fix(report): fix cvedb-url, add -cvedb-type=http (#734 )

* fix(report): fix cvedb-url, add -cvedb-type=http * feat(report): support go-exploitdb server mode * update deps * implement tui * fix server mode * fix(tui): default value of cvedb-type to "" * update deps
fix new cve contents (#735 )
2018-11-16 21:22:18 +09:00 · 2018-11-15 13:43:06 +09:00 · 2018-11-12 17:36:53 +09:00 · 2018-11-10 12:36:12 +09:00 · 2018-11-05 15:35:50 +09:00 · 2018-11-03 16:36:59 +09:00
144 changed files with 35247 additions and 5992 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+.dockerignore
+Dockerfile
+vendor/
+cve.sqlite3*
+oval.sqlite3*
+setup/
+img/
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,38 @@
+
+# What did you do? (required. The issue will be **closed** when not provided.)
+
+
+# What did you expect to happen?
+
+
+# What happened instead?
+
+* Current Output
+
+Please re-run the command using ```-debug``` and provide the output below.
+
+# Steps to reproduce the behaviour
+
+
+# Configuration (**MUST** fill this out):
+
+* Go version (`go version`):
+
+* Go environment (`go env`):
+
+* Vuls environment:
+
+Hash : ____
+
+To check the commit hash of HEAD
+$ vuls -v
+
+or
+
+$ cd $GOPATH/src/github.com/future-architect/vuls 
+$ git rev-parse --short HEAD 
+
+* config.toml:
+
+* command:
+
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,40 @@
+
+If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.
+
+# What did you implement:
+
+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. 
+
+Fixes # (issue)
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+# How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce.
+
+# Checklist:
+You don't have to satisfy all of the following.
+
+- [ ] Write tests
+- [ ] Write documentation
+- [ ] Check that there aren't other open pull requests for the same issue/feature
+- [ ] Format your source code by `make fmt`
+- [ ] Pass the test by `make test`
+- [ ] Provide verification config / commands
+- [ ] Enable "Allow edits from maintainers" for this PR
+- [ ] Update the messages below
+
+***Is this ready for review?:*** NO  
+
+# Reference
+
+* https://blog.github.com/2015-01-21-how-to-write-the-perfect-pull-request/
+
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,15 @@
+vuls
 .vscode
+*.txt
+*.json
+*.sqlite3*
+*.db
+tags
+.gitmodules
 coverage.out
 issues/
-*.txt
 vendor/
 log/
-.gitmodules
-vuls
-*.sqlite3
+results/
+*config.toml
+!setup/docker/*
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -0,0 +1,24 @@
+project_name: vuls
+release:
+  github:
+    owner: future-architect
+    name: vuls
+builds:
+- goos:
+  - linux
+  goarch:
+  - amd64
+  main: .
+  ldflags: -s -w -X main.version={{.Version}} -X main.revision={{.Commit}}
+  binary: vuls
+archive:
+  format: tar.gz
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{
+    .Arm }}{{ end }}'
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+snapshot:
+  name_template: SNAPSHOT-{{ .Commit }}
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,7 @@
+language: go
+
+go:
+  - "1.11.x"
+
+after_success:
+  - test -n "$TRAVIS_TAG" && curl -sL https://git.io/goreleaser | bash
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,514 @@
+# Change Log

-0.1.0 (2013-03-23)
+## v0.4.1 and later, see [GitHub release](https://github.com/future-architect/vuls/releases)

-Initial public release
+## [v0.4.0](https://github.com/future-architect/vuls/tree/v0.4.0) (2017-08-25)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.3.0...v0.4.0)

