ_H_OrzG{8@aq_d497-^+F`CF
zqSfdU`cyUB@_o)J*8*6f|2}5z8aD3D@yt9=uE0z0Em!DK2LO%YbrN(yviWEAyk;0-
zfQQd((~JDevBiGhx|#59ou^{L6S_{0?XC2I#eYQ<J<G;8V873SRGY}3arl&zrLcfA
z+7$rl95hNbas?jgjiEY`pmOFpU@{1tz~TR|HK6wDLNEhbTgv-N4H4TQ5+6K>-h^zC
zRf+LR1)y0=a8#{BuA4F&wpCxgmpUR!O@Zcb*IBT@syWE9_ZXE;d;fNhM4DNL@c@*b
ze;mo9j<GG&na|fv4wkfQYclkJIy_=D<JR=<>Ic<mFgEBeZ1k?J`@QUjLg)5>Gh{%Z
z$`$eE-4a_@D9;WyE@hoov3^e8ed+$VGDt-7tv+}1OOLzeJ;EL5bS#BxE0s6EXmogN
zAHO=Ut)Rw~(7$7Dgls6CWo~@gD$KA>N$CxD|C|7@Wwy@u2dJ1vI|f#{GbhBg;|7MK
zbwT}T8XNqQrKQ=9`s43c#<+>PE^XKgM#chVOFJof_n$2@HDNV50ESbPdg4#Zw$!Xc
z=`%LwavS|n=}0-cyYo)_FJQxK9{#lPrro!9Kl%awm|2}EHhM3r3#oZ>_^XKXQLA3}
z0qTqZExIgfcAn!4$#Ie{4$`c^z69vt?3dH@q&ID#@GcCer~Gw~{n9rs^X^IagP={p
zOYz3uxnBr+h6>oLi3KFa5=GO38i#G%2hqe^Sub6F{_7$_yBT(30PWZuA3eKfr-3y9
z^uCV!pQ~#CkGE}pxmQz~ekI;{Cxp@^`__RTp4hR)LlY1kg%!bCQ5(|LJp>5Ewdz=N
z(8K~aY8D-*6{-}>2LT#uNUngBe25d_sPG9H!N(V1t@1|m?=fC+XT;}9jhI1cBA;J%
z(Vl;QBwybsZN@buDCU{K%U%3og&q4@FL4InpER<%3TF_VirirY%J-<Pa?lSSnN35c
z6xChicw{T~3@>cc7=}9buC<dyS^{_7Wi{Q(zF&K7(qS-iQ#^_Rg@0a)ndJ`pm%P%N
z@cF_d_A2$B^kutom#kKbW(&t3t0TFB<Bq<7hTsB#SO7fWmv0v*W9sn@^)T-#zkH&X
zoMeh-ao=E)5HUaKQoc#Cg>ch!SlGU>doZ^*uj#7vV3sj_kp_!n2&%Wc>5XWD6)T9_
z`~PJWb1~+*G(ls@B#4P>dLTvKf`O9}O=EG))s2zv$Zoa6R))}oye$f6fySS|{>I0T
zt+Ta(&1DeQ*<%saIzfP5fGS+rn0wtu>t_K#j>&DX%6FMS58jJ3*Yt_WH>(EpIfZ;h
zxwO(Xcz7)9=Ji43Qu8)UGrkss2Hd|sf^)D;y$SHoW-B`i<0;f9OnHfelnd{x{43E9
zx&uzP{b3VKd?prYV!yv(xl!$qhn>Fvh;{!um96a0`qNBHxs7WX!@ht&W$nj`V$r2>
z&zP`rCkF<?Uav;~)dH!f7FjU1J9zvuX{ssib*RbgzpGC1wnwRFix^Nvizs>JlRSD>
z^P1BF+Qer91Ul{FxahM`EP#S~OW@fd4U;cY`%*LpejjJK3W$JZry;%j9dp){&*_!k
zvdMn#>-0=fpr(1Zyis#*f=0uLyR%OlB!hW;X;6<}{H5X%XQi=;!S3eeEOU_UQFscI
zxr1Z3!W;*8oAB9#y(x+hB#9n5v-CP|N?$*9<YoU8)mug@`~_|jaswN1I9#XlvU^Q7
zoKVlo2WThY^fTJl>M#NE6|eD16aV1RATDrcwSaSuwnT$!0l_va&(z$y8tUT{gi3It
zoMzPeLL9Ws#Zk>xHTp{oAH8W8aB3%R?Q2N*)V2>#o1Tclj+CEllRB}TzJCpzxzKKE
zCp0kLTYE-t<x3<S7QAE{W6Kx{#zV`8juMy?ewRh?zaSD8Yk)8jl#!nIo+WOeAJ%a%
z-ZrX_#H10tX%NPEE;1c{74kk!2IE5XjXu>~(K#U5`?1p0M7D@5R&S7aJlExF*!PL}
zBdY;YT=cz8o+6vU*O`@VJSzf)kW7)TMy5hso`U-Re`zEZ<ckJp4ANmSy<~q<3OfiH
zILX9&Bt`Q_1^wf<N~3B%0ojkm(?`w+O##$Wp|QcoqcoNLMAP^EWkcmVdxS(x?JV<C
zZwm>hW~fHg@j|JmD$w$}zQhUgT%27p7a!wnu6;u)BvS15#tANnEPnB-8E-Lg*1|A?
zPUm;c><}(X;p)I<j9y~*czRzE;`15iY{!ehSeGAzI}e8>Fv$P>{v8RQJba$YHZCer
z3sBtv)q=lfTBi7sK95Z*z$-_ytwcx4hKhpOM(&(yhM?dzubLWwZjHXV=h!Jtv(P`O
zy4WBaN9)x_VG8)9e?&`051&f4J<vtkhlY2<?oN4MBc<#09vkdPpw1Kt<o*9i6X*O>
zS8AvbKTjkm#HASW`)=0ebzPI7-k{MJXkyax(1z^V>{v$p{VU(uX$25`2ZAe2_Xlk^
zis%{~@Qjp$Kt%$)PWH<b>EC96|IqiY)BuR11~j55zN;VbloHhG%h`FZUE<&#=4v*<
zUdxwM5~KqEEkOJ%4_$0D(F4s-D~*}I6j0Sez6D1WpF$Z$cJde&8GO!w6D*fD0z9g!
z`)Rs<xoiN|Cc}8W`-G<Ji?}1>6J-YU3jkJ@|JOege1Lt;10=Cm#_P?o(P}nG7_TSr
z4v_KHA^wE*7<zb+$uEwC-&AkUBjH)KfgzX{tUgHar}rmb{Z)hn=qI`C*q}UV>^|fD
zjGz6?`_g{=7>mFO)2i#E5>lr2pghnY&ddG^4GW;B>pPCzBCv~cJs?zJ@C-4Nq3`vo
zy9W+6LJ%qA9WF*W(i8sYx~ii+MF&~E<3-byARC~D$p{zItGBcgP^|RaqIMNii$vy)
zq&R`b<fSd3r%EB#yJmqkvlQ{=vo`4z-XE>gApk|jKdSz8i(jJJIG{#5yePW<s~*|!
z?rQ?SL2J;?p%tgMoQxy2pDmExqiLG6c3Amt<YLL)BN_hxh%85?(vDu?-gm8fR$rkP
zGb?977Gz8hEY)dAx<Z`ve;)eo208Hm2#EPG>*AD|VVQQFp6+m2(;hs^UujIa<I^*$
z3x|hj3SJte7WLWO*HldFg(DeRS-3$rUkp~bf{Zd|PQDE(v+HhCS?`}W@Tn-vYkwH@
z%?G+03ih?nvai!*Xc?*D-$|4Yt#cI6*Pi-}L92pFVfjr{h9$Xcz8N2I3{!$S1fq{r
zTV7@TRuz7(D5?JS36Q&JV(`{iwt<5qAOIB6=W<xSk9;3$$=;sx@#I$WWWJ9Aj$%Vi
z9h&+A!eNoC@5&q``ya~wu5~NSciQ0Qtlepq1(s>gW)%q-uvFp_vJ`SmLGObOFP=rh
zd4vFlf4{u?yGzTTUl@)gqQq7e0v}Y^v^mEnoTqKw_NLYuBp1s;OUz?_4-s_iHTdE3
z=;-)5@h^ZCsdN8T2ZcZaQrDc^M1C{z?IsY`TG$&cc7%3;1lTPZj@!wVf8ItMZboB9
zE?|`DalBJNNssuG1KmHMS~xmhy=y$00Kgo1u87)bHDzK{vvFqwM)$UGx&*D@nxVYF
z-fb!7<j>0(8ryMY78X8{s|-h}h~*=1W>1%Ir^?rHSW8W#kv?O*m2|0!(qDl(LOMZ5
zKoP+j#$@iNdNHVcSrqm6?Y&TfTuM#HHz*fOKd4Xs0uS6HW8j$7l(YcWcq>)UlO$4m
zywW!W*`zbawAB;2Sd=bYjD|fntvXzpa1umbqAtk15F#_3YWfq)3>$QE{Ax?8bKzKZ
z=XoD(IUv)V`E8i371I7^rTfh*ej!zA>`rb-CR?J8uvA4PIXDky(=@G?Ngcjy#(c?m
zBJh#PJdO8dS9qR|_^zR(&XW&Q>?SOg!9$4xsx*n1_>2fESb+gcHuQo33Zh(qO&&g?
zH!`hV_O?4RE0Ah--wA;B!$ZfZ=`2@&Q`iCjE1>z|{{mDt7^cAuxjQl1l$1IKAe$t0
zr){K;_)=PM>h^475jd&6$pKz8oq44PDuc}q@(ayKr<jHlGq<k)G{HLV$1lIH#0A-$
zo}Z7QD|w0U-bLCb<5cjSelrw`N!lOG=xwU%y!@T@&1?ZVhFLv+i?{34S+}AuqQ`wM
z_FV%#^x$q-oQjUMFd@G3hBVAw@K>#W_^Uh_fMd+J`4iluw^_>E&wJJIHltWPn0}&8
zr)&>3bMY}A#aE=L@n5A#gzajQ+(oTgcvW>g`p52O>i>Lccv{gF+w5y`zZ?~6r<&o{
z>|uxFv9JY}&zQC^_QmQ)+Z#L=qs9W`$fgC?KX)7TF0IrusLI|jUNnCKK)zhAVPQX=
z4Z2!y<0o|^wJ#|P$vDFM=&*`PoooRh&Q}e0@LJo^H}whn{d^X&si$Uvj<Sl_xXeeP
z6S+T$;c7kO=Ar4!HCm_MbfTn_J1TyGV9BwPyO0A$jf^=t=HnUhTO1iP{$(_=C?Oqy
z9>wwrv~3B6O=|ok?`i3OxGTGOmEbtIUt*%48fL@h)srd4jZI_OP;6Yu-#8n$04Kp?
zslb7~xZ7#mDQic(f&nDsYwR}m+c9U2=ev-Lb&*b<DgEucmJ6e#$v5a?S#B77vTa9O
zL7yj5S*Kc57C)djRnd%jEw7GZXJogXo5T%>(QgiT;#1DCvlQMAqNK4y!`t4)3!2Ge
z;suv(X>;H>M?I@dg`*yUbGqSGV{Wao-2~~(e2;vYeC0&Ox6VjNUo}rP)rIc$ZKn%g
zxAKi>z6Og6M~VIox`QC}S5uf+J`je6OIpMWx^!dW85t8j`ACZ_?khg}M4%xtywv7G
zb&z<zR&Ok-3_tI)AXkmEn*Oe`m>D#0sfd3Es-1Hg@2Ogn^N!asTYzndfc9%hUcx21
zd$^i^F1CO}!@BYLwQ<@Fh<=z&yiWyn&X!PnMx<LJj6qiz0T_}(4mPgQN1rfD&R-w0
znWk=L0fVD`OZsN?d9AFUrq|WVrb~(+s?>HJ${H6*S4CyZD~(w)`Ee<7gKoe6KgFEq
zTa#xLhhK(a7`7Nf1Zm2~Fao6#0*bPfDIlYO5I`s+KqG?6N(5O2L8cK|f`HXP*kT|g
zL>W$sh$-8Fpb!%j2^dCSd-b~Nf6y<_*YoXpo^#IczPtR!>&dI7UM=Eiu!1<`H%4nk
zBzu`Ud?4VC(;44#O)+EFgtI>7@6x4Kxgmke!Lp|0h0=bn^7=x`VS3OttL)?sUkv!w
zZf$;gA0@y&qaQ!)KP_6;i4xj0%LvQPs;_Oksq7Wrv-;OdK~X#`s+#%&PE8t!!`RZi
zfpzUG=ikuKmO~bWppyZrM5l0KVRSwDgPiJVm9kX#tdQ3_q-pc3+*!^PU_Y?x2=>XN
zGUZ=&^T829lFN{@wl^Cxb$$pYXLGA<fy<s;a+=_Wy{94Dd*?(hp}Je-V;Q5rFl^@)
z^arUC&x^qdx1Jn4otfC?){PBSaHEEJCPB(i4v<&A&?61(UX1z78$Gb}7D!7W0W1l;
zlw37$oG4Hlkf^8mkIPUk^4&~GN9G<7HJEWC84m2K<l@W{C{82r;0xRC4&oE!^{9dO
zO>g;iXYak02hzIsV25?}fI4agU5B1JOAs@6xBToc_cA01&5Uc^J?XePx8|<AV(DEr
zr~1&^1UZ`d(1?QapE#KhtLZ%yZhm5yq_2XMQYSo}3qJYl47{cgYv0;Pk%QwK%WxE~
z%~w8DZp|&CgcU{(LRL)g#`dK)T<@J$RWrRs{#0U7H;9ENNYHYz?1aUk(o2W%`TcyP
zT;7Q=hcct)kwwj)PF5}*Nz6jKvLi$?z_=qbG(QjTsR+_2smB>0R!&wLuF={R#lnsY
z>N<${>qR;tU3ZZpNAm#jG8Ok?40l%a`J<U=b7nSo>qAoE7U@iG3@snQhW`1huxAAW
zf2WEiBdS`gfmFV@S|!O=R1RJ;_wR>@lgCVizsX5z>}4sB3s*%C3(Y|pEzd9<oDkyh
z-PfbPzp_s|**~Ktv25W6tj|&0Sly&2&U(pSA=dAJZNj-NgypOWq=FwKJXyati@!yC
zD!itG4ij7VS@>)K_^Hh#e2^mg+=0t-T6y1yrYcs=OG*3!gz=ylO~}q7Hc&1Tvi<#l
zgM8oGUcY|&p*(KRNUW`bcGR)3H^K~Xlxr4csGU*$N`)wC%4SIy1&<ay5qb>nKK<xH
zi+&<&l{!pftDeRbMA9MirKXz}X9UWKQZI_9M6%;MSN*RPoE6S6TMpa*sCq%(blp6M
z?uEbR19}zg1C(%U;Z3;Ig%WO#tlWk=xAKPZu)Esh_(Vl57rW><QosItq6gKArGOQ?
zNLWt=U_dlZ2HmK%xYB?y5e49H+XJ+Csm<-BRQ{P=5V4Be|Biy8@h~W6<SNB+LL(~%
z4I+XT9m&lHj!g==ka(?7F0Y3W94E4GgB(h=5(wi$F6ggd8%<JfAF<xEHyk#Z;$FTO
zmqGpN$oV1HYf3k0(^f@$xzOqnsxr+AbiGusEsfz;9CT>Hfec3A2u3IrAVLX~0(CK-
zG)Cnkf-RWeyH*Le={y>8oZXAc94OOs8bA~o;S(=hG(=0o&Y8&>-<!K)x}lO$*gfmq
z?i5XkKOG5hP+k)Y5sg+iNz?nsO280Bc2*~nGp`8Pj~Hh5DJpaR7|dZZ!_C0N{;Gdw
zAehFNjvpD_hE*JjVGY3o)68Z3JdI9`zIWz*N(tZT!&@+B^cbJFg6mDPz!q|;C-Drn
zt46=Ao6EyWJa@itXxP};_OP}h9f65Go3`+bU#fsN7&b0@vtg_h(Yh&ZP^Gs$;{~#o
zOgy1~P-#%rrx2r3FkWvKdp?;A2nKO-KNHS*c<lMe=elEhTAs%z2po?>WMBn#nz`+%
zb-X*6n3#4)&DvPRCpC{xcD9ehQ4;Uq8$WVk$Q!B{?o7lNu6p&D^Z0yolHkKm7;j3y
zYhr2UGKGb>{Zuz!E5?y7)aSy0_iX0U6rwkCyVUw>8*&xrY#5fzN3;A7>E~Z;%yPKf
zBr7JRd)wl{g`L5auS+6R+t3!vfTkrp7+uqD?wAI_g5B%Ay{EQ5qfT|o+0yIBGH5BD
zc4_ec>_O=}>rKEvg!s2(WAHoSkkNNiqW@7`B%|jVSu@a}F$VgcfMYh!)=ftOFa8at
C;$ox#

literal 0
HcmV?d00001

diff --git a/docs/images/osv-scanner-full-logo-lightmode.svg b/docs/images/osv-scanner-full-logo-lightmode.svg
new file mode 100644
index 00000000000..3358f4b429b
--- /dev/null
+++ b/docs/images/osv-scanner-full-logo-lightmode.svg
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Layer_2" data-name="Layer 2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1270 142">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #231f20;
+      }
+
+      .cls-2 {
+        fill: #e60013;
+      }
+    </style>
+  </defs>
+  <path class="cls-1" d="M186.01,38.36c0-9.22,8.24-16.47,22.36-16.47,12.55,0,24.91,4.9,37.26,14.12l12.94-18.24C244.65,6.59,228.76.51,208.76.51c-27.26,0-46.87,16.08-46.87,40.01,0,25.5,16.47,34.12,45.69,41.18,25.49,5.88,30.99,11.18,30.99,21.18,0,10.59-9.41,17.45-24.32,17.45-17.06,0-30.2-6.47-43.34-17.85l-14.51,17.26c16.47,14.71,36.28,21.96,57.27,21.96,28.83,0,49.03-15.3,49.03-41.18,0-22.94-15.1-33.34-44.12-40.4-26.28-6.28-32.55-10.98-32.55-21.77h0Z"/>
+  <polygon class="cls-1" points="334.83 107.98 293.45 2.47 266.78 2.47 323.85 140.73 345.03 140.73 402.1 2.47 376.02 2.47 334.83 107.98 334.83 107.98"/>
+  <circle class="cls-2" cx="72.7" cy="71.11" r="11.4"/>
+  <path class="cls-2" d="M114.91,14.52l-30.6,40.7c3.15,2.3,5.57,5.51,6.92,9.24l47.99-17.02c-4.71-13.24-13.25-24.66-24.3-32.92Z"/>
+  <path class="cls-1" d="M141.52,55.41l-23.33,8.02c.47,2.63.75,5.32.75,8.08,0,25.49-20.66,46.15-46.15,46.15s-46.15-20.66-46.15-46.15,20.66-46.15,46.15-46.15c7.5,0,14.56,1.79,20.81,4.97l14.97-20C98.05,4.11,85.8.51,72.7.51,33.71.51,2.1,32.12,2.1,71.11s31.61,70.6,70.6,70.6,70.6-31.61,70.6-70.6c0-5.4-.63-10.65-1.78-15.71Z"/>
+  <path class="cls-1" d="M92.35,72.32c-.53,10.41-9.11,18.69-19.65,18.69s-19.7-8.82-19.7-19.7,8.82-19.7,19.7-19.7c1.57,0,3.08.24,4.54.59l8.33-11.13c-1.53-.65-3.11-1.23-4.77-1.65-17.62-4.48-35.53,6.18-40.01,23.8-4.48,17.62,6.18,35.53,23.8,40.01,17.62,4.48,35.53-6.18,40.01-23.8.99-3.9,1.2-7.8.8-11.58l-13.05,4.49Z"/>
+  <path class="cls-1" d="M1113.41,96.57h76.52c.2-2.36.39-4.34.39-6.51,0-30.17-16.76-56.21-49.9-56.21-29.78,0-50.88,24.46-50.88,54.44,0,32.34,23.27,54.23,53.45,54.23,19.13,0,32.74-7.69,42.6-19.52l-14.01-12.42c-8.28,8.09-16.57,12.42-28.2,12.42-15.38,0-27.22-9.47-29.98-26.43h0ZM1113.21,80.8c2.17-16.17,12.42-27.41,27.02-27.41,15.78,0,24.85,12.03,26.43,27.41h-53.45Z"/>
+  <path class="cls-1" d="M530.21,38.59c0-9.27,8.28-16.57,22.48-16.57,12.62,0,25.05,4.93,37.47,14.2l13.02-18.34c-14-11.24-29.98-17.36-50.09-17.36-27.41,0-47.13,16.18-47.13,40.23,0,25.64,16.57,34.32,45.95,41.42,25.64,5.91,31.16,11.24,31.16,21.3,0,10.65-9.47,17.55-24.45,17.55-17.16,0-30.37-6.51-43.59-17.95l-14.59,17.35c16.57,14.79,36.48,22.09,57.59,22.09,28.99,0,49.3-15.38,49.3-41.42,0-23.07-15.18-33.53-44.37-40.63-26.43-6.31-32.74-11.04-32.74-21.89h0Z"/>
+  <path class="cls-1" d="M1234.62,102.88c0-27.61,14.6-41.22,35.5-41.22h1.38v-25.24c-18.34-.79-30.37,9.86-36.88,25.44v-23.47h-23.86v104.13h23.86v-39.64h0Z"/>
+  <path class="cls-1" d="M721.84,123l-14.4-14.2c-7.49,7.69-15.78,13.02-27.02,13.02-18.34,0-31.16-14.99-31.16-33.73s12.62-33.33,29.98-33.33c12.03,0,19.72,5.32,27.02,13.02l14.79-15.98c-9.66-10.65-21.89-17.95-41.62-17.95-31.16,0-54.04,24.85-54.04,54.63s22.88,54.04,53.84,54.04c20.31,0,32.34-8.09,42.6-19.52h0Z"/>
+  <path class="cls-1" d="M999.48,83.76c0-16.18,9.67-25.84,23.47-25.84s22.29,9.27,22.29,25.44v59.17h23.86v-66.27c0-24.26-13.61-40.04-37.08-40.04-16.17,0-25.83,8.48-32.54,18.34v-16.17h-23.86v104.13h23.86v-58.77h0Z"/>
+  <path class="cls-1" d="M881.05,83.76c0-16.17,9.67-25.84,23.47-25.84s22.29,9.27,22.29,25.44v59.17h23.86v-66.27c0-24.26-13.61-40.04-37.08-40.04-16.17,0-25.83,8.48-32.54,18.34v-16.17h-23.86v104.13h23.86v-58.77h0Z"/>
+  <path class="cls-1" d="M832.23,140.36v-61.73c0-27.81-14.99-43.98-45.75-43.98-16.96,0-28.2,3.55-39.64,8.68l6.51,19.13c9.47-3.95,18.15-6.51,29.78-6.51,16.57,0,25.64,7.89,25.64,22.29v2.56c-8.09-2.56-16.17-4.34-28.8-4.34-24.26,0-42.2,11.04-42.2,33.53v.39c0,20.9,17.35,32.15,37.08,32.15,15.78,0,26.63-6.51,33.72-14.99v12.82h23.67ZM809.15,102.69c0,13.02-11.84,21.89-27.61,21.89-11.24,0-20.12-5.53-20.12-15.38v-.39c0-10.65,8.88-16.77,23.87-16.77,9.27,0,17.75,1.77,23.86,4.14v6.51h0Z"/>
+  <rect class="cls-1" x="415.16" y="59.03" width="55" height="26"/>
+</svg>
\ No newline at end of file
diff --git a/docs/images/osv-scanner-icon-darkmode.png b/docs/images/osv-scanner-icon-darkmode.png
new file mode 100644
index 0000000000000000000000000000000000000000..613532481bdf3459ed8a3b168773549a5d081ce5
GIT binary patch
literal 4590
zcmV<K5fSc*P)<h;3K|Lk000e1NJLTq0052v0052%1^@s6=lw7U00009a7bBm000XT
z000XT0n*)m`~UzEph-kQRCt{2olA@xM|#J9-6ZE_*`lO*XcWn!v4M^&`jShKsCC#&
zkYvZmAxCqOJ>}w2f<+z(ymTBO8z9I^27&;)PRzM%4gum3;`L#3*d`JL3oLd$6XX&h
zwmFu)^OlB*<dJ4L>>P@1a%hs>U0q$(r1%2}jY!sm%|ENY`s%B%Ezk3K1}U^2d7#+w
zyc1B)?f82QIOzEInZg=z;rPOEXp7}WLTy!nTI=C*T4W=~s0k;J5Q+b|Zm=%^>$F9*
zYP2Vc83o}KfTh+WsnJ9gcM$?|5hK&kGOWVMBZRVy`B6m{Uqq`6p^Y?b!f}8S@T%Ev
zD5Z`N&uxUEJroR!a7qmK=n|GHLO`jvhte*b5>N)Nn(c;mHV~h?VzwLoNvm*5Jez{)
zW&<(OrfvjEn{XV&P(A8XQdFu40j0(UN{evv2*He!(W{zuPJ6kHVw>&&;+IroESf>o
z5z}{S$Qo?BfH3~j?zBq-shXz1+=#P;xDaE}1hYa4S68})lSf>HcY(8-+a5;N5u;6C
zHm%vh_RM1S;k9ddO??9N8pj31vU0p)3P&BW${aXFZRO^7y+(7^n#dew&rZHFyYtEW
zIy$Fo#3>>!z*scl3AAgrr!W4<Ycyv8yrYwe<Nd?;_AXw1T}S712&V*mz<6qkLZDr<
zeP;1i^GV}tr=Dzj*75e^H+Ifl{y~C$1CpPrmVxgk*}w?0j+mnQ?wD_%x%AcM;qe+x
z&+7M{?769*&OP|_R}$zSkgRYjjD0gv31`<#E`07ColFN+X3yk4TzI_s%ZmDTy6z+@
zWh@$5g6*0!mp%w18i3~K$6wigZt;JV^sI{{gi~QG8W{rZn%(o4-)cTSinQ&Jlz3E6
zRTajfks;8o*_(gyH;(rY-y3At3_|s^rE<hsW-J;R{C%jtqIr1jTE0<#`mU^KK#V-Q
zvseCIwtP3Lgi~U?dXgp3t~uU%^fT}1WFl@ujs3%4-8uV9Z^x|%)J#=Hgr8<uS*Q2G
zx`WoE(D9sqPAiWZXXXk4yWYF!FRwNpKKZ(Ww!R=YH}eOxJD<e*p~n?Y0dc{H#ksdZ
z`<&An@pqhy9S?_SVhXftc4x1Av+?lB_h~A2nb?+>yD<HmakeMo2q%yD0@A*Xu#Pa=
zS4sXXQvo4{C1B7f5$LbkTP%FF@$m5H-qVwe!v1}MHIX@-yn6Q1xqJ7dj^@M>PKERu
z!yAbHRWNt(El>M&MtAJ=HwajI?>v8L|K!op`9ylwBJ=#jNAv&ti?7I(l@-nsA~Ygx
zRA~z)O*n|)`x}UZcuRxcynErwj~WjSzc%PSs>q(7{)f5!`@a{poQ!Y^q|dIYBEA^c
zY&QZaB1XVL{+e6I`-gv{+^*?|ZF$+VlfORq;L}J;bs6Efq$hGO_2-YGkhERX4|^*6
zXyI_{`AB6Vwy{ilMDqsX7hEyi4`nnT9sO9hXaJf|8fSK1xD?6sh%(~j5yPzMDQX>I
zbfzkJJ1#oynx5E}mz#gCIJ;T<&rolVQ1xxhi)MuoVF$y;-u#QV8V66zi3XtQSttMZ
z^u4fe4?E&Gz>j77q=>*J>@Z@=uIWc6KXq&V;itEQ-WOIlCgX)e1vd>VI{Y<Ju&1(5
z77n+9gTzAARl=NTHW*>i?4G~8nkLZzG@mr4!fb?w8F6Zu$r=&3m!k-W_Qs_X@Lrep
zhNv5-(Zu$l6kuiT#>L~E+`#t)2&V+Rqq0*WNm4XLgy+^FzH6aMI~`jsY@yu?SFWBs
zKKd{%c1<rbFHHXZeEqX;_Io`@I5qT-Hc8kt{=QL(<fh$q#LBZ0^v3Noi=Q+fA74qR
zA4&)sbq3iuC5B%#d4y-Vh6prE(pI}pz#bI9&biA!NV{kNyhbxS$krJ&;+R-Tsa$fG
z5uR>czNZbuG}u4B=KST~ZPcIsW1J9BoebKF=r`gx=oif$)QHAGj4<CuufuYQ0ixNo
zX7eYHkKY*<(SX>B*qy!7)6VH9oKkY#=}BN#hLGGwI4X5dv9}1AUhV1Je}p{`l_r{p
zjX&=7e6Oi04?Ik~M{Vk~!wqCH8I2eiU$cE?@jK1O$A6@$KWecpviYgP-2VNIQ&0DJ
zYoLLrm@@H1V=@!Q1_7h<_VmSHYaTYfrKdXy(Dd+{-d}b<-7A%wiYX&3enMzjiinZM
z)aGlTU1R0!f1&B6A=jc5R@QD>7Bk(?cMGS0-d}DxMp@IM3AAghiOfHHM<=Eu3Zi3M
zWS+}?WY6SQGA~TN)hnRATR1wWsTJhi_P$MH>Pxvxz(~23o&SCBq<K?Qf8t|XWM*;?
ztclEO_QLcZ2AzKBHjZ8NMfkmhoNZ(JSWck7X49H2Vp~6@>6y&x8VY+RSGOiI@8{-b
z{`B0vd$q9TIzLz*eWF=G-XKmo^Ln-QZ>{xjfzu~9gYBA({X_4hnOf0U6PcsTnTe`B
zoqhAdryu{DOdXvc&Qa5?P?ROhEusD_m%mZz61>$>40?~1vEKGhnwQjcO&!)m=E$DO
z{lw1Mf2AV9qzU2NMShB^DD1}y(Om%pMYCzmmVn=p?vY}wtlhMyvj1&QXTKl!tavvj
zgj10$S4NF7Tt)a^Y6|N5f=z3-h{fMwI=sfVJbNnpkv)~I%<bR*i=>+IjbmNj;tft`
ze+Wwf_*g;vw}|IA>PyQY{+TJCjXjh5(8}5WG=K2fpCnMdAC}_BF?})O=(;P(s${ux
z%ytuxTVC|`*7oLK{H;d)>ANa&*@VHK&Td(`%nz-s{bu);fCBQgZ<5=YK*0grY{!3e
zP?0E8Af7?2E!cf_=act$FI>5H^62PZQsS|4cHN%LzVCT_XW`K=LY;w%KtHi`QlvvT
z1;ricMIE^>FU}T-_7f6w`}a5Y=3jgzPQJcwtc?A+HJSNWEbH|I!~$)xg!zFMp*>X<
z66j1fveQ&4Mw@|Y(z@BSW*xpf0=vN4qPG_+2D&x!yxw?l_-2&0JF&9%k(JB*1kd}k
zg~Kf=UrPW>9girBjsmoeV;yS&ndrVa=~M#49eg&e*#g3j3i`#Z0Odt*uNJ1>?K77?
zh?HK|wodGc%+G<h7Y?_+7rI<{WW~~rWqF>bYeglq#ZW=czNsUA8G$3jrZsyTcr9Z6
zcNV?9z$tY1!j-FygC`#cO<C4N=D&cIi%+-zI$}S<P^7&gQWfBK&hk9ZA^GFIb%fy+
zl^Sv%_6-77Vw=`%+&!;#zzLeZ`Xzs~CNiH{8S8t^!^T@-r@#m#A(l>VW|8|sqatIR
z7LohVb;9{-T;lC{U2oMfcq+22*RZYMrs-K$*50!+cBT2W@wXSBZr5V8JqVc*G%_}N
zd^obgkztj9DXKL+sn{sJ-m0rFbNlx<?8!_Sc=_V-&fLP2t#5_3kt9j_<ST%q%gZVA
zVd4m<FD*k@<uCHJR-JuW_<ZZn7ri}QE&*3ZBf5m+N|Z@NIK=lt>#8%=*ys(Xh=Ppm
zRUPzV%OFl7#qO)Ex>XV;2|_PiwcY4RG0j2LGB!vp;PoW!ITdyLn~AFk7m4X)R{hB9
zic)hmwNndt-AS-*2l>w##pRz0QXAg*44}%3YlN|I^y1KV%nhAbIvEQ`A7w-$gpoj(
zaje5T9R}B6-D$Z7O3)=7nH5J}qKq@>#YJz=m8dfmA?lX72CAd_lwp(J8)qc7O|c?T
zuZlWlgj16!qXRe1Q&ml(%vplJpt3~0K?K!VM9vtlNtAIU%0wp3Q&ml}t%1Q?tqsOI
zl6CjuPKZs*l4RXM^%}!QPdsixqKqrqRw?KWtsty*$@)844-?RZd@=`DqKqTiRutB3
z^lZZyB+9swZCxeY7v&I7Jbo_bAWFywQ@Ijl3X*L_;Xr5Ts7%Dai(DdvbwW;$NrsNL
zs39ku&@t0ptdV>sk8`?49FVhfWKTw1C*-l3mH=KN+{$PLcqxKtmeD)ffS&X(2mUDs
zm*i8N$Q-{dAb<2%Dk){Z<1rFGpaSvkT`CjY?~weCdKGZ|Er%M(3&$b4aB7Gld(b_+
z`*9XAVmU+@Ra*jaCEDvG-)dV{G_n~z9Le^gP=oezyr!W+N3vX;BmviBmY1bMyeXq1
zSx$EK7KIwLh2v^y@GNp4%q5=d{Z;hcS<lbmBQrw!Y#?Xb70_efxX>1ku0U$pUqm@(
zyRRZXW0D(<{yD9<!B}O<aymvEXlcb4&H-v1VnHk+_vKXxh$jxgb;K~6#06ez)gAX2
zUqya&EX8a)4C}P)#m+4US3|?H(-o*m+<g{t7TraSA?dX0dKWc;S!Ky`MKn%RpkFv3
zFMu`F?J?azEL&Z~FEz?2=m(U$tvXb#M(-g19jN$Gg~9dz=*)Ah%YzJX6S<2N_q_KY
zst9q`__EDcL>Qk%l5tzaxs{~O@9i9|KAK99T}6JXC}K9Nx@zJke=4IVB=yvH)*V(M
z>*9~f4djKhhTa>MB+WANqRFH0TAb2`Dd9l8C3XdosA<@Vdn?H@`bOSU+URwoGab9D
zKCg6lC?d;<o3suiaYa)=O$y&Id@0(XR|KF=7yWJGIpuCMoFk8lo7ToHAB8VzqL*-V
zPFGin?-i~vJmRUNMl{RlyI~9T&_plc9FWXOfPTD2d}mw*c$pL*CqeYhA--q|=uNA#
zLJv1VzhL!BqFw3TUfg}8HN-r8H+FB-vqFeF&xE9cUROk=*OUE(;}U;wC<<3mBh~}N
zmc~ueG5TyE`cgtoq-7bsQ&g2cj@m)TV=77XWB^}B-4N^|hV)y=od}J~2Evvppl&N?
z3H@i!EB#*RwH)uHhW?wst1uqBDIpBXq}>ebh!sdhalIzI<pb~Z6C|7x@Q&L4gyLnA
zi4iKIKL4*DcvT^}KD+4OVj1`Y4iXNS8Fh5ryra-+!)g5;)^?~Ou8G@v)Rgw>G<n1|
z(0%;_?<*EYI3>)CI@<62(xOQ36`pIL9~I2p?Ksd}2qPTOyA9Dvopv(CX9<%L0HGom
z!X_OswHxh6?3E0)ZvqFiVI$=*Zwf0M7rox(Zr(w^d%y(Ch^RtSqFEv2lpJ=d0x|E`
zFdIO%PCGDslu&W3CN80G)dbP<;~Zc<_55{4FObVYd?u5k0rB02_HIWRaeQ3#y1o06
z$o<1Ll1DfT(~uN9awxA%My?WO-1yzxKm;<C8NQ63%Lu`zK{Wo#H4-wysmU~yAm2vx
zsZ9C>R6_LiyQC-BzJ$c6Ei+a5R7l4!rW60}coot!h56^O;^fLniWMXWfjGhebB@6<
z+(ih;l=ILb-Rbv3XD#bRT;UXmmpn)Zb%c0aLfm#SCQAsxsN6(N0;!}^ox~Lmtqyz;
zw-Sx4)4BmY?afLVid~O1tTe+CJNiI{aKPL~s4D85zL0L$>zx~)MbbUO2B9S0NtJM5
zxX(B}E6C(w?1@U@Ksr}iV+7JGs9vZ}$zQ_kX6TsSC>0GPb1#PyWAUU3<)VS)ZURzb
zES@xwh-e_$yT_Ce#@HA$+#<oPA=SolFG>veQhgXn;)u~HbO;AVFN;=M(H7vZ>qck(
zxo#aPai3NEy(cZFLUaiSgnPfp*l11yKdC`YSA#l*<5NOp;z~m>*sxPaT+5Q~hD`_u
z#4dFay%{k^jVj_A8VMUQB^(gLs)M<V62nRzam^eI2CL~>RRxiz!0j}%g4j$>GNvdL
zCP$o34iNM7O~%t#FRG|b&=i}r2*<}o48h+Z9T~Mu<0oix(4X{RAZZhhPX!T{`m745
zGox3<Xixf(78@ssQtL5H;h8e{_p7Ry?M5)eA{-wFA)rw+qE`@Nam{ukJi{g&pFH9u
zfsVX>N#W-UO#0+SA`Gi=Iw>GTv_$%+vMNF-tEA_^pcJDZoKEtz^ZGfMAC3H@IR0bk
zMwWhznsB<wBi!;1Vq_|i+^FOym8{V|w>2_C>1Nc0(+^)z{=Ys>KsmSLZ(kTAEs%cv
YKSu<V*J71^9{>OV07*qoM6N<$f@Rk2vj6}9

