fix(report): show POC, CERT in tui and format-list. use vendor summary over NVD (#902)

* fix(report): show POC, CERT in tui and format-list. show vendor summary

* fix test case

report/tui.go

@@ -622,14 +622,20 @@ func summaryLines(r models.ScanResult) string {
 		pkgNames = append(pkgNames, vinfo.GitHubSecurityAlerts.Names()...)
 		pkgNames = append(pkgNames, vinfo.WpPackageFixStats.Names()...)
 
+		exploits := ""
+		if 0 < len(vinfo.Exploits) {
+			exploits = " POC"
+		}
+
 		var cols []string
 		cols = []string{
 			fmt.Sprintf(indexFormat, i+1),
 			vinfo.CveID,
 			cvssScore + " |",
-			fmt.Sprintf("%1s |", vinfo.AttackVector()),
-			fmt.Sprintf("%7s |", vinfo.PatchStatus(r.Packages)),
+			fmt.Sprintf("%4s |", vinfo.AttackVector()),
+			fmt.Sprintf("%3s |", exploits),
 			fmt.Sprintf("%6s |", vinfo.AlertDict.FormatSource()),
+			fmt.Sprintf("%7s |", vinfo.PatchStatus(r.Packages)),
 			strings.Join(pkgNames, ", "),
 		}
 		icols := make([]interface{}, len(cols))

report/util.go

@@ -139,13 +139,13 @@ No CVE-IDs are found in updatable packages.
 
 		data = append(data, []string{
 			vinfo.CveID,
-			fmt.Sprintf("%7s", vinfo.PatchStatus(r.Packages)),
-			vinfo.AlertDict.FormatSource(),
 			fmt.Sprintf("%4.1f", max),
+			fmt.Sprintf("%5s", vinfo.AttackVector()),
 			// fmt.Sprintf("%4.1f", v2max),
 			// fmt.Sprintf("%4.1f", v3max),
-			fmt.Sprintf("%2s", vinfo.AttackVector()),
 			exploits,
+			vinfo.AlertDict.FormatSource(),
+			fmt.Sprintf("%7s", vinfo.PatchStatus(r.Packages)),
 			link,
 		})
 	}
@@ -154,13 +154,13 @@ No CVE-IDs are found in updatable packages.
 	table := tablewriter.NewWriter(&b)
 	table.SetHeader([]string{
 		"CVE-ID",
-		"Fixed",
-		"CERT",
 		"CVSS",
+		"Attack",
 		// "v3",
 		// "v2",
-		"AV",
 		"PoC",
+		"CERT",
+		"Fixed",
 		"NVD",
 	})
 	table.SetBorder(true)