+**Implemented enhancements:**
+
+- Output changelog in report, TUI and JSON for RHEL [\#367](https://github.com/future-architect/vuls/issues/367)
+- Output changelog in report, TUI and JSON for Amazon Linux [\#366](https://github.com/future-architect/vuls/issues/366)
+- Improve scanning accuracy by checking package versions [\#256](https://github.com/future-architect/vuls/issues/256)
+- Improve SSH [\#415](https://github.com/future-architect/vuls/issues/415)
+- Enable to scan even if target server can not connect to the Internet [\#258](https://github.com/future-architect/vuls/issues/258)
+- SSH Hostkey check [\#417](https://github.com/future-architect/vuls/pull/417) ([kotakanbe](https://github.com/kotakanbe))
+- v0.4.0 [\#449](https://github.com/future-architect/vuls/pull/449) ([kotakanbe](https://github.com/kotakanbe))
+- Change default ssh method from go library to external command [\#416](https://github.com/future-architect/vuls/pull/416) ([kotakanbe](https://github.com/kotakanbe))
+- Add containers-only option to configtest [\#411](https://github.com/future-architect/vuls/pull/411) ([knqyf263](https://github.com/knqyf263))
+
+**Fixed bugs:**
+
+-  Running Vuls tui before vuls report does not show vulnerabilities checked by CPE [\#396](https://github.com/future-architect/vuls/issues/396)
+- With a long package name, Local shell mode \(stty dont' work\) [\#444](https://github.com/future-architect/vuls/issues/444)
+- Improve SSH [\#415](https://github.com/future-architect/vuls/issues/415)
+- Report that a vulnerability exists in the wrong package [\#408](https://github.com/future-architect/vuls/issues/408)
+- With a long package name, a parse error occurs. [\#391](https://github.com/future-architect/vuls/issues/391)
+- Ubuntu failed to scan vulnerable packages [\#205](https://github.com/future-architect/vuls/issues/205)
+- CVE-ID in changelog can't be picked up. [\#154](https://github.com/future-architect/vuls/issues/154)
+- v0.4.0 [\#449](https://github.com/future-architect/vuls/pull/449) ([kotakanbe](https://github.com/kotakanbe))
+- Fix SSH dial error [\#413](https://github.com/future-architect/vuls/pull/413) ([kotakanbe](https://github.com/kotakanbe))
+- Update deps, Change deps tool from glide to dep [\#412](https://github.com/future-architect/vuls/pull/412) ([kotakanbe](https://github.com/kotakanbe))
+- fix report option Loaded error-info [\#406](https://github.com/future-architect/vuls/pull/406) ([hogehogehugahuga](https://github.com/hogehogehugahuga))
+- Add --user root to docker exec command [\#389](https://github.com/future-architect/vuls/pull/389) ([PaulFurtado](https://github.com/PaulFurtado))
+
+**Closed issues:**
+
+- README.md.ja not include "Oracle Linux, FreeBSD"  [\#465](https://github.com/future-architect/vuls/issues/465)
+- Can't scan remote server - \(centos 7 - updated\) [\#451](https://github.com/future-architect/vuls/issues/451)
+- An abnormality in the result of vuls tui [\#439](https://github.com/future-architect/vuls/issues/439)
+- compile faild [\#436](https://github.com/future-architect/vuls/issues/436)
+- Can't install vuls on CentOS 7 [\#432](https://github.com/future-architect/vuls/issues/432)
+- Vuls scan doesn't show severity score in any of the vulnerable packages [\#430](https://github.com/future-architect/vuls/issues/430)
+- Load config failedtoml: cannot load TOML value of type string into a Go slice [\#429](https://github.com/future-architect/vuls/issues/429)
+- vuls scan not running check-update with sudo for Centos 7 [\#428](https://github.com/future-architect/vuls/issues/428)
+- options for configtest not being activated [\#422](https://github.com/future-architect/vuls/issues/422)
+- "could not find project Gopkg.toml, use dep init to initiate a manifest" when installing vuls [\#420](https://github.com/future-architect/vuls/issues/420)
+- go get not get  [\#407](https://github.com/future-architect/vuls/issues/407)
+- Failed to scan via docker. err: Unknown format [\#404](https://github.com/future-architect/vuls/issues/404)
+- Failed to scan - kernel-xxx is an installed security update [\#403](https://github.com/future-architect/vuls/issues/403)
+- 169.254.169.254 port 80: Connection refused [\#402](https://github.com/future-architect/vuls/issues/402)
+- vuls scan --debug cause `invalid memory address` error [\#397](https://github.com/future-architect/vuls/issues/397)
+- Provide a command line flag that will automatically install aptitude on debian? [\#390](https://github.com/future-architect/vuls/issues/390)
+
+**Merged pull requests:**
+
+- export fill cve info [\#467](https://github.com/future-architect/vuls/pull/467) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- add oval docker [\#466](https://github.com/future-architect/vuls/pull/466) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- fix typos in commands. [\#464](https://github.com/future-architect/vuls/pull/464) ([ymomoi](https://github.com/ymomoi))
+- Update README [\#463](https://github.com/future-architect/vuls/pull/463) ([kotakanbe](https://github.com/kotakanbe))
+- export FillWithOval [\#462](https://github.com/future-architect/vuls/pull/462) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- add serveruuid field [\#458](https://github.com/future-architect/vuls/pull/458) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- add s3 dirctory option [\#457](https://github.com/future-architect/vuls/pull/457) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Extract Advisory.Description on RHEL, Amazon, Oracle [\#450](https://github.com/future-architect/vuls/pull/450) ([kotakanbe](https://github.com/kotakanbe))
+- nosudo on CentOS and Fetch Changelogs on Amazon, RHEL [\#448](https://github.com/future-architect/vuls/pull/448) ([kotakanbe](https://github.com/kotakanbe))
+- change logrus package to lowercase and update other packages [\#446](https://github.com/future-architect/vuls/pull/446) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- add db backend redis [\#445](https://github.com/future-architect/vuls/pull/445) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- fast test [\#435](https://github.com/future-architect/vuls/pull/435) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- fix typo [\#433](https://github.com/future-architect/vuls/pull/433) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Add support for PostgreSQL as a DB storage back-end [\#431](https://github.com/future-architect/vuls/pull/431) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- typo README.js.md [\#426](https://github.com/future-architect/vuls/pull/426) ([ryurock](https://github.com/ryurock))
+- Add TOC to README [\#425](https://github.com/future-architect/vuls/pull/425) ([kotakanbe](https://github.com/kotakanbe))
+- Fixing \#420 where lock and manifest have moved to TOML [\#421](https://github.com/future-architect/vuls/pull/421) ([elfgoh](https://github.com/elfgoh))
+- Define timeout for vulnerabilities scan and platform detection [\#414](https://github.com/future-architect/vuls/pull/414) ([s7anley](https://github.com/s7anley))
+- Enable -timeout option when detecting OS [\#410](https://github.com/future-architect/vuls/pull/410) ([knqyf263](https://github.com/knqyf263))
+- Remove duplicate command in README [\#401](https://github.com/future-architect/vuls/pull/401) ([knqyf263](https://github.com/knqyf263))
+- Fix to read config.toml at tui [\#441](https://github.com/future-architect/vuls/pull/441) ([usiusi360](https://github.com/usiusi360))
+- Change NVD URL to new one [\#419](https://github.com/future-architect/vuls/pull/419) ([kotakanbe](https://github.com/kotakanbe))
+- Add some testcases [\#418](https://github.com/future-architect/vuls/pull/418) ([kotakanbe](https://github.com/kotakanbe))
+
+## [v0.3.0](https://github.com/future-architect/vuls/tree/v0.3.0) (2017-03-24)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.2.0...v0.3.0)
+
+**Implemented enhancements:**
+
+- Changelog parsing fails when package maintainers aren't consistent regarding versions [\#327](https://github.com/future-architect/vuls/issues/327)
+- Docker scan doesn't report image name [\#325](https://github.com/future-architect/vuls/issues/325)
+- vuls report -to-email only one E-Mail [\#295](https://github.com/future-architect/vuls/issues/295)
+- Support RHEL5 [\#286](https://github.com/future-architect/vuls/issues/286)
+- Continue scanning even when some hosts have tech issues? [\#264](https://github.com/future-architect/vuls/issues/264)
+- Normalization of JSON output [\#259](https://github.com/future-architect/vuls/issues/259)
+- Add report subcommand, change scan subcommand options [\#239](https://github.com/future-architect/vuls/issues/239)
+- scan localhost? [\#210](https://github.com/future-architect/vuls/issues/210)
+- Can Vuls show details about updateable packages [\#341](https://github.com/future-architect/vuls/issues/341)
+- Scan all containers except [\#285](https://github.com/future-architect/vuls/issues/285)
+- Notify the difference from the previous scan result [\#255](https://github.com/future-architect/vuls/issues/255)
+- EC2RoleCreds support? [\#250](https://github.com/future-architect/vuls/issues/250)
+- Output confidence score of detection accuracy and detection method to JSON or Reporting [\#350](https://github.com/future-architect/vuls/pull/350) ([kotakanbe](https://github.com/kotakanbe))
+- Avoid null slice being null in JSON [\#345](https://github.com/future-architect/vuls/pull/345) ([kotakanbe](https://github.com/kotakanbe))
+- Add -format-one-email option [\#331](https://github.com/future-architect/vuls/pull/331) ([knqyf263](https://github.com/knqyf263))
+- Support Raspbian [\#330](https://github.com/future-architect/vuls/pull/330) ([knqyf263](https://github.com/knqyf263))
+- Add leniancy to the version matching for debian to account for versio… [\#328](https://github.com/future-architect/vuls/pull/328) ([jsulinski](https://github.com/jsulinski))
+- Add image information for docker containers [\#326](https://github.com/future-architect/vuls/pull/326) ([jsulinski](https://github.com/jsulinski))
+- Continue scanning even when some hosts have tech issues [\#309](https://github.com/future-architect/vuls/pull/309) ([kotakanbe](https://github.com/kotakanbe))
+- Add -log-dir option [\#301](https://github.com/future-architect/vuls/pull/301) ([knqyf263](https://github.com/knqyf263))
+- Use --assumeno option [\#300](https://github.com/future-architect/vuls/pull/300) ([knqyf263](https://github.com/knqyf263))
+- Add local scan mode\(Scan without SSH when target server is localhost\) [\#291](https://github.com/future-architect/vuls/pull/291) ([kotakanbe](https://github.com/kotakanbe))
+- Support RHEL5 [\#289](https://github.com/future-architect/vuls/pull/289) ([kotakanbe](https://github.com/kotakanbe))
+- Add LXD support [\#288](https://github.com/future-architect/vuls/pull/288) ([jiazio](https://github.com/jiazio))
+- Add timeout option to configtest [\#400](https://github.com/future-architect/vuls/pull/400) ([kotakanbe](https://github.com/kotakanbe))
+- Notify the difference from the previous scan result [\#392](https://github.com/future-architect/vuls/pull/392) ([knqyf263](https://github.com/knqyf263))
+- Add Oracle Linux support [\#386](https://github.com/future-architect/vuls/pull/386) ([Djelibeybi](https://github.com/Djelibeybi))
+- Change container scan format in config.toml [\#381](https://github.com/future-architect/vuls/pull/381) ([kotakanbe](https://github.com/kotakanbe))
+- Obsolete CentOS5 support [\#378](https://github.com/future-architect/vuls/pull/378) ([kotakanbe](https://github.com/kotakanbe))
+- Deprecate prepare subcommand to minimize the root authority defined by /etc/sudoers [\#375](https://github.com/future-architect/vuls/pull/375) ([kotakanbe](https://github.com/kotakanbe))
+- Support IAM role for report to S3. [\#370](https://github.com/future-architect/vuls/pull/370) ([ohsawa0515](https://github.com/ohsawa0515))
+- Add .travis.yml [\#363](https://github.com/future-architect/vuls/pull/363) ([knqyf263](https://github.com/knqyf263))
+- Output changelog in report, TUI and JSON for Ubuntu/Debian/CentOS [\#356](https://github.com/future-architect/vuls/pull/356) ([kotakanbe](https://github.com/kotakanbe))
+
+**Fixed bugs:**
+
+- Debian scans failing in docker [\#323](https://github.com/future-architect/vuls/issues/323)
+- Local CVE DB is still checked, even if a CVE Dictionary URL is defined [\#316](https://github.com/future-architect/vuls/issues/316)
+- vuls needs gmake. [\#313](https://github.com/future-architect/vuls/issues/313)
+- patch request for FreeBSD [\#312](https://github.com/future-architect/vuls/issues/312)
+- Report: failed to read from json \(Docker\) [\#294](https://github.com/future-architect/vuls/issues/294)
+- -report-mail option does not output required mail header [\#282](https://github.com/future-architect/vuls/issues/282)
+- PackInfo not found error when vuls scan. [\#281](https://github.com/future-architect/vuls/issues/281)
+- Normalize character set [\#279](https://github.com/future-architect/vuls/issues/279)
+- The number of Updatable Packages is different from the number of yum check-update [\#373](https://github.com/future-architect/vuls/issues/373)
+- sudo is needed when exec yum check-update on RHEL7 [\#371](https://github.com/future-architect/vuls/issues/371)
+- `123-3ubuntu4` should be marked as ChangelogLenientMatch [\#362](https://github.com/future-architect/vuls/issues/362)
+- CentOS  multi package invalid result [\#360](https://github.com/future-architect/vuls/issues/360)
+- Parse error after check-update. \(Unknown format\) [\#359](https://github.com/future-architect/vuls/issues/359)
+- Fix candidate to confidence. [\#354](https://github.com/future-architect/vuls/pull/354) ([kotakanbe](https://github.com/kotakanbe))
+- Bug fix: not send e-mail to cc address [\#346](https://github.com/future-architect/vuls/pull/346) ([knqyf263](https://github.com/knqyf263))
+- Change the command used for os detection from uname to freebsd-version [\#340](https://github.com/future-architect/vuls/pull/340) ([kotakanbe](https://github.com/kotakanbe))
+- Fix error handling of detectOS [\#337](https://github.com/future-architect/vuls/pull/337) ([kotakanbe](https://github.com/kotakanbe))
+- Fix infinite retry at size overrun error in Slack report [\#329](https://github.com/future-architect/vuls/pull/329) ([kotakanbe](https://github.com/kotakanbe))
+- aptitude changelog defaults to using more, which is not interactive a… [\#324](https://github.com/future-architect/vuls/pull/324) ([jsulinski](https://github.com/jsulinski))
+- Do not use sudo when echo [\#322](https://github.com/future-architect/vuls/pull/322) ([knqyf263](https://github.com/knqyf263))
+- Reduce privilege requirements for commands that don't need sudo on Ubuntu/Debian [\#319](https://github.com/future-architect/vuls/pull/319) ([jsulinski](https://github.com/jsulinski))
+- Don't check for a CVE DB when CVE Dictionary URL is defined [\#317](https://github.com/future-architect/vuls/pull/317) ([jsulinski](https://github.com/jsulinski))
+- Fix typo contianer -\> container [\#314](https://github.com/future-architect/vuls/pull/314) ([justyns](https://github.com/justyns))
+- Fix the changelog cache logic for ubuntu/debian [\#305](https://github.com/future-architect/vuls/pull/305) ([kotakanbe](https://github.com/kotakanbe))
+- Fix yum updateinfo options [\#304](https://github.com/future-architect/vuls/pull/304) ([kotakanbe](https://github.com/kotakanbe))
+- Update glide.lock to fix create-log-dir error. [\#303](https://github.com/future-architect/vuls/pull/303) ([kotakanbe](https://github.com/kotakanbe))
+- Fix a bug in logging \(file output\) at scan command [\#302](https://github.com/future-architect/vuls/pull/302) ([kotakanbe](https://github.com/kotakanbe))
+- Add -pipe flag \#294 [\#299](https://github.com/future-architect/vuls/pull/299) ([kotakanbe](https://github.com/kotakanbe))
+- Fix RHEL5 scan stopped halfway [\#293](https://github.com/future-architect/vuls/pull/293) ([kotakanbe](https://github.com/kotakanbe))
+- Fix amazon linux scan stopped halfway [\#292](https://github.com/future-architect/vuls/pull/292) ([kotakanbe](https://github.com/kotakanbe))
+- Fix nil-ponter in TUI [\#388](https://github.com/future-architect/vuls/pull/388) ([kotakanbe](https://github.com/kotakanbe))
+- Fix Bug of Mysql Backend [\#384](https://github.com/future-architect/vuls/pull/384) ([kotakanbe](https://github.com/kotakanbe))
+- Fix scan confidence on Ubuntu/Debian/Raspbian \#362 [\#379](https://github.com/future-architect/vuls/pull/379) ([kotakanbe](https://github.com/kotakanbe))
+- Fix updatalbe packages count \#373 [\#374](https://github.com/future-architect/vuls/pull/374) ([kotakanbe](https://github.com/kotakanbe))
+- sudo yum check-update on RHEL [\#372](https://github.com/future-architect/vuls/pull/372) ([kotakanbe](https://github.com/kotakanbe))
+- Change ssh option from -t to -tt [\#369](https://github.com/future-architect/vuls/pull/369) ([knqyf263](https://github.com/knqyf263))
+- Increase the width of RequestPty [\#364](https://github.com/future-architect/vuls/pull/364) ([knqyf263](https://github.com/knqyf263))
+
+**Closed issues:**
+
+-  vuls configtest --debugがsudoのチェックで止まってしまう [\#395](https://github.com/future-architect/vuls/issues/395)
+- Add support for Oracle Linux [\#385](https://github.com/future-architect/vuls/issues/385)
+- error on install - Ubuntu 16.04 [\#376](https://github.com/future-architect/vuls/issues/376)
+- Unknown OS Type [\#335](https://github.com/future-architect/vuls/issues/335)
+- mac os 10.12.3 make install error [\#334](https://github.com/future-architect/vuls/issues/334)
+- assumeYes doesn't work because there is no else condition [\#320](https://github.com/future-architect/vuls/issues/320)
+- Debian scan uses sudo where unnecessary [\#318](https://github.com/future-architect/vuls/issues/318)
+- Add FreeBSD 11 to supported OS on documents. [\#311](https://github.com/future-architect/vuls/issues/311)
+- docker fetchnvd failing [\#274](https://github.com/future-architect/vuls/issues/274)
+- Latest version of labstack echo breaks installation [\#268](https://github.com/future-architect/vuls/issues/268)
+- fetchnvd Fails using example loop [\#267](https://github.com/future-architect/vuls/issues/267)
+
+**Merged pull requests:**
+
+- fix typo in README.ja.md [\#394](https://github.com/future-architect/vuls/pull/394) ([lv7777](https://github.com/lv7777))
+- Update Tutorial in README [\#387](https://github.com/future-architect/vuls/pull/387) ([kotakanbe](https://github.com/kotakanbe))
+- Fix README [\#383](https://github.com/future-architect/vuls/pull/383) ([usiusi360](https://github.com/usiusi360))
+- s/dictinary/dictionary typo [\#382](https://github.com/future-architect/vuls/pull/382) ([beuno](https://github.com/beuno))
+- Fix Japanese typo [\#377](https://github.com/future-architect/vuls/pull/377) ([IMAI-Yuji](https://github.com/IMAI-Yuji))
+- Improve kanji character [\#351](https://github.com/future-architect/vuls/pull/351) ([hasegawa-tomoki](https://github.com/hasegawa-tomoki))
+- Add PULL\_REQUEST\_TEMPLATE.md [\#348](https://github.com/future-architect/vuls/pull/348) ([knqyf263](https://github.com/knqyf263))
+- Update README [\#347](https://github.com/future-architect/vuls/pull/347) ([knqyf263](https://github.com/knqyf263))
+- Fix test case [\#344](https://github.com/future-architect/vuls/pull/344) ([kotakanbe](https://github.com/kotakanbe))
+- Fix typo [\#343](https://github.com/future-architect/vuls/pull/343) ([knqyf263](https://github.com/knqyf263))
+- Rename Makefile to GNUmakefile \#313 [\#339](https://github.com/future-architect/vuls/pull/339) ([kotakanbe](https://github.com/kotakanbe))
+- Update README [\#338](https://github.com/future-architect/vuls/pull/338) ([kotakanbe](https://github.com/kotakanbe))
+- add error handling [\#332](https://github.com/future-architect/vuls/pull/332) ([kazuminn](https://github.com/kazuminn))
+- Update readme [\#308](https://github.com/future-architect/vuls/pull/308) ([lapthorn](https://github.com/lapthorn))
+- Update glide.lock to fix import error [\#306](https://github.com/future-architect/vuls/pull/306) ([knqyf263](https://github.com/knqyf263))
+- Check whether echo is executable with nopasswd [\#298](https://github.com/future-architect/vuls/pull/298) ([knqyf263](https://github.com/knqyf263))
+- Update docker README [\#297](https://github.com/future-architect/vuls/pull/297) ([knqyf263](https://github.com/knqyf263))
+- update readme [\#296](https://github.com/future-architect/vuls/pull/296) ([galigalikun](https://github.com/galigalikun))
+- remove unused import line. [\#358](https://github.com/future-architect/vuls/pull/358) ([ymomoi](https://github.com/ymomoi))
+
+## [v0.2.0](https://github.com/future-architect/vuls/tree/v0.2.0) (2017-01-10)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.7...v0.2.0)
+
+**Implemented enhancements:**
+
+- Add report subcommand, change scan options. \#239 [\#270](https://github.com/future-architect/vuls/pull/270) ([kotakanbe](https://github.com/kotakanbe))
+- Add --assume-yes to prepare \#260 [\#266](https://github.com/future-architect/vuls/pull/266) ([Code0x58](https://github.com/Code0x58))
+- Use RFC3339 timestamps in the results [\#265](https://github.com/future-architect/vuls/pull/265) ([Code0x58](https://github.com/Code0x58))
+
+**Fixed bugs:**
+
+- vuls prepare failed to centos7 [\#275](https://github.com/future-architect/vuls/issues/275)
+- Failed to scan on RHEL5 [\#94](https://github.com/future-architect/vuls/issues/94)
+- Fix container os detection [\#287](https://github.com/future-architect/vuls/pull/287) ([jiazio](https://github.com/jiazio))
+- Add date header to report mail. [\#283](https://github.com/future-architect/vuls/pull/283) ([ymomoi](https://github.com/ymomoi))
+- Add Content-Type header to report/mail.go . [\#280](https://github.com/future-architect/vuls/pull/280) ([hogehogehugahuga](https://github.com/hogehogehugahuga))
+- Keep output of "vuls scan -report-\*" to be same every times [\#272](https://github.com/future-architect/vuls/pull/272) ([yoheimuta](https://github.com/yoheimuta))
+- Fix JSON-dir regex pattern \#265 [\#271](https://github.com/future-architect/vuls/pull/271) ([kotakanbe](https://github.com/kotakanbe))
+- Stop quietly ignoring `--ssh-external` on Windows [\#263](https://github.com/future-architect/vuls/pull/263) ([Code0x58](https://github.com/Code0x58))
+- Fix non-interactive `apt-get install` \#251 [\#253](https://github.com/future-architect/vuls/pull/253) ([Code0x58](https://github.com/Code0x58))
+
+**Closed issues:**
+
+- gocui.NewGui now takes a parameter [\#261](https://github.com/future-architect/vuls/issues/261)
+- Add a `--yes` flag to bypass interactive prompt for `vuls prepare` [\#260](https://github.com/future-architect/vuls/issues/260)
+- `vuls prepare` doesn't work on Debian host due to apt-get confirmation prompt [\#251](https://github.com/future-architect/vuls/issues/251)
+
+**Merged pull requests:**
+
+- Fix gocui.NewGui after signature change \#261 [\#262](https://github.com/future-architect/vuls/pull/262) ([Code0x58](https://github.com/Code0x58))
+- Replace inconsistent tabs with spaces [\#254](https://github.com/future-architect/vuls/pull/254) ([Code0x58](https://github.com/Code0x58))
+- Fix README [\#249](https://github.com/future-architect/vuls/pull/249) ([usiusi360](https://github.com/usiusi360))
+
+## [v0.1.7](https://github.com/future-architect/vuls/tree/v0.1.7) (2016-11-08)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.6...v0.1.7)
+
+**Implemented enhancements:**
+
+- Enable to scan only docker container, without docker host [\#122](https://github.com/future-architect/vuls/issues/122)
+- Add -skip-broken option \[CentOS only\] \#245 [\#248](https://github.com/future-architect/vuls/pull/248) ([kotakanbe](https://github.com/kotakanbe))
+- Display unknown CVEs to TUI [\#244](https://github.com/future-architect/vuls/pull/244) ([kotakanbe](https://github.com/kotakanbe))
+- Add the XML output [\#240](https://github.com/future-architect/vuls/pull/240) ([gleentea](https://github.com/gleentea))
+- add '-ssh-external' option to prepare subcommand [\#234](https://github.com/future-architect/vuls/pull/234) ([mykstmhr](https://github.com/mykstmhr))
+- Integrate OWASP Dependency Check [\#232](https://github.com/future-architect/vuls/pull/232) ([kotakanbe](https://github.com/kotakanbe))
+- Add support for reading CVE data from MySQL. [\#225](https://github.com/future-architect/vuls/pull/225) ([oswell](https://github.com/oswell))
+- Remove base docker image, -v shows commit hash [\#223](https://github.com/future-architect/vuls/pull/223) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Support ignore CveIDs in config [\#222](https://github.com/future-architect/vuls/pull/222) ([kotakanbe](https://github.com/kotakanbe))
+- Confirm before installing dependencies on prepare [\#219](https://github.com/future-architect/vuls/pull/219) ([kotakanbe](https://github.com/kotakanbe))
+- Remove all.json [\#218](https://github.com/future-architect/vuls/pull/218) ([kotakanbe](https://github.com/kotakanbe))
+- Add GitHub issue template [\#217](https://github.com/future-architect/vuls/pull/217) ([kotakanbe](https://github.com/kotakanbe))
+- Improve makefile, -version shows git hash, fix README [\#216](https://github.com/future-architect/vuls/pull/216) ([kotakanbe](https://github.com/kotakanbe))
+- change e-mail package from gomail to net/smtp [\#211](https://github.com/future-architect/vuls/pull/211) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Add only-containers option to scan subcommand \#122 [\#190](https://github.com/future-architect/vuls/pull/190) ([kotakanbe](https://github.com/kotakanbe))
+- Fix -results-dir option of scan subcommand [\#185](https://github.com/future-architect/vuls/pull/185) ([kotakanbe](https://github.com/kotakanbe))
+- Show error when no scannable servers are detected. [\#177](https://github.com/future-architect/vuls/pull/177) ([kotakanbe](https://github.com/kotakanbe))
+- Add sudo check to prepare subcommand [\#176](https://github.com/future-architect/vuls/pull/176) ([kotakanbe](https://github.com/kotakanbe))
+- Supports yum --enablerepo option \(supports only base,updates for now\) [\#147](https://github.com/future-architect/vuls/pull/147) ([kotakanbe](https://github.com/kotakanbe))
+
+**Fixed bugs:**
+
+- Debian 8.6 \(jessie\) scan does not show vulnerable packages [\#235](https://github.com/future-architect/vuls/issues/235)
+- panic: runtime error: index out of range - ubuntu 16.04 + vuls history [\#180](https://github.com/future-architect/vuls/issues/180)
+- Moved golang.org/x/net/context to context [\#243](https://github.com/future-architect/vuls/pull/243) ([yoheimuta](https://github.com/yoheimuta))
+- Fix changelog cache bug on Ubuntu and Debian \#235 [\#238](https://github.com/future-architect/vuls/pull/238) ([kotakanbe](https://github.com/kotakanbe))
+- add '-ssh-external' option to prepare subcommand [\#234](https://github.com/future-architect/vuls/pull/234) ([mykstmhr](https://github.com/mykstmhr))
+- Fixed error for the latest version of gocui [\#231](https://github.com/future-architect/vuls/pull/231) ([ymd38](https://github.com/ymd38))
+- Handle the refactored gocui SetCurrentView method. [\#229](https://github.com/future-architect/vuls/pull/229) ([oswell](https://github.com/oswell))
+- Fix locale env var LANG to LANGUAGE [\#215](https://github.com/future-architect/vuls/pull/215) ([kotakanbe](https://github.com/kotakanbe))
+- Fixed bug with parsing update line on CentOS/RHEL [\#206](https://github.com/future-architect/vuls/pull/206) ([andyone](https://github.com/andyone))
+- Fix defer cache.DB.close [\#201](https://github.com/future-architect/vuls/pull/201) ([kotakanbe](https://github.com/kotakanbe))
+- Fix a help message of -report-azure-blob option [\#195](https://github.com/future-architect/vuls/pull/195) ([kotakanbe](https://github.com/kotakanbe))
+- Fix error handling in tui [\#193](https://github.com/future-architect/vuls/pull/193) ([kotakanbe](https://github.com/kotakanbe))
+- Fix not working changelog cache on Container [\#189](https://github.com/future-architect/vuls/pull/189) ([kotakanbe](https://github.com/kotakanbe))
+- Fix release version detection on FreeBSD [\#184](https://github.com/future-architect/vuls/pull/184) ([kotakanbe](https://github.com/kotakanbe))
+- Fix defer cahce.DB.close\(\) [\#183](https://github.com/future-architect/vuls/pull/183) ([kotakanbe](https://github.com/kotakanbe))
+- Fix a mode of files/dir \(report, log\) [\#182](https://github.com/future-architect/vuls/pull/182) ([kotakanbe](https://github.com/kotakanbe))
+- Fix a error when no json dirs are found under results \#180 [\#181](https://github.com/future-architect/vuls/pull/181) ([kotakanbe](https://github.com/kotakanbe))
+- ssh-external option of configtest is not working \#178 [\#179](https://github.com/future-architect/vuls/pull/179) ([kotakanbe](https://github.com/kotakanbe))
+
+**Closed issues:**
+
+- --enable-repos of yum option [\#246](https://github.com/future-architect/vuls/issues/246)
+- --skip-broken at yum option [\#245](https://github.com/future-architect/vuls/issues/245)
+- Recent changes to gobui cause build failures [\#228](https://github.com/future-architect/vuls/issues/228)
+- https://hub.docker.com/r/vuls/go-cve-dictionary/ is empty [\#208](https://github.com/future-architect/vuls/issues/208)
+- Not able to install gomail fails [\#202](https://github.com/future-architect/vuls/issues/202)
+- No results file created - vuls tui failed [\#199](https://github.com/future-architect/vuls/issues/199)
+- Wrong file permissions for results/\*.json in official Docker container [\#197](https://github.com/future-architect/vuls/issues/197)
+- Failed: Unknown OS Type [\#196](https://github.com/future-architect/vuls/issues/196)
+- Segmentation fault with configtest [\#192](https://github.com/future-architect/vuls/issues/192)
+- Failed to scan. err: No server defined. Check the configuration [\#187](https://github.com/future-architect/vuls/issues/187)
+- vuls configtest -ssh-external doesnt work [\#178](https://github.com/future-architect/vuls/issues/178)
+- apt-get update: time out [\#175](https://github.com/future-architect/vuls/issues/175)
+- scanning on Centos6, but vuls recognizes debian. [\#174](https://github.com/future-architect/vuls/issues/174)
+- Fix READMEja  \#164  [\#173](https://github.com/future-architect/vuls/issues/173)
+
+**Merged pull requests:**
+
+- Update README \#225 [\#242](https://github.com/future-architect/vuls/pull/242) ([kotakanbe](https://github.com/kotakanbe))
+- fix readme [\#241](https://github.com/future-architect/vuls/pull/241) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Fix README \#234 [\#237](https://github.com/future-architect/vuls/pull/237) ([kotakanbe](https://github.com/kotakanbe))
+- Update glide files [\#236](https://github.com/future-architect/vuls/pull/236) ([kotakanbe](https://github.com/kotakanbe))
+- fix README [\#226](https://github.com/future-architect/vuls/pull/226) ([usiusi360](https://github.com/usiusi360))
+- fix some misspelling. [\#221](https://github.com/future-architect/vuls/pull/221) ([ymomoi](https://github.com/ymomoi))
+- fix docker readme [\#214](https://github.com/future-architect/vuls/pull/214) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Fix ja document about typo [\#213](https://github.com/future-architect/vuls/pull/213) ([shokohara](https://github.com/shokohara))
+- fix readme [\#212](https://github.com/future-architect/vuls/pull/212) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- fix README [\#207](https://github.com/future-architect/vuls/pull/207) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- fix typo [\#204](https://github.com/future-architect/vuls/pull/204) ([usiusi360](https://github.com/usiusi360))
+- fix gitignore [\#191](https://github.com/future-architect/vuls/pull/191) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Update glide.lock [\#188](https://github.com/future-architect/vuls/pull/188) ([kotakanbe](https://github.com/kotakanbe))
+- Fix path in setup/docker/README [\#186](https://github.com/future-architect/vuls/pull/186) ([dladuke](https://github.com/dladuke))
+- Vuls and vulsrepo are now separated [\#163](https://github.com/future-architect/vuls/pull/163) ([hikachan](https://github.com/hikachan))
+
+## [v0.1.6](https://github.com/future-architect/vuls/tree/v0.1.6) (2016-09-12)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.5...v0.1.6)
+
+**Implemented enhancements:**
+
+- High speed scan on Ubuntu/Debian [\#172](https://github.com/future-architect/vuls/pull/172) ([kotakanbe](https://github.com/kotakanbe))
+- Support CWE\(Common Weakness Enumeration\) [\#169](https://github.com/future-architect/vuls/pull/169) ([kotakanbe](https://github.com/kotakanbe))
+- Enable to scan without sudo on amazon linux [\#167](https://github.com/future-architect/vuls/pull/167) ([kotakanbe](https://github.com/kotakanbe))
+- Remove deprecated options -use-unattended-upgrades,-use-yum-plugin-security [\#161](https://github.com/future-architect/vuls/pull/161) ([kotakanbe](https://github.com/kotakanbe))
+- delete sqlite3 [\#152](https://github.com/future-architect/vuls/pull/152) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+
+**Fixed bugs:**
+
+- Failed to setup vuls docker [\#170](https://github.com/future-architect/vuls/issues/170)
+- yum check-update error occurred when no reboot after kernel updating [\#165](https://github.com/future-architect/vuls/issues/165)
+- error thrown from 'docker build .' [\#157](https://github.com/future-architect/vuls/issues/157)
+- CVE-ID is truncated to 4 digits [\#153](https://github.com/future-architect/vuls/issues/153)
+- 'yum update --changelog' stalled in 'vuls scan'. if ssh user is not 'root'. [\#150](https://github.com/future-architect/vuls/issues/150)
+- Panic on packet scan [\#131](https://github.com/future-architect/vuls/issues/131)
+- Update glide.lock \#170 [\#171](https://github.com/future-architect/vuls/pull/171) ([kotakanbe](https://github.com/kotakanbe))
+- Fix detecting a platform on Azure [\#168](https://github.com/future-architect/vuls/pull/168) ([kotakanbe](https://github.com/kotakanbe))
+- Fix parse error for yum check-update \#165 [\#166](https://github.com/future-architect/vuls/pull/166) ([kotakanbe](https://github.com/kotakanbe))
+- Fix bug: Vuls on Docker [\#159](https://github.com/future-architect/vuls/pull/159) ([tjinjin](https://github.com/tjinjin))
+- Fix CVE-ID is truncated to 4 digits [\#155](https://github.com/future-architect/vuls/pull/155) ([usiusi360](https://github.com/usiusi360))
+- Fix yum update --changelog stalled when non-root ssh user on CentOS \#150 [\#151](https://github.com/future-architect/vuls/pull/151) ([kotakanbe](https://github.com/kotakanbe))
+
+**Closed issues:**
+
+- Support su for root privilege escalation [\#44](https://github.com/future-architect/vuls/issues/44)
+- Support FreeBSD [\#34](https://github.com/future-architect/vuls/issues/34)
+
+**Merged pull requests:**
+
+- Change scripts for data fetching from jvn [\#164](https://github.com/future-architect/vuls/pull/164) ([kotakanbe](https://github.com/kotakanbe))
+- Fix: setup vulsrepo [\#162](https://github.com/future-architect/vuls/pull/162) ([tjinjin](https://github.com/tjinjin))
+- Fix-docker-vulsrepo-install [\#160](https://github.com/future-architect/vuls/pull/160) ([usiusi360](https://github.com/usiusi360))
+- Reduce regular expression compilation [\#158](https://github.com/future-architect/vuls/pull/158) ([itchyny](https://github.com/itchyny))
+- Add testcases for \#153 [\#156](https://github.com/future-architect/vuls/pull/156) ([kotakanbe](https://github.com/kotakanbe))
+
+## [v0.1.5](https://github.com/future-architect/vuls/tree/v0.1.5) (2016-08-16)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.4...v0.1.5)
+
+**Implemented enhancements:**
+
+- Enable to scan without running go-cve-dictionary as server mode [\#84](https://github.com/future-architect/vuls/issues/84)
+- Support high-speed scanning for CentOS [\#138](https://github.com/future-architect/vuls/pull/138) ([tai-ga](https://github.com/tai-ga))
+- Add configtest subcommand. skip un-ssh-able servers. [\#134](https://github.com/future-architect/vuls/pull/134) ([kotakanbe](https://github.com/kotakanbe))
+- Support -report-azure-blob option [\#130](https://github.com/future-architect/vuls/pull/130) ([kotakanbe](https://github.com/kotakanbe))
+- Add optional key-values that will be outputted to JSON in config [\#117](https://github.com/future-architect/vuls/pull/117) ([kotakanbe](https://github.com/kotakanbe))
+- Change dir structure [\#115](https://github.com/future-architect/vuls/pull/115) ([kotakanbe](https://github.com/kotakanbe))
+- Add some validation of loading config. user, host and port [\#113](https://github.com/future-architect/vuls/pull/113) ([kotakanbe](https://github.com/kotakanbe))
+- Support scanning with external ssh command [\#101](https://github.com/future-architect/vuls/pull/101) ([kotakanbe](https://github.com/kotakanbe))
+- Detect Platform and get instance-id of amazon ec2 [\#95](https://github.com/future-architect/vuls/pull/95) ([kotakanbe](https://github.com/kotakanbe))
+- Add -report-s3 option [\#92](https://github.com/future-architect/vuls/pull/92) ([kotakanbe](https://github.com/kotakanbe))
+- Added FreeBSD support. [\#90](https://github.com/future-architect/vuls/pull/90) ([justyntemme](https://github.com/justyntemme))
+- Add glide files for vendoring [\#89](https://github.com/future-architect/vuls/pull/89) ([kotakanbe](https://github.com/kotakanbe))
+- Fix README, change -cvedbpath to -cve-dictionary-dbpath \#84 [\#85](https://github.com/future-architect/vuls/pull/85) ([kotakanbe](https://github.com/kotakanbe))
+- Add option for it get cve detail from cve.sqlite3. [\#81](https://github.com/future-architect/vuls/pull/81) ([ymd38](https://github.com/ymd38))
+- Add -report-text option, Fix small bug of report in japanese [\#78](https://github.com/future-architect/vuls/pull/78) ([kotakanbe](https://github.com/kotakanbe))
+- Add JSONWriter, Fix CVE sort order of report [\#77](https://github.com/future-architect/vuls/pull/77) ([kotakanbe](https://github.com/kotakanbe))
+
+**Fixed bugs:**
+
+- Docker: Panic [\#76](https://github.com/future-architect/vuls/issues/76)
+- Fix apt command to scan correctly when system locale is not english [\#149](https://github.com/future-architect/vuls/pull/149) ([kit494way](https://github.com/kit494way))
+- Disable -ask-sudo-password for security reasons [\#148](https://github.com/future-architect/vuls/pull/148) ([kotakanbe](https://github.com/kotakanbe))
+- Fix no tty error while executing with -external-ssh option [\#143](https://github.com/future-architect/vuls/pull/143) ([kotakanbe](https://github.com/kotakanbe))
+- wrong log packages [\#141](https://github.com/future-architect/vuls/pull/141) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Fix platform detection. [\#137](https://github.com/future-architect/vuls/pull/137) ([Rompei](https://github.com/Rompei))
+- Fix nil pointer when scan with -cve-dictionary-dbpath and cpeNames [\#111](https://github.com/future-architect/vuls/pull/111) ([kotakanbe](https://github.com/kotakanbe))
+- Remove vulndb file before pkg audit [\#110](https://github.com/future-architect/vuls/pull/110) ([kotakanbe](https://github.com/kotakanbe))
+- Add error handling when unable to connect via ssh. status code: 255 [\#108](https://github.com/future-architect/vuls/pull/108) ([kotakanbe](https://github.com/kotakanbe))
+- Enable to detect vulnerabilities on FreeBSD [\#98](https://github.com/future-architect/vuls/pull/98) ([kotakanbe](https://github.com/kotakanbe))
+- Fix unknown format err while check-update on RHEL6.5 [\#93](https://github.com/future-architect/vuls/pull/93) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Fix type of SMTP Port of discovery command's output [\#88](https://github.com/future-architect/vuls/pull/88) ([kotakanbe](https://github.com/kotakanbe))
+- Fix error msg when go-cve-dictionary is unavailable \#84 [\#86](https://github.com/future-architect/vuls/pull/86) ([kotakanbe](https://github.com/kotakanbe))
+- Fix error handling to avoid nil pointer err on debian [\#83](https://github.com/future-architect/vuls/pull/83) ([kotakanbe](https://github.com/kotakanbe))
+- Fix nil pointer while doing apt-cache policy on ubuntu \#76 [\#82](https://github.com/future-architect/vuls/pull/82) ([kotakanbe](https://github.com/kotakanbe))
+- fix log import url [\#79](https://github.com/future-architect/vuls/pull/79) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Fix error handling of gorequest [\#75](https://github.com/future-architect/vuls/pull/75) ([kotakanbe](https://github.com/kotakanbe))
+- Fix freezing forever when no args specified in TUI mode [\#73](https://github.com/future-architect/vuls/pull/73) ([kotakanbe](https://github.com/kotakanbe))
+- mv version.go version/version.go to run main.go without compile [\#71](https://github.com/future-architect/vuls/pull/71) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+
+**Closed issues:**
+
+- SSh password authentication failed on FreeBSD [\#99](https://github.com/future-architect/vuls/issues/99)
+- BUG: -o pipefail is not work on FreeBSD's /bin/sh. because it isn't bash [\#91](https://github.com/future-architect/vuls/issues/91)
+- Use ~/.ssh/config [\#62](https://github.com/future-architect/vuls/issues/62)
+- SSH ciphers [\#37](https://github.com/future-architect/vuls/issues/37)
+
+**Merged pull requests:**
+
+- Update README \#138 [\#144](https://github.com/future-architect/vuls/pull/144) ([kotakanbe](https://github.com/kotakanbe))
+- Fix a typo [\#142](https://github.com/future-architect/vuls/pull/142) ([dtan4](https://github.com/dtan4))
+- Remove unnecessary step in readme of docker setup [\#140](https://github.com/future-architect/vuls/pull/140) ([mikkame](https://github.com/mikkame))
+- Update logo [\#139](https://github.com/future-architect/vuls/pull/139) ([chanomaru](https://github.com/chanomaru))
+- Update README.ja.md to fix wrong tips. [\#135](https://github.com/future-architect/vuls/pull/135) ([a2atsu](https://github.com/a2atsu))
+- add tips about NVD JVN issue [\#133](https://github.com/future-architect/vuls/pull/133) ([a2atsu](https://github.com/a2atsu))
+- Fix README wrong links [\#129](https://github.com/future-architect/vuls/pull/129) ([aomoriringo](https://github.com/aomoriringo))
+- Add logo [\#126](https://github.com/future-architect/vuls/pull/126) ([chanomaru](https://github.com/chanomaru))
+- Improve setup/docker [\#125](https://github.com/future-architect/vuls/pull/125) ([kotakanbe](https://github.com/kotakanbe))
+- Fix scan command help [\#124](https://github.com/future-architect/vuls/pull/124) ([aomoriringo](https://github.com/aomoriringo))
+- added dockernized-vuls with vulsrepo [\#121](https://github.com/future-architect/vuls/pull/121) ([hikachan](https://github.com/hikachan))
+- Fix detect platform on azure and degital ocean [\#119](https://github.com/future-architect/vuls/pull/119) ([kotakanbe](https://github.com/kotakanbe))
+- Remove json marshall-indent [\#118](https://github.com/future-architect/vuls/pull/118) ([kotakanbe](https://github.com/kotakanbe))
+- Improve Readme.ja [\#116](https://github.com/future-architect/vuls/pull/116) ([kotakanbe](https://github.com/kotakanbe))
+- Add architecture diag to README.md [\#114](https://github.com/future-architect/vuls/pull/114) ([kotakanbe](https://github.com/kotakanbe))
+- Rename linux.go to base.go [\#100](https://github.com/future-architect/vuls/pull/100) ([kotakanbe](https://github.com/kotakanbe))
+- Update README.md [\#74](https://github.com/future-architect/vuls/pull/74) ([yoshi-taka](https://github.com/yoshi-taka))
+- Refactoring debian.go [\#72](https://github.com/future-architect/vuls/pull/72) ([kotakanbe](https://github.com/kotakanbe))
+
+## [v0.1.4](https://github.com/future-architect/vuls/tree/v0.1.4) (2016-05-24)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.3...v0.1.4)
+
+**Implemented enhancements:**
+
+- Initial fetch from NVD is too heavy \(2.3 GB of memory consumed\) [\#27](https://github.com/future-architect/vuls/issues/27)
+- Enable to show previous scan result [\#69](https://github.com/future-architect/vuls/pull/69) ([kotakanbe](https://github.com/kotakanbe))
+- Add ignore-unscored-cves option [\#68](https://github.com/future-architect/vuls/pull/68) ([kotakanbe](https://github.com/kotakanbe))
+- Support dynamic scanning docker container [\#67](https://github.com/future-architect/vuls/pull/67) ([kotakanbe](https://github.com/kotakanbe))
+- Add version flag [\#65](https://github.com/future-architect/vuls/pull/65) ([kotakanbe](https://github.com/kotakanbe))
+- Update Dockerfile [\#57](https://github.com/future-architect/vuls/pull/57) ([theonlydoo](https://github.com/theonlydoo))
+- Update run.sh [\#56](https://github.com/future-architect/vuls/pull/56) ([theonlydoo](https://github.com/theonlydoo))
+- Support Windows [\#33](https://github.com/future-architect/vuls/pull/33) ([mattn](https://github.com/mattn))
+
+**Fixed bugs:**
+
+- vuls scan -cvss-over does not work. [\#59](https://github.com/future-architect/vuls/issues/59)
+- `panic: runtime error: invalid memory address or nil pointer dereference` when scan CentOS5.5 [\#58](https://github.com/future-architect/vuls/issues/58)
+-  It rans out of memory. [\#47](https://github.com/future-architect/vuls/issues/47)
+- BUG: vuls scan on CentOS with Japanese environment. [\#43](https://github.com/future-architect/vuls/issues/43)
+- yum --color=never [\#36](https://github.com/future-architect/vuls/issues/36)
+- Failed to parse yum check-update [\#32](https://github.com/future-architect/vuls/issues/32)
+- Pointless sudo [\#29](https://github.com/future-architect/vuls/issues/29)
+- Can't init database in a path having blanks [\#26](https://github.com/future-architect/vuls/issues/26)
+- Fix pointless sudo in debian.go \#29 [\#66](https://github.com/future-architect/vuls/pull/66) ([kotakanbe](https://github.com/kotakanbe))
+- Fix error handling of httpGet in cve-client \#58 [\#64](https://github.com/future-architect/vuls/pull/64) ([kotakanbe](https://github.com/kotakanbe))
+- Fix nil pointer at error handling of cve\_client \#58 [\#63](https://github.com/future-architect/vuls/pull/63) ([kotakanbe](https://github.com/kotakanbe))
+- Set language en\_US. [\#61](https://github.com/future-architect/vuls/pull/61) ([pabroff](https://github.com/pabroff))
+- Fix -cvss-over flag \#59 [\#60](https://github.com/future-architect/vuls/pull/60) ([kotakanbe](https://github.com/kotakanbe))
+- Fix scan on Japanese environment. [\#55](https://github.com/future-architect/vuls/pull/55) ([pabroff](https://github.com/pabroff))
+- Fix a typo: replace Depricated by Deprecated. [\#54](https://github.com/future-architect/vuls/pull/54) ([jody-frankowski](https://github.com/jody-frankowski))
+- Fix yes no infinite loop while doing yum update --changelog on root@CentOS \#47 [\#50](https://github.com/future-architect/vuls/pull/50) ([pabroff](https://github.com/pabroff))
+- Fix $servername in output of discover command [\#45](https://github.com/future-architect/vuls/pull/45) ([kotakanbe](https://github.com/kotakanbe))
+
+## [v0.1.3](https://github.com/future-architect/vuls/tree/v0.1.3) (2016-04-21)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.2...v0.1.3)
+
+**Implemented enhancements:**
+
+- Add sudo support for prepare [\#11](https://github.com/future-architect/vuls/issues/11)
+- Dockerfile? [\#10](https://github.com/future-architect/vuls/issues/10)
+- Update README [\#41](https://github.com/future-architect/vuls/pull/41) ([theonlydoo](https://github.com/theonlydoo))
+- Sparse dockerization [\#38](https://github.com/future-architect/vuls/pull/38) ([theonlydoo](https://github.com/theonlydoo))
+- No password in config [\#35](https://github.com/future-architect/vuls/pull/35) ([kotakanbe](https://github.com/kotakanbe))
+- Fr readme translation [\#23](https://github.com/future-architect/vuls/pull/23) ([novakin](https://github.com/novakin))
+
+**Fixed bugs:**
+
+- Issues updating CVE database behind https proxy [\#39](https://github.com/future-architect/vuls/issues/39)
+- Vuls failed to parse yum check-update [\#24](https://github.com/future-architect/vuls/issues/24)
+- Fix yum to yum --color=never \#36 [\#42](https://github.com/future-architect/vuls/pull/42) ([kotakanbe](https://github.com/kotakanbe))
+- Fix parse yum check update [\#40](https://github.com/future-architect/vuls/pull/40) ([kotakanbe](https://github.com/kotakanbe))
+- fix typo [\#31](https://github.com/future-architect/vuls/pull/31) ([blue119](https://github.com/blue119))
+- Fix error while parsing yum check-update \#24 [\#30](https://github.com/future-architect/vuls/pull/30) ([kotakanbe](https://github.com/kotakanbe))
+
+**Closed issues:**
+
+- Unable to scan on ubuntu because changelog.ubuntu.com is down... [\#21](https://github.com/future-architect/vuls/issues/21)
+- err: Not initialize\(d\) yet.. [\#16](https://github.com/future-architect/vuls/issues/16)
+- Errors when using fish shell [\#8](https://github.com/future-architect/vuls/issues/8)
+
+## [v0.1.2](https://github.com/future-architect/vuls/tree/v0.1.2) (2016-04-12)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.1...v0.1.2)
+
+**Fixed bugs:**
+
+- Maximum 6 nodes available to scan [\#12](https://github.com/future-architect/vuls/issues/12)
+- panic: runtime error: index out of range [\#5](https://github.com/future-architect/vuls/issues/5)
+- Fix sudo option on RedHat like Linux and change some messages. [\#20](https://github.com/future-architect/vuls/pull/20) ([kotakanbe](https://github.com/kotakanbe))
+- Typo fix and updated readme [\#19](https://github.com/future-architect/vuls/pull/19) ([EuanKerr](https://github.com/EuanKerr))
+- remove a period at the end of error messages. [\#18](https://github.com/future-architect/vuls/pull/18) ([kotakanbe](https://github.com/kotakanbe))
+- fix error while yum updateinfo --security update on rhel@aws [\#17](https://github.com/future-architect/vuls/pull/17) ([kotakanbe](https://github.com/kotakanbe))
+- Fixed typos [\#15](https://github.com/future-architect/vuls/pull/15) ([radarhere](https://github.com/radarhere))
+- Typo fix in error messages [\#14](https://github.com/future-architect/vuls/pull/14) ([Bregor](https://github.com/Bregor))
+- Fix index out of range error when the number of servers is over 6. \#12 [\#13](https://github.com/future-architect/vuls/pull/13) ([kotakanbe](https://github.com/kotakanbe))
+- Revise small grammar mistakes in serverapi.go [\#9](https://github.com/future-architect/vuls/pull/9) ([cpobrien](https://github.com/cpobrien))
+- Fix error handling in HTTP backoff function [\#7](https://github.com/future-architect/vuls/pull/7) ([kotakanbe](https://github.com/kotakanbe))
+
+## [v0.1.1](https://github.com/future-architect/vuls/tree/v0.1.1) (2016-04-06)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.0...v0.1.1)
+
+**Fixed bugs:**
+
+- Typo in Exapmle [\#6](https://github.com/future-architect/vuls/pull/6) ([toli](https://github.com/toli))
+
+## [v0.1.0](https://github.com/future-architect/vuls/tree/v0.1.0) (2016-04-04)
+**Merged pull requests:**
+
+- English translation [\#4](https://github.com/future-architect/vuls/pull/4) ([hikachan](https://github.com/hikachan))
+- English translation [\#3](https://github.com/future-architect/vuls/pull/3) ([chewyinping](https://github.com/chewyinping))
+- Add a Bitdeli Badge to README [\#2](https://github.com/future-architect/vuls/pull/2) ([bitdeli-chef](https://github.com/bitdeli-chef))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
--- a/33
+++ b/33
@@ -0,0 +1,33 @@
+FROM golang:alpine as builder
+
+RUN apk add --no-cache \
+        git \
+        make \
+        gcc \
+        musl-dev
+
+ENV REPOSITORY github.com/future-architect/vuls
+COPY . $GOPATH/src/$REPOSITORY
+RUN cd $GOPATH/src/$REPOSITORY && make install
+
+
+FROM alpine:3.7
+
+MAINTAINER hikachan sadayuki-matsuno
+
+ENV LOGDIR /var/log/vuls
+ENV WORKDIR /vuls
+
+RUN apk add --no-cache \
+        openssh-client \
+        ca-certificates \
+    && mkdir -p $WORKDIR $LOGDIR
+
+COPY --from=builder /go/bin/vuls /usr/local/bin/
+
+VOLUME [$WORKDIR, $LOGDIR]
+WORKDIR $WORKDIR
+ENV PWD $WORKDIR
+
+ENTRYPOINT ["vuls"]
+CMD ["--help"]
--- a/73
+++ b/73
@@ -0,0 +1,73 @@
+.PHONY: \
+	dep \
+	depup \
+	build \
+	install \
+	all \
+	vendor \
+	lint \
+	vet \
+	fmt \
+	fmtcheck \
+	pretest \
+	test \
+	cov \
+	clean
+
+SRCS = $(shell git ls-files '*.go')
+PKGS = $(shell go list ./...)
+VERSION := $(shell git describe --tags --abbrev=0)
+REVISION := $(shell git rev-parse --short HEAD)
+LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' \
+	-X 'github.com/future-architect/vuls/config.Revision=$(REVISION)'
+
+all: dep build
+
+dep:
+	go get -u github.com/golang/dep/...
+	dep ensure -v
+
+depup:
+	go get -u github.com/golang/dep/...
+	dep ensure -update -v
+
+build: main.go dep pretest
+	go build -ldflags "$(LDFLAGS)" -o vuls $<
+
+install: main.go dep pretest
+	go install -ldflags "$(LDFLAGS)"
+
+
+lint:
+	@ go get -v golang.org/x/lint/golint
+	golint $(PKGS)
+
+vet:
+	#  @-go get -v golang.org/x/tools/cmd/vet
+	go vet ./... || exit;
+
+fmt:
+	gofmt -s -w $(SRCS)
+
+mlint:
+	$(foreach file,$(SRCS),gometalinter $(file) || exit;)
+
+fmtcheck:
+	$(foreach file,$(SRCS),gofmt -s -d $(file);)
+
+pretest: lint vet fmtcheck
+
+test: 
+	echo $(PKGS) | xargs go test -cover -v || exit;
+
+unused:
+	$(foreach pkg,$(PKGS),unused $(pkg);)
+
+cov:
+	@ go get -v github.com/axw/gocov/gocov
+	@ go get golang.org/x/tools/cmd/cover
+	gocov test | gocov report
+
+clean:
+	echo $(PKGS) | xargs go clean || exit;
+
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -0,0 +1,965 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  digest = "1:b92928b73320648b38c93cacb9082c0fe3f8ac3383ad9bd537eef62c380e0e7a"
+  name = "contrib.go.opencensus.io/exporter/ocagent"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "00af367e65149ff1f2f4b93bbfbb84fd9297170d"
+  version = "v0.2.0"
+
+[[projects]]
+  digest = "1:386f6cd33248f04fc465df500e66d21892f0712e26c60d25b7ce3c678abaf2c0"
+  name = "github.com/Azure/azure-sdk-for-go"
+  packages = [
+    "storage",
+    "version",
+  ]
+  pruneopts = "UT"
+  revision = "9699bdefa481d47c5c7638a1cc05d87ce53601fd"
+  version = "v22.2.2"
+
+[[projects]]
+  digest = "1:6b4743cf9d77747c1a772673333f8d6dfbfa93ffac858faae1333ffb7f0dfc4b"
+  name = "github.com/Azure/go-autorest"
+  packages = [
+    "autorest",
+    "autorest/adal",
+    "autorest/azure",
+    "autorest/date",
+    "logger",
+    "tracing",
+    "version",
+  ]
+  pruneopts = "UT"
+  revision = "528b76fd0ebec0682f3e3da7c808cd472b999615"
+  version = "v11.2.7"
+
+[[projects]]
+  digest = "1:9f3b30d9f8e0d7040f729b82dcbc8f0dead820a133b3147ce355fc451f32d761"
+  name = "github.com/BurntSushi/toml"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005"
+  version = "v0.3.1"
+
+[[projects]]
+  branch = "master"
+  digest = "1:bb6c15391e666c4f44bdc604772301b93102233ed687be6df6d1c2abbde4f15c"
+  name = "github.com/RackSec/srslog"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "a4725f04ec91af1a91b380da679d6e0c2f061e59"
+
+[[projects]]
+  digest = "1:320e7ead93de9fd2b0e59b50fd92a4d50c1f8ab455d96bc2eb083267453a9709"
+  name = "github.com/asaskevich/govalidator"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ccb8e960c48f04d6935e72476ae4a51028f9e22f"
+  version = "v9"
+
+[[projects]]
+  digest = "1:176bfeb168867283ee97848f5e2cf9a0b6c9f395ea8c6d547907dfba845e0249"
+  name = "github.com/aws/aws-sdk-go"
+  packages = [
+    "aws",
+    "aws/awserr",
+    "aws/awsutil",
+    "aws/client",
+    "aws/client/metadata",
+    "aws/corehandlers",
+    "aws/credentials",
+    "aws/credentials/ec2rolecreds",
+    "aws/credentials/endpointcreds",
+    "aws/credentials/stscreds",
+    "aws/csm",
+    "aws/defaults",
+    "aws/ec2metadata",
+    "aws/endpoints",
+    "aws/request",
+    "aws/session",
+    "aws/signer/v4",
+    "internal/ini",
+    "internal/s3err",
+    "internal/sdkio",
+    "internal/sdkrand",
+    "internal/sdkuri",
+    "internal/shareddefaults",
+    "private/protocol",
+    "private/protocol/eventstream",
+    "private/protocol/eventstream/eventstreamapi",
+    "private/protocol/query",
+    "private/protocol/query/queryutil",
+    "private/protocol/rest",
+    "private/protocol/restxml",
+    "private/protocol/xml/xmlutil",
+    "service/s3",
+    "service/sts",
+  ]
+  pruneopts = "UT"
+  revision = "64fc3d5c40fffc817c1cc1c1d89a6e482bf1120d"
+  version = "v1.15.77"
+
+[[projects]]
+  digest = "1:0f98f59e9a2f4070d66f0c9c39561f68fcd1dc837b22a852d28d0003aebd1b1e"
+  name = "github.com/boltdb/bolt"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "2f1ce7a837dcb8da3ec595b1dac9d0632f0f99e8"
+  version = "v1.3.1"
+
+[[projects]]
+  digest = "1:2209584c0f7c9b68c23374e659357ab546e1b70eec2761f03280f69a8fd23d77"
+  name = "github.com/cenkalti/backoff"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e"
+  version = "v2.0.0"
+
+[[projects]]
+  digest = "1:65b0d980b428a6ad4425f2df4cd5410edd81f044cf527bd1c345368444649e58"
+  name = "github.com/census-instrumentation/opencensus-proto"
+  packages = [
+    "gen-go/agent/common/v1",
+    "gen-go/agent/trace/v1",
+    "gen-go/resource/v1",
+    "gen-go/trace/v1",
+  ]
+  pruneopts = "UT"
+  revision = "7f2434bc10da710debe5c4315ed6d4df454b4024"
+  version = "v0.1.0"
+
+[[projects]]
+  digest = "1:e04c00d619875ce5fa67180891984a9b1fadcc031af36bcd7a3509cbdad1df15"
+  name = "github.com/cheggaaa/pb"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c112833d014c77e8bde723fd0158e3156951639f"
+  version = "v2.0.6"
+
+[[projects]]
+  digest = "1:76dc72490af7174349349838f2fe118996381b31ea83243812a97e5a0fd5ed55"
+  name = "github.com/dgrijalva/jwt-go"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e"
+  version = "v3.2.0"
+
+[[projects]]
+  digest = "1:865079840386857c809b72ce300be7580cb50d3d3129ce11bf9aa6ca2bc1934a"
+  name = "github.com/fatih/color"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"
+  version = "v1.7.0"
+
+[[projects]]
+  digest = "1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd"
+  name = "github.com/fsnotify/fsnotify"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9"
+  version = "v1.4.7"
+
+[[projects]]
+  digest = "1:34a9a60fade37f8009ed4a19e02924198aba3eabfcc120ee5c6002b7de17212d"
+  name = "github.com/go-redis/redis"
+  packages = [
+    ".",
+    "internal",
+    "internal/consistenthash",
+    "internal/hashtag",
+    "internal/pool",
+    "internal/proto",
+    "internal/singleflight",
+    "internal/util",
+  ]
+  pruneopts = "UT"
+  revision = "b3d9bf10f6666b2ee5100a6f3f84f4caf3b4e37d"
+  version = "v6.14.2"
+
+[[projects]]
+  digest = "1:ec6f9bf5e274c833c911923c9193867f3f18788c461f76f05f62bb1510e0ae65"
+  name = "github.com/go-sql-driver/mysql"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "72cd26f257d44c1114970e19afddcd812016007e"
+  version = "v1.4.1"
+
+[[projects]]
+  digest = "1:586ea76dbd0374d6fb649a91d70d652b7fe0ccffb8910a77468e7702e7901f3d"
+  name = "github.com/go-stack/stack"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "2fee6af1a9795aafbe0253a0cfbdf668e1fb8a9a"
+  version = "v1.8.0"
+
+[[projects]]
+  digest = "1:8f0705fa33e8957018611cc81c65cb373b626c092d39931bb86882489fc4c3f4"
+  name = "github.com/golang/protobuf"
+  packages = [
+    "proto",
+    "ptypes",
+    "ptypes/any",
+    "ptypes/duration",
+    "ptypes/timestamp",
+    "ptypes/wrappers",
+  ]
+  pruneopts = "UT"
+  revision = "aa810b61a9c79d51363740d207bb46cf8e620ed5"
+  version = "v1.2.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:df265b7f54410945dad5cf5979d91461b9fa7ff9b397ab58d2d577002a8a0e24"
+  name = "github.com/google/subcommands"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "46f0354f63152e8801bb460d26f5b6c4c878efbb"
+
+[[projects]]
+  digest = "1:7b5c6e2eeaa9ae5907c391a91c132abfd5c9e8a784a341b5625e750c67e6825d"
+  name = "github.com/gorilla/websocket"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "66b9c49e59c6c48f0ffce28c2d8b8a5678502c6d"
+  version = "v1.4.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:4e08dc2383a46b3107f0b34ca338c4459e8fc8ee90e46a60e728aa8a2b21d558"
+  name = "github.com/gosuri/uitable"
+  packages = [
+    ".",
+    "util/strutil",
+    "util/wordwrap",
+  ]
+  pruneopts = "UT"
+  revision = "36ee7e946282a3fb1cfecd476ddc9b35d8847e42"
+
+[[projects]]
+  branch = "master"
+  digest = "1:8dbe76014be3c83806abc61befcb5e1789d2d872bc8f98a8fb955405550c63be"
+  name = "github.com/grokify/html-strip-tags-go"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "e9e44961e26f513866063f54bf85070db95600f7"
+
+[[projects]]
+  digest = "1:77395dd3847dac9c45118c668f5dab85aedf0163dc3b38aea6578c5cf0d502f9"
+  name = "github.com/hashicorp/go-version"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "b5a281d3160aa11950a6182bd9a9dc2cb1e02d50"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10"
+  name = "github.com/hashicorp/hcl"
+  packages = [
+    ".",
+    "hcl/ast",
+    "hcl/parser",
+    "hcl/printer",
+    "hcl/scanner",
+    "hcl/strconv",
+    "hcl/token",
+    "json/parser",
+    "json/scanner",
+    "json/token",
+  ]
+  pruneopts = "UT"
+  revision = "8cb6e5b959231cc1119e43259c4a608f9c51a241"
+  version = "v1.0.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0f8b63af5601a93b6b6a63a420c857819e98a252369262d8faf66f3566ba294e"
+  name = "github.com/hashicorp/uuid"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ebb0a03e909c9c642a36d2527729104324c44fdb"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0778dc7fce1b4669a8bfa7ae506ec1f595b6ab0f8989c1c0d22a8ca1144e9972"
+  name = "github.com/howeyc/gopass"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
+
+[[projects]]
+  digest = "1:e96640e5b9ce93e2d7ee18f48048483080fd23e72e3c38bc17e9c8b77062031a"
+  name = "github.com/inconshreveable/log15"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "67afb5ed74ec82fd7ac8f49d27c509ac6f991970"
+  version = "v2.14"
+
+[[projects]]
+  digest = "1:8fe19266ce82209076d4a81007ff93f40dd349faca4a917aea59d33956bbd4fd"
+  name = "github.com/jinzhu/gorm"
+  packages = [
+    ".",
+    "dialects/mysql",
+    "dialects/postgres",
+    "dialects/sqlite",
+  ]
+  pruneopts = "UT"
+  revision = "6ed508ec6a4ecb3531899a69cbc746ccf65a4166"
+  version = "v1.9.1"
+
+[[projects]]
+  branch = "master"
+  digest = "1:fd97437fbb6b7dce04132cf06775bd258cce305c44add58eb55ca86c6c325160"
+  name = "github.com/jinzhu/inflection"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "04140366298a54a039076d798123ffa108fff46c"
+
+[[projects]]
+  digest = "1:e22af8c7518e1eab6f2eab2b7d7558927f816262586cd6ed9f349c97a6c285c4"
+  name = "github.com/jmespath/go-jmespath"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "0b12d6b5"
+
+[[projects]]
+  digest = "1:114ecad51af93a73ae6781fd0d0bc28e52b433c852b84ab4b4c109c15e6c6b6d"
+  name = "github.com/jroimartin/gocui"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c055c87ae801372cd74a0839b972db4f7697ae5f"
+  version = "v0.4.0"
+
+[[projects]]
+  digest = "1:16dd6b893b78a50564cdde1d9f7ea67224dece11bb0886bd882f1dc3dc1d440d"
+  name = "github.com/k0kubun/pp"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "027a6d1765d673d337e687394dbe780dd64e2a1e"
+  version = "v2.3.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:bdf08c9b41c029c60ba5dc99443a3ce74eedad842cf2adf9c255513f432422e2"
+  name = "github.com/knqyf263/go-cpe"
+  packages = [
+    "common",
+    "matching",
+    "naming",
+  ]
+  pruneopts = "UT"
+  revision = "659663f6eca2ff32258e282557e7808115ea498a"
+
+[[projects]]
+  branch = "master"
+  digest = "1:a9955a589c7f6f28bd5a5f69da3f1e2cc857c23c7605c5fa7b605f065ba8f3fe"
+  name = "github.com/knqyf263/go-deb-version"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "9865fe14d09b1c729188ac810466dde90f897ee3"
+
+[[projects]]
+  branch = "master"
+  digest = "1:5734c5362ef66c39ddf1b4a11dfe75fa3c1adb70e78059543c83c0c6e89f2bc0"
+  name = "github.com/knqyf263/go-rpm-version"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "74609b86c936dff800c69ec89fcf4bc52d5f13a4"
+
+[[projects]]
+  branch = "master"
+  digest = "1:784bbde718d6f806578d929df8ad88a24817ca4fea5ce498165f46ff238d0deb"
+  name = "github.com/knqyf263/gost"
+  packages = [
+    "config",
+    "db",
+    "models",
+    "util",
+  ]
+  pruneopts = "UT"
+  revision = "920046ad61b30ed1d554140c85daaa9e3ed2ca9e"
+
+[[projects]]
+  digest = "1:0a69a1c0db3591fcefb47f115b224592c8dfa4368b7ba9fae509d5e16cdc95c8"
+  name = "github.com/konsorten/go-windows-terminal-sequences"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242"
+  version = "v1.0.1"
+
+[[projects]]
+  branch = "master"
+  digest = "1:cdd699c1d929e96f96846789e99d5f019c15f714102a1bb108575d36789d577b"
+  name = "github.com/kotakanbe/go-cve-dictionary"
+  packages = [
+    "config",
+    "db",
+    "log",
+    "models",
+  ]
+  pruneopts = "UT"
+  revision = "9549cd396c408c11f7d5cb6e4286dc8e7d9c6419"
+
+[[projects]]
+  digest = "1:54d3c90db1164399906830313a6fce7770917d7e4a12da8f2d8693d18ff5ef27"
+  name = "github.com/kotakanbe/go-pingscanner"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "641dc2cc2d3cbf295dad356667b74c69bcbd6f70"
+  version = "v0.1.0"
+
+[[projects]]
+  digest = "1:564a03e039dfed4121709e3d76c05c08a9d4291335ca682b5065ae46285a688a"
+  name = "github.com/kotakanbe/goval-dictionary"
+  packages = [
+    "config",
+    "db",
+    "db/rdb",
+    "models",
+  ]
+  pruneopts = "UT"
+  revision = "818624daf2658cc177ea93100ff20c5caed064b6"
+  version = "v0.1.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0daead102d7ca3af110dfb832e8c14393f197d94e5ffe3f0639f10ea2cc55530"
+  name = "github.com/kotakanbe/logrus-prefixed-formatter"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "928f7356cb964637e2489a6ef37eee55181676c5"
+
+[[projects]]
+  digest = "1:01eb0269028d3c2e21b5b6cd9b1ba81bc4170ab293fcffa84e3aa3a6138a92e8"
+  name = "github.com/labstack/gommon"
+  packages = [
+    "color",
+    "log",
+  ]
+  pruneopts = "UT"
+  revision = "7fd9f68ece0bcb1a905fac8f1549f0083f71c51b"
+  version = "v0.2.8"
+
+[[projects]]
+  digest = "1:b18ffc558326ebaed3b4a175617f1e12ed4e3f53d6ebfe5ba372a3de16d22278"
+  name = "github.com/lib/pq"
+  packages = [
+    ".",
+    "hstore",
+    "oid",
+  ]
+  pruneopts = "UT"
+  revision = "4ded0e9383f75c197b3a2aaa6d590ac52df6fd79"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:c568d7727aa262c32bdf8a3f7db83614f7af0ed661474b24588de635c20024c7"
+  name = "github.com/magiconair/properties"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c2353362d570a7bfa228149c62842019201cfb71"
+  version = "v1.8.0"
+
+[[projects]]
+  digest = "1:4e878df5f4e9fd625bf9c9aac77ef7cbfa4a74c01265505527c23470c0e40300"
+  name = "github.com/marstr/guid"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "8bd9a64bf37eb297b492a4101fb28e80ac0b290f"
+  version = "v1.1.0"
+
+[[projects]]
+  digest = "1:c658e84ad3916da105a761660dcaeb01e63416c8ec7bc62256a9b411a05fcd67"
+  name = "github.com/mattn/go-colorable"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
+  version = "v0.0.9"
+
+[[projects]]
+  digest = "1:0981502f9816113c9c8c4ac301583841855c8cf4da8c72f696b3ebedf6d0e4e5"
+  name = "github.com/mattn/go-isatty"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"
+  version = "v0.0.4"
+
+[[projects]]
+  digest = "1:cdb899c199f907ac9fb50495ec71212c95cb5b0e0a8ee0800da0238036091033"
+  name = "github.com/mattn/go-runewidth"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ce7b0b5c7b45a81508558cd1dba6bb1e4ddb51bb"
+  version = "v0.0.3"
+
+[[projects]]
+  digest = "1:4a49346ca45376a2bba679ca0e83bec949d780d4e927931317904bad482943ec"
+  name = "github.com/mattn/go-sqlite3"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c7c4067b79cc51e6dfdcef5c702e74b1e0fa7c75"
+  version = "v1.10.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:2b32af4d2a529083275afc192d1067d8126b578c7a9613b26600e4df9c735155"
+  name = "github.com/mgutz/ansi"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "9520e82c474b0a04dd04f8a40959027271bab992"
+
+[[projects]]
+  digest = "1:78bbb1ba5b7c3f2ed0ea1eab57bdd3859aec7e177811563edc41198a760b06af"
+  name = "github.com/mitchellh/go-homedir"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ae18d6b8b3205b561c79e8e5f69bff09736185f4"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318"
+  name = "github.com/mitchellh/mapstructure"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "3536a929edddb9a5b34bd6861dc4a9647cb459fe"
+  version = "v1.1.2"
+
+[[projects]]
+  digest = "1:7aefb397a53fc437c90f0fdb3e1419c751c5a3a165ced52325d5d797edf1aca6"
+  name = "github.com/moul/http2curl"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "9ac6cf4d929b2fa8fd2d2e6dec5bb0feb4f4911d"
+  version = "v1.0.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:f763c78fbcdc2e0938585b2c64ecd97761507af96f95a004d8cbb2feb23d3eaa"
+  name = "github.com/mozqnet/go-exploitdb"
+  packages = [
+    "db",
+    "models",
+    "util",
+  ]
+  pruneopts = "UT"
+  revision = "48cac6d5786efbed25a10034dff534e5efd8617a"
+
+[[projects]]
+  digest = "1:95d38d218bf2290987c6b0e885a9f0f2d3d3239235acaddca01c3fe36e5e5566"
+  name = "github.com/nlopes/slack"
+  packages = [
+    ".",
+    "slackutilsx",
+  ]
+  pruneopts = "UT"
+  revision = "b9033a72a20bf84563485e86a2adbea4bf265804"
+  version = "v0.4.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:01d9e47830ef6077fb6f91033b0e83f324ad5966d11ed3daa4a5822ace876dab"
+  name = "github.com/nsf/termbox-go"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "60ab7e3d12ed91bc1b2486559c4b3a6b62297577"
+
+[[projects]]
+  digest = "1:abcdbf03ca6ca13d3697e2186edc1f33863bbdac2b3a44dfa39015e8903f7409"
+  name = "github.com/olekukonko/tablewriter"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "e6d60cf7ba1f42d86d54cdf5508611c4aafb3970"
+  version = "v0.0.1"
+
+[[projects]]
+  digest = "1:d776f3e95774a8719f2e57fabbbb33103035fe072dcf6f1864f33abd17b753e5"
+  name = "github.com/parnurzeal/gorequest"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "a578a48e8d6ca8b01a3b18314c43c6716bb5f5a3"
+  version = "v0.2.15"
+
+[[projects]]
+  digest = "1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e"
+  name = "github.com/pelletier/go-toml"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c01d1270ff3e442a8a57cddc1c92dc1138598194"
+  version = "v1.2.0"
+
+[[projects]]
+  digest = "1:40e195917a951a8bf867cd05de2a46aaf1806c50cf92eebf4c16f78cd196f747"
+  name = "github.com/pkg/errors"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
+  version = "v0.8.0"
+
+[[projects]]
+  digest = "1:1a23fdd843129ef761ffe7651bc5fe7c5b09fbe933e92783ab06cc11c37b7b37"
+  name = "github.com/rifflock/lfshook"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "b9218ef580f59a2e72dad1aa33d660150445d05a"
+  version = "v2.4"
+
+[[projects]]
+  digest = "1:274f67cb6fed9588ea2521ecdac05a6d62a8c51c074c1fccc6a49a40ba80e925"
+  name = "github.com/satori/go.uuid"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3"
+  version = "v1.2.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:84b4f0801dc5a4137a0364b492b581fff859b3eca3979f6fca6e3d2c2e373cf5"
+  name = "github.com/sirupsen/logrus"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "44067abb194b1bc8b342e1f2120f8d3ea691b834"
+
+[[projects]]
+  digest = "1:6a4a11ba764a56d2758899ec6f3848d24698d48442ebce85ee7a3f63284526cd"
+  name = "github.com/spf13/afero"
+  packages = [
+    ".",
+    "mem",
+  ]
+  pruneopts = "UT"
+  revision = "d40851caa0d747393da1ffb28f7f9d8b4eeffebd"
+  version = "v1.1.2"
+
+[[projects]]
+  digest = "1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc"
+  name = "github.com/spf13/cast"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "8c9545af88b134710ab1cd196795e7f2388358d7"
+  version = "v1.3.0"
+
+[[projects]]
+  digest = "1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb"
+  name = "github.com/spf13/jwalterweatherman"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "4a4406e478ca629068e7768fc33f3f044173c0a6"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2"
+  name = "github.com/spf13/pflag"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "298182f68c66c05229eb03ac171abe6e309ee79a"
+  version = "v1.0.3"
+
+[[projects]]
+  digest = "1:214775c11fd26da94a100111a62daa25339198a4f9c57cb4aab352da889f5b93"
+  name = "github.com/spf13/viper"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "2c12c60302a5a0e62ee102ca9bc996277c2f64f5"
+  version = "v1.2.1"
+
+[[projects]]
+  digest = "1:c468422f334a6b46a19448ad59aaffdfc0a36b08fdcc1c749a0b29b6453d7e59"
+  name = "github.com/valyala/bytebufferpool"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "e746df99fe4a3986f4d4f79e13c1e0117ce9c2f7"
+  version = "v1.0.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:268b8bce0064e8c057d7b913605459f9a26dcab864c0886a56d196540fbf003f"
+  name = "github.com/valyala/fasttemplate"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "dcecefd839c4193db0d35b88ec65b4c12d360ab0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0792df7c7ff49b81c7a8c5a2a47aee897c5bab31fb348c8e2f80a560d675f941"
+  name = "github.com/ymomoi/goval-parser"
+  packages = ["oval"]
+  pruneopts = "UT"
+  revision = "0a0be1dd9d0855b50be0be5a10ad3085382b6d59"
+
+[[projects]]
+  digest = "1:2ae8314c44cd413cfdb5b1df082b350116dd8d2fff973e62c01b285b7affd89e"
+  name = "go.opencensus.io"
+  packages = [
+    ".",
+    "exemplar",
+    "internal",
+    "internal/tagencoding",
+    "plugin/ochttp",
+    "plugin/ochttp/propagation/b3",
+    "plugin/ochttp/propagation/tracecontext",
+    "stats",
+    "stats/internal",
+    "stats/view",
+    "tag",
+    "trace",
+    "trace/internal",
+    "trace/propagation",
+    "trace/tracestate",
+  ]
+  pruneopts = "UT"
+  revision = "b7bf3cdb64150a8c8c53b769fdeb2ba581bd4d4b"
+  version = "v0.18.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:29bbd24a92d33c22d209247c0d0e42caeb90ff17802d9c64faaa79299213cf0a"
+  name = "golang.org/x/crypto"
+  packages = [
+    "curve25519",
+    "ed25519",
+    "ed25519/internal/edwards25519",
+    "internal/chacha20",
+    "internal/subtle",
+    "poly1305",
+    "ssh",
+    "ssh/agent",
+    "ssh/terminal",
+  ]
+  pruneopts = "UT"
+  revision = "3d3f9f413869b949e48070b5bc593aa22cc2b8f2"
+
+[[projects]]
+  branch = "master"
+  digest = "1:025c818c2258943954db285ddf18924b51f7ab6dd567b070299dc56c05bea037"
+  name = "golang.org/x/net"
+  packages = [
+    "context",
+    "http/httpguts",
+    "http2",
+    "http2/hpack",
+    "idna",
+    "internal/timeseries",
+    "publicsuffix",
+    "trace",
+  ]
+  pruneopts = "UT"
+  revision = "adae6a3d119ae4890b46832a2e88a95adc62b8e7"
+
+[[projects]]
+  branch = "master"
+  digest = "1:5e4d81c50cffcb124b899e4f3eabec3930c73532f0096c27f94476728ba03028"
+  name = "golang.org/x/sync"
+  packages = ["semaphore"]
+  pruneopts = "UT"
+  revision = "42b317875d0fa942474b76e1b46a6060d720ae6e"
+
+[[projects]]
+  branch = "master"
+  digest = "1:6a875550c3b582f6c2d7e2ce44aba792511f00016d7c46b0a4fb26f730ef3058"
+  name = "golang.org/x/sys"
+  packages = [
+    "unix",
+    "windows",
+  ]
+  pruneopts = "UT"
+  revision = "66b7b1311ac80bbafcd2daeef9a5e6e2cd1e2399"
+
+[[projects]]
+  digest = "1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18"
+  name = "golang.org/x/text"
+  packages = [
+    "collate",
+    "collate/build",
+    "internal/colltab",
+    "internal/gen",
+    "internal/tag",
+    "internal/triegen",
+    "internal/ucd",
+    "language",
+    "secure/bidirule",
+    "transform",
+    "unicode/bidi",
+    "unicode/cldr",
+    "unicode/norm",
+    "unicode/rangetable",
+  ]
+  pruneopts = "UT"
+  revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
+  version = "v0.3.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:5f003878aabe31d7f6b842d4de32b41c46c214bb629bb485387dbcce1edf5643"
+  name = "google.golang.org/api"
+  packages = ["support/bundler"]
+  pruneopts = "UT"
+  revision = "83a9d304b1e613fc253e1e2710778642fe81af53"
+
+[[projects]]
+  digest = "1:c25289f43ac4a68d88b02245742347c94f1e108c534dda442188015ff80669b3"
+  name = "google.golang.org/appengine"
+  packages = ["cloudsql"]
+  pruneopts = "UT"
+  revision = "4a4468ece617fc8205e99368fa2200e9d1fad421"
+  version = "v1.3.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:56b0bca90b7e5d1facf5fbdacba23e4e0ce069d25381b8e2f70ef1e7ebfb9c1a"
+  name = "google.golang.org/genproto"
+  packages = ["googleapis/rpc/status"]
+  pruneopts = "UT"
+  revision = "b5d43981345bdb2c233eb4bf3277847b48c6fdc6"
+
+[[projects]]
+  digest = "1:c3ad9841823db6da420a5625b367913b4ff54bbe60e8e3c98bd20e243e62e2d2"
+  name = "google.golang.org/grpc"
+  packages = [
+    ".",
+    "balancer",
+    "balancer/base",
+    "balancer/roundrobin",
+    "codes",
+    "connectivity",
+    "credentials",
+    "encoding",
+    "encoding/proto",
+    "grpclog",
+    "internal",
+    "internal/backoff",
+    "internal/channelz",
+    "internal/envconfig",
+    "internal/grpcrand",
+    "internal/transport",
+    "keepalive",
+    "metadata",
+    "naming",
+    "peer",
+    "resolver",
+    "resolver/dns",
+    "resolver/passthrough",
+    "stats",
+    "status",
+    "tap",
+  ]
+  pruneopts = "UT"
+  revision = "2e463a05d100327ca47ac218281906921038fd95"
+  version = "v1.16.0"
+
+[[projects]]
+  digest = "1:e626376fab8608a972d47e91b3c1bbbddaecaf1d42b82be6dcc52d10a7557893"
+  name = "gopkg.in/VividCortex/ewma.v1"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "b24eb346a94c3ba12c1da1e564dbac1b498a77ce"
+  version = "v1.1.1"
+
+[[projects]]
+  digest = "1:50ec2f81389fbc7a1e496e1d1dc07adfe080fd15e015e9ba0e08ddaf1d4635ef"
+  name = "gopkg.in/cheggaaa/pb.v1"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "007b75a044e968336a69a6c0c617251ab62ac14c"
+  version = "v1.0.26"
+
+[[projects]]
+  digest = "1:256938e7d43c73bd5e7bb97dd281d1ebe294b2928403ee1fbec96249915d1150"
+  name = "gopkg.in/cheggaaa/pb.v2"
+  packages = ["termutil"]
+  pruneopts = "UT"
+  revision = "c112833d014c77e8bde723fd0158e3156951639f"
+  version = "v2.0.6"
+
+[[projects]]
+  digest = "1:865079840386857c809b72ce300be7580cb50d3d3129ce11bf9aa6ca2bc1934a"
+  name = "gopkg.in/fatih/color.v1"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"
+  version = "v1.7.0"
+
+[[projects]]
+  digest = "1:c658e84ad3916da105a761660dcaeb01e63416c8ec7bc62256a9b411a05fcd67"
+  name = "gopkg.in/mattn/go-colorable.v0"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
+  version = "v0.0.9"
+
+[[projects]]
+  digest = "1:0981502f9816113c9c8c4ac301583841855c8cf4da8c72f696b3ebedf6d0e4e5"
+  name = "gopkg.in/mattn/go-isatty.v0"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"
+  version = "v0.0.4"
+
+[[projects]]
+  digest = "1:cdb899c199f907ac9fb50495ec71212c95cb5b0e0a8ee0800da0238036091033"
+  name = "gopkg.in/mattn/go-runewidth.v0"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ce7b0b5c7b45a81508558cd1dba6bb1e4ddb51bb"
+  version = "v0.0.3"
+
+[[projects]]
+  digest = "1:342378ac4dcb378a5448dd723f0784ae519383532f5e70ade24132c4c8693202"
+  name = "gopkg.in/yaml.v2"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183"
+  version = "v2.2.1"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  input-imports = [
+    "github.com/Azure/azure-sdk-for-go/storage",
+    "github.com/BurntSushi/toml",
+    "github.com/RackSec/srslog",
+    "github.com/asaskevich/govalidator",
+    "github.com/aws/aws-sdk-go/aws",
+    "github.com/aws/aws-sdk-go/aws/credentials",
+    "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds",
+    "github.com/aws/aws-sdk-go/aws/ec2metadata",
+    "github.com/aws/aws-sdk-go/aws/session",
+    "github.com/aws/aws-sdk-go/service/s3",
+    "github.com/aws/aws-sdk-go/service/sts",
+    "github.com/boltdb/bolt",
+    "github.com/cenkalti/backoff",
+    "github.com/google/subcommands",
+    "github.com/gosuri/uitable",
+    "github.com/hashicorp/uuid",
+    "github.com/howeyc/gopass",
+    "github.com/jroimartin/gocui",
+    "github.com/k0kubun/pp",
+    "github.com/knqyf263/go-cpe/naming",
+    "github.com/knqyf263/go-deb-version",
+    "github.com/knqyf263/go-rpm-version",
+    "github.com/knqyf263/gost/db",
+    "github.com/knqyf263/gost/models",
+    "github.com/kotakanbe/go-cve-dictionary/db",
+    "github.com/kotakanbe/go-cve-dictionary/log",
+    "github.com/kotakanbe/go-cve-dictionary/models",
+    "github.com/kotakanbe/go-pingscanner",
+    "github.com/kotakanbe/goval-dictionary/db",
+    "github.com/kotakanbe/goval-dictionary/models",
+    "github.com/kotakanbe/logrus-prefixed-formatter",
+    "github.com/mitchellh/go-homedir",
+    "github.com/mozqnet/go-exploitdb/db",
+    "github.com/mozqnet/go-exploitdb/models",
+    "github.com/nlopes/slack",
+    "github.com/olekukonko/tablewriter",
+    "github.com/parnurzeal/gorequest",
+    "github.com/pkg/errors",
+    "github.com/rifflock/lfshook",
+    "github.com/sirupsen/logrus",
+    "golang.org/x/crypto/ssh",
+    "golang.org/x/crypto/ssh/agent",
+  ]
+  solver-name = "gps-cdcl"
+  solver-version = 1
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -0,0 +1,41 @@
+# Gopkg.toml example
+#
+# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#   name = "github.com/x/y"
+#   version = "2.4.0"
+#
+# [prune]
+#   non-go = false
+#   go-tests = true
+#   unused-packages = true
+
+[[constraint]]
+  name = "github.com/knqyf263/gost"
+  branch = "master"
+
+[[constraint]]
+  name = "github.com/kotakanbe/go-cve-dictionary"
+  branch = "master"
+
+[[constraint]]
+  name = "github.com/mozqnet/go-exploitdb"
+  branch = "master"
+
+[prune]
+  go-tests = true
+  unused-packages = true
--- a/4
+++ b/4
@@ -632,7 +632,7 @@ state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.