literal 0
HcmV?d00001

diff --git a/docs/images/osv-scanner-icon-darkmode.svg b/docs/images/osv-scanner-icon-darkmode.svg
new file mode 100644
index 00000000000..cd9a2276866
--- /dev/null
+++ b/docs/images/osv-scanner-icon-darkmode.svg
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Layer_2" data-name="Layer 2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 142">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #fff;
+      }
+
+      .cls-2 {
+        fill: #e60013;
+      }
+
+      .cls-3 {
+        fill: #ee2525;
+      }
+    </style>
+  </defs>
+  <g id="Layer_1" data-name="Layer 1">
+    <g>
+      <circle class="cls-2" cx="71" cy="71" r="11.4"/>
+      <path class="cls-3" d="M89.41,64.14c15-5.29,33.01-11.22,48.17-16.7-4.65-13.22-13.11-24.64-24.08-32.93-3.69,4.46-16.82,20.63-30.41,41.02,2.83,2.21,5.04,5.18,6.32,8.61Z"/>
+      <path class="cls-2" d="M113.22,14.41l-30.6,40.7c3.15,2.3,5.57,5.51,6.92,9.24l47.99-17.02c-4.71-13.24-13.25-24.66-24.3-32.92Z"/>
+      <path class="cls-1" d="M139.82,55.29l-23.33,8.02c.47,2.63.75,5.32.75,8.08,0,25.49-20.66,46.15-46.15,46.15s-46.15-20.66-46.15-46.15,20.66-46.15,46.15-46.15c7.5,0,14.56,1.79,20.81,4.97l14.97-20C96.35,4,84.1.4,71,.4,32.01.4.4,32.01.4,71s31.61,70.6,70.6,70.6,70.6-31.61,70.6-70.6c0-5.4-.63-10.65-1.78-15.71Z"/>
+      <path class="cls-1" d="M90.65,72.21c-.53,10.41-9.11,18.69-19.65,18.69s-19.7-8.82-19.7-19.7,8.82-19.7,19.7-19.7c1.57,0,3.08.24,4.54.59l8.33-11.13c-1.53-.65-3.11-1.23-4.77-1.65-17.62-4.48-35.53,6.18-40.01,23.8-4.48,17.62,6.18,35.53,23.8,40.01,17.62,4.48,35.53-6.18,40.01-23.8.99-3.9,1.2-7.8.8-11.58l-13.05,4.49Z"/>
+    </g>
+  </g>
+</svg>
\ No newline at end of file
diff --git a/docs/images/osv-scanner-icon-lightmode.png b/docs/images/osv-scanner-icon-lightmode.png
new file mode 100644
index 0000000000000000000000000000000000000000..814725d9db1e36cb788dcdaec3895ec2fe6a5875
GIT binary patch
literal 4830
zcmV<45+Uu0P)<h;3K|Lk000e1NJLTq0052v0052%1^@s6=lw7U00009a7bBm000XT
z000XT0n*)m`~UzFkV!;ARCt{2olk5V*?q^qGbANT>s`q<C0nll46%fdF@5Q!XqP$U
z610gHJtQ|X=;jgx@G3#jKPWa#w?I>%XygTo0?9T@U2-W<%jsqh>A^!J2m%y|#h{lO
z+~sJ!yZT4jVrpBKL~(kUH`0hA=e>FJ{tRV)0K$gI_ea!se((2w@Auv_T-U{mM&8O<
z04xBL01AP(ij<;u;Qvbiwg4>EoyL~1&J760Nfu7t%K5@5!V`)G;5A9jRRK8UW!IgC
zEvcPEaH51mgi;K=u50WL0My`FDZB187B%-pC<8AXGVIKfmn>@{in{<7;R(sn+?QAk
zq;QC3nFa7B^jj5Pd=V`UqK`CC!pU2?B7hQrn|ga9lomVz&DWjAlJ3s1G7!SaTe%Vj
z+q$q)g(slI`$LHq4iQWlz*W6HQO+`ea@}cEba$j5i4@KYESPSV0lb++3zR6~5Fch9
zCx1waN)?`f65|6ULO5iWG>?<z^opidcNzuy$JAiz?m*tky$LVcIuuQRTJUC*i6O14
zVG_8jAo)SNB#@|K3eaS6@>XsZ-Xh^pG;|h{IJ;6RoV=Br%v-q%fI9#tRJJ{!)ZoRh
z`m$nVt+nx)>f>wICKdGwfI{b(3{8s|&X`zf0VvXjsMXB$hTHCBjgi!DdSdkT?E1$a
zsOX#$i<7r<1$aZ#P&DjN{hGD03qN<;oh$&jyZa-1o7?X<FI;^~MdzdohXnKPV>mQL
zf$G<+ot~NNJa2#D$PYWNvA6d0d+TQ|{X}Nx0LeoYnQH$)S_3DO8oVK@?~3`_>5HH1
zZ0{|h;~M=wlRk6mzo#C3@`qA-2#LZWPVg``6Ad=MX7v0scXxk`R+%}T`SASHmAtUt
z1?!ek=}<J>(EXaz7w@x(1^_zG_Fi3kX{IiwYex|-oS|sAq53r&XD_|edAb{E*+G_g
zgbHUU8g8iZn&$MCFSc7d-{h%WhIoVthd9DR(L|>OpcLi|KfZQtvfbLb6Xp!l=seqd
zbt8NEm%Qb>5h5Hi<sQzS_@MeVd#g`=<L>T{#BHd(x&24$6Myh-+<E{3vnmqYyDy?M
zny7(ntRw&WY>}50_?f>?YZ79DnG1ENQ40IO#@S1Y?Z?l*ETF9eGE?K<%C3JL>p_nt
z9I}kCguw~!EraZHg0}-R)`~NEX#7_Z(ZocJ*KA}jztMjD{72{r4w;ySn>jc3r*W1i
zxP?QKuWTfL8KDL*ePdDfUMBJ&72$2&39}N^cujN0`ds_*_HW&t{glW)`WPdr?a`|f
z7tcI+z_m3ej&LeSt~0z0Pb?K(8{f!-Rf0EL>du}18g1&m{_@4m{U^I;<@C-Y_43F^
z)4%`hRi3h3!Xf!IcX%3<OckD3D!Mxogyd3};pHFQtvij`u+MLtyZrO^qwOz*eMS`N
zvtvJ=+I;vIQOiXZPD1^fD!lC^w(gFEL3|=7%&%!qUzyw6-2P|beoa42!%a_&{>jv%
zPa;j#d4yvlIhlKj-+vSZ*?vtw%v0$n=eJj1j#MVfhe?nxDWdrvfWk=;4FGhW?A}u?
z8UW}#Z=YU&<zgh)gW2K`XU~EDA*u#1(weB`?YOA)YkFcDZf5$WLUzUZ9n;4nR6P&<
zqFDe#+QFdFoW3&G-g>T2Gyu?Xjs5@Id7t&;OcsaC3hu?|mI$a**g-^>U(=7&<f*yo
z$Dhp8KF4Zts1-@11>nX>6b+!yujz;Ty!{U>pQ8$gEMV%24lm;b4oyBAXD=<v4)R5%
z^SphEWg(P0ROPLl13jlkP}g!qK!#y|;j&2ixQ)Y;M(sH5N?V5#fRQ%a7xvaOp`Qs8
z4zV`x3GNpQ(nLdoaI^445;wF^#o=*m4r`%}bC<8~Ki&N>NkddOsaHn-ZMya88~xs=
z3CDqYYr~YV9fiQUQ3>*f-5R{pv?{a@uAQFwxbt-HvZQ_pfo663`Z&be476y-mg6$K
z_|p#{*H^m^&yt0*e&*6ok}etmaNC`9n6DG&9Eaw>N<!GF3<1G>7i!{9%b*-ZvT^p(
zSN4Cu^Hl|X5rVtB|CN64^&F}+#cgiaoknc2lD=1<-df%W6a9*jois*LpRsOjNebz6
zV_%<YK0Ic5`dOTk-0mEsCP*~%@C2_~G;=gdX^v%nHE5y%fX;UNuX_Fbn8hKE<YN_`
zBDCNwRyw>DXwF8Y=GUy9p80;~>E2(e>X1-O1L?_A*3{<1<s(1t@lmRSCzx_f(dax0
zgX-6;ja~TT&UX7dYPutVjtjTr9*ZXTI?7F@Q(Ub(4esR(A{ra|7GGz>VofVXcGAe0
z|A~&P{j5b^jI`M?42*aG{D^Q!cAv^8x6E5G0ivP$HO5HlKiu7Y-5CYZF%6_%%6w#w
zXBJYgjK0$=p}pJUs2rvic*FJqpGMao<u1)quBNBI;qG@nuc||_F%6`~Gmngs)MEPF
z*tcoBA9M<*%u^@<qM`aVD@L{e)3~jsJMl2bGc98z^+9H8{BO=Yc;K*>I}i@}gQ!Xi
zU5Mcj%RYI%O8#}ozZQ<}+@$+8Df4IUen;C;z%-1J)NbnZNYxxmzkTkL#xHp42>x<K
zG2LRK%u|SL%Mrbo%U`IpX+BHd$`z=7P0D!J-S1o!*+CH)BdJ|;Jo9TaWB#Lv115C{
z=Pr-6Ar`SBupbME7z&_?X2r;s0Q`BpZi&N4n;r91`hU%_^pE2174Jrea4MYT$`Iq%
zRN*DNI|AxDV8zH5VBlY&JH5s<T=P`=BlA?cGPU{e?`1V(xUQ=*TD)9$8dlUoBuvl{
z(EePUxKS9yA^wf7n2kA}`OwIi|31C->0gVkJCK$#TXz~o;Lzfzx|M|Y-lcNPc7^Bo
zbTi{NmzvX8{;b{Fxg+8%8y3v5^s13b{me+4Z+9;V#3gX=>5&5z@>Z@`cN(@YoTA7^
zL#RY8K&(w1hgiC3e6s5wf3R`x^0oaZyANcE$H<s1b2R;d>*D+8pM1u&2a1(`V(Fp)
z;6ON*$PV<O#remJvjn0{G(J<C50{(MS6<)S+<rgK(Q84Bl=;jUP5l=P<1Nu*0S;!X
ztTWaEa5z+1qC3+A-eIZ~qs_>PVJk+qh~pO62Cy{aHkopuiRF2#{b>8`C~XHZ(&ny_
zN&OnG`?u$}SGi&>VFbi7i)fP$3pjL+Rm=q<Z>WoToC-DF!Dq$DTJZcR+7q_`pgiL?
z9hQ36PG7tq>3CVw*f&Q~zXkB_`R&yoGM8f{hFFeJcN#{TjB6^eIm+-ZfiT}Fw_;@H
z0o-D&_a=awD@OMAjN7CRq2_36wzF+CXhW7UlKLM23m10Q{)w?4%#g+461?wHNP=75
z%1x%BW=7TGjGGiW+nc9ttywX$agx7o`9oUR@HMshaCzhGrJwdX{LvUmeQKnPA9l9e
z?_Ahf6S@sZhFH2Nq~Wc@$R@ILN`85sU%CahEz36It$AH1b%Z~7hH(p~@g;Oz!$_M=
zBV|@PJMDkDu(RgGXuB^YeU{aNa$`b`#o?LN@b+tw!P<ygD7{YV>dVyT!)0?cRR(b5
z!ruDS`RA+OVfB$Xk-GDhP*fG=<oRW|g%kEBafC%ak+(>leL4SZ_3vifrmB#Dt)dZC
z!m&BZa0#dGG-%WQGEco4>P$2y)TUEJfyei%hP_D~Vi`y5-XwJkgX}^rMlGl40L?;T
zla0XVgE*A;W%_e|4m3A?LjFRc&w`m$A{>Rs$U2nwixS%|f>SsVL;i^%$rk5CBPxok
zi=l87LVT7I22?CThQd(<IX&aMy89stRTtK)S`VXPYpgpd-+>TR#c_CMGcArX#jrPL
z+@{S@Cld^H^Lz(Fv-(70LQ$lV16j)y3mo-|sFO!H4o4Xk*s3fJkC}Ej%1n^O(J;y!
z_0kBflk|zl8Fr!;;0YS?kmRAt;cP23hleaMirk)in_<zi#9243UTv7*8xo>oag?z+
z+bYpMK$5U(ob?B(u_SbXKOxQLC{yHYD+)^{)GWhWQ47R~HeV&dH5x_46Hg5cf2264
zw{m_57EfCd*-~Y3cn>oOU9=3LO#8r$+uWLQn+5O<TeoN2W`Qwzo!XZ^+~q8%B)`g(
zedN6lgVWjz-klNG$)#*m$WW65+stSIK#p;E@-K$tP2IFP%Sk^NtL`+m{K#<?@{c$v
zBD!^3gm<tt59Pd-V>&9IIJYGLrGDFEqQ-#8M#6HGGF?P|XcWz;s=(org9A0fiL`IK
z?lhddmAi}ZJG}cb0br4AS!K4WL?AXtdk2t6`6Bq&qqt7=fEvfx0S>3*j)De@oaN#i
z5^z0cd0r}rH)K>e%c(d~%>fRDV=HKIf^oKU1TwRT6MDayw{n#j<(VN_dlm3mNS|ef
z^w(Z(TTpZGrwtqmM^z#<?-Nmu+3wA}m0Oaz*cv#SFm5tdnX{Y<YXcCin1JUcLrg%7
z#w^btk8B<0otpbx2jK8nJsPA=2l1cyYK$u+OEKGKq2~LG!6gS<LBkW^e=_2nS`lpj
zPTtDdB4!|YD_6{0IUC;ob`gnLWzK#Spm3N1)C&jT6aYDOLev`5YXI&M0hOXyLE^`h
zh+ytP+-&rAjA*%thl&N;|IfiCAc`;l_&m>-B>A$BD!lRA!Ev9j056nZfSj-e_f?XL
z|88geJ|4L}hCD?o&N{C8XURn+0Y~wRCf4Ck3R6;#{LQ-4DtJTuQF)Em#~@#@D$}e2
z?ppzgwNdq59MOg@;Q%qF*ktDMHDNu`N94n%x+p`P<vpT}UKgD$LEQ~9uk!@Ee8?iA
z(1V{95=%4!kML!oR(Bdl7O8t>0ICep&&LVMku!@2(elK#G=SJs=4l+$L@(i}9Imb+
zW>k2<hOHI^h=y2NRTs7ZJv4DlIAppdV<$jAZp978kw3%@BzQXsyuK9$h{l52V^tP<
zg$ep4t5@Xq<#>B>*OAD~qyYZRIhicLyRcTonqUQLLlKo;KkRw$IG{A9<HLNsEDeo!
zk9V^S@4^vVL}ePb5%-O^g>8?iNa;#{zD&ND*wmedO)eXm1K*C&xGcl-Wh{ZBnT7hj
z=aqhM^tCtukhgLU)IYT%W*kQ#I}P51{4hfe-ch*~k(FwSmWST-LlaI3z<c8RMCFEz
z`xhjg|GNxt)=`nzXB+C5SVAA*P~iaDtd8`{JIL&$NM07${kbZ<g-{#bb&QVKo*hCa
z3`<b|{ZsE1V-ZdXdaRD}n_qx~C;Zq9PvLQN!G2Vr_8xd2s=GiH4xoG)B1j9~tVCr{
zQahS60GKitSPvc0wHobb?3FaNuN)Feu%Rz)q|EXmCgBh>tumV2&3meLD(HkPCESBP
z(JZhI$xK5PaNwvp(3?P2gLk2*qp=Ud30#dGXIo8NS^zB8EJWt>aY%(_&Q6KqI)EkC
zec^)u8Jd=$S2Tck2Rn1>DznA$(XbTJ4=MMDtAbdWc_iad?8vFSJSTFMpeKyq&1(P}
zc`H{=(5a?O5R2&`8KPmnO)yAgivz^ID^mvk<!02I@pM9Fhh^wrd=0{tg~=rx03frR
zBs?)ed;wLGGK3LpSb`VQNRnUxZx&VJDab7xKx<%-g}d+sq$PMb0LSki%Oj3LT;W*o
zW&}z6VtiWg79njgT)P+tGK3c)?-Er}wBRL{IlL9b5)N<>9={)}61CJoE}#eC@UB6T
z-#hq9!c3Eu*x3iMg#&0^2o*&ON4NdjUGE1MJ_|^;g{2`R-${sYfPvrR^rA3FwiLxi
zm~eo^&a{SjaL=H6A@oRo(lMQjp+kBjR5XBuyBvn%NgTpO14z0AWGJ4*AVoBQ#M@&?
zhv#I~KZMGhEYSdho#S4dfT{W*B7BQcH`0XzXwRX2kx-W4ujHb$z`kx3N8-My)F5tu
zIu#`rC&)0?BL!(ra6eRCt#|<W1z$%plEDU@7QB3#lIn()3kLv5szU+sPfLH1slpqY
zw4{wFAF8?`Yg}av9cNZr@Dj^a9=Uf6?ZN>Pm$;o|7T_Ikt35q75yJ5yS#xC!R&I+5
zs_?9gt-B*Wi4u-aLX*06unbQy72O@_CXvGNd4UC#Si$%tS~xyLKqZ{~A*>27!M>uq
zBQyp=I6i@$11HUiUVtYUTX#oT87SfSkXhI))ST-liyFL{q|}`kvKUC=1R+~=X2~n*
zLs=ExRvo7M(38x-3nvJ%M8&{Mw>9#&;@I%c3miDh(vK4*oNkDa3OGC<(t<pz<R2>O
zfb82kNkZx7L<^@M0YUly`V=We?ZE$+0Bqre3#1?a52#qzeFJ`h?f?J)07*qoM6N<$
Ef_Z35UH||9

literal 0
HcmV?d00001

diff --git a/docs/images/osv-scanner-icon-lightmode.svg b/docs/images/osv-scanner-icon-lightmode.svg
new file mode 100644
index 00000000000..30d964c3f74
--- /dev/null
+++ b/docs/images/osv-scanner-icon-lightmode.svg
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="Layer_2" data-name="Layer 2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 142 142">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #231f20;
+      }
+
+      .cls-2 {
+        fill: #e60013;
+      }
+
+      .cls-3 {
+        fill: #ee2525;
+      }
+    </style>
+  </defs>
+  <circle class="cls-2" cx="71" cy="71" r="11.4"/>
+  <path class="cls-3" d="M89.41,64.14c15-5.29,33.01-11.22,48.17-16.7-4.65-13.22-13.11-24.64-24.08-32.93-3.69,4.46-16.82,20.63-30.41,41.02,2.83,2.21,5.04,5.18,6.32,8.61Z"/>
+  <path class="cls-2" d="M113.22,14.41l-30.6,40.7c3.15,2.3,5.57,5.51,6.92,9.24l47.99-17.02c-4.71-13.24-13.25-24.66-24.3-32.92Z"/>
+  <path class="cls-1" d="M139.82,55.29l-23.33,8.02c.47,2.63.75,5.32.75,8.08,0,25.49-20.66,46.15-46.15,46.15s-46.15-20.66-46.15-46.15,20.66-46.15,46.15-46.15c7.5,0,14.56,1.79,20.81,4.97l14.97-20C96.35,4,84.1.4,71,.4,32.01.4.4,32.01.4,71s31.61,70.6,70.6,70.6,70.6-31.61,70.6-70.6c0-5.4-.63-10.65-1.78-15.71Z"/>
+  <path class="cls-1" d="M90.65,72.21c-.53,10.41-9.11,18.69-19.65,18.69s-19.7-8.82-19.7-19.7,8.82-19.7,19.7-19.7c1.57,0,3.08.24,4.54.59l8.33-11.13c-1.53-.65-3.11-1.23-4.77-1.65-17.62-4.48-35.53,6.18-40.01,23.8-4.48,17.62,6.18,35.53,23.8,40.01,17.62,4.48,35.53-6.18,40.01-23.8.99-3.9,1.2-7.8.8-11.58l-13.05,4.49Z"/>
+</svg>
\ No newline at end of file

From 2821e79ec1d938ddeab00522619c3a67520f6c56 Mon Sep 17 00:00:00 2001
From: Michael Kedar <michaelkedar@google.com>
Date: Thu, 30 Jan 2025 10:57:30 +1100
Subject: [PATCH 2/6] fix: change module name to v2 (#1546)

Go requires major version 2 of a package to be under a `/v2` module.

Per https://go.dev/doc/modules/major-version, must change the go.mod
file and all references to `github.com/google/osv-scanner` to
`github.com/google/osv-scanner/v2` for our v2 release.
---
 .golangci.yaml                                | 10 +++---
 .goreleaser.yml                               |  6 ++--
 README.md                                     |  2 +-
 cmd/osv-reporter/main.go                      | 10 +++---
 cmd/osv-scanner/fix/interactive.go            |  2 +-
 cmd/osv-scanner/fix/main.go                   | 28 +++++++--------
 cmd/osv-scanner/fix/main_test.go              |  4 +--
 cmd/osv-scanner/fix/model.go                  | 12 +++----
 cmd/osv-scanner/fix/noninteractive.go         | 16 ++++-----
 cmd/osv-scanner/fix/output.go                 |  2 +-
 .../fix/state-choose-in-place-patches.go      |  2 +-
 cmd/osv-scanner/fix/state-choose-strategy.go  |  6 ++--
 cmd/osv-scanner/fix/state-in-place-result.go  |  8 ++---
 cmd/osv-scanner/fix/state-initialize.go       |  2 +-
 cmd/osv-scanner/fix/state-relock-result.go    | 10 +++---
 cmd/osv-scanner/fix_test.go                   |  2 +-
 cmd/osv-scanner/internal/helper/helper.go     |  2 +-
 cmd/osv-scanner/main.go                       | 12 +++----
 cmd/osv-scanner/main_test.go                  |  4 +--
 cmd/osv-scanner/scan/image/main.go            |  8 ++---
 cmd/osv-scanner/scan/main.go                  |  6 ++--
 cmd/osv-scanner/scan/source/main.go           | 10 +++---
 cmd/osv-scanner/testmain_test.go              |  2 +-
 cmd/osv-scanner/update/main.go                | 14 ++++----
 cmd/osv-scanner/update_test.go                |  2 +-
 docs/installation.md                          |  2 +-
 go.mod                                        |  2 +-
 go.sum                                        |  2 --
 internal/ci/testmain_test.go                  |  2 +-
 internal/ci/utility.go                        |  2 +-
 internal/ci/vulnerability_result_diff.go      |  6 ++--
 internal/ci/vulnerability_result_diff_test.go |  6 ++--
 .../baseimagematcher/baseimagematcher.go      |  4 +--
 .../clientimpl/baseimagematcher/config.go     |  2 +-
 .../licensematcher/licensematcher.go          |  8 ++---
 .../clientimpl/localmatcher/localmatcher.go   |  8 ++---
 .../clients/clientimpl/localmatcher/zip.go    |  8 ++---
 .../clientimpl/localmatcher/zip_test.go       |  8 ++---
 .../clientimpl/osvmatcher/cachedosvmatcher.go |  8 ++---
 .../clientimpl/osvmatcher/osvmatcher.go       | 10 +++---
 .../clientinterfaces/baseimagematcher.go      |  2 +-
 .../clientinterfaces/licensematcher.go        |  2 +-
 .../clientinterfaces/vulnerabilitymatcher.go  |  2 +-
 internal/config/config.go                     |  4 +--
 internal/config/config_internal_test.go       |  6 ++--
 internal/customgitignore/dir_test.go          |  4 +--
 internal/datasource/cache_test.go             |  2 +-
 internal/datasource/http_auth_test.go         |  2 +-
 internal/datasource/maven_registry_test.go    |  2 +-
 internal/datasource/maven_settings.go         |  2 +-
 internal/datasource/maven_settings_test.go    |  2 +-
 internal/datasource/npm_registry_test.go      |  4 +--
 internal/datasource/npmrc.go                  |  2 +-
 internal/datasource/npmrc_test.go             |  4 +--
 internal/datasource/testmain_test.go          |  2 +-
 internal/grouper/grouper.go                   |  4 +--
 internal/grouper/grouper_models.go            |  2 +-
 internal/grouper/grouper_test.go              |  4 +--
 internal/imodels/ecosystem/ecosystem_test.go  |  2 +-
 internal/imodels/imodels.go                   | 10 +++---
 internal/imodels/results/scanresults.go       |  6 ++--
 internal/osvdev/config.go                     |  2 +-
 internal/osvdev/models.go                     |  2 +-
 internal/osvdev/osvdev.go                     |  2 +-
 internal/osvdev/osvdev_test.go                |  4 +--
 internal/output/cyclonedx.go                  |  6 ++--
 internal/output/cyclonedx_test.go             |  6 ++--
 internal/output/form_test.go                  |  2 +-
 internal/output/githubannotation.go           |  2 +-
 internal/output/githubannotation_test.go      |  4 +--
 internal/output/helpers_test.go               |  2 +-
 internal/output/html.go                       |  4 +--
 internal/output/html_test.go                  |  2 +-
 internal/output/machinejson.go                |  2 +-
 internal/output/machinejson_test.go           |  4 +--
 internal/output/markdowntable.go              |  2 +-
 internal/output/markdowntable_test.go         |  4 +--
 internal/output/output_result.go              | 10 +++---
 internal/output/output_result_test.go         |  4 +--
 internal/output/result.go                     |  4 +--
 internal/output/result_test.go                |  4 +--
 internal/output/sarif.go                      | 10 +++---
 internal/output/sarif_internal_test.go        |  2 +-
 internal/output/sarif_test.go                 |  6 ++--
 internal/output/sbom/cyclonedx_1_4.go         |  2 +-
 internal/output/sbom/cyclonedx_1_5.go         |  2 +-
 internal/output/sbom/cyclonedx_common.go      |  2 +-
 internal/output/sbom/models.go                |  2 +-
 internal/output/table.go                      |  8 ++---
 internal/output/table_test.go                 |  4 +--
 internal/output/testmain_test.go              |  2 +-
 internal/output/vertical.go                   |  2 +-
 internal/output/vertical_test.go              |  4 +--
 internal/remediation/in_place.go              | 16 ++++-----
 internal/remediation/in_place_test.go         | 16 ++++-----
 internal/remediation/override.go              | 14 ++++----
 internal/remediation/override_test.go         |  6 ++--
 internal/remediation/relax.go                 |  8 ++---
 internal/remediation/relax/npm.go             |  2 +-
 internal/remediation/relax/npm_test.go        |  4 +--
 internal/remediation/relax/relax.go           |  2 +-
 internal/remediation/relax_test.go            |  4 +--
 internal/remediation/remediation.go           | 10 +++---
 internal/remediation/remediation_test.go      |  6 ++--
 internal/remediation/suggest/maven.go         |  4 +--
 internal/remediation/suggest/maven_test.go    |  2 +-
 internal/remediation/suggest/suggest.go       |  2 +-
 internal/remediation/testhelpers_test.go      | 12 +++----
 internal/remediation/testmain_test.go         |  2 +-
 internal/remediation/upgrade/config_test.go   |  2 +-
 internal/remediation/upgrade/level_test.go    |  2 +-
 internal/resolution/client/client.go          |  6 ++--
 internal/resolution/client/depsdev_client.go  |  2 +-
 .../client/maven_registry_client.go           |  4 +--
 .../resolution/client/npm_registry_client.go  |  6 ++--
 .../clienttest/mock_resolution_client.go      |  8 ++---
 internal/resolution/dependency_chain.go       | 10 +++---
 internal/resolution/lockfile/lockfile.go      |  2 +-
 internal/resolution/lockfile/npm.go           |  6 ++--
 internal/resolution/lockfile/npm_test.go      |  6 ++--
 internal/resolution/lockfile/npm_v1.go        |  6 ++--
 internal/resolution/lockfile/npm_v2.go        |  4 +--
 internal/resolution/lockfile/testmain_test.go |  2 +-
 internal/resolution/manifest/manifest.go      |  2 +-
 internal/resolution/manifest/maven.go         |  8 ++---
 internal/resolution/manifest/maven_test.go    |  6 ++--
 internal/resolution/manifest/npm.go           |  2 +-
 internal/resolution/manifest/npm_test.go      |  6 ++--
 internal/resolution/manifest/testmain_test.go |  2 +-
 internal/resolution/resolve.go                |  8 ++---
 internal/resolution/resolve_test.go           |  8 ++---
 internal/resolution/testmain_test.go          |  2 +-
 internal/resolution/util/depsdev.go           |  4 +--
 .../filesystem/vendored/vendored.go           |  2 +-
 .../filesystem/vendored/vendored_test.go      |  6 ++--
 .../language/java/pomxmlnet/extractor.go      |  6 ++--
 .../language/java/pomxmlnet/extractor_test.go |  8 ++---
 .../language/osv/osvscannerjson/extractor.go  |  2 +-
 .../osv/osvscannerjson/extractor_test.go      |  4 +--
 .../language/osv/osvscannerjson/metadata.go   |  2 +-
 .../vcs/gitrepo/extractor_test.go             |  2 +-
 internal/semantic/compare_test.go             |  4 +--
 internal/semantic/parse.go                    |  2 +-
 internal/semantic/parse_test.go               |  6 ++--
 internal/semantic/version-alpine.go           |  2 +-
 internal/semantic/version-maven.go            |  2 +-
 internal/semantic/version-packagist.go        |  2 +-
 internal/semantic/version-pypi.go             |  2 +-
 internal/semantic/version-semver-like.go      |  2 +-
 internal/sourceanalysis/go.go                 |  8 ++---
 internal/sourceanalysis/go_test.go            |  6 ++--
 internal/sourceanalysis/integration_test.go   |  4 +--
 internal/sourceanalysis/rust.go               |  8 ++---
 internal/sourceanalysis/rust_test.go          |  6 ++--
 internal/sourceanalysis/sourceanalysis.go     |  4 +--
 internal/sourceanalysis/testmain_test.go      |  2 +-
 internal/spdx/satisfies.go                    |  2 +-
 internal/spdx/satisfies_test.go               |  4 +--
 internal/tui/dependency-graph.go              |  2 +-
 internal/tui/in-place-info.go                 |  4 +--
 internal/tui/relock-info.go                   |  2 +-
 internal/tui/severity.go                      |  4 +--
 internal/tui/vuln-info.go                     |  2 +-
 internal/tui/vuln-list.go                     |  4 +--
 internal/utility/maven/maven.go               |  2 +-
 internal/utility/maven/maven_test.go          |  2 +-
 internal/utility/purl/composer.go             |  2 +-
 internal/utility/purl/composer_test.go        |  4 +--
 internal/utility/purl/golang.go               |  2 +-
 internal/utility/purl/golang_test.go          |  4 +--
 internal/utility/purl/maven.go                |  2 +-
 internal/utility/purl/maven_test.go           |  4 +--
 internal/utility/purl/package_grouper.go      |  2 +-
 internal/utility/purl/package_grouper_test.go |  6 ++--
 internal/utility/purl/purl.go                 |  2 +-
 internal/utility/results/results.go           |  2 +-
 internal/utility/severity/severity.go         |  2 +-
 internal/utility/severity/severity_test.go    |  4 +--
 internal/utility/vulns/vulnerabilities.go     |  2 +-
 .../utility/vulns/vulnerabilities_test.go     |  4 +--
 internal/utility/vulns/vulnerability.go       |  6 ++--
 internal/utility/vulns/vulnerability_test.go  |  6 ++--
 pkg/lockfile/apk-installed_test.go            |  2 +-
 pkg/lockfile/csv_test.go                      |  2 +-
 pkg/lockfile/dpkg-status.go                   |  2 +-
 pkg/lockfile/dpkg-status_test.go              |  2 +-
 pkg/lockfile/ecosystems_test.go               |  2 +-
 pkg/lockfile/extract_test.go                  |  2 +-
 pkg/lockfile/go-binary_test.go                |  4 +--
 pkg/lockfile/helpers_test.go                  |  4 +--
 pkg/lockfile/node-modules-npm-v1_test.go      |  2 +-
 pkg/lockfile/node-modules-npm-v2_test.go      |  2 +-
 pkg/lockfile/node-modules_test.go             |  2 +-
 pkg/lockfile/osv-vuln-result_test.go          |  2 +-
 pkg/lockfile/osv-vuln-results.go              |  2 +-
 pkg/lockfile/parse-cargo-lock_test.go         |  2 +-
 pkg/lockfile/parse-composer-lock_test.go      |  2 +-
 .../parse-conan-lock-v1-revisions_test.go     |  2 +-
 pkg/lockfile/parse-conan-lock-v1_test.go      |  2 +-
 pkg/lockfile/parse-conan-lock-v2_test.go      |  2 +-
 pkg/lockfile/parse-conan-lock_test.go         |  2 +-
 pkg/lockfile/parse-gemfile-lock.go            |  2 +-
 pkg/lockfile/parse-gemfile-lock_test.go       |  2 +-
 pkg/lockfile/parse-go-lock_test.go            |  2 +-
 pkg/lockfile/parse-gradle-lock_test.go        |  2 +-
 ...parse-gradle-verification-metadata_test.go |  2 +-
 pkg/lockfile/parse-maven-lock.go              |  2 +-
 pkg/lockfile/parse-maven-lock_test.go         |  2 +-
 pkg/lockfile/parse-mix-lock.go                |  2 +-
 pkg/lockfile/parse-mix-lock_test.go           |  2 +-
 pkg/lockfile/parse-npm-lock-v1_test.go        |  2 +-
 pkg/lockfile/parse-npm-lock-v2_test.go        |  2 +-
 pkg/lockfile/parse-npm-lock_test.go           |  2 +-
 pkg/lockfile/parse-nuget-lock-v1_test.go      |  2 +-
 pkg/lockfile/parse-nuget-lock_test.go         |  2 +-
 pkg/lockfile/parse-pdm-lock_test.go           |  2 +-
 pkg/lockfile/parse-pipenv-lock_test.go        |  2 +-
 pkg/lockfile/parse-pnpm-lock-v9_test.go       |  2 +-
 pkg/lockfile/parse-pnpm-lock.go               |  2 +-
 pkg/lockfile/parse-pnpm-lock_test.go          |  2 +-
 pkg/lockfile/parse-poetry-lock_test.go        |  2 +-
 pkg/lockfile/parse-pubspec-lock_test.go       |  2 +-
 pkg/lockfile/parse-renv-lock_test.go          |  2 +-
 pkg/lockfile/parse-requirements-txt.go        |  2 +-
 pkg/lockfile/parse-requirements-txt_test.go   |  2 +-
 pkg/lockfile/parse-yarn-lock-v1_test.go       |  2 +-
 pkg/lockfile/parse-yarn-lock-v2_test.go       |  2 +-
 pkg/lockfile/parse-yarn-lock.go               |  2 +-
 pkg/lockfile/parse-yarn-lock_test.go          |  2 +-
 pkg/lockfile/parse_test.go                    |  4 +--
 pkg/lockfile/types.go                         |  2 +-
 pkg/models/purl_to_package_test.go            |  2 +-
 pkg/models/results_test.go                    |  2 +-
 pkg/models/testmain_test.go                   |  2 +-
 pkg/models/vulnerabilities_test.go            |  4 +--
 pkg/models/vulnerability_test.go              |  4 +--
 pkg/osv/osv.go                                |  4 +--
 pkg/osv/osv_test.go                           |  2 +-
 pkg/osvscanner/filter.go                      | 10 +++---
 pkg/osvscanner/filter_internal_test.go        |  8 ++---
 .../internal/imagehelpers/imagehelpers.go     |  6 ++--
 .../internal/scanners/extractorbuilder.go     | 14 ++++----
 pkg/osvscanner/internal/scanners/lockfile.go  |  8 ++---
 pkg/osvscanner/internal/scanners/walker.go    |  8 ++---
 pkg/osvscanner/osvscanner.go                  | 36 +++++++++----------
 pkg/osvscanner/purl_to_package.go             |  2 +-
 pkg/osvscanner/scan.go                        |  8 ++---
 pkg/osvscanner/testmain_test.go               |  2 +-
 pkg/osvscanner/vulnerability_result.go        | 16 ++++-----
 .../vulnerability_result_internal_test.go     | 14 ++++----
 pkg/reporter/cyclonedx.go                     |  4 +--
 pkg/reporter/cyclonedx_test.go                |  4 +--
 pkg/reporter/format.go                        |  2 +-
 pkg/reporter/format_test.go                   |  2 +-
 pkg/reporter/gh-annotations_reporter.go       |  4 +--
 pkg/reporter/gh-annotations_reporter_test.go  |  2 +-
 pkg/reporter/html_reporter.go                 |  4 +--
 pkg/reporter/json_reporter.go                 |  4 +--
 pkg/reporter/json_reporter_test.go            |  2 +-
 pkg/reporter/reporter.go                      |  2 +-
 pkg/reporter/sarif_reporter.go                |  4 +--
 pkg/reporter/sarif_reporter_test.go           |  2 +-
 pkg/reporter/table_reporter.go                |  4 +--
 pkg/reporter/table_reporter_test.go           |  2 +-
 pkg/reporter/verbosity_test.go                |  2 +-
 pkg/reporter/vertical_reporter.go             |  4 +--
 pkg/reporter/vertical_reporter_test.go        |  2 +-
 pkg/reporter/void_reporter.go                 |  2 +-
 .../generate_mock_resolution_universe/main.go | 32 ++++++++---------
 269 files changed, 592 insertions(+), 594 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 825e230fa55..537ea882f7e 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -37,10 +37,10 @@ linters-settings:
     settings:
       printf:
         funcs:
-          - (github.com/google/osv-scanner/pkg/reporter.Reporter).Errorf
-          - (github.com/google/osv-scanner/pkg/reporter.Reporter).Warnf
-          - (github.com/google/osv-scanner/pkg/reporter.Reporter).Verbosef
-          - (github.com/google/osv-scanner/pkg/reporter.Reporter).Infof
+          - (github.com/google/osv-scanner/v2/pkg/reporter.Reporter).Errorf
+          - (github.com/google/osv-scanner/v2/pkg/reporter.Reporter).Warnf
+          - (github.com/google/osv-scanner/v2/pkg/reporter.Reporter).Verbosef
+          - (github.com/google/osv-scanner/v2/pkg/reporter.Reporter).Infof
   depguard:
     rules:
       regexp:
@@ -49,7 +49,7 @@ linters-settings:
           - "!**/main_test.go"
         deny:
           - pkg: "regexp"
-            desc: "Use github.com/google/osv-scanner/internal/cachedregexp instead"
+            desc: "Use github.com/google/osv-scanner/v2/internal/cachedregexp instead"
   gocritic:
     disabled-checks:
       - ifElseChain
diff --git a/.goreleaser.yml b/.goreleaser.yml
index cbc306f63de..2375c48a7d1 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -18,7 +18,7 @@ builds:
       - -trimpath
     ldflags:
       # prettier-ignore
-      - '-s -w -X github.com/google/osv-scanner/internal/version.OSVVersion={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
+      - '-s -w -X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
     goos:
       # Further testing before supporting freebsd
       # - freebsd
@@ -46,7 +46,7 @@ builds:
       - -trimpath
     ldflags:
       # prettier-ignore
-      - '-s -w -X github.com/google/osv-scanner/internal/version.OSVVersion={{.Version}}_GHAction -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
+      - '-s -w -X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}}_GHAction -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
     goos:
       - linux
     goarch:
@@ -62,7 +62,7 @@ builds:
       - -trimpath
     ldflags:
       # prettier-ignore
-      - '-s -w -X github.com/google/osv-scanner/internal/version.OSVVersion={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
+      - '-s -w -X github.com/google/osv-scanner/v2/internal/version.OSVVersion={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}}'
     goos:
       - linux
     goarch:
diff --git a/README.md b/README.md
index 47ece1aeb00..0d2d1577f32 100644
--- a/README.md
+++ b/README.md
@@ -38,7 +38,7 @@ The above all results in accurate and actionable vulnerability notifications, wh
 ## Basic installation
 