    Vuls - Vulnerability Scanner
-    Copyright (C) 2016  Future Architect, Inc. Japan.
+    Copyright (C) 2016  Future Corporation , Japan.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
  If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:

-    Vuls  Copyright (C) 2016  Future Architect, Inc. Japan.
+    Vuls  Copyright (C) 2016  Future Corporation , Japan.
    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.
--- a/52
+++ b/52
@@ -1,52 +0,0 @@
-.PHONY: \
-	all \
-	vendor \
-	lint \
-	vet \
-	fmt \
-	fmtcheck \
-	pretest \
-	test \
-	integration \
-	cov \
-	clean
-
-SRCS = $(shell git ls-files '*.go')
-PKGS = ./. ./db ./config ./models ./report ./cveapi ./scan ./util ./commands
-
-all: test
-
-vendor:
-	@ go get -v github.com/mjibson/party
-	party -d external -c -u
-
-lint:
-	@ go get -v github.com/golang/lint/golint
-	$(foreach file,$(SRCS),golint $(file) || exit;)
-
-vet:
-	@-go get -v golang.org/x/tools/cmd/vet
-	$(foreach pkg,$(PKGS),go vet $(pkg);)
-
-fmt:
-	gofmt -w $(SRCS)
-
-fmtcheck:
-	$(foreach file,$(SRCS),gofmt -d $(file);)
-
-pretest: lint vet fmtcheck
-
-test: pretest
-	$(foreach pkg,$(PKGS),go test -v $(pkg) || exit;)
-
-unused :
-	$(foreach pkg,$(PKGS),unused $(pkg);)
-
-cov:
-	@ go get -v github.com/axw/gocov/gocov
-	@ go get golang.org/x/tools/cmd/cover
-	gocov test | gocov report
-
-clean:
-	$(foreach pkg,$(PKGS),go clean $(pkg) || exit;)
-
--- a/2
+++ b/2
@@ -1,2 +1,2 @@
-Vuls Copyright (C) 2016  Future Architect, Inc. Japan.
+Vuls Copyright (C) 2016  Future Corporation , Japan.

--- a/README.ja.md
+++ b/README.ja.md
@@ -1,109 +0,0 @@
-
-# Vuls: VULnerability Scanner
-
-[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](http://goo.gl/forms/xm5KFo35tu)
-
-Vulnerability scanner for Linux, agentless, written in golang.
-
-[README in English](https://github.com/future-architect/vuls/blob/master/README.md)  
-Slackチームは[こちらから](http://goo.gl/forms/xm5KFo35tu)参加できます。(日本語でオッケーです)
-
-[![asciicast](https://asciinema.org/a/bazozlxrw1wtxfu9yojyihick.png)](https://asciinema.org/a/bazozlxrw1wtxfu9yojyihick)
-
-![Vuls-slack](img/vuls-slack-ja.png)
-
-
----
-
-# Abstract
-
-毎日のように発見される脆弱性の調査やソフトウェアアップデート作業は、システム管理者にとって負荷の高いタスクである。
-プロダクション環境ではサービス停止リスクを避けるために、パッケージマネージャの自動更新機能を使わずに手動更新で運用するケースも多い。
-だが、手動更新での運用には以下の問題がある。
- システム管理者がNVDなどで新着の脆弱性をウォッチし続けなければならない
- サーバにインストールされているソフトウェアは膨大であり、システム管理者が全てを把握するのは困難
- 新着の脆弱性がどのサーバに該当するのかといった調査コストが大きく、漏れる可能性がある
-
-
-Vulsは上に挙げた手動運用での課題を解決するツールであり、以下の特徴がある。
- システムに関係ある脆弱性のみ教えてくれる
- その脆弱性に該当するサーバを教えてくれる
- 自動スキャンのため脆弱性検知の漏れを防ぐことができる
- CRONなどで定期実行、レポートすることで脆弱性の放置を防ぐことできる
-
-![Vuls-Motivation](img/vuls-motivation.png)
-
----
-
-# Main Features
-
- Linuxサーバに存在する脆弱性をスキャン
-    - Ubuntu, Debian, CentOS, Amazon Linux, RHELに対応
-    - クラウド、オンプレミス、Docker
- OSパッケージ管理対象外のミドルウェアをスキャン
-    - プログラミング言語のライブラリやフレームワーク、ミドルウェアの脆弱性スキャン
-    - CPEに登録されているソフトウェアが対象
- エージェントレスアーキテクチャ
-    - スキャン対象サーバにSSH接続可能なマシン1台にセットアップするだけで動作
- 設定ファイルのテンプレート自動生成
-    - CIDRを指定してサーバを自動検出、設定ファイルのテンプレートを生成
- EmailやSlackで通知可能（日本語でのレポートも可能）
- 付属するTerminal-Based User Interfaceビューアでは、Vim風キーバインドでスキャン結果を参照可能
-
----
-
-詳細は[README in English](https://github.com/future-architect/vuls/blob/master/README.md) を参照
-
-# レポートの日本語化
-
- JVNから日本語の脆弱性情報を取得
-    ```
-    $ go-cve-dictionary fetchjvn -help
-    fetchjvn:
-            fetchjvn [-dump-path=$PWD/cve] [-dpath=$PWD/vuls.sqlite3] [-week] [-month] [-entire]
-
-      -dbpath string
-            /path/to/sqlite3/DBfile (default "$PWD/cve.sqlite3")
-      -debug
-            debug mode
-      -debug-sql
-            SQL debug mode
-      -dump-path string
-            /path/to/dump.json (default "$PWD/cve.json")
-      -entire
-            Fetch data for entire period.(This operation is time-consuming) (default: false)
-      -month
-            Fetch data in the last month (default: false)
-      -week
-            Fetch data in the last week. (default: false)
-
-    ```
-
- すべての期間の脆弱性情報を取得(1時間以上かかる)
-    ```
-    $ go-cve-dictionary fetchjvn -entire
-    ```
-
- 直近1ヶ月間に更新された脆弱性情報を取得(1分未満)
-    ```
-    $ go-cve-dictionary fetchjvn -month
-    ```
-
- 直近1週間に更新された脆弱性情報を取得(1分未満)
-    ```
-    $ go-cve-dictionary fetchjvn -week
-    ```
-
- 脆弱性情報の自動アップデート  
-Cronなどのジョブスケジューラを用いて実現可能。  
-week オプションを指定して夜間の日次実行を推奨。
-
-
-## スキャン実行
-
-```
-$ vuls scan -lang=ja
-```
-Scan時にlang=jaを指定すると脆弱性レポートが日本語になる  
-slack, emailは日本語対応済み TUIは日本語表示未対応
-
--- a/README.md
+++ b/README.md
@@ -2,19 +2,25 @@
 # Vuls: VULnerability Scanner

 [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](http://goo.gl/forms/xm5KFo35tu)
+[![License](https://img.shields.io/github/license/future-architect/vuls.svg?style=flat-square)](https://github.com/future-architect/vuls/blob/master/LICENSE)
+[![Build Status](https://travis-ci.org/future-architect/vuls.svg?branch=master)](https://travis-ci.org/future-architect/vuls)
+[![Go Report Card](https://goreportcard.com/badge/github.com/future-architect/vuls)](https://goreportcard.com/report/github.com/future-architect/vuls)

-Vulnerability scanner for Linux, agentless, written in golang.

+![Vuls-logo](img/vuls_logo.png)  
+
+Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.  
 We have a slack team. [Join slack team](http://goo.gl/forms/xm5KFo35tu)  
+Twitter: [@vuls_en](https://twitter.com/vuls_en)

-[README in Japanese](https://github.com/future-architect/vuls/blob/master/README.ja.md)  
+![Vuls-Abstract](img/vuls-abstract.png)
+
+![Vulsrepo](https://raw.githubusercontent.com/usiusi360/vulsrepo/master/gallery/demo.gif)

 [![asciicast](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck.png)](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck)

 ![Vuls-slack](img/vuls-slack-en.png)

-
-
 ----

 # Abstract
@@ -22,16 +28,16 @@ We have a slack team. [Join slack team](http://goo.gl/forms/xm5KFo35tu)
 For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden.
 To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually.
 This leads to the following problems.
- System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) and etc.
+- System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) or similar databases.
 - It might be impossible for the system administrator to monitor all the software if there are a large number of software installed in server.
- It is expensive to perform anaylsis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.
+- It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.


 Vuls is a tool created to solve the problems listed above. It has the following characteristics.
 - Informs users of the vulnerabilities that are related to the system.
 - Informs users of the servers that are affected.
 - Vulnerability detection is done automatically to prevent any oversight.
- Report is generated on regular basis using CRON etc. to manage vulnerability.
+- Report is generated on regular basis using CRON or other methods. to manage vulnerability.

 ![Vuls-Motivation](img/vuls-motivation.png)

@@ -39,18 +45,80 @@ Vuls is a tool created to solve the problems listed above. It has the following

 # Main Features

- Scan for any vulnerabilities in Linux Server
-    - Supports Ubuntu, Debian, CentOS, Amazon Linux, RHEL
-    - Cloud, on-premise, Docker
- Scan middleware that are not included in OS package management
-    - Scan middleware, programming language libraries and framework for vulnerability
-    - Support software registered in CPE
- Agentless architecture
-    - User is required to only setup one machine that is connected to other target servers via SSH
+## Scan for any vulnerabilities in Linux/FreeBSD Server
+
+[Supports major Linux/FreeBSD](https://vuls.io/docs/en/supported-os.html)
+- Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD
+- Cloud, on-premise, Docker
+
+##  High quality scan
+
+Vuls uses Multiple vulnerability databases
+- [NVD](https://nvd.nist.gov/)
+- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
+- OVAL
+	- [RedHat](https://www.redhat.com/security/data/oval/)
+	- [Debian](https://www.debian.org/security/oval/)
+	- [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
+	- [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
+	- [Oracle Linux](https://linux.oracle.com/security/oval/)
+- [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
+- [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
+- [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/)
+- Commands(yum, zypper, pkg-audit)
+	- RHSA/ALAS/ELSA/FreeBSD-SA
+- [Exploit Database](https://www.exploit-db.com/)
+- Changelog
+
+## Fast scan and Deep scan
+
+[Fast Scan](https://vuls.io/docs/en/architecture-fast-scan.html)
+- Scan without root privilege, no dependencies
+- Almost no load on the scan target server
+- Offline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)
+
+[Fast Root Scan](https://vuls.io/docs/en/architecture-fast-root-scan.html)
+- Scan with root privilege
+- Almost no load on the scan target server
+- Detect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux)
+- Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
+- Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian)
+
+[Deep Scan](https://vuls.io/docs/en/architecture-deep-scan.html)
+- Scan with root privilege
+- Parses the Changelog  
+    Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed.
+    By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software
+    it's possible to create a list of all vulnerabilities that need to be fixed.
+- Sometimes load on the scan target server
+
+## [Remote scan and Local scan](https://vuls.io/docs/en/architecture-remote-local.html)
+
+[Remote Scan](https://vuls.io/docs/en/architecture-remote-scan.html)
+- User is required to only setup one machine that is connected to other target servers via SSH
+
+[Local Scan](https://vuls.io/docs/en/architecture-local-scan.html)
+- If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.
+
+## **Dynamic** Analysis
+
+- It is possible to acquire the state of the server by connecting via SSH and executing the command. 
+- Vuls warns when the scan target server was updated the kernel etc. but not restarting it.
+
+## [Scan middleware that are not included in OS package management](https://vuls.io/docs/en/usage-scan-non-os-packages.html)
+
+- Scan middleware, programming language libraries and framework for vulnerability
+- Support software registered in CPE
+
+## MISC
+
+- Nondestructive testing
+- Pre-authorization is *NOT* necessary before scanning on AWS
+	- Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
 - Auto generation of configuration file template
-    - Auto detection of servers set using CIDR, generate configuration file template
- Email and Slack notification is possible (supports Japanese language) 
- Scan result is viewable on accessory software, TUI Viewer terminal.
+	- Auto detection of servers set using CIDR, generate configuration file template
+- Email and Slack notification is possible (supports Japanese language)
+- Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI ([VulsRepo](https://github.com/usiusi360/vulsrepo)).

 ----

@@ -60,586 +128,30 @@ Vuls is a tool created to solve the problems listed above. It has the following

 ----

-# Hello Vuls 
-
-This tutorial will let you scan the vulnerabilities on the localhost with vuls.   
-This can be done in the following steps.  
-
-1. Launch Amazon Linux
-1. Enable to ssh from localhost
-1. Install requirements
-1. Deploy go-cve-dictionary
-1. Deploy Vuls
-1. Configuration
-1. Prepare
-1. Scan
-1. TUI(Terminal-Based User Interface)
-
-## Step1. Launch Amazon Linux
-
- We are using the old AMI (amzn-ami-hvm-2015.09.1.x86_64-gp2 - ami-383c1956) for this example
- Instance size: t2.medium
-    - For the first time, t2.medium and above is required for the data fetch from NVD
-    - You can switch to t2.nano after the initial data fetch.
- Add the following to the cloud-init, to avoid auto-update at the first launch.
-
-    - [Q: How do I disable the automatic installation of critical and important security updates on initial launch?](https://aws.amazon.com/amazon-linux-ami/faqs/?nc1=h_ls)
-    ```
-    #cloud-config
-    repo_upgrade: none
-    ```
-
-## Step2. SSH setting
-
-This is required to ssh to itself.
-
-Create a keypair then append public key to authorized_keys
-```bash
-$ ssh-keygen -t rsa
-$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
-```
-
-## Step3. Install requirements
-
-Vuls requires the following packages.
-
- sqlite
- git
- gcc
- go v1.6
-    - https://golang.org/doc/install
-
-```bash
-$ ssh ec2-user@52.100.100.100  -i ~/.ssh/private.pem
-$ sudo yum -y install sqlite git gcc
-$ wget https://storage.googleapis.com/golang/go1.6.linux-amd64.tar.gz
-$ sudo tar -C /usr/local -xzf go1.6.linux-amd64.tar.gz
-$ mkdir $HOME/go
-```
-Add these lines into /etc/profile.d/goenv.sh
-
-```bash
-export GOROOT=/usr/local/go
-export GOPATH=$HOME/go
-export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
-```
-
-Set the OS environment variable to current shell
-```bash
-$ source /etc/profile.d/goenv.sh
-```
-
-## Step4. Deploy go-cve-dictionary
-
-go get
-
-```bash
-$ sudo mkdir /var/log/vuls
-$ sudo chown ec2-user /var/log/vuls
-$ sudo chmod 700 /var/log/vuls
-$ go get github.com/kotakanbe/go-cve-dictionary
-```
-
-Start go-cve-dictionary as server mode.  
-For the first time, go-cve-dictionary fetches vulnerability data from NVD.  
-It takes about 10 minutes (on AWS).  
-
-```bash
-$ go-cve-dictionary server
-... Fetching ...
-$ ls -alh cve.sqlite3
-rw-r--r-- 1 ec2-user ec2-user 7.0M Mar 24 13:20 cve.sqlite3
-```
-
-Now we successfully collected vulnerbility data, then start as server mode again.
-```bash
-$ go-cve-dictionary server
-[Mar 24 15:21:55]  INFO Opening DB. datafile: /home/ec2-user/cve.sqlite3
-[Mar 24 15:21:55]  INFO Migrating DB
-[Mar 24 15:21:56]  INFO Starting HTTP Sever...
-[Mar 24 15:21:56]  INFO Listening on 127.0.0.1:1323
-```
-
-## Step5. Deploy vuls
-
-Launch a new terminal, SSH to the ec2 instance.
-
-go get
-```
-$ go get github.com/future-architect/vuls
-```
-
-## Step6. Config
-
-Create a config file(TOML format).
-
-```
-$ cat config.toml
-[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-port        = "22"
-user        = "ec2-user"
-keyPath     = "/home/ec2-user/.ssh/id_rsa"
-```
-
-## Step7. Setting up target servers for vuls  
-
-```
-$ vuls prepare
-```
-
-## Step8. Start Scanning
-
-```
-$ vuls scan
-INFO[0000] Begin scannig (config: /home/ec2-user/config.toml)
-
-... snip ...
-
-172-31-4-82 (amazon 2015.09)
-============================
-CVE-2016-0494   10.0    Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle
-                        Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to
-                        affect confidentiality, integrity, and availability via unknown vectors related to
-                        2D.
-... snip ...
-
-CVE-2016-0494
-------------
-Score           10.0 (High)
-Vector          (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-Summary         Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105,
-                7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality,
-                integrity, and availability via unknown vectors related to 2D.
-NVD             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0494
-MITRE           https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
-CVE Details     http://www.cvedetails.com/cve/CVE-2016-0494
-CVSS Claculator https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2016-0494&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)
-RHEL-CVE        https://access.redhat.com/security/cve/CVE-2016-0494
-ALAS-2016-643   https://alas.aws.amazon.com/ALAS-2016-643.html
-Package/CPE     java-1.7.0-openjdk-1.7.0.91-2.6.2.2.63.amzn1 -> java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.65.amzn1
-
-```
-
-## Step9. TUI
-
-Vuls has Terminal-Based User Interface to display the scan result.
-
-```
-$ vuls tui
-```
-
-![Vuls-TUI](img/hello-vuls-tui.png)
+# Document

+For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)  
+[日本語翻訳ドキュメント](https://vuls.io/ja/)

 ----

-# Architecture
-
-![Vuls-Architecture](img/vuls-architecture.png)
-
-## go-cve-dictinary  
- Fetch vulnerbility information from NVD, JVN(Japanese), then insert into SQLite.
-
-## Vuls
- Scan vulnerabilities on the servers and create a list of the CVE ID
- For more detailed information of the detected CVE, send HTTP request to go-cve-dictinary
- Send a report by Slack, Email
- System operator can view the latest report by terminal
-
----
-
-# Use Cases
-
-## Scan all servers
-
-![Vuls-Usecase1](img/vuls-usecase-elb-rails-rds-all.png)
-
-## Scan a single server
-
-web/app server in the same configuration under the load balancer
-
-![Vuls-Usecase2](img/vuls-usecase-elb-rails-rds-single.png)
-
----
-
-# Support OS
-
-| Distribution|            Release |
-|:------------|-------------------:|
-| Ubuntu      |          12, 14, 16|
-| Debian      |                7, 8|
-| RHEL        |          4, 5, 6, 7|
-| CentOS      |             5, 6, 7|
-| Amazon Linux|                All |
-
----
-
-
-# Usage: Automatic Server Discovery
-
-Discovery subcommand discovers active servers specifed in CIDR range, then print the template of config file(TOML format) to terminal.
-
-```
-$ vuls discover -help
-discover:
-        discover 192.168.0.0/24
-```
-
-## Exapmle
-
-```
-$ vuls discover 172.31.4.0/24
-# Create config.toml using below and then ./vuls --config=/path/to/config.toml
-
-[slack]
-hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-channel      = "#channel-name"
-#channel      = "#{servername}"
-iconEmoji    = ":ghost:"
-authUser     = "username"
-notifyUsers  = ["@username"]
-
-[mail]
-smtpAddr      = "smtp.gmail.com"
-smtpPort      = 465
-user          = "username"
-password      = "password"
-from          = "from@address.com"
-to            = ["to@address.com"]
-cc            = ["cc@address.com"]
-subjectPrefix = "[vuls]"
-
-[default]
-#port        = "22"
-#user        = "username"
-#password    = "password"
-#keyPath     = "/home/username/.ssh/id_rsa"
-#keyPassword = "password"
-
-[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-#port        = "22"
-#user        = "root"
-#password    = "password"
-#keyPath     = "/home/username/.ssh/id_rsa"
-#keyPassword = "password"
-#cpeNames = [
-#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-#]
-```
-
-You can customize your configuration using this template.
-
----
-
-# Configuration
-
- Slack section
-    ```
-    [slack]
-    hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-    channel      = "#channel-name"
-    #channel      = "#{servername}"
-    iconEmoji    = ":ghost:"
-    authUser     = "username"
-    notifyUsers  = ["@username"]
-    ```
-
-    - hookURL : Incomming webhook's URL  
-    - channel : channel name.  
-    If you set #{servername} to channel, the report will be sent to #servername channel.  
-    In the following example, the report will be sent to the #server1 and #server2.  
-    Be sure to create these channels before scanning.
-      ```
-      [slack]
-      channel      = "#{servername}"
-      ...snip...
-
-      [servers]
-
-      [servers.server1]
-      host         = "172.31.4.82"
-      ...snip...
-
-      [servers.server2]
-      host         = "172.31.4.83"
-      ...snip...
-      ```
-
-    - iconEmoji: emoji
-    - authUser: username of the slack team
-    - notifyUsers: a list of Slack usernames to send Slack notifications.
-      If you set ["@foo", "@bar"] to notifyUsers, @foo @bar will be included in text.  
-      So @foo, @bar can receive mobile push notifications on their smartphone.  
-
- Mail section
-    ```
-    [mail]
-    smtpAddr      = "smtp.gmail.com"
-    smtpPort      = 465
-    user          = "username"
-    password      = "password"
-    from          = "from@address.com"
-    to            = ["to@address.com"]
-    cc            = ["cc@address.com"]
-    subjectPrefix = "[vuls]"
-    ```
-
- Defualt section
-    ```
-    [default]
-    #port        = "22"
-    #user        = "username"
-    #password    = "password"
-    #keyPath     = "/home/username/.ssh/id_rsa"
-    #keyPassword = "password"
-    ```
-    Items of the defualt section will be used if not specified.
-
- servers section
-    ```
-    [servers]
-
-    [servers.172-31-4-82]
-    host         = "172.31.4.82"
-    #port        = "22"
-    #user        = "root"
-    #password    = "password"
-    #keyPath     = "/home/username/.ssh/id_rsa"
-    #keyPassword = "password"
-    #cpeNames = [
-    #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-    #]
-    ```
-    You can overwrite the default value specified in default section.  
-    Vuls supports multiple SSH authentication methods.  
-    - SSH agent
-    - SSH public key authentication (with password, empty password)
-    - Password authentication
-
----
-
-# Usage: Prepare
-
-Prepare subcommand installs required packages on each server.
-
-| Distribution|            Release | Requirements |
-|:------------|-------------------:|:-------------|
-| Ubuntu      |          12, 14, 16| -            |
-| Debian      |                7, 8| apptitude    |
-| CentOS      |                   5| yum-plugin-security, yum-changelog |
-| CentOS      |                6, 7| yum-plugin-security, yum-plugin-changelog |
-| Amazon      |                All | -            |
-| RHEL        |         4, 5, 6, 7 | -            |
-
-
-```
-$ vuls prepare -help
-prepare:
-        prepare [-config=/path/to/config.toml] [-debug]
-
-  -config string
-        /path/to/toml (default "$PWD/config.toml")
-  -debug
-        debug mode
-  -use-unattended-upgrades
-        [Depricated] For Ubuntu, install unattended-upgrades
-```
-
----
-
-# Usage: Scan
-
-```
-$ vuls scan -help
-scan:
-        scan
-                [-lang=en|ja]
-                [-config=/path/to/config.toml]
-                [-dbpath=/path/to/vuls.sqlite3]
-                [-cve-dictionary-url=http://127.0.0.1:1323]
-                [-cvss-over=7]
-                [-report-slack]
-                [-report-mail]
-                [-http-proxy=http://192.168.0.1:8080]
-                [-debug]
-                [-debug-sql]
-  -config string
-        /path/to/toml (default "$PWD/config.toml")
-  -cve-dictionary-url string
-        http://CVE.Dictionary (default "http://127.0.0.1:1323")
-  -cvss-over float
-        -cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))
-  -dbpath string
-        /path/to/sqlite3 (default "$PWD/vuls.sqlite3")
-  -debug
-        debug mode
-  -debug-sql
-        SQL debug mode
-  -http-proxy string
-        http://proxy-url:port (default: empty)
-  -lang string
-        [en|ja] (default "en")
-  -report-mail
-        Email report
-  -report-slack
-        Slack report
-  -use-unattended-upgrades
-        [Depricated] For Ubuntu. Scan by unattended-upgrades or not (use apt-get upgrade --dry-run by default)
-  -use-yum-plugin-security
-        [Depricated] For CentOS 5. Scan by yum-plugin-security or not (use yum check-update by default)
-
-```
-
-## example
-
-Run go-cve-dictionary as server mode before scanning.
-```
-$ go-cve-dictionary server
-```
-
-### Scan all servers defined in config file
-```
-$ vuls scan --report-slack --report-mail --cvss-over=7
-```
-With this sample command, it will ..
- Scan all servers defined in config file
- Send scan results to slack and email
- Only Report CVEs that CVSS score is over 7
- Print scan result to terminal
-
-### Scan specific servers
-```
-$ vuls scan server1 server2
-```
-With this sample command, it will ..
- Scan only 2 servers. (server1, server2)
- Print scan result to terminal
-
----
-
-# Usage: Scan vulnerability of non-OS package
-
-It is possible to detect vulnerabilities something you compiled by yourself, the language libraries and the frameworks that have been registered in the [CPE](https://nvd.nist.gov/cpe.cfm).
-
-  How to search CPE name by software name
-    - [NVD: Search Common Platform Enumerations (CPE)](https://web.nvd.nist.gov/view/cpe/search)  
-    **Check CPE Naming Format: 2.2**
-
- Configuration  
-To detect the vulnerbility of Ruby on Rails v4.2.1, cpeNames needs to be set in the servers section.
-    ```
-    [servers]
-
-    [servers.172-31-4-82]
-    host         = "172.31.4.82"
-    user        = "ec2-user"
-    keyPath     = "/home/username/.ssh/id_rsa"
-    cpeNames = [
-      "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-    ]
-    ```
-
-# Usage: Update NVD Data.
-
-```
-$ go-cve-dictionary fetchnvd -h
-fetchnvd:
-        fetchnvd
-                [-last2y]
-                [-dbpath=/path/to/cve.sqlite3]
-                [-debug]
-                [-debug-sql]
-
-  -dbpath string
-        /path/to/sqlite3 (default "$PWD/cve.sqlite3")
-  -debug
-        debug mode
-  -debug-sql
-        SQL debug mode
-  -last2y
-        Refresh NVD data in the last two years.
-```
-
- Fetch data of the entire period
-
-```
-$ go-cve-dictionary fetchnvd -entire
-```
-
- Fetch data in the last 2 years
-
-```
-$ go-cve-dictionary fetchnvd -last2y
-```
-
----
-
-# Misc
-
- HTTP Proxy Support  
-If your system is behind HTTP proxy, you have to specify --http-proxy option.
-
- How to Daemonize go-cve-dictionary  
-Use Systemd, Upstart or supervisord, daemontools...
-
- How to update vulnerbility data automatically.  
-Use job scheduler like Cron (with -last2y option).
-
- How to cross compile
-    ```bash
-    $ cd /path/to/your/local-git-reporsitory/vuls
-    $ GOOS=linux GOARCH=amd64 go build -o vuls.amd64
-    ```
-
- Logging  
-Log wrote to under /var/log/vuls/
-
- Debug  
-Run with --debug, --sql-debug option.
-
- Windows  
-Use Microsoft Baseline Secuirty Analyzer. [MBSA](https://technet.microsoft.com/en-us/security/cc184924.aspx)
-
----
-
-# Data Source
-
- [NVD](https://nvd.nist.gov/)
- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
-
-
 # Authors

 kotakanbe ([@kotakanbe](https://twitter.com/kotakanbe)) created vuls and [these fine people](https://github.com/future-architect/vuls/graphs/contributors) have contributed.

 ----

-# Contribute
-
-1. Fork it
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request
-
----
-
 # Change Log

 Please see [CHANGELOG](https://github.com/future-architect/vuls/blob/master/CHANGELOG.md).

 ----
+# Stargazers over time		
+		
+[![Stargazers over time](https://starcharts.herokuapp.com/future-architect/vuls.svg)](https://starcharts.herokuapp.com/future-architect/vuls)		

-# Licence
+-----
+
+# License

 Please see [LICENSE](https://github.com/future-architect/vuls/blob/master/LICENSE).
-
-
-[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/future-architect/vuls/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
-
--- a/cache/bolt.go
+++ b/cache/bolt.go
@@ -0,0 +1,188 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package cache
+
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/boltdb/bolt"
+	"github.com/future-architect/vuls/util"
+	"github.com/sirupsen/logrus"
+)
+
+// Bolt holds a pointer of bolt.DB
+// boltdb is used to store a cache of Changelogs of Ubuntu/Debian
+type Bolt struct {
+	Path string
+	Log  *logrus.Entry
+	db   *bolt.DB
+}
+
+// SetupBolt opens a boltdb and creates a meta bucket if not exists.
+func SetupBolt(path string, l *logrus.Entry) error {
+	l.Infof("Open boltDB: %s", path)
+	db, err := bolt.Open(path, 0600, nil)
+	if err != nil {
+		return err
+	}
+
+	b := Bolt{
+		Path: path,
+		Log:  l,
+		db:   db,
+	}
+	if err = b.createBucketIfNotExists(metabucket); err != nil {
+		return err
+	}
+
+	DB = b
+	return nil
+}
+
+// Close a db.
+func (b Bolt) Close() error {
+	if b.db == nil {
+		return nil
+	}
+	return b.db.Close()
+}
+
+//  CreateBucketIfNotExists creates a buket that is specified by arg.
+func (b *Bolt) createBucketIfNotExists(name string) error {
+	return b.db.Update(func(tx *bolt.Tx) error {
+		_, err := tx.CreateBucketIfNotExists([]byte(name))
+		if err != nil {
+			return fmt.Errorf("Failed to create bucket: %s", err)
+		}
+		return nil
+	})
+}
+
+// GetMeta gets a Meta Information os the servername to boltdb.
+func (b Bolt) GetMeta(serverName string) (meta Meta, found bool, err error) {
+	err = b.db.View(func(tx *bolt.Tx) error {
+		bkt := tx.Bucket([]byte(metabucket))
+		v := bkt.Get([]byte(serverName))
+		if len(v) == 0 {
+			found = false
+			return nil
+		}
+		if e := json.Unmarshal(v, &meta); e != nil {
+			return e
+		}
+		found = true
+		return nil
+	})
+	return
+}
+
+// RefreshMeta gets a Meta Information os the servername to boltdb.
+func (b Bolt) RefreshMeta(meta Meta) error {
+	meta.CreatedAt = time.Now()
+	jsonBytes, err := json.Marshal(meta)
+	if err != nil {
+		return fmt.Errorf("Failed to marshal to JSON: %s", err)
+	}
+	return b.db.Update(func(tx *bolt.Tx) error {
+		bkt := tx.Bucket([]byte(metabucket))
+		if err := bkt.Put([]byte(meta.Name), jsonBytes); err != nil {
+			return err
+		}
+		b.Log.Debugf("Refreshed Meta: %s", meta.Name)
+		return nil
+	})
+}
+
+// EnsureBuckets puts a Meta information and create a buket that holds changelogs.
+func (b Bolt) EnsureBuckets(meta Meta) error {
+	jsonBytes, err := json.Marshal(meta)
+	if err != nil {
+		return fmt.Errorf("Failed to marshal to JSON: %s", err)
+	}
+	return b.db.Update(func(tx *bolt.Tx) error {
+		b.Log.Debugf("Put to meta: %s", meta.Name)
+		bkt := tx.Bucket([]byte(metabucket))
+		if err := bkt.Put([]byte(meta.Name), jsonBytes); err != nil {
+			return err
+		}
+
+		// re-create a bucket (bucket name: servername)
+		bkt = tx.Bucket([]byte(meta.Name))
+		if bkt != nil {
+			b.Log.Debugf("Delete bucket: %s", meta.Name)
+			if err := tx.DeleteBucket([]byte(meta.Name)); err != nil {
+				return err
+			}
+			b.Log.Debugf("Bucket deleted: %s", meta.Name)
+		}
+		b.Log.Debugf("Create bucket: %s", meta.Name)
+		if _, err := tx.CreateBucket([]byte(meta.Name)); err != nil {
+			return err
+		}
+		b.Log.Debugf("Bucket created: %s", meta.Name)
+		return nil
+	})
+}
+
+// PrettyPrint is for debug
+func (b Bolt) PrettyPrint(meta Meta) error {
+	return b.db.View(func(tx *bolt.Tx) error {
+		bkt := tx.Bucket([]byte(metabucket))
+		v := bkt.Get([]byte(meta.Name))
+		b.Log.Debugf("Meta: key:%s, value:%s", meta.Name, v)
+
+		bkt = tx.Bucket([]byte(meta.Name))
+		c := bkt.Cursor()
+		for k, v := c.First(); k != nil; k, v = c.Next() {
+			b.Log.Debugf("key:%s, len: %d, %s...",
+				k, len(v), util.Truncate(string(v), 30))
+		}
+		return nil
+	})
+}
+
+// GetChangelog get the changelgo of specified packName from the Bucket
+func (b Bolt) GetChangelog(servername, packName string) (changelog string, err error) {
+	err = b.db.View(func(tx *bolt.Tx) error {
+		bkt := tx.Bucket([]byte(servername))
+		if bkt == nil {
+			return fmt.Errorf("Failed to get Bucket: %s", servername)
+		}
+		v := bkt.Get([]byte(packName))
+		if v == nil {
+			changelog = ""
+			return nil
+		}
+		changelog = string(v)
+		return nil
+	})
+	return
+}
+
+// PutChangelog put the changelgo of specified packName into the Bucket
+func (b Bolt) PutChangelog(servername, packName, changelog string) error {
+	return b.db.Update(func(tx *bolt.Tx) error {
+		bkt := tx.Bucket([]byte(servername))
+		if bkt == nil {
+			return fmt.Errorf("Failed to get Bucket: %s", servername)
+		}
+		return bkt.Put([]byte(packName), []byte(changelog))
+	})
+}
--- a/cache/bolt_test.go
+++ b/cache/bolt_test.go
@@ -0,0 +1,137 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package cache
+
+import (
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/boltdb/bolt"
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/sirupsen/logrus"
+)
+
+const path = "/tmp/vuls-test-cache-11111111.db"
+const servername = "server1"
+
+var meta = Meta{
+	Name: servername,
+	Distro: config.Distro{
+		Family:  "ubuntu",
+		Release: "16.04",
+	},
+	Packs: models.Packages{
+		"apt": {
+			Name:    "apt",
+			Version: "1",
+		},
+	},
+}
+
+func TestSetupBolt(t *testing.T) {
+	log := logrus.NewEntry(&logrus.Logger{})
+	err := SetupBolt(path, log)
+	if err != nil {
+		t.Errorf("Failed to setup bolt: %s", err)
+	}
+	defer os.Remove(path)
+
+	if err := DB.Close(); err != nil {
+		t.Errorf("Failed to close bolt: %s", err)
+	}
+
+	// check if meta bucket exists
+	db, err := bolt.Open(path, 0600, nil)
+	if err != nil {
+		t.Errorf("Failed to open bolt: %s", err)
+	}
+
+	db.View(func(tx *bolt.Tx) error {
+		bkt := tx.Bucket([]byte(metabucket))
+		if bkt == nil {
+			t.Errorf("Meta bucket nof found")
+		}
+		return nil
+	})
+
+}
+
+func TestEnsureBuckets(t *testing.T) {
+	log := logrus.NewEntry(&logrus.Logger{})
+	if err := SetupBolt(path, log); err != nil {
+		t.Errorf("Failed to setup bolt: %s", err)
+	}
+	if err := DB.EnsureBuckets(meta); err != nil {
+		t.Errorf("Failed to ensure buckets: %s", err)
+	}
+	defer os.Remove(path)
+
+	m, found, err := DB.GetMeta(servername)
+	if err != nil {
+		t.Errorf("Failed to get meta: %s", err)
+	}
+	if !found {
+		t.Errorf("Not Found in meta")
+	}
+	if meta.Name != m.Name || meta.Distro != m.Distro {
+		t.Errorf("expected %v, actual %v", meta, m)
+	}
+	if !reflect.DeepEqual(meta.Packs, m.Packs) {
+		t.Errorf("expected %v, actual %v", meta.Packs, m.Packs)
+	}
+	if err := DB.Close(); err != nil {
+		t.Errorf("Failed to close bolt: %s", err)
+	}
+
+	db, err := bolt.Open(path, 0600, nil)
+	if err != nil {
+		t.Errorf("Failed to open bolt: %s", err)
+	}
+	db.View(func(tx *bolt.Tx) error {
+		bkt := tx.Bucket([]byte(servername))
+		if bkt == nil {
+			t.Errorf("Meta bucket nof found")
+		}
+		return nil
+	})
+}
+
+func TestPutGetChangelog(t *testing.T) {
+	clog := "changelog-text"
+	log := logrus.NewEntry(&logrus.Logger{})
+	if err := SetupBolt(path, log); err != nil {
+		t.Errorf("Failed to setup bolt: %s", err)
+	}
+	defer os.Remove(path)
+
+	if err := DB.EnsureBuckets(meta); err != nil {
+		t.Errorf("Failed to ensure buckets: %s", err)
+	}
+	if err := DB.PutChangelog(servername, "apt", clog); err != nil {
+		t.Errorf("Failed to put changelog: %s", err)
+	}
+	if actual, err := DB.GetChangelog(servername, "apt"); err != nil {
+		t.Errorf("Failed to get changelog: %s", err)
+	} else {
+		if actual != clog {
+			t.Errorf("changelog is not same. e: %s, a: %s", clog, actual)
+		}
+	}
+}
--- a/cache/db.go
+++ b/cache/db.go
@@ -0,0 +1,50 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package cache
+
+import (
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// DB has a cache instance
+var DB Cache
+
+const metabucket = "changelog-meta"
+
+// Cache is a interface of cache
+type Cache interface {
+	Close() error
+	GetMeta(string) (Meta, bool, error)
+	RefreshMeta(Meta) error
+	EnsureBuckets(Meta) error
+	PrettyPrint(Meta) error
+	GetChangelog(string, string) (string, error)
+	PutChangelog(string, string, string) error
+}
+
+// Meta holds a server name, distro information of the scanned server and
+// package information that was collected at the last scan.
+type Meta struct {
+	Name      string
+	Distro    config.Distro
+	Packs     models.Packages
+	CreatedAt time.Time
+}
--- a/commands/configtest.go
+++ b/commands/configtest.go
@@ -0,0 +1,176 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package commands
+
+import (
+	"context"
+	"flag"
+	"os"
+	"path/filepath"
+
+	"github.com/google/subcommands"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/scan"
+	"github.com/future-architect/vuls/util"
+)
+
+// ConfigtestCmd is Subcommand
+type ConfigtestCmd struct {
+	configPath     string
+	askKeyPassword bool
+	timeoutSec     int
+}
+
+// Name return subcommand name
+func (*ConfigtestCmd) Name() string { return "configtest" }
+
+// Synopsis return synopsis
+func (*ConfigtestCmd) Synopsis() string { return "Test configuration" }
+
+// Usage return usage
+func (*ConfigtestCmd) Usage() string {
+	return `configtest:
+	configtest
+			[-config=/path/to/config.toml]
+			[-log-dir=/path/to/log]
+			[-ask-key-password]
+			[-timeout=300]
+			[-ssh-external]
+			[-containers-only]
+			[-http-proxy=http://192.168.0.1:8080]
+			[-debug]
+			[-vvv]
+
+			[SERVER]...
+`
+}
+
+// SetFlags set flag
+func (p *ConfigtestCmd) SetFlags(f *flag.FlagSet) {
+	wd, _ := os.Getwd()
+	defaultConfPath := filepath.Join(wd, "config.toml")
+	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+
+	f.IntVar(&p.timeoutSec, "timeout", 5*60, "Timeout(Sec)")
+
+	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
+		"Ask ssh privatekey password before scanning",
+	)
+
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")
+
+	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
+		"Use Native Go implementation of SSH. Default: Use the external command")
+
+	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
+		"Use SSH options specified in ssh_config preferentially")
+
+	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
+		"Test containers only. Default: Test both of hosts and containers")
+
+	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")
+}
+
+// Execute execute
+func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	// Setup Logger
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+
+	if err := mkdirDotVuls(); err != nil {
+		util.Log.Errorf("Failed to create .vuls: %s", err)
+		return subcommands.ExitUsageError
+	}
+
+	var keyPass string
+	var err error
+	if p.askKeyPassword {
+		prompt := "SSH key password: "
+		if keyPass, err = getPasswd(prompt); err != nil {
+			util.Log.Error(err)
+			return subcommands.ExitFailure
+		}
+	}
+
+	err = c.Load(p.configPath, keyPass)
+	if err != nil {
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("If you update Vuls and get this error, there may be incompatible changes in config.toml")
+		util.Log.Errorf("Please check README: https://github.com/future-architect/vuls#configuration")
+		return subcommands.ExitUsageError
+	}
+
+	var servernames []string
+	if 0 < len(f.Args()) {
+		servernames = f.Args()
+	}
+
+	target := make(map[string]c.ServerInfo)
+	for _, arg := range servernames {
+		found := false
+		for servername, info := range c.Conf.Servers {
+			if servername == arg {
+				target[servername] = info
+				found = true
+				break
+			}
+		}
+		if !found {
+			util.Log.Errorf("%s is not in config", arg)
+			return subcommands.ExitUsageError
+		}
+	}
+	if 0 < len(servernames) {
+		c.Conf.Servers = target
+	}
+
+	util.Log.Info("Validating config...")
+	if !c.Conf.ValidateOnConfigtest() {
+		return subcommands.ExitUsageError
+	}
+
+	util.Log.Info("Detecting Server/Container OS... ")
+	if err := scan.InitServers(p.timeoutSec); err != nil {
+		util.Log.Errorf("Failed to init servers: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	util.Log.Info("Checking Scan Modes...")
+	if err := scan.CheckScanModes(); err != nil {
+		util.Log.Errorf("Fix config.toml: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	util.Log.Info("Checking dependencies...")
+	scan.CheckDependencies(p.timeoutSec)
+
+	util.Log.Info("Checking sudo settings...")
+	scan.CheckIfSudoNoPasswd(p.timeoutSec)
+
+	util.Log.Info("It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode")
+
+	if scan.PrintSSHableServerNames() {
+		return subcommands.ExitSuccess
+	}
+	return subcommands.ExitFailure
+}
--- a/commands/discover.go
+++ b/commands/discover.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -18,6 +18,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package commands

 import (
+	"context"
 	"flag"
 	"fmt"
 	"os"
@@ -25,10 +26,9 @@ import (
 	"text/template"