 To install OSV-Scanner, please refer to the [installation section](https://google.github.io/osv-scanner/installation) of our documentation. OSV-Scanner releases can be found on the [releases page](https://github.com/google/osv-scanner/releases) of the GitHub repository. The recommended method is to download a prebuilt binary for your platform. Alternatively, you can use  
-`go install github.com/google/osv-scanner/cmd/osv-scanner@v2.0.0-beta1`.
+`go install github.com/google/osv-scanner/v2/cmd/osv-scanner@v2.0.0-beta1`.
 
 ## Key Features
 
diff --git a/cmd/osv-reporter/main.go b/cmd/osv-reporter/main.go
index 83e368f2949..e96800cbb21 100644
--- a/cmd/osv-reporter/main.go
+++ b/cmd/osv-reporter/main.go
@@ -7,11 +7,11 @@ import (
 	"os"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/ci"
-	"github.com/google/osv-scanner/internal/version"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/osvscanner"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/ci"
+	"github.com/google/osv-scanner/v2/internal/version"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/osvscanner"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/urfave/cli/v2"
 	"golang.org/x/term"
 )
diff --git a/cmd/osv-scanner/fix/interactive.go b/cmd/osv-scanner/fix/interactive.go
index 4fe208bdbb5..befd81b8d2e 100644
--- a/cmd/osv-scanner/fix/interactive.go
+++ b/cmd/osv-scanner/fix/interactive.go
@@ -5,7 +5,7 @@ import (
 	"errors"
 
 	tea "github.com/charmbracelet/bubbletea"
-	"github.com/google/osv-scanner/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/remediation"
 )
 
 // TODO: currently, it's impossible to undo commands
diff --git a/cmd/osv-scanner/fix/main.go b/cmd/osv-scanner/fix/main.go
index e946b38676c..37e0a73ae27 100644
--- a/cmd/osv-scanner/fix/main.go
+++ b/cmd/osv-scanner/fix/main.go
@@ -11,20 +11,20 @@ import (
 	"time"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/localmatcher"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/osvmatcher"
-	"github.com/google/osv-scanner/internal/depsdev"
-	"github.com/google/osv-scanner/internal/imodels/ecosystem"
-	"github.com/google/osv-scanner/internal/osvdev"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/resolution/lockfile"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/resolution/util"
-	"github.com/google/osv-scanner/internal/version"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/localmatcher"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/osvmatcher"
+	"github.com/google/osv-scanner/v2/internal/depsdev"
+	"github.com/google/osv-scanner/v2/internal/imodels/ecosystem"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/resolution/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/resolution/util"
+	"github.com/google/osv-scanner/v2/internal/version"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 	"github.com/urfave/cli/v2"
 	"golang.org/x/term"
diff --git a/cmd/osv-scanner/fix/main_test.go b/cmd/osv-scanner/fix/main_test.go
index db5382ce08f..616d75dff33 100644
--- a/cmd/osv-scanner/fix/main_test.go
+++ b/cmd/osv-scanner/fix/main_test.go
@@ -4,8 +4,8 @@ import (
 	"slices"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/urfave/cli/v2"
 )
 
diff --git a/cmd/osv-scanner/fix/model.go b/cmd/osv-scanner/fix/model.go
index 92ea862e8c1..cb9beffff2f 100644
--- a/cmd/osv-scanner/fix/model.go
+++ b/cmd/osv-scanner/fix/model.go
@@ -11,12 +11,12 @@ import (
 	"github.com/charmbracelet/bubbles/key"
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	manif "github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/tui"
-	osvLockfile "github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	manif "github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/tui"
+	osvLockfile "github.com/google/osv-scanner/v2/pkg/lockfile"
 	"golang.org/x/term"
 )
 
diff --git a/cmd/osv-scanner/fix/noninteractive.go b/cmd/osv-scanner/fix/noninteractive.go
index 6c5a02cd889..9e08c2b806d 100644
--- a/cmd/osv-scanner/fix/noninteractive.go
+++ b/cmd/osv-scanner/fix/noninteractive.go
@@ -9,14 +9,14 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	lf "github.com/google/osv-scanner/internal/resolution/lockfile"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/resolution/util"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	lf "github.com/google/osv-scanner/v2/internal/resolution/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/resolution/util"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 	"golang.org/x/exp/maps"
 )
 
diff --git a/cmd/osv-scanner/fix/output.go b/cmd/osv-scanner/fix/output.go
index 7a5bf4eaaaf..ffc5947bbbc 100644
--- a/cmd/osv-scanner/fix/output.go
+++ b/cmd/osv-scanner/fix/output.go
@@ -7,7 +7,7 @@ import (
 	"slices"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // fixOutput is a description of changes made by guided remediation to a manifest/lockfile.
diff --git a/cmd/osv-scanner/fix/state-choose-in-place-patches.go b/cmd/osv-scanner/fix/state-choose-in-place-patches.go
index ea574067b34..a43bc8073b8 100644
--- a/cmd/osv-scanner/fix/state-choose-in-place-patches.go
+++ b/cmd/osv-scanner/fix/state-choose-in-place-patches.go
@@ -8,7 +8,7 @@ import (
 	"github.com/charmbracelet/bubbles/table"
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/tui"
+	"github.com/google/osv-scanner/v2/internal/tui"
 )
 
 type stateChooseInPlacePatches struct {
diff --git a/cmd/osv-scanner/fix/state-choose-strategy.go b/cmd/osv-scanner/fix/state-choose-strategy.go
index 9f84cb66c34..f34542d92f0 100644
--- a/cmd/osv-scanner/fix/state-choose-strategy.go
+++ b/cmd/osv-scanner/fix/state-choose-strategy.go
@@ -8,9 +8,9 @@ import (
 	"github.com/charmbracelet/bubbles/key"
 	"github.com/charmbracelet/bubbles/textinput"
 	tea "github.com/charmbracelet/bubbletea"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/tui"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/tui"
 	"golang.org/x/exp/slices"
 )
 
diff --git a/cmd/osv-scanner/fix/state-in-place-result.go b/cmd/osv-scanner/fix/state-in-place-result.go
index 6930b1e3c1f..13b02ee439d 100644
--- a/cmd/osv-scanner/fix/state-in-place-result.go
+++ b/cmd/osv-scanner/fix/state-in-place-result.go
@@ -6,10 +6,10 @@ import (
 
 	"github.com/charmbracelet/bubbles/key"
 	tea "github.com/charmbracelet/bubbletea"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/resolution"
-	lockf "github.com/google/osv-scanner/internal/resolution/lockfile"
-	"github.com/google/osv-scanner/internal/tui"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	lockf "github.com/google/osv-scanner/v2/internal/resolution/lockfile"
+	"github.com/google/osv-scanner/v2/internal/tui"
 	"golang.org/x/exp/slices"
 )
 
diff --git a/cmd/osv-scanner/fix/state-initialize.go b/cmd/osv-scanner/fix/state-initialize.go
index a50986ebb0d..cd670dc2fdd 100644
--- a/cmd/osv-scanner/fix/state-initialize.go
+++ b/cmd/osv-scanner/fix/state-initialize.go
@@ -6,7 +6,7 @@ import (
 
 	"github.com/charmbracelet/bubbles/spinner"
 	tea "github.com/charmbracelet/bubbletea"
-	"github.com/google/osv-scanner/internal/tui"
+	"github.com/google/osv-scanner/v2/internal/tui"
 )
 
 type stateInitialize struct {
diff --git a/cmd/osv-scanner/fix/state-relock-result.go b/cmd/osv-scanner/fix/state-relock-result.go
index 1c9143e18a1..6c16f33fb0b 100644
--- a/cmd/osv-scanner/fix/state-relock-result.go
+++ b/cmd/osv-scanner/fix/state-relock-result.go
@@ -9,11 +9,11 @@ import (
 	"github.com/charmbracelet/bubbles/spinner"
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	manif "github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/tui"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	manif "github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/tui"
 	"golang.org/x/exp/maps"
 )
 
diff --git a/cmd/osv-scanner/fix_test.go b/cmd/osv-scanner/fix_test.go
index d27dfc5d24a..5fb6c980413 100644
--- a/cmd/osv-scanner/fix_test.go
+++ b/cmd/osv-scanner/fix_test.go
@@ -6,7 +6,7 @@ import (
 	"slices"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func copyFileTo(t *testing.T, file, dir string) string {
diff --git a/cmd/osv-scanner/internal/helper/helper.go b/cmd/osv-scanner/internal/helper/helper.go
index c068d26dc79..5e7d0edac61 100644
--- a/cmd/osv-scanner/internal/helper/helper.go
+++ b/cmd/osv-scanner/internal/helper/helper.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/urfave/cli/v2"
 )
 
diff --git a/cmd/osv-scanner/main.go b/cmd/osv-scanner/main.go
index 1b48da6cc54..e2339ace4c1 100644
--- a/cmd/osv-scanner/main.go
+++ b/cmd/osv-scanner/main.go
@@ -6,12 +6,12 @@ import (
 	"os"
 	"slices"
 
-	"github.com/google/osv-scanner/cmd/osv-scanner/fix"
-	"github.com/google/osv-scanner/cmd/osv-scanner/scan"
-	"github.com/google/osv-scanner/cmd/osv-scanner/update"
-	"github.com/google/osv-scanner/internal/version"
-	"github.com/google/osv-scanner/pkg/osvscanner"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/cmd/osv-scanner/fix"
+	"github.com/google/osv-scanner/v2/cmd/osv-scanner/scan"
+	"github.com/google/osv-scanner/v2/cmd/osv-scanner/update"
+	"github.com/google/osv-scanner/v2/internal/version"
+	"github.com/google/osv-scanner/v2/pkg/osvscanner"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 
 	"github.com/urfave/cli/v2"
 )
diff --git a/cmd/osv-scanner/main_test.go b/cmd/osv-scanner/main_test.go
index 97fae88c74c..5f01412566a 100644
--- a/cmd/osv-scanner/main_test.go
+++ b/cmd/osv-scanner/main_test.go
@@ -12,8 +12,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 	"github.com/urfave/cli/v2"
 )
 
diff --git a/cmd/osv-scanner/scan/image/main.go b/cmd/osv-scanner/scan/image/main.go
index 7a90817d7a2..d1d10d85adb 100644
--- a/cmd/osv-scanner/scan/image/main.go
+++ b/cmd/osv-scanner/scan/image/main.go
@@ -7,10 +7,10 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/google/osv-scanner/cmd/osv-scanner/internal/helper"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/osvscanner"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/helper"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/osvscanner"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"golang.org/x/term"
 
 	"github.com/urfave/cli/v2"
diff --git a/cmd/osv-scanner/scan/main.go b/cmd/osv-scanner/scan/main.go
index 9f0e7ebeca2..6bcfa3bb005 100644
--- a/cmd/osv-scanner/scan/main.go
+++ b/cmd/osv-scanner/scan/main.go
@@ -3,9 +3,9 @@ package scan
 import (
 	"io"
 
-	"github.com/google/osv-scanner/cmd/osv-scanner/scan/image"
-	"github.com/google/osv-scanner/cmd/osv-scanner/scan/source"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/cmd/osv-scanner/scan/image"
+	"github.com/google/osv-scanner/v2/cmd/osv-scanner/scan/source"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 
 	"github.com/urfave/cli/v2"
 )
diff --git a/cmd/osv-scanner/scan/source/main.go b/cmd/osv-scanner/scan/source/main.go
index c708101504a..6131ccc5da4 100644
--- a/cmd/osv-scanner/scan/source/main.go
+++ b/cmd/osv-scanner/scan/source/main.go
@@ -8,11 +8,11 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/cmd/osv-scanner/internal/helper"
-	"github.com/google/osv-scanner/internal/spdx"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/osvscanner"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/cmd/osv-scanner/internal/helper"
+	"github.com/google/osv-scanner/v2/internal/spdx"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/osvscanner"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/urfave/cli/v2"
 	"golang.org/x/term"
 )
diff --git a/cmd/osv-scanner/testmain_test.go b/cmd/osv-scanner/testmain_test.go
index d0c300d65ea..f63d40833f5 100644
--- a/cmd/osv-scanner/testmain_test.go
+++ b/cmd/osv-scanner/testmain_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	"github.com/go-git/go-git/v5"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/cmd/osv-scanner/update/main.go b/cmd/osv-scanner/update/main.go
index d60cc9a81f4..48e63e75e36 100644
--- a/cmd/osv-scanner/update/main.go
+++ b/cmd/osv-scanner/update/main.go
@@ -6,13 +6,13 @@ import (
 	"io"
 	"os"
 
-	"github.com/google/osv-scanner/internal/depsdev"
-	"github.com/google/osv-scanner/internal/remediation/suggest"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/version"
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/depsdev"
+	"github.com/google/osv-scanner/v2/internal/remediation/suggest"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/version"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/urfave/cli/v2"
 )
 
diff --git a/cmd/osv-scanner/update_test.go b/cmd/osv-scanner/update_test.go
index 74c5bf3d212..2d5efe3cbe4 100644
--- a/cmd/osv-scanner/update_test.go
+++ b/cmd/osv-scanner/update_test.go
@@ -5,7 +5,7 @@ import (
 	"slices"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestRun_Update(t *testing.T) {
diff --git a/docs/installation.md b/docs/installation.md
index be420fbba2e..e5b921998ff 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -74,7 +74,7 @@ pkg_add osv-scanner
 Alternatively, you can install this from source by running:
 
 ```bash
-go install github.com/google/osv-scanner/cmd/osv-scanner@v1
+go install github.com/google/osv-scanner/v2/cmd/osv-scanner@v2.0.0-beta1
 ```
 
 This requires Go 1.23.5+ to be installed.
diff --git a/go.mod b/go.mod
index cddbd16378a..65a2fab992b 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/google/osv-scanner
+module github.com/google/osv-scanner/v2
 
 go 1.23.5
 
diff --git a/go.sum b/go.sum
index d01d3267529..7884037e511 100644
--- a/go.sum
+++ b/go.sum
@@ -182,8 +182,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo=
 github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8=
-github.com/google/osv-scalibr v0.1.6-0.20250123155336-85f39dea4c05 h1:47dObbqXVFPmg39yLeRWfKZYw2xR6O2BJVLmgC6Zygw=
-github.com/google/osv-scalibr v0.1.6-0.20250123155336-85f39dea4c05/go.mod h1:nikSO3CqGGRQY05sGgzsgf4+84p5xCmPWOiaSomkuAU=
 github.com/google/osv-scalibr v0.1.6-0.20250128013153-34aef7c77adf h1:s6PZEjcMocRehGjuHIFN7Chy8VlMw4XheLgLaWRx21U=
 github.com/google/osv-scalibr v0.1.6-0.20250128013153-34aef7c77adf/go.mod h1:jKAptk1dYWBO91ODkI5XYKDDvZEbLKQH9DSXcTtUDSw=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
diff --git a/internal/ci/testmain_test.go b/internal/ci/testmain_test.go
index d3b0ee6a22a..65a33384d70 100644
--- a/internal/ci/testmain_test.go
+++ b/internal/ci/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/internal/ci/utility.go b/internal/ci/utility.go
index 24ee2bb613c..6bb8534b579 100644
--- a/internal/ci/utility.go
+++ b/internal/ci/utility.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func LoadVulnResults(path string) (models.VulnerabilityResults, error) {
diff --git a/internal/ci/vulnerability_result_diff.go b/internal/ci/vulnerability_result_diff.go
index 77436e400a7..b9593b58fba 100644
--- a/internal/ci/vulnerability_result_diff.go
+++ b/internal/ci/vulnerability_result_diff.go
@@ -1,9 +1,9 @@
 package ci
 
 import (
-	"github.com/google/osv-scanner/internal/grouper"
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/grouper"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // DiffVulnerabilityResults will return any new vulnerabilities that are in `newRes`
diff --git a/internal/ci/vulnerability_result_diff_test.go b/internal/ci/vulnerability_result_diff_test.go
index 12a2abd035e..e84688d7df6 100644
--- a/internal/ci/vulnerability_result_diff_test.go
+++ b/internal/ci/vulnerability_result_diff_test.go
@@ -3,9 +3,9 @@ package ci_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/ci"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/ci"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestDiffVulnerabilityResults(t *testing.T) {
diff --git a/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go b/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go
index 62f2e09a9f9..971be61a56e 100644
--- a/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go
+++ b/internal/clients/clientimpl/baseimagematcher/baseimagematcher.go
@@ -12,8 +12,8 @@ import (
 	"slices"
 	"time"
 
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/opencontainers/go-digest"
 	"golang.org/x/sync/errgroup"
 )
diff --git a/internal/clients/clientimpl/baseimagematcher/config.go b/internal/clients/clientimpl/baseimagematcher/config.go
index 9c124335ccf..0b7f4f27da9 100644
--- a/internal/clients/clientimpl/baseimagematcher/config.go
+++ b/internal/clients/clientimpl/baseimagematcher/config.go
@@ -1,6 +1,6 @@
 package baseimagematcher
 
-import "github.com/google/osv-scanner/internal/version"
+import "github.com/google/osv-scanner/v2/internal/version"
 
 type ClientConfig struct {
 	MaxConcurrentBatchRequests int
diff --git a/internal/clients/clientimpl/licensematcher/licensematcher.go b/internal/clients/clientimpl/licensematcher/licensematcher.go
index a77d18018a9..2ade202696a 100644
--- a/internal/clients/clientimpl/licensematcher/licensematcher.go
+++ b/internal/clients/clientimpl/licensematcher/licensematcher.go
@@ -4,10 +4,10 @@ import (
 	"context"
 
 	depsdevpb "deps.dev/api/v3"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/depsdev"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/depsdev"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
diff --git a/internal/clients/clientimpl/localmatcher/localmatcher.go b/internal/clients/clientimpl/localmatcher/localmatcher.go
index e90452e5a67..dd59c9b728b 100644
--- a/internal/clients/clientimpl/localmatcher/localmatcher.go
+++ b/internal/clients/clientimpl/localmatcher/localmatcher.go
@@ -8,10 +8,10 @@ import (
 	"path"
 
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/imodels/ecosystem"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/imodels/ecosystem"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 )
 
diff --git a/internal/clients/clientimpl/localmatcher/zip.go b/internal/clients/clientimpl/localmatcher/zip.go
index 46424f86ec8..f8317bb5c06 100644
--- a/internal/clients/clientimpl/localmatcher/zip.go
+++ b/internal/clients/clientimpl/localmatcher/zip.go
@@ -16,10 +16,10 @@ import (
 	"path"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/utility/vulns"
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/utility/vulns"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type ZipDB struct {
diff --git a/internal/clients/clientimpl/localmatcher/zip_test.go b/internal/clients/clientimpl/localmatcher/zip_test.go
index 50e42b488d2..45daf65a882 100644
--- a/internal/clients/clientimpl/localmatcher/zip_test.go
+++ b/internal/clients/clientimpl/localmatcher/zip_test.go
@@ -17,10 +17,10 @@ import (
 	"sort"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/clients/clientimpl/localmatcher"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/internal/version"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/localmatcher"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/version"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 const userAgent = "osv-scanner_test/" + version.OSVVersion
diff --git a/internal/clients/clientimpl/osvmatcher/cachedosvmatcher.go b/internal/clients/clientimpl/osvmatcher/cachedosvmatcher.go
index 7061b6e0193..c4e6fa51a57 100644
--- a/internal/clients/clientimpl/osvmatcher/cachedosvmatcher.go
+++ b/internal/clients/clientimpl/osvmatcher/cachedosvmatcher.go
@@ -9,10 +9,10 @@ import (
 	"time"
 
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/localmatcher"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/osvdev"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/localmatcher"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"golang.org/x/sync/errgroup"
 )
 
diff --git a/internal/clients/clientimpl/osvmatcher/osvmatcher.go b/internal/clients/clientimpl/osvmatcher/osvmatcher.go
index 81258c1f5c5..d7e2372d016 100644
--- a/internal/clients/clientimpl/osvmatcher/osvmatcher.go
+++ b/internal/clients/clientimpl/osvmatcher/osvmatcher.go
@@ -8,11 +8,11 @@ import (
 
 	"github.com/google/osv-scalibr/extractor"
 	"github.com/google/osv-scalibr/log"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/imodels/ecosystem"
-	"github.com/google/osv-scanner/internal/osvdev"
-	"github.com/google/osv-scanner/internal/semantic"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/imodels/ecosystem"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
+	"github.com/google/osv-scanner/v2/internal/semantic"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 	"golang.org/x/sync/errgroup"
 )
diff --git a/internal/clients/clientinterfaces/baseimagematcher.go b/internal/clients/clientinterfaces/baseimagematcher.go
index f38b56e132c..31e2aad70ba 100644
--- a/internal/clients/clientinterfaces/baseimagematcher.go
+++ b/internal/clients/clientinterfaces/baseimagematcher.go
@@ -3,7 +3,7 @@ package clientinterfaces
 import (
 	"context"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type BaseImageMatcher interface {
diff --git a/internal/clients/clientinterfaces/licensematcher.go b/internal/clients/clientinterfaces/licensematcher.go
index 94f4bb2650a..a7a787f3f76 100644
--- a/internal/clients/clientinterfaces/licensematcher.go
+++ b/internal/clients/clientinterfaces/licensematcher.go
@@ -3,7 +3,7 @@ package clientinterfaces
 import (
 	"context"
 
-	"github.com/google/osv-scanner/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/imodels"
 )
 
 type LicenseMatcher interface {
diff --git a/internal/clients/clientinterfaces/vulnerabilitymatcher.go b/internal/clients/clientinterfaces/vulnerabilitymatcher.go
index 300cb56a9e0..bf1c7d6fb4b 100644
--- a/internal/clients/clientinterfaces/vulnerabilitymatcher.go
+++ b/internal/clients/clientinterfaces/vulnerabilitymatcher.go
@@ -4,7 +4,7 @@ import (
 	"context"
 
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type VulnerabilityMatcher interface {
diff --git a/internal/config/config.go b/internal/config/config.go
index c889b37dc7a..63338a80e68 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -10,8 +10,8 @@ import (
 	"time"
 
 	"github.com/BurntSushi/toml"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 const osvScannerConfigName = "osv-scanner.toml"
diff --git a/internal/config/config_internal_test.go b/internal/config/config_internal_test.go
index 61d4cacefbb..e6708110abb 100644
--- a/internal/config/config_internal_test.go
+++ b/internal/config/config_internal_test.go
@@ -11,9 +11,9 @@ import (
 	"github.com/google/osv-scalibr/extractor"
 	"github.com/google/osv-scalibr/extractor/filesystem/osv"
 
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/scalibrextract/ecosystemmock"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/ecosystemmock"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 // Attempts to normalize any file paths in the given `output` so that they can
diff --git a/internal/customgitignore/dir_test.go b/internal/customgitignore/dir_test.go
index 268e678479b..c08175ce6ee 100644
--- a/internal/customgitignore/dir_test.go
+++ b/internal/customgitignore/dir_test.go
@@ -9,8 +9,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/customgitignore"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/customgitignore"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
diff --git a/internal/datasource/cache_test.go b/internal/datasource/cache_test.go
index c4c8279cb42..1862f25a43a 100644
--- a/internal/datasource/cache_test.go
+++ b/internal/datasource/cache_test.go
@@ -6,7 +6,7 @@ import (
 	"sync/atomic"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/datasource"
 )
 
 func TestRequestCache(t *testing.T) {
diff --git a/internal/datasource/http_auth_test.go b/internal/datasource/http_auth_test.go
index 8ffe7a3da51..f7449c27608 100644
--- a/internal/datasource/http_auth_test.go
+++ b/internal/datasource/http_auth_test.go
@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/datasource"
 )
 
 // mockTransport is used to inspect the requests being made by HTTPAuthentications
diff --git a/internal/datasource/maven_registry_test.go b/internal/datasource/maven_registry_test.go
index a19994052c1..5e439aa6d75 100644
--- a/internal/datasource/maven_registry_test.go
+++ b/internal/datasource/maven_registry_test.go
@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"deps.dev/util/maven"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestGetProject(t *testing.T) {
diff --git a/internal/datasource/maven_settings.go b/internal/datasource/maven_settings.go
index 5545e1425de..2af3ccfda9b 100644
--- a/internal/datasource/maven_settings.go
+++ b/internal/datasource/maven_settings.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"unicode"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 // Maven settings.xml file parsing for registry authentication.
diff --git a/internal/datasource/maven_settings_test.go b/internal/datasource/maven_settings_test.go
index f014ab51f5f..7dd6fbc97f0 100644
--- a/internal/datasource/maven_settings_test.go
+++ b/internal/datasource/maven_settings_test.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"github.com/google/osv-scanner/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/datasource"
 )
 
 func TestParseMavenSettings(t *testing.T) {
diff --git a/internal/datasource/npm_registry_test.go b/internal/datasource/npm_registry_test.go
index 40f72ef9ee4..b3d48d17b2c 100644
--- a/internal/datasource/npm_registry_test.go
+++ b/internal/datasource/npm_registry_test.go
@@ -9,8 +9,8 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 	"github.com/tidwall/gjson"
 )
 
diff --git a/internal/datasource/npmrc.go b/internal/datasource/npmrc.go
index 56fd487434e..9e15b4e87e1 100644
--- a/internal/datasource/npmrc.go
+++ b/internal/datasource/npmrc.go
@@ -12,7 +12,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 	"gopkg.in/ini.v1"
 )
 
diff --git a/internal/datasource/npmrc_test.go b/internal/datasource/npmrc_test.go
index a988478332d..23eae786034 100644
--- a/internal/datasource/npmrc_test.go
+++ b/internal/datasource/npmrc_test.go
@@ -9,8 +9,8 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 // These tests rely on using 'globalconfig' and 'userconfig' in the package .npmrc to override their default locations.
diff --git a/internal/datasource/testmain_test.go b/internal/datasource/testmain_test.go
index 74169755d45..f7ab6671ecd 100644
--- a/internal/datasource/testmain_test.go
+++ b/internal/datasource/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/internal/grouper/grouper.go b/internal/grouper/grouper.go
index b21edaae761..e4fdfea6fed 100644
--- a/internal/grouper/grouper.go
+++ b/internal/grouper/grouper.go
@@ -6,8 +6,8 @@ import (
 
 	"golang.org/x/exp/maps"
 
-	"github.com/google/osv-scanner/internal/identifiers"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/identifiers"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func hasAliasIntersection(v1, v2 IDAliases) bool {
diff --git a/internal/grouper/grouper_models.go b/internal/grouper/grouper_models.go
index b713aafaa16..fb846116ed8 100644
--- a/internal/grouper/grouper_models.go
+++ b/internal/grouper/grouper_models.go
@@ -3,7 +3,7 @@ package grouper
 import (
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type IDAliases struct {
diff --git a/internal/grouper/grouper_test.go b/internal/grouper/grouper_test.go
index 17d4b2ddb0e..623f4d82175 100644
--- a/internal/grouper/grouper_test.go
+++ b/internal/grouper/grouper_test.go
@@ -4,8 +4,8 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/google/osv-scanner/internal/grouper"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/grouper"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestGroup(t *testing.T) {
diff --git a/internal/imodels/ecosystem/ecosystem_test.go b/internal/imodels/ecosystem/ecosystem_test.go
index e39505c07d4..20a958ce3fe 100644
--- a/internal/imodels/ecosystem/ecosystem_test.go
+++ b/internal/imodels/ecosystem/ecosystem_test.go
@@ -5,7 +5,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/imodels/ecosystem"
+	"github.com/google/osv-scanner/v2/internal/imodels/ecosystem"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 )
 
diff --git a/internal/imodels/imodels.go b/internal/imodels/imodels.go
index f4d45eda1c8..5d93dcacbe5 100644
--- a/internal/imodels/imodels.go
+++ b/internal/imodels/imodels.go
@@ -13,11 +13,11 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/os/rpm"
 	"github.com/google/osv-scalibr/extractor/filesystem/sbom/cdx"
 	"github.com/google/osv-scalibr/extractor/filesystem/sbom/spdx"
-	"github.com/google/osv-scanner/internal/cachedregexp"
-	"github.com/google/osv-scanner/internal/imodels/ecosystem"
-	"github.com/google/osv-scanner/internal/scalibrextract/language/javascript/nodemodules"
-	"github.com/google/osv-scanner/internal/scalibrextract/vcs/gitrepo"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/imodels/ecosystem"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/javascript/nodemodules"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 
 	scalibrosv "github.com/google/osv-scalibr/extractor/filesystem/osv"
diff --git a/internal/imodels/results/scanresults.go b/internal/imodels/results/scanresults.go
index 86f5a813186..3e241e0636a 100644
--- a/internal/imodels/results/scanresults.go
+++ b/internal/imodels/results/scanresults.go
@@ -1,9 +1,9 @@
 package results
 
 import (
-	"github.com/google/osv-scanner/internal/config"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/config"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // ScanResults represents the complete results of a scan.
diff --git a/internal/osvdev/config.go b/internal/osvdev/config.go
index 5b7d7fc60b4..506e0e45475 100644
--- a/internal/osvdev/config.go
+++ b/internal/osvdev/config.go
@@ -1,6 +1,6 @@
 package osvdev
 