 	"github.com/google/subcommands"
-	"golang.org/x/net/context"

-	"github.com/Sirupsen/logrus"
 	ps "github.com/kotakanbe/go-pingscanner"
+	"github.com/sirupsen/logrus"
 )

 // DiscoverCmd is Subcommand of host discovery mode
@@ -39,7 +39,7 @@ type DiscoverCmd struct {
 func (*DiscoverCmd) Name() string { return "discover" }

 // Synopsis return synopsis
-func (*DiscoverCmd) Synopsis() string { return "Host discovery in the CIDR." }
+func (*DiscoverCmd) Synopsis() string { return "Host discovery in the CIDR" }

 // Usage return usage
 func (*DiscoverCmd) Usage() string {
@@ -57,6 +57,7 @@ func (p *DiscoverCmd) SetFlags(f *flag.FlagSet) {
 func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
 	// validate
 	if len(f.Args()) == 0 {
+		logrus.Errorf("Usage: " + p.Usage())
 		return subcommands.ExitUsageError
 	}

@@ -65,7 +66,6 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
 			CIDR: cidr,
 			PingOptions: []string{
 				"-c1",
-				"-t1",
 			},
 			NumOfConcurrency: 100,
 		}
@@ -77,7 +77,7 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
 		}

 		if len(hosts) < 1 {
-			logrus.Errorf("Active hosts not found in %s.", cidr)
+			logrus.Errorf("Active hosts not found in %s", cidr)
 			return subcommands.ExitSuccess
 		} else if err := printConfigToml(hosts); err != nil {
 			logrus.Errorf("Failed to parse template. err: %s", err)
@@ -87,52 +87,143 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
 	return subcommands.ExitSuccess
 }

-// Output the tmeplate of config.toml
+// Output the template of config.toml
 func printConfigToml(ips []string) (err error) {
-	const tomlTempale = `
-[slack]
-hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-channel      = "#channel-name"
-#channel      = "#{servername}"
-iconEmoji    = ":ghost:"
-authUser     = "username"
-notifyUsers  = ["@username"]
+	const tomlTemplate = `

-[mail]
-smtpAddr      = "smtp.gmail.com"
-smtpPort      = 465
-user          = "username"
-password      = "password"
-from          = "from@address.com"
-to            = ["to@address.com"]
-cc            = ["cc@address.com"]
-subjectPrefix = "[vuls]"
+# https://vuls.io/docs/en/usage-settings.html
+[cveDict]
+type        = "sqlite3"
+sqlite3Path = "/path/to/cve.sqlite3"
+#url        = ""

+[ovalDict]
+type        = "sqlite3"
+sqlite3Path = "/path/to/oval.sqlite3"
+#url        = ""
+
+[gost]
+type        = "sqlite3"
+sqlite3Path = "/path/to/gost.sqlite3"
+#url        = ""
+
+[exploit]
+type        = "sqlite3"
+sqlite3Path = "/path/to/go-exploitdb.sqlite3"
+#url        = ""
+
+# https://vuls.io/docs/en/usage-settings.html#slack-section
+#[slack]
+#hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
+##legacyToken = "xoxp-11111111111-222222222222-3333333333"
+#channel      = "#channel-name"
+##channel     = "${servername}"
+#iconEmoji    = ":ghost:"
+#authUser     = "username"
+#notifyUsers  = ["@username"]
+
+# https://vuls.io/docs/en/usage-settings.html#email-section
+#[email]
+#smtpAddr      = "smtp.example.com"
+#smtpPort      = "587"
+#user          = "username"
+#password      = "password"
+#from          = "from@example.com"
+#to            = ["to@example.com"]
+#cc            = ["cc@example.com"]
+#subjectPrefix = "[vuls]"
+
+# https://vuls.io/docs/en/usage-settings.html#http-section
+#[http]
+#url = "http://localhost:11234"
+
+# https://vuls.io/docs/en/usage-settings.html#syslog-section
+#[syslog]
+#protocol    = "tcp"
+#host        = "localhost"
+#port        = "514"
+#tag         = "vuls"
+#facility    = "local0"
+#severity    = "alert"
+#verbose     = false
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
+#[aws]
+#profile                = "default"
+#region                 = "ap-northeast-1"
+#s3Bucket               = "vuls"
+#s3ResultsDir           = "/path/to/result"
+#s3ServerSideEncryption = "AES256"
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
+#[azure]
+#accountName   = "default"
+#accountKey    = "xxxxxxxxxxxxxx"
+#containerName = "vuls"
+
+# https://vuls.io/docs/en/usage-settings.html#stride-section
+#[stride]
+#hookURL   = "xxxxxxxxxxxxxxx"
+#authToken = "xxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#hipchat-section
+#[hipchat]
+#room      = "vuls"
+#authToken = "xxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#chatwork-section
+#[chatwork]
+#room     = "xxxxxxxxxxx"
+#apiToken = "xxxxxxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#default-section
 [default]
-#port        = "22"
-#user        = "username"
-#password    = "password"
-#keyPath     = "/home/username/.ssh/id_rsa"
-#keyPassword = "password"
+#port               = "22"
+#user               = "username"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
+#cpeNames = [
+#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
+#]
+#owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-6271"]
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]

+# https://vuls.io/docs/en/usage-settings.html#servers-section
 [servers]
 {{- $names:=  .Names}}
 {{range $i, $ip := .IPs}}
 [servers.{{index $names $i}}]
-host         = "{{$ip}}"
-#port        = "22"
-#user        = "root"
-#password    = "password"
-#keyPath     = "/home/username/.ssh/id_rsa"
-#keyPassword = "password"
-#cpeNames = [
-#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-#]
+host                = "{{$ip}}"
+#port               = "22"
+#user               = "root"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
+#type               = "pseudo"
+#memo               = "DB Server"
+#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-0160"]
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]
+
+#[servers.{{index $names $i}}.containers.container_name_a]
+#cpeNames       = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath = "/path/to/dependency-check-report.xml"
+#ignoreCves     = ["CVE-2014-0160"]
+
+#[servers.{{index $names $i}}.optional]
+#key = "value1"
+
+
 {{end}}

 `
 	var tpl *template.Template
-	if tpl, err = template.New("tempalte").Parse(tomlTempale); err != nil {
+	if tpl, err = template.New("template").Parse(tomlTemplate); err != nil {
 		return
 	}

@@ -150,7 +241,7 @@ host         = "{{$ip}}"
 	}
 	a.Names = names

-	fmt.Println("# Create config.toml using below and then ./vuls --config=/path/to/config.toml")
+	fmt.Println("# Create config.toml using below and then ./vuls -config=/path/to/config.toml")
 	if err = tpl.Execute(os.Stdout, a); err != nil {
 		return
 	}
--- a/commands/history.go
+++ b/commands/history.go
@@ -0,0 +1,91 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package commands
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/report"
+	"github.com/google/subcommands"
+)
+
+// HistoryCmd is Subcommand of list scanned results
+type HistoryCmd struct{}
+
+// Name return subcommand name
+func (*HistoryCmd) Name() string { return "history" }
+
+// Synopsis return synopsis
+func (*HistoryCmd) Synopsis() string {
+	return `List history of scanning.`
+}
+
+// Usage return usage
+func (*HistoryCmd) Usage() string {
+	return `history:
+	history
+		[-results-dir=/path/to/results]
+	`
+}
+
+// SetFlags set flag
+func (p *HistoryCmd) SetFlags(f *flag.FlagSet) {
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
+
+	wd, _ := os.Getwd()
+	defaultResultsDir := filepath.Join(wd, "results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+}
+
+// Execute execute
+func (p *HistoryCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+
+	dirs, err := report.ListValidJSONDirs()
+	if err != nil {
+		return subcommands.ExitFailure
+	}
+	for _, d := range dirs {
+		var files []os.FileInfo
+		if files, err = ioutil.ReadDir(d); err != nil {
+			return subcommands.ExitFailure
+		}
+		var hosts []string
+		for _, f := range files {
+			if filepath.Ext(f.Name()) != ".json" {
+				continue
+			}
+			fileBase := strings.TrimSuffix(f.Name(), filepath.Ext(f.Name()))
+			hosts = append(hosts, fileBase)
+		}
+		splitPath := strings.Split(d, string(os.PathSeparator))
+		timeStr := splitPath[len(splitPath)-1]
+		fmt.Printf("%s %d servers: %s\n",
+			timeStr,
+			len(hosts),
+			strings.Join(hosts, ", "),
+		)
+	}
+	return subcommands.ExitSuccess
+}
--- a/commands/prepare.go
+++ b/commands/prepare.go
@@ -1,131 +0,0 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package commands
-
-import (
-	"flag"
-	"os"
-
-	"github.com/Sirupsen/logrus"
-	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/scan"
-	"github.com/future-architect/vuls/util"
-	"github.com/google/subcommands"
-	"golang.org/x/net/context"
-)
-
-// PrepareCmd is Subcommand of host discovery mode
-type PrepareCmd struct {
-	debug      bool
-	configPath string
-
-	useUnattendedUpgrades bool
-}
-
-// Name return subcommand name
-func (*PrepareCmd) Name() string { return "prepare" }
-
-// Synopsis return synopsis
-func (*PrepareCmd) Synopsis() string {
-	//  return "Install packages Ubuntu: unattended-upgrade, CentOS: yum-plugin-security)"
-	return `Install required packages to scan.
-				CentOS: yum-plugin-security, yum-plugin-changelog
-				Amazon: None
-				RHEL:   TODO
-				Ubuntu: None
-
-	`
-}
-
-// Usage return usage
-func (*PrepareCmd) Usage() string {
-	return `prepare:
-	prepare [-config=/path/to/config.toml] [-debug]
-
-`
-}
-
-// SetFlags set flag
-func (p *PrepareCmd) SetFlags(f *flag.FlagSet) {
-
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
-
-	defaultConfPath := os.Getenv("PWD") + "/config.toml"
-	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
-
-	f.BoolVar(
-		&p.useUnattendedUpgrades,
-		"use-unattended-upgrades",
-		false,
-		"[Depricated] For Ubuntu, install unattended-upgrades",
-	)
-}
-
-// Execute execute
-func (p *PrepareCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	logrus.Infof("Begin Preparing (config: %s)", p.configPath)
-
-	err := c.Load(p.configPath)
-	if err != nil {
-		logrus.Errorf("Error loading %s, %s", p.configPath, err)
-		return subcommands.ExitUsageError
-	}
-
-	target := make(map[string]c.ServerInfo)
-	for _, arg := range f.Args() {
-		found := false
-		for servername, info := range c.Conf.Servers {
-			if servername == arg {
-				target[servername] = info
-				found = true
-				break
-			}
-		}
-		if !found {
-			logrus.Errorf("%s is not in config", arg)
-			return subcommands.ExitUsageError
-		}
-	}
-	if 0 < len(f.Args()) {
-		c.Conf.Servers = target
-	}
-
-	c.Conf.Debug = p.debug
-	c.Conf.UseUnattendedUpgrades = p.useUnattendedUpgrades
-
-	// Set up custom logger
-	logger := util.NewCustomLogger(c.ServerInfo{})
-
-	logger.Info("Detecting OS... ")
-	err = scan.InitServers(logger)
-	if err != nil {
-		logger.Errorf("Failed to init servers. err: %s", err)
-		return subcommands.ExitFailure
-	}
-
-	logger.Info("Installing...")
-	if errs := scan.Prepare(); 0 < len(errs) {
-		for _, e := range errs {
-			logger.Errorf("Failed: %s.", e)
-		}
-		return subcommands.ExitFailure
-	}
-
-	logger.Info("Success")
-	return subcommands.ExitSuccess
-}
--- a/commands/report.go
+++ b/commands/report.go
@@ -0,0 +1,419 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package commands
+
+import (
+	"context"
+	"flag"
+	"os"
+	"path/filepath"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/oval"
+	"github.com/future-architect/vuls/report"
+	"github.com/future-architect/vuls/util"
+	"github.com/google/subcommands"
+	"github.com/k0kubun/pp"
+	cvelog "github.com/kotakanbe/go-cve-dictionary/log"
+)
+
+// ReportCmd is subcommand for reporting
+type ReportCmd struct {
+	configPath  string
+	cveDict     c.GoCveDictConf
+	ovalDict    c.GovalDictConf
+	gostConf    c.GostConf
+	exploitConf c.ExploitConf
+	httpConf    c.HTTPConf
+}
+
+// Name return subcommand name
+func (*ReportCmd) Name() string { return "report" }
+
+// Synopsis return synopsis
+func (*ReportCmd) Synopsis() string { return "Reporting" }
+
+// Usage return usage
+func (*ReportCmd) Usage() string {
+	return `report:
+	report
+		[-lang=en|ja]
+		[-config=/path/to/config.toml]
+		[-results-dir=/path/to/results]
+		[-log-dir=/path/to/log]
+		[-refresh-cve]
+		[-cvss-over=7]
+		[-diff]
+		[-ignore-unscored-cves]
+		[-ignore-unfixed]
+		[-to-email]
+		[-to-http]
+		[-to-slack]
+		[-to-stride]
+		[-to-hipchat]
+		[-to-chatwork]
+		[-to-localfile]
+		[-to-s3]
+		[-to-azure-blob]
+		[-to-saas]
+		[-format-json]
+		[-format-xml]
+		[-format-one-email]
+		[-format-one-line-text]
+		[-format-list]
+		[-format-full-text]
+		[-gzip]
+		[-uuid]
+		[-http-proxy=http://192.168.0.1:8080]
+		[-debug]
+		[-debug-sql]
+		[-pipe]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
+		[-http="http://vuls-report-server"]
+
+		[RFC3339 datetime format under results dir]
+`
+}
+
+// SetFlags set flag
+func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
+	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
+
+	wd, _ := os.Getwd()
+	defaultConfPath := filepath.Join(wd, "config.toml")
+	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+
+	defaultResultsDir := filepath.Join(wd, "results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+
+	f.BoolVar(&c.Conf.RefreshCve, "refresh-cve", false,
+		"Refresh CVE information in JSON file under results dir")
+
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
+		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")
+
+	f.BoolVar(&c.Conf.Diff, "diff", false,
+		"Difference between previous result and current result ")
+
+	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
+		"Don't report the unscored CVEs")
+
+	f.BoolVar(
+		&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't report the unfixed CVEs")
+
+	f.StringVar(
+		&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")
+
+	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
+	f.BoolVar(&c.Conf.FormatXML, "format-xml", false, "XML format")
+	f.BoolVar(&c.Conf.FormatOneEMail, "format-one-email", false,
+		"Send all the host report via only one EMail (Specify with -to-email)")
+	f.BoolVar(&c.Conf.FormatOneLineText, "format-one-line-text", false,
+		"One line summary in plain text")
+	f.BoolVar(&c.Conf.FormatList, "format-list", false, "Display as list format")
+	f.BoolVar(&c.Conf.FormatFullText, "format-full-text", false,
+		"Detail report in plain text")
+
+	f.BoolVar(&c.Conf.ToSlack, "to-slack", false, "Send report via Slack")
+	f.BoolVar(&c.Conf.ToStride, "to-stride", false, "Send report via Stride")
+	f.BoolVar(&c.Conf.ToHipChat, "to-hipchat", false, "Send report via hipchat")
+	f.BoolVar(&c.Conf.ToChatWork, "to-chatwork", false, "Send report via chatwork")
+	f.BoolVar(&c.Conf.ToEmail, "to-email", false, "Send report via Email")
+	f.BoolVar(&c.Conf.ToSyslog, "to-syslog", false, "Send report via Syslog")
+	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
+	f.BoolVar(&c.Conf.ToS3, "to-s3", false,
+		"Write report to S3 (bucket/yyyyMMdd_HHmm/servername.json/xml/txt)")
+	f.BoolVar(&c.Conf.ToHTTP, "to-http", false, "Send report via HTTP POST")
+	f.BoolVar(&c.Conf.ToAzureBlob, "to-azure-blob", false,
+		"Write report to Azure Storage blob (container/yyyyMMdd_HHmm/servername.json/xml/txt)")
+	f.BoolVar(&c.Conf.ToSaas, "to-saas", false,
+		"Upload report to Future Vuls(https://vuls.biz/) before report")
+
+	f.BoolVar(&c.Conf.GZIP, "gzip", false, "gzip compression")
+	f.BoolVar(&c.Conf.UUID, "uuid", false,
+		"Auto generate of scan target servers and then write to config.toml and scan result")
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE")
+
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
+		"http://exploit.com:1326 or DB connection string")
+
+	f.StringVar(&p.httpConf.URL, "http", "", "-to-http http://vuls-report")
+
+}
+
+// Execute execute
+func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
+
+	if err := c.Load(p.configPath, ""); err != nil {
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		return subcommands.ExitUsageError
+	}
+
+	c.Conf.CveDict.Overwrite(p.cveDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.Exploit.Overwrite(p.exploitConf)
+	c.Conf.HTTP.Overwrite(p.httpConf)
+
+	var dir string
+	var err error
+	if c.Conf.Diff {
+		dir, err = report.JSONDir([]string{})
+	} else {
+		dir, err = report.JSONDir(f.Args())
+	}
+	if err != nil {
+		util.Log.Errorf("Failed to read from JSON: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	// report
+	reports := []report.ResultWriter{
+		report.StdoutWriter{},
+	}
+
+	if c.Conf.ToSlack {
+		reports = append(reports, report.SlackWriter{})
+	}
+
+	if c.Conf.ToStride {
+		reports = append(reports, report.StrideWriter{})
+	}
+
+	if c.Conf.ToHipChat {
+		reports = append(reports, report.HipChatWriter{})
+	}
+
+	if c.Conf.ToChatWork {
+		reports = append(reports, report.ChatWorkWriter{})
+	}
+
+	if c.Conf.ToEmail {
+		reports = append(reports, report.EMailWriter{})
+	}
+
+	if c.Conf.ToSyslog {
+		reports = append(reports, report.SyslogWriter{})
+	}
+
+	if c.Conf.ToHTTP {
+		reports = append(reports, report.HTTPRequestWriter{})
+	}
+
+	if c.Conf.ToLocalFile {
+		reports = append(reports, report.LocalFileWriter{
+			CurrentDir: dir,
+		})
+	}
+
+	if c.Conf.ToS3 {
+		if err := report.CheckIfBucketExists(); err != nil {
+			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %s",
+				c.Conf.AWS.S3Bucket, err)
+			return subcommands.ExitUsageError
+		}
+		reports = append(reports, report.S3Writer{})
+	}
+
+	if c.Conf.ToAzureBlob {
+		if len(c.Conf.Azure.AccountName) == 0 {
+			c.Conf.Azure.AccountName = os.Getenv("AZURE_STORAGE_ACCOUNT")
+		}
+
+		if len(c.Conf.Azure.AccountKey) == 0 {
+			c.Conf.Azure.AccountKey = os.Getenv("AZURE_STORAGE_ACCESS_KEY")
+		}
+
+		if len(c.Conf.Azure.ContainerName) == 0 {
+			util.Log.Error("Azure storage container name is required with -azure-container option")
+			return subcommands.ExitUsageError
+		}
+		if err := report.CheckIfAzureContainerExists(); err != nil {
+			util.Log.Errorf("Check if there is a container beforehand: %s, err: %s",
+				c.Conf.Azure.ContainerName, err)
+			return subcommands.ExitUsageError
+		}
+		reports = append(reports, report.AzureBlobWriter{})
+	}
+
+	if c.Conf.ToSaas {
+		if !c.Conf.UUID {
+			util.Log.Errorf("If you use the -to-saas option, you need to enable the uuid option")
+			return subcommands.ExitUsageError
+		}
+		reports = append(reports, report.SaasWriter{})
+	}
+
+	if !(c.Conf.FormatJSON || c.Conf.FormatOneLineText ||
+		c.Conf.FormatList || c.Conf.FormatFullText || c.Conf.FormatXML) {
+		c.Conf.FormatList = true
+	}
+
+	util.Log.Info("Validating config...")
+	if !c.Conf.ValidateOnReport() {
+		return subcommands.ExitUsageError
+	}
+
+	var loaded models.ScanResults
+	if loaded, err = report.LoadScanResults(dir); err != nil {
+		util.Log.Error(err)
+		return subcommands.ExitFailure
+	}
+	util.Log.Infof("Loaded: %s", dir)
+
+	var res models.ScanResults
+	for _, r := range loaded {
+		if len(r.Errors) == 0 {
+			res = append(res, r)
+		} else {
+			util.Log.Warnf("Ignored since errors occurred during scanning: %s",
+				r.ServerName)
+		}
+	}
+
+	for _, r := range res {
+		util.Log.Debugf("%s: %s",
+			r.ServerInfo(),
+			pp.Sprintf("%s", c.Conf.Servers[r.ServerName]))
+	}
+
+	if c.Conf.UUID {
+		// Ensure UUIDs of scan target servers in config.toml
+		if err := report.EnsureUUIDs(p.configPath, res); err != nil {
+			util.Log.Errorf("Failed to ensure UUIDs: %s", err)
+			return subcommands.ExitFailure
+		}
+	}
+
+	if !c.Conf.ToSaas {
+		util.Log.Info("Validating db config...")
+		if !c.Conf.ValidateOnReportDB() {
+			return subcommands.ExitUsageError
+		}
+
+		if c.Conf.CveDict.URL != "" {
+			if err := report.CveClient.CheckHealth(); err != nil {
+				util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
+				util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+				return subcommands.ExitFailure
+			}
+		}
+
+		if c.Conf.OvalDict.URL != "" {
+			err := oval.Base{}.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
+				util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
+				return subcommands.ExitFailure
+			}
+		}
+
+		if c.Conf.Gost.URL != "" {
+			util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+			err := gost.Base{}.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("gost HTTP server is not running. err: %s", err)
+				util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
+				return subcommands.ExitFailure
+			}
+		}
+
+		if c.Conf.Exploit.URL != "" {
+			err := exploit.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
+				util.Log.Errorf("Run go-exploitdb as server mode before reporting")
+				return subcommands.ExitFailure
+			}
+		}
+		dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+			CveDictCnf:  c.Conf.CveDict,
+			OvalDictCnf: c.Conf.OvalDict,
+			GostCnf:     c.Conf.Gost,
+			ExploitCnf:  c.Conf.Exploit,
+			DebugSQL:    c.Conf.DebugSQL,
+		})
+		if locked {
+			util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
+			return subcommands.ExitFailure
+		}
+		if err != nil {
+			util.Log.Errorf("Failed to init DB Clients: %s", err)
+			return subcommands.ExitFailure
+		}
+		defer dbclient.CloseDB()
+
+		if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
+			util.Log.Error(err)
+			return subcommands.ExitFailure
+		}
+	}
+
+	for _, w := range reports {
+		if err := w.Write(res...); err != nil {
+			util.Log.Errorf("Failed to report: %s", err)
+			return subcommands.ExitFailure
+		}
+	}
+
+	return subcommands.ExitSuccess
+}
--- a/commands/scan.go
+++ b/commands/scan.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -18,127 +18,156 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package commands

 import (
+	"context"
 	"flag"
+	"fmt"
+	"io/ioutil"
 	"os"
+	"path/filepath"
+	"strings"

-	"github.com/Sirupsen/logrus"
 	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/cveapi"
-	"github.com/future-architect/vuls/db"
-	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/scan"
 	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
-	"golang.org/x/net/context"
+	"github.com/k0kubun/pp"
 )

 // ScanCmd is Subcommand of host discovery mode
 type ScanCmd struct {
-	lang     string
-	debug    bool
-	debugSQL bool
-
-	configPath string
-
-	dbpath           string
-	cveDictionaryURL string
-	cvssScoreOver    float64
-	httpProxy        string
-
-	useYumPluginSecurity  bool
-	useUnattendedUpgrades bool
-
-	// reporting
-	reportSlack bool
-	reportMail  bool
+	configPath     string
+	askKeyPassword bool
+	timeoutSec     int
+	scanTimeoutSec int
 }

 // Name return subcommand name
 func (*ScanCmd) Name() string { return "scan" }

 // Synopsis return synopsis
-func (*ScanCmd) Synopsis() string { return "Scan vulnerabilities." }
+func (*ScanCmd) Synopsis() string { return "Scan vulnerabilities" }

 // Usage return usage
 func (*ScanCmd) Usage() string {
 	return `scan:
 	scan
-		[-lang=en|ja]
 		[-config=/path/to/config.toml]
-		[-dbpath=/path/to/vuls.sqlite3]
-		[-cve-dictionary-url=http://127.0.0.1:1323]
-		[-cvss-over=7]
-		[-report-slack]
-		[-report-mail]
+		[-results-dir=/path/to/results]
+		[-log-dir=/path/to/log]
+		[-cachedb-path=/path/to/cache.db]
+		[-ssh-native-insecure]
+		[-ssh-config]
+		[-containers-only]
+		[-skip-broken]
 		[-http-proxy=http://192.168.0.1:8080]
+		[-ask-key-password]
+		[-timeout=300]
+		[-timeout-scan=7200]
 		[-debug]
-		[-debug-sql]
+		[-pipe]
+		[-vvv]
+
+		[SERVER]...
 `
 }

 // SetFlags set flag
 func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
-	f.StringVar(&p.lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
-	f.BoolVar(&p.debugSQL, "debug-sql", false, "SQL debug mode")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")

-	defaultConfPath := os.Getenv("PWD") + "/config.toml"
+	wd, _ := os.Getwd()
+	defaultConfPath := filepath.Join(wd, "config.toml")
 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")

-	defaultDBPath := os.Getenv("PWD") + "/vuls.sqlite3"
-	f.StringVar(&p.dbpath, "dbpath", defaultDBPath, "/path/to/sqlite3")
+	defaultResultsDir := filepath.Join(wd, "results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")

-	defaultURL := "http://127.0.0.1:1323"
-	f.StringVar(
-		&p.cveDictionaryURL,
-		"cve-dictionary-url",
-		defaultURL,
-		"http://CVE.Dictionary")
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")

-	f.Float64Var(
-		&p.cvssScoreOver,
-		"cvss-over",
-		0,
-		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")
+	defaultCacheDBPath := filepath.Join(wd, "cache.db")
+	f.StringVar(&c.Conf.CacheDBPath, "cachedb-path", defaultCacheDBPath,
+		"/path/to/cache.db (local cache of changelog for Ubuntu/Debian)")

-	f.StringVar(
-		&p.httpProxy,
-		"http-proxy",
-		"",
-		"http://proxy-url:port (default: empty)",
+	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
+		"Use Native Go implementation of SSH. Default: Use the external command")
+
+	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
+		"Use SSH options specified in ssh_config preferentially")
+
+	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
+		"Scan containers only. Default: Scan both of hosts and containers")
+
+	f.BoolVar(&c.Conf.SkipBroken, "skip-broken", false,
+		"[For CentOS] yum update changelog with --skip-broken option")
+
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")
+
+	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
+		"Ask ssh privatekey password before scanning",
 	)

-	f.BoolVar(&p.reportSlack, "report-slack", false, "Slack report")
-	f.BoolVar(&p.reportMail, "report-mail", false, "Email report")
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
+	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")

-	f.BoolVar(
-		&p.useYumPluginSecurity,
-		"use-yum-plugin-security",
-		false,
-		"[Depricated] For CentOS 5. Scan by yum-plugin-security or not (use yum check-update by default)",
+	f.IntVar(&p.timeoutSec, "timeout", 5*60,
+		"Number of seconds for processing other than scan",
 	)

-	f.BoolVar(
-		&p.useUnattendedUpgrades,
-		"use-unattended-upgrades",
-		false,
-		"[Depricated] For Ubuntu. Scan by unattended-upgrades or not (use apt-get upgrade --dry-run by default)",
+	f.IntVar(&p.scanTimeoutSec, "timeout-scan", 120*60,
+		"Number of seconds for scanning vulnerabilities for all servers",
 	)
-
 }

 // Execute execute
 func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	// Setup Logger
+	util.Log = util.NewCustomLogger(c.ServerInfo{})

-	logrus.Infof("Begin scannig (config: %s)", p.configPath)
-	err := c.Load(p.configPath)
-	if err != nil {
-		logrus.Errorf("Error loading %s, %s", p.configPath, err)
+	if err := mkdirDotVuls(); err != nil {
+		util.Log.Errorf("Failed to create .vuls: %s", err)
 		return subcommands.ExitUsageError
 	}

+	var keyPass string
+	var err error
+	if p.askKeyPassword {
+		prompt := "SSH key password: "
+		if keyPass, err = getPasswd(prompt); err != nil {
+			util.Log.Error(err)
+			return subcommands.ExitFailure
+		}
+	}
+
+	err = c.Load(p.configPath, keyPass)
+	if err != nil {
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("If you update Vuls and get this error, there may be incompatible changes in config.toml")
+		util.Log.Errorf("Please check README: https://github.com/future-architect/vuls#configuration")
+		return subcommands.ExitUsageError
+	}
+
+	util.Log.Info("Start scanning")
+	util.Log.Infof("config: %s", p.configPath)
+
+	var servernames []string
+	if 0 < len(f.Args()) {
+		servernames = f.Args()
+	} else if c.Conf.Pipe {
+		bytes, err := ioutil.ReadAll(os.Stdin)
+		if err != nil {
+			util.Log.Errorf("Failed to read stdin: %s", err)
+			return subcommands.ExitFailure
+		}
+		fields := strings.Fields(string(bytes))
+		if 0 < len(fields) {
+			servernames = fields
+		}
+	}
+
 	target := make(map[string]c.ServerInfo)
-	for _, arg := range f.Args() {
+	for _, arg := range servernames {
 		found := false
 		for servername, info := range c.Conf.Servers {
 			if servername == arg {
@@ -148,94 +177,43 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 			}
 		}
 		if !found {
-			logrus.Errorf("%s is not in config", arg)
+			util.Log.Errorf("%s is not in config", arg)
 			return subcommands.ExitUsageError
 		}
 	}
-	if 0 < len(f.Args()) {
+	if 0 < len(servernames) {
 		c.Conf.Servers = target
 	}
+	util.Log.Debugf("%s", pp.Sprintf("%v", target))

-	c.Conf.Lang = p.lang
-	c.Conf.Debug = p.debug
-	c.Conf.DebugSQL = p.debugSQL
-
-	// logger
-	Log := util.NewCustomLogger(c.ServerInfo{})
-
-	// report
-	reports := []report.ResultWriter{
-		report.TextWriter{},
-		report.LogrusWriter{},
-	}
-	if p.reportSlack {
-		reports = append(reports, report.SlackWriter{})
-	}
-	if p.reportMail {
-		reports = append(reports, report.MailWriter{})
-	}
-
-	c.Conf.DBPath = p.dbpath
-	c.Conf.CveDictionaryURL = p.cveDictionaryURL
-	c.Conf.HTTPProxy = p.httpProxy
-	c.Conf.UseYumPluginSecurity = p.useYumPluginSecurity
-	c.Conf.UseUnattendedUpgrades = p.useUnattendedUpgrades
-
-	Log.Info("Validating Config...")
-	if !c.Conf.Validate() {
+	util.Log.Info("Validating config...")
+	if !c.Conf.ValidateOnScan() {
 		return subcommands.ExitUsageError
 	}

-	if ok, err := cveapi.CveClient.CheckHealth(); !ok {
-		Log.Errorf("CVE HTTP server is not running. %#v", cveapi.CveClient)
-		Log.Fatal(err)
+	util.Log.Info("Detecting Server/Container OS... ")
+	if err := scan.InitServers(p.timeoutSec); err != nil {
+		util.Log.Errorf("Failed to init servers: %s", err)
 		return subcommands.ExitFailure
 	}

-	Log.Info("Detecting OS... ")
-	err = scan.InitServers(Log)
-	if err != nil {
-		Log.Errorf("Failed to init servers. err: %s", err)
+	util.Log.Info("Checking Scan Modes... ")
+	if err := scan.CheckScanModes(); err != nil {
+		util.Log.Errorf("Fix config.toml: %s", err)
 		return subcommands.ExitFailure
 	}

-	Log.Info("Scanning vulnerabilities... ")
-	if errs := scan.Scan(); 0 < len(errs) {
-		for _, e := range errs {
-			Log.Errorf("Failed to scan. err: %s.", e)
-		}
-		return subcommands.ExitFailure
-	}
+	util.Log.Info("Detecting Platforms... ")
+	scan.DetectPlatforms(p.timeoutSec)

-	scanResults, err := scan.GetScanResults()
-	if err != nil {
-		Log.Fatal(err)
-		return subcommands.ExitFailure
-	}
-
-	Log.Info("Reporting...")
-	filtered := scanResults.FilterByCvssOver()
-	for _, w := range reports {
-		if err := w.Write(filtered); err != nil {
-			Log.Fatalf("Failed to output report, err: %s", err)
-			return subcommands.ExitFailure
-		}
-	}
-
-	Log.Info("Insert to DB...")
-	if err := db.OpenDB(); err != nil {
-		Log.Errorf("Failed to open DB. datafile: %s, err: %s", c.Conf.DBPath, err)
-		return subcommands.ExitFailure
-	}
-	if err := db.MigrateDB(); err != nil {
-		Log.Errorf("Failed to migrate. err: %s", err)
-		return subcommands.ExitFailure
-	}
-
-	if err := db.Insert(scanResults); err != nil {
-		Log.Fatalf("Failed to insert. dbpath: %s, err: %s", c.Conf.DBPath, err)
+	util.Log.Info("Scanning vulnerabilities... ")
+	if err := scan.Scan(p.scanTimeoutSec); err != nil {
+		util.Log.Errorf("Failed to scan. err: %s", err)
 		return subcommands.ExitFailure
 	}
+	fmt.Printf("\n\n\n")
+	fmt.Println("To view the detail, vuls tui is useful.")
+	fmt.Println("To send a report, run vuls report -h.")

 	return subcommands.ExitSuccess
 }
--- a/commands/server.go
+++ b/commands/server.go
@@ -0,0 +1,239 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package commands
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	// "github.com/future-architect/vuls/Server"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
+	"github.com/future-architect/vuls/oval"
+	"github.com/future-architect/vuls/report"
+	"github.com/future-architect/vuls/server"
+	"github.com/future-architect/vuls/util"
+	"github.com/google/subcommands"
+	cvelog "github.com/kotakanbe/go-cve-dictionary/log"
+)
+
+// ServerCmd is subcommand for server
+type ServerCmd struct {
+	configPath  string
+	listen      string
+	cveDict     c.GoCveDictConf
+	ovalDict    c.GovalDictConf
+	gostConf    c.GostConf
+	exploitConf c.ExploitConf
+}
+
+// Name return subcommand name
+func (*ServerCmd) Name() string { return "server" }
+
+// Synopsis return synopsis
+func (*ServerCmd) Synopsis() string { return "Server" }
+
+// Usage return usage
+func (*ServerCmd) Usage() string {
+	return `Server:
+	Server
+		[-lang=en|ja]
+		[-config=/path/to/config.toml]
+		[-log-dir=/path/to/log]
+		[-cvss-over=7]
+		[-ignore-unscored-cves]
+		[-ignore-unfixed]
+		[-to-localfile]
+		[-format-json]
+		[-http-proxy=http://192.168.0.1:8080]
+		[-debug]
+		[-debug-sql]
+		[-listen=localhost:5515]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
+
+		[RFC3339 datetime format under results dir]
+`
+}
+
+// SetFlags set flag
+func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
+	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
+
+	wd, _ := os.Getwd()
+	defaultConfPath := filepath.Join(wd, "config.toml")
+	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+
+	defaultResultsDir := filepath.Join(wd, "results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
+		"-cvss-over=6.5 means Servering CVSS Score 6.5 and over (default: 0 (means Server all))")
+
+	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
+		"Don't Server the unscored CVEs")
+
+	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't Server the unfixed CVEs")
+
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")
+
+	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
+
+	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
+	f.StringVar(&p.listen, "listen", "localhost:5515",
+		"host:port (default: localhost:5515)")
+
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
+		"http://exploit.com:1326 or DB connection string")
+}
+
+// Execute execute
+func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
+
+	if err := c.Load(p.configPath, ""); err != nil {
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		return subcommands.ExitUsageError
+	}
+
+	c.Conf.CveDict.Overwrite(p.cveDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.Exploit.Overwrite(p.exploitConf)
+
+	util.Log.Info("Validating config...")
+	if !c.Conf.ValidateOnReport() {
+		return subcommands.ExitUsageError
+	}
+
+	util.Log.Info("Validating db config...")
+	if !c.Conf.ValidateOnReportDB() {
+		return subcommands.ExitUsageError
+	}
+
+	if c.Conf.CveDict.URL != "" {
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.OvalDict.URL != "" {
+		err := oval.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Gost.URL != "" {
+		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+		err := gost.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("gost HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Exploit.URL != "" {
+		err := exploit.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
+			return subcommands.ExitFailure
+		}
+	}
+
+	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+		CveDictCnf:  c.Conf.CveDict,
+		OvalDictCnf: c.Conf.OvalDict,
+		GostCnf:     c.Conf.Gost,
+		ExploitCnf:  c.Conf.Exploit,
+		DebugSQL:    c.Conf.DebugSQL,
+	})
+	if locked {
+		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	if err != nil {
+		util.Log.Errorf("Failed to init DB Clients: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	defer dbclient.CloseDB()
+
+	http.Handle("/vuls", server.VulsHandler{DBclient: *dbclient})
+	http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, "ok")
+	})
+	util.Log.Infof("Listening on %s", p.listen)
+	if err := http.ListenAndServe(p.listen, nil); err != nil {
+		util.Log.Errorf("Failed to start server: %s", err)
+		return subcommands.ExitFailure
+	}
+	return subcommands.ExitSuccess
+}
--- a/commands/tui.go
+++ b/commands/tui.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -18,33 +18,64 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package commands

 import (
+	"context"
 	"flag"
-	"fmt"
 	"os"
+	"path/filepath"

 	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
+	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
-	"golang.org/x/net/context"
+	cvelog "github.com/kotakanbe/go-cve-dictionary/log"
 )

 // TuiCmd is Subcommand of host discovery mode
 type TuiCmd struct {
-	lang     string
-	debugSQL bool
-	dbpath   string
+	configPath  string
+	cveDict     c.GoCveDictConf
+	ovalDict    c.GovalDictConf
+	gostConf    c.GostConf
+	exploitConf c.ExploitConf
 }

 // Name return subcommand name
 func (*TuiCmd) Name() string { return "tui" }

 // Synopsis return synopsis
-func (*TuiCmd) Synopsis() string { return "Run Tui view to anayze vulnerabilites." }
+func (*TuiCmd) Synopsis() string { return "Run Tui view to analyze vulnerabilities" }

 // Usage return usage
 func (*TuiCmd) Usage() string {
 	return `tui:
-	tui [-dbpath=/path/to/vuls.sqlite3]
+	tui
+		[-refresh-cve]
+		[-config=/path/to/config.toml]
+		[-cvss-over=7]
+		[-diff]
+		[-ignore-unscored-cves]
+		[-ignore-unfixed]
+		[-results-dir=/path/to/results]
+		[-log-dir=/path/to/log]
+		[-debug]
+		[-debug-sql]
+		[-pipe]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]

 `
 }
@@ -52,17 +83,167 @@ func (*TuiCmd) Usage() string {
 // SetFlags set flag
 func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
 	//  f.StringVar(&p.lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&p.debugSQL, "debug-sql", false, "debug SQL")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "debug SQL")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+
+	wd, _ := os.Getwd()
+	defaultResultsDir := filepath.Join(wd, "results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+
+	defaultConfPath := filepath.Join(wd, "config.toml")
+	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+
+	f.BoolVar(&c.Conf.RefreshCve, "refresh-cve", false,
+		"Refresh CVE information in JSON file under results dir")
+
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
+		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")
+
+	f.BoolVar(&c.Conf.Diff, "diff", false,
+		"Difference between previous result and current result ")
+
+	f.BoolVar(
+		&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
+		"Don't report the unscored CVEs")
+
+	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't report the unfixed CVEs")
+
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
+
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
+		"http://exploit.com:1326 or DB connection string")

-	defaultDBPath := os.Getenv("PWD") + "/vuls.sqlite3"
-	f.StringVar(&p.dbpath, "dbpath", defaultDBPath,
-		fmt.Sprintf("/path/to/sqlite3 (default: %s)", defaultDBPath))
 }

 // Execute execute
 func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
 	c.Conf.Lang = "en"
-	c.Conf.DebugSQL = p.debugSQL
-	c.Conf.DBPath = p.dbpath
-	return report.RunTui()
+
+	// Setup Logger
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
+
+	if err := c.Load(p.configPath, ""); err != nil {
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		return subcommands.ExitUsageError
+	}
+
+	c.Conf.CveDict.Overwrite(p.cveDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.Exploit.Overwrite(p.exploitConf)
+
+	var dir string
+	var err error
+	if c.Conf.Diff {
+		dir, err = report.JSONDir([]string{})
+	} else {
+		dir, err = report.JSONDir(f.Args())
+	}
+	if err != nil {
+		util.Log.Errorf("Failed to read from JSON: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	util.Log.Info("Validating config...")
+	if !c.Conf.ValidateOnTui() {
+		return subcommands.ExitUsageError
+	}
+
+	var res models.ScanResults
+	if res, err = report.LoadScanResults(dir); err != nil {
+		util.Log.Error(err)
+		return subcommands.ExitFailure
+	}
+	util.Log.Infof("Loaded: %s", dir)
+
+	util.Log.Info("Validating db config...")
+	if !c.Conf.ValidateOnReportDB() {
+		return subcommands.ExitUsageError
+	}
+
+	if c.Conf.CveDict.URL != "" {
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.OvalDict.URL != "" {
+		err := oval.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Gost.URL != "" {
+		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+		err := gost.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("gost HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Exploit.URL != "" {
+		err := exploit.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
+			return subcommands.ExitFailure
+		}
+	}
+	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+		CveDictCnf:  c.Conf.CveDict,
+		OvalDictCnf: c.Conf.OvalDict,
+		GostCnf:     c.Conf.Gost,
+		ExploitCnf:  c.Conf.Exploit,
+		DebugSQL:    c.Conf.DebugSQL,
+	})
+	if locked {
+		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	if err != nil {
+		util.Log.Errorf("Failed to init DB Clients: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	defer dbclient.CloseDB()
+
+	if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
+		util.Log.Error(err)
+		return subcommands.ExitFailure
+	}
+	return report.RunTui(res)
 }
--- a/commands/util.go
+++ b/commands/util.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -15,37 +15,41 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

-package report
+package commands

 import (
+	"fmt"
 	"os"
+	"path/filepath"

-	"github.com/Sirupsen/logrus"
-	"github.com/future-architect/vuls/models"
-	formatter "github.com/kotakanbe/logrus-prefixed-formatter"
+	"github.com/howeyc/gopass"
+	homedir "github.com/mitchellh/go-homedir"
 )

-// LogrusWriter write to logfile
-type LogrusWriter struct {
+func getPasswd(prompt string) (string, error) {
+	for {
+		fmt.Print(prompt)
+		pass, err := gopass.GetPasswdMasked()
+		if err != nil {
+			return "", fmt.Errorf("Failed to read password")
+		}
+		if 0 < len(pass) {
+			return string(pass), nil
+		}
+	}
+
 }

-func (w LogrusWriter) Write(scanResults []models.ScanResult) error {
-	path := "/var/log/vuls/report.log"
-	f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
+func mkdirDotVuls() error {
+	home, err := homedir.Dir()
 	if err != nil {
 		return err
 	}
-	log := logrus.New()
-	log.Formatter = &formatter.TextFormatter{}
-	log.Out = f
-	log.Level = logrus.InfoLevel
-
-	for _, s := range scanResults {
-		text, err := toPlainText(s)
-		if err != nil {
+	dotVuls := filepath.Join(home, ".vuls")
+	if _, err := os.Stat(dotVuls); os.IsNotExist(err) {
+		if err := os.Mkdir(dotVuls, 0700); err != nil {
 			return err
 		}
-		log.Infof(text)
 	}
 	return nil
 }
--- a/commands/util_test.go
+++ b/commands/util_test.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -15,4 +15,4 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

-package scan
+package commands
--- a/config/color.go
+++ b/config/color.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
--- a/config/config.go
+++ b/config/config.go
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -0,0 +1,103 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestSyslogConfValidate(t *testing.T) {
+	var tests = []struct {
+		conf              SyslogConf
+		expectedErrLength int
+	}{
+		{
+			conf:              SyslogConf{},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "tcp",
+				Port:     "5140",
+			},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "udp",
+				Port:     "12345",
+				Severity: "emerg",
+				Facility: "user",
+			},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "foo",
+				Port:     "514",
+			},
+			expectedErrLength: 1,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "invalid",
+				Port:     "-1",
+			},
+			expectedErrLength: 2,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "invalid",
+				Port:     "invalid",
+				Severity: "invalid",
+				Facility: "invalid",
+			},
+			expectedErrLength: 4,
+		},
+	}
+
+	for i, tt := range tests {
+		Conf.ToSyslog = true
+		errs := tt.conf.Validate()
+		if len(errs) != tt.expectedErrLength {
+			t.Errorf("test: %d, expected %d, actual %d", i, tt.expectedErrLength, len(errs))
+		}
+	}
+}
+
+func TestMajorVersion(t *testing.T) {
+	var tests = []struct {
+		in  Distro
+		out int
+	}{
+		{
+			in: Distro{
+				Family:  Amazon,
+				Release: "2 (2017.12)",
+			},
+			out: 2,
+		},
+		{
+			in: Distro{
+				Family:  Amazon,
+				Release: "2017.12",
+			},
+			out: 1,
+		},
+		{
+			in: Distro{
+				Family:  CentOS,
+				Release: "7.10",
+			},
+			out: 7,
+		},
+	}
+
+	for i, tt := range tests {
+		ver, err := tt.in.MajorVersion()
+		if err != nil {
+			t.Errorf("[%d] err occurred: %s", i, err)
+		}
+		if tt.out != ver {
+			t.Errorf("[%d] expected %d, actual %d", i, tt.out, ver)
+		}
+	}
+}
--- a/config/jsonloader.go
+++ b/config/jsonloader.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -23,7 +23,7 @@ import "fmt"
 type JSONLoader struct {
 }

-// Load load the configuraiton JSON file specified by path arg.
-func (c JSONLoader) Load(path string) (err error) {
+// Load load the configuration JSON file specified by path arg.
+func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error) {
 	return fmt.Errorf("Not implement yet")
 }
--- a/config/loader.go
+++ b/config/loader.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -18,16 +18,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package config

 // Load loads configuration
-func Load(path string) error {
-
-	//TODO if path's suffix .toml
+func Load(path, keyPass string) error {
 	var loader Loader
 	loader = TOMLLoader{}
-
-	return loader.Load(path)
+	return loader.Load(path, keyPass)
 }

 // Loader is interface of concrete loader
 type Loader interface {
-	Load(string) error
+	Load(string, string) error
 }
--- a/config/tomlloader.go
+++ b/config/tomlloader.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -20,65 +20,120 @@ package config
 import (
 	"fmt"
 	"os"
+	"regexp"
+	"strings"

 	"github.com/BurntSushi/toml"
-	log "github.com/Sirupsen/logrus"
-	"github.com/k0kubun/pp"
+	"github.com/knqyf263/go-cpe/naming"
 )

 // TOMLLoader loads config
 type TOMLLoader struct {
 }

-// Load load the configuraiton TOML file specified by path arg.
-func (c TOMLLoader) Load(pathToToml string) (err error) {
+// Load load the configuration TOML file specified by path arg.
+func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 	var conf Config
 	if _, err := toml.DecodeFile(pathToToml, &conf); err != nil {
-		log.Error("Load config failed.", err)
 		return err
 	}
-
-	Conf.Mail = conf.Mail
+	Conf.EMail = conf.EMail
 	Conf.Slack = conf.Slack
+	Conf.Stride = conf.Stride
+	Conf.HipChat = conf.HipChat
+	Conf.ChatWork = conf.ChatWork
+	Conf.Saas = conf.Saas
+	Conf.Syslog = conf.Syslog
+	Conf.HTTP = conf.HTTP
+	Conf.AWS = conf.AWS
+	Conf.Azure = conf.Azure
+
+	Conf.CveDict = conf.CveDict
+	Conf.OvalDict = conf.OvalDict
+	Conf.Gost = conf.Gost
+	Conf.Exploit = conf.Exploit

 	d := conf.Default
 	Conf.Default = d
 	servers := make(map[string]ServerInfo)

+	if keyPass != "" {
+		d.KeyPassword = keyPass
+	}
+
 	i := 0
-	for name, v := range conf.Servers {
-		s := ServerInfo{ServerName: name}
-		s.User = v.User
-		if s.User == "" {
-			s.User = d.User
+	for serverName, v := range conf.Servers {
+		if 0 < len(v.KeyPassword) {
+			return fmt.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", serverName)
 		}

-		s.Password = v.Password
-		if s.Password == "" {
-			s.Password = d.Password
-		}
+		s := ServerInfo{ServerName: serverName}
+		if v.Type != ServerTypePseudo {
+			s.Host = v.Host
+			if len(s.Host) == 0 {
+				return fmt.Errorf("%s is invalid. host is empty", serverName)
+			}

-		s.Host = v.Host
+			switch {
+			case v.Port != "":
+				s.Port = v.Port
+			case d.Port != "":
+				s.Port = d.Port
+			default:
+				s.Port = "22"
+			}

-		s.Port = v.Port
-		if s.Port == "" {
-			s.Port = d.Port
-		}
+			switch {
+			case v.User != "":
+				s.User = v.User
+			case d.User != "":
+				s.User = d.User
+			default:
+				if s.Port != "local" {
+					return fmt.Errorf("%s is invalid. User is empty", serverName)
+				}
+			}

-		s.KeyPath = v.KeyPath
-		if s.KeyPath == "" {
-			s.KeyPath = d.KeyPath
-		}
-		if s.KeyPath != "" {
-			if _, err := os.Stat(s.KeyPath); err != nil {
-				return fmt.Errorf(
-					"config.toml is invalid. keypath: %s not exists", s.KeyPath)
+			s.KeyPath = v.KeyPath
+			if len(s.KeyPath) == 0 {
+				s.KeyPath = d.KeyPath
+			}
+			if s.KeyPath != "" {
+				if _, err := os.Stat(s.KeyPath); err != nil {
+					return fmt.Errorf(
+						"%s is invalid. keypath: %s not exists", serverName, s.KeyPath)
+				}
+			}
+
+			s.KeyPassword = v.KeyPassword
+			if len(s.KeyPassword) == 0 {
+				s.KeyPassword = d.KeyPassword
 			}
 		}

-		s.KeyPassword = v.KeyPassword
-		if s.KeyPassword == "" {
-			s.KeyPassword = d.KeyPassword
+		s.ScanMode = v.ScanMode
+		if len(s.ScanMode) == 0 {
+			s.ScanMode = d.ScanMode
+			if len(s.ScanMode) == 0 {
+				s.ScanMode = []string{"fast"}
+			}
+		}
+		for _, m := range s.ScanMode {
+			switch m {
+			case "fast":
+				s.Mode.Set(Fast)
+			case "fast-root":
+				s.Mode.Set(FastRoot)
+			case "deep":
+				s.Mode.Set(Deep)
+			case "offline":
+				s.Mode.Set(Offline)
+			default:
+				return fmt.Errorf("scanMode: %s of %s is invalie. Specify -fast, -fast-root, -deep or offline", m, serverName)
+			}
+		}
+		if err := s.Mode.validate(); err != nil {
+			return fmt.Errorf("%s in %s", err, serverName)
 		}

 		s.CpeNames = v.CpeNames
@@ -86,13 +141,143 @@ func (c TOMLLoader) Load(pathToToml string) (err error) {
 			s.CpeNames = d.CpeNames
 		}

-		s.LogMsgAnsiColor = Colors[i%len(conf.Servers)]
+		for i, n := range s.CpeNames {
+			uri, err := toCpeURI(n)
+			if err != nil {
+				return fmt.Errorf("Failed to parse CPENames %s in %s: %s", n, serverName, err)
+			}
+			s.CpeNames[i] = uri
+		}
+
+		s.ContainersIncluded = v.ContainersIncluded
+		if len(s.ContainersIncluded) == 0 {
+			s.ContainersIncluded = d.ContainersIncluded
+		}
+
+		s.ContainersExcluded = v.ContainersExcluded
+		if len(s.ContainersExcluded) == 0 {
+			s.ContainersExcluded = d.ContainersExcluded
+		}
+
+		s.ContainerType = v.ContainerType
+		if len(s.ContainerType) == 0 {
+			s.ContainerType = d.ContainerType
+		}
+
+		s.Containers = v.Containers
+		for contName, cont := range s.Containers {
+			cont.IgnoreCves = append(cont.IgnoreCves, d.IgnoreCves...)
+			s.Containers[contName] = cont
+		}
+
+		if len(v.DependencyCheckXMLPath) != 0 || len(d.DependencyCheckXMLPath) != 0 {
+			return fmt.Errorf("[DEPRECATED] dependencyCheckXMLPath IS DEPRECATED. USE owaspDCXMLPath INSTEAD: %s", serverName)
+		}
+
+		s.OwaspDCXMLPath = v.OwaspDCXMLPath
+		if len(s.OwaspDCXMLPath) == 0 {
+			s.OwaspDCXMLPath = d.OwaspDCXMLPath
+		}
+
+		s.Memo = v.Memo
+		if s.Memo == "" {
+			s.Memo = d.Memo
+		}
+
+		s.IgnoreCves = v.IgnoreCves
+		for _, cve := range d.IgnoreCves {
+			found := false
+			for _, c := range s.IgnoreCves {
+				if cve == c {
+					found = true
+					break
+				}
+			}
+			if !found {
+				s.IgnoreCves = append(s.IgnoreCves, cve)
+			}
+		}
+
+		s.IgnorePkgsRegexp = v.IgnorePkgsRegexp
+		for _, pkg := range d.IgnorePkgsRegexp {
+			found := false
+			for _, p := range s.IgnorePkgsRegexp {
+				if pkg == p {
+					found = true
+					break
+				}
+			}
+			if !found {
+				s.IgnorePkgsRegexp = append(s.IgnorePkgsRegexp, pkg)
+			}
+		}
+		for _, reg := range s.IgnorePkgsRegexp {
+			_, err := regexp.Compile(reg)
+			if err != nil {
+				return fmt.Errorf("Faild to parse %s in %s. err: %s", reg, serverName, err)
+			}
+		}
+		for contName, cont := range s.Containers {
+			for _, reg := range cont.IgnorePkgsRegexp {
+				_, err := regexp.Compile(reg)
+				if err != nil {
+					return fmt.Errorf("Faild to parse %s in %s@%s. err: %s",
+						reg, contName, serverName, err)
+				}
+			}
+		}
+
+		opt := map[string]interface{}{}
+		for k, v := range d.Optional {
+			opt[k] = v
+		}
+		for k, v := range v.Optional {
+			opt[k] = v
+		}
+		s.Optional = opt
+
+		s.Enablerepo = v.Enablerepo
+		if len(s.Enablerepo) == 0 {
+			s.Enablerepo = d.Enablerepo
+		}
+		if len(s.Enablerepo) != 0 {
+			for _, repo := range s.Enablerepo {
+				switch repo {
+				case "base", "updates":
+					// nop
+				default:
+					return fmt.Errorf(
+						"For now, enablerepo have to be base or updates: %s, servername: %s",
+						s.Enablerepo, serverName)
+				}
+			}
+		}
+
+		s.UUIDs = v.UUIDs
+		s.Type = v.Type
+
+		s.LogMsgAnsiColor = Colors[i%len(Colors)]
 		i++

-		servers[name] = s
+		servers[serverName] = s
 	}
-	log.Debug("Config loaded.")
-	log.Debugf("%s", pp.Sprintf("%v", servers))
 	Conf.Servers = servers
-	return
+	return nil
+}
+
+func toCpeURI(cpename string) (string, error) {
+	if strings.HasPrefix(cpename, "cpe:2.3:") {
+		wfn, err := naming.UnbindFS(cpename)
+		if err != nil {
+			return "", err
+		}
+		return naming.BindToURI(wfn), nil
+	} else if strings.HasPrefix(cpename, "cpe:/") {
+		wfn, err := naming.UnbindURI(cpename)
+		if err != nil {
+			return "", err
+		}
+		return naming.BindToURI(wfn), nil
+	}
+	return "", fmt.Errorf("Unknow CPE format: %s", cpename)
 }
--- a/config/tomlloader_test.go
+++ b/config/tomlloader_test.go
@@ -0,0 +1,44 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestToCpeURI(t *testing.T) {
+	var tests = []struct {
+		in       string
+		expected string
+		err      bool
+	}{
+		{
+			in:       "",
+			expected: "",
+			err:      true,
+		},
+		{
+			in:       "cpe:/a:microsoft:internet_explorer:10",
+			expected: "cpe:/a:microsoft:internet_explorer:10",
+			err:      false,
+		},
+		{
+			in:       "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
+			expected: "cpe:/a:microsoft:internet_explorer:10",
+			err:      false,
+		},
+	}
+
+	for i, tt := range tests {
+		actual, err := toCpeURI(tt.in)
+		if err != nil && !tt.err {
+			t.Errorf("[%d] unexpected error occurred, in: %s act: %s, exp: %s",
+				i, tt.in, actual, tt.expected)
+		} else if err == nil && tt.err {
+			t.Errorf("[%d] expected error is not occurred, in: %s act: %s, exp: %s",
+				i, tt.in, actual, tt.expected)
+		}
+		if actual != tt.expected {
+			t.Errorf("[%d] in: %s, actual: %s, expected: %s",
+				i, tt.in, actual, tt.expected)
+		}
+	}
+}
--- a/contrib/owasp-dependency-check/parser/parser.go
+++ b/contrib/owasp-dependency-check/parser/parser.go
@@ -0,0 +1,66 @@
+package parser
+
+import (
+	"encoding/xml"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type analysis struct {
+	Dependencies []dependency `xml:"dependencies>dependency"`
+}
+
+type dependency struct {
+	Identifiers []identifier `xml:"identifiers>identifier"`
+}
+
+type identifier struct {
+	Name string `xml:"name"`
+	Type string `xml:"type,attr"`
+}
+
+func appendIfMissing(slice []string, str string) []string {
+	for _, s := range slice {
+		if s == str {
+			return slice
+		}
+	}
+	return append(slice, str)
+}
+
+// Parse parses OWASP dependency check XML and collect list of cpe
+func Parse(path string) ([]string, error) {
+	file, err := os.Open(path)
+	if err != nil {
+		log.Warnf("OWASP Dependency Check XML is not found: %s", path)
+		return []string{}, nil
+	}
+	defer file.Close()
+
+	b, err := ioutil.ReadAll(file)
+	if err != nil {
+		log.Warnf("Failed to read OWASP Dependency Check XML: %s", path)
+		return []string{}, nil
+	}
+
+	var anal analysis
+	if err := xml.Unmarshal(b, &anal); err != nil {
+		return nil, fmt.Errorf("Failed to unmarshal: %s", err)
+	}
+
+	cpes := []string{}
+	for _, d := range anal.Dependencies {
+		for _, ident := range d.Identifiers {
+			if ident.Type == "cpe" {
+				name := strings.TrimPrefix(ident.Name, "(")
+				name = strings.TrimSuffix(name, ")")
+				cpes = appendIfMissing(cpes, name)
+			}
+		}
+	}
+	return cpes, nil
+}
--- a/cwe/en.go
+++ b/cwe/en.go
--- a/cwe/ja.go
+++ b/cwe/ja.go
--- a/cwe/owasp.go
+++ b/cwe/owasp.go
@@ -0,0 +1,65 @@
+package cwe
+
+// OwaspTopTen2017 has CWE-ID in OWSP Top 10
+var OwaspTopTen2017 = map[string]string{
+	"77":  "1",
+	"89":  "1",
+	"564": "1",
+	"917": "1",
+
+	"287": "2",
+	"384": "2",
+
+	"220": "3",
+	"310": "3",
+	"312": "3",
+	"319": "3",
+	"326": "3",
+	"359": "3",
+
+	"611": "4",
+
+	"22":  "5",
+	"284": "5",
+	"285": "5",
+	"639": "5",
+
+	"2":   "6",
+	"16":  "6",
+	"388": "6",
+
+	"79": "7",
+
+	"502": "8",
+
+	"223": "10",
+	"778": "10",
+}
+
+// OwaspTopTen2017GitHubURLEn has GitHub links
+var OwaspTopTen2017GitHubURLEn = map[string]string{
+	"1":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa1-injection.md",
+	"2":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa2-broken-authentication.md",
+	"3":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa3-sensitive-data-disclosure.md",
+	"4":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa4-xxe.md",
+	"5":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa5-broken-access-control.md",
+	"6":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa6-security-misconfiguration.md",
+	"7":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa7-xss.md",
+	"8":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa8-insecure-deserialization.md",
+	"9":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa9-known-vulns.md<Paste>",
+	"10": "https://github.com/OWASP/Top10/blob/master/2017/en/0xaa-logging-detection-response.md",
+}
+
+// OwaspTopTen2017GitHubURLJa has GitHub links
+var OwaspTopTen2017GitHubURLJa = map[string]string{
+	"1":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa1-injection.md",
+	"2":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa2-broken-authentication.md",
+	"3":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa3-sensitive-data-disclosure.md",
+	"4":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa4-xxe.md",
+	"5":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa5-broken-access-control.md",
+	"6":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa6-security-misconfiguration.md",
+	"7":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa7-xss.md",
+	"8":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa8-insecure-deserialization.md",
+	"9":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa9-known-vulns.md<Paste>",
+	"10": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xaa-logging-detection-response.md",
+}
--- a/db/db.go
+++ b/db/db.go
@@ -1,272 +0,0 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package db
-
-import (
-	"fmt"
-	"sort"
-	"time"
-
-	"github.com/future-architect/vuls/config"
-	m "github.com/future-architect/vuls/models"
-	"github.com/jinzhu/gorm"
-	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
-	cve "github.com/kotakanbe/go-cve-dictionary/models"
-)
-
-var db *gorm.DB
-
-// OpenDB opens Database
-func OpenDB() (err error) {
-	db, err = gorm.Open("sqlite3", config.Conf.DBPath)
-	if err != nil {
-		err = fmt.Errorf("Failed to open DB. datafile: %s, err: %s", config.Conf.DBPath, err)
-		return
-
-	}
-	db.LogMode(config.Conf.DebugSQL)
-	return
-}
-
-// MigrateDB migrates Database
-func MigrateDB() error {
-	if err := db.AutoMigrate(
-		&m.ScanHistory{},
-		&m.ScanResult{},
-		//  &m.NWLink{},
-		&m.CveInfo{},
-		&m.CpeName{},
-		&m.PackageInfo{},
-		&m.DistroAdvisory{},
-		&cve.CveDetail{},
-		&cve.Jvn{},
-		&cve.Nvd{},
-		&cve.Reference{},
-		&cve.Cpe{},
-	).Error; err != nil {
-		return fmt.Errorf("Failed to migrate. err: %s", err)
-	}
-
-	errMsg := "Failed to create index. err: %s"
-	//  if err := db.Model(&m.NWLink{}).
-	//      AddIndex("idx_n_w_links_scan_result_id", "scan_result_id").Error; err != nil {
-	//      return fmt.Errorf(errMsg, err)
-	//  }
-	if err := db.Model(&m.CveInfo{}).
-		AddIndex("idx_cve_infos_scan_result_id", "scan_result_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&m.CpeName{}).
-		AddIndex("idx_cpe_names_cve_info_id", "cve_info_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&m.PackageInfo{}).
-		AddIndex("idx_package_infos_cve_info_id", "cve_info_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&m.DistroAdvisory{}).
-		//TODO check table name
-		AddIndex("idx_distro_advisories_cve_info_id", "cve_info_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&cve.CveDetail{}).
-		AddIndex("idx_cve_detail_cve_info_id", "cve_info_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&cve.CveDetail{}).
-		AddIndex("idx_cve_detail_cveid", "cve_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&cve.Nvd{}).
-		AddIndex("idx_nvds_cve_detail_id", "cve_detail_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&cve.Jvn{}).
-		AddIndex("idx_jvns_cve_detail_id", "cve_detail_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&cve.Cpe{}).
-		AddIndex("idx_cpes_jvn_id", "jvn_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&cve.Reference{}).
-		AddIndex("idx_references_jvn_id", "jvn_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&cve.Cpe{}).
-		AddIndex("idx_cpes_nvd_id", "nvd_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-	if err := db.Model(&cve.Reference{}).
-		AddIndex("idx_references_nvd_id", "nvd_id").Error; err != nil {
-		return fmt.Errorf(errMsg, err)
-	}
-
-	return nil
-}
-
-// Insert inserts scan results into DB
-func Insert(results []m.ScanResult) error {
-	for _, r := range results {
-		r.KnownCves = resetGormIDs(r.KnownCves)
-		r.UnknownCves = resetGormIDs(r.UnknownCves)
-	}
-
-	history := m.ScanHistory{
-		ScanResults: results,
-		ScannedAt:   time.Now(),
-	}
-
-	db = db.Set("gorm:save_associations", false)
-	if err := db.Create(&history).Error; err != nil {
-		return err
-	}
-	for _, scanResult := range history.ScanResults {
-		scanResult.ScanHistoryID = history.ID
-		if err := db.Create(&scanResult).Error; err != nil {
-			return err
-		}
-		if err := insertCveInfos(scanResult.ID, scanResult.KnownCves); err != nil {
-			return err
-		}
-		if err := insertCveInfos(scanResult.ID, scanResult.UnknownCves); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func insertCveInfos(scanResultID uint, infos []m.CveInfo) error {
-	for _, cveInfo := range infos {
-		cveInfo.ScanResultID = scanResultID
-		if err := db.Create(&cveInfo).Error; err != nil {
-			return err
-		}
-
-		for _, pack := range cveInfo.Packages {
-			pack.CveInfoID = cveInfo.ID
-			if err := db.Create(&pack).Error; err != nil {
-				return err
-			}
-		}
-
-		for _, distroAdvisory := range cveInfo.DistroAdvisories {
-			distroAdvisory.CveInfoID = cveInfo.ID
-			if err := db.Create(&distroAdvisory).Error; err != nil {
-				return err
-			}
-		}
-
-		for _, cpeName := range cveInfo.CpeNames {
-			cpeName.CveInfoID = cveInfo.ID
-			if err := db.Create(&cpeName).Error; err != nil {
-				return err
-			}
-		}
-
-		db = db.Set("gorm:save_associations", true)
-		cveDetail := cveInfo.CveDetail
-		cveDetail.CveInfoID = cveInfo.ID
-		if err := db.Create(&cveDetail).Error; err != nil {
-			return err
-		}
-		db = db.Set("gorm:save_associations", false)
-	}
-	return nil
-}
-
-func resetGormIDs(infos []m.CveInfo) []m.CveInfo {
-	for i := range infos {
-		infos[i].CveDetail.ID = 0
-		// NVD
-		infos[i].CveDetail.Nvd.ID = 0
-		for j := range infos[i].CveDetail.Nvd.Cpes {
-			infos[i].CveDetail.Nvd.Cpes[j].ID = 0
-		}
-		for j := range infos[i].CveDetail.Nvd.References {
-			infos[i].CveDetail.Nvd.References[j].ID = 0
-		}
-
-		// JVN
-		infos[i].CveDetail.Jvn.ID = 0
-		for j := range infos[i].CveDetail.Jvn.Cpes {
-			infos[i].CveDetail.Jvn.Cpes[j].ID = 0
-		}
-		for j := range infos[i].CveDetail.Jvn.References {
-			infos[i].CveDetail.Jvn.References[j].ID = 0
-		}
-
-		//Packages
-		for j := range infos[i].Packages {
-			infos[i].Packages[j].ID = 0
-			infos[i].Packages[j].CveInfoID = 0
-		}
-	}
-	return infos
-}
-
-// SelectLatestScanHistory select latest scan history from DB
-func SelectLatestScanHistory() (m.ScanHistory, error) {
-	scanHistory := m.ScanHistory{}
-	db.Order("scanned_at desc").First(&scanHistory)
-
-	if scanHistory.ID == 0 {
-		return m.ScanHistory{}, fmt.Errorf("No scanHistory records.")
-	}
-
-	results := []m.ScanResult{}
-	db.Model(&scanHistory).Related(&results, "ScanResults")
-	scanHistory.ScanResults = results
-
-	for i, r := range results {
-		//  nw := []m.NWLink{}
-		//  db.Model(&r).Related(&nw, "NWLinks")
-		//  scanHistory.ScanResults[i].NWLinks = nw
-
-		knownCves := selectCveInfos(&r, "KnownCves")
-		sort.Sort(m.CveInfos(knownCves))
-		scanHistory.ScanResults[i].KnownCves = knownCves
-	}
-	return scanHistory, nil
-}
-
-func selectCveInfos(result *m.ScanResult, fieldName string) []m.CveInfo {
-	cveInfos := []m.CveInfo{}
-	db.Model(&result).Related(&cveInfos, fieldName)
-
-	for i, cveInfo := range cveInfos {
-		cveDetail := cve.CveDetail{}
-		db.Model(&cveInfo).Related(&cveDetail, "CveDetail")
-		id := cveDetail.CveID
-		filledCveDetail := cvedb.Get(id, db)
-		cveInfos[i].CveDetail = filledCveDetail
-
-		packs := []m.PackageInfo{}
-		db.Model(&cveInfo).Related(&packs, "Packages")
-		cveInfos[i].Packages = packs
-
-		advisories := []m.DistroAdvisory{}
-		db.Model(&cveInfo).Related(&advisories, "DistroAdvisories")
-		cveInfos[i].DistroAdvisories = advisories
-
-		names := []m.CpeName{}
-		db.Model(&cveInfo).Related(&names, "CpeNames")
-		cveInfos[i].CpeNames = names
-	}
-	return cveInfos
-}
--- a/exploit/exploit.go
+++ b/exploit/exploit.go
@@ -0,0 +1,135 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package exploit
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/mozqnet/go-exploitdb/db"
+	exploitmodels "github.com/mozqnet/go-exploitdb/models"
+	"github.com/parnurzeal/gorequest"
+)
+
+// FillWithExploit fills exploit information that has in Exploit
+func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
+	if cnf.Conf.Exploit.IsFetchViaHTTP() {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves")
+		responses, err := getCvesViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			exps := []*exploitmodels.Exploit{}
+			if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
+				return 0, err
+			}
+			exploits := convertToModels(exps)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.Exploits = exploits
+			}
+			r.ScannedCves[res.request.cveID] = v
+			nExploitCve++
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for cveID, vuln := range r.ScannedCves {
+			es := driver.GetExploitByCveID(cveID)
+			if len(es) == 0 {
+				continue
+			}
+			exploits := convertToModels(es)
+			vuln.Exploits = exploits
+			r.ScannedCves[cveID] = vuln
+			nExploitCve++
+		}
+	}
+	return nExploitCve, nil
+}
+
+// convertToModels converts gost model to vuls model
+func convertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
+	for _, e := range es {
+		var documentURL, paperURL, shellURL *string
+		if e.OffensiveSecurity != nil {
+			os := e.OffensiveSecurity
+			if os.Document != nil {
+				documentURL = &os.Document.DocumentURL
+			}
+			if os.ShellCode != nil {
+				shellURL = &os.ShellCode.ShellCodeURL
+			}
+			if os.Paper != nil {
+				paperURL = &os.Paper.PaperURL
+			}
+		}
+		exploit := models.Exploit{
+			ExploitType:  e.ExploitType,
+			ID:           e.ExploitUniqueID,
+			URL:          e.URL,
+			Description:  e.Description,
+			DocumentURL:  documentURL,
+			ShellCodeURL: shellURL,
+			PaperURL:     paperURL,
+		}
+		exploits = append(exploits, exploit)
+	}
+	return exploits
+}
+
+// CheckHTTPHealth do health check
+func CheckHTTPHealth() error {
+	if !cnf.Conf.Exploit.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Exploit.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return fmt.Errorf("Failed to connect to exploit server. url: %s, errs: %v",
+			url, errs)
+	}
+	return nil
+}
+
+// CheckIfExploitFetched checks if oval entries are in DB by family, release.
+func CheckIfExploitFetched(driver db.DB, osFamily string) (fetched bool, err error) {
+	//TODO
+	return true, nil
+}
+
+// CheckIfExploitFresh checks if oval entries are fresh enough
+func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
+	//TODO
+	return true, nil
+}
--- a/exploit/exploit_test.go
+++ b/exploit/exploit_test.go
@@ -0,0 +1,8 @@
+package exploit
+
+import (
+	"testing"
+)
+
+func TestSetPackageStates(t *testing.T) {
+}
--- a/exploit/util.go
+++ b/exploit/util.go
@@ -0,0 +1,133 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package exploit
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/util"
+	"github.com/parnurzeal/gorequest"
+)
+
+type response struct {
+	request request
+	json    string
+}
+
+func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []response, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- request{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					urlPrefix,
+					req.cveID,
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, fmt.Errorf("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+	}
+	return
+}
+
+type request struct {
+	osMajorVersion string
+	packName       string
+	isSrcPack      bool
+	cveID          string
+}
+
+func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- fmt.Errorf("HTTP Error %s", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- fmt.Errorf("HRetry count exceeded")
+		return
+	}
+
+	resChan <- response{
+		request: req,
+		json:    body,
+	}
+}
--- a/gost/debian.go
+++ b/gost/debian.go
@@ -0,0 +1,182 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"encoding/json"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/knqyf263/gost/db"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+// Debian is Gost client for Debian GNU/Linux
+type Debian struct {
+	Base
+}
+
+type packCves struct {
+	packName  string
+	isSrcPack bool
+	cves      []models.CveContent
+}
+
+// FillWithGost fills cve information that has in Gost
+func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+	// Add linux and set the version of running kernel to search OVAL.
+	if r.Container.ContainerID == "" {
+		newVer := ""
+		if p, ok := r.Packages[linuxImage]; ok {
+			newVer = p.NewVersion
+		}
+		r.Packages["linux"] = models.Package{
+			Name:       "linux",
+			Version:    r.RunningKernel.Version,
+			NewVersion: newVer,
+		}
+	}
+
+	packCvesList := []packCves{}
+	if config.Conf.Gost.IsFetchViaHTTP() {
+		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
+		responses, err := getAllUnfixedCvesViaHTTP(r, url)
+		if err != nil {
+			return 0, err
+		}
+
+		for _, res := range responses {
+			debCves := map[string]gostmodels.DebianCVE{}
+			if err := json.Unmarshal([]byte(res.json), &debCves); err != nil {
+				return 0, err
+			}
+			cves := []models.CveContent{}
+			for _, debcve := range debCves {
+				cves = append(cves, *deb.ConvertToModel(&debcve))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  res.request.packName,
+				isSrcPack: res.request.isSrcPack,
+				cves:      cves,
+			})
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for _, pack := range r.Packages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+			cves := []models.CveContent{}
+			for _, cveDeb := range cveDebs {
+				cves = append(cves, *deb.ConvertToModel(&cveDeb))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  pack.Name,
+				isSrcPack: false,
+				cves:      cves,
+			})
+		}
+
+		// SrcPack
+		for _, pack := range r.SrcPackages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+			cves := []models.CveContent{}
+			for _, cveDeb := range cveDebs {
+				cves = append(cves, *deb.ConvertToModel(&cveDeb))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  pack.Name,
+				isSrcPack: true,
+				cves:      cves,
+			})
+		}
+	}
+
+	delete(r.Packages, "linux")
+
+	for _, p := range packCvesList {
+		for _, cve := range p.cves {
+			v, ok := r.ScannedCves[cve.CveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(cve)
+				} else {
+					v.CveContents[models.DebianSecurityTracker] = cve
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cve.CveID,
+					CveContents: models.NewCveContents(cve),
+					Confidences: models.Confidences{models.DebianSecurityTrackerMatch},
+				}
+				nCVEs++
+			}
+
+			names := []string{}
+			if p.isSrcPack {
+				if srcPack, ok := r.SrcPackages[p.packName]; ok {
+					for _, binName := range srcPack.BinaryNames {
+						if _, ok := r.Packages[binName]; ok {
+							names = append(names, binName)
+						}
+					}
+				}
+			} else {
+				if p.packName == "linux" {
+					names = append(names, linuxImage)
+				} else {
+					names = append(names, p.packName)
+				}
+			}
+
+			for _, name := range names {
+				v.AffectedPackages = v.AffectedPackages.Store(models.PackageStatus{
+					Name:        name,
+					FixState:    "open",
+					NotFixedYet: true,
+				})
+			}
+			r.ScannedCves[cve.CveID] = v
+		}
+	}
+	return nCVEs, nil
+}
+
+// ConvertToModel converts gost model to vuls model
+func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
+	severity := ""
+	for _, p := range cve.Package {
+		for _, r := range p.Release {
+			severity = r.Urgency
+			break
+		}
+	}
+	return &models.CveContent{
+		Type:          models.DebianSecurityTracker,
+		CveID:         cve.CveID,
+		Summary:       cve.Description,
+		Cvss2Severity: severity,
+		Cvss3Severity: severity,
+		SourceLink:    "https://security-tracker.debian.org/tracker/" + cve.CveID,
+		Optional: map[string]string{
+			"attack range": cve.Scope,
+		},
+	}
+}
--- a/gost/gost.go
+++ b/gost/gost.go
@@ -0,0 +1,104 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+	"github.com/parnurzeal/gorequest"
+)
+
+// Client is the interface of OVAL client.
+type Client interface {
+	FillWithGost(db.DB, *models.ScanResult) (int, error)
+
+	//TODO implement
+	// CheckHTTPHealth() error
+	// CheckIfGostFetched checks if Gost entries are fetched
+	// CheckIfGostFetched(db.DB, string, string) (bool, error)
+	// CheckIfGostFresh(db.DB, string, string) (bool, error)
+}
+
+// NewClient make Client by family
+func NewClient(family string) Client {
+	switch family {
+	case cnf.RedHat, cnf.CentOS:
+		return RedHat{}
+	case cnf.Debian:
+		return Debian{}
+	case cnf.Windows:
+		return Microsoft{}
+	default:
+		return Pseudo{}
+	}
+}
+
+// Base is a base struct
+type Base struct {
+	family string
+}
+
+// CheckHTTPHealth do health check
+func (b Base) CheckHTTPHealth() error {
+	if !cnf.Conf.Gost.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return fmt.Errorf("Failed to connect to gost server. url: %s, errs: %v",
+			url, errs)
+	}
+	return nil
+}
+
+// CheckIfGostFetched checks if oval entries are in DB by family, release.
+func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
+	//TODO
+	return true, nil
+}
+
+// CheckIfGostFresh checks if oval entries are fresh enough
+func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
+	//TODO
+	return true, nil
+}
+
+// Pseudo is Gost client except for RedHat family and Debian
+type Pseudo struct {
+	Base
+}
+
+// FillWithGost fills cve information that has in Gost
+func (pse Pseudo) FillWithGost(driver db.DB, r *models.ScanResult) (int, error) {
+	return 0, nil
+}
+
+func major(osVer string) (majorVersion string) {
+	return strings.Split(osVer, ".")[0]
+}
--- a/gost/gost_test.go
+++ b/gost/gost_test.go
@@ -0,0 +1,129 @@
+package gost
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/future-architect/vuls/models"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+func TestSetPackageStates(t *testing.T) {
+	var tests = []struct {
+		pkgstats  []gostmodels.RedhatPackageState
+		installed models.Packages
+		release   string
+		in        models.VulnInfo
+		out       models.PackageStatuses
+	}{
+
+		//0 one
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in:      models.VulnInfo{},
+			out: []models.PackageStatus{
+				{
+					Name:        "bouncycastle",
+					FixState:    "Will not fix",
+					NotFixedYet: true,
+				},
+			},
+		},
+
+		//1 two
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+				{
+					FixState:    "Fix deferred",
+					PackageName: "pack_a",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+				// ignore not-installed-package
+				{
+					FixState:    "Fix deferred",
+					PackageName: "pack_b",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+				"pack_a":       models.Package{},
+			},
+			release: "7",
+			in:      models.VulnInfo{},
+			out: []models.PackageStatus{
+				{
+					Name:        "bouncycastle",
+					FixState:    "Will not fix",
+					NotFixedYet: true,
+				},
+				{
+					Name:        "pack_a",
+					FixState:    "Fix deferred",
+					NotFixedYet: true,
+				},
+			},
+		},
+
+		//2 ignore affected
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "affected",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in: models.VulnInfo{
+				AffectedPackages: models.PackageStatuses{},
+			},
+			out: models.PackageStatuses{},
+		},
+
+		//3 look only the same os release.
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:6",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in: models.VulnInfo{
+				AffectedPackages: models.PackageStatuses{},
+			},
+			out: models.PackageStatuses{},
+		},
+	}
+
+	r := RedHat{}
+	for i, tt := range tests {
+		out := r.mergePackageStates(tt.in, tt.pkgstats, tt.installed, tt.release)
+		if ok := reflect.DeepEqual(tt.out, out); !ok {
+			t.Errorf("[%d]\nexpected: %v:%T\n  actual: %v:%T\n", i, tt.out, tt.out, out, out)
+		}
+	}
+}
--- a/gost/microsoft.go
+++ b/gost/microsoft.go
@@ -0,0 +1,116 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"strings"
+
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+// Microsoft is Gost client for windows
+type Microsoft struct {
+	Base
+}
+
+// FillWithGost fills cve information that has in Gost
+func (ms Microsoft) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	if driver == nil {
+		return 0, nil
+	}
+	var cveIDs []string
+	for cveID := range r.ScannedCves {
+		cveIDs = append(cveIDs, cveID)
+	}
+	for cveID, msCve := range driver.GetMicrosoftMulti(cveIDs) {
+		if _, ok := r.ScannedCves[cveID]; !ok {
+			continue
+		}
+		cveCont := ms.ConvertToModel(&msCve)
+		v, _ := r.ScannedCves[cveID]
+		if v.CveContents == nil {
+			v.CveContents = models.CveContents{}
+		}
+		v.CveContents[models.Microsoft] = *cveCont
+		r.ScannedCves[cveID] = v
+	}
+	return len(cveIDs), nil
+}
+
+// ConvertToModel converts gost model to vuls model
+func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveContent {
+	v3score := 0.0
+	var v3Vector string
+	for _, scoreSet := range cve.ScoreSets {
+		if v3score < scoreSet.BaseScore {
+			v3score = scoreSet.BaseScore
+			v3Vector = scoreSet.Vector
+		}
+	}
+
+	var v3Severity string
+	for _, s := range cve.Severity {
+		v3Severity = s.Description
+	}
+
+	var refs []models.Reference
+	for _, r := range cve.References {
+		if r.AttrType == "External" {
+			refs = append(refs, models.Reference{Link: r.URL})
+		}
+	}
+
+	var cwe []string
+	if 0 < len(cve.CWE) {
+		cwe = []string{cve.CWE}
+	}
+
+	option := map[string]string{}
+	if 0 < len(cve.ExploitStatus) {
+		option["exploit"] = cve.ExploitStatus
+	}
+	if 0 < len(cve.Workaround) {
+		option["workaround"] = cve.Workaround
+	}
+	var kbids []string
+	for _, kbid := range cve.KBIDs {
+		kbids = append(kbids, kbid.KBID)
+	}
+	if 0 < len(kbids) {
+		option["kbids"] = strings.Join(kbids, ",")
+	}
+
+	return &models.CveContent{
+		Type:          models.Microsoft,
+		CveID:         cve.CveID,
+		Title:         cve.Title,
+		Summary:       cve.Description,
+		Cvss3Score:    v3score,
+		Cvss3Vector:   v3Vector,
+		Cvss3Severity: v3Severity,
+		References:    refs,
+		CweIDs:        cwe,
+		Mitigation:    cve.Mitigation,
+		Published:     cve.PublishDate,
+		LastModified:  cve.LastUpdateDate,
+		SourceLink:    "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/" + cve.CveID,
+		Optional:      option,
+	}
+}
--- a/gost/redhat.go
+++ b/gost/redhat.go
@@ -0,0 +1,289 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"encoding/json"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/knqyf263/gost/db"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+// RedHat is Gost client for RedHat family linux
+type RedHat struct {
+	Base
+}
+
+// FillWithGost fills cve information that has in Gost
+func (red RedHat) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	if nCVEs, err = red.fillUnfixed(driver, r); err != nil {
+		return 0, err
+	}
+	return nCVEs, red.fillFixed(driver, r)
+}
+
+func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
+	var cveIDs []string
+	for cveID, vuln := range r.ScannedCves {
+		if _, ok := vuln.CveContents[models.RedHatAPI]; ok {
+			continue
+		}
+		cveIDs = append(cveIDs, cveID)
+	}
+
+	if config.Conf.Gost.IsFetchViaHTTP() {
+		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
+			"redhat", "cves")
+		responses, err := getCvesViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return err
+		}
+		for _, res := range responses {
+			redCve := gostmodels.RedhatCVE{}
+			if err := json.Unmarshal([]byte(res.json), &redCve); err != nil {
+				return err
+			}
+			if redCve.ID == 0 {
+				continue
+			}
+			cveCont := red.ConvertToModel(&redCve)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(*cveCont)
+				} else {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cveCont.CveID,
+					CveContents: models.NewCveContents(*cveCont),
+					Confidences: models.Confidences{models.RedHatAPIMatch},
+				}
+			}
+			r.ScannedCves[res.request.cveID] = v
+		}
+	} else {
+		if driver == nil {
+			return nil
+		}
+		for cveID, redCve := range driver.GetRedhatMulti(cveIDs) {
+			if redCve.ID == 0 {
+				continue
+			}
+			cveCont := red.ConvertToModel(&redCve)
+			v, ok := r.ScannedCves[cveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(*cveCont)
+				} else {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cveCont.CveID,
+					CveContents: models.NewCveContents(*cveCont),
+					Confidences: models.Confidences{models.RedHatAPIMatch},
+				}
+			}
+			r.ScannedCves[cveID] = v
+		}
+	}
+
+	return nil
+}
+
+func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	if config.Conf.Gost.IsFetchViaHTTP() {
+		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
+			"redhat", major(r.Release), "pkgs")
+		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			// CVE-ID: RedhatCVE
+			cves := map[string]gostmodels.RedhatCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cves); err != nil {
+				return 0, err
+			}
+
+			for _, cve := range cves {
+				cveCont := red.ConvertToModel(&cve)
+				v, ok := r.ScannedCves[cve.Name]
+				if ok {
+					if v.CveContents == nil {
+						v.CveContents = models.NewCveContents(*cveCont)
+					} else {
+						v.CveContents[models.RedHatAPI] = *cveCont
+					}
+				} else {
+					v = models.VulnInfo{
+						CveID:       cveCont.CveID,
+						CveContents: models.NewCveContents(*cveCont),
+						Confidences: models.Confidences{models.RedHatAPIMatch},
+					}
+					nCVEs++
+				}
+				pkgStats := red.mergePackageStates(v,
+					cve.PackageState, r.Packages, r.Release)
+				if 0 < len(pkgStats) {
+					v.AffectedPackages = pkgStats
+					r.ScannedCves[cve.Name] = v
+				}
+			}
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for _, pack := range r.Packages {
+			// CVE-ID: RedhatCVE
+			cves := map[string]gostmodels.RedhatCVE{}
+			cves = driver.GetUnfixedCvesRedhat(major(r.Release), pack.Name)
+			for _, cve := range cves {
+				cveCont := red.ConvertToModel(&cve)
+				v, ok := r.ScannedCves[cve.Name]
+				if ok {
+					if v.CveContents == nil {
+						v.CveContents = models.NewCveContents(*cveCont)
+					} else {
+						v.CveContents[models.RedHatAPI] = *cveCont
+					}
+				} else {
+					v = models.VulnInfo{
+						CveID:       cveCont.CveID,
+						CveContents: models.NewCveContents(*cveCont),
+						Confidences: models.Confidences{models.RedHatAPIMatch},
+					}
+					nCVEs++
+				}
+
+				pkgStats := red.mergePackageStates(v,
+					cve.PackageState, r.Packages, r.Release)
+				if 0 < len(pkgStats) {
+					v.AffectedPackages = pkgStats
+					r.ScannedCves[cve.Name] = v
+				}
+			}
+		}
+	}
+	return nCVEs, nil
+}
+
+func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPackageState, installed models.Packages, release string) (pkgStats models.PackageStatuses) {
+	pkgStats = v.AffectedPackages
+	for _, pstate := range ps {
+		if pstate.Cpe !=
+			"cpe:/o:redhat:enterprise_linux:"+major(release) {
+			return
+		}
+
+		if !(pstate.FixState == "Will not fix" ||
+			pstate.FixState == "Fix deferred") {
+			return
+		}
+
+		if _, ok := installed[pstate.PackageName]; !ok {
+			return
+		}
+
+		notFixedYet := false
+		switch pstate.FixState {
+		case "Will not fix", "Fix deferred":
+			notFixedYet = true
+		}
+
+		pkgStats = pkgStats.Store(models.PackageStatus{
+			Name:        pstate.PackageName,
+			FixState:    pstate.FixState,
+			NotFixedYet: notFixedYet,
+		})
+	}
+	return
+}
+
+func (red RedHat) parseCwe(str string) (cwes []string) {
+	if str != "" {
+		s := strings.Replace(str, "(", "|", -1)
+		s = strings.Replace(s, ")", "|", -1)
+		s = strings.Replace(s, "->", "|", -1)
+		for _, s := range strings.Split(s, "|") {
+			if s != "" {
+				cwes = append(cwes, s)
+			}
+		}
+	}
+	return
+}
+
+// ConvertToModel converts gost model to vuls model
+func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
+	cwes := red.parseCwe(cve.Cwe)
+
+	details := []string{}
+	for _, detail := range cve.Details {
+		details = append(details, detail.Detail)
+	}
+
+	v2score := 0.0
+	if cve.Cvss.CvssBaseScore != "" {
+		v2score, _ = strconv.ParseFloat(cve.Cvss.CvssBaseScore, 64)
+	}
+	v2severity := ""
+	if v2score != 0 {
+		v2severity = cve.ThreatSeverity
+	}
+
+	v3score := 0.0
+	if cve.Cvss3.Cvss3BaseScore != "" {
+		v3score, _ = strconv.ParseFloat(cve.Cvss3.Cvss3BaseScore, 64)
+	}
+	v3severity := ""
+	if v3score != 0 {
+		v3severity = cve.ThreatSeverity
+	}
+
+	var refs []models.Reference
+	for _, r := range cve.References {
+		refs = append(refs, models.Reference{Link: r.Reference})
+	}
+
+	return &models.CveContent{
+		Type:          models.RedHatAPI,
+		CveID:         cve.Name,
+		Title:         cve.Bugzilla.Description,
+		Summary:       strings.Join(details, "\n"),
+		Cvss2Score:    v2score,
+		Cvss2Vector:   cve.Cvss.CvssScoringVector,
+		Cvss2Severity: v2severity,
+		Cvss3Score:    v3score,
+		Cvss3Vector:   cve.Cvss3.Cvss3ScoringVector,
+		Cvss3Severity: v3severity,
+		References:    refs,
+		CweIDs:        cwes,
+		Mitigation:    cve.Mitigation,
+		Published:     cve.PublicDate,
+		SourceLink:    "https://access.redhat.com/security/cve/" + cve.Name,
+	}
+}
--- a/gost/redhat_test.go
+++ b/gost/redhat_test.go
@@ -0,0 +1,37 @@
+package gost
+
+import (
+	"reflect"
+	"sort"
+	"testing"
+)
+
+func TestParseCwe(t *testing.T) {
+	var tests = []struct {
+		in  string
+		out []string
+	}{
+		{
+			in:  "CWE-665->(CWE-200|CWE-89)",
+			out: []string{"CWE-665", "CWE-200", "CWE-89"},
+		},
+		{
+			in:  "CWE-841->CWE-770->CWE-454",
+			out: []string{"CWE-841", "CWE-770", "CWE-454"},
+		},
+		{
+			in:  "(CWE-122|CWE-125)",
+			out: []string{"CWE-122", "CWE-125"},
+		},
+	}
+
+	r := RedHat{}
+	for i, tt := range tests {
+		out := r.parseCwe(tt.in)
+		sort.Strings(out)
+		sort.Strings(tt.out)
+		if !reflect.DeepEqual(tt.out, out) {
+			t.Errorf("[%d]expected: %s, actual: %s", i, tt.out, out)
+		}
+	}
+}
--- a/gost/util.go
+++ b/gost/util.go
@@ -0,0 +1,201 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/parnurzeal/gorequest"
+)
+
+type response struct {
+	request request
+	json    string
+}
+
+func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []response, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- request{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					urlPrefix,
+					req.cveID,
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, fmt.Errorf("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+	}
+	return
+}
+
+type request struct {
+	osMajorVersion string
+	packName       string
+	isSrcPack      bool
+	cveID          string
+}
+
+func getAllUnfixedCvesViaHTTP(r *models.ScanResult, urlPrefix string) (
+	responses []response, err error) {
+
+	nReq := len(r.Packages) + len(r.SrcPackages)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, pack := range r.Packages {
+			reqChan <- request{
+				osMajorVersion: major(r.Release),
+				packName:       pack.Name,
+				isSrcPack:      false,
+			}
+		}
+		for _, pack := range r.SrcPackages {
+			reqChan <- request{
+				osMajorVersion: major(r.Release),
+				packName:       pack.Name,
+				isSrcPack:      true,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					urlPrefix,
+					req.packName,
+					"unfixed-cves",
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, fmt.Errorf("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+	}
+	return
+}
+
+func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- fmt.Errorf("HTTP Error %s", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- fmt.Errorf("HRetry count exceeded")
+		return
+	}
+
+	resChan <- response{
+		request: req,
+		json:    body,
+	}
+}
--- a/img/vuls-abstract.png
+++ b/img/vuls-abstract.png
--- a/img/vuls-architecture-localscan.graphml
+++ b/img/vuls-architecture-localscan.graphml
--- a/img/vuls-architecture-localscan.png
+++ b/img/vuls-architecture-localscan.png
--- a/img/vuls-architecture.graphml
+++ b/img/vuls-architecture.graphml
--- a/img/vuls-architecture.png
+++ b/img/vuls-architecture.png
--- a/img/vuls-scan-flow-fast.graphml
+++ b/img/vuls-scan-flow-fast.graphml
@@ -0,0 +1,414 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
+  <!--Created by yEd 3.17-->
+  <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
+  <key for="port" id="d1" yfiles.type="portgraphics"/>
+  <key for="port" id="d2" yfiles.type="portgeometry"/>
+  <key for="port" id="d3" yfiles.type="portuserdata"/>
+  <key attr.name="url" attr.type="string" for="node" id="d4"/>
+  <key attr.name="description" attr.type="string" for="node" id="d5"/>
+  <key for="node" id="d6" yfiles.type="nodegraphics"/>
+  <key for="graphml" id="d7" yfiles.type="resources"/>
+  <key attr.name="url" attr.type="string" for="edge" id="d8"/>
+  <key attr.name="description" attr.type="string" for="edge" id="d9"/>
+  <key for="edge" id="d10" yfiles.type="edgegraphics"/>
+  <graph edgedefault="directed" id="G">
+    <data key="d0"/>
+    <node id="n0">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="0.0"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="83.482421875" x="92.2587890625" y="18.93359375">Detect the OS<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n1">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.decision">
+          <y:Geometry height="40.0" width="80.0" x="403.6849206349206" y="206.44247787610618"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="38.0" y="18.0">
+            <y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n2">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="90.44247787610618" width="268.0" x="309.6849206349206" y="86.0"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="right" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="88.796875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="0.8228014380530908">Get installed packages
+Alpine: apk
+Debian/Ubuntu: dpkg-query
+Amazon/RHEL/CentOS: rpm
+SUSE: zypper
+FreeBSD: pkg<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n3">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="630.0546766682629"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="152.634765625" x="57.6826171875" y="18.93359375">Write results to JSON files<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n4">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="287.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="232.744140625" x="17.6279296875" y="4.80078125">Get CVE IDs by using package manager
+Amazon: yum plugin security
+FreeBSD: pkg audit<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n5">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="750.4705298628534"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="42.595703125" x="112.7021484375" y="18.93359375">Report<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n6" yfiles.foldertype="group">
+      <data key="d4"/>
+      <data key="d6">
+        <y:ProxyAutoBoundsNode>
+          <y:Realizers active="0">
+            <y:GroupNode>
+              <y:Geometry height="116.89483989807195" width="333.6788874841973" x="234.29467728596296" y="709.1901021013174"/>
+              <y:Fill color="#F5F5F5" transparent="false"/>
+              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="333.6788874841973" x="0.0" y="0.0">Vulnerability Database</y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+              <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+              <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+            </y:GroupNode>
+            <y:GroupNode>
+              <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
+              <y:Fill color="#F5F5F5" transparent="false"/>
+              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 1</y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+              <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+              <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+            </y:GroupNode>
+          </y:Realizers>
+        </y:ProxyAutoBoundsNode>
+      </data>
+      <graph edgedefault="directed" id="n6:">
+        <node id="n6::n0">
+          <data key="d6">
+            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
+              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="416.1341210280616" y="745.8561177263174"/>
+              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="117.970703125" x="9.434370308549205" y="23.548005886535975">CVE DB (NVD / JVN)<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+            </y:GenericNode>
+          </data>
+        </node>
+        <node id="n6::n1">
+          <data key="d6">
+            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
+              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="249.29467728596296" y="745.8561177263174"/>
+              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.533203125" x="40.653120308549205" y="23.548005886535975">OVAL DB<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+            </y:GenericNode>
+          </data>
+        </node>
+      </graph>
+    </node>
+    <node id="n7">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="27.144753476611868" y="287.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="260.83984375" x="3.580078125" y="11.8671875">Check upgradable packages
+Debian/Ubuntu: apt-get upgrade --dry-run<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n8">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.loopLimit">
+          <y:Geometry height="51.10998735777497" width="137.19216182048035" x="92.54867256637169" y="376.28592169721867"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="131.751953125" x="2.7201043477401754" y="9.422181178887513">foreach 
+upgradable  packages<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="5.551115123125783E-16" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n9">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="27.144753476611868" y="459.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="213.619140625" x="27.1904296875" y="11.8671875">Parse changelog and get  CVE IDs
+Debian/Ubuntu: aptitude changelog<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n10">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.loopLimitEnd">
+          <y:Geometry height="50.0" width="137.0" x="92.64475347661187" y="545.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.24609375" x="40.876953125" y="15.93359375">end loop<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <edge id="e0" source="n2" target="n1">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="45.22123893805309" tx="0.0" ty="-20.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e1" source="n1" target="n4">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="40.0" sy="0.0" tx="0.0" ty="-28.0">
+            <y:Point x="743.3698412698412" y="226.44247787610618"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="183.35883739927397" y="2.000003510871693">Amazon
+FreeBSD<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="right" ratio="0.7796030035582084" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e2" source="n0" target="n2">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-45.22123893805309"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e3" source="n5" target="n6">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="10.8330078125"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e4" source="n1" target="n3">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="-123.36984126984123" ty="0.0">
+            <y:Point x="443.6849206349206" y="658.0546766682629"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="102.9296875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="77.078125" x="-97.68364242524859" y="5.005267793098369">Alpine Linux
+CentOS
+RHEL
+Ubuntu
+Debian
+Oracle Linux
+Suse<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="59.14459455430983" distanceToCenter="true" position="right" ratio="0.0" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e5" source="n4" target="n3">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e6" source="n7" target="n8">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.554993678887485"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e7" source="n8" target="n9">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="25.554993678887485" tx="0.0" ty="-28.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e8" source="n9" target="n10">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e9" source="n3" target="n5">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e10" source="n1" target="n7">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
+            <y:Point x="161.14475347661187" y="226.44247787610618"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="56.98046875" x="-196.80057112212188" y="20.933597260871807">Raspbian<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="left" ratio="0.6447921222409765" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e11" source="n10" target="n3">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="-125.78842258255952" ty="0.0">
+            <y:Point x="161.14475347661187" y="658.0546766682629"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+  </graph>
+  <data key="d7">
+    <y:Resources/>
+  </data>
+</graphml>
--- a/img/vuls-scan-flow-fast.png
+++ b/img/vuls-scan-flow-fast.png
--- a/img/vuls-scan-flow.graphml
+++ b/img/vuls-scan-flow.graphml
@@ -0,0 +1,515 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
+  <!--Created by yEd 3.17-->
+  <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
+  <key for="port" id="d1" yfiles.type="portgraphics"/>
+  <key for="port" id="d2" yfiles.type="portgeometry"/>
+  <key for="port" id="d3" yfiles.type="portuserdata"/>
+  <key attr.name="url" attr.type="string" for="node" id="d4"/>
+  <key attr.name="description" attr.type="string" for="node" id="d5"/>
+  <key for="node" id="d6" yfiles.type="nodegraphics"/>
+  <key for="graphml" id="d7" yfiles.type="resources"/>
+  <key attr.name="url" attr.type="string" for="edge" id="d8"/>
+  <key attr.name="description" attr.type="string" for="edge" id="d9"/>
+  <key for="edge" id="d10" yfiles.type="edgegraphics"/>
+  <graph edgedefault="directed" id="G">
+    <data key="d0"/>
+    <node id="n0">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="0.0"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="83.482421875" x="92.2587890625" y="18.93359375">Detect the OS<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n1">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.decision">
+          <y:Geometry height="40.0" width="80.0" x="403.6849206349206" y="206.44247787610618"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="38.0" y="18.0">
+            <y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n2">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="90.44247787610618" width="268.0" x="309.6849206349206" y="86.0"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="right" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="88.796875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="0.8228014380530908">Get installed packages
+Alpine Linux: apk
+Debian/Ubuntu: dpkg-query
+Amazon/RHEL/CentOS: rpm
+FreeBSD: pkg
+SUSE: zypper<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n3">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="10.0" y="287.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="260.83984375" x="3.580078125" y="11.8671875">Check upgradable packages
+Debian/Ubuntu: apt-get upgrade --dry-run<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n4">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.loopLimit">
+          <y:Geometry height="51.10998735777497" width="137.19216182048035" x="75.40391908975982" y="376.28592169721867"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="131.751953125" x="2.7201043477401754" y="9.422181178887513">foreach 
+upgradable  packages<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="5.551115123125783E-16" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n5">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="10.0" y="459.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="213.619140625" x="27.1904296875" y="11.8671875">Parse changelog and get  CVE IDs
+Debian/Ubuntu: aptitude changelog<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n6">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.loopLimitEnd">
+          <y:Geometry height="50.0" width="137.0" x="75.5" y="545.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.24609375" x="40.876953125" y="15.93359375">end loop<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n7">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="625.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="152.634765625" x="57.6826171875" y="18.93359375">Write results to JSON files<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n8">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="287.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="232.744140625" x="17.6279296875" y="4.80078125">Get CVE IDs by using package manager
+Amazon/RHEL: yum plugin security
+FreeBSD: pkg audit<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n9">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="716.4553275126422"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="42.595703125" x="112.7021484375" y="18.93359375">Report<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n10">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="371.39590905499364"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="293.06640625" x="-12.533203124999943" y="11.8671875">Get all changelogs of updatable packages at once
+yum changelog<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n11">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="309.68492063492056" y="459.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="205.52734375" x="31.236328125000057" y="18.93359375">Parse changelogs and get CVE IDs <y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n12">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="373.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="293.06640625" x="-12.533203124999886" y="11.8671875">Get all changelogs of updatable packages at once
+Amazon / RHEL: yum changelog<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n13" yfiles.foldertype="group">
+      <data key="d4"/>
+      <data key="d6">
+        <y:ProxyAutoBoundsNode>
+          <y:Realizers active="0">
+            <y:GroupNode>
+              <y:Geometry height="116.89483989807195" width="333.6788874841973" x="229.74083438685204" y="675.1748997511062"/>
+              <y:Fill color="#F5F5F5" transparent="false"/>
+              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="333.6788874841973" x="0.0" y="0.0">Vulnerability Database</y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+              <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+              <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+            </y:GroupNode>
+            <y:GroupNode>
+              <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
+              <y:Fill color="#F5F5F5" transparent="false"/>
+              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 1</y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+              <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+              <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+            </y:GroupNode>
+          </y:Realizers>
+        </y:ProxyAutoBoundsNode>
+      </data>
+      <graph edgedefault="directed" id="n13:">
+        <node id="n13::n0">
+          <data key="d6">
+            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
+              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="411.5802781289507" y="711.8409153761062"/>
+              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="117.970703125" x="9.434370308549205" y="23.548005886535975">CVE DB (NVD / JVN)<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+            </y:GenericNode>
+          </data>
+        </node>
+        <node id="n13::n1">
+          <data key="d6">
+            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
+              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="244.74083438685204" y="711.8409153761062"/>
+              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.533203125" x="40.653120308549205" y="23.548005886535975">OVAL DB<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+            </y:GenericNode>
+          </data>
+        </node>
+      </graph>
+    </node>
+    <edge id="e0" source="n2" target="n1">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="45.22123893805309" tx="0.0" ty="-20.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e1" source="n1" target="n3">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="-40.0" sy="0.0" tx="0.0" ty="-28.0">
+            <y:Point x="144.0" y="226.44247787610618"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="56.98046875" x="-257.65322875976574" y="2.0000035108718635">Debian
+Ubuntu
+Raspbian<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="left" ratio="0.8652035780364729" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e2" source="n3" target="n4">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.554993678887485"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e3" source="n4" target="n5">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="25.554993678887485" tx="0.0" ty="-28.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e4" source="n5" target="n6">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e5" source="n6" target="n7">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="68.5" sy="0.0" tx="0.0" ty="-28.0">
+            <y:Point x="743.3698412698412" y="570.8409153761062"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e6" source="n1" target="n8">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="40.0" sy="0.0" tx="0.0" ty="-28.0">
+            <y:Point x="743.3698412698412" y="226.44247787610618"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="200.87829463898197" y="4.000003510871693">Amazon
+RHEL
+FreeBSD<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="6.999999999999886" distanceToCenter="false" position="right" ratio="0.8192728556300707" segment="-1"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e7" source="n0" target="n2">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-45.22123893805309"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e8" source="n7" target="n9">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-28.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e9" source="n1" target="n10">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="20.0" tx="0.0" ty="-28.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="46.708984375" x="-53.35447755843876" y="5.000003510871807">CentOS<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="right" ratio="0.0" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e10" source="n10" target="n11">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-28.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e11" source="n11" target="n7">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="-24.34091537610618">
+            <y:Point x="743.3698412698412" y="487.8409153761062"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e12" source="n8" target="n12">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e13" source="n12" target="n7">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e14" source="n9" target="n13">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="10.8330078125"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e15" source="n1" target="n7">
+      <data key="d9"/>
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
+            <y:Point x="999.0" y="226.44247787610618"/>
+            <y:Point x="999.0" y="570.8409153761062"/>
+            <y:Point x="743.3698412698412" y="570.8409153761062"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="76.8203125" x="422.923942251054" y="13.867191010871807">Alpine Linux
+SUSE<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="right" ratio="0.8856709076027529" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+  </graph>
+  <data key="d7">
+    <y:Resources/>
+  </data>
+</graphml>
--- a/img/vuls-scan-flow.png
+++ b/img/vuls-scan-flow.png
--- a/img/vuls_icon.png
+++ b/img/vuls_icon.png
--- a/img/vuls_logo.png
+++ b/img/vuls_logo.png
--- a/img/vuls_logo_large.png
+++ b/img/vuls_logo_large.png
--- a/main.go
+++ b/main.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -19,14 +19,14 @@ package main