-import "github.com/google/osv-scanner/internal/version"
+import "github.com/google/osv-scanner/v2/internal/version"
 
 type ClientConfig struct {
 	MaxConcurrentBatchRequests int
diff --git a/internal/osvdev/models.go b/internal/osvdev/models.go
index 5839a9ef189..afa8540ec70 100644
--- a/internal/osvdev/models.go
+++ b/internal/osvdev/models.go
@@ -1,6 +1,6 @@
 package osvdev
 
-import "github.com/google/osv-scanner/pkg/models"
+import "github.com/google/osv-scanner/v2/pkg/models"
 
 // Package represents a package identifier for OSV.
 type Package struct {
diff --git a/internal/osvdev/osvdev.go b/internal/osvdev/osvdev.go
index cfed5f92b81..6db01d658ce 100644
--- a/internal/osvdev/osvdev.go
+++ b/internal/osvdev/osvdev.go
@@ -12,7 +12,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"golang.org/x/sync/errgroup"
 )
 
diff --git a/internal/osvdev/osvdev_test.go b/internal/osvdev/osvdev_test.go
index 0cb7059a800..e9700667c26 100644
--- a/internal/osvdev/osvdev_test.go
+++ b/internal/osvdev/osvdev_test.go
@@ -8,8 +8,8 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/google/osv-scalibr/testing/extracttest"
-	"github.com/google/osv-scanner/internal/osvdev"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 )
 
diff --git a/internal/output/cyclonedx.go b/internal/output/cyclonedx.go
index cd857193300..9077a28b3ac 100644
--- a/internal/output/cyclonedx.go
+++ b/internal/output/cyclonedx.go
@@ -5,9 +5,9 @@ import (
 	"io"
 
 	"github.com/CycloneDX/cyclonedx-go"
-	"github.com/google/osv-scanner/internal/output/sbom"
-	"github.com/google/osv-scanner/internal/utility/purl"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output/sbom"
+	"github.com/google/osv-scanner/v2/internal/utility/purl"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // PrintCycloneDXResults writes results to the provided writer in CycloneDX format
diff --git a/internal/output/cyclonedx_test.go b/internal/output/cyclonedx_test.go
index 10aa35932e6..48fc48db371 100644
--- a/internal/output/cyclonedx_test.go
+++ b/internal/output/cyclonedx_test.go
@@ -4,9 +4,9 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestPrintCycloneDX14Results_WithVulnerabilities(t *testing.T) {
diff --git a/internal/output/form_test.go b/internal/output/form_test.go
index 78310acabd0..db1e630d4a8 100644
--- a/internal/output/form_test.go
+++ b/internal/output/form_test.go
@@ -3,7 +3,7 @@ package output_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
+	"github.com/google/osv-scanner/v2/internal/output"
 )
 
 func TestForm(t *testing.T) {
diff --git a/internal/output/githubannotation.go b/internal/output/githubannotation.go
index fda54bda0c0..f40585c6496 100644
--- a/internal/output/githubannotation.go
+++ b/internal/output/githubannotation.go
@@ -6,7 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"github.com/jedib0t/go-pretty/v6/table"
 )
 
diff --git a/internal/output/githubannotation_test.go b/internal/output/githubannotation_test.go
index 568426b1036..a8c6c1773b8 100644
--- a/internal/output/githubannotation_test.go
+++ b/internal/output/githubannotation_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestPrintGHAnnotationReport_WithVulnerabilities(t *testing.T) {
diff --git a/internal/output/helpers_test.go b/internal/output/helpers_test.go
index ff4276e1d7e..2e3d9423f76 100644
--- a/internal/output/helpers_test.go
+++ b/internal/output/helpers_test.go
@@ -3,7 +3,7 @@ package output_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type outputTestCaseArgs struct {
diff --git a/internal/output/html.go b/internal/output/html.go
index f94ad16084b..e848a2cc626 100644
--- a/internal/output/html.go
+++ b/internal/output/html.go
@@ -6,8 +6,8 @@ import (
 	"io"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/utility/severity"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/utility/severity"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // HTML templates directory
diff --git a/internal/output/html_test.go b/internal/output/html_test.go
index 2e2c9421cc2..1f6e4749383 100644
--- a/internal/output/html_test.go
+++ b/internal/output/html_test.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
+	"github.com/google/osv-scanner/v2/internal/output"
 )
 
 func TestPrintHTMLResults_WithVulnerabilities(t *testing.T) {
diff --git a/internal/output/machinejson.go b/internal/output/machinejson.go
index 2d7c72c2c3b..5ea586f2be4 100644
--- a/internal/output/machinejson.go
+++ b/internal/output/machinejson.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"io"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // PrintJSONResults writes results to the provided writer in JSON format
diff --git a/internal/output/machinejson_test.go b/internal/output/machinejson_test.go
index c0225ead7bb..3f6ddd38232 100644
--- a/internal/output/machinejson_test.go
+++ b/internal/output/machinejson_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestPrintJSONResults_WithVulnerabilities(t *testing.T) {
diff --git a/internal/output/markdowntable.go b/internal/output/markdowntable.go
index 34d7550023d..dae7899d38b 100644
--- a/internal/output/markdowntable.go
+++ b/internal/output/markdowntable.go
@@ -3,7 +3,7 @@ package output
 import (
 	"io"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/jedib0t/go-pretty/v6/text"
 )
diff --git a/internal/output/markdowntable_test.go b/internal/output/markdowntable_test.go
index 046fc94d019..8e4b25e545e 100644
--- a/internal/output/markdowntable_test.go
+++ b/internal/output/markdowntable_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestPrintMarkdownTableResults_WithVulnerabilities(t *testing.T) {
diff --git a/internal/output/output_result.go b/internal/output/output_result.go
index e1e7abc17e6..bb68ff41d5b 100644
--- a/internal/output/output_result.go
+++ b/internal/output/output_result.go
@@ -9,11 +9,11 @@ import (
 	"strings"
 
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/internal/cachedregexp"
-	"github.com/google/osv-scanner/internal/identifiers"
-	"github.com/google/osv-scanner/internal/semantic"
-	"github.com/google/osv-scanner/internal/utility/severity"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/identifiers"
+	"github.com/google/osv-scanner/v2/internal/semantic"
+	"github.com/google/osv-scanner/v2/internal/utility/severity"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // Result represents the vulnerability scanning results for output report.
diff --git a/internal/output/output_result_test.go b/internal/output/output_result_test.go
index 9faf5cef03f..b8d22afdae9 100644
--- a/internal/output/output_result_test.go
+++ b/internal/output/output_result_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestPrintOutputResults_WithVulnerabilities(t *testing.T) {
diff --git a/internal/output/result.go b/internal/output/result.go
index 907187d789f..bb32f897f61 100644
--- a/internal/output/result.go
+++ b/internal/output/result.go
@@ -7,8 +7,8 @@ import (
 	"slices"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/identifiers"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/identifiers"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"golang.org/x/exp/maps"
 )
 
diff --git a/internal/output/result_test.go b/internal/output/result_test.go
index 48aaa25a86d..1e4f7f34b7f 100644
--- a/internal/output/result_test.go
+++ b/internal/output/result_test.go
@@ -3,8 +3,8 @@ package output
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func Test_groupFixedVersions(t *testing.T) {
diff --git a/internal/output/sarif.go b/internal/output/sarif.go
index d1a97c5d9c1..bf19925fa30 100644
--- a/internal/output/sarif.go
+++ b/internal/output/sarif.go
@@ -9,11 +9,11 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/google/osv-scanner/internal/identifiers"
-	"github.com/google/osv-scanner/internal/url"
-	"github.com/google/osv-scanner/internal/utility/results"
-	"github.com/google/osv-scanner/internal/version"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/identifiers"
+	"github.com/google/osv-scanner/v2/internal/url"
+	"github.com/google/osv-scanner/v2/internal/utility/results"
+	"github.com/google/osv-scanner/v2/internal/version"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/owenrumney/go-sarif/v2/sarif"
 )
diff --git a/internal/output/sarif_internal_test.go b/internal/output/sarif_internal_test.go
index 3f05c440bc6..f5697758af5 100644
--- a/internal/output/sarif_internal_test.go
+++ b/internal/output/sarif_internal_test.go
@@ -3,7 +3,7 @@ package output
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func Test_createSARIFHelpText(t *testing.T) {
diff --git a/internal/output/sarif_test.go b/internal/output/sarif_test.go
index d8cb29262a2..e3f751f4c20 100644
--- a/internal/output/sarif_test.go
+++ b/internal/output/sarif_test.go
@@ -4,9 +4,9 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestGroupFixedVersions(t *testing.T) {
diff --git a/internal/output/sbom/cyclonedx_1_4.go b/internal/output/sbom/cyclonedx_1_4.go
index b280b93a57d..2cb944374dd 100644
--- a/internal/output/sbom/cyclonedx_1_4.go
+++ b/internal/output/sbom/cyclonedx_1_4.go
@@ -1,7 +1,7 @@
 package sbom
 
 import (
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 
 	"github.com/CycloneDX/cyclonedx-go"
 )
diff --git a/internal/output/sbom/cyclonedx_1_5.go b/internal/output/sbom/cyclonedx_1_5.go
index 8f29bb96f79..4899b297126 100644
--- a/internal/output/sbom/cyclonedx_1_5.go
+++ b/internal/output/sbom/cyclonedx_1_5.go
@@ -2,7 +2,7 @@ package sbom
 
 import (
 	"github.com/CycloneDX/cyclonedx-go"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func ToCycloneDX15Bom(uniquePackages map[string]models.PackageVulns) *cyclonedx.BOM {
diff --git a/internal/output/sbom/cyclonedx_common.go b/internal/output/sbom/cyclonedx_common.go
index 2b57aa18c74..458acce2619 100644
--- a/internal/output/sbom/cyclonedx_common.go
+++ b/internal/output/sbom/cyclonedx_common.go
@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/CycloneDX/cyclonedx-go"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func buildCycloneDXBom(uniquePackages map[string]models.PackageVulns) *cyclonedx.BOM {
diff --git a/internal/output/sbom/models.go b/internal/output/sbom/models.go
index 1259ca6a7fe..224d8f1b3ad 100644
--- a/internal/output/sbom/models.go
+++ b/internal/output/sbom/models.go
@@ -1,7 +1,7 @@
 package sbom
 
 import (
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 
 	"github.com/CycloneDX/cyclonedx-go"
 )
diff --git a/internal/output/table.go b/internal/output/table.go
index e61b26d9910..06f36234500 100644
--- a/internal/output/table.go
+++ b/internal/output/table.go
@@ -9,10 +9,10 @@ import (
 
 	"golang.org/x/exp/maps"
 
-	"github.com/google/osv-scanner/internal/utility/results"
-	"github.com/google/osv-scanner/internal/utility/severity"
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/utility/results"
+	"github.com/google/osv-scanner/v2/internal/utility/severity"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
 
 	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/jedib0t/go-pretty/v6/text"
diff --git a/internal/output/table_test.go b/internal/output/table_test.go
index 45774bc08b2..dd45ccf776b 100644
--- a/internal/output/table_test.go
+++ b/internal/output/table_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 	"github.com/jedib0t/go-pretty/v6/text"
 )
 
diff --git a/internal/output/testmain_test.go b/internal/output/testmain_test.go
index de767d552ef..182268df21f 100644
--- a/internal/output/testmain_test.go
+++ b/internal/output/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/internal/output/vertical.go b/internal/output/vertical.go
index 427b2e2c9fc..8410cd0c340 100644
--- a/internal/output/vertical.go
+++ b/internal/output/vertical.go
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"unicode"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"github.com/jedib0t/go-pretty/v6/text"
 )
 
diff --git a/internal/output/vertical_test.go b/internal/output/vertical_test.go
index 22fe1a9bce0..299439b10cd 100644
--- a/internal/output/vertical_test.go
+++ b/internal/output/vertical_test.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 	"github.com/jedib0t/go-pretty/v6/text"
 )
 
diff --git a/internal/remediation/in_place.go b/internal/remediation/in_place.go
index 16d2a5fa7d0..f520eb5d271 100644
--- a/internal/remediation/in_place.go
+++ b/internal/remediation/in_place.go
@@ -9,14 +9,14 @@ import (
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
 	"deps.dev/util/semver"
-	"github.com/google/osv-scanner/internal/clients/clientinterfaces"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	lf "github.com/google/osv-scanner/internal/resolution/lockfile"
-	"github.com/google/osv-scanner/internal/resolution/util"
-	"github.com/google/osv-scanner/internal/utility/vulns"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/clients/clientinterfaces"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	lf "github.com/google/osv-scanner/v2/internal/resolution/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution/util"
+	"github.com/google/osv-scanner/v2/internal/utility/vulns"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"golang.org/x/exp/maps"
 )
 
diff --git a/internal/remediation/in_place_test.go b/internal/remediation/in_place_test.go
index 63da07c9f18..2bf4e0a897f 100644
--- a/internal/remediation/in_place_test.go
+++ b/internal/remediation/in_place_test.go
@@ -7,14 +7,14 @@ import (
 	"testing"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/resolution/clienttest"
-	"github.com/google/osv-scanner/internal/resolution/lockfile"
-	"github.com/google/osv-scanner/internal/testutility"
-	lf "github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/resolution/clienttest"
+	"github.com/google/osv-scanner/v2/internal/resolution/lockfile"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	lf "github.com/google/osv-scanner/v2/pkg/lockfile"
 	"golang.org/x/exp/maps"
 )
 
diff --git a/internal/remediation/override.go b/internal/remediation/override.go
index 56e6581d305..b24613e3657 100644
--- a/internal/remediation/override.go
+++ b/internal/remediation/override.go
@@ -9,13 +9,13 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/resolution/util"
-	"github.com/google/osv-scanner/internal/utility/maven"
-	"github.com/google/osv-scanner/internal/utility/vulns"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/resolution/util"
+	"github.com/google/osv-scanner/v2/internal/utility/maven"
+	"github.com/google/osv-scanner/v2/internal/utility/vulns"
 )
 
 type overridePatch struct {
diff --git a/internal/remediation/override_test.go b/internal/remediation/override_test.go
index cb280315df3..7e7f828bb1f 100644
--- a/internal/remediation/override_test.go
+++ b/internal/remediation/override_test.go
@@ -4,9 +4,9 @@ import (
 	"context"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/resolution"
 )
 
 func TestComputeOverridePatches(t *testing.T) {
diff --git a/internal/remediation/relax.go b/internal/remediation/relax.go
index 299de782245..99bbba80ef8 100644
--- a/internal/remediation/relax.go
+++ b/internal/remediation/relax.go
@@ -6,10 +6,10 @@ import (
 	"slices"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/remediation/relax"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/remediation/relax"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
 )
 
 // ComputeRelaxPatches attempts to resolve each vulnerability found in result independently, returning the list of unique possible patches
diff --git a/internal/remediation/relax/npm.go b/internal/remediation/relax/npm.go
index 6d335e9647a..4338cc6f8e6 100644
--- a/internal/remediation/relax/npm.go
+++ b/internal/remediation/relax/npm.go
@@ -6,7 +6,7 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/semver"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
 )
 
 type NpmRelaxer struct{}
diff --git a/internal/remediation/relax/npm_test.go b/internal/remediation/relax/npm_test.go
index 83713ddea40..c79173e804f 100644
--- a/internal/remediation/relax/npm_test.go
+++ b/internal/remediation/relax/npm_test.go
@@ -5,8 +5,8 @@ import (
 	"testing"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/remediation/relax"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/remediation/relax"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
 )
 
 func TestRelaxNpm(t *testing.T) {
diff --git a/internal/remediation/relax/relax.go b/internal/remediation/relax/relax.go
index a2f0d9c1b0f..738bc21f9c3 100644
--- a/internal/remediation/relax/relax.go
+++ b/internal/remediation/relax/relax.go
@@ -5,7 +5,7 @@ import (
 	"errors"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
 )
 
 // A RequirementRelaxer provides an ecosystem-specific method for 'relaxing' the
diff --git a/internal/remediation/relax_test.go b/internal/remediation/relax_test.go
index 1504dc4a367..d6453a34e51 100644
--- a/internal/remediation/relax_test.go
+++ b/internal/remediation/relax_test.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
 )
 
 func TestComputeRelaxPatches(t *testing.T) {
diff --git a/internal/remediation/remediation.go b/internal/remediation/remediation.go
index 887a11433c8..810fb1e8f7e 100644
--- a/internal/remediation/remediation.go
+++ b/internal/remediation/remediation.go
@@ -4,11 +4,11 @@ import (
 	"math"
 	"slices"
 
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/lockfile"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/utility/severity"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/utility/severity"
 )
 
 // TODO: Supported strategies should be part of the manifest/lockfile ReadWriter directly
diff --git a/internal/remediation/remediation_test.go b/internal/remediation/remediation_test.go
index 584b7c690e4..2116a1c9349 100644
--- a/internal/remediation/remediation_test.go
+++ b/internal/remediation/remediation_test.go
@@ -4,9 +4,9 @@ import (
 	"testing"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestMatchVuln(t *testing.T) {
diff --git a/internal/remediation/suggest/maven.go b/internal/remediation/suggest/maven.go
index e3873e6abf1..0fec1c1c3ba 100644
--- a/internal/remediation/suggest/maven.go
+++ b/internal/remediation/suggest/maven.go
@@ -8,8 +8,8 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/semver"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 	"golang.org/x/exp/slices"
 )
 
diff --git a/internal/remediation/suggest/maven_test.go b/internal/remediation/suggest/maven_test.go
index 085df9bbc5f..7c33035a670 100644
--- a/internal/remediation/suggest/maven_test.go
+++ b/internal/remediation/suggest/maven_test.go
@@ -9,7 +9,7 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
 )
 
 var (
diff --git a/internal/remediation/suggest/suggest.go b/internal/remediation/suggest/suggest.go
index ce04f17365a..16caf28765f 100644
--- a/internal/remediation/suggest/suggest.go
+++ b/internal/remediation/suggest/suggest.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
 )
 
 type Options struct {
diff --git a/internal/remediation/testhelpers_test.go b/internal/remediation/testhelpers_test.go
index 4518bd455dd..a70f68bd71e 100644
--- a/internal/remediation/testhelpers_test.go
+++ b/internal/remediation/testhelpers_test.go
@@ -7,12 +7,12 @@ import (
 	"testing"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/resolution/clienttest"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/testutility"
-	lf "github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/resolution/clienttest"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	lf "github.com/google/osv-scanner/v2/pkg/lockfile"
 	"golang.org/x/exp/maps"
 )
 
diff --git a/internal/remediation/testmain_test.go b/internal/remediation/testmain_test.go
index 0c7e84709d7..93f48eedafc 100644
--- a/internal/remediation/testmain_test.go
+++ b/internal/remediation/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/internal/remediation/upgrade/config_test.go b/internal/remediation/upgrade/config_test.go
index 67c56059ab2..a3dae0ae8a6 100644
--- a/internal/remediation/upgrade/config_test.go
+++ b/internal/remediation/upgrade/config_test.go
@@ -3,7 +3,7 @@ package upgrade_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
 )
 
 func configSetExpect(t *testing.T, config upgrade.Config, pkg string, level upgrade.Level, want bool) {
diff --git a/internal/remediation/upgrade/level_test.go b/internal/remediation/upgrade/level_test.go
index 7b24493db6a..9532980a33c 100644
--- a/internal/remediation/upgrade/level_test.go
+++ b/internal/remediation/upgrade/level_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	"deps.dev/util/semver"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
 )
 
 func TestLevelAllows(t *testing.T) {
diff --git a/internal/resolution/client/client.go b/internal/resolution/client/client.go
index 63620990aea..fb8f14f0272 100644
--- a/internal/resolution/client/client.go
+++ b/internal/resolution/client/client.go
@@ -8,9 +8,9 @@ import (
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
 	"deps.dev/util/semver"
-	"github.com/google/osv-scanner/internal/clients/clientinterfaces"
-	"github.com/google/osv-scanner/internal/depsdev"
-	"github.com/google/osv-scanner/pkg/osv"
+	"github.com/google/osv-scanner/v2/internal/clients/clientinterfaces"
+	"github.com/google/osv-scanner/v2/internal/depsdev"
+	"github.com/google/osv-scanner/v2/pkg/osv"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
diff --git a/internal/resolution/client/depsdev_client.go b/internal/resolution/client/depsdev_client.go
index 1a5fe9b85a9..6feefad2efa 100644
--- a/internal/resolution/client/depsdev_client.go
+++ b/internal/resolution/client/depsdev_client.go
@@ -5,7 +5,7 @@ import (
 	"os"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/datasource"
 )
 
 const depsDevCacheExt = ".resolve.deps"
diff --git a/internal/resolution/client/maven_registry_client.go b/internal/resolution/client/maven_registry_client.go
index f280da8052e..7ef7bcb4423 100644
--- a/internal/resolution/client/maven_registry_client.go
+++ b/internal/resolution/client/maven_registry_client.go
@@ -11,8 +11,8 @@ import (
 	"deps.dev/util/maven"
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/version"
-	"github.com/google/osv-scanner/internal/datasource"
-	mavenutil "github.com/google/osv-scanner/internal/utility/maven"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	mavenutil "github.com/google/osv-scanner/v2/internal/utility/maven"
 )
 
 const mavenRegistryCacheExt = ".resolve.maven"
diff --git a/internal/resolution/client/npm_registry_client.go b/internal/resolution/client/npm_registry_client.go
index b3f570da51b..0bd02266b83 100644
--- a/internal/resolution/client/npm_registry_client.go
+++ b/internal/resolution/client/npm_registry_client.go
@@ -13,9 +13,9 @@ import (
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
 	"deps.dev/util/semver"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/depsdev"
-	"github.com/google/osv-scanner/pkg/osv"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/depsdev"
+	"github.com/google/osv-scanner/v2/pkg/osv"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
diff --git a/internal/resolution/clienttest/mock_resolution_client.go b/internal/resolution/clienttest/mock_resolution_client.go
index 87243b19226..d823a5df535 100644
--- a/internal/resolution/clienttest/mock_resolution_client.go
+++ b/internal/resolution/clienttest/mock_resolution_client.go
@@ -9,10 +9,10 @@ import (
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/schema"
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/localmatcher"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/localmatcher"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"gopkg.in/yaml.v3"
 )
 
diff --git a/internal/resolution/dependency_chain.go b/internal/resolution/dependency_chain.go
index 0b89ab19e9e..2703215daa8 100644
--- a/internal/resolution/dependency_chain.go
+++ b/internal/resolution/dependency_chain.go
@@ -6,11 +6,11 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/resolution/util"
-	vulnUtil "github.com/google/osv-scanner/internal/utility/vulns"
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/resolution/util"
+	vulnUtil "github.com/google/osv-scanner/v2/internal/utility/vulns"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type DependencyChain struct {
diff --git a/internal/resolution/lockfile/lockfile.go b/internal/resolution/lockfile/lockfile.go
index 9d356e82f18..02b6d173084 100644
--- a/internal/resolution/lockfile/lockfile.go
+++ b/internal/resolution/lockfile/lockfile.go
@@ -8,7 +8,7 @@ import (
 	"path/filepath"
 
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 type DependencyPatch struct {
diff --git a/internal/resolution/lockfile/npm.go b/internal/resolution/lockfile/npm.go
index 30ad191766d..e65de3d1172 100644
--- a/internal/resolution/lockfile/npm.go
+++ b/internal/resolution/lockfile/npm.go
@@ -10,9 +10,9 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 type NpmReadWriter struct{}
diff --git a/internal/resolution/lockfile/npm_test.go b/internal/resolution/lockfile/npm_test.go
index 1c30b732f32..f7086aa322f 100644
--- a/internal/resolution/lockfile/npm_test.go
+++ b/internal/resolution/lockfile/npm_test.go
@@ -9,9 +9,9 @@ import (
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/schema"
 	"github.com/google/go-cmp/cmp"
-	"github.com/google/osv-scanner/internal/resolution/lockfile"
-	"github.com/google/osv-scanner/internal/testutility"
-	lf "github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution/lockfile"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	lf "github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestNpmReadV2(t *testing.T) {
diff --git a/internal/resolution/lockfile/npm_v1.go b/internal/resolution/lockfile/npm_v1.go
index f83ff755a3f..4b1780bd4ba 100644
--- a/internal/resolution/lockfile/npm_v1.go
+++ b/internal/resolution/lockfile/npm_v1.go
@@ -9,9 +9,9 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
diff --git a/internal/resolution/lockfile/npm_v2.go b/internal/resolution/lockfile/npm_v2.go
index cf8ee5378c6..0b095291ebb 100644
--- a/internal/resolution/lockfile/npm_v2.go
+++ b/internal/resolution/lockfile/npm_v2.go
@@ -10,8 +10,8 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/pretty"
 	"github.com/tidwall/sjson"
diff --git a/internal/resolution/lockfile/testmain_test.go b/internal/resolution/lockfile/testmain_test.go
index a283a039bba..dba91cfa186 100644
--- a/internal/resolution/lockfile/testmain_test.go
+++ b/internal/resolution/lockfile/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/internal/resolution/manifest/manifest.go b/internal/resolution/manifest/manifest.go
index 4df28c141b4..794c280be65 100644
--- a/internal/resolution/manifest/manifest.go
+++ b/internal/resolution/manifest/manifest.go
@@ -11,7 +11,7 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 type Manifest struct {
diff --git a/internal/resolution/manifest/maven.go b/internal/resolution/manifest/maven.go
index b3401d821ad..1b17f338125 100644
--- a/internal/resolution/manifest/maven.go
+++ b/internal/resolution/manifest/maven.go
@@ -14,10 +14,10 @@ import (
 	"deps.dev/util/maven"
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/datasource"
-	internalxml "github.com/google/osv-scanner/internal/thirdparty/xml"
-	mavenutil "github.com/google/osv-scanner/internal/utility/maven"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	internalxml "github.com/google/osv-scanner/v2/internal/thirdparty/xml"
+	mavenutil "github.com/google/osv-scanner/v2/internal/utility/maven"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func mavenRequirementKey(requirement resolve.RequirementVersion) RequirementKey {
diff --git a/internal/resolution/manifest/maven_test.go b/internal/resolution/manifest/maven_test.go
index d804e8d5b5b..fdee41f2e56 100644
--- a/internal/resolution/manifest/maven_test.go
+++ b/internal/resolution/manifest/maven_test.go
@@ -12,9 +12,9 @@ import (
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
 	"github.com/google/go-cmp/cmp"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 var (
diff --git a/internal/resolution/manifest/npm.go b/internal/resolution/manifest/npm.go
index ca31f155401..97c479ca400 100644
--- a/internal/resolution/manifest/npm.go
+++ b/internal/resolution/manifest/npm.go
@@ -10,7 +10,7 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 )
diff --git a/internal/resolution/manifest/npm_test.go b/internal/resolution/manifest/npm_test.go
index f35a144cd1b..a200b8c7514 100644
--- a/internal/resolution/manifest/npm_test.go
+++ b/internal/resolution/manifest/npm_test.go
@@ -8,9 +8,9 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func aliasType(t *testing.T, aliasedName string) dep.Type {
diff --git a/internal/resolution/manifest/testmain_test.go b/internal/resolution/manifest/testmain_test.go
index 59786f0fc89..1ea40752df6 100644
--- a/internal/resolution/manifest/testmain_test.go
+++ b/internal/resolution/manifest/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/internal/resolution/resolve.go b/internal/resolution/resolve.go
index 5ba2b167dc8..120fa85943a 100644
--- a/internal/resolution/resolve.go
+++ b/internal/resolution/resolve.go
@@ -11,10 +11,10 @@ import (
 	"deps.dev/util/resolve/dep"
 	"deps.dev/util/resolve/maven"
 	"deps.dev/util/resolve/npm"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	mavenutil "github.com/google/osv-scanner/internal/utility/maven"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	mavenutil "github.com/google/osv-scanner/v2/internal/utility/maven"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type Vulnerability struct {
diff --git a/internal/resolution/resolve_test.go b/internal/resolution/resolve_test.go
index 5cff161ea39..28083090d62 100644
--- a/internal/resolution/resolve_test.go
+++ b/internal/resolution/resolve_test.go
@@ -8,10 +8,10 @@ import (
 
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/clienttest"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/clienttest"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func checkResult(t *testing.T, result *resolution.Result) {
diff --git a/internal/resolution/testmain_test.go b/internal/resolution/testmain_test.go
index 0f6d1b756ef..7f55eb6b698 100644
--- a/internal/resolution/testmain_test.go
+++ b/internal/resolution/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/internal/resolution/util/depsdev.go b/internal/resolution/util/depsdev.go
index 6068492e651..0099208c7dc 100644
--- a/internal/resolution/util/depsdev.go
+++ b/internal/resolution/util/depsdev.go
@@ -2,8 +2,8 @@ package util
 
 import (
 	"deps.dev/util/resolve"
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // TODO: use osvschema.Ecosystem or imodel's ecosystem.Parsed
diff --git a/internal/scalibrextract/filesystem/vendored/vendored.go b/internal/scalibrextract/filesystem/vendored/vendored.go
index 9ba40d6694c..e567deddc52 100644
--- a/internal/scalibrextract/filesystem/vendored/vendored.go
+++ b/internal/scalibrextract/filesystem/vendored/vendored.go
@@ -20,7 +20,7 @@ import (
 	scalibrfs "github.com/google/osv-scalibr/fs"
 	"github.com/google/osv-scalibr/plugin"
 	"github.com/google/osv-scalibr/purl"
-	"github.com/google/osv-scanner/internal/osvdev"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
 )
 
 var (
diff --git a/internal/scalibrextract/filesystem/vendored/vendored_test.go b/internal/scalibrextract/filesystem/vendored/vendored_test.go
index 922c565f59f..134529878b4 100644
--- a/internal/scalibrextract/filesystem/vendored/vendored_test.go
+++ b/internal/scalibrextract/filesystem/vendored/vendored_test.go
@@ -14,9 +14,9 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/simplefileapi"
 	"github.com/google/osv-scalibr/testing/extracttest"
 	"github.com/google/osv-scalibr/testing/fakefs"
-	"github.com/google/osv-scanner/internal/osvdev"
-	"github.com/google/osv-scanner/internal/scalibrextract/filesystem/vendored"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/filesystem/vendored"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestExtractor_FileRequired(t *testing.T) {
diff --git a/internal/scalibrextract/language/java/pomxmlnet/extractor.go b/internal/scalibrextract/language/java/pomxmlnet/extractor.go
index 933c0d11ae5..4e1224e772d 100644
--- a/internal/scalibrextract/language/java/pomxmlnet/extractor.go
+++ b/internal/scalibrextract/language/java/pomxmlnet/extractor.go
@@ -9,7 +9,7 @@ import (
 	"golang.org/x/exp/maps"
 
 	mavenresolve "deps.dev/util/resolve/maven"
-	mavenutil "github.com/google/osv-scanner/internal/utility/maven"
+	mavenutil "github.com/google/osv-scanner/v2/internal/utility/maven"
 
 	"deps.dev/util/maven"
 	"deps.dev/util/resolve"
@@ -19,8 +19,8 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/osv"
 	"github.com/google/osv-scalibr/plugin"
 	"github.com/google/osv-scalibr/purl"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
 )
 
 // Extractor extracts Maven packages with transitive dependency resolution.
diff --git a/internal/scalibrextract/language/java/pomxmlnet/extractor_test.go b/internal/scalibrextract/language/java/pomxmlnet/extractor_test.go
index 43febdbb2bd..8c1e7c4c51e 100644
--- a/internal/scalibrextract/language/java/pomxmlnet/extractor_test.go
+++ b/internal/scalibrextract/language/java/pomxmlnet/extractor_test.go
@@ -10,10 +10,10 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/osv"
 	"github.com/google/osv-scalibr/extractor/filesystem/simplefileapi"
 	"github.com/google/osv-scalibr/testing/extracttest"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/resolution/clienttest"
-	"github.com/google/osv-scanner/internal/scalibrextract/language/java/pomxmlnet"
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/resolution/clienttest"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlnet"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMavenResolverExtractor_FileRequired(t *testing.T) {
diff --git a/internal/scalibrextract/language/osv/osvscannerjson/extractor.go b/internal/scalibrextract/language/osv/osvscannerjson/extractor.go
index b884fa5501b..67a701b803a 100644
--- a/internal/scalibrextract/language/osv/osvscannerjson/extractor.go
+++ b/internal/scalibrextract/language/osv/osvscannerjson/extractor.go
@@ -10,7 +10,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem"
 	"github.com/google/osv-scalibr/plugin"
 	"github.com/google/osv-scalibr/purl"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // Extractor extracts osv packages from osv-scanner json output.
diff --git a/internal/scalibrextract/language/osv/osvscannerjson/extractor_test.go b/internal/scalibrextract/language/osv/osvscannerjson/extractor_test.go
index 9868ae6f568..11302d0401d 100644
--- a/internal/scalibrextract/language/osv/osvscannerjson/extractor_test.go
+++ b/internal/scalibrextract/language/osv/osvscannerjson/extractor_test.go
@@ -8,8 +8,8 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/google/osv-scalibr/extractor"
 	"github.com/google/osv-scalibr/testing/extracttest"
-	"github.com/google/osv-scanner/internal/scalibrextract/language/osv/osvscannerjson"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestExtractor_Extract(t *testing.T) {
diff --git a/internal/scalibrextract/language/osv/osvscannerjson/metadata.go b/internal/scalibrextract/language/osv/osvscannerjson/metadata.go
index 45c9e2c9664..26943fe92f3 100644
--- a/internal/scalibrextract/language/osv/osvscannerjson/metadata.go
+++ b/internal/scalibrextract/language/osv/osvscannerjson/metadata.go
@@ -1,6 +1,6 @@
 package osvscannerjson
 
-import "github.com/google/osv-scanner/pkg/models"
+import "github.com/google/osv-scanner/v2/pkg/models"
 