 import (
 	"flag"
+	"fmt"
 	"os"

-	"golang.org/x/net/context"
+	"context"

 	"github.com/future-architect/vuls/commands"
+	"github.com/future-architect/vuls/config"
 	"github.com/google/subcommands"
-
-	_ "github.com/mattn/go-sqlite3"
 )

 func main() {
@@ -36,9 +36,20 @@ func main() {
 	subcommands.Register(&commands.DiscoverCmd{}, "discover")
 	subcommands.Register(&commands.TuiCmd{}, "tui")
 	subcommands.Register(&commands.ScanCmd{}, "scan")
-	subcommands.Register(&commands.PrepareCmd{}, "prepare")
+	subcommands.Register(&commands.HistoryCmd{}, "history")
+	subcommands.Register(&commands.ReportCmd{}, "report")
+	subcommands.Register(&commands.ConfigtestCmd{}, "configtest")
+	subcommands.Register(&commands.ServerCmd{}, "server")
+
+	var v = flag.Bool("v", false, "Show version")

 	flag.Parse()
+
+	if *v {
+		fmt.Printf("vuls %s %s\n", config.Version, config.Revision)
+		os.Exit(int(subcommands.ExitSuccess))
+	}
+
 	ctx := context.Background()
 	os.Exit(int(subcommands.Execute(ctx)))
 }
--- a/models/cvecontents.go
+++ b/models/cvecontents.go
@@ -0,0 +1,322 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"time"
+)
+
+// CveContents has CveContent
+type CveContents map[CveContentType]CveContent
+
+// NewCveContents create CveContents
+func NewCveContents(conts ...CveContent) CveContents {
+	m := CveContents{}
+	for _, cont := range conts {
+		m[cont.Type] = cont
+	}
+	return m
+}
+
+// CveContentStr has CveContentType and Value
+type CveContentStr struct {
+	Type  CveContentType
+	Value string
+}
+
+// Except returns CveContents except given keys for enumeration
+func (v CveContents) Except(exceptCtypes ...CveContentType) (values CveContents) {
+	values = CveContents{}
+	for ctype, content := range v {
+		found := false
+		for _, exceptCtype := range exceptCtypes {
+			if ctype == exceptCtype {
+				found = true
+				break
+			}
+		}
+		if !found {
+			values[ctype] = content
+		}
+	}
+	return
+}
+
+// SourceLinks returns link of source
+func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveContentStr) {
+	if lang == "ja" {
+		if cont, found := v[Jvn]; found && 0 < len(cont.SourceLink) {
+			values = append(values, CveContentStr{Jvn, cont.SourceLink})
+		}
+	}
+
+	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found {
+			values = append(values, CveContentStr{ctype, cont.SourceLink})
+		}
+	}
+
+	if len(values) == 0 {
+		return []CveContentStr{{
+			Type:  Nvd,
+			Value: "https://nvd.nist.gov/vuln/detail/" + cveID,
+		}}
+	}
+	return values
+}
+
+/*
+// Severities returns Severities
+func (v CveContents) Severities(myFamily string) (values []CveContentStr) {
+	order := CveContentTypes{NVD, NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found && 0 < len(cont.Severity) {
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: cont.Severity,
+			})
+		}
+	}
+	return
+}
+*/
+
+// CveContentCpes has CveContentType and Value
+type CveContentCpes struct {
+	Type  CveContentType
+	Value []Cpe
+}
+
+// Cpes returns affected CPEs of this Vulnerability
+func (v CveContents) Cpes(myFamily string) (values []CveContentCpes) {
+	order := CveContentTypes{NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found && 0 < len(cont.Cpes) {
+			values = append(values, CveContentCpes{
+				Type:  ctype,
+				Value: cont.Cpes,
+			})
+		}
+	}
+	return
+}
+
+// CveContentRefs has CveContentType and Cpes
+type CveContentRefs struct {
+	Type  CveContentType
+	Value []Reference
+}
+
+// References returns References
+func (v CveContents) References(myFamily string) (values []CveContentRefs) {
+	order := CveContentTypes{NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found && 0 < len(cont.References) {
+			values = append(values, CveContentRefs{
+				Type:  ctype,
+				Value: cont.References,
+			})
+		}
+	}
+	return
+}
+
+// CweIDs returns related CweIDs of the vulnerability
+func (v CveContents) CweIDs(myFamily string) (values []CveContentStr) {
+	order := CveContentTypes{NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found && 0 < len(cont.CweIDs) {
+			for _, cweID := range cont.CweIDs {
+				for _, val := range values {
+					if val.Value == cweID {
+						continue
+					}
+				}
+				values = append(values, CveContentStr{
+					Type:  ctype,
+					Value: cweID,
+				})
+			}
+		}
+	}
+	return
+}
+
+// UniqCweIDs returns Uniq CweIDs
+func (v CveContents) UniqCweIDs(myFamily string) (values []CveContentStr) {
+	uniq := map[string]CveContentStr{}
+	for _, cwes := range v.CweIDs(myFamily) {
+		uniq[cwes.Value] = cwes
+	}
+	for _, cwe := range uniq {
+		values = append(values, cwe)
+	}
+	return values
+}
+
+// CveContent has abstraction of various vulnerability information
+type CveContent struct {
+	Type          CveContentType    `json:"type"`
+	CveID         string            `json:"cveID"`
+	Title         string            `json:"title"`
+	Summary       string            `json:"summary"`
+	Cvss2Score    float64           `json:"cvss2Score"`
+	Cvss2Vector   string            `json:"cvss2Vector"`
+	Cvss2Severity string            `json:"cvss2Severity"`
+	Cvss3Score    float64           `json:"cvss3Score"`
+	Cvss3Vector   string            `json:"cvss3Vector"`
+	Cvss3Severity string            `json:"cvss3Severity"`
+	SourceLink    string            `json:"sourceLink"`
+	Cpes          []Cpe             `json:"cpes,omitempty"`
+	References    References        `json:"references,omitempty"`
+	CweIDs        []string          `json:"cweIDs,omitempty"`
+	Published     time.Time         `json:"published"`
+	LastModified  time.Time         `json:"lastModified"`
+	Mitigation    string            `json:"mitigation"` // RedHat API
+	Optional      map[string]string `json:"optional,omitempty"`
+}
+
+// Empty checks the content is empty
+func (c CveContent) Empty() bool {
+	return c.Summary == ""
+}
+
+// CveContentType is a source of CVE information
+type CveContentType string
+
+// NewCveContentType create CveContentType
+func NewCveContentType(name string) CveContentType {
+	switch name {
+	case "nvdxml":
+		return NvdXML
+	case "nvd":
+		return Nvd
+	case "jvn":
+		return Jvn
+	case "redhat", "centos":
+		return RedHat
+	case "oracle":
+		return Oracle
+	case "ubuntu":
+		return Ubuntu
+	case "debian":
+		return Debian
+	case "redhat_api":
+		return RedHatAPI
+	case "debian_security_tracker":
+		return DebianSecurityTracker
+	case "microsoft":
+		return Microsoft
+	default:
+		return Unknown
+	}
+}
+
+const (
+	// NvdXML is NvdXML
+	NvdXML CveContentType = "nvdxml"
+
+	// Nvd is Nvd
+	Nvd CveContentType = "nvd"
+
+	// Jvn is Jvn
+	Jvn CveContentType = "jvn"
+
+	// RedHat is RedHat
+	RedHat CveContentType = "redhat"
+
+	// RedHatAPI is RedHat
+	RedHatAPI CveContentType = "redhat_api"
+
+	// DebianSecurityTracker is Debian Secury tracker
+	DebianSecurityTracker CveContentType = "debian_security_tracker"
+
+	// Debian is Debian
+	Debian CveContentType = "debian"
+
+	// Ubuntu is Ubuntu
+	Ubuntu CveContentType = "ubuntu"
+
+	// Oracle is Oracle Linux
+	Oracle CveContentType = "oracle"
+
+	// SUSE is SUSE Linux
+	SUSE CveContentType = "suse"
+
+	// Microsoft is Microsoft
+	Microsoft CveContentType = "microsoft"
+
+	// Unknown is Unknown
+	Unknown CveContentType = "unknown"
+)
+
+// CveContentTypes has slide of CveContentType
+type CveContentTypes []CveContentType
+
+// AllCveContetTypes has all of CveContentTypes
+var AllCveContetTypes = CveContentTypes{
+	Nvd,
+	NvdXML,
+	Jvn,
+	RedHat,
+	Debian,
+	Ubuntu,
+	RedHatAPI,
+	DebianSecurityTracker,
+}
+
+// Except returns CveContentTypes except for given args
+func (c CveContentTypes) Except(excepts ...CveContentType) (excepted CveContentTypes) {
+	for _, ctype := range c {
+		found := false
+		for _, except := range excepts {
+			if ctype == except {
+				found = true
+				break
+			}
+		}
+		if !found {
+			excepted = append(excepted, ctype)
+		}
+	}
+	return
+}
+
+// Cpe is Common Platform Enumeration
+type Cpe struct {
+	URI             string `json:"uri"`
+	FormattedString string `json:"formattedString"`
+}
+
+// References is a slice of Reference
+type References []Reference
+
+// Reference has a related link of the CVE
+type Reference struct {
+	Source string `json:"source"`
+	Link   string `json:"link"`
+	RefID  string `json:"refID"`
+}
--- a/models/cvecontents_test.go
+++ b/models/cvecontents_test.go
@@ -0,0 +1,206 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package models
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestExcept(t *testing.T) {
+	var tests = []struct {
+		in  CveContents
+		out CveContents
+	}{{
+		in: CveContents{
+			RedHat: {Type: RedHat},
+			Ubuntu: {Type: Ubuntu},
+			Debian: {Type: Debian},
+		},
+		out: CveContents{
+			RedHat: {Type: RedHat},
+		},
+	},
+	}
+	for _, tt := range tests {
+		actual := tt.in.Except(Ubuntu, Debian)
+		if !reflect.DeepEqual(tt.out, actual) {
+			t.Errorf("\nexpected: %v\n  actual: %v\n", tt.out, actual)
+		}
+	}
+}
+
+func TestSourceLinks(t *testing.T) {
+	type in struct {
+		lang  string
+		cveID string
+		cont  CveContents
+	}
+	var tests = []struct {
+		in  in
+		out []CveContentStr
+	}{
+		// lang: ja
+		{
+			in: in{
+				lang:  "ja",
+				cveID: "CVE-2017-6074",
+				cont: CveContents{
+					Jvn: {
+						Type:       Jvn,
+						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
+					},
+					RedHat: {
+						Type:       RedHat,
+						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
+					},
+					NvdXML: {
+						Type:       NvdXML,
+						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+					},
+				},
+			},
+			out: []CveContentStr{
+				{
+					Type:  Jvn,
+					Value: "https://jvn.jp/vu/JVNVU93610402/",
+				},
+				{
+					Type:  NvdXML,
+					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+				},
+				{
+					Type:  RedHat,
+					Value: "https://access.redhat.com/security/cve/CVE-2017-6074",
+				},
+			},
+		},
+		// lang: en
+		{
+			in: in{
+				lang:  "en",
+				cveID: "CVE-2017-6074",
+				cont: CveContents{
+					Jvn: {
+						Type:       Jvn,
+						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
+					},
+					RedHat: {
+						Type:       RedHat,
+						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
+					},
+					NvdXML: {
+						Type:       NvdXML,
+						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+					},
+				},
+			},
+			out: []CveContentStr{
+				{
+					Type:  NvdXML,
+					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+				},
+				{
+					Type:  RedHat,
+					Value: "https://access.redhat.com/security/cve/CVE-2017-6074",
+				},
+			},
+		},
+		// lang: empty
+		{
+			in: in{
+				lang:  "en",
+				cveID: "CVE-2017-6074",
+				cont:  CveContents{},
+			},
+			out: []CveContentStr{
+				{
+					Type:  Nvd,
+					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+				},
+			},
+		},
+	}
+	for i, tt := range tests {
+		actual := tt.in.cont.SourceLinks(tt.in.lang, "redhat", tt.in.cveID)
+		if !reflect.DeepEqual(tt.out, actual) {
+			t.Errorf("\n[%d] expected: %v\n  actual: %v\n", i, tt.out, actual)
+		}
+	}
+}
+
+func TestVendorLink(t *testing.T) {
+	type in struct {
+		family string
+		vinfo  VulnInfo
+	}
+	var tests = []struct {
+		in  in
+		out map[string]string
+	}{
+		{
+			in: in{
+				family: "redhat",
+				vinfo: VulnInfo{
+					CveID: "CVE-2017-6074",
+					CveContents: CveContents{
+						Jvn: {
+							Type:       Jvn,
+							SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
+						},
+						RedHat: {
+							Type:       RedHat,
+							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
+						},
+						NvdXML: {
+							Type:       NvdXML,
+							SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+						},
+					},
+				},
+			},
+			out: map[string]string{
+				"RHEL-CVE": "https://access.redhat.com/security/cve/CVE-2017-6074",
+			},
+		},
+		{
+			in: in{
+				family: "ubuntu",
+				vinfo: VulnInfo{
+					CveID: "CVE-2017-6074",
+					CveContents: CveContents{
+						RedHat: {
+							Type:       Ubuntu,
+							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
+						},
+					},
+				},
+			},
+			out: map[string]string{
+				"Ubuntu-CVE": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074",
+			},
+		},
+	}
+	for _, tt := range tests {
+		actual := tt.in.vinfo.VendorLinks(tt.in.family)
+		for k := range tt.out {
+			if tt.out[k] != actual[k] {
+				t.Errorf("\nexpected: %s\n  actual: %s\n", tt.out[k], actual[k])
+			}
+		}
+	}
+}
--- a/models/models.go
+++ b/models/models.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -17,228 +17,5 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.

 package models

-import (
-	"fmt"
-	"sort"
-	"time"
-
-	"github.com/future-architect/vuls/config"
-	"github.com/jinzhu/gorm"
-	cve "github.com/kotakanbe/go-cve-dictionary/models"
-)
-
-// ScanHistory is the history of Scanning.
-type ScanHistory struct {
-	gorm.Model
-	ScanResults []ScanResult
-	ScannedAt   time.Time
-}
-
-// ScanResults is slice of ScanResult.
-type ScanResults []ScanResult
-
-// FilterByCvssOver is filter function.
-func (results ScanResults) FilterByCvssOver() (filtered ScanResults) {
-	for _, result := range results {
-		cveInfos := []CveInfo{}
-		for _, cveInfo := range result.KnownCves {
-			if config.Conf.CvssScoreOver < cveInfo.CveDetail.CvssScore(config.Conf.Lang) {
-				cveInfos = append(cveInfos, cveInfo)
-			}
-		}
-		result.KnownCves = cveInfos
-		filtered = append(filtered, result)
-	}
-	return
-}
-
-// ScanResult has the result of scanned CVE information.
-type ScanResult struct {
-	gorm.Model
-	ScanHistoryID uint
-
-	ServerName string // TOML Section key
-	//  Hostname    string
-	Family  string
-	Release string
-	//  Fqdn        string
-	//  NWLinks     []NWLink
-	KnownCves   []CveInfo
-	UnknownCves []CveInfo
-}
-
-// CveSummary summarize the number of CVEs group by CVSSv2 Severity
-func (r ScanResult) CveSummary() string {
-	var high, middle, low, unknown int
-	cves := append(r.KnownCves, r.UnknownCves...)
-	for _, cveInfo := range cves {
-		score := cveInfo.CveDetail.CvssScore(config.Conf.Lang)
-		switch {
-		case 7.0 < score:
-			high++
-		case 4.0 < score:
-			middle++
-		case 0 < score:
-			low++
-		default:
-			unknown++
-		}
-	}
-	return fmt.Sprintf("Total: %d (High:%d Middle:%d Low:%d ?:%d)",
-		high+middle+low+unknown,
-		high, middle, low, unknown,
-	)
-}
-
-// NWLink has network link information.
-type NWLink struct {
-	gorm.Model
-	ScanResultID uint
-
-	IPAddress string
-	Netmask   string
-	DevName   string
-	LinkState string
-}
-
-// CveInfos is for sorting
-type CveInfos []CveInfo
-
-func (c CveInfos) Len() int {
-	return len(c)
-}
-
-func (c CveInfos) Swap(i, j int) {
-	c[i], c[j] = c[j], c[i]
-}
-
-func (c CveInfos) Less(i, j int) bool {
-	lang := config.Conf.Lang
-	return c[i].CveDetail.CvssScore(lang) > c[j].CveDetail.CvssScore(lang)
-}
-
-// CveInfo has Cve Information.
-type CveInfo struct {
-	gorm.Model
-	ScanResultID uint
-
-	CveDetail        cve.CveDetail
-	Packages         []PackageInfo
-	DistroAdvisories []DistroAdvisory
-	CpeNames         []CpeName
-}
-
-// CpeName has CPE name
-type CpeName struct {
-	gorm.Model
-	CveInfoID uint
-
-	Name string
-}
-
-// PackageInfoList is slice of PackageInfo
-type PackageInfoList []PackageInfo
-
-// Exists returns true if exists the name
-func (ps PackageInfoList) Exists(name string) bool {
-	for _, p := range ps {
-		if p.Name == name {
-			return true
-		}
-	}
-	return false
-}
-
-// UniqByName be uniq by name.
-func (ps PackageInfoList) UniqByName() (distincted PackageInfoList) {
-	set := make(map[string]PackageInfo)
-	for _, p := range ps {
-		set[p.Name] = p
-	}
-	//sort by key
-	keys := []string{}
-	for key := range set {
-		keys = append(keys, key)
-	}
-	sort.Strings(keys)
-	for _, key := range keys {
-		distincted = append(distincted, set[key])
-	}
-	return
-}
-
-// FindByName search PackageInfo by name
-func (ps PackageInfoList) FindByName(name string) (result PackageInfo, found bool) {
-	for _, p := range ps {
-		if p.Name == name {
-			return p, true
-		}
-	}
-	return PackageInfo{}, false
-}
-
-// Find search PackageInfo by name-version-release
-//  func (ps PackageInfoList) find(nameVersionRelease string) (PackageInfo, bool) {
-//      for _, p := range ps {
-//          joined := p.Name
-//          if 0 < len(p.Version) {
-//              joined = fmt.Sprintf("%s-%s", joined, p.Version)
-//          }
-//          if 0 < len(p.Release) {
-//              joined = fmt.Sprintf("%s-%s", joined, p.Release)
-//          }
-//          if joined == nameVersionRelease {
-//              return p, true
-//          }
-//      }
-//      return PackageInfo{}, false
-//  }
-
-// PackageInfo has installed packages.
-type PackageInfo struct {
-	gorm.Model
-	CveInfoID uint
-
-	Name    string
-	Version string
-	Release string
-
-	NewVersion string
-	NewRelease string
-}
-
-// ToStringCurrentVersion returns package name-version-release
-func (p PackageInfo) ToStringCurrentVersion() string {
-	str := p.Name
-	if 0 < len(p.Version) {
-		str = fmt.Sprintf("%s-%s", str, p.Version)
-	}
-	if 0 < len(p.Release) {
-		str = fmt.Sprintf("%s-%s", str, p.Release)
-	}
-	return str
-}
-
-// ToStringNewVersion returns package name-version-release
-func (p PackageInfo) ToStringNewVersion() string {
-	str := p.Name
-	if 0 < len(p.NewVersion) {
-		str = fmt.Sprintf("%s-%s", str, p.NewVersion)
-	}
-	if 0 < len(p.NewRelease) {
-		str = fmt.Sprintf("%s-%s", str, p.NewRelease)
-	}
-	return str
-}
-
-// DistroAdvisory has Amazon Linux AMI Security Advisory information.
-//TODO Rename to DistroAdvisory
-type DistroAdvisory struct {
-	gorm.Model
-	CveInfoID uint
-
-	AdvisoryID string
-	Severity   string
-	Issued     time.Time
-	Updated    time.Time
-}
+// JSONVersion is JSON Version
+const JSONVersion = 4
--- a/models/models_test.go
+++ b/models/models_test.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -16,39 +16,3 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