 // Metadata holds the metadata for osvscanner.json
 type Metadata struct {
diff --git a/internal/scalibrextract/vcs/gitrepo/extractor_test.go b/internal/scalibrextract/vcs/gitrepo/extractor_test.go
index a3aefc889b7..2b18e5c96b9 100644
--- a/internal/scalibrextract/vcs/gitrepo/extractor_test.go
+++ b/internal/scalibrextract/vcs/gitrepo/extractor_test.go
@@ -11,7 +11,7 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/google/osv-scalibr/extractor"
 	"github.com/google/osv-scalibr/testing/extracttest"
-	"github.com/google/osv-scanner/internal/scalibrextract/vcs/gitrepo"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
 )
 
 func TestExtractor_Extract(t *testing.T) {
diff --git a/internal/semantic/compare_test.go b/internal/semantic/compare_test.go
index b99f5774bb9..73b85087ee4 100644
--- a/internal/semantic/compare_test.go
+++ b/internal/semantic/compare_test.go
@@ -8,8 +8,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/semantic"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/semantic"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func expectedResult(t *testing.T, comparator string) int {
diff --git a/internal/semantic/parse.go b/internal/semantic/parse.go
index b774bf4a70a..eb804923623 100644
--- a/internal/semantic/parse.go
+++ b/internal/semantic/parse.go
@@ -4,7 +4,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 var ErrUnsupportedEcosystem = errors.New("unsupported ecosystem")
diff --git a/internal/semantic/parse_test.go b/internal/semantic/parse_test.go
index 99f8083ce78..4af605f5cca 100644
--- a/internal/semantic/parse_test.go
+++ b/internal/semantic/parse_test.go
@@ -4,9 +4,9 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/semantic"
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/semantic"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestParse(t *testing.T) {
diff --git a/internal/semantic/version-alpine.go b/internal/semantic/version-alpine.go
index 9030e518123..82e64513b69 100644
--- a/internal/semantic/version-alpine.go
+++ b/internal/semantic/version-alpine.go
@@ -4,7 +4,7 @@ import (
 	"math/big"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 type alpineNumberComponent struct {
diff --git a/internal/semantic/version-maven.go b/internal/semantic/version-maven.go
index 9c86c1b7465..04636bffd48 100644
--- a/internal/semantic/version-maven.go
+++ b/internal/semantic/version-maven.go
@@ -5,7 +5,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 type mavenVersionToken struct {
diff --git a/internal/semantic/version-packagist.go b/internal/semantic/version-packagist.go
index ae0b21ee2da..a9820972303 100644
--- a/internal/semantic/version-packagist.go
+++ b/internal/semantic/version-packagist.go
@@ -4,7 +4,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 func canonicalizePackagistVersion(v string) string {
diff --git a/internal/semantic/version-pypi.go b/internal/semantic/version-pypi.go
index 8363a1e3c4a..b4994260542 100644
--- a/internal/semantic/version-pypi.go
+++ b/internal/semantic/version-pypi.go
@@ -5,7 +5,7 @@ import (
 	"math/big"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 type PyPIVersion struct {
diff --git a/internal/semantic/version-semver-like.go b/internal/semantic/version-semver-like.go
index 3ccfe91846c..e00a89e625c 100644
--- a/internal/semantic/version-semver-like.go
+++ b/internal/semantic/version-semver-like.go
@@ -5,7 +5,7 @@ import (
 	"math/big"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 // SemverLikeVersion is a version that is _like_ a version as defined by the
diff --git a/internal/sourceanalysis/go.go b/internal/sourceanalysis/go.go
index db31d33e3c2..1cde1dcec96 100644
--- a/internal/sourceanalysis/go.go
+++ b/internal/sourceanalysis/go.go
@@ -10,10 +10,10 @@ import (
 	"os/exec"
 	"path/filepath"
 
-	"github.com/google/osv-scanner/internal/sourceanalysis/govulncheck"
-	"github.com/google/osv-scanner/internal/url"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/sourceanalysis/govulncheck"
+	"github.com/google/osv-scanner/v2/internal/url"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"golang.org/x/vuln/scan"
 )
 
diff --git a/internal/sourceanalysis/go_test.go b/internal/sourceanalysis/go_test.go
index 197c0988689..cc9c27ee4d4 100644
--- a/internal/sourceanalysis/go_test.go
+++ b/internal/sourceanalysis/go_test.go
@@ -3,9 +3,9 @@ package sourceanalysis
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/sourceanalysis/govulncheck"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/sourceanalysis/govulncheck"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func Test_matchAnalysisWithPackageVulns(t *testing.T) {
diff --git a/internal/sourceanalysis/integration_test.go b/internal/sourceanalysis/integration_test.go
index d3cbb150689..59eb4312345 100644
--- a/internal/sourceanalysis/integration_test.go
+++ b/internal/sourceanalysis/integration_test.go
@@ -7,8 +7,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 var fixturesDir = "integration/fixtures-go"
diff --git a/internal/sourceanalysis/rust.go b/internal/sourceanalysis/rust.go
index 376841aa6f8..ec12451ea6b 100644
--- a/internal/sourceanalysis/rust.go
+++ b/internal/sourceanalysis/rust.go
@@ -13,10 +13,10 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
-	"github.com/google/osv-scanner/internal/thirdparty/ar"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/thirdparty/ar"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/ianlancetaylor/demangle"
 )
 
diff --git a/internal/sourceanalysis/rust_test.go b/internal/sourceanalysis/rust_test.go
index a9fd8dabdd5..d9ed9361c8b 100644
--- a/internal/sourceanalysis/rust_test.go
+++ b/internal/sourceanalysis/rust_test.go
@@ -8,9 +8,9 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func Test_extractRlibArchive(t *testing.T) {
diff --git a/internal/sourceanalysis/sourceanalysis.go b/internal/sourceanalysis/sourceanalysis.go
index 1c9f5d8c6dc..abf3f344e5c 100644
--- a/internal/sourceanalysis/sourceanalysis.go
+++ b/internal/sourceanalysis/sourceanalysis.go
@@ -3,8 +3,8 @@ package sourceanalysis
 import (
 	"path/filepath"
 
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 // vulnsFromAllPkgs returns the flattened list of unique vulnerabilities
diff --git a/internal/sourceanalysis/testmain_test.go b/internal/sourceanalysis/testmain_test.go
index 8a02fb8d0e1..0e1f7730a8c 100644
--- a/internal/sourceanalysis/testmain_test.go
+++ b/internal/sourceanalysis/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/internal/spdx/satisfies.go b/internal/spdx/satisfies.go
index 10bf78b4bb6..831cd07e582 100644
--- a/internal/spdx/satisfies.go
+++ b/internal/spdx/satisfies.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type node interface {
diff --git a/internal/spdx/satisfies_test.go b/internal/spdx/satisfies_test.go
index 5d1044e7d27..c9269c41992 100644
--- a/internal/spdx/satisfies_test.go
+++ b/internal/spdx/satisfies_test.go
@@ -4,8 +4,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/spdx"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/spdx"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func namer(t *testing.T, license models.License, licenses []string, expected bool) string {
diff --git a/internal/tui/dependency-graph.go b/internal/tui/dependency-graph.go
index 151c97dded5..2520ea1fc79 100644
--- a/internal/tui/dependency-graph.go
+++ b/internal/tui/dependency-graph.go
@@ -6,7 +6,7 @@ import (
 
 	"deps.dev/util/resolve"
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution"
 	"golang.org/x/exp/slices"
 )
 
diff --git a/internal/tui/in-place-info.go b/internal/tui/in-place-info.go
index 86e1e549321..866d89d4d1b 100644
--- a/internal/tui/in-place-info.go
+++ b/internal/tui/in-place-info.go
@@ -7,8 +7,8 @@ import (
 	"github.com/charmbracelet/bubbles/table"
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/resolution"
 )
 
 // A ViewModel showing the table of package upgrades and fixed vulnerabilities, for in-place upgrades.
diff --git a/internal/tui/relock-info.go b/internal/tui/relock-info.go
index 9c6257164ec..f5dab364407 100644
--- a/internal/tui/relock-info.go
+++ b/internal/tui/relock-info.go
@@ -7,7 +7,7 @@ import (
 	"github.com/charmbracelet/bubbles/key"
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution"
 )
 
 // A ViewModel showing the dependency changes, the removed, and added vulnerabilities
diff --git a/internal/tui/severity.go b/internal/tui/severity.go
index f669ca40ae1..37585400209 100644
--- a/internal/tui/severity.go
+++ b/internal/tui/severity.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/utility/severity"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/utility/severity"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 var (
diff --git a/internal/tui/vuln-info.go b/internal/tui/vuln-info.go
index d1e6de50445..07405e4f611 100644
--- a/internal/tui/vuln-info.go
+++ b/internal/tui/vuln-info.go
@@ -12,7 +12,7 @@ import (
 	"github.com/charmbracelet/glamour/ansi"
 	"github.com/charmbracelet/glamour/styles"
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution"
 	"github.com/muesli/reflow/wordwrap"
 )
 
diff --git a/internal/tui/vuln-list.go b/internal/tui/vuln-list.go
index 4798bc816a9..4b9c849b6ff 100644
--- a/internal/tui/vuln-list.go
+++ b/internal/tui/vuln-list.go
@@ -10,8 +10,8 @@ import (
 	"github.com/charmbracelet/bubbles/list"
 	tea "github.com/charmbracelet/bubbletea"
 	"github.com/charmbracelet/lipgloss"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/utility/severity"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/utility/severity"
 	"github.com/muesli/reflow/truncate"
 )
 
diff --git a/internal/utility/maven/maven.go b/internal/utility/maven/maven.go
index 39680db1426..b5d81db6865 100644
--- a/internal/utility/maven/maven.go
+++ b/internal/utility/maven/maven.go
@@ -8,7 +8,7 @@ import (
 	"path/filepath"
 
 	"deps.dev/util/maven"
-	"github.com/google/osv-scanner/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/datasource"
 )
 
 const (
diff --git a/internal/utility/maven/maven_test.go b/internal/utility/maven/maven_test.go
index 45bfc4ad664..8f1c642f481 100644
--- a/internal/utility/maven/maven_test.go
+++ b/internal/utility/maven/maven_test.go
@@ -4,7 +4,7 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/utility/maven"
+	"github.com/google/osv-scanner/v2/internal/utility/maven"
 )
 
 func TestParentPOMPath(t *testing.T) {
diff --git a/internal/utility/purl/composer.go b/internal/utility/purl/composer.go
index d30bb82cb88..070f8d42b29 100644
--- a/internal/utility/purl/composer.go
+++ b/internal/utility/purl/composer.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func FromComposer(packageInfo models.PackageInfo) (namespace string, name string, err error) {
diff --git a/internal/utility/purl/composer_test.go b/internal/utility/purl/composer_test.go
index 65139f75501..5a7040bfc90 100644
--- a/internal/utility/purl/composer_test.go
+++ b/internal/utility/purl/composer_test.go
@@ -3,9 +3,9 @@ package purl_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/utility/purl"
+	"github.com/google/osv-scanner/v2/internal/utility/purl"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestComposerExtraction_shouldExtractPackages(t *testing.T) {
diff --git a/internal/utility/purl/golang.go b/internal/utility/purl/golang.go
index c7475aae0c0..a210ef6bdee 100644
--- a/internal/utility/purl/golang.go
+++ b/internal/utility/purl/golang.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func FromGo(packageInfo models.PackageInfo) (namespace string, name string, err error) {
diff --git a/internal/utility/purl/golang_test.go b/internal/utility/purl/golang_test.go
index 65d8ce6e930..0e02178e09c 100644
--- a/internal/utility/purl/golang_test.go
+++ b/internal/utility/purl/golang_test.go
@@ -3,9 +3,9 @@ package purl_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/utility/purl"
+	"github.com/google/osv-scanner/v2/internal/utility/purl"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestGolangExtraction_shouldExtractPackages(t *testing.T) {
diff --git a/internal/utility/purl/maven.go b/internal/utility/purl/maven.go
index 78c3d19bb96..f3fe318b328 100644
--- a/internal/utility/purl/maven.go
+++ b/internal/utility/purl/maven.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func FromMaven(packageInfo models.PackageInfo) (namespace string, name string, err error) {
diff --git a/internal/utility/purl/maven_test.go b/internal/utility/purl/maven_test.go
index fbc2dae94be..fbde9284698 100644
--- a/internal/utility/purl/maven_test.go
+++ b/internal/utility/purl/maven_test.go
@@ -3,9 +3,9 @@ package purl_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/utility/purl"
+	"github.com/google/osv-scanner/v2/internal/utility/purl"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestMavenExtraction_shouldExtractPackages(t *testing.T) {
diff --git a/internal/utility/purl/package_grouper.go b/internal/utility/purl/package_grouper.go
index 2e96920ca4a..f48de1077c9 100644
--- a/internal/utility/purl/package_grouper.go
+++ b/internal/utility/purl/package_grouper.go
@@ -3,7 +3,7 @@ package purl
 import (
 	"slices"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // Group takes a list of packages, and group them in a map using their PURL
diff --git a/internal/utility/purl/package_grouper_test.go b/internal/utility/purl/package_grouper_test.go
index 5d9042662e7..4b7de9b0948 100644
--- a/internal/utility/purl/package_grouper_test.go
+++ b/internal/utility/purl/package_grouper_test.go
@@ -4,10 +4,10 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/utility/purl"
+	"github.com/google/osv-scanner/v2/internal/utility/purl"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestGroupPackageByPURL_ShouldUnifyPackages(t *testing.T) {
diff --git a/internal/utility/purl/purl.go b/internal/utility/purl/purl.go
index c6fef57860a..aa5c85e630c 100644
--- a/internal/utility/purl/purl.go
+++ b/internal/utility/purl/purl.go
@@ -3,7 +3,7 @@ package purl
 import (
 	"fmt"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"github.com/package-url/packageurl-go"
 )
 
diff --git a/internal/utility/results/results.go b/internal/utility/results/results.go
index 131be970acb..22cd6bea22c 100644
--- a/internal/utility/results/results.go
+++ b/internal/utility/results/results.go
@@ -3,7 +3,7 @@ package results
 import (
 	"fmt"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // Number of characters to display a git commit
diff --git a/internal/utility/severity/severity.go b/internal/utility/severity/severity.go
index 4d17697e9a9..3f428b73e46 100644
--- a/internal/utility/severity/severity.go
+++ b/internal/utility/severity/severity.go
@@ -4,7 +4,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	gocvss20 "github.com/pandatix/go-cvss/20"
 	gocvss30 "github.com/pandatix/go-cvss/30"
 	gocvss31 "github.com/pandatix/go-cvss/31"
diff --git a/internal/utility/severity/severity_test.go b/internal/utility/severity/severity_test.go
index 006d098741b..ac9a87e1c8e 100644
--- a/internal/utility/severity/severity_test.go
+++ b/internal/utility/severity/severity_test.go
@@ -4,8 +4,8 @@ import (
 	"math"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/utility/severity"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/utility/severity"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestSeverity_CalculateScore(t *testing.T) {
diff --git a/internal/utility/vulns/vulnerabilities.go b/internal/utility/vulns/vulnerabilities.go
index 0c9539e6b86..b3ecbbe4ea2 100644
--- a/internal/utility/vulns/vulnerabilities.go
+++ b/internal/utility/vulns/vulnerabilities.go
@@ -1,6 +1,6 @@
 package vulns
 
-import "github.com/google/osv-scanner/pkg/models"
+import "github.com/google/osv-scanner/v2/pkg/models"
 
 func Include(vs []*models.Vulnerability, vulnerability models.Vulnerability) bool {
 	for _, vuln := range vs {
diff --git a/internal/utility/vulns/vulnerabilities_test.go b/internal/utility/vulns/vulnerabilities_test.go
index 39ebbea4241..5397eb751d5 100644
--- a/internal/utility/vulns/vulnerabilities_test.go
+++ b/internal/utility/vulns/vulnerabilities_test.go
@@ -3,8 +3,8 @@ package vulns_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/utility/vulns"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/utility/vulns"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestVulnerabilities_Includes(t *testing.T) {
diff --git a/internal/utility/vulns/vulnerability.go b/internal/utility/vulns/vulnerability.go
index 3ce29db09d0..48516e01a6e 100644
--- a/internal/utility/vulns/vulnerability.go
+++ b/internal/utility/vulns/vulnerability.go
@@ -7,9 +7,9 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/semantic"
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/semantic"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func eventVersion(e models.Event) string {
diff --git a/internal/utility/vulns/vulnerability_test.go b/internal/utility/vulns/vulnerability_test.go
index e942c4337fd..ae3ce57c43e 100644
--- a/internal/utility/vulns/vulnerability_test.go
+++ b/internal/utility/vulns/vulnerability_test.go
@@ -4,9 +4,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/google/osv-scanner/internal/utility/vulns"
-	"github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/utility/vulns"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func expectIsAffected(t *testing.T, vuln models.Vulnerability, version string, expectAffected bool) {
diff --git a/pkg/lockfile/apk-installed_test.go b/pkg/lockfile/apk-installed_test.go
index 852d2e4d562..f9c26e4949c 100644
--- a/pkg/lockfile/apk-installed_test.go
+++ b/pkg/lockfile/apk-installed_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 const alpineEcosystem = lockfile.AlpineEcosystem + ":" + lockfile.AlpineFallbackVersion
diff --git a/pkg/lockfile/csv_test.go b/pkg/lockfile/csv_test.go
index e0af55a2bfd..8f149eb79e0 100644
--- a/pkg/lockfile/csv_test.go
+++ b/pkg/lockfile/csv_test.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestFromCSVRows(t *testing.T) {
diff --git a/pkg/lockfile/dpkg-status.go b/pkg/lockfile/dpkg-status.go
index 8c2a11a4a32..d46257d241e 100644
--- a/pkg/lockfile/dpkg-status.go
+++ b/pkg/lockfile/dpkg-status.go
@@ -6,7 +6,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 const DebianEcosystem Ecosystem = "Debian"
diff --git a/pkg/lockfile/dpkg-status_test.go b/pkg/lockfile/dpkg-status_test.go
index 4cf60cdd256..faf04f6a648 100644
--- a/pkg/lockfile/dpkg-status_test.go
+++ b/pkg/lockfile/dpkg-status_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseDpkgStatus_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/ecosystems_test.go b/pkg/lockfile/ecosystems_test.go
index 7c0c99ec2cf..d5b33beef68 100644
--- a/pkg/lockfile/ecosystems_test.go
+++ b/pkg/lockfile/ecosystems_test.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func numberOfLockfileParsers(t *testing.T) int {
diff --git a/pkg/lockfile/extract_test.go b/pkg/lockfile/extract_test.go
index 9300c244fe3..e989abf9920 100644
--- a/pkg/lockfile/extract_test.go
+++ b/pkg/lockfile/extract_test.go
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 type TestDepFile struct {
diff --git a/pkg/lockfile/go-binary_test.go b/pkg/lockfile/go-binary_test.go
index ed3e2e96826..63843cbe697 100644
--- a/pkg/lockfile/go-binary_test.go
+++ b/pkg/lockfile/go-binary_test.go
@@ -3,8 +3,8 @@ package lockfile_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestGoBinaryExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/helpers_test.go b/pkg/lockfile/helpers_test.go
index 6c7103302bc..591f745240c 100644
--- a/pkg/lockfile/helpers_test.go
+++ b/pkg/lockfile/helpers_test.go
@@ -8,8 +8,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func expectErrContaining(t *testing.T, err error, str string) {
diff --git a/pkg/lockfile/node-modules-npm-v1_test.go b/pkg/lockfile/node-modules-npm-v1_test.go
index 7054f0c82e0..748a3cab4a3 100644
--- a/pkg/lockfile/node-modules-npm-v1_test.go
+++ b/pkg/lockfile/node-modules-npm-v1_test.go
@@ -3,7 +3,7 @@ package lockfile_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestNodeModulesExtractor_Extract_npm_v1_InvalidJson(t *testing.T) {
diff --git a/pkg/lockfile/node-modules-npm-v2_test.go b/pkg/lockfile/node-modules-npm-v2_test.go
index e1ad77d7f80..f3407e703c1 100644
--- a/pkg/lockfile/node-modules-npm-v2_test.go
+++ b/pkg/lockfile/node-modules-npm-v2_test.go
@@ -3,7 +3,7 @@ package lockfile_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestNodeModulesExtractor_Extract_npm_v2_InvalidJson(t *testing.T) {
diff --git a/pkg/lockfile/node-modules_test.go b/pkg/lockfile/node-modules_test.go
index d576db2f81a..6ac0a76aeff 100644
--- a/pkg/lockfile/node-modules_test.go
+++ b/pkg/lockfile/node-modules_test.go
@@ -5,7 +5,7 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func createTestDirWithNodeModulesDir(t *testing.T) (string, func()) {
diff --git a/pkg/lockfile/osv-vuln-result_test.go b/pkg/lockfile/osv-vuln-result_test.go
index be69443b0df..16dd80f37da 100644
--- a/pkg/lockfile/osv-vuln-result_test.go
+++ b/pkg/lockfile/osv-vuln-result_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseOSVScannerResults_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/osv-vuln-results.go b/pkg/lockfile/osv-vuln-results.go
index b9d461d7728..e395d2029ff 100644
--- a/pkg/lockfile/osv-vuln-results.go
+++ b/pkg/lockfile/osv-vuln-results.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // Deprecated: use OSVScannerResultsExtractor.Extract instead
diff --git a/pkg/lockfile/parse-cargo-lock_test.go b/pkg/lockfile/parse-cargo-lock_test.go
index 6952cb3109f..7cff6ff8fb0 100644
--- a/pkg/lockfile/parse-cargo-lock_test.go
+++ b/pkg/lockfile/parse-cargo-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestCargoLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-composer-lock_test.go b/pkg/lockfile/parse-composer-lock_test.go
index e2e1f3ee0c2..764b5b5149c 100644
--- a/pkg/lockfile/parse-composer-lock_test.go
+++ b/pkg/lockfile/parse-composer-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestComposerLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-conan-lock-v1-revisions_test.go b/pkg/lockfile/parse-conan-lock-v1-revisions_test.go
index e20101a3dd0..da29ead38b5 100644
--- a/pkg/lockfile/parse-conan-lock-v1-revisions_test.go
+++ b/pkg/lockfile/parse-conan-lock-v1-revisions_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseConanLock_v1_revisions_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-conan-lock-v1_test.go b/pkg/lockfile/parse-conan-lock-v1_test.go
index 390232aa2e1..76d2f0bdc2f 100644
--- a/pkg/lockfile/parse-conan-lock-v1_test.go
+++ b/pkg/lockfile/parse-conan-lock-v1_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseConanLock_v1_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-conan-lock-v2_test.go b/pkg/lockfile/parse-conan-lock-v2_test.go
index 58dbb6e37e6..161a4bb7905 100644
--- a/pkg/lockfile/parse-conan-lock-v2_test.go
+++ b/pkg/lockfile/parse-conan-lock-v2_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseConanLock_v2_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-conan-lock_test.go b/pkg/lockfile/parse-conan-lock_test.go
index b72f9d34a23..bb50a83b6fe 100644
--- a/pkg/lockfile/parse-conan-lock_test.go
+++ b/pkg/lockfile/parse-conan-lock_test.go
@@ -3,7 +3,7 @@ package lockfile_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestConanLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-gemfile-lock.go b/pkg/lockfile/parse-gemfile-lock.go
index c2c3fe64c89..2b17b7e279f 100644
--- a/pkg/lockfile/parse-gemfile-lock.go
+++ b/pkg/lockfile/parse-gemfile-lock.go
@@ -7,7 +7,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 const BundlerEcosystem Ecosystem = "RubyGems"
diff --git a/pkg/lockfile/parse-gemfile-lock_test.go b/pkg/lockfile/parse-gemfile-lock_test.go
index 2cf3c24d2a7..0f28baebad0 100644
--- a/pkg/lockfile/parse-gemfile-lock_test.go
+++ b/pkg/lockfile/parse-gemfile-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestGemfileLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-go-lock_test.go b/pkg/lockfile/parse-go-lock_test.go
index 14ccd66e954..a7d3e7fc5ea 100644
--- a/pkg/lockfile/parse-go-lock_test.go
+++ b/pkg/lockfile/parse-go-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestGoLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-gradle-lock_test.go b/pkg/lockfile/parse-gradle-lock_test.go
index 34d3b3e19f0..1009c55e8ca 100644
--- a/pkg/lockfile/parse-gradle-lock_test.go
+++ b/pkg/lockfile/parse-gradle-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestGradleLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-gradle-verification-metadata_test.go b/pkg/lockfile/parse-gradle-verification-metadata_test.go
index 68c5768bc9f..f8b071f1534 100644
--- a/pkg/lockfile/parse-gradle-verification-metadata_test.go
+++ b/pkg/lockfile/parse-gradle-verification-metadata_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestGradleVerificationMetadataExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-maven-lock.go b/pkg/lockfile/parse-maven-lock.go
index 0d64422dc45..1f4b4e0e068 100644
--- a/pkg/lockfile/parse-maven-lock.go
+++ b/pkg/lockfile/parse-maven-lock.go
@@ -7,7 +7,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 	"golang.org/x/exp/maps"
 )
 
diff --git a/pkg/lockfile/parse-maven-lock_test.go b/pkg/lockfile/parse-maven-lock_test.go
index b49064e7123..4f2e1c4dcd8 100644
--- a/pkg/lockfile/parse-maven-lock_test.go
+++ b/pkg/lockfile/parse-maven-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestMavenLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-mix-lock.go b/pkg/lockfile/parse-mix-lock.go
index 06d917a5769..462f80ce554 100644
--- a/pkg/lockfile/parse-mix-lock.go
+++ b/pkg/lockfile/parse-mix-lock.go
@@ -7,7 +7,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 const MixEcosystem Ecosystem = "Hex"
diff --git a/pkg/lockfile/parse-mix-lock_test.go b/pkg/lockfile/parse-mix-lock_test.go
index 534f6e707fd..bc6e342205d 100644
--- a/pkg/lockfile/parse-mix-lock_test.go
+++ b/pkg/lockfile/parse-mix-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestMixLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-npm-lock-v1_test.go b/pkg/lockfile/parse-npm-lock-v1_test.go
index 8c07224f535..61c6db4cc8b 100644
--- a/pkg/lockfile/parse-npm-lock-v1_test.go
+++ b/pkg/lockfile/parse-npm-lock-v1_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseNpmLock_v1_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-npm-lock-v2_test.go b/pkg/lockfile/parse-npm-lock-v2_test.go
index 13a62ee5bd6..954ed4a7fe2 100644
--- a/pkg/lockfile/parse-npm-lock-v2_test.go
+++ b/pkg/lockfile/parse-npm-lock-v2_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseNpmLock_v2_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-npm-lock_test.go b/pkg/lockfile/parse-npm-lock_test.go
index 83d19a014c8..99d35e0d3ea 100644
--- a/pkg/lockfile/parse-npm-lock_test.go
+++ b/pkg/lockfile/parse-npm-lock_test.go
@@ -3,7 +3,7 @@ package lockfile_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestNpmLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-nuget-lock-v1_test.go b/pkg/lockfile/parse-nuget-lock-v1_test.go
index 0397720abed..247e336f6f1 100644
--- a/pkg/lockfile/parse-nuget-lock-v1_test.go
+++ b/pkg/lockfile/parse-nuget-lock-v1_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseNuGetLock_v1_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-nuget-lock_test.go b/pkg/lockfile/parse-nuget-lock_test.go
index 2bb1c236e03..933044d0bce 100644
--- a/pkg/lockfile/parse-nuget-lock_test.go
+++ b/pkg/lockfile/parse-nuget-lock_test.go
@@ -3,7 +3,7 @@ package lockfile_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestNuGetLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-pdm-lock_test.go b/pkg/lockfile/parse-pdm-lock_test.go
index c595f3c3fae..07b846b5072 100644
--- a/pkg/lockfile/parse-pdm-lock_test.go
+++ b/pkg/lockfile/parse-pdm-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestPdmExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-pipenv-lock_test.go b/pkg/lockfile/parse-pipenv-lock_test.go
index 0da3ac930e0..f58fbb14fd5 100644
--- a/pkg/lockfile/parse-pipenv-lock_test.go
+++ b/pkg/lockfile/parse-pipenv-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestPipenvLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-pnpm-lock-v9_test.go b/pkg/lockfile/parse-pnpm-lock-v9_test.go
index b0763860b2a..b06b00ba3c5 100644
--- a/pkg/lockfile/parse-pnpm-lock-v9_test.go
+++ b/pkg/lockfile/parse-pnpm-lock-v9_test.go
@@ -3,7 +3,7 @@ package lockfile_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParsePnpmLock_v9_NoPackages(t *testing.T) {
diff --git a/pkg/lockfile/parse-pnpm-lock.go b/pkg/lockfile/parse-pnpm-lock.go
index 545450fa5da..75ecd0ae31a 100644
--- a/pkg/lockfile/parse-pnpm-lock.go
+++ b/pkg/lockfile/parse-pnpm-lock.go
@@ -8,7 +8,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 	"gopkg.in/yaml.v3"
 )
 
diff --git a/pkg/lockfile/parse-pnpm-lock_test.go b/pkg/lockfile/parse-pnpm-lock_test.go
index bee7c6b4aaf..f21f9efdebf 100644
--- a/pkg/lockfile/parse-pnpm-lock_test.go
+++ b/pkg/lockfile/parse-pnpm-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestPnpmLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-poetry-lock_test.go b/pkg/lockfile/parse-poetry-lock_test.go
index 4b719e5d19e..0a4d6dfaf90 100644
--- a/pkg/lockfile/parse-poetry-lock_test.go
+++ b/pkg/lockfile/parse-poetry-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestPoetryLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-pubspec-lock_test.go b/pkg/lockfile/parse-pubspec-lock_test.go
index 4f20df34fba..a8e31f8d0c2 100644
--- a/pkg/lockfile/parse-pubspec-lock_test.go
+++ b/pkg/lockfile/parse-pubspec-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestPubspecLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-renv-lock_test.go b/pkg/lockfile/parse-renv-lock_test.go
index a4f8eecb538..e8598421341 100644
--- a/pkg/lockfile/parse-renv-lock_test.go
+++ b/pkg/lockfile/parse-renv-lock_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseRenvLock_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-requirements-txt.go b/pkg/lockfile/parse-requirements-txt.go
index f4a0f88a2fa..c8af24c6edd 100644
--- a/pkg/lockfile/parse-requirements-txt.go
+++ b/pkg/lockfile/parse-requirements-txt.go
@@ -6,7 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 	"golang.org/x/exp/maps"
 )
 
diff --git a/pkg/lockfile/parse-requirements-txt_test.go b/pkg/lockfile/parse-requirements-txt_test.go
index 341e976957f..05b0344d94c 100644
--- a/pkg/lockfile/parse-requirements-txt_test.go
+++ b/pkg/lockfile/parse-requirements-txt_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestRequirementsTxtExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse-yarn-lock-v1_test.go b/pkg/lockfile/parse-yarn-lock-v1_test.go
index 459672fd28c..6bc1456eb17 100644
--- a/pkg/lockfile/parse-yarn-lock-v1_test.go
+++ b/pkg/lockfile/parse-yarn-lock-v1_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseYarnLock_v1_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-yarn-lock-v2_test.go b/pkg/lockfile/parse-yarn-lock-v2_test.go
index 64cde52719e..a610abd899b 100644
--- a/pkg/lockfile/parse-yarn-lock-v2_test.go
+++ b/pkg/lockfile/parse-yarn-lock-v2_test.go
@@ -4,7 +4,7 @@ import (
 	"io/fs"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestParseYarnLock_v2_FileDoesNotExist(t *testing.T) {
diff --git a/pkg/lockfile/parse-yarn-lock.go b/pkg/lockfile/parse-yarn-lock.go
index 1534e3ace34..79c6a3d930c 100644
--- a/pkg/lockfile/parse-yarn-lock.go
+++ b/pkg/lockfile/parse-yarn-lock.go
@@ -8,7 +8,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/cachedregexp"
+	"github.com/google/osv-scanner/v2/internal/cachedregexp"
 )
 
 const YarnEcosystem = NpmEcosystem
diff --git a/pkg/lockfile/parse-yarn-lock_test.go b/pkg/lockfile/parse-yarn-lock_test.go
index 854436d47e8..7bff88e7849 100644
--- a/pkg/lockfile/parse-yarn-lock_test.go
+++ b/pkg/lockfile/parse-yarn-lock_test.go
@@ -3,7 +3,7 @@ package lockfile_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func TestYarnLockExtractor_ShouldExtract(t *testing.T) {
diff --git a/pkg/lockfile/parse_test.go b/pkg/lockfile/parse_test.go
index a13d02310c2..33acf6d68d0 100644
--- a/pkg/lockfile/parse_test.go
+++ b/pkg/lockfile/parse_test.go
@@ -7,8 +7,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
 )
 
 func expectNumberOfParsersCalled(t *testing.T, numberOfParsersCalled int) {
diff --git a/pkg/lockfile/types.go b/pkg/lockfile/types.go
index 89122f006b7..0a132209083 100644
--- a/pkg/lockfile/types.go
+++ b/pkg/lockfile/types.go
@@ -1,6 +1,6 @@
 package lockfile
 
-import "github.com/google/osv-scanner/pkg/models"
+import "github.com/google/osv-scanner/v2/pkg/models"
 
 // TODO(v2): Remove completely
 // TODO(v2): These fields do not need JSON tags I believe
diff --git a/pkg/models/purl_to_package_test.go b/pkg/models/purl_to_package_test.go
index a14c7153782..1a4d13a6a84 100644
--- a/pkg/models/purl_to_package_test.go
+++ b/pkg/models/purl_to_package_test.go
@@ -4,7 +4,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestPURLToPackage(t *testing.T) {
diff --git a/pkg/models/results_test.go b/pkg/models/results_test.go
index ed2738d1c71..641d649bde6 100644
--- a/pkg/models/results_test.go
+++ b/pkg/models/results_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestFlatten(t *testing.T) {
diff --git a/pkg/models/testmain_test.go b/pkg/models/testmain_test.go
index 47da142403f..955fd00543a 100644
--- a/pkg/models/testmain_test.go
+++ b/pkg/models/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/pkg/models/vulnerabilities_test.go b/pkg/models/vulnerabilities_test.go
index d966d189b92..08d7366035b 100644
--- a/pkg/models/vulnerabilities_test.go
+++ b/pkg/models/vulnerabilities_test.go
@@ -3,8 +3,8 @@ package models_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 func TestVulnerabilities_MarshalJSON(t *testing.T) {
diff --git a/pkg/models/vulnerability_test.go b/pkg/models/vulnerability_test.go
index 107024d9e1b..f8294b961eb 100644
--- a/pkg/models/vulnerability_test.go
+++ b/pkg/models/vulnerability_test.go
@@ -4,8 +4,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"gopkg.in/yaml.v3"
 )
 
diff --git a/pkg/osv/osv.go b/pkg/osv/osv.go
index 56fdd74b6a9..1a762a593dc 100644
--- a/pkg/osv/osv.go
+++ b/pkg/osv/osv.go
@@ -10,8 +10,8 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/pkg/models"
 
 	"golang.org/x/sync/errgroup"
 )
diff --git a/pkg/osv/osv_test.go b/pkg/osv/osv_test.go
index d6dd985c868..91184ff3ede 100644
--- a/pkg/osv/osv_test.go
+++ b/pkg/osv/osv_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMakeRetryRequest(t *testing.T) {
diff --git a/pkg/osvscanner/filter.go b/pkg/osvscanner/filter.go
index 4dd98562e46..d8cdbc91f1f 100644
--- a/pkg/osvscanner/filter.go
+++ b/pkg/osvscanner/filter.go
@@ -3,11 +3,11 @@ package osvscanner
 import (
 	"fmt"
 
-	"github.com/google/osv-scanner/internal/config"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/imodels/results"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/config"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/imodels/results"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 )
 
diff --git a/pkg/osvscanner/filter_internal_test.go b/pkg/osvscanner/filter_internal_test.go
index 9d705fa8306..61f4189e95c 100644
--- a/pkg/osvscanner/filter_internal_test.go
+++ b/pkg/osvscanner/filter_internal_test.go
@@ -4,10 +4,10 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/config"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/config"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func Test_filterResults(t *testing.T) {
diff --git a/pkg/osvscanner/internal/imagehelpers/imagehelpers.go b/pkg/osvscanner/internal/imagehelpers/imagehelpers.go
index 89132288dae..05753718f4d 100644
--- a/pkg/osvscanner/internal/imagehelpers/imagehelpers.go
+++ b/pkg/osvscanner/internal/imagehelpers/imagehelpers.go
@@ -10,9 +10,9 @@ import (
 
 	"github.com/google/osv-scalibr/artifact/image/layerscanning/image"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/osrelease"
-	"github.com/google/osv-scanner/internal/clients/clientinterfaces"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/clients/clientinterfaces"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func BuildImageMetadata(img *image.Image, baseImageMatcher clientinterfaces.BaseImageMatcher) (*models.ImageMetadata, error) {
diff --git a/pkg/osvscanner/internal/scanners/extractorbuilder.go b/pkg/osvscanner/internal/scanners/extractorbuilder.go
index 9d2e4cce787..66dfa422754 100644
--- a/pkg/osvscanner/internal/scanners/extractorbuilder.go
+++ b/pkg/osvscanner/internal/scanners/extractorbuilder.go
@@ -32,13 +32,13 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/os/dpkg"
 	"github.com/google/osv-scalibr/extractor/filesystem/sbom/cdx"
 	"github.com/google/osv-scalibr/extractor/filesystem/sbom/spdx"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/osvdev"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/scalibrextract/filesystem/vendored"
-	"github.com/google/osv-scanner/internal/scalibrextract/language/java/pomxmlnet"
-	"github.com/google/osv-scanner/internal/scalibrextract/language/javascript/nodemodules"
-	"github.com/google/osv-scanner/internal/scalibrextract/vcs/gitrepo"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/filesystem/vendored"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/java/pomxmlnet"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/javascript/nodemodules"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 )
 
diff --git a/pkg/osvscanner/internal/scanners/lockfile.go b/pkg/osvscanner/internal/scanners/lockfile.go
index 20dbb1feabe..211bcd4886a 100644
--- a/pkg/osvscanner/internal/scanners/lockfile.go
+++ b/pkg/osvscanner/internal/scanners/lockfile.go
@@ -10,10 +10,10 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/apk"
 	"github.com/google/osv-scalibr/extractor/filesystem/os/dpkg"
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/scalibrextract"
-	"github.com/google/osv-scanner/internal/scalibrextract/language/osv/osvscannerjson"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 var lockfileExtractorMapping = map[string]string{
diff --git a/pkg/osvscanner/internal/scanners/walker.go b/pkg/osvscanner/internal/scanners/walker.go
index a44241eaa87..aa6afaab8c3 100644
--- a/pkg/osvscanner/internal/scanners/walker.go
+++ b/pkg/osvscanner/internal/scanners/walker.go
@@ -10,10 +10,10 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/format/gitignore"
 	"github.com/google/osv-scalibr/extractor"
 	"github.com/google/osv-scalibr/extractor/filesystem"
-	"github.com/google/osv-scanner/internal/customgitignore"
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/scalibrextract"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/customgitignore"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 // ScanDir walks through the given directory to try to find any relevant files
diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go
index 7b07038cf7e..fb9d99a335e 100644
--- a/pkg/osvscanner/osvscanner.go
+++ b/pkg/osvscanner/osvscanner.go
@@ -12,24 +12,24 @@ import (
 	scalibr "github.com/google/osv-scalibr"
 	"github.com/google/osv-scalibr/artifact/image/layerscanning/image"
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/baseimagematcher"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/licensematcher"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/localmatcher"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/osvmatcher"
-	"github.com/google/osv-scanner/internal/clients/clientinterfaces"
-	"github.com/google/osv-scanner/internal/config"
-	"github.com/google/osv-scanner/internal/datasource"
-	"github.com/google/osv-scanner/internal/depsdev"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/imodels/results"
-	"github.com/google/osv-scanner/internal/osvdev"
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/version"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/osvscanner/internal/imagehelpers"
-	"github.com/google/osv-scanner/pkg/osvscanner/internal/scanners"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/baseimagematcher"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/licensematcher"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/localmatcher"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/osvmatcher"
+	"github.com/google/osv-scanner/v2/internal/clients/clientinterfaces"
+	"github.com/google/osv-scanner/v2/internal/config"
+	"github.com/google/osv-scanner/v2/internal/datasource"
+	"github.com/google/osv-scanner/v2/internal/depsdev"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/imodels/results"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/version"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/osvscanner/internal/imagehelpers"
+	"github.com/google/osv-scanner/v2/pkg/osvscanner/internal/scanners"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 	"github.com/ossf/osv-schema/bindings/go/osvschema"
 )
 
diff --git a/pkg/osvscanner/purl_to_package.go b/pkg/osvscanner/purl_to_package.go
index 0a33dba9362..7f735f8ca14 100644
--- a/pkg/osvscanner/purl_to_package.go
+++ b/pkg/osvscanner/purl_to_package.go
@@ -1,7 +1,7 @@
 package osvscanner
 
 import (
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // PURLToPackage converts a Package URL string to models.PackageInfo
diff --git a/pkg/osvscanner/scan.go b/pkg/osvscanner/scan.go
index 34c482a47c2..10588e26763 100644
--- a/pkg/osvscanner/scan.go
+++ b/pkg/osvscanner/scan.go
@@ -2,10 +2,10 @@ package osvscanner
 
 import (
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/scalibrextract/ecosystemmock"
-	"github.com/google/osv-scanner/pkg/osvscanner/internal/scanners"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/ecosystemmock"
+	"github.com/google/osv-scanner/v2/pkg/osvscanner/internal/scanners"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 // scan essentially converts ScannerActions into PackageScanResult by performing the extractions
diff --git a/pkg/osvscanner/testmain_test.go b/pkg/osvscanner/testmain_test.go
index 3cc49baa591..d615ca18dee 100644
--- a/pkg/osvscanner/testmain_test.go
+++ b/pkg/osvscanner/testmain_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	"github.com/google/osv-scanner/internal/testutility"
+	"github.com/google/osv-scanner/v2/internal/testutility"
 )
 
 func TestMain(m *testing.M) {
diff --git a/pkg/osvscanner/vulnerability_result.go b/pkg/osvscanner/vulnerability_result.go
index 2e7fc716bd4..650fdf722a9 100644
--- a/pkg/osvscanner/vulnerability_result.go
+++ b/pkg/osvscanner/vulnerability_result.go
@@ -6,14 +6,14 @@ import (
 	"strings"
 
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/internal/grouper"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/imodels/results"
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/internal/sourceanalysis"
-	"github.com/google/osv-scanner/internal/spdx"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/grouper"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/imodels/results"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/internal/sourceanalysis"
+	"github.com/google/osv-scanner/v2/internal/spdx"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 // buildVulnerabilityResults takes the responses from the OSV API and the deps.dev API
diff --git a/pkg/osvscanner/vulnerability_result_internal_test.go b/pkg/osvscanner/vulnerability_result_internal_test.go
index dcd79fb088b..267b9ad10f9 100644
--- a/pkg/osvscanner/vulnerability_result_internal_test.go
+++ b/pkg/osvscanner/vulnerability_result_internal_test.go
@@ -4,13 +4,13 @@ import (
 	"testing"
 
 	"github.com/google/osv-scalibr/extractor"
-	"github.com/google/osv-scanner/internal/config"
-	"github.com/google/osv-scanner/internal/imodels"
-	"github.com/google/osv-scanner/internal/imodels/results"
-	"github.com/google/osv-scanner/internal/scalibrextract/ecosystemmock"
-	"github.com/google/osv-scanner/internal/testutility"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/internal/config"
+	"github.com/google/osv-scanner/v2/internal/imodels"
+	"github.com/google/osv-scanner/v2/internal/imodels/results"
+	"github.com/google/osv-scanner/v2/internal/scalibrextract/ecosystemmock"
+	"github.com/google/osv-scanner/v2/internal/testutility"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func Test_assembleResult(t *testing.T) {
diff --git a/pkg/reporter/cyclonedx.go b/pkg/reporter/cyclonedx.go
index f517eccfbae..13b30eba0c0 100644
--- a/pkg/reporter/cyclonedx.go
+++ b/pkg/reporter/cyclonedx.go
@@ -5,9 +5,9 @@ import (
 	"io"
 	"strings"
 
-	"github.com/google/osv-scanner/internal/output"
+	"github.com/google/osv-scanner/v2/internal/output"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type CycloneDXReporter struct {
diff --git a/pkg/reporter/cyclonedx_test.go b/pkg/reporter/cyclonedx_test.go
index ab675759256..3252906a889 100644
--- a/pkg/reporter/cyclonedx_test.go
+++ b/pkg/reporter/cyclonedx_test.go
@@ -5,8 +5,8 @@ import (
 	"io"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func TestCycloneDXReporter_Errorf(t *testing.T) {
diff --git a/pkg/reporter/format.go b/pkg/reporter/format.go
index 2178b0738c6..69490cb0ddc 100644
--- a/pkg/reporter/format.go
+++ b/pkg/reporter/format.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 var format = []string{"table", "html", "vertical", "json", "markdown", "sarif", "gh-annotations", "cyclonedx-1-4", "cyclonedx-1-5"}
diff --git a/pkg/reporter/format_test.go b/pkg/reporter/format_test.go
index eec141b424a..766f18f37b6 100644
--- a/pkg/reporter/format_test.go
+++ b/pkg/reporter/format_test.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func TestNew(t *testing.T) {
diff --git a/pkg/reporter/gh-annotations_reporter.go b/pkg/reporter/gh-annotations_reporter.go
index 7c813513a3a..ade66d56dba 100644
--- a/pkg/reporter/gh-annotations_reporter.go
+++ b/pkg/reporter/gh-annotations_reporter.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type GHAnnotationsReporter struct {
diff --git a/pkg/reporter/gh-annotations_reporter_test.go b/pkg/reporter/gh-annotations_reporter_test.go
index d95e4c3aea5..70eb3ee7ec9 100644
--- a/pkg/reporter/gh-annotations_reporter_test.go
+++ b/pkg/reporter/gh-annotations_reporter_test.go
@@ -5,7 +5,7 @@ import (
 	"io"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func TestGHAnnotationsReporter_Errorf(t *testing.T) {
diff --git a/pkg/reporter/html_reporter.go b/pkg/reporter/html_reporter.go
index a886be292ff..c6900cc6166 100644
--- a/pkg/reporter/html_reporter.go
+++ b/pkg/reporter/html_reporter.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type HTMLReporter struct {
diff --git a/pkg/reporter/json_reporter.go b/pkg/reporter/json_reporter.go
index b21a9b62831..07a404739ab 100644
--- a/pkg/reporter/json_reporter.go
+++ b/pkg/reporter/json_reporter.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // JSONReporter prints vulnerability results in JSON format to stdout. Runtime information
diff --git a/pkg/reporter/json_reporter_test.go b/pkg/reporter/json_reporter_test.go
index 868f530ebbe..659b710cacf 100644
--- a/pkg/reporter/json_reporter_test.go
+++ b/pkg/reporter/json_reporter_test.go
@@ -5,7 +5,7 @@ import (
 	"io"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func TestJSONReporter_Errorf(t *testing.T) {
diff --git a/pkg/reporter/reporter.go b/pkg/reporter/reporter.go
index 7b17b232282..b421c3134c4 100644
--- a/pkg/reporter/reporter.go
+++ b/pkg/reporter/reporter.go
@@ -1,7 +1,7 @@
 package reporter
 
 import (
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 // Reporter provides printing operations for vulnerability results and for runtime information (depending on the verbosity
diff --git a/pkg/reporter/sarif_reporter.go b/pkg/reporter/sarif_reporter.go
index 332d76bc3ee..f8394ab2684 100644
--- a/pkg/reporter/sarif_reporter.go
+++ b/pkg/reporter/sarif_reporter.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type SARIFReporter struct {
diff --git a/pkg/reporter/sarif_reporter_test.go b/pkg/reporter/sarif_reporter_test.go
index 443bf3fcbfb..d5c75e84350 100644
--- a/pkg/reporter/sarif_reporter_test.go
+++ b/pkg/reporter/sarif_reporter_test.go
@@ -5,7 +5,7 @@ import (
 	"io"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func TestSarifReporter_Errorf(t *testing.T) {
diff --git a/pkg/reporter/table_reporter.go b/pkg/reporter/table_reporter.go
index e4b5afb0f81..08691722838 100644
--- a/pkg/reporter/table_reporter.go
+++ b/pkg/reporter/table_reporter.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type TableReporter struct {
diff --git a/pkg/reporter/table_reporter_test.go b/pkg/reporter/table_reporter_test.go
index af07ab61857..2fd37c7242a 100644
--- a/pkg/reporter/table_reporter_test.go
+++ b/pkg/reporter/table_reporter_test.go
@@ -5,7 +5,7 @@ import (
 	"io"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func TestTableReporter_Errorf(t *testing.T) {
diff --git a/pkg/reporter/verbosity_test.go b/pkg/reporter/verbosity_test.go
index 0dfe96f0843..0f70482a95b 100644
--- a/pkg/reporter/verbosity_test.go
+++ b/pkg/reporter/verbosity_test.go
@@ -3,7 +3,7 @@ package reporter_test
 import (
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func TestParseVerbosityLevel_GivenValidLevels(t *testing.T) {
diff --git a/pkg/reporter/vertical_reporter.go b/pkg/reporter/vertical_reporter.go
index 755c9809f70..979c74af998 100644
--- a/pkg/reporter/vertical_reporter.go
+++ b/pkg/reporter/vertical_reporter.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/google/osv-scanner/internal/output"
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/internal/output"
+	"github.com/google/osv-scanner/v2/pkg/models"
 	"github.com/jedib0t/go-pretty/v6/text"
 )
 
diff --git a/pkg/reporter/vertical_reporter_test.go b/pkg/reporter/vertical_reporter_test.go
index 2c2c4ae4b9c..22cb34b755d 100644
--- a/pkg/reporter/vertical_reporter_test.go
+++ b/pkg/reporter/vertical_reporter_test.go
@@ -5,7 +5,7 @@ import (
 	"io"
 	"testing"
 
-	"github.com/google/osv-scanner/pkg/reporter"
+	"github.com/google/osv-scanner/v2/pkg/reporter"
 )
 
 func TestVerticalReporter_Errorf(t *testing.T) {
diff --git a/pkg/reporter/void_reporter.go b/pkg/reporter/void_reporter.go
index cdad2130fc5..e9845da4b03 100644
--- a/pkg/reporter/void_reporter.go
+++ b/pkg/reporter/void_reporter.go
@@ -1,7 +1,7 @@
 package reporter
 
 import (
-	"github.com/google/osv-scanner/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/models"
 )
 
 type VoidReporter struct {
diff --git a/scripts/generate_mock_resolution_universe/main.go b/scripts/generate_mock_resolution_universe/main.go
index b45b2fe979e..b504f91521e 100644
--- a/scripts/generate_mock_resolution_universe/main.go
+++ b/scripts/generate_mock_resolution_universe/main.go
@@ -23,22 +23,22 @@ import (
 	pb "deps.dev/api/v3"
 	"deps.dev/util/resolve"
 	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/internal/clients/clientimpl/osvmatcher"
-	"github.com/google/osv-scanner/internal/clients/clientinterfaces"
-	"github.com/google/osv-scanner/internal/depsdev"
-	"github.com/google/osv-scanner/internal/osvdev"
-	"github.com/google/osv-scanner/internal/remediation"
-	"github.com/google/osv-scanner/internal/remediation/upgrade"
-	"github.com/google/osv-scanner/internal/resolution"
-	"github.com/google/osv-scanner/internal/resolution/client"
-	"github.com/google/osv-scanner/internal/resolution/clienttest"
-	"github.com/google/osv-scanner/internal/resolution/lockfile"
-	"github.com/google/osv-scanner/internal/resolution/manifest"
-	"github.com/google/osv-scanner/internal/resolution/util"
-	"github.com/google/osv-scanner/internal/version"
-	lf "github.com/google/osv-scanner/pkg/lockfile"
-	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/osv"
+	"github.com/google/osv-scanner/v2/internal/clients/clientimpl/osvmatcher"
+	"github.com/google/osv-scanner/v2/internal/clients/clientinterfaces"
+	"github.com/google/osv-scanner/v2/internal/depsdev"
+	"github.com/google/osv-scanner/v2/internal/osvdev"
+	"github.com/google/osv-scanner/v2/internal/remediation"
+	"github.com/google/osv-scanner/v2/internal/remediation/upgrade"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/client"
+	"github.com/google/osv-scanner/v2/internal/resolution/clienttest"
+	"github.com/google/osv-scanner/v2/internal/resolution/lockfile"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/resolution/util"
+	"github.com/google/osv-scanner/v2/internal/version"
+	lf "github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
+	"github.com/google/osv-scanner/v2/pkg/osv"
 	"golang.org/x/exp/maps"
 	"golang.org/x/sync/errgroup"
 	"gopkg.in/yaml.v3"

From 882b2c1356885e3a9601d10742e057b5a92f619b Mon Sep 17 00:00:00 2001
From: Rex P <106129829+another-rex@users.noreply.github.com>
Date: Thu, 30 Jan 2025 11:50:15 +1100
Subject: [PATCH 3/6] docs: Update docs to point to latest (#1548)

And fix an incorrect flag.

We can safely use @latest because v2 module only has prereleases at the
moment, so latest will pick the latest prerelease.
---
 README.md            | 10 +++++-----
 docs/installation.md |  2 +-
 docs/scan-image.md   |  4 ++--
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 0d2d1577f32..9d6132d008d 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 [![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
 [![GitHub Release](https://img.shields.io/github/v/release/google/osv-scanner)](https://github.com/google/osv-scanner/releases)
 
-Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.  
+Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.
 OSV-Scanner provides an officially supported frontend to the [OSV database](https://osv.dev/) and CLI interface to [OSV-Scalibr](https://github.com/google/osv-scalibr) that connects a project’s list of dependencies with the vulnerabilities that affect them.
 
 OSV-Scanner supports a wide range of project types, package managers and features, including but not limited to:
@@ -37,8 +37,8 @@ The above all results in accurate and actionable vulnerability notifications, wh
 
 ## Basic installation
 
-To install OSV-Scanner, please refer to the [installation section](https://google.github.io/osv-scanner/installation) of our documentation. OSV-Scanner releases can be found on the [releases page](https://github.com/google/osv-scanner/releases) of the GitHub repository. The recommended method is to download a prebuilt binary for your platform. Alternatively, you can use  
-`go install github.com/google/osv-scanner/v2/cmd/osv-scanner@v2.0.0-beta1`.
+To install OSV-Scanner, please refer to the [installation section](https://google.github.io/osv-scanner/installation) of our documentation. OSV-Scanner releases can be found on the [releases page](https://github.com/google/osv-scanner/releases) of the GitHub repository. The recommended method is to download a prebuilt binary for your platform. Alternatively, you can use
+`go install github.com/google/osv-scanner/v2/cmd/osv-scanner@latest` to build it from source.
 
 ## Key Features
 
@@ -48,7 +48,7 @@ Please note: These are the instructions for the latest OSV-Scanner V2 beta. If y
 
 ### [Scanning a source directory](https://google.github.io/osv-scanner/usage)
 
-`osv-scanner scan source -r /path/to/your/dir`  
+`osv-scanner scan source -r /path/to/your/dir`
 This command will recursively scan the specified directory for any supported package files, such as `package.json`, `go.mod`, `pom.xml`, etc. and output any discovered vulnerabilities.
 
 OSV-Scanner has the option of using call analysis to determine if a vulnerable function is actually being used in the project, resulting in fewer false positives, and actionable alerts.
@@ -96,7 +96,7 @@ Scan your project against a local OSV database. No network connection is require
 
 ### [Guided Remediation](https://google.github.io/osv-scanner/experimental/guided-remediation/) (Experimental)
 
-OSV-Scanner provides guided remediation, a feature that suggests package version upgrades based on criteria such as dependency depth, minimum severity, fix strategy, and return on investment.  
+OSV-Scanner provides guided remediation, a feature that suggests package version upgrades based on criteria such as dependency depth, minimum severity, fix strategy, and return on investment.
 We currently support remediating vulnerabilities in the following files:
 
 | Ecosystem | File Format (Type)             | Supported Remediation Strategies                                                                                  |
diff --git a/docs/installation.md b/docs/installation.md
index e5b921998ff..71dab7ff266 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -74,7 +74,7 @@ pkg_add osv-scanner
 Alternatively, you can install this from source by running:
 
 ```bash
-go install github.com/google/osv-scanner/v2/cmd/osv-scanner@v2.0.0-beta1
+go install github.com/google/osv-scanner/v2/cmd/osv-scanner@latest
 ```
 
 This requires Go 1.23.5+ to be installed.
diff --git a/docs/scan-image.md b/docs/scan-image.md
index ee7a7341485..b5a6e91be22 100644
--- a/docs/scan-image.md
+++ b/docs/scan-image.md
@@ -46,10 +46,10 @@ You can scan container images using two primary methods:
 
    - **How it works:** OSV-Scanner uses `docker save` to export the image to a temporary archive, which is then analyzed. No container code is executed during the scan.
 
-2. **Scan from Exported Image Archive:** If you have already exported your container image as a Docker archive (`.tar` file), you can scan it directly using the `--local` flag. This method does not require Docker to be installed.
+2. **Scan from Exported Image Archive:** If you have already exported your container image as a Docker archive (`.tar` file), you can scan it directly using the `--archive` flag. This method does not require Docker to be installed.
 
    ```bash
-   osv-scanner scan image --local ./path/to/my-image.tar
+   osv-scanner scan image --archive ./path/to/my-image.tar
    ```
 
    - **How to create an image archive:** You can create an image archive using the following commands:

From c4543e9a051399c0a308441a16ba2a81e32247d9 Mon Sep 17 00:00:00 2001
From: Mend Renovate <bot@renovateapp.com>
Date: Thu, 30 Jan 2025 01:50:54 +0100
Subject: [PATCH 4/6] chore(deps): update workflows (#1533)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-go](https://redirect.github.com/actions/setup-go) |
action | minor | `v5.2.0` -> `v5.3.0` |
| [actions/setup-java](https://redirect.github.com/actions/setup-java) |
action | minor | `v4.6.0` -> `v4.7.0` |
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | minor | `v4.1.0` -> `v4.2.0` |
|
[actions/setup-python](https://redirect.github.com/actions/setup-python)
| action | minor | `v5.3.0` -> `v5.4.0` |
| [actions/stale](https://redirect.github.com/actions/stale) | action |
minor | `v9.0.0` -> `v9.1.0` |
|
[codecov/codecov-action](https://redirect.github.com/codecov/codecov-action)
| action | minor | `v5.1.2` -> `v5.3.1` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | patch | `v3.28.1` -> `v3.28.8` |
| [ruby/setup-ruby](https://redirect.github.com/ruby/setup-ruby) |
action | minor | `v1.213.0` -> `v1.214.0` |

---

### Release Notes

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.3.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.3.0)

[Compare
Source](https://redirect.github.com/actions/setup-go/compare/v5.2.0...v5.3.0)

##### What's Changed

- Use the new cache service: upgrade `@actions/cache` to `^4.0.0` by
[@&#8203;Link-](https://redirect.github.com/Link-) in
[https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531)
- Configure Dependabot settings by
[@&#8203;HarithaVattikuti](https://redirect.github.com/HarithaVattikuti)
in
[https://github.com/actions/setup-go/pull/530](https://redirect.github.com/actions/setup-go/pull/530)
- Document update - permission section by
[@&#8203;HarithaVattikuti](https://redirect.github.com/HarithaVattikuti)
in
[https://github.com/actions/setup-go/pull/533](https://redirect.github.com/actions/setup-go/pull/533)
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/setup-go/pull/534](https://redirect.github.com/actions/setup-go/pull/534)

##### New Contributors

- [@&#8203;Link-](https://redirect.github.com/Link-) made their first
contribution in
[https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531)

**Full Changelog**:
https://github.com/actions/setup-go/compare/v5...v5.3.0

</details>

<details>
<summary>actions/setup-java (actions/setup-java)</summary>

###
[`v4.7.0`](https://redirect.github.com/actions/setup-java/compare/v4.6.0...v4.7.0)

[Compare
Source](https://redirect.github.com/actions/setup-java/compare/v4.6.0...v4.7.0)

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v4.2.0`](https://redirect.github.com/actions/setup-node/compare/v4.1.0...v4.2.0)

[Compare
Source](https://redirect.github.com/actions/setup-node/compare/v4.1.0...v4.2.0)

</details>

<details>
<summary>actions/setup-python (actions/setup-python)</summary>

###
[`v5.4.0`](https://redirect.github.com/actions/setup-python/compare/v5.3.0...v5.4.0)

[Compare
Source](https://redirect.github.com/actions/setup-python/compare/v5.3.0...v5.4.0)

</details>

<details>
<summary>actions/stale (actions/stale)</summary>

###
[`v9.1.0`](https://redirect.github.com/actions/stale/releases/tag/v9.1.0)

[Compare
Source](https://redirect.github.com/actions/stale/compare/v9.0.0...v9.1.0)

#### What's Changed

- Documentation update by
[@&#8203;Marukome0743](https://redirect.github.com/Marukome0743) in
[https://github.com/actions/stale/pull/1116](https://redirect.github.com/actions/stale/pull/1116)
- Add workflow file for publishing releases to immutable action package
by [@&#8203;Jcambass](https://redirect.github.com/Jcambass) in
[https://github.com/actions/stale/pull/1179](https://redirect.github.com/actions/stale/pull/1179)
- Update undici from 5.28.2 to 5.28.4 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/stale/pull/1150](https://redirect.github.com/actions/stale/pull/1150)
- Update actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/stale/pull/1091](https://redirect.github.com/actions/stale/pull/1091)
- Update actions/publish-action from 0.2.2 to 0.3.0 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/stale/pull/1147](https://redirect.github.com/actions/stale/pull/1147)
- Update ts-jest from 29.1.1 to 29.2.5 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/stale/pull/1175](https://redirect.github.com/actions/stale/pull/1175)
- Update
[@&#8203;actions/core](https://redirect.github.com/actions/core) from
1.10.1 to 1.11.1 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/stale/pull/1191](https://redirect.github.com/actions/stale/pull/1191)
- Update [@&#8203;types/jest](https://redirect.github.com/types/jest)
from 29.5.11 to 29.5.14 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/stale/pull/1193](https://redirect.github.com/actions/stale/pull/1193)
- Update
[@&#8203;actions/cache](https://redirect.github.com/actions/cache) from
3.2.2 to 4.0.0 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/stale/pull/1194](https://redirect.github.com/actions/stale/pull/1194)

#### New Contributors

- [@&#8203;Marukome0743](https://redirect.github.com/Marukome0743) made
their first contribution in
[https://github.com/actions/stale/pull/1116](https://redirect.github.com/actions/stale/pull/1116)
- [@&#8203;Jcambass](https://redirect.github.com/Jcambass) made their
first contribution in
[https://github.com/actions/stale/pull/1179](https://redirect.github.com/actions/stale/pull/1179)

**Full Changelog**: https://github.com/actions/stale/compare/v9...v9.1.0

</details>

<details>
<summary>codecov/codecov-action (codecov/codecov-action)</summary>

###
[`v5.3.1`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v531)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.3.0...v5.3.1)

##### What's Changed

**Full Changelog**:
https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1

###
[`v5.3.0`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v530)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.2.0...v5.3.0)

##### What's Changed

**Full Changelog**:
https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0

###
[`v5.2.0`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v520)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.1.2...v5.2.0)

##### What's Changed

- Fix typo in README by
[@&#8203;tserg](https://redirect.github.com/tserg) in
[https://github.com/codecov/codecov-action/pull/1747](https://redirect.github.com/codecov/codecov-action/pull/1747)
- Th/add commands by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[https://github.com/codecov/codecov-action/pull/1745](https://redirect.github.com/codecov/codecov-action/pull/1745)
- use correct audience when requesting oidc token by
[@&#8203;juho9000](https://redirect.github.com/juho9000) in
[https://github.com/codecov/codecov-action/pull/1744](https://redirect.github.com/codecov/codecov-action/pull/1744)
- build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[https://github.com/codecov/codecov-action/pull/1742](https://redirect.github.com/codecov/codecov-action/pull/1742)
- build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[https://github.com/codecov/codecov-action/pull/1743](https://redirect.github.com/codecov/codecov-action/pull/1743)
- chore(deps): bump wrapper to 0.0.32 by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[https://github.com/codecov/codecov-action/pull/1740](https://redirect.github.com/codecov/codecov-action/pull/1740)
- feat: add disable-telem feature by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[https://github.com/codecov/codecov-action/pull/1739](https://redirect.github.com/codecov/codecov-action/pull/1739)
- fix: remove erroneous linebreak in readme by
[@&#8203;Vampire](https://redirect.github.com/Vampire) in
[https://github.com/codecov/codecov-action/pull/1734](https://redirect.github.com/codecov/codecov-action/pull/1734)

**Full Changelog**:
https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.28.8`](https://redirect.github.com/github/codeql-action/compare/v3.28.7...v3.28.8)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.7...v3.28.8)

###
[`v3.28.7`](https://redirect.github.com/github/codeql-action/compare/v3.28.6...v3.28.7)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.6...v3.28.7)

###
[`v3.28.6`](https://redirect.github.com/github/codeql-action/compare/v3.28.5...v3.28.6)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.5...v3.28.6)

###
[`v3.28.5`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.5)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.4...v3.28.5)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 3.28.5 - 24 Jan 2025

- Update default CodeQL bundle version to 2.20.3.
[#&#8203;2717](https://redirect.github.com/github/codeql-action/pull/2717)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.5/CHANGELOG.md)
for more information.

###
[`v3.28.4`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.4)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.3...v3.28.4)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 3.28.4 - 23 Jan 2025

No user facing changes.

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.4/CHANGELOG.md)
for more information.

###
[`v3.28.3`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.3)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.2...v3.28.3)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 3.28.3 - 22 Jan 2025

- Update default CodeQL bundle version to 2.20.2.
[#&#8203;2707](https://redirect.github.com/github/codeql-action/pull/2707)
- Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the [CodeQL Action sync
tool](https://redirect.github.com/github/codeql-action-sync-tool) and
the Actions runner did not have Zstandard installed.
[#&#8203;2710](https://redirect.github.com/github/codeql-action/pull/2710)
- Uploading debug artifacts for CodeQL analysis is temporarily disabled.
[#&#8203;2712](https://redirect.github.com/github/codeql-action/pull/2712)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.3/CHANGELOG.md)
for more information.

###
[`v3.28.2`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.2)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.1...v3.28.2)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 3.28.2 - 21 Jan 2025

No user facing changes.

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.2/CHANGELOG.md)
for more information.

</details>

<details>
<summary>ruby/setup-ruby (ruby/setup-ruby)</summary>

###
[`v1.214.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.214.0)

[Compare
Source](https://redirect.github.com/ruby/setup-ruby/compare/v1.213.0...v1.214.0)

#### What's Changed

- Add jruby-9.4.10.0 by
[@&#8203;ruby-builder-bot](https://redirect.github.com/ruby-builder-bot)
in
[https://github.com/ruby/setup-ruby/pull/697](https://redirect.github.com/ruby/setup-ruby/pull/697)
- Add truffleruby-24.1.2,truffleruby+graalvm-24.1.2 by
[@&#8203;ruby-builder-bot](https://redirect.github.com/ruby-builder-bot)
in
[https://github.com/ruby/setup-ruby/pull/698](https://redirect.github.com/ruby/setup-ruby/pull/698)

**Full Changelog**:
https://github.com/ruby/setup-ruby/compare/v1.213.0...v1.214.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMjUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjEyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
---
 .github/workflows/checks.yml                  |  4 ++--
 .github/workflows/codeql-analysis.yml         |  8 ++++----
 .github/workflows/goreleaser.yml              |  2 +-
 .github/workflows/osv-scanner-reusable-pr.yml |  2 +-
 .github/workflows/osv-scanner-reusable.yml    |  2 +-
 .github/workflows/prerelease-check.yml        |  6 +++---
 .github/workflows/renovate-validator.yml      |  2 +-
 .github/workflows/scorecards.yml              |  2 +-
 .github/workflows/semantic.yml                | 12 ++++++------
 .github/workflows/staleness.yml               |  2 +-
 .github/workflows/test-action/action.yml      |  2 +-
 11 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 6fe9333a90f..c21bef762bf 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -64,7 +64,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Set up Go
-        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version: stable
           check-latest: true
@@ -106,7 +106,7 @@ jobs:
           name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }}
           path: internal/image/fixtures/
       - name: Set up Go
-        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version: stable
           check-latest: true
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 3cf835d2bab..66070922e1c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -43,12 +43,12 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       # Update go to the latest version to support minor go versions is go.mod file
       - name: Install Go
-        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version-file: go.mod
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index 4265da3dcff..1106ce1035e 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version: stable
           check-latest: true
diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml
index f08296a1d38..bcf39b3e3a6 100644
--- a/.github/workflows/osv-scanner-reusable-pr.yml
+++ b/.github/workflows/osv-scanner-reusable-pr.yml
@@ -108,6 +108,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: ${{ !cancelled() && inputs.upload-sarif == true }}
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: ${{ inputs.results-file-name }}
diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml
index cab5210cdcd..b298a9af0cd 100644
--- a/.github/workflows/osv-scanner-reusable.yml
+++ b/.github/workflows/osv-scanner-reusable.yml
@@ -91,6 +91,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: "${{ !cancelled() && inputs.upload-sarif == true }}"
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: ${{ inputs.results-file-name }}
diff --git a/.github/workflows/prerelease-check.yml b/.github/workflows/prerelease-check.yml
index 2cab7a8c557..ec8e8f62dd2 100644
--- a/.github/workflows/prerelease-check.yml
+++ b/.github/workflows/prerelease-check.yml
@@ -54,7 +54,7 @@ jobs:
           persist-credentials: false
           ref: ${{ inputs.commit }}
       - name: Set up Go
-        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version: stable
           check-latest: true
@@ -97,7 +97,7 @@ jobs:
           name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }}
           path: internal/image/fixtures/
       - name: Set up Go
-        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version: stable
           check-latest: true
@@ -117,7 +117,7 @@ jobs:
           persist-credentials: false
           ref: ${{ inputs.commit }}
       - name: Set up Go
-        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version: stable
           check-latest: true
diff --git a/.github/workflows/renovate-validator.yml b/.github/workflows/renovate-validator.yml
index 08a9a94db9c..7f8406db766 100644
--- a/.github/workflows/renovate-validator.yml
+++ b/.github/workflows/renovate-validator.yml
@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Nodes.js
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: latest
 
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index ce01c3863cd..9dd8830d09f 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -68,6 +68,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml
index 5a6969bf935..4ae9b55bdb5 100644
--- a/.github/workflows/semantic.yml
+++ b/.github/workflows/semantic.yml
@@ -42,7 +42,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version: "3.10"
       - run: dpkg --version
@@ -74,7 +74,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version: "3.10"
       - run: sudo apt install rpm
@@ -119,7 +119,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version: "3.10"
       - name: setup dependencies
@@ -139,7 +139,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+      - uses: ruby/setup-ruby@1287d2b408066abada82d5ad1c63652e758428d9 # v1.214.0
         with:
           ruby-version: "3.1"
       - name: setup dependencies
@@ -159,7 +159,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+      - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
         with:
           java-version: 17
           distribution: oracle
@@ -212,7 +212,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version: stable
           cache: true
diff --git a/.github/workflows/staleness.yml b/.github/workflows/staleness.yml
index 5b81f4ad008..7238f1fba13 100644
--- a/.github/workflows/staleness.yml
+++ b/.github/workflows/staleness.yml
@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
         with:
           days-before-stale: 60
           days-before-close: 14
diff --git a/.github/workflows/test-action/action.yml b/.github/workflows/test-action/action.yml
index ed41f9b2593..72ab2ac4adc 100644
--- a/.github/workflows/test-action/action.yml
+++ b/.github/workflows/test-action/action.yml
@@ -32,7 +32,7 @@ runs:
       # codecov is currently being flakey on macOS
       # https://github.com/codecov/codecov-action/issues/1416
       if: ${{ runner.os != 'macOS' }}
-      uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
+      uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1
       with:
         token: ${{ inputs.codecov_token }}
         fail_ci_if_error: true

From d8d794b48a7b0a390a9407ad2e8e551a11e5899b Mon Sep 17 00:00:00 2001
From: Michael Kedar <michaelkedar@google.com>
Date: Thu, 30 Jan 2025 14:09:07 +1100
Subject: [PATCH 5/6] fix(guided remediation): reduce memory footprint by
 computing dependency subgraphs instead of chains (#1538)

Guided remediation had been using `DependencyChains` to track paths to a
vulnerable package (for computing things like depth and which direct
dependencies to relax). It was computing *every* possible path in the
graph to a dependency, which grows roughly exponentially with depth /
connectivity. This was using an unreasonable amount of memory on some
particularly large/complex projects.

I've changed the logic to instead compute one `DependencySubgraph` - the
set of nodes and edges that would contain every path to a dependency.
This should significantly reduce memory usage (and cpu usage from
allocs) when running on larger projects.

This change has touched quite a few places in the code, and the logic is
a bit complex. I've tried my best to check that everything still behaves
as expected.
---
 cmd/osv-scanner/fix/noninteractive.go         |    4 +-
 internal/remediation/in_place.go              |   21 +-
 internal/remediation/in_place_test.go         |    7 +-
 internal/remediation/override.go              |   39 +-
 internal/remediation/relax.go                 |   19 +-
 internal/remediation/remediation.go           |   14 +-
 internal/remediation/remediation_test.go      |   55 +-
 internal/remediation/testhelpers_test.go      |    7 +-
 .../__snapshots__/resolve_test.snap           | 1594 +++++++++++++----
 internal/resolution/dependency_chain.go       |  137 --
 internal/resolution/dependency_subgraph.go    |  246 +++
 .../resolution/dependency_subgraph_test.go    |  335 ++++
 internal/resolution/resolve.go                |   40 +-
 internal/resolution/resolve_test.go           |   20 +-
 internal/tui/dependency-graph.go              |  117 +-
 internal/tui/vuln-info.go                     |    4 +-
 16 files changed, 2008 insertions(+), 651 deletions(-)
 delete mode 100644 internal/resolution/dependency_chain.go
 create mode 100644 internal/resolution/dependency_subgraph.go
 create mode 100644 internal/resolution/dependency_subgraph_test.go

diff --git a/cmd/osv-scanner/fix/noninteractive.go b/cmd/osv-scanner/fix/noninteractive.go
index 9e08c2b806d..5ca0367606d 100644
--- a/cmd/osv-scanner/fix/noninteractive.go
+++ b/cmd/osv-scanner/fix/noninteractive.go
@@ -418,8 +418,8 @@ func makeResultVuln(vuln resolution.Vulnerability) vulnOutput {
 	}
 
 	affected := make(map[packageOutput]struct{})
-	for _, c := range append(vuln.ProblemChains, vuln.NonProblemChains...) {
-		vk, _ := c.End()
+	for _, sg := range vuln.Subgraphs {
+		vk := sg.Nodes[sg.Dependency].Version
 		affected[packageOutput{Name: vk.Name, Version: vk.Version}] = struct{}{}
 	}
 	v.Packages = maps.Keys(affected)
diff --git a/internal/remediation/in_place.go b/internal/remediation/in_place.go
index f520eb5d271..147994d592c 100644
--- a/internal/remediation/in_place.go
+++ b/internal/remediation/in_place.go
@@ -117,9 +117,10 @@ func ComputeInPlacePatches(ctx context.Context, cl client.ResolutionClient, grap
 	for vk, vulns := range res.vkVulns {
 		reqVers := make(map[string]struct{})
 		for _, vuln := range vulns {
-			for _, c := range vuln.ProblemChains {
-				_, req := c.End()
-				reqVers[req] = struct{}{}
+			for _, sg := range vuln.Subgraphs {
+				for _, e := range sg.Nodes[sg.Dependency].Parents {
+					reqVers[e.Requirement] = struct{}{}
+				}
 			}
 		}
 		set, err := buildConstraintSet(vk.Semver(), maps.Keys(reqVers))
@@ -268,24 +269,22 @@ func inPlaceVulnsNodes(ctx context.Context, m clientinterfaces.VulnerabilityMatc
 			nodeIDs = append(nodeIDs, resolve.NodeID(nID))
 		}
 	}
-	nodeChains := resolution.ComputeChains(graph, nodeIDs)
-	// Computing ALL chains might be overkill...
-	// We only actually care about the shortest chain, the unique dependents of the vulnerable node, and maybe the unique direct dependencies.
+	nodeSubgraphs := resolution.ComputeSubgraphs(graph, nodeIDs)
 
 	for i, nID := range nodeIDs {
-		chains := nodeChains[i]
 		vk := graph.Nodes[nID].Version
 		result.vkNodes[vk] = append(result.vkNodes[vk], nID)
 		for _, vuln := range nodeVulns[nID] {
 			resVuln := resolution.Vulnerability{
-				OSV:           *vuln,
-				ProblemChains: slices.Clone(chains),
-				DevOnly:       !slices.ContainsFunc(chains, func(dc resolution.DependencyChain) bool { return !resolution.ChainIsDev(dc, nil) }),
+				OSV:       *vuln,
+				Subgraphs: []*resolution.DependencySubgraph{nodeSubgraphs[i]},
+				DevOnly:   nodeSubgraphs[i].IsDevOnly(nil),
 			}
 			idx := slices.IndexFunc(result.vkVulns[vk], func(rv resolution.Vulnerability) bool { return rv.OSV.ID == resVuln.OSV.ID })
 			if idx >= 0 {
-				result.vkVulns[vk][idx].ProblemChains = append(result.vkVulns[vk][idx].ProblemChains, resVuln.ProblemChains...)
 				result.vkVulns[vk][idx].DevOnly = result.vkVulns[vk][idx].DevOnly && resVuln.DevOnly
+
+				result.vkVulns[vk][idx].Subgraphs = append(result.vkVulns[vk][idx].Subgraphs, resVuln.Subgraphs...)
 			} else {
 				result.vkVulns[vk] = append(result.vkVulns[vk], resVuln)
 			}
diff --git a/internal/remediation/in_place_test.go b/internal/remediation/in_place_test.go
index 2bf4e0a897f..cb8379a7be7 100644
--- a/internal/remediation/in_place_test.go
+++ b/internal/remediation/in_place_test.go
@@ -53,11 +53,8 @@ func checkInPlaceResults(t *testing.T, res remediation.InPlaceResult) {
 	toMinimalVuln := func(v resolution.Vulnerability) minimalVuln {
 		t.Helper()
 		nodes := make(map[resolve.NodeID]struct{})
-		for _, c := range v.ProblemChains {
-			nodes[c.Edges[0].To] = struct{}{}
-		}
-		for _, c := range v.NonProblemChains {
-			nodes[c.Edges[0].To] = struct{}{}
+		for _, sg := range v.Subgraphs {
+			nodes[sg.Dependency] = struct{}{}
 		}
 		sortedNodes := maps.Keys(nodes)
 		slices.Sort(sortedNodes)
diff --git a/internal/remediation/override.go b/internal/remediation/override.go
index b24613e3657..41c7931bad9 100644
--- a/internal/remediation/override.go
+++ b/internal/remediation/override.go
@@ -131,31 +131,20 @@ func overridePatchVulns(ctx context.Context, cl client.ResolutionClient, result
 			// Keep track of VersionKeys we've seen for this vuln to avoid duplicates.
 			// Usually, there will only be one VersionKey per vuln, but some vulns affect multiple packages.
 			seenVKs := make(map[resolve.VersionKey]struct{})
-			// Use the DependencyChains to find all the affected nodes.
-			for _, c := range v.ProblemChains {
-				// Currently, there is no way to know if a specific classifier or type exists for a given version with deps.dev.
-				// Blindly updating versions can lead to compilation failures if the artifact+version+classifier+type doesn't exist.
-				// We can't reliably attempt remediation in these cases, so don't try.
-				// TODO: query Maven registry for existence of classifiers in getVersionsGreater
-				typ := c.Edges[0].Type
-				if typ.HasAttr(dep.MavenClassifier) || typ.HasAttr(dep.MavenArtifactType) {
-					return nil, nil, fmt.Errorf("%w: cannot fix vulns in artifacts with classifier or type", errOverrideImpossible)
-				}
-				vk, _ := c.End()
-				if _, seen := seenVKs[vk]; !seen {
-					vkVulns[vk] = append(vkVulns[vk], &result.Vulns[i])
-					seenVKs[vk] = struct{}{}
-				}
-			}
-			for _, c := range v.NonProblemChains {
-				typ := c.Edges[0].Type
-				if typ.HasAttr(dep.MavenClassifier) || typ.HasAttr(dep.MavenArtifactType) {
-					return nil, nil, fmt.Errorf("%w: cannot fix vulns in artifacts with classifier or type", errOverrideImpossible)
-				}
-				vk, _ := c.End()
-				if _, seen := seenVKs[vk]; !seen {
-					vkVulns[vk] = append(vkVulns[vk], &result.Vulns[i])
-					seenVKs[vk] = struct{}{}
+			// Use the Subgraphs to find all the affected nodes.
+			for _, sg := range v.Subgraphs {
+				for _, e := range sg.Nodes[sg.Dependency].Parents {
+					// Currently, there is no way to know if a specific classifier or type exists for a given version with deps.dev.
+					// Blindly updating versions can lead to compilation failures if the artifact+version+classifier+type doesn't exist.
+					// We can't reliably attempt remediation in these cases, so don't try.
+					if e.Type.HasAttr(dep.MavenClassifier) || e.Type.HasAttr(dep.MavenArtifactType) {
+						return nil, nil, fmt.Errorf("%w: cannot fix vulns in artifacts with classifier or type", errOverrideImpossible)
+					}
+					vk := sg.Nodes[sg.Dependency].Version
+					if _, seen := seenVKs[vk]; !seen {
+						vkVulns[vk] = append(vkVulns[vk], &result.Vulns[i])
+						seenVKs[vk] = struct{}{}
+					}
 				}
 			}
 		}
diff --git a/internal/remediation/relax.go b/internal/remediation/relax.go
index 99bbba80ef8..e88a7609438 100644
--- a/internal/remediation/relax.go
+++ b/internal/remediation/relax.go
@@ -87,7 +87,7 @@ func tryRelaxRemediate(
 	}
 
 	newRes := orig
-	toRelax := reqsToRelax(newRes, vulnIDs, opts)
+	toRelax := reqsToRelax(ctx, cl, newRes, vulnIDs, opts)
 	for len(toRelax) > 0 {
 		// Try relaxing all necessary requirements
 		manif := newRes.Manifest.Clone()
@@ -109,24 +109,27 @@ func tryRelaxRemediate(
 		if err != nil {
 			return nil, err
 		}
-		toRelax = reqsToRelax(newRes, vulnIDs, opts)
+		toRelax = reqsToRelax(ctx, cl, newRes, vulnIDs, opts)
 	}
 
 	return newRes, nil
 }
 
-func reqsToRelax(res *resolution.Result, vulnIDs []string, opts Options) []int {
+func reqsToRelax(ctx context.Context, cl resolve.Client, res *resolution.Result, vulnIDs []string, opts Options) []int {
 	toRelax := make(map[resolve.VersionKey]string)
 	for _, v := range res.Vulns {
 		// Don't do a full opts.MatchVuln() since we know we don't need to check every condition
 		if !slices.Contains(vulnIDs, v.OSV.ID) || (!opts.DevDeps && v.DevOnly) {
 			continue
 		}
-		// Only relax dependencies if their chain length is less than MaxDepth
-		for _, ch := range v.ProblemChains {
-			if opts.MaxDepth <= 0 || len(ch.Edges) <= opts.MaxDepth {
-				vk, req := ch.Direct()
-				toRelax[vk] = req
+		// Only relax dependencies if their distance is less than MaxDepth
+		for _, sg := range v.Subgraphs {
+			constr := sg.ConstrainingSubgraph(ctx, cl, &v.OSV)
+			for _, edge := range constr.Nodes[0].Children {
+				gNode := constr.Nodes[edge.To]
+				if opts.MaxDepth <= 0 || gNode.Distance+1 <= opts.MaxDepth {
+					toRelax[gNode.Version] = edge.Requirement
+				}
 			}
 		}
 	}
diff --git a/internal/remediation/remediation.go b/internal/remediation/remediation.go
index 810fb1e8f7e..6244f40d63d 100644
--- a/internal/remediation/remediation.go
+++ b/internal/remediation/remediation.go
@@ -102,18 +102,8 @@ func (opts Options) matchDepth(v resolution.Vulnerability) bool {
 		return true
 	}
 
-	if len(v.ProblemChains)+len(v.NonProblemChains) == 0 {
-		panic("vulnerability with no dependency chains")
-	}
-
-	for _, ch := range v.ProblemChains {
-		if len(ch.Edges) <= opts.MaxDepth {
-			return true
-		}
-	}
-
-	for _, ch := range v.NonProblemChains {
-		if len(ch.Edges) <= opts.MaxDepth {
+	for _, sg := range v.Subgraphs {
+		if sg.Nodes[0].Distance <= opts.MaxDepth {
 			return true
 		}
 	}
diff --git a/internal/remediation/remediation_test.go b/internal/remediation/remediation_test.go
index 2116a1c9349..b435554ee06 100644
--- a/internal/remediation/remediation_test.go
+++ b/internal/remediation/remediation_test.go
@@ -23,8 +23,30 @@ func TestMatchVuln(t *testing.T) {
 				Aliases: []string{"CVE-111", "OSV-2"},
 			},
 			DevOnly: false,
-			ProblemChains: []resolution.DependencyChain{{
-				Edges: []resolve.Edge{{From: 2, To: 3}, {From: 1, To: 2}, {From: 0, To: 1}},
+			Subgraphs: []*resolution.DependencySubgraph{{
+				Dependency: 3,
+				Nodes: map[resolve.NodeID]resolution.GraphNode{
+					3: {
+						Distance: 0,
+						Parents:  []resolve.Edge{{From: 2, To: 3}},
+						Children: []resolve.Edge{},
+					},
+					2: {
+						Distance: 1,
+						Parents:  []resolve.Edge{{From: 1, To: 2}},
+						Children: []resolve.Edge{{From: 2, To: 3}},
+					},
+					1: {
+						Distance: 2,
+						Parents:  []resolve.Edge{{From: 0, To: 1}},
+						Children: []resolve.Edge{{From: 1, To: 2}},
+					},
+					0: {
+						Distance: 3,
+						Parents:  []resolve.Edge{},
+						Children: []resolve.Edge{{From: 0, To: 1}},
+					},
+				},
 			}},
 		}
 		// ID: VULN-002, Dev: true, Severity: N/A, Depth: 2
@@ -34,11 +56,30 @@ func TestMatchVuln(t *testing.T) {
 				// No severity
 			},
 			DevOnly: true,
-			ProblemChains: []resolution.DependencyChain{{
-				Edges: []resolve.Edge{{From: 2, To: 3}, {From: 1, To: 2}, {From: 0, To: 1}},
-			}},
-			NonProblemChains: []resolution.DependencyChain{{
-				Edges: []resolve.Edge{{From: 1, To: 3}, {From: 0, To: 1}},
+			Subgraphs: []*resolution.DependencySubgraph{{
+				Dependency: 3,
+				Nodes: map[resolve.NodeID]resolution.GraphNode{
+					3: {
+						Distance: 0,
+						Parents:  []resolve.Edge{{From: 2, To: 3}, {From: 1, To: 3}},
+						Children: []resolve.Edge{},
+					},
+					2: {
+						Distance: 1,
+						Parents:  []resolve.Edge{{From: 1, To: 2}},
+						Children: []resolve.Edge{{From: 2, To: 3}},
+					},
+					1: {
+						Distance: 1,
+						Parents:  []resolve.Edge{{From: 0, To: 1}},
+						Children: []resolve.Edge{{From: 1, To: 2}, {From: 1, To: 3}},
+					},
+					0: {
+						Distance: 2,
+						Parents:  []resolve.Edge{},
+						Children: []resolve.Edge{{From: 0, To: 1}},
+					},
+				},
 			}},
 		}
 	)
diff --git a/internal/remediation/testhelpers_test.go b/internal/remediation/testhelpers_test.go
index a70f68bd71e..770d811cb3b 100644
--- a/internal/remediation/testhelpers_test.go
+++ b/internal/remediation/testhelpers_test.go
@@ -58,11 +58,8 @@ func checkRemediationResults(t *testing.T, res []resolution.Difference) {
 	toMinimalVuln := func(v resolution.Vulnerability) minimalVuln {
 		t.Helper()
 		nodes := make(map[resolve.NodeID]struct{})
-		for _, c := range v.ProblemChains {
-			nodes[c.Edges[0].To] = struct{}{}
-		}
-		for _, c := range v.NonProblemChains {
-			nodes[c.Edges[0].To] = struct{}{}
+		for _, sg := range v.Subgraphs {
+			nodes[sg.Dependency] = struct{}{}
 		}
 		sortedNodes := maps.Keys(nodes)
 		slices.Sort(sortedNodes)
diff --git a/internal/resolution/__snapshots__/resolve_test.snap b/internal/resolution/__snapshots__/resolve_test.snap
index cf4b7406c8c..00593827a46 100755
--- a/internal/resolution/__snapshots__/resolve_test.snap
+++ b/internal/resolution/__snapshots__/resolve_test.snap
@@ -16,101 +16,279 @@ complex 9.9.9
   {
     "ID": "CMPLX-0000-0000",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 1,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "complex",
+              "VersionType": 1,
+              "Version": "9.9.9"
+            },
+            "Distance": 1,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "alice",
+              "VersionType": 1,
+              "Version": "1.0.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   },
   {
     "ID": "CMPLX-1000-0000",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 0,
-          "To": 2,
-          "Requirement": "2.2.2",
-          "Type": {}
-        }
-      ],
-      [
-        {
-          "From": 1,
-          "To": 2,
-          "Requirement": "^2.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        }
-      ],
-      [
-        {
-          "From": 3,
-          "To": 2,
-          "Requirement": "^2.2.2",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 3,
-          "Requirement": "~3.3.3",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 2,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "complex",
+              "VersionType": 1,
+              "Version": "9.9.9"
+            },
+            "Distance": 1,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "2.2.2",
+                "Type": {}
+              },
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 0,
+                "To": 3,
+                "Requirement": "~3.3.3",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "alice",
+              "VersionType": 1,
+              "Version": "1.0.1"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 1,
+                "To": 2,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "bob",
+              "VersionType": 1,
+              "Version": "2.2.2"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "2.2.2",
+                "Type": {}
+              },
+              {
+                "From": 1,
+                "To": 2,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              },
+              {
+                "From": 3,
+                "To": 2,
+                "Requirement": "^2.2.2",
+                "Type": {}
+              },
+              {
+                "From": 4,
+                "To": 2,
+                "Requirement": "^2.0.1",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          },
+          "3": {
+            "Version": {
+              "System": 3,
+              "Name": "dave",
+              "VersionType": 1,
+              "Version": "3.3.3"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 3,
+                "Requirement": "~3.3.3",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 3,
+                "To": 2,
+                "Requirement": "^2.2.2",
+                "Type": {}
+              },
+              {
+                "From": 3,
+                "To": 4,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "4": {
+            "Version": {
+              "System": 3,
+              "Name": "chuck",
+              "VersionType": 1,
+              "Version": "2.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 3,
+                "To": 4,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 4,
+                "To": 2,
+                "Requirement": "^2.0.1",
+                "Type": {}
+              }
+            ]
+          }
         }
-      ],
-      [
-        {
-          "From": 4,
-          "To": 2,
-          "Requirement": "^2.0.1",
-          "Type": {}
-        },
-        {
-          "From": 3,
-          "To": 4,
-          "Requirement": "^2.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 3,
-          "Requirement": "~3.3.3",
-          "Type": {}
-        }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   },
   {
     "ID": "CMPLX-2000-0000",
     "DevOnly": true,
-    "ProblemChains": [
-      [
-        {
-          "From": 3,
-          "To": 4,
-          "Requirement": "^2.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 3,
-          "Requirement": "~3.3.3",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 4,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "complex",
+              "VersionType": 1,
+              "Version": "9.9.9"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 3,
+                "Requirement": "~3.3.3",
+                "Type": {}
+              }
+            ]
+          },
+          "3": {
+            "Version": {
+              "System": 3,
+              "Name": "dave",
+              "VersionType": 1,
+              "Version": "3.3.3"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 3,
+                "Requirement": "~3.3.3",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 3,
+                "To": 4,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "4": {
+            "Version": {
+              "System": 3,
+              "Name": "chuck",
+              "VersionType": 1,
+              "Version": "2.0.0"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 3,
+                "To": 4,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   }
 ]
 ---
@@ -131,57 +309,148 @@ diamond 1.0.0
   {
     "ID": "DIA-000-000",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 1,
-          "To": 3,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        }
-      ],
-      [
-        {
-          "From": 2,
-          "To": 3,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 2,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        }
-      ],
-      [
-        {
-          "From": 4,
-          "To": 3,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 2,
-          "To": 4,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 2,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 3,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "diamond",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "pkg",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 1,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "dep-one",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 2,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 2,
+                "To": 4,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "3": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 1,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 2,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 4,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          },
+          "4": {
+            "Version": {
+              "System": 3,
+              "Name": "dep-two",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 2,
+                "To": 4,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 4,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   }
 ]
 ---
@@ -199,52 +468,187 @@ different-pkgs 3.0.0
   {
     "ID": "OSV-000-000",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 2,
-          "To": 3,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 2,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 3,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "different-pkgs",
+              "VersionType": 1,
+              "Version": "3.0.0"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 2,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "3": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 2,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   },
   {
     "ID": "OSV-000-001",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 1,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "different-pkgs",
+              "VersionType": 1,
+              "Version": "3.0.0"
+            },
+            "Distance": 1,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "bad2",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ],
-      [
-        {
-          "From": 2,
-          "To": 3,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 2,
-          "Requirement": "^1.0.0",
-          "Type": {}
+      },
+      {
+        "Dependency": 3,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "different-pkgs",
+              "VersionType": 1,
+              "Version": "3.0.0"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 2,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "3": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 2,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   }
 ]
 ---
@@ -260,17 +664,49 @@ direct 1.0.0
   {
     "ID": "OSV-000-001",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^2.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 1,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "direct",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "2.2.2"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   }
 ]
 ---
@@ -290,74 +726,294 @@ duplicates 1.1.1
   {
     "ID": "OSV-000-000",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 1,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "duplicates",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 1,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ],
-      [
-        {
-          "From": 3,
-          "To": 5,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 3,
-          "Requirement": "^1.0.0",
-          "Type": {}
+      },
+      {
+        "Dependency": 5,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "duplicates",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "3": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 3,
+                "To": 5,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "5": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 3,
+                "To": 5,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   },
   {
     "ID": "OSV-000-001",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 1,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "duplicates",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 1,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ],
-      [
-        {
-          "From": 2,
-          "To": 4,
-          "Requirement": "^2.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 2,
-          "Requirement": "^2.0.0",
-          "Type": {}
+      },
+      {
+        "Dependency": 4,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "duplicates",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "2.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 2,
+                "To": 4,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "4": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "2.2.2"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 2,
+                "To": 4,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ],
-      [
-        {
-          "From": 3,
-          "To": 5,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 3,
-          "Requirement": "^1.0.0",
-          "Type": {}
+      },
+      {
+        "Dependency": 5,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "duplicates",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "3": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 3,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 3,
+                "To": 5,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "5": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 3,
+                "To": 5,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   }
 ]
 ---
@@ -374,23 +1030,74 @@ existing 1.0.0
   {
     "ID": "OSV-000-001",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 1,
-          "To": 2,
-          "Requirement": "^2.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^2.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 2,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "existing",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "2.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 1,
+                "To": 2,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "2.2.2"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 1,
+                "To": 2,
+                "Requirement": "^2.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   }
 ]
 ---
@@ -408,61 +1115,170 @@ non-problem 1.0.0
   {
     "ID": "OSV-000-000",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 1,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "non-problem",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^3.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 2,
+                "To": 1,
+                "Requirement": "*",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "3.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^3.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 2,
+                "To": 1,
+                "Requirement": "*",
+                "Type": {}
+              }
+            ]
+          }
         }
-      ]
-    ],
-    "NonProblemChains": [
-      [
-        {
-          "From": 2,
-          "To": 1,
-          "Requirement": "*",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 2,
-          "Requirement": "^3.0.0",
-          "Type": {}
-        }
-      ]
+      }
     ]
   },
   {
     "ID": "OSV-000-001",
     "DevOnly": false,
-    "ProblemChains": [
-      [
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        }
-      ],
-      [
-        {
-          "From": 2,
-          "To": 1,
-          "Requirement": "*",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 2,
-          "Requirement": "^3.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 1,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "non-problem",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^3.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              },
+              {
+                "From": 2,
+                "To": 1,
+                "Requirement": "*",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "3.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 2,
+                "Requirement": "^3.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 2,
+                "To": 1,
+                "Requirement": "*",
+                "Type": {}
+              }
+            ]
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   }
 ]
 ---
@@ -479,44 +1295,146 @@ simple 1.0.0
   {
     "ID": "OSV-000-000",
     "DevOnly": true,
-    "ProblemChains": [
-      [
-        {
-          "From": 1,
-          "To": 2,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 2,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "simple",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 1,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 1,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   },
   {
     "ID": "OSV-000-001",
     "DevOnly": true,
-    "ProblemChains": [
-      [
-        {
-          "From": 1,
-          "To": 2,
-          "Requirement": "^1.0.0",
-          "Type": {}
-        },
-        {
-          "From": 0,
-          "To": 1,
-          "Requirement": "^1.0.0",
-          "Type": {}
+    "Subgraphs": [
+      {
+        "Dependency": 2,
+        "Nodes": {
+          "0": {
+            "Version": {
+              "System": 3,
+              "Name": "simple",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 2,
+            "Parents": null,
+            "Children": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "1": {
+            "Version": {
+              "System": 3,
+              "Name": "dependency",
+              "VersionType": 1,
+              "Version": "1.0.0"
+            },
+            "Distance": 1,
+            "Parents": [
+              {
+                "From": 0,
+                "To": 1,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": [
+              {
+                "From": 1,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ]
+          },
+          "2": {
+            "Version": {
+              "System": 3,
+              "Name": "bad",
+              "VersionType": 1,
+              "Version": "1.1.1"
+            },
+            "Distance": 0,
+            "Parents": [
+              {
+                "From": 1,
+                "To": 2,
+                "Requirement": "^1.0.0",
+                "Type": {}
+              }
+            ],
+            "Children": null
+          }
         }
-      ]
-    ],
-    "NonProblemChains": []
+      }
+    ]
   }
 ]
 ---
diff --git a/internal/resolution/dependency_chain.go b/internal/resolution/dependency_chain.go
deleted file mode 100644
index 2703215daa8..00000000000
--- a/internal/resolution/dependency_chain.go
+++ /dev/null
@@ -1,137 +0,0 @@
-package resolution
-
-import (
-	"context"
-	"slices"
-
-	"deps.dev/util/resolve"
-	"deps.dev/util/resolve/dep"
-	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
-	"github.com/google/osv-scanner/v2/internal/resolution/util"
-	vulnUtil "github.com/google/osv-scanner/v2/internal/utility/vulns"
-	"github.com/google/osv-scanner/v2/pkg/lockfile"
-	"github.com/google/osv-scanner/v2/pkg/models"
-)
-
-type DependencyChain struct {
-	Graph *resolve.Graph
-	Edges []resolve.Edge // Edge from root node is at the end of the list
-}
-
-// At returns the dependency information of the dependency at the specified index along the chain.
-// Returns the resolved VersionKey of the dependency, and the version requirement string.
-// index 0 is the end dependency (usually the vulnerability)
-// index len(Edges)-1 is the direct dependency from the root node
-func (dc DependencyChain) At(index int) (resolve.VersionKey, string) {
-	edge := dc.Edges[index]
-	return dc.Graph.Nodes[edge.To].Version, edge.Requirement
-}
-
-func (dc DependencyChain) Direct() (resolve.VersionKey, string) {
-	return dc.At(len(dc.Edges) - 1)
-}
-
-func (dc DependencyChain) End() (resolve.VersionKey, string) {
-	return dc.At(0)
-}
-
-func ChainIsDev(dc DependencyChain, groups map[manifest.RequirementKey][]string) bool {
-	edge := dc.Edges[len(dc.Edges)-1]
-	// This check only applies to the graphs created from the in-place lockfile scanning.
-	if edge.Type.HasAttr(dep.Dev) {
-		return true
-	}
-
-	// As a workaround for npm workspaces, repeat above in-place check 1 layer deeper.
-	if len(dc.Edges) > 1 && dc.Edges[len(dc.Edges)-2].Type.HasAttr(dep.Dev) {
-		return true
-	}
-
-	req := resolve.RequirementVersion{
-		VersionKey: dc.Graph.Nodes[edge.To].Version,
-		Type:       edge.Type.Clone(),
-	}
-	ecosystem, ok := util.OSVEcosystem[req.System]
-	if !ok {
-		return false
-	}
-	// TODO: Below check doesn't support npm workspaces correctly.
-	return lockfile.Ecosystem(ecosystem).IsDevGroup(groups[manifest.MakeRequirementKey(req)])
-}
-
-// ComputeChains computes all paths from each specified NodeID to the root node.
-func ComputeChains(g *resolve.Graph, nodes []resolve.NodeID) [][]DependencyChain {
-	// find the parent nodes of each node in graph, for easier traversal
-	parentEdges := make(map[resolve.NodeID][]resolve.Edge)
-	for _, e := range g.Edges {
-		// check for a self-dependency, just in case
-		if e.From == e.To {
-			continue
-		}
-		parentEdges[e.To] = append(parentEdges[e.To], e)
-	}
-
-	allChains := make([][]DependencyChain, len(nodes))
-	// for each node, traverse up all possible paths to the root node
-	for i, node := range nodes {
-		var toProcess []DependencyChain
-		for _, pEdge := range parentEdges[node] {
-			toProcess = append(toProcess, DependencyChain{
-				Graph: g,
-				Edges: []resolve.Edge{pEdge},
-			})
-		}
-		for len(toProcess) > 0 {
-			chain := toProcess[0]
-			toProcess = toProcess[1:]
-			edge := chain.Edges[len(chain.Edges)-1]
-			if edge.From == 0 { // we are at the root, add it to the final list
-				allChains[i] = append(allChains[i], chain)
-				continue
-			}
-			// add all parent edges to the queue
-			for _, pEdge := range parentEdges[edge.From] {
-				// check for a dependency cycle before adding them
-				if !slices.ContainsFunc(chain.Edges, func(e resolve.Edge) bool { return e.To == pEdge.To }) {
-					toProcess = append(toProcess, DependencyChain{
-						Graph: g,
-						Edges: append(slices.Clone(chain.Edges), pEdge),
-					})
-				}
-			}
-		}
-	}
-
-	return allChains
-}
-
-// chainConstrains check if a DependencyChain is 'Problematic'
-// i.e. if it is forcing the vulnerable package to chosen in resolution.
-func chainConstrains(ctx context.Context, cl resolve.Client, chain DependencyChain, vuln *models.Vulnerability) bool {
-	// TODO: Logic needs to be ecosystem-specific.
-	if len(chain.Edges) == 0 {
-		return false
-	}
-	// Just check if the direct requirement of the vulnerable package is constraining it.
-	// This still has some false positives.
-	// e.g. if we have
-	// A@* -> B@2.*
-	// D@* -> B@2.1.1 -> C@1.0.0
-	// resolving both together picks B@2.1.1 & thus constrains C to C@1.0.0 for A
-	// But resolving A alone could pick B@2.2.0 which might not depend on C
-	// Similarly, a direct dependency could be constrained by an indirect dependency with similar results.
-
-	// Check if the latest allowable version of the package is vulnerable
-	vk, req := chain.End()
-	vk.Version = req
-	vk.VersionType = resolve.Requirement
-	vers, err := cl.MatchingVersions(ctx, vk)
-	if err != nil {
-		// TODO: handle error
-		return true
-	}
-
-	bestVk := vers[len(vers)-1] // This should be the highest version for npm
-
-	return vulnUtil.IsAffected(*vuln, util.VKToPackageDetails(bestVk.VersionKey))
-}
diff --git a/internal/resolution/dependency_subgraph.go b/internal/resolution/dependency_subgraph.go
new file mode 100644
index 00000000000..f0141ad33b4
--- /dev/null
+++ b/internal/resolution/dependency_subgraph.go
@@ -0,0 +1,246 @@
+package resolution
+
+import (
+	"context"
+	"slices"
+
+	"deps.dev/util/resolve"
+	"deps.dev/util/resolve/dep"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/internal/resolution/util"
+	vulnUtil "github.com/google/osv-scanner/v2/internal/utility/vulns"
+	"github.com/google/osv-scanner/v2/pkg/lockfile"
+	"github.com/google/osv-scanner/v2/pkg/models"
+)
+
+type GraphNode struct {
+	Version  resolve.VersionKey
+	Distance int            // The shortest distance to the end Dependency Node (which has a Distance of 0)
+	Parents  []resolve.Edge // Parent edges i.e. with Edge.To == this ID
+	Children []resolve.Edge // Child edges i.e. with Edge.From == this ID
+}
+
+type DependencySubgraph struct {
+	Dependency resolve.NodeID // The NodeID of the end dependency of this subgraph.
+	Nodes      map[resolve.NodeID]GraphNode
+}
+
+// ComputeSubgraphs computes the DependencySubgraphs for each specified NodeID.
+// The computed Subgraphs contains all nodes and edges that transitively depend on the specified node, and the node itself.
+//
+// Modifying any of the returned DependencySubgraphs may cause unexpected behaviour.
+func ComputeSubgraphs(g *resolve.Graph, nodes []resolve.NodeID) []*DependencySubgraph {
+	// Find the parent nodes of each node in graph, for easier traversal.
+	// These slices are shared between the returned subgraphs.
+	parentEdges := make(map[resolve.NodeID][]resolve.Edge)
+	for _, e := range g.Edges {
+		// Check for a self-dependency, just in case.
+		if e.From == e.To {
+			continue
+		}
+		parentEdges[e.To] = append(parentEdges[e.To], e)
+	}
+
+	// For each node, compute the subgraph.
+	subGraphs := make([]*DependencySubgraph, 0, len(nodes))
+	for _, nodeID := range nodes {
+		// Starting at the node of interest, visit all unvisited parents,
+		// adding the corresponding edges to the GraphNodes.
+		gNodes := make(map[resolve.NodeID]GraphNode)
+		seen := make(map[resolve.NodeID]struct{})
+		seen[nodeID] = struct{}{}
+		toProcess := []resolve.NodeID{nodeID}
+		currDistance := 0 // The current distance from end dependency.
+		for len(toProcess) > 0 {
+			// Track the next set of nodes to process, which will be +1 Distance away from end.
+			var next []resolve.NodeID
+			for _, node := range toProcess {
+				// Construct the GraphNode
+				parents := parentEdges[node]
+				gNode := gNodes[node] // Grab the existing GraphNode, which will have some Children populated.
+				gNode.Version = g.Nodes[node].Version
+				gNode.Distance = currDistance
+				gNode.Parents = parents
+				gNodes[node] = gNode
+				// Populate parent's children and add to next set.
+				for _, edge := range parents {
+					nID := edge.From
+					pNode := gNodes[nID]
+					pNode.Children = append(pNode.Children, edge)
+					gNodes[nID] = pNode
+					if _, ok := seen[nID]; !ok {
+						seen[nID] = struct{}{}
+						next = append(next, nID)
+					}
+				}
+			}
+			toProcess = next
+			currDistance++
+		}
+
+		subGraphs = append(subGraphs, &DependencySubgraph{
+			Dependency: nodeID,
+			Nodes:      gNodes,
+		})
+	}
+
+	return subGraphs
+}
+
+// IsDevOnly checks if this DependencySubgraph solely contains dev (or test) dependencies.
+// If groups is nil, checks the dep.Type of the direct graph edges for the Dev Attr (for in-place).
+// Otherwise, uses the groups of the direct dependencies to determine if a non-dev path exists (for relax/override).
+func (ds *DependencySubgraph) IsDevOnly(groups map[manifest.RequirementKey][]string) bool {
+	if groups != nil {
+		// Check if any of the direct dependencies are not in the dev group.
+		return !slices.ContainsFunc(ds.Nodes[0].Children, func(e resolve.Edge) bool {
+			req := resolve.RequirementVersion{
+				VersionKey: ds.Nodes[e.To].Version,
+				Type:       e.Type.Clone(),
+			}
+			ecosystem, ok := util.OSVEcosystem[req.System]
+			if !ok {
+				return true
+			}
+
+			return !lockfile.Ecosystem(ecosystem).IsDevGroup(groups[manifest.MakeRequirementKey(req)])
+		})
+	}
+
+	// groups == nil
+	// Check if any of the direct dependencies do not have the Dev attr.
+	for _, e := range ds.Nodes[0].Children {
+		if e.Type.HasAttr(dep.Dev) {
+			continue
+		}
+		// As a workaround for npm workspaces, check for the a Dev attr in the direct dependency's dependencies.
+		for _, e2 := range ds.Nodes[e.To].Children {
+			if !e2.Type.HasAttr(dep.Dev) {
+				return false
+			}
+		}
+		// If the vulnerable dependency is a direct dependency, it'd have no Children.
+		// Since we've already checked that it doesn't have the Dev attr, it must be a non-dev dependency.
+		if e.To == ds.Dependency {
+			return false
+		}
+	}
+
+	return true
+}
+
+// ConstrainingSubgraph tries to construct a subgraph of the subgraph that includes only the edges that contribute to a vulnerability.
+// It identifies the dependencies which constrain the vulnerable package to use a vulnerable version.
+// This is used by the 'relax' remediation strategy to identify which direct dependencies need to be updated.
+//
+// e.g. for a subgraph with:
+//
+//	A -> C@<2.0
+//	B -> C@<3.0
+//	C resolves to C@1.9
+//
+// If the vuln affecting C is fixed in version 2.0, the constraining subgraph would only contain A,
+// since B would allow versions >=2.0 of C to be selected if not for A.
+//
+// This is a heuristic approach and may produce false positives (meaning possibly unnecessary dependencies would be flagged to be relaxed).
+// If the constraining subgraph cannot be computed for some reason, returns the original DependencySubgraph.
+func (ds *DependencySubgraph) ConstrainingSubgraph(ctx context.Context, cl resolve.Client, vuln *models.Vulnerability) *DependencySubgraph {
+	// Just check if the direct requirement of the vulnerable package is constraining it.
+	// This still has some false positives.
+	// e.g. if we have
+	// A@* -> B@2.*
+	// D@* -> B@2.1.1 -> C@1.0.0
+	// resolving both together picks B@2.1.1 & thus constrains C to C@1.0.0 for A
+	// But resolving A alone could pick B@2.2.0 which might not depend on C
+	// Similarly, a direct dependency could be constrained by an indirect dependency with similar results.
+	end := ds.Nodes[ds.Dependency]
+	newParents := make([]resolve.Edge, 0, len(end.Parents))
+	for _, pEdge := range end.Parents {
+		// Check if the latest allowable version of the package is vulnerable
+		vk := end.Version
+		vk.Version = pEdge.Requirement
+		vk.VersionType = resolve.Requirement
+		vers, err := cl.MatchingVersions(ctx, vk)
+		if err != nil || len(vers) == 0 {
+			// Could not determine MatchingVersions - assume this is constraining.
+			newParents = append(newParents, pEdge)
+			continue
+		}
+		bestVK := vers[len(vers)-1] // This should be the highest version for npm
+
+		if vulnUtil.IsAffected(*vuln, util.VKToPackageDetails(bestVK.VersionKey)) {
+			newParents = append(newParents, pEdge)
+		}
+	}
+
+	if len(newParents) == 0 {
+		// There has to be at least one constraining path for the vulnerability to appear.
+		// If our heuristic couldn't determine any, treat the whole subgraph as constraining.
+		return ds
+	}
+
+	// Rebuild the DependencySubgraph using the dependency's newParents.
+	// Same logic as in ComputeSubgraphs.
+	newNodes := make(map[resolve.NodeID]GraphNode)
+	newNodes[ds.Dependency] = GraphNode{
+		Version:  end.Version,
+		Distance: 0,
+		Parents:  newParents,
+	}
+
+	seen := make(map[resolve.NodeID]struct{})
+	seen[ds.Dependency] = struct{}{}
+	toProcess := make([]resolve.NodeID, 0, len(newParents))
+	for _, e := range newParents {
+		toProcess = append(toProcess, e.From)
+		seen[e.From] = struct{}{}
+	}
+
+	currDistance := 1
+	for len(toProcess) > 0 {
+		var next []resolve.NodeID
+		for _, nID := range toProcess {
+			oldNode := ds.Nodes[nID]
+			newNode := GraphNode{
+				Version:  oldNode.Version,
+				Distance: currDistance,
+				Parents:  slices.Clone(oldNode.Parents),
+				Children: slices.Clone(oldNode.Children),
+			}
+			// Remove the non-constraining edge from the node's children if it ends up in the subgraph.
+			newNode.Children = slices.DeleteFunc(newNode.Children, func(e resolve.Edge) bool {
+				if e.To != ds.Dependency {
+					return false
+				}
+
+				return !slices.ContainsFunc(newParents, func(pEdge resolve.Edge) bool {
+					return pEdge.From == e.From &&
+						pEdge.Requirement == e.Requirement &&
+						pEdge.Type.Compare(e.Type) == 0
+				})
+			})
+			newNodes[nID] = newNode
+			for _, e := range newNode.Parents {
+				if _, ok := seen[e.From]; !ok {
+					seen[e.From] = struct{}{}
+					next = append(next, e.From)
+				}
+			}
+		}
+		toProcess = next
+		currDistance++
+	}
+	// Remove children edges to nodes that are not in the computed subgraph.
+	for nID, edge := range newNodes {
+		edge.Children = slices.DeleteFunc(edge.Children, func(e resolve.Edge) bool {
+			_, ok := seen[e.To]
+			return !ok
+		})
+		newNodes[nID] = edge
+	}
+
+	return &DependencySubgraph{
+		Dependency: ds.Dependency,
+		Nodes:      newNodes,
+	}
+}
diff --git a/internal/resolution/dependency_subgraph_test.go b/internal/resolution/dependency_subgraph_test.go
new file mode 100644
index 00000000000..a7b7d57a7ce
--- /dev/null
+++ b/internal/resolution/dependency_subgraph_test.go
@@ -0,0 +1,335 @@
+package resolution_test
+
+import (
+	"cmp"
+	"context"
+	"maps"
+	"slices"
+	"testing"
+
+	"deps.dev/util/resolve"
+	"deps.dev/util/resolve/schema"
+	gocmp "github.com/google/go-cmp/cmp"
+	"github.com/google/osv-scanner/v2/internal/resolution"
+	"github.com/google/osv-scanner/v2/internal/resolution/manifest"
+	"github.com/google/osv-scanner/v2/pkg/models"
+)
+
+func TestDependencySubgraph(t *testing.T) {
+	t.Parallel()
+	g, err := schema.ParseResolve(`
+a 0.0.1
+	b@^1.0.1 1.0.1
+		$c@^1.0.0
+		d: d@^2.2.2 2.2.2
+	c: c@^1.0.2 1.0.2
+		e@1.0.0 1.0.0
+			$d@^2.0.0
+	f@^1.1.1 1.1.1
+		$c@^1.0.1
+		g@^2.2.2 2.2.2
+			h@^3.3.3 3.3.3
+				$d@^2.2.0
+`, resolve.NPM)
+	if err != nil {
+		t.Fatalf("failed to parse test graph: %v", err)
+	}
+
+	nodes := make([]resolve.NodeID, len(g.Nodes)-1)
+	for i := range nodes {
+		nodes[i] = resolve.NodeID(i + 1)
+	}
+
+	subgraphs := resolution.ComputeSubgraphs(g, nodes)
+	for _, sg := range subgraphs {
+		checkSubgraphVersions(t, sg, g)
+		checkSubgraphEdges(t, sg)
+		checkSubgraphNodesReachable(t, sg)
+		checkSubgraphDistances(t, sg)
+	}
+}
+
+func TestConstrainingSubgraph(t *testing.T) {
+	t.Parallel()
+	const vulnPkgName = "vuln"
+	g, err := schema.ParseResolve(`
+root 1.0.0
+	vuln: vuln@<3 1.0.1
+	nonprob1@^1.0.0 1.0.0
+		$vuln@>1
+	prob1@^1.0.0 1.0.0
+		$vuln@^1.0.0
+	prob2@^2.0.0 2.0.0
+		nonprob2@* 1.0.0
+			$vuln@*
+		$vuln@*
+		dep@3.0.0 3.0.0
+			$vuln@1.0.1
+`, resolve.NPM)
+	if err != nil {
+		t.Fatalf("failed to parse test graph: %v", err)
+	}
+
+	nID := slices.IndexFunc(g.Nodes, func(n resolve.Node) bool { return n.Version.Name == vulnPkgName })
+	if nID < 0 {
+		t.Fatalf("failed to find vulnerable node in test graph")
+	}
+	subgraph := resolution.ComputeSubgraphs(g, []resolve.NodeID{resolve.NodeID(nID)})[0]
+
+	cl := resolve.NewLocalClient()
+	v := resolve.Version{
+		VersionKey: resolve.VersionKey{
+			PackageKey: resolve.PackageKey{
+				System: resolve.NPM,
+				Name:   vulnPkgName,
+			},
+			VersionType: resolve.Concrete,
+		},
+	}
+	v.Version = "1.0.0"
+	cl.AddVersion(v, []resolve.RequirementVersion{})
+	v.Version = "1.0.1"
+	cl.AddVersion(v, []resolve.RequirementVersion{})
+	v.Version = "2.0.0"
+	cl.AddVersion(v, []resolve.RequirementVersion{})
+	vuln := &models.Vulnerability{
+		ID: "VULN-001",
+		Affected: []models.Affected{{
+			Package: models.Package{
+				Ecosystem: "npm",
+				Name:      vulnPkgName,
+			},
+			Ranges: []models.Range{
+				{
+					Type:   "SEMVER",
+					Events: []models.Event{{Introduced: "0"}, {Fixed: "2.0.0"}},
+				},
+			},
+		},
+		}}
+	got := subgraph.ConstrainingSubgraph(context.Background(), cl, vuln)
+	checkSubgraphVersions(t, got, g)
+	checkSubgraphEdges(t, got)
+	checkSubgraphNodesReachable(t, got)
+	checkSubgraphDistances(t, got)
+
+	// Checking that we have the expected remaining nodes
+	expectedRemoved := []string{"nonprob1", "nonprob2"}
+	for _, pkgName := range expectedRemoved {
+		nID := slices.IndexFunc(g.Nodes, func(n resolve.Node) bool { return n.Version.Name == pkgName })
+		if nID < 0 {
+			t.Fatalf("failed to find expected node in test graph")
+		}
+		if _, found := got.Nodes[resolve.NodeID(nID)]; found {
+			t.Errorf("non-constraining node was not removed from constraining subgraph: %s", pkgName)
+		}
+	}
+	if len(got.Nodes) != len(subgraph.Nodes)-len(expectedRemoved) {
+		t.Errorf("extraneous nodes found in constraining subgraph")
+	}
+	for nID := range got.Nodes {
+		if _, ok := subgraph.Nodes[nID]; !ok {
+			t.Errorf("extraneous node (%v) found in constraining subgraph", nID)
+		}
+	}
+
+	// Check that ConstrainingSubgraph is stable if reapplied
+	again := got.ConstrainingSubgraph(context.Background(), cl, vuln)
+	if diff := gocmp.Diff(got, again); diff != "" {
+		t.Errorf("ConstrainingSubgraph output changed on reapply (-want +got):\n%s", diff)
+	}
+}
+
+func TestSubgraphIsDevOnly(t *testing.T) {
+	t.Parallel()
+	g, err := schema.ParseResolve(`
+a 1.0.0
+	b@1.0.0 1.0.0
+		prod: prod@1.0.0 1.0.0
+	Dev|c@1.0.0 1.0.0
+		$prod@1.0.0
+		dev: dev@1.0.0 1.0.0
+	Dev|d@1.0.0 1.0.0
+		$dev@1.0.0
+`, resolve.NPM)
+	if err != nil {
+		t.Fatalf("failed to parse test graph: %v", err)
+	}
+
+	prodID := slices.IndexFunc(g.Nodes, func(n resolve.Node) bool { return n.Version.Name == "prod" })
+	if prodID < 0 {
+		t.Fatalf("failed to find vulnerable node in test graph")
+	}
+	devID := slices.IndexFunc(g.Nodes, func(n resolve.Node) bool { return n.Version.Name == "dev" })
+	if devID < 0 {
+		t.Fatalf("failed to find vulnerable node in test graph")
+	}
+
+	subgraphs := resolution.ComputeSubgraphs(g, []resolve.NodeID{resolve.NodeID(prodID), resolve.NodeID(devID)})
+	prodGraph := subgraphs[0]
+	devGraph := subgraphs[1]
+
+	if prodGraph.IsDevOnly(nil) {
+		t.Errorf("non-dev subgraph has IsDevOnly(nil) == true")
+	}
+	if !devGraph.IsDevOnly(nil) {
+		t.Errorf("dev-only subgraph has IsDevOnly(nil) == false")
+	}
+
+	groups := map[manifest.RequirementKey][]string{
+		{PackageKey: resolve.PackageKey{System: resolve.NPM, Name: "c"}, EcosystemSpecific: ""}: {"dev"},
+		{PackageKey: resolve.PackageKey{System: resolve.NPM, Name: "d"}, EcosystemSpecific: ""}: {"dev"},
+	}
+	if prodGraph.IsDevOnly(groups) {
+		t.Errorf("non-dev subgraph has IsDevOnly(groups) == true")
+	}
+	if !devGraph.IsDevOnly(groups) {
+		t.Errorf("dev-only subgraph has IsDevOnly(groups) == false")
+	}
+}
+
+func checkSubgraphVersions(t *testing.T, sg *resolution.DependencySubgraph, g *resolve.Graph) {
+	// Check that the nodes and versions in the subgraph are correct
+	t.Helper()
+	if _, ok := sg.Nodes[0]; !ok {
+		t.Errorf("DependencySubgraph missing root node (0)")
+	}
+	if _, ok := sg.Nodes[sg.Dependency]; !ok {
+		t.Errorf("DependencySubgraph missing Dependency node (%v)", sg.Dependency)
+	}
+	for nID, node := range sg.Nodes {
+		if nID < 0 || int(nID) >= len(g.Nodes) {
+			t.Errorf("DependencySubgraph contains invalid node ID: %v", nID)
+			continue
+		}
+		want := g.Nodes[nID].Version
+		got := node.Version
+		if diff := gocmp.Diff(want, got); diff != "" {
+			t.Errorf("DependencySubgraph node %v does not match Graph (-want +got):\n%s", nID, diff)
+		}
+	}
+}
+
+func checkSubgraphEdges(t *testing.T, sg *resolution.DependencySubgraph) {
+	// Check that every edge in a node's Parents appears in that parent's Children and vice versa.
+	t.Helper()
+	// Check the root node has no parents & end node has no children
+	if root, ok := sg.Nodes[0]; !ok {
+		t.Errorf("DependencySubgraph missing root node (0)")
+	} else if len(root.Parents) != 0 {
+		t.Errorf("DependencySubgraph root node (0) has parent nodes: %v", root.Parents)
+	}
+	if end, ok := sg.Nodes[sg.Dependency]; !ok {
+		t.Errorf("DependencySubgraph missing Dependency node (%v)", sg.Dependency)
+	} else if len(end.Children) != 0 {
+		t.Errorf("DependencySubgraph Dependency node (%v) has child nodes: %v", sg.Dependency, end.Children)
+	}
+
+	edgeEq := func(a, b resolve.Edge) bool {
+		return a.From == b.From &&
+			a.To == b.To &&
+			a.Requirement == b.Requirement &&
+			a.Type.Compare(b.Type) == 0
+	}
+
+	// Check each node's parents/children for same edges
+	for nID, node := range sg.Nodes {
+		// Only the root node should have no parents
+		if len(node.Parents) == 0 && nID != 0 {
+			t.Errorf("DependencySubgraph node %v has no parent nodes", nID)
+		}
+		for _, e := range node.Parents {
+			if e.To != nID {
+				t.Errorf("DependencySubgraph node %v contains invalid parent edge: %v", nID, e)
+				continue
+			}
+			parent, ok := sg.Nodes[e.From]
+			if !ok {
+				t.Errorf("DependencySubgraph edge missing node in subgraph: %v", e)
+			}
+			if !slices.ContainsFunc(parent.Children, func(edge resolve.Edge) bool { return edgeEq(e, edge) }) {
+				t.Errorf("DependencySubgraph node %v missing child edge: %v", e.From, e)
+			}
+		}
+
+		// Only the end node should have no children
+		if len(node.Children) == 0 && nID != sg.Dependency {
+			t.Errorf("DependencySubgraph node %v has no child nodes", nID)
+		}
+		for _, e := range node.Children {
+			if e.From != nID {
+				t.Errorf("DependencySubgraph node %v contains invalid child edge: %v", nID, e)
+				continue
+			}
+			child, ok := sg.Nodes[e.To]
+			if !ok {
+				t.Errorf("DependencySubgraph edge missing node in subgraph: %v", e)
+			}
+			if !slices.ContainsFunc(child.Parents, func(edge resolve.Edge) bool { return edgeEq(e, edge) }) {
+				t.Errorf("DependencySubgraph node %v missing parent edge: %v", e.To, e)
+			}
+		}
+	}
+}
+
+func checkSubgraphNodesReachable(t *testing.T, sg *resolution.DependencySubgraph) {
+	// Check that every node in the subgraph is reachable from the root node.
+	t.Helper()
+	seen := make(map[resolve.NodeID]struct{})
+	todo := make([]resolve.NodeID, 0, len(sg.Nodes))
+	todo = append(todo, 0)
+	seen[0] = struct{}{}
+	for len(todo) > 0 {
+		nID := todo[0]
+		todo = todo[1:]
+		node, ok := sg.Nodes[nID]
+		if !ok {
+			t.Errorf("DependencySubgraph missing expected node %v", nID)
+			continue
+		}
+		for _, e := range node.Children {
+			if _, ok := seen[e.To]; !ok {
+				todo = append(todo, e.To)
+				seen[e.To] = struct{}{}
+			}
+		}
+	}
+
+	got := slices.Sorted(maps.Keys(seen))
+	want := slices.Sorted(maps.Keys(sg.Nodes))
+	if diff := gocmp.Diff(want, got); diff != "" {
+		t.Errorf("DependencySubgraph reachable nodes mismatch (-want +got):\n%s", diff)
+	}
+}
+
+func checkSubgraphDistances(t *testing.T, sg *resolution.DependencySubgraph) {
+	// Check that the distances of each node have the correct value.
+	t.Helper()
+	if end, ok := sg.Nodes[sg.Dependency]; !ok {
+		t.Errorf("DependencySubgraph missing Dependency node (%v)", sg.Dependency)
+	} else if end.Distance != 0 {
+		t.Errorf("DependencySubgraph end Dependency distance is not 0")
+	}
+
+	// Each node's distance should be one more than its smallest child's distance.
+	for nID, node := range sg.Nodes {
+		// The end dependency should have a distance of 0
+		if nID == sg.Dependency {
+			if node.Distance != 0 {
+				t.Errorf("DependencySubgraph Dependency node (%v) has nonzero distance: %d", nID, node.Distance)
+			}
+
+			continue
+		}
+
+		if len(node.Children) == 0 {
+			t.Errorf("DependencySubgraph node %v has no child nodes", nID)
+			continue
+		}
+		e := slices.MinFunc(node.Children, func(a, b resolve.Edge) int { return cmp.Compare(sg.Nodes[a.To].Distance, sg.Nodes[b.To].Distance) })
+		want := sg.Nodes[e.To].Distance + 1
+		if node.Distance != want {
+			t.Errorf("DependencySubgraph node %v Distance = %d, want = %d", nID, node.Distance, want)
+		}
+	}
+}
diff --git a/internal/resolution/resolve.go b/internal/resolution/resolve.go
index 120fa85943a..2371c7f1de4 100644
--- a/internal/resolution/resolve.go
+++ b/internal/resolution/resolve.go
@@ -20,16 +20,20 @@ import (
 type Vulnerability struct {
 	OSV     models.Vulnerability
 	DevOnly bool
-	// Chains are paths through requirements from direct dependency to vulnerable package.
-	// A 'Problem' chain constrains the package to a vulnerable version.
-	// 'NonProblem' chains re-use the vulnerable version, but would not resolve to a vulnerable version in isolation.
-	ProblemChains    []DependencyChain
-	NonProblemChains []DependencyChain
+	// Subgraphs are the collections of nodes and edges that reach the vulnerable node.
+	// Subgraphs all contain the root node (NodeID 0) with no incoming edges (Parents),
+	// and the vulnerable node (NodeID DependencySubgraph.Dependency) with no outgoing edges (Children).
+	Subgraphs []*DependencySubgraph
 }
 
 func (rv Vulnerability) IsDirect() bool {
-	fn := func(dc DependencyChain) bool { return len(dc.Edges) == 1 }
-	return slices.ContainsFunc(rv.ProblemChains, fn) || slices.ContainsFunc(rv.NonProblemChains, fn)
+	for _, sg := range rv.Subgraphs {
+		if sg.Nodes[0].Distance == 1 {
+			return true
+		}
+	}
+
+	return false
 }
 
 type Result struct {
@@ -225,11 +229,11 @@ func (res *Result) computeVulns(ctx context.Context, cl client.ResolutionClient)
 		}
 	}
 
-	nodeChains := ComputeChains(res.Graph, vulnerableNodes)
-	vulnChains := make(map[string][]DependencyChain)
+	nodeSubgraphs := ComputeSubgraphs(res.Graph, vulnerableNodes)
+	vulnSubgraphs := make(map[string][]*DependencySubgraph)
 	for i, nID := range vulnerableNodes {
 		for _, vuln := range nodeVulns[nID] {
-			vulnChains[vuln.ID] = append(vulnChains[vuln.ID], nodeChains[i]...)
+			vulnSubgraphs[vuln.ID] = append(vulnSubgraphs[vuln.ID], nodeSubgraphs[i])
 		}
 	}
 
@@ -239,20 +243,8 @@ func (res *Result) computeVulns(ctx context.Context, cl client.ResolutionClient)
 	// TODO: Combine aliased IDs
 	for id, vuln := range vulnInfo {
 		rv := Vulnerability{OSV: vuln, DevOnly: true}
-		for _, chain := range vulnChains[id] {
-			if chainConstrains(ctx, cl, chain, &rv.OSV) {
-				rv.ProblemChains = append(rv.ProblemChains, chain)
-			} else {
-				rv.NonProblemChains = append(rv.NonProblemChains, chain)
-			}
-			rv.DevOnly = rv.DevOnly && ChainIsDev(chain, res.Manifest.Groups)
-		}
-		if len(rv.ProblemChains) == 0 {
-			// There has to be at least one problem chain for the vulnerability to appear.
-			// If our heuristic couldn't determine any, treat them all as problematic.
-			rv.ProblemChains = rv.NonProblemChains
-			rv.NonProblemChains = nil
-		}
+		rv.Subgraphs = vulnSubgraphs[id]
+		rv.DevOnly = !slices.ContainsFunc(rv.Subgraphs, func(ds *DependencySubgraph) bool { return !ds.IsDevOnly(res.Manifest.Groups) })
 		res.Vulns = append(res.Vulns, rv)
 	}
 
diff --git a/internal/resolution/resolve_test.go b/internal/resolution/resolve_test.go
index 28083090d62..ec747c7a315 100644
--- a/internal/resolution/resolve_test.go
+++ b/internal/resolution/resolve_test.go
@@ -20,25 +20,17 @@ func checkResult(t *testing.T, result *resolution.Result) {
 	snap.MatchText(t, result.Graph.String())
 
 	type minimalVuln struct {
-		ID               string
-		DevOnly          bool
-		ProblemChains    [][]resolve.Edge
-		NonProblemChains [][]resolve.Edge
+		ID        string
+		DevOnly   bool
+		Subgraphs []*resolution.DependencySubgraph
 	}
 
 	minVulns := make([]minimalVuln, len(result.Vulns))
 	for i, v := range result.Vulns {
 		minVulns[i] = minimalVuln{
-			ID:               v.OSV.ID,
-			DevOnly:          v.DevOnly,
-			ProblemChains:    make([][]resolve.Edge, len(v.ProblemChains)),
-			NonProblemChains: make([][]resolve.Edge, len(v.NonProblemChains)),
-		}
-		for j, c := range v.ProblemChains {
-			minVulns[i].ProblemChains[j] = c.Edges
-		}
-		for j, c := range v.NonProblemChains {
-			minVulns[i].NonProblemChains[j] = c.Edges
+			ID:        v.OSV.ID,
+			DevOnly:   v.DevOnly,
+			Subgraphs: v.Subgraphs,
 		}
 	}
 	slices.SortFunc(minVulns, func(a, b minimalVuln) int {
diff --git a/internal/tui/dependency-graph.go b/internal/tui/dependency-graph.go
index 2520ea1fc79..9417ea7be61 100644
--- a/internal/tui/dependency-graph.go
+++ b/internal/tui/dependency-graph.go
@@ -11,10 +11,10 @@ import (
 )
 
 type chainGraphNode struct {
-	vk       resolve.VersionKey
-	isDirect bool // if this is a direct dependency
-	children []*chainGraphNode
-	// in this representation, a child is something that depends on this node
+	vk         resolve.VersionKey
+	isDirect   bool // if this is a direct dependency
+	dependents []*chainGraphNode
+	// in this representation, the dependents are the children of this node
 	// so the root of the tree is rendered at the bottom
 }
 
@@ -22,63 +22,60 @@ type ChainGraph struct {
 	*chainGraphNode
 }
 
-// for each unique vulnerable node, construct the graph from that node to each connected direct dependency,
-// choosing only the shortest path
-func FindChainGraphs(chains []resolution.DependencyChain) []ChainGraph {
-	// TODO: this is not deterministic
-
-	// identifier for unique direct dep causes of unique vulnerabilities,
-	// used as a map key, so needs to be comparable
-	type chainEndpoints struct {
-		vulnDep   resolve.NodeID
-		directDep resolve.NodeID
-	}
-
-	// Find the shortest-length dependency chain for each direct/vulnerable node pair
-	shortestChains := make(map[chainEndpoints]resolution.DependencyChain)
-	for _, c := range chains {
-		endpoints := chainEndpoints{c.Edges[0].To, c.Edges[len(c.Edges)-1].To}
-		old, ok := shortestChains[endpoints]
-		if !ok {
-			shortestChains[endpoints] = c
-			continue
-		}
-		if len(old.Edges) > len(c.Edges) {
-			shortestChains[endpoints] = c
+func subgraphEdges(sg *resolution.DependencySubgraph, direct resolve.NodeID) []resolve.Edge {
+	// find the shortest chain of edges from direct to the vulnerable node, excluding the root->direct edge.
+	// return them in reverse order, with edges[0].To = sg.Dependency
+	edges := make([]resolve.Edge, 0, sg.Nodes[0].Distance-1)
+	nID := direct
+	for nID != sg.Dependency {
+		n := sg.Nodes[nID]
+		idx := slices.IndexFunc(n.Children, func(e resolve.Edge) bool { return sg.Nodes[e.To].Distance == n.Distance-1 })
+		if idx < 0 {
+			break
 		}
+		edge := n.Children[idx]
+		edges = append(edges, edge)
+		nID = edge.To
 	}
+	slices.Reverse(edges)
+
+	return edges
+}
 
+// for each unique vulnerable node, construct the graph from that node to each connected direct dependency,
+// choosing only the shortest path
+func FindChainGraphs(subgraphs []*resolution.DependencySubgraph) []ChainGraph {
 	// Construct the ChainGraphs
-	nodes := make(map[resolve.NodeID]*chainGraphNode)
-	var ret []ChainGraph
-	for _, c := range shortestChains {
-		if _, ok := nodes[c.Edges[0].To]; !ok {
-			// haven't encountered this specific vulnerable node before
-			// create it and add it to the returned graphs
-			vk, _ := c.End()
-			n := &chainGraphNode{
-				vk:       vk,
-				children: nil,
-				isDirect: c.Edges[0].From == 0,
-			}
-			ret = append(ret, ChainGraph{n})
-			nodes[c.Edges[0].To] = n
+	ret := make([]ChainGraph, 0, len(subgraphs))
+	for _, sg := range subgraphs {
+		nodes := make(map[resolve.NodeID]*chainGraphNode)
+		isDirect := func(nID resolve.NodeID) bool {
+			return slices.ContainsFunc(sg.Nodes[nID].Parents, func(e resolve.Edge) bool { return e.From == 0 })
 		}
-		// Going up the chain, add the node to the previous' children if it's not there already
-		for i, e := range c.Edges[:len(c.Edges)-1] {
-			p := nodes[e.To]
-			n, ok := nodes[e.From]
-			if !ok {
-				vk, _ := c.At(i + 1)
-				n = &chainGraphNode{
-					vk:       vk,
-					children: nil,
-					isDirect: i == len(c.Edges)-2,
+		// Create and add the vulnerable node to the returned graphs
+		n := &chainGraphNode{
+			vk:         sg.Nodes[sg.Dependency].Version,
+			dependents: nil,
+			isDirect:   isDirect(sg.Dependency),
+		}
+		ret = append(ret, ChainGraph{n})
+		nodes[sg.Dependency] = n
+		for _, startEdge := range sg.Nodes[0].Children {
+			// Going up the chain, add the node to the previous' children if it's not there already
+			for _, e := range subgraphEdges(sg, startEdge.To) {
+				p := nodes[e.To]
+				n, ok := nodes[e.From]
+				if !ok {
+					n = &chainGraphNode{
+						vk:         sg.Nodes[e.From].Version,
+						dependents: nil,
+						isDirect:   isDirect(e.From),
+					}
+					nodes[e.From] = n
+				}
+				if !slices.Contains(p.dependents, n) {
+					p.dependents = append(p.dependents, n)
 				}
-				nodes[e.From] = n
-			}
-			if !slices.Contains(p.children, n) {
-				p.children = append(p.children, n)
 			}
 		}
 	}
@@ -119,13 +116,13 @@ func (c *chainGraphNode) subString(isVuln bool) (string, int) {
 	nodeOffset := lipgloss.Width(nodeStr) / 2
 
 	// No children, just show the text
-	if len(c.children) == 0 {
+	if len(c.dependents) == 0 {
 		return nodeStr, nodeOffset
 	}
 
 	// one child, add a single line connecting this to the child above it
-	if len(c.children) == 1 {
-		childStr, childCenter := c.children[0].subString(false)
+	if len(c.dependents) == 1 {
+		childStr, childCenter := c.dependents[0].subString(false)
 		if nodeOffset > childCenter {
 			// left-pad the child if the parent is wider
 			childStr = lipgloss.JoinHorizontal(lipgloss.Bottom, strings.Repeat(" ", nodeOffset-childCenter), childStr)
@@ -139,11 +136,11 @@ func (c *chainGraphNode) subString(isVuln bool) (string, int) {
 
 	// multiple children:
 	// Join the children together on one line
-	nChilds := len(c.children)
+	nChilds := len(c.dependents)
 	paddedChildStrings := make([]string, 0, 2*nChilds) // string of children, with padding strings in between
 	childOffsets := make([]int, 0, nChilds)            // where above the children to connect the lines to them
 	width := 0
-	for _, ch := range c.children {
+	for _, ch := range c.dependents {
 		str, off := ch.subString(false)
 		paddedChildStrings = append(paddedChildStrings, str, " ")
 		childOffsets = append(childOffsets, width+off)
diff --git a/internal/tui/vuln-info.go b/internal/tui/vuln-info.go
index 07405e4f611..54927bc5c82 100644
--- a/internal/tui/vuln-info.go
+++ b/internal/tui/vuln-info.go
@@ -2,7 +2,6 @@ package tui
 
 import (
 	"fmt"
-	"slices"
 	"strings"
 
 	"github.com/charmbracelet/bubbles/key"
@@ -68,8 +67,7 @@ func NewVulnInfo(vuln *resolution.Vulnerability) *vulnInfo {
 	*v.mdStyle.Document.Margin = 0
 	v.mdStyle.Document.BlockPrefix = ""
 
-	chains := append(slices.Clone(vuln.ProblemChains), vuln.NonProblemChains...)
-	v.chainGraphs = FindChainGraphs(chains)
+	v.chainGraphs = FindChainGraphs(vuln.Subgraphs)
 
 	return &v
 }

From cd7cc8a314c65324354d531ec1b18a87e5b9f149 Mon Sep 17 00:00:00 2001
From: Rex P <106129829+another-rex@users.noreply.github.com>
Date: Thu, 30 Jan 2025 15:16:32 +1100
Subject: [PATCH 6/6] docs: Update the local docs readme so that we can better
 run the docs locally (#1550)

---
 docs/.bundle/config |  2 ++
 docs/Gemfile.lock   |  2 +-
 docs/README.md      | 16 ++++++++++++----
 3 files changed, 15 insertions(+), 5 deletions(-)
 create mode 100644 docs/.bundle/config

diff --git a/docs/.bundle/config b/docs/.bundle/config
new file mode 100644
index 00000000000..2369228816d
--- /dev/null
+++ b/docs/.bundle/config
@@ -0,0 +1,2 @@
+---
+BUNDLE_PATH: "vendor/bundle"
diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
index 5d8d820237a..ad60a5b913d 100644
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@@ -43,7 +43,7 @@ GEM
       logger
     faraday-net_http (3.3.0)
       net-http
-    ffi (1.17.0-x86_64-linux-gnu)
+    ffi (1.17.1)
     forwardable-extended (2.6.0)
     gemoji (4.1.0)
     github-pages (232)
diff --git a/docs/README.md b/docs/README.md
index 290b0e76cc9..1670bcdc668 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -4,16 +4,24 @@ The [OSV-Scanner docs](https://google.github.io/osv-scanner) are hosted on a [Gi
 
 ## Running docs locally
 
-To run docs locally, you will need [Jekyll](https://jekyllrb.com/docs/installation/) on your machine.
+To run the docs locally:
 
-Here are other [pre-requisites] and instructions for running the [docs locally].
+- Install `ruby (>= 3.1.0)`. This should come with `bundler`.
+  - On Debian, you need to install them separately:
+    - `ruby`
+    - `ruby-bundler`
+- In this directory:
+  - `bundle config set --local path 'vendor/bundle'` (you can skip this step if serving from this directory, as the config is already saved in `.bundle/config`)
+  - `bundle install`
+  - `bundle exec jekyll serve`
+
+Here's the full documentation on github for running the [docs locally].
 
-[pre-requisites]: https://docs.github.com/en/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll#prerequisites
 [docs locally]: https://docs.github.com/en/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll#building-your-site-locally
 
 ## Formatting docs
 
-We use - [Prettier](https://prettier.io/) to standardize the format of markdown and config files.
+We use [Prettier](https://prettier.io/) to standardize the format of markdown and config files.
 
 This requires [node/npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) to be installed.