 package models
-
-import "testing"
-
-func TestPackageInfosUniqByName(t *testing.T) {
-	var test = struct {
-		in  PackageInfoList
-		out PackageInfoList
-	}{
-		PackageInfoList{
-			{
-				Name: "hoge",
-			},
-			{
-				Name: "fuga",
-			},
-			{
-				Name: "hoge",
-			},
-		},
-		PackageInfoList{
-			{
-				Name: "hoge",
-			},
-			{
-				Name: "fuga",
-			},
-		},
-	}
-
-	actual := test.in.UniqByName()
-	for i, ePack := range test.out {
-		if actual[i].Name == ePack.Name {
-			t.Errorf("expected %#v, actual %#v", ePack.Name, actual[i].Name)
-		}
-	}
-}
--- a/models/packages.go
+++ b/models/packages.go
@@ -0,0 +1,237 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+)
+
+// Packages is Map of Package
+// { "package-name": Package }
+type Packages map[string]Package
+
+// NewPackages create Packages
+func NewPackages(packs ...Package) Packages {
+	m := Packages{}
+	for _, pack := range packs {
+		m[pack.Name] = pack
+	}
+	return m
+}
+
+// MergeNewVersion merges candidate version information to the receiver struct
+func (ps Packages) MergeNewVersion(as Packages) {
+	for name, pack := range ps {
+		pack.NewVersion = pack.Version
+		pack.NewRelease = pack.Release
+		ps[name] = pack
+	}
+
+	for _, a := range as {
+		if pack, ok := ps[a.Name]; ok {
+			pack.NewVersion = a.NewVersion
+			pack.NewRelease = a.NewRelease
+			pack.Repository = a.Repository
+			ps[a.Name] = pack
+		}
+	}
+}
+
+// Merge returns merged map (immutable)
+func (ps Packages) Merge(other Packages) Packages {
+	merged := Packages{}
+	for k, v := range ps {
+		merged[k] = v
+	}
+	for k, v := range other {
+		merged[k] = v
+	}
+	return merged
+}
+
+// FindOne search a element
+func (ps Packages) FindOne(f func(Package) bool) (string, Package, bool) {
+	for key, p := range ps {
+		if f(p) {
+			return key, p, true
+		}
+	}
+	return "", Package{}, false
+}
+
+// FindByFQPN search a package by Fully-Qualified-Package-Name
+func (ps Packages) FindByFQPN(nameVerRelArc string) (*Package, error) {
+	for _, p := range ps {
+		if nameVerRelArc == p.FQPN() {
+			return &p, nil
+		}
+	}
+	return nil, fmt.Errorf("Failed to find the package: %s", nameVerRelArc)
+}
+
+// Package has installed binary packages.
+type Package struct {
+	Name             string               `json:"name"`
+	Version          string               `json:"version"`
+	Release          string               `json:"release"`
+	NewVersion       string               `json:"newVersion"`
+	NewRelease       string               `json:"newRelease"`
+	Arch             string               `json:"arch"`
+	Repository       string               `json:"repository"`
+	Changelog        Changelog            `json:"changelog"`
+	AffectedProcs    []AffectedProcess    `json:",omitempty"`
+	NeedRestartProcs []NeedRestartProcess `json:",omitempty"`
+}
+
+// FQPN returns Fully-Qualified-Package-Name
+// name-version-release.arch
+func (p Package) FQPN() string {
+	fqpn := p.Name
+	if p.Version != "" {
+		fqpn += fmt.Sprintf("-%s", p.Version)
+	}
+	if p.Release != "" {
+		fqpn += fmt.Sprintf("-%s", p.Release)
+	}
+	if p.Arch != "" {
+		fqpn += fmt.Sprintf(".%s", p.Arch)
+	}
+	return fqpn
+}
+
+// FormatVer returns package version-release
+func (p Package) FormatVer() string {
+	ver := p.Version
+	if 0 < len(p.Release) {
+		ver = fmt.Sprintf("%s-%s", ver, p.Release)
+	}
+	return ver
+}
+
+// FormatNewVer returns package version-release
+func (p Package) FormatNewVer() string {
+	ver := p.NewVersion
+	if 0 < len(p.NewRelease) {
+		ver = fmt.Sprintf("%s-%s", ver, p.NewRelease)
+	}
+	return ver
+}
+
+// FormatVersionFromTo formats installed and new package version
+func (p Package) FormatVersionFromTo(notFixedYet bool, status string) string {
+	to := p.FormatNewVer()
+	if notFixedYet {
+		if status != "" {
+			to = status
+		} else {
+			to = "Not Fixed Yet"
+		}
+	} else if p.NewVersion == "" {
+		to = "Unknown"
+	}
+	return fmt.Sprintf("%s-%s -> %s", p.Name, p.FormatVer(), to)
+}
+
+// FormatChangelog formats the changelog
+func (p Package) FormatChangelog() string {
+	buf := []string{}
+	packVer := fmt.Sprintf("%s-%s -> %s",
+		p.Name, p.FormatVer(), p.FormatNewVer())
+	var delim bytes.Buffer
+	for i := 0; i < len(packVer); i++ {
+		delim.WriteString("-")
+	}
+
+	clog := p.Changelog.Contents
+	if lines := strings.Split(clog, "\n"); len(lines) != 0 {
+		clog = strings.Join(lines[0:len(lines)-1], "\n")
+	}
+
+	switch p.Changelog.Method {
+	case FailedToGetChangelog:
+		clog = "No changelogs"
+	case FailedToFindVersionInChangelog:
+		clog = "Failed to parse changelogs. For details, check yourself"
+	}
+	buf = append(buf, packVer, delim.String(), clog)
+	return strings.Join(buf, "\n")
+}
+
+// Changelog has contents of changelog and how to get it.
+// Method: models.detectionMethodStr
+type Changelog struct {
+	Contents string          `json:"contents"`
+	Method   DetectionMethod `json:"method"`
+}
+
+// AffectedProcess keep a processes information affected by software update
+type AffectedProcess struct {
+	PID  string `json:"pid"`
+	Name string `json:"name"`
+}
+
+// NeedRestartProcess keep a processes information affected by software update
+type NeedRestartProcess struct {
+	PID         string `json:"pid"`
+	Path        string `json:"path"`
+	ServiceName string `json:"serviceName"`
+	InitSystem  string `json:"initSystem"`
+	HasInit     bool   `json:"-"`
+}
+
+// SrcPackage has installed source package information.
+// Debian based Linux has both of package and source information in dpkg.
+// OVAL database often includes a source version (Not a binary version),
+// so it is also needed to capture source version for OVAL version comparison.
+// https://github.com/future-architect/vuls/issues/504
+type SrcPackage struct {
+	Name        string   `json:"name"`
+	Version     string   `json:"version"`
+	BinaryNames []string `json:"binaryNames"`
+}
+
+// AddBinaryName add the name if not exists
+func (s *SrcPackage) AddBinaryName(name string) {
+	found := false
+	for _, n := range s.BinaryNames {
+		if n == name {
+			return
+		}
+	}
+	if !found {
+		s.BinaryNames = append(s.BinaryNames, name)
+	}
+}
+
+// SrcPackages is Map of SrcPackage
+// { "package-name": SrcPackage }
+type SrcPackages map[string]SrcPackage
+
+// FindByBinName finds by bin-package-name
+func (s SrcPackages) FindByBinName(name string) (*SrcPackage, bool) {
+	for _, p := range s {
+		for _, binName := range p.BinaryNames {
+			if binName == name {
+				return &p, true
+			}
+		}
+	}
+	return nil, false
+}
--- a/models/packages_test.go
+++ b/models/packages_test.go
@@ -0,0 +1,193 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package models
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/k0kubun/pp"
+)
+
+func TestMergeNewVersion(t *testing.T) {
+	var test = struct {
+		a        Packages
+		b        Packages
+		expected Packages
+	}{
+		Packages{
+			"hoge": {
+				Name: "hoge",
+			},
+		},
+		Packages{
+			"hoge": {
+				Name:       "hoge",
+				NewVersion: "1.0.0",
+				NewRelease: "release1",
+			},
+		},
+		Packages{
+			"hoge": {
+				Name:       "hoge",
+				NewVersion: "1.0.0",
+				NewRelease: "release1",
+			},
+		},
+	}
+
+	test.a.MergeNewVersion(test.b)
+	if !reflect.DeepEqual(test.a, test.expected) {
+		e := pp.Sprintf("%v", test.a)
+		a := pp.Sprintf("%v", test.expected)
+		t.Errorf("expected %s, actual %s", e, a)
+	}
+}
+
+func TestMerge(t *testing.T) {
+	var test = struct {
+		a        Packages
+		b        Packages
+		expected Packages
+	}{
+		Packages{
+			"hoge": {Name: "hoge"},
+			"fuga": {Name: "fuga"},
+		},
+		Packages{
+			"hega": {Name: "hega"},
+			"hage": {Name: "hage"},
+		},
+		Packages{
+			"hoge": {Name: "hoge"},
+			"fuga": {Name: "fuga"},
+			"hega": {Name: "hega"},
+			"hage": {Name: "hage"},
+		},
+	}
+
+	actual := test.a.Merge(test.b)
+	if !reflect.DeepEqual(actual, test.expected) {
+		e := pp.Sprintf("%v", test.expected)
+		a := pp.Sprintf("%v", actual)
+		t.Errorf("expected %s, actual %s", e, a)
+	}
+}
+
+func TestAddBinaryName(t *testing.T) {
+	var tests = []struct {
+		in       SrcPackage
+		name     string
+		expected SrcPackage
+	}{
+		{
+			SrcPackage{Name: "hoge"},
+			"curl",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+		},
+		{
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+			"curl",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+		},
+		{
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+			"openssh",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl", "openssh"},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		tt.in.AddBinaryName(tt.name)
+		if !reflect.DeepEqual(tt.in, tt.expected) {
+			t.Errorf("expected %#v, actual %#v", tt.in, tt.expected)
+		}
+	}
+}
+
+func TestFindByBinName(t *testing.T) {
+	var tests = []struct {
+		in       SrcPackages
+		name     string
+		expected *SrcPackage
+		ok       bool
+	}{
+		{
+			in: map[string]SrcPackage{
+				"packA": {
+					Name:        "srcA",
+					BinaryNames: []string{"binA"},
+					Version:     "1.0.0",
+				},
+				"packB": {
+					Name:        "srcB",
+					BinaryNames: []string{"binB"},
+					Version:     "2.0.0",
+				},
+			},
+			name: "binA",
+			expected: &SrcPackage{
+				Name:        "srcA",
+				BinaryNames: []string{"binA"},
+				Version:     "1.0.0",
+			},
+			ok: true,
+		},
+		{
+			in: map[string]SrcPackage{
+				"packA": {
+					Name:        "srcA",
+					BinaryNames: []string{"binA"},
+					Version:     "1.0.0",
+				},
+				"packB": {
+					Name:        "srcB",
+					BinaryNames: []string{"binB"},
+					Version:     "2.0.0",
+				},
+			},
+			name:     "nobin",
+			expected: nil,
+			ok:       false,
+		},
+	}
+
+	for i, tt := range tests {
+		act, ok := tt.in.FindByBinName(tt.name)
+		if ok != tt.ok {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.in, tt.expected)
+		}
+		if act != nil && !reflect.DeepEqual(*tt.expected, *act) {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.in, tt.expected)
+		}
+	}
+}
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -0,0 +1,410 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"bytes"
+	"fmt"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/cwe"
+	"github.com/future-architect/vuls/util"
+)
+
+// ScanResults is a slide of ScanResult
+type ScanResults []ScanResult
+
+// ScanResult has the result of scanned CVE information.
+type ScanResult struct {
+	JSONVersion      int                    `json:"jsonVersion"`
+	Lang             string                 `json:"lang"`
+	ServerUUID       string                 `json:"serverUUID"`
+	ServerName       string                 `json:"serverName"` // TOML Section key
+	Family           string                 `json:"family"`
+	Release          string                 `json:"release"`
+	Container        Container              `json:"container"`
+	Platform         Platform               `json:"platform"`
+	IPv4Addrs        []string               `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPv6Addrs        []string               `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	ScannedAt        time.Time              `json:"scannedAt"`
+	ScanMode         string                 `json:"scanMode"`
+	ScannedVersion   string                 `json:"scannedVersion"`
+	ScannedRevision  string                 `json:"scannedRevision"`
+	ScannedBy        string                 `json:"scannedBy"`
+	ReportedAt       time.Time              `json:"reportedAt"`
+	ReportedVersion  string                 `json:"reportedVersion"`
+	ReportedRevision string                 `json:"reportedRevision"`
+	ReportedBy       string                 `json:"reportedBy"`
+	ScannedCves      VulnInfos              `json:"scannedCves"`
+	RunningKernel    Kernel                 `json:"runningKernel"`
+	Packages         Packages               `json:"packages"`
+	CweDict          CweDict                `json:"cweDict"`
+	Optional         map[string]interface{} `json:",omitempty"`
+	SrcPackages      SrcPackages            `json:",omitempty"`
+	Errors           []string               `json:"errors"`
+	Config           struct {
+		Scan   config.Config `json:"scan"`
+		Report config.Config `json:"report"`
+	} `json:"config"`
+}
+
+// CweDict is a dictionary for CWE
+type CweDict map[string]CweDictEntry
+
+// Get the name, url, top10URL for the specified cweID, lang
+func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string) {
+	cweNum := strings.TrimPrefix(cweID, "CWE-")
+	switch config.Conf.Lang {
+	case "ja":
+		if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" {
+			top10Rank = dict.OwaspTopTen2017
+			top10URL = cwe.OwaspTopTen2017GitHubURLJa[dict.OwaspTopTen2017]
+		}
+		if dict, ok := cwe.CweDictJa[cweNum]; ok {
+			name = dict.Name
+			url = fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID)
+		} else {
+			if dict, ok := cwe.CweDictEn[cweNum]; ok {
+				name = dict.Name
+			}
+			url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID)
+		}
+	default:
+		if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" {
+			top10Rank = dict.OwaspTopTen2017
+			top10URL = cwe.OwaspTopTen2017GitHubURLEn[dict.OwaspTopTen2017]
+		}
+		url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID)
+		if dict, ok := cwe.CweDictEn[cweNum]; ok {
+			name = dict.Name
+		}
+	}
+	return
+}
+
+// CweDictEntry is a entry of CWE
+type CweDictEntry struct {
+	En              *cwe.Cwe `json:"en,omitempty"`
+	Ja              *cwe.Cwe `json:"ja,omitempty"`
+	OwaspTopTen2017 string   `json:"owaspTopTen2017"`
+}
+
+// Kernel has the Release, version and whether need restart
+type Kernel struct {
+	Release        string `json:"release"`
+	Version        string `json:"version"`
+	RebootRequired bool   `json:"rebootRequired"`
+}
+
+// FilterByCvssOver is filter function.
+func (r ScanResult) FilterByCvssOver(over float64) ScanResult {
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		v2Max := v.MaxCvss2Score()
+		v3Max := v.MaxCvss3Score()
+		max := v2Max.Value.Score
+		if max < v3Max.Value.Score {
+			max = v3Max.Value.Score
+		}
+		if over <= max {
+			return true
+		}
+		return false
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// FilterIgnoreCves is filter function.
+func (r ScanResult) FilterIgnoreCves() ScanResult {
+
+	ignoreCves := []string{}
+	if len(r.Container.Name) == 0 {
+		ignoreCves = config.Conf.Servers[r.ServerName].IgnoreCves
+	} else {
+		if s, ok := config.Conf.Servers[r.ServerName]; ok {
+			if con, ok := s.Containers[r.Container.Name]; ok {
+				ignoreCves = con.IgnoreCves
+			} else {
+				util.Log.Errorf("%s is not found in config.toml",
+					r.Container.Name)
+				return r
+			}
+		} else {
+			util.Log.Errorf("%s is not found in config.toml",
+				r.ServerName)
+			return r
+		}
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		for _, c := range ignoreCves {
+			if v.CveID == c {
+				return false
+			}
+		}
+		return true
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// FilterUnfixed is filter function.
+func (r ScanResult) FilterUnfixed() ScanResult {
+	if !config.Conf.IgnoreUnfixed {
+		return r
+	}
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		NotFixedAll := true
+		for _, p := range v.AffectedPackages {
+			NotFixedAll = NotFixedAll && p.NotFixedYet
+		}
+		return !NotFixedAll
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// FilterIgnorePkgs is filter function.
+func (r ScanResult) FilterIgnorePkgs() ScanResult {
+	ignorePkgsRegexps := []string{}
+	if len(r.Container.Name) == 0 {
+		ignorePkgsRegexps = config.Conf.Servers[r.ServerName].IgnorePkgsRegexp
+	} else {
+		if s, ok := config.Conf.Servers[r.ServerName]; ok {
+			if con, ok := s.Containers[r.Container.Name]; ok {
+				ignorePkgsRegexps = con.IgnorePkgsRegexp
+			} else {
+				util.Log.Errorf("%s is not found in config.toml",
+					r.Container.Name)
+				return r
+			}
+		} else {
+			util.Log.Errorf("%s is not found in config.toml",
+				r.ServerName)
+			return r
+		}
+	}
+
+	regexps := []*regexp.Regexp{}
+	for _, pkgRegexp := range ignorePkgsRegexps {
+		re, err := regexp.Compile(pkgRegexp)
+		if err != nil {
+			util.Log.Errorf("Faild to parse %s, %s", pkgRegexp, err)
+			continue
+		} else {
+			regexps = append(regexps, re)
+		}
+	}
+	if len(regexps) == 0 {
+		return r
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		if len(v.AffectedPackages) == 0 {
+			return true
+		}
+		for _, p := range v.AffectedPackages {
+			match := false
+			for _, re := range regexps {
+				if re.MatchString(p.Name) {
+					match = true
+				}
+			}
+			if !match {
+				return true
+			}
+		}
+		return false
+	})
+
+	r.ScannedCves = filtered
+	return r
+}
+
+// ReportFileName returns the filename on localhost without extention
+func (r ScanResult) ReportFileName() (name string) {
+	if len(r.Container.ContainerID) == 0 {
+		return fmt.Sprintf("%s", r.ServerName)
+	}
+	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
+}
+
+// ReportKeyName returns the name of key on S3, Azure-Blob without extention
+func (r ScanResult) ReportKeyName() (name string) {
+	timestr := r.ScannedAt.Format(time.RFC3339)
+	if len(r.Container.ContainerID) == 0 {
+		return fmt.Sprintf("%s/%s", timestr, r.ServerName)
+	}
+	return fmt.Sprintf("%s/%s@%s", timestr, r.Container.Name, r.ServerName)
+}
+
+// ServerInfo returns server name one line
+func (r ScanResult) ServerInfo() string {
+	if len(r.Container.ContainerID) == 0 {
+		return fmt.Sprintf("%s (%s%s)",
+			r.FormatServerName(), r.Family, r.Release)
+	}
+	return fmt.Sprintf(
+		"%s (%s%s) on %s",
+		r.FormatServerName(),
+		r.Family,
+		r.Release,
+		r.ServerName,
+	)
+}
+
+// ServerInfoTui returns server information for TUI sidebar
+func (r ScanResult) ServerInfoTui() string {
+	if len(r.Container.ContainerID) == 0 {
+		line := fmt.Sprintf("%s (%s%s)",
+			r.ServerName, r.Family, r.Release)
+		if r.RunningKernel.RebootRequired {
+			return "[Reboot] " + line
+		}
+		return line
+	}
+
+	fmtstr := "|-- %s (%s%s)"
+	if r.RunningKernel.RebootRequired {
+		fmtstr = "|-- [Reboot] %s (%s%s)"
+	}
+	return fmt.Sprintf(fmtstr, r.Container.Name, r.Family, r.Release)
+}
+
+// FormatServerName returns server and container name
+func (r ScanResult) FormatServerName() (name string) {
+	if len(r.Container.ContainerID) == 0 {
+		name = r.ServerName
+	} else {
+		name = fmt.Sprintf("%s@%s",
+			r.Container.Name, r.ServerName)
+	}
+	if r.RunningKernel.RebootRequired {
+		name = "[Reboot Required] " + name
+	}
+	return
+}
+
+// FormatTextReportHeadedr returns header of text report
+func (r ScanResult) FormatTextReportHeadedr() string {
+	var buf bytes.Buffer
+	for i := 0; i < len(r.ServerInfo()); i++ {
+		buf.WriteString("=")
+	}
+
+	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s\n",
+		r.ServerInfo(),
+		buf.String(),
+		r.ScannedCves.FormatCveSummary(),
+		r.ScannedCves.FormatFixedStatus(r.Packages),
+		r.FormatUpdatablePacksSummary(),
+		r.FormatExploitCveSummary(),
+	)
+}
+
+// FormatUpdatablePacksSummary returns a summary of updatable packages
+func (r ScanResult) FormatUpdatablePacksSummary() string {
+	if !r.isDisplayUpdatableNum() {
+		return fmt.Sprintf("%d installed", len(r.Packages))
+	}
+
+	nUpdatable := 0
+	for _, p := range r.Packages {
+		if p.NewVersion == "" {
+			continue
+		}
+		if p.Version != p.NewVersion || p.Release != p.NewRelease {
+			nUpdatable++
+		}
+	}
+	return fmt.Sprintf("%d installed, %d updatable",
+		len(r.Packages),
+		nUpdatable)
+}
+
+// FormatExploitCveSummary returns a summary of exploit cve
+func (r ScanResult) FormatExploitCveSummary() string {
+	nExploitCve := 0
+	for _, vuln := range r.ScannedCves {
+		if 0 < len(vuln.Exploits) {
+			nExploitCve++
+		}
+	}
+	return fmt.Sprintf("%d exploits", nExploitCve)
+}
+
+func (r ScanResult) isDisplayUpdatableNum() bool {
+	var mode config.ScanMode
+	s, _ := config.Conf.Servers[r.ServerName]
+	mode = s.Mode
+
+	if mode.IsOffline() {
+		return false
+	}
+	if mode.IsFastRoot() || mode.IsDeep() {
+		return true
+	}
+	if mode.IsFast() {
+		switch r.Family {
+		case config.RedHat,
+			config.Oracle,
+			config.Debian,
+			config.Ubuntu,
+			config.Raspbian:
+			return false
+		default:
+			return true
+		}
+	}
+	return false
+}
+
+// IsContainer returns whether this ServerInfo is about container
+func (r ScanResult) IsContainer() bool {
+	return 0 < len(r.Container.ContainerID)
+}
+
+// IsDeepScanMode checks if the scan mode is deep scan mode.
+func (r ScanResult) IsDeepScanMode() bool {
+	for _, s := range r.Config.Scan.Servers {
+		for _, m := range s.ScanMode {
+			if m == "deep" {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// Container has Container information
+type Container struct {
+	ContainerID string `json:"containerID"`
+	Name        string `json:"name"`
+	Image       string `json:"image"`
+	Type        string `json:"type"`
+	UUID        string `json:"uuid"`
+}
+
+// Platform has platform information
+type Platform struct {
+	Name       string `json:"name"` // aws or azure or gcp or other...
+	InstanceID string `json:"instanceID"`
+}
--- a/models/scanresults_test.go
+++ b/models/scanresults_test.go
@@ -0,0 +1,738 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package models
+
+import (
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/k0kubun/pp"
+)
+
+func TestFilterByCvssOver(t *testing.T) {
+	type in struct {
+		over float64
+		rs   ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				over: 7.0,
+				rs: ScanResult{
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:         NvdXML,
+									CveID:        "CVE-2017-0001",
+									Cvss2Score:   7.1,
+									LastModified: time.Time{},
+								},
+							),
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:         NvdXML,
+									CveID:        "CVE-2017-0002",
+									Cvss2Score:   6.9,
+									LastModified: time.Time{},
+								},
+							),
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:         NvdXML,
+									CveID:        "CVE-2017-0003",
+									Cvss2Score:   6.9,
+									LastModified: time.Time{},
+								},
+								CveContent{
+									Type:         Jvn,
+									CveID:        "CVE-2017-0003",
+									Cvss2Score:   7.2,
+									LastModified: time.Time{},
+								},
+							),
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:         NvdXML,
+								CveID:        "CVE-2017-0001",
+								Cvss2Score:   7.1,
+								LastModified: time.Time{},
+							},
+						),
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:         NvdXML,
+								CveID:        "CVE-2017-0003",
+								Cvss2Score:   6.9,
+								LastModified: time.Time{},
+							},
+							CveContent{
+								Type:         Jvn,
+								CveID:        "CVE-2017-0003",
+								Cvss2Score:   7.2,
+								LastModified: time.Time{},
+							},
+						),
+					},
+				},
+			},
+		},
+		// OVAL Severity
+		{
+			in: in{
+				over: 7.0,
+				rs: ScanResult{
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:          Ubuntu,
+									CveID:         "CVE-2017-0001",
+									Cvss2Severity: "HIGH",
+									LastModified:  time.Time{},
+								},
+							),
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:          RedHat,
+									CveID:         "CVE-2017-0002",
+									Cvss2Severity: "CRITICAL",
+									LastModified:  time.Time{},
+								},
+							),
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:          Oracle,
+									CveID:         "CVE-2017-0003",
+									Cvss2Severity: "IMPORTANT",
+									LastModified:  time.Time{},
+								},
+							),
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:          Ubuntu,
+								CveID:         "CVE-2017-0001",
+								Cvss2Severity: "HIGH",
+								LastModified:  time.Time{},
+							},
+						),
+					},
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:          RedHat,
+								CveID:         "CVE-2017-0002",
+								Cvss2Severity: "CRITICAL",
+								LastModified:  time.Time{},
+							},
+						),
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:          Oracle,
+								CveID:         "CVE-2017-0003",
+								Cvss2Severity: "IMPORTANT",
+								LastModified:  time.Time{},
+							},
+						),
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		actual := tt.in.rs.FilterByCvssOver(tt.in.over)
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+func TestFilterIgnoreCveIDs(t *testing.T) {
+	type in struct {
+		cves []string
+		rs   ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				cves: []string{"CVE-2017-0002"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {IgnoreCves: tt.in.cves},
+		}
+		actual := tt.in.rs.FilterIgnoreCves()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterIgnoreCveIDsContainer(t *testing.T) {
+	type in struct {
+		cves []string
+		rs   ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				cves: []string{"CVE-2017-0002"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {
+				Containers: map[string]config.ContainerSetting{
+					"dockerA": {
+						IgnoreCves: tt.in.cves,
+					},
+				},
+			},
+		}
+		actual := tt.in.rs.FilterIgnoreCves()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterUnfixed(t *testing.T) {
+	var tests = []struct {
+		in  ScanResult
+		out ScanResult
+	}{
+		{
+			in: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "a",
+								NotFixedYet: true,
+							},
+						},
+					},
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "b",
+								NotFixedYet: false,
+							},
+						},
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "c",
+								NotFixedYet: true,
+							},
+							{
+								Name:        "d",
+								NotFixedYet: false,
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "b",
+								NotFixedYet: false,
+							},
+						},
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "c",
+								NotFixedYet: true,
+							},
+							{
+								Name:        "d",
+								NotFixedYet: false,
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	for i, tt := range tests {
+		config.Conf.IgnoreUnfixed = true
+		actual := tt.in.FilterUnfixed()
+		if !reflect.DeepEqual(tt.out.ScannedCves, actual.ScannedCves) {
+			o := pp.Sprintf("%v", tt.out.ScannedCves)
+			a := pp.Sprintf("%v", actual.ScannedCves)
+			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, o, a)
+		}
+	}
+}
+
+func TestFilterIgnorePkgs(t *testing.T) {
+	type in struct {
+		ignorePkgsRegexp []string
+		rs               ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+							},
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageStatuses{
+							{Name: "kernel"},
+							{Name: "vim"},
+						},
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel", "^vim", "^bind"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName:  "name",
+				ScannedCves: VulnInfos{},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {IgnorePkgsRegexp: tt.in.ignorePkgsRegexp},
+		}
+		actual := tt.in.rs.FilterIgnorePkgs()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterIgnorePkgsContainer(t *testing.T) {
+	type in struct {
+		ignorePkgsRegexp []string
+		rs               ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+							},
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageStatuses{
+							{Name: "kernel"},
+							{Name: "vim"},
+						},
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel", "^vim", "^bind"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName:  "name",
+				Container:   Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {
+				Containers: map[string]config.ContainerSetting{
+					"dockerA": {
+						IgnorePkgsRegexp: tt.in.ignorePkgsRegexp,
+					},
+				},
+			},
+		}
+		actual := tt.in.rs.FilterIgnorePkgs()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestIsDisplayUpdatableNum(t *testing.T) {
+	var tests = []struct {
+		mode     []byte
+		family   string
+		expected bool
+	}{
+		{
+			mode:     []byte{config.Offline},
+			expected: false,
+		},
+		{
+			mode:     []byte{config.FastRoot},
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Deep},
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.RedHat,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Oracle,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Debian,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Ubuntu,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Raspbian,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.CentOS,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Amazon,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.FreeBSD,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.OpenSUSE,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Alpine,
+			expected: true,
+		},
+	}
+
+	for i, tt := range tests {
+		mode := config.ScanMode{}
+		for _, m := range tt.mode {
+			mode.Set(m)
+		}
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {Mode: mode},
+		}
+		r := ScanResult{
+			ServerName: "name",
+			Family:     tt.family,
+		}
+		act := r.isDisplayUpdatableNum()
+		if tt.expected != act {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.expected, act)
+		}
+	}
+}
--- a/models/utils.go
+++ b/models/utils.go
@@ -0,0 +1,156 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"strings"
+
+	cvedict "github.com/kotakanbe/go-cve-dictionary/models"
+)
+
+// ConvertNvdXMLToModel convert NVD to CveContent
+func ConvertNvdXMLToModel(cveID string, nvd *cvedict.NvdXML) *CveContent {
+	if nvd == nil {
+		return nil
+	}
+	var cpes []Cpe
+	for _, c := range nvd.Cpes {
+		cpes = append(cpes, Cpe{
+			FormattedString: c.FormattedString,
+			URI:             c.URI,
+		})
+	}
+
+	var refs []Reference
+	for _, r := range nvd.References {
+		refs = append(refs, Reference{
+			Link:   r.Link,
+			Source: r.Source,
+		})
+	}
+
+	cweIDs := []string{}
+	for _, cid := range nvd.Cwes {
+		cweIDs = append(cweIDs, cid.CweID)
+	}
+
+	return &CveContent{
+		Type:          Nvd,
+		CveID:         cveID,
+		Summary:       nvd.Summary,
+		Cvss2Score:    nvd.Cvss2.BaseScore,
+		Cvss2Vector:   nvd.Cvss2.VectorString,
+		Cvss2Severity: nvd.Cvss2.Severity,
+		SourceLink:    "https://nvd.nist.gov/vuln/detail/" + cveID,
+		// Cpes:          cpes,
+		CweIDs:       cweIDs,
+		References:   refs,
+		Published:    nvd.PublishedDate,
+		LastModified: nvd.LastModifiedDate,
+	}
+}
+
+// ConvertJvnToModel convert JVN to CveContent
+func ConvertJvnToModel(cveID string, jvn *cvedict.Jvn) *CveContent {
+	if jvn == nil {
+		return nil
+	}
+	var cpes []Cpe
+	for _, c := range jvn.Cpes {
+		cpes = append(cpes, Cpe{
+			FormattedString: c.FormattedString,
+			URI:             c.URI,
+		})
+	}
+
+	refs := []Reference{}
+	for _, r := range jvn.References {
+		refs = append(refs, Reference{
+			Link:   r.Link,
+			Source: r.Source,
+		})
+	}
+
+	return &CveContent{
+		Type:          Jvn,
+		CveID:         cveID,
+		Title:         jvn.Title,
+		Summary:       jvn.Summary,
+		Cvss2Score:    jvn.Cvss2.BaseScore,
+		Cvss2Vector:   jvn.Cvss2.VectorString,
+		Cvss2Severity: jvn.Cvss2.Severity,
+		Cvss3Score:    jvn.Cvss3.BaseScore,
+		Cvss3Vector:   jvn.Cvss3.VectorString,
+		Cvss3Severity: jvn.Cvss3.BaseSeverity,
+		SourceLink:    jvn.JvnLink,
+		// Cpes:          cpes,
+		References:   refs,
+		Published:    jvn.PublishedDate,
+		LastModified: jvn.LastModifiedDate,
+	}
+}
+
+// ConvertNvdJSONToModel convert NVD to CveContent
+func ConvertNvdJSONToModel(cveID string, nvd *cvedict.NvdJSON) *CveContent {
+	if nvd == nil {
+		return nil
+	}
+	var cpes []Cpe
+	for _, c := range nvd.Cpes {
+		cpes = append(cpes, Cpe{
+			FormattedString: c.FormattedString,
+			URI:             c.URI,
+		})
+	}
+
+	var refs []Reference
+	for _, r := range nvd.References {
+		refs = append(refs, Reference{
+			Link:   r.Link,
+			Source: r.Source,
+		})
+	}
+
+	cweIDs := []string{}
+	for _, cid := range nvd.Cwes {
+		cweIDs = append(cweIDs, cid.CweID)
+	}
+
+	desc := []string{}
+	for _, d := range nvd.Descriptions {
+		desc = append(desc, d.Value)
+	}
+
+	return &CveContent{
+		Type:          Nvd,
+		CveID:         cveID,
+		Summary:       strings.Join(desc, "\n"),
+		Cvss2Score:    nvd.Cvss2.BaseScore,
+		Cvss2Vector:   nvd.Cvss2.VectorString,
+		Cvss2Severity: nvd.Cvss2.Severity,
+		Cvss3Score:    nvd.Cvss3.BaseScore,
+		Cvss3Vector:   nvd.Cvss3.VectorString,
+		Cvss3Severity: nvd.Cvss3.BaseSeverity,
+		SourceLink:    "https://nvd.nist.gov/vuln/detail/" + cveID,
+		// Cpes:          cpes,
+		CweIDs:       cweIDs,
+		References:   refs,
+		Published:    nvd.PublishedDate,
+		LastModified: nvd.LastModifiedDate,
+	}
+}
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -0,0 +1,824 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"bytes"
+	"fmt"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	exploitmodels "github.com/mozqnet/go-exploitdb/models"
+)
+
+// VulnInfos has a map of VulnInfo
+// Key: CveID
+type VulnInfos map[string]VulnInfo
+
+// Find elements that matches the function passed in argument
+func (v VulnInfos) Find(f func(VulnInfo) bool) VulnInfos {
+	filtered := VulnInfos{}
+	for _, vv := range v {
+		if f(vv) {
+			filtered[vv.CveID] = vv
+		}
+	}
+	return filtered
+}
+
+// FindScoredVulns return scored vulnerabilities
+func (v VulnInfos) FindScoredVulns() VulnInfos {
+	return v.Find(func(vv VulnInfo) bool {
+		if 0 < vv.MaxCvss2Score().Value.Score ||
+			0 < vv.MaxCvss3Score().Value.Score {
+			return true
+		}
+		return false
+	})
+}
+
+// ToSortedSlice returns slice of VulnInfos that is sorted by Score, CVE-ID
+func (v VulnInfos) ToSortedSlice() (sorted []VulnInfo) {
+	for k := range v {
+		sorted = append(sorted, v[k])
+	}
+	sort.Slice(sorted, func(i, j int) bool {
+		maxI := sorted[i].MaxCvssScore()
+		maxJ := sorted[j].MaxCvssScore()
+		if maxI.Value.Score != maxJ.Value.Score {
+			return maxJ.Value.Score < maxI.Value.Score
+		}
+		return sorted[i].CveID < sorted[j].CveID
+	})
+	return
+}
+
+// CountGroupBySeverity summarize the number of CVEs group by CVSSv2 Severity
+func (v VulnInfos) CountGroupBySeverity() map[string]int {
+	m := map[string]int{}
+	for _, vInfo := range v {
+		score := vInfo.MaxCvss2Score().Value.Score
+		if score < 0.1 {
+			score = vInfo.MaxCvss3Score().Value.Score
+		}
+		switch {
+		case 7.0 <= score:
+			m["High"]++
+		case 4.0 <= score:
+			m["Medium"]++
+		case 0 < score:
+			m["Low"]++
+		default:
+			m["Unknown"]++
+		}
+	}
+	return m
+}
+
+// FormatCveSummary summarize the number of CVEs group by CVSSv2 Severity
+func (v VulnInfos) FormatCveSummary() string {
+	m := v.CountGroupBySeverity()
+
+	if config.Conf.IgnoreUnscoredCves {
+		return fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d)",
+			m["High"]+m["Medium"]+m["Low"], m["High"], m["Medium"], m["Low"])
+	}
+	return fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d ?:%d)",
+		m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
+		m["High"], m["Medium"], m["Low"], m["Unknown"])
+}
+
+// FormatFixedStatus summarize the number of cves are fixed.
+func (v VulnInfos) FormatFixedStatus(packs Packages) string {
+	total, fixed := 0, 0
+	for _, vInfo := range v {
+		if len(vInfo.CpeURIs) != 0 {
+			continue
+		}
+		total++
+		if vInfo.PatchStatus(packs) == "Fixed" {
+			fixed++
+		}
+	}
+	return fmt.Sprintf("%d/%d Fixed", fixed, total)
+}
+
+// PackageStatuses is a list of PackageStatus
+type PackageStatuses []PackageStatus
+
+// FormatTuiSummary format packname to show TUI summary
+func (ps PackageStatuses) FormatTuiSummary() string {
+	names := []string{}
+	for _, p := range ps {
+		names = append(names, p.Name)
+	}
+	return strings.Join(names, ", ")
+}
+
+// Store insert given pkg if missing, update pkg if exists
+func (ps PackageStatuses) Store(pkg PackageStatus) PackageStatuses {
+	for i, p := range ps {
+		if p.Name == pkg.Name {
+			ps[i] = pkg
+			return ps
+		}
+	}
+	ps = append(ps, pkg)
+	return ps
+}
+
+// Sort by Name
+func (ps PackageStatuses) Sort() {
+	sort.Slice(ps, func(i, j int) bool {
+		return ps[i].Name < ps[j].Name
+	})
+	return
+}
+
+// PackageStatus has name and other status abount the package
+type PackageStatus struct {
+	Name        string `json:"name"`
+	NotFixedYet bool   `json:"notFixedYet"`
+	FixState    string `json:"fixState"`
+}
+
+// VulnInfo has a vulnerability information and unsecure packages
+type VulnInfo struct {
+	CveID            string           `json:"cveID"`
+	Confidences      Confidences      `json:"confidences"`
+	AffectedPackages PackageStatuses  `json:"affectedPackages"`
+	DistroAdvisories []DistroAdvisory `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
+	CpeURIs          []string         `json:"cpeURIs,omitempty"`          // CpeURIs related to this CVE defined in config.toml
+	CveContents      CveContents      `json:"cveContents"`
+	Exploits         []Exploit        `json:"exploits"`
+}
+
+// Titles returns tilte (TUI)
+func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) {
+	if lang == "ja" {
+		if cont, found := v.CveContents[Jvn]; found && 0 < len(cont.Title) {
+			values = append(values, CveContentStr{Jvn, cont.Title})
+		}
+	}
+
+	// RedHat API has one line title.
+	if cont, found := v.CveContents[RedHatAPI]; found && 0 < len(cont.Title) {
+		values = append(values, CveContentStr{RedHatAPI, cont.Title})
+	}
+
+	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
+	for _, ctype := range order {
+		// Only JVN has meaningful title. so return first 100 char of summary
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) {
+			summary := strings.Replace(cont.Summary, "\n", " ", -1)
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: summary,
+			})
+		}
+	}
+
+	for _, adv := range v.DistroAdvisories {
+		values = append(values, CveContentStr{
+			Type:  "Vendor",
+			Value: strings.Replace(adv.Description, "\n", " ", -1),
+		})
+	}
+
+	if len(values) == 0 {
+		values = []CveContentStr{{
+			Type:  Unknown,
+			Value: "-",
+		}}
+	}
+	return
+}
+
+// Summaries returns summaries
+func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
+	if lang == "ja" {
+		if cont, found := v.CveContents[Jvn]; found && 0 < len(cont.Summary) {
+			summary := cont.Title
+			summary += "\n" + strings.Replace(
+				strings.Replace(cont.Summary, "\n", " ", -1), "\r", " ", -1)
+			values = append(values, CveContentStr{Jvn, summary})
+		}
+	}
+
+	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) {
+			summary := strings.Replace(cont.Summary, "\n", " ", -1)
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: summary,
+			})
+		}
+	}
+
+	for _, adv := range v.DistroAdvisories {
+		values = append(values, CveContentStr{
+			Type:  "Vendor",
+			Value: adv.Description,
+		})
+	}
+
+	if len(values) == 0 {
+		return []CveContentStr{{
+			Type:  Unknown,
+			Value: "-",
+		}}
+	}
+
+	return
+}
+
+// Mitigations returns mitigations
+func (v VulnInfo) Mitigations(myFamily string) (values []CveContentStr) {
+	order := CveContentTypes{RedHatAPI}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Mitigation) {
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: cont.Mitigation,
+			})
+		}
+	}
+
+	if len(values) == 0 {
+		return []CveContentStr{{
+			Type:  Unknown,
+			Value: "-",
+		}}
+	}
+	return
+}
+
+// Cvss2Scores returns CVSS V2 Scores
+func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
+	order := []CveContentType{Nvd, NvdXML, RedHat, Jvn}
+	if myFamily != config.RedHat && myFamily != config.CentOS {
+		order = append(order, NewCveContentType(myFamily))
+	}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found {
+			if cont.Cvss2Score == 0 && cont.Cvss2Severity == "" {
+				continue
+			}
+			// https://nvd.nist.gov/vuln-metrics/cvss
+			values = append(values, CveContentCvss{
+				Type: ctype,
+				Value: Cvss{
+					Type:     CVSS2,
+					Score:    cont.Cvss2Score,
+					Vector:   cont.Cvss2Vector,
+					Severity: strings.ToUpper(cont.Cvss2Severity),
+				},
+			})
+		}
+	}
+
+	for _, v := range values {
+		if v.Type == RedHat {
+			return
+		}
+	}
+	// Set the CVSS v2 score of vuln that exists only in gost.
+	// Unfixed vulnerabilities detected by gost are not in OVAL, because
+	// OVAL data has only vulnerabilities for already fixed.
+	if cont, found := v.CveContents[RedHatAPI]; found {
+		values = append(values, CveContentCvss{
+			Type: RedHatAPI,
+			Value: Cvss{
+				Type:     CVSS2,
+				Score:    cont.Cvss2Score,
+				Vector:   cont.Cvss2Vector,
+				Severity: strings.ToUpper(cont.Cvss2Severity),
+			},
+		})
+	}
+
+	for _, adv := range v.DistroAdvisories {
+		if adv.Severity != "" {
+			values = append(values, CveContentCvss{
+				Type: "Advisory",
+				Value: Cvss{
+					Type:                 CVSS2,
+					Score:                severityToV2ScoreRoughly(adv.Severity),
+					CalculatedBySeverity: true,
+					Vector:               "-",
+					Severity:             strings.ToUpper(adv.Severity),
+				},
+			})
+		}
+	}
+
+	// An OVAL entry in Ubuntu and Debian has only severity (CVSS score isn't included).
+	// Show severity and dummy score calculated roughly.
+	order = append(order, AllCveContetTypes.Except(order...)...)
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found &&
+			cont.Cvss2Score == 0 &&
+			cont.Cvss3Score == 0 &&
+			cont.Cvss2Severity != "" {
+
+			values = append(values, CveContentCvss{
+				Type: cont.Type,
+				Value: Cvss{
+					Type:                 CVSS2,
+					Score:                severityToV2ScoreRoughly(cont.Cvss2Severity),
+					CalculatedBySeverity: true,
+					Vector:               "-",
+					Severity:             strings.ToUpper(cont.Cvss2Severity),
+				},
+			})
+		}
+	}
+
+	return
+}
+
+// Cvss3Scores returns CVSS V3 Score
+func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
+	order := []CveContentType{Nvd, RedHat, Jvn}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found {
+			// https://nvd.nist.gov/vuln-metrics/cvss
+			values = append(values, CveContentCvss{
+				Type: ctype,
+				Value: Cvss{
+					Type:     CVSS3,
+					Score:    cont.Cvss3Score,
+					Vector:   cont.Cvss3Vector,
+					Severity: strings.ToUpper(cont.Cvss3Severity),
+				},
+			})
+		}
+	}
+
+	for _, v := range values {
+		if v.Type == RedHat {
+			return
+		}
+	}
+
+	// Set the CVSS v3 score of vuln that exists only in gost.
+	// Unfixed vulnerabilities detected by gost are not in OVAL, because
+	// OVAL data has only vulnerabilities for already fixed.
+	if cont, found := v.CveContents[RedHatAPI]; found {
+		values = append(values, CveContentCvss{
+			Type: RedHatAPI,
+			Value: Cvss{
+				Type:     CVSS3,
+				Score:    cont.Cvss3Score,
+				Vector:   cont.Cvss3Vector,
+				Severity: strings.ToUpper(cont.Cvss3Severity),
+			},
+		})
+	}
+	return
+}
+
+// MaxCvss3Score returns Max CVSS V3 Score
+func (v VulnInfo) MaxCvss3Score() CveContentCvss {
+	order := []CveContentType{Nvd, RedHat, RedHatAPI, Jvn}
+	max := 0.0
+	value := CveContentCvss{
+		Type:  Unknown,
+		Value: Cvss{Type: CVSS3},
+	}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && max < cont.Cvss3Score {
+			// https://nvd.nist.gov/vuln-metrics/cvss
+			value = CveContentCvss{
+				Type: ctype,
+				Value: Cvss{
+					Type:     CVSS3,
+					Score:    cont.Cvss3Score,
+					Vector:   cont.Cvss3Vector,
+					Severity: strings.ToUpper(cont.Cvss3Severity),
+				},
+			}
+			max = cont.Cvss3Score
+		}
+	}
+	return value
+}
+
+// MaxCvssScore returns max CVSS Score
+// If there is no CVSS Score, return Severity as a numerical value.
+func (v VulnInfo) MaxCvssScore() CveContentCvss {
+	v3Max := v.MaxCvss3Score()
+	v2Max := v.MaxCvss2Score()
+	max := v3Max
+	if max.Type == Unknown {
+		return v2Max
+	}
+
+	if max.Value.Score < v2Max.Value.Score && !v2Max.Value.CalculatedBySeverity {
+		max = v2Max
+	}
+	return max
+}
+
+// MaxCvss2Score returns Max CVSS V2 Score
+func (v VulnInfo) MaxCvss2Score() CveContentCvss {
+	order := []CveContentType{Nvd, NvdXML, RedHat, RedHatAPI, Jvn}
+	max := 0.0
+	value := CveContentCvss{
+		Type:  Unknown,
+		Value: Cvss{Type: CVSS2},
+	}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && max < cont.Cvss2Score {
+			// https://nvd.nist.gov/vuln-metrics/cvss
+			value = CveContentCvss{
+				Type: ctype,
+				Value: Cvss{
+					Type:     CVSS2,
+					Score:    cont.Cvss2Score,
+					Vector:   cont.Cvss2Vector,
+					Severity: strings.ToUpper(cont.Cvss2Severity),
+				},
+			}
+			max = cont.Cvss2Score
+		}
+	}
+	if 0 < max {
+		return value
+	}
+
+	// If CVSS score isn't on NVD, RedHat and JVN, use OVAL and advisory Severity.
+	// Convert severity to cvss srore roughly, then returns max severity.
+	// Only Ubuntu, RedHat and Oracle have severity data in OVAL.
+	order = []CveContentType{Ubuntu, RedHat, Oracle}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Cvss2Severity) {
+			score := severityToV2ScoreRoughly(cont.Cvss2Severity)
+			if max < score {
+				value = CveContentCvss{
+					Type: ctype,
+					Value: Cvss{
+						Type:                 CVSS2,
+						Score:                score,
+						CalculatedBySeverity: true,
+						Vector:               cont.Cvss2Vector,
+						Severity:             strings.ToUpper(cont.Cvss2Severity),
+					},
+				}
+			}
+			max = score
+		}
+	}
+
+	// Only RedHat, Oracle and Amazon has severity data in advisory.
+	for _, adv := range v.DistroAdvisories {
+		if adv.Severity != "" {
+			score := severityToV2ScoreRoughly(adv.Severity)
+			if max < score {
+				value = CveContentCvss{
+					Type: "Vendor",
+					Value: Cvss{
+						Type:                 CVSS2,
+						Score:                score,
+						CalculatedBySeverity: true,
+						Vector:               "-",
+						Severity:             adv.Severity,
+					},
+				}
+			}
+		}
+	}
+	return value
+}
+
+// AttackVector returns attack vector string
+func (v VulnInfo) AttackVector() string {
+	for _, cnt := range v.CveContents {
+		if strings.HasPrefix(cnt.Cvss2Vector, "AV:N") ||
+			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:N") {
+			return "Network"
+		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:A") ||
+			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:A") {
+			return "Adjacent"
+		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:L") ||
+			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:L") {
+			return "Local"
+		} else if strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:P") {
+			return "Physical"
+		}
+	}
+	if cont, found := v.CveContents[DebianSecurityTracker]; found {
+		if attackRange, found := cont.Optional["attack range"]; found {
+			return attackRange
+		}
+	}
+	return ""
+}
+
+// PatchStatus returns attack vector string
+func (v VulnInfo) PatchStatus(packs Packages) string {
+	// Vuls don't know patch status of the CPE
+	if len(v.CpeURIs) != 0 {
+		return ""
+	}
+	for _, p := range v.AffectedPackages {
+		if p.NotFixedYet {
+			return "Unfixed"
+		}
+
+		// fast, offline mode doesn't have new version
+		if pack, ok := packs[p.Name]; ok {
+			if pack.NewVersion == "" {
+				return "Unknown"
+			}
+		}
+	}
+	return "Fixed"
+}
+
+// CveContentCvss has CVSS information
+type CveContentCvss struct {
+	Type  CveContentType `json:"type"`
+	Value Cvss           `json:"value"`
+}
+
+// CvssType Represent the type of CVSS
+type CvssType string
+
+const (
+	// CVSS2 means CVSS vesion2
+	CVSS2 CvssType = "2"
+
+	// CVSS3 means CVSS vesion3
+	CVSS3 CvssType = "3"
+)
+
+// Cvss has CVSS Score
+type Cvss struct {
+	Type                 CvssType `json:"type"`
+	Score                float64  `json:"score"`
+	CalculatedBySeverity bool     `json:"calculatedBySeverity"`
+	Vector               string   `json:"vector"`
+	Severity             string   `json:"severity"`
+}
+
+// Format CVSS Score and Vector
+func (c Cvss) Format() string {
+	if c.Score == 0 || c.Vector == "" {
+		return c.Severity
+	}
+	switch c.Type {
+	case CVSS2:
+		return fmt.Sprintf("%3.1f/%s %s", c.Score, c.Vector, c.Severity)
+	case CVSS3:
+		return fmt.Sprintf("%3.1f/%s %s", c.Score, c.Vector, c.Severity)
+	}
+	return ""
+}
+
+func cvss2ScoreToSeverity(score float64) string {
+	if 7.0 <= score {
+		return "HIGH"
+	} else if 4.0 <= score {
+		return "MEDIUM"
+	}
+	return "LOW"
+}
+
+// Amazon Linux Security Advisory
+// Critical, Important, Medium, Low
+// https://alas.aws.amazon.com/
+//
+// RedHat, Oracle OVAL
+// Critical, Important, Moderate, Low
+// https://access.redhat.com/security/updates/classification
+//
+// Ubuntu OVAL
+// Critical, High, Medium, Low
+// https://wiki.ubuntu.com/Bugs/Importance
+// https://people.canonical.com/~ubuntu-security/cve/priority.html
+func severityToV2ScoreRoughly(severity string) float64 {
+	switch strings.ToUpper(severity) {
+	case "CRITICAL":
+		return 10.0
+	case "IMPORTANT", "HIGH":
+		return 8.9
+	case "MODERATE", "MEDIUM":
+		return 6.9
+	case "LOW":
+		return 3.9
+	}
+	return 0
+}
+
+// FormatMaxCvssScore returns Max CVSS Score
+func (v VulnInfo) FormatMaxCvssScore() string {
+	max := v.MaxCvssScore()
+	return fmt.Sprintf("%3.1f %s (%s)",
+		max.Value.Score,
+		strings.ToUpper(max.Value.Severity),
+		max.Type)
+}
+
+// Cvss2CalcURL returns CVSS v2 caluclator's URL
+func (v VulnInfo) Cvss2CalcURL() string {
+	return "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=" + v.CveID
+}
+
+// Cvss3CalcURL returns CVSS v3 caluclator's URL
+func (v VulnInfo) Cvss3CalcURL() string {
+	return "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=" + v.CveID
+}
+
+// VendorLinks returns links of vendor support's URL
+func (v VulnInfo) VendorLinks(family string) map[string]string {
+	links := map[string]string{}
+	switch family {
+	case config.RedHat, config.CentOS:
+		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
+		for _, advisory := range v.DistroAdvisories {
+			aidURL := strings.Replace(advisory.AdvisoryID, ":", "-", -1)
+			links[advisory.AdvisoryID] = fmt.Sprintf("https://rhn.redhat.com/errata/%s.html", aidURL)
+		}
+		return links
+	case config.Oracle:
+		links["Oracle-CVE"] = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", v.CveID)
+		for _, advisory := range v.DistroAdvisories {
+			links[advisory.AdvisoryID] =
+				fmt.Sprintf("https://linux.oracle.com/errata/%s.html", advisory.AdvisoryID)
+		}
+		return links
+	case config.Amazon:
+		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
+		for _, advisory := range v.DistroAdvisories {
+			links[advisory.AdvisoryID] =
+				fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
+		}
+		return links
+	case config.Ubuntu:
+		links["Ubuntu-CVE"] = "http://people.ubuntu.com/~ubuntu-security/cve/" + v.CveID
+		return links
+	case config.Debian:
+		links["Debian-CVE"] = "https://security-tracker.debian.org/tracker/" + v.CveID
+	case config.SUSEEnterpriseServer:
+		links["SUSE-CVE"] = "https://www.suse.com/security/cve/" + v.CveID
+	case config.FreeBSD:
+		for _, advisory := range v.DistroAdvisories {
+			links["FreeBSD-VuXML"] = fmt.Sprintf("https://vuxml.freebsd.org/freebsd/%s.html", advisory.AdvisoryID)
+
+		}
+		return links
+	}
+	return links
+}
+
+// DistroAdvisory has Amazon Linux, RHEL, FreeBSD Security Advisory information.
+type DistroAdvisory struct {
+	AdvisoryID  string    `json:"advisoryID"`
+	Severity    string    `json:"severity"`
+	Issued      time.Time `json:"issued"`
+	Updated     time.Time `json:"updated"`
+	Description string    `json:"description"`
+}
+
+// Format the distro advisory information
+func (p DistroAdvisory) Format() string {
+	if p.AdvisoryID == "" {
+		return ""
+	}
+
+	var delim bytes.Buffer
+	for i := 0; i < len(p.AdvisoryID); i++ {
+		delim.WriteString("-")
+	}
+	buf := []string{p.AdvisoryID, delim.String(), p.Description}
+	return strings.Join(buf, "\n")
+}
+
+// Exploit :
+type Exploit struct {
+	ExploitType  exploitmodels.ExploitType `json:"exploitType"`
+	ID           string                    `json:"id"`
+	URL          string                    `json:"url"`
+	Description  string                    `json:"description"`
+	DocumentURL  *string                   `json:"documentURL,omitempty"`
+	PaperURL     *string                   `json:"paperURL,omitempty"`
+	ShellCodeURL *string                   `json:"shellCodeURL,omitempty"`
+	BinaryURL    *string                   `json:"binaryURL,omitempty"`
+}
+
+// Confidences is a list of Confidence
+type Confidences []Confidence
+
+// AppendIfMissing appends confidence to the list if missiong
+func (cs *Confidences) AppendIfMissing(confidence Confidence) {
+	for _, c := range *cs {
+		if c.DetectionMethod == confidence.DetectionMethod {
+			return
+		}
+	}
+	*cs = append(*cs, confidence)
+}
+
+// SortByConfident sorts Confidences
+func (cs Confidences) SortByConfident() Confidences {
+	sort.Slice(cs, func(i, j int) bool {
+		return cs[i].SortOrder < cs[j].SortOrder
+	})
+	return cs
+}
+
+// Confidence is a ranking how confident the CVE-ID was deteted correctly
+// Score: 0 - 100
+type Confidence struct {
+	Score           int             `json:"score"`
+	DetectionMethod DetectionMethod `json:"detectionMethod"`
+	SortOrder       int             `json:"-"`
+}
+
+func (c Confidence) String() string {
+	return fmt.Sprintf("%d / %s", c.Score, c.DetectionMethod)
+}
+
+// DetectionMethod indicates
+// - How to detect the CveID
+// - How to get the changelog difference between installed and candidate version
+type DetectionMethod string
+
+const (
+	// CpeNameMatchStr is a String representation of CpeNameMatch
+	CpeNameMatchStr = "CpeNameMatch"
+
+	// YumUpdateSecurityMatchStr is a String representation of YumUpdateSecurityMatch
+	YumUpdateSecurityMatchStr = "YumUpdateSecurityMatch"
+
+	// PkgAuditMatchStr is a String representation of PkgAuditMatch
+	PkgAuditMatchStr = "PkgAuditMatch"
+
+	// OvalMatchStr is a String representation of OvalMatch
+	OvalMatchStr = "OvalMatch"
+
+	// RedHatAPIStr is a String representation of RedHatAPIMatch
+	RedHatAPIStr = "RedHatAPIMatch"
+
+	// DebianSecurityTrackerMatchStr is a String representation of DebianSecurityTrackerMatch
+	DebianSecurityTrackerMatchStr = "DebianSecurityTrackerMatch"
+
+	// ChangelogExactMatchStr is a String representation of ChangelogExactMatch
+	ChangelogExactMatchStr = "ChangelogExactMatch"
+
+	// ChangelogLenientMatchStr is a String representation of ChangelogLenientMatch
+	ChangelogLenientMatchStr = "ChangelogLenientMatch"
+
+	// FailedToGetChangelog is a String representation of FailedToGetChangelog
+	FailedToGetChangelog = "FailedToGetChangelog"
+
+	// FailedToFindVersionInChangelog is a String representation of FailedToFindVersionInChangelog
+	FailedToFindVersionInChangelog = "FailedToFindVersionInChangelog"
+)
+
+var (
+	// CpeNameMatch is a ranking how confident the CVE-ID was deteted correctly
+	CpeNameMatch = Confidence{100, CpeNameMatchStr, 1}
+
+	// YumUpdateSecurityMatch is a ranking how confident the CVE-ID was deteted correctly
+	YumUpdateSecurityMatch = Confidence{100, YumUpdateSecurityMatchStr, 2}
+
+	// PkgAuditMatch is a ranking how confident the CVE-ID was deteted correctly
+	PkgAuditMatch = Confidence{100, PkgAuditMatchStr, 2}
+
+	// OvalMatch is a ranking how confident the CVE-ID was deteted correctly
+	OvalMatch = Confidence{100, OvalMatchStr, 0}
+
+	// RedHatAPIMatch ranking how confident the CVE-ID was deteted correctly
+	RedHatAPIMatch = Confidence{100, RedHatAPIStr, 0}
+
+	// DebianSecurityTrackerMatch ranking how confident the CVE-ID was deteted correctly
+	DebianSecurityTrackerMatch = Confidence{100, DebianSecurityTrackerMatchStr, 0}
+
+	// ChangelogExactMatch is a ranking how confident the CVE-ID was deteted correctly
+	ChangelogExactMatch = Confidence{95, ChangelogExactMatchStr, 3}
+
+	// ChangelogLenientMatch is a ranking how confident the CVE-ID was deteted correctly
+	ChangelogLenientMatch = Confidence{50, ChangelogLenientMatchStr, 4}
+)
--- a/models/vulninfos_test.go
+++ b/models/vulninfos_test.go
--- a/oval/alpine.go
+++ b/oval/alpine.go
@@ -0,0 +1,74 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+)
+
+// Alpine is the struct of Alpine Linux
+type Alpine struct {
+	Base
+}
+
+// NewAlpine creates OVAL client for SUSE
+func NewAlpine() Alpine {
+	return Alpine{
+		Base{
+			family: config.Alpine,
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o Alpine) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var relatedDefs ovalResult
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+	for _, defPacks := range relatedDefs.entries {
+		o.update(r, defPacks)
+	}
+
+	return len(relatedDefs.entries), nil
+}
+
+func (o Alpine) update(r *models.ScanResult, defPacks defPacks) {
+	cveID := defPacks.def.Advisory.Cves[0].CveID
+	vinfo, ok := r.ScannedCves[cveID]
+	if !ok {
+		util.Log.Debugf("%s is newly detected by OVAL", cveID)
+		vinfo = models.VulnInfo{
+			CveID:       cveID,
+			Confidences: []models.Confidence{models.OvalMatch},
+		}
+	}
+
+	vinfo.AffectedPackages = defPacks.toPackStatuses()
+	vinfo.AffectedPackages.Sort()
+	r.ScannedCves[cveID] = vinfo
+}
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -0,0 +1,284 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+// DebianBase is the base struct of Debian and Ubuntu
+type DebianBase struct {
+	Base
+}
+
+func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
+	ovalContent := *o.convertToModel(&defPacks.def)
+	ovalContent.Type = models.NewCveContentType(o.family)
+	vinfo, ok := r.ScannedCves[defPacks.def.Debian.CveID]
+	if !ok {
+		util.Log.Debugf("%s is newly detected by OVAL", defPacks.def.Debian.CveID)
+		vinfo = models.VulnInfo{
+			CveID:       defPacks.def.Debian.CveID,
+			Confidences: []models.Confidence{models.OvalMatch},
+			CveContents: models.NewCveContents(ovalContent),
+		}
+	} else {
+		cveContents := vinfo.CveContents
+		ctype := models.NewCveContentType(o.family)
+		if _, ok := vinfo.CveContents[ctype]; ok {
+			util.Log.Debugf("%s OVAL will be overwritten",
+				defPacks.def.Debian.CveID)
+		} else {
+			util.Log.Debugf("%s is also detected by OVAL",
+				defPacks.def.Debian.CveID)
+			cveContents = models.CveContents{}
+		}
+		vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+		cveContents[ctype] = ovalContent
+		vinfo.CveContents = cveContents
+	}
+
+	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+	for _, pack := range vinfo.AffectedPackages {
+		defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+	}
+
+	// update notFixedYet of SrcPackage
+	for binName := range defPacks.actuallyAffectedPackNames {
+		if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok {
+			for _, p := range defPacks.def.AffectedPacks {
+				if p.Name == srcPack.Name {
+					defPacks.actuallyAffectedPackNames[binName] = p.NotFixedYet
+				}
+			}
+		}
+	}
+
+	vinfo.AffectedPackages = defPacks.toPackStatuses()
+	vinfo.AffectedPackages.Sort()
+	r.ScannedCves[defPacks.def.Debian.CveID] = vinfo
+}
+
+func (o DebianBase) convertToModel(def *ovalmodels.Definition) *models.CveContent {
+	var refs []models.Reference
+	for _, r := range def.References {
+		refs = append(refs, models.Reference{
+			Link:   r.RefURL,
+			Source: r.Source,
+			RefID:  r.RefID,
+		})
+	}
+
+	return &models.CveContent{
+		CveID:         def.Debian.CveID,
+		Title:         def.Title,
+		Summary:       def.Description,
+		Cvss2Severity: def.Advisory.Severity,
+		References:    refs,
+	}
+}
+
+// Debian is the interface for Debian OVAL
+type Debian struct {
+	DebianBase
+}
+
+// NewDebian creates OVAL client for Debian
+func NewDebian() Debian {
+	return Debian{
+		DebianBase{
+			Base{
+				family: config.Debian,
+			},
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+
+	//Debian's uname gives both of kernel release(uname -r), version(kernel-image version)
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+
+	// Add linux and set the version of running kernel to search OVAL.
+	if r.Container.ContainerID == "" {
+		newVer := ""
+		if p, ok := r.Packages[linuxImage]; ok {
+			newVer = p.NewVersion
+		}
+		r.Packages["linux"] = models.Package{
+			Name:       "linux",
+			Version:    r.RunningKernel.Version,
+			NewVersion: newVer,
+		}
+	}
+
+	var relatedDefs ovalResult
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+
+	delete(r.Packages, "linux")
+
+	for _, defPacks := range relatedDefs.entries {
+		// Remove "linux" added above for oval search
+		// linux is not a real package name (key of affected packages in OVAL)
+		if notFixedYet, ok := defPacks.actuallyAffectedPackNames["linux"]; ok {
+			defPacks.actuallyAffectedPackNames[linuxImage] = notFixedYet
+			delete(defPacks.actuallyAffectedPackNames, "linux")
+			for i, p := range defPacks.def.AffectedPacks {
+				if p.Name == "linux" {
+					p.Name = linuxImage
+					defPacks.def.AffectedPacks[i] = p
+				}
+			}
+		}
+
+		o.update(r, defPacks)
+	}
+
+	for _, vuln := range r.ScannedCves {
+		if cont, ok := vuln.CveContents[models.Debian]; ok {
+			cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
+			vuln.CveContents[models.Debian] = cont
+		}
+	}
+	return len(relatedDefs.entries), nil
+}
+
+// Ubuntu is the interface for Debian OVAL
+type Ubuntu struct {
+	DebianBase
+}
+
+// NewUbuntu creates OVAL client for Debian
+func NewUbuntu() Ubuntu {
+	return Ubuntu{
+		DebianBase{
+			Base{
+				family: config.Ubuntu,
+			},
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	ovalKernelImageNames := []string{
+		"linux-aws",
+		"linux-azure",
+		"linux-flo",
+		"linux-gcp",
+		"linux-gke",
+		"linux-goldfish",
+		"linux-hwe",
+		"linux-hwe-edge",
+		"linux-kvm",
+		"linux-mako",
+		"linux-raspi2",
+		"linux-snapdragon",
+	}
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+
+	found := false
+	if r.Container.ContainerID == "" {
+		for _, n := range ovalKernelImageNames {
+			if _, ok := r.Packages[n]; ok {
+				v, ok := r.Packages[linuxImage]
+				if ok {
+					// Set running kernel version
+					p := r.Packages[n]
+					p.Version = v.Version
+					p.NewVersion = v.NewVersion
+					r.Packages[n] = p
+				} else {
+					util.Log.Warnf("Running kernel image %s is not found: %s",
+						linuxImage, r.RunningKernel.Version)
+				}
+				found = true
+				break
+			}
+		}
+
+		if !found {
+			// linux-generic is described as "linux" in Ubuntu's oval.
+			// Add "linux" and set the version of running kernel to search OVAL.
+			v, ok := r.Packages[linuxImage]
+			if ok {
+				r.Packages["linux"] = models.Package{
+					Name:       "linux",
+					Version:    v.Version,
+					NewVersion: v.NewVersion,
+				}
+			} else {
+				util.Log.Warnf("%s is not found. Running: %s",
+					linuxImage, r.RunningKernel.Release)
+			}
+		}
+	}
+
+	var relatedDefs ovalResult
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+
+	if !found {
+		delete(r.Packages, "linux")
+	}
+
+	for _, defPacks := range relatedDefs.entries {
+		// Remove "linux" added above to search for oval
+		// "linux" is not a real package name (key of affected packages in OVAL)
+		if _, ok := defPacks.actuallyAffectedPackNames["linux"]; !found && ok {
+			defPacks.actuallyAffectedPackNames[linuxImage] = true
+			delete(defPacks.actuallyAffectedPackNames, "linux")
+			for i, p := range defPacks.def.AffectedPacks {
+				if p.Name == "linux" {
+					p.Name = linuxImage
+					defPacks.def.AffectedPacks[i] = p
+				}
+			}
+		}
+
+		o.update(r, defPacks)
+	}
+
+	for _, vuln := range r.ScannedCves {
+		if cont, ok := vuln.CveContents[models.Ubuntu]; ok {
+			cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
+			vuln.CveContents[models.Ubuntu] = cont
+		}
+	}
+	return len(relatedDefs.entries), nil
+}
--- a/oval/debian_test.go
+++ b/oval/debian_test.go
@@ -0,0 +1,79 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package oval
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+func TestPackNamesOfUpdateDebian(t *testing.T) {
+	var tests = []struct {
+		in       models.ScanResult
+		defPacks defPacks
+		out      models.ScanResult
+	}{
+		{
+			in: models.ScanResult{
+				ScannedCves: models.VulnInfos{
+					"CVE-2000-1000": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							{Name: "packA"},
+							{Name: "packC"},
+						},
+					},
+				},
+			},
+			defPacks: defPacks{
+				def: ovalmodels.Definition{
+					Debian: ovalmodels.Debian{
+						CveID: "CVE-2000-1000",
+					},
+				},
+				actuallyAffectedPackNames: map[string]bool{
+					"packB": true,
+				},
+			},
+			out: models.ScanResult{
+				ScannedCves: models.VulnInfos{
+					"CVE-2000-1000": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							{Name: "packA"},
+							{Name: "packB", NotFixedYet: true},
+							{Name: "packC"},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	util.Log = util.NewCustomLogger(config.ServerInfo{})
+	for i, tt := range tests {
+		Debian{}.update(&tt.in, tt.defPacks)
+		e := tt.out.ScannedCves["CVE-2000-1000"].AffectedPackages
+		a := tt.in.ScannedCves["CVE-2000-1000"].AffectedPackages
+		if !reflect.DeepEqual(a, e) {
+			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
+		}
+	}
+}
--- a/oval/oval.go
+++ b/oval/oval.go
@@ -0,0 +1,120 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+	"github.com/parnurzeal/gorequest"
+)
+
+// Client is the interface of OVAL client.
+type Client interface {
+	CheckHTTPHealth() error
+	FillWithOval(db.DB, *models.ScanResult) (int, error)
+
+	// CheckIfOvalFetched checks if oval entries are in DB by family, release.
+	CheckIfOvalFetched(db.DB, string, string) (bool, error)
+	CheckIfOvalFresh(db.DB, string, string) (bool, error)
+}
+
+// Base is a base struct
+type Base struct {
+	family string
+}
+
+// CheckHTTPHealth do health check
+func (b Base) CheckHTTPHealth() error {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.OvalDict.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return fmt.Errorf("Failed to request to OVAL server. url: %s, errs: %v",
+			url, errs)
+	}
+	return nil
+}
+
+// CheckIfOvalFetched checks if oval entries are in DB by family, release.
+func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
+		count, err := driver.CountDefs(osFamily, release)
+		if err != nil {
+			return false, fmt.Errorf("Failed to count OVAL defs: %s, %s, %v",
+				osFamily, release, err)
+		}
+		return 0 < count, nil
+	}
+
+	url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "count", osFamily, release)
+	resp, body, errs := gorequest.New().Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return false, fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+			errs, url, resp)
+	}
+	count := 0
+	if err := json.Unmarshal([]byte(body), &count); err != nil {
+		return false, fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
+			body, err)
+	}
+	return 0 < count, nil
+}
+
+// CheckIfOvalFresh checks if oval entries are fresh enough
+func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, err error) {
+	var lastModified time.Time
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
+		lastModified = driver.GetLastModified(osFamily, release)
+	} else {
+		url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release)
+		resp, body, errs := gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			return false, fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
+		}
+
+		if err := json.Unmarshal([]byte(body), &lastModified); err != nil {
+			return false, fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
+				body, err)
+		}
+	}
+
+	since := time.Now()
+	since = since.AddDate(0, 0, -3)
+	if lastModified.Before(since) {
+		util.Log.Warnf("OVAL for %s %s is old, last modified is %s. It's recommended to update OVAL to improve scanning accuracy. How to update OVAL database, see https://github.com/kotakanbe/goval-dictionary#usage",
+			osFamily, release, lastModified)
+		return false, nil
+	}
+	util.Log.Infof("OVAL is fresh: %s %s ", osFamily, release)
+	return true, nil
+}
--- a/oval/redhat.go
+++ b/oval/redhat.go
@@ -0,0 +1,278 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+// RedHatBase is the base struct for RedHat and CentOS
+type RedHatBase struct {
+	Base
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o RedHatBase) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var relatedDefs ovalResult
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+
+	for _, defPacks := range relatedDefs.entries {
+		nCVEs += o.update(r, defPacks)
+	}
+
+	for _, vuln := range r.ScannedCves {
+		switch models.NewCveContentType(o.family) {
+		case models.RedHat:
+			if cont, ok := vuln.CveContents[models.RedHat]; ok {
+				cont.SourceLink = "https://access.redhat.com/security/cve/" + cont.CveID
+				vuln.CveContents[models.RedHat] = cont
+			}
+		case models.Oracle:
+			if cont, ok := vuln.CveContents[models.Oracle]; ok {
+				cont.SourceLink = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", cont.CveID)
+				vuln.CveContents[models.Oracle] = cont
+			}
+		}
+	}
+
+	return nCVEs, nil
+}
+
+var kernelRelatedPackNames = map[string]bool{
+	"kernel":                  true,
+	"kernel-aarch64":          true,
+	"kernel-abi-whitelists":   true,
+	"kernel-bootwrapper":      true,
+	"kernel-debug":            true,
+	"kernel-debug-devel":      true,
+	"kernel-devel":            true,
+	"kernel-doc":              true,
+	"kernel-headers":          true,
+	"kernel-kdump":            true,
+	"kernel-kdump-devel":      true,
+	"kernel-rt":               true,
+	"kernel-rt-debug":         true,
+	"kernel-rt-debug-devel":   true,
+	"kernel-rt-debug-kvm":     true,
+	"kernel-rt-devel":         true,
+	"kernel-rt-doc":           true,
+	"kernel-rt-kvm":           true,
+	"kernel-rt-trace":         true,
+	"kernel-rt-trace-devel":   true,
+	"kernel-rt-trace-kvm":     true,
+	"kernel-rt-virt":          true,
+	"kernel-rt-virt-devel":    true,
+	"kernel-tools":            true,
+	"kernel-tools-libs":       true,
+	"kernel-tools-libs-devel": true,
+	"perf":                    true,
+	"python-perf":             true,
+}
+
+func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int) {
+	ctype := models.NewCveContentType(o.family)
+	for _, cve := range defPacks.def.Advisory.Cves {
+		ovalContent := *o.convertToModel(cve.CveID, &defPacks.def)
+		vinfo, ok := r.ScannedCves[cve.CveID]
+		if !ok {
+			util.Log.Debugf("%s is newly detected by OVAL", cve.CveID)
+			vinfo = models.VulnInfo{
+				CveID:       cve.CveID,
+				Confidences: models.Confidences{models.OvalMatch},
+				CveContents: models.NewCveContents(ovalContent),
+			}
+			nCVEs++
+		} else {
+			cveContents := vinfo.CveContents
+			if v, ok := vinfo.CveContents[ctype]; ok {
+				if v.LastModified.After(ovalContent.LastModified) {
+					util.Log.Debugf("%s, OvalID: %d ignroed: ",
+						cve.CveID, defPacks.def.ID)
+					continue
+				} else {
+					util.Log.Debugf("%s OVAL will be overwritten", cve.CveID)
+				}
+			} else {
+				util.Log.Debugf("%s also detected by OVAL", cve.CveID)
+				cveContents = models.CveContents{}
+			}
+
+			vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+			cveContents[ctype] = ovalContent
+			vinfo.CveContents = cveContents
+		}
+
+		// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+		for _, pack := range vinfo.AffectedPackages {
+			if nfy, ok := defPacks.actuallyAffectedPackNames[pack.Name]; !ok {
+				defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+			} else if nfy {
+				defPacks.actuallyAffectedPackNames[pack.Name] = true
+			}
+		}
+		vinfo.AffectedPackages = defPacks.toPackStatuses()
+		vinfo.AffectedPackages.Sort()
+		r.ScannedCves[cve.CveID] = vinfo
+	}
+	return
+}
+
+func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *models.CveContent {
+	for _, cve := range def.Advisory.Cves {
+		if cve.CveID != cveID {
+			continue
+		}
+		var refs []models.Reference
+		for _, r := range def.References {
+			refs = append(refs, models.Reference{
+				Link:   r.RefURL,
+				Source: r.Source,
+				RefID:  r.RefID,
+			})
+		}
+
+		score2, vec2 := o.parseCvss2(cve.Cvss2)
+		score3, vec3 := o.parseCvss3(cve.Cvss3)
+
+		severity := def.Advisory.Severity
+		if cve.Impact != "" {
+			severity = cve.Impact
+		}
+
+		sev2, sev3 := "", ""
+		if score2 != 0 {
+			sev2 = severity
+		}
+		if score3 != 0 {
+			sev3 = severity
+		}
+
+		// CWE-ID in RedHat OVAL may have multiple cweIDs separated by space
+		cwes := strings.Fields(cve.Cwe)
+
+		return &models.CveContent{
+			Type:          models.NewCveContentType(o.family),
+			CveID:         cve.CveID,
+			Title:         def.Title,
+			Summary:       def.Description,
+			Cvss2Score:    score2,
+			Cvss2Vector:   vec2,
+			Cvss2Severity: sev2,
+			Cvss3Score:    score3,
+			Cvss3Vector:   vec3,
+			Cvss3Severity: sev3,
+			References:    refs,
+			CweIDs:        cwes,
+			Published:     def.Advisory.Issued,
+			LastModified:  def.Advisory.Updated,
+		}
+	}
+	return nil
+}
+
+// ParseCvss2 divide CVSSv2 string into score and vector
+// 5/AV:N/AC:L/Au:N/C:N/I:N/A:P
+func (o RedHatBase) parseCvss2(scoreVector string) (score float64, vector string) {
+	var err error
+	ss := strings.Split(scoreVector, "/")
+	if 1 < len(ss) {
+		if score, err = strconv.ParseFloat(ss[0], 64); err != nil {
+			return 0, ""
+		}
+		return score, strings.Join(ss[1:], "/")
+	}
+	return 0, ""
+}
+
+// ParseCvss3 divide CVSSv3 string into score and vector
+// 5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
+func (o RedHatBase) parseCvss3(scoreVector string) (score float64, vector string) {
+	var err error
+	ss := strings.Split(scoreVector, "/CVSS:3.0/")
+	if 1 < len(ss) {
+		if score, err = strconv.ParseFloat(ss[0], 64); err != nil {
+			return 0, ""
+		}
+		return score, fmt.Sprintf("CVSS:3.0/%s", ss[1])
+	}
+	return 0, ""
+}
+
+// RedHat is the interface for RedhatBase OVAL
+type RedHat struct {
+	RedHatBase
+}
+
+// NewRedhat creates OVAL client for Redhat
+func NewRedhat() RedHat {
+	return RedHat{
+		RedHatBase{
+			Base{
+				family: config.RedHat,
+			},
+		},
+	}
+}
+
+// CentOS is the interface for CentOS OVAL
+type CentOS struct {
+	RedHatBase
+}
+
+// NewCentOS creates OVAL client for CentOS
+func NewCentOS() CentOS {
+	return CentOS{
+		RedHatBase{
+			Base{
+				family: config.CentOS,
+			},
+		},
+	}
+}
+
+// Oracle is the interface for Oracle OVAL
+type Oracle struct {
+	RedHatBase
+}
+
+// NewOracle creates OVAL client for Oracle
+func NewOracle() Oracle {
+	return Oracle{
+		RedHatBase{
+			Base{
+				family: config.Oracle,
+			},
+		},
+	}
+}
--- a/oval/redhat_test.go
+++ b/oval/redhat_test.go
@@ -0,0 +1,148 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package oval
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+func TestParseCvss2(t *testing.T) {
+	type out struct {
+		score  float64
+		vector string
+	}
+	var tests = []struct {
+		in  string
+		out out
+	}{
+		{
+			in: "5/AV:N/AC:L/Au:N/C:N/I:N/A:P",
+			out: out{
+				score:  5.0,
+				vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+			},
+		},
+		{
+			in: "",
+			out: out{
+				score:  0,
+				vector: "",
+			},
+		},
+	}
+	for _, tt := range tests {
+		s, v := RedHatBase{}.parseCvss2(tt.in)
+		if s != tt.out.score || v != tt.out.vector {
+			t.Errorf("\nexpected: %f, %s\n  actual: %f, %s",
+				tt.out.score, tt.out.vector, s, v)
+		}
+	}
+}
+
+func TestParseCvss3(t *testing.T) {
+	type out struct {
+		score  float64
+		vector string
+	}
+	var tests = []struct {
+		in  string
+		out out
+	}{
+		{
+			in: "5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+			out: out{
+				score:  5.6,
+				vector: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+			},
+		},
+		{
+			in: "",
+			out: out{
+				score:  0,
+				vector: "",
+			},
+		},
+	}
+	for _, tt := range tests {
+		s, v := RedHatBase{}.parseCvss3(tt.in)
+		if s != tt.out.score || v != tt.out.vector {
+			t.Errorf("\nexpected: %f, %s\n  actual: %f, %s",
+				tt.out.score, tt.out.vector, s, v)
+		}
+	}
+}
+
+func TestPackNamesOfUpdate(t *testing.T) {
+	var tests = []struct {
+		in       models.ScanResult
+		defPacks defPacks
+		out      models.ScanResult
+	}{
+		{
+			in: models.ScanResult{
+				ScannedCves: models.VulnInfos{
+					"CVE-2000-1000": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							{Name: "packA"},
+							{Name: "packB", NotFixedYet: false},
+						},
+					},
+				},
+			},
+			defPacks: defPacks{
+				def: ovalmodels.Definition{
+					Advisory: ovalmodels.Advisory{
+						Cves: []ovalmodels.Cve{
+							{
+								CveID: "CVE-2000-1000",
+							},
+						},
+					},
+				},
+				actuallyAffectedPackNames: map[string]bool{
+					"packB": true,
+				},
+			},
+			out: models.ScanResult{
+				ScannedCves: models.VulnInfos{
+					"CVE-2000-1000": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							{Name: "packA"},
+							{Name: "packB", NotFixedYet: true},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	util.Log = util.NewCustomLogger(config.ServerInfo{})
+	for i, tt := range tests {
+		RedHat{}.update(&tt.in, tt.defPacks)
+		e := tt.out.ScannedCves["CVE-2000-1000"].AffectedPackages
+		a := tt.in.ScannedCves["CVE-2000-1000"].AffectedPackages
+		if !reflect.DeepEqual(a, e) {
+			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
+		}
+	}
+}
--- a/oval/suse.go
+++ b/oval/suse.go
@@ -0,0 +1,118 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+// SUSE is the struct of SUSE Linux
+type SUSE struct {
+	Base
+}
+
+// NewSUSE creates OVAL client for SUSE
+func NewSUSE() SUSE {
+	// TODO implement other family
+	return SUSE{
+		Base{
+			family: config.SUSEEnterpriseServer,
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o SUSE) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var relatedDefs ovalResult
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+	for _, defPacks := range relatedDefs.entries {
+		o.update(r, defPacks)
+	}
+
+	for _, vuln := range r.ScannedCves {
+		if cont, ok := vuln.CveContents[models.SUSE]; ok {
+			cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
+			vuln.CveContents[models.SUSE] = cont
+		}
+	}
+	return len(relatedDefs.entries), nil
+}
+
+func (o SUSE) update(r *models.ScanResult, defPacks defPacks) {
+	ovalContent := *o.convertToModel(&defPacks.def)
+	ovalContent.Type = models.NewCveContentType(o.family)
+	vinfo, ok := r.ScannedCves[defPacks.def.Title]
+	if !ok {
+		util.Log.Debugf("%s is newly detected by OVAL", defPacks.def.Title)
+		vinfo = models.VulnInfo{
+			CveID:       defPacks.def.Title,
+			Confidences: models.Confidences{models.OvalMatch},
+			CveContents: models.NewCveContents(ovalContent),
+		}
+	} else {
+		cveContents := vinfo.CveContents
+		ctype := models.NewCveContentType(o.family)
+		if _, ok := vinfo.CveContents[ctype]; ok {
+			util.Log.Debugf("%s OVAL will be overwritten", defPacks.def.Title)
+		} else {
+			util.Log.Debugf("%s is also detected by OVAL", defPacks.def.Title)
+			cveContents = models.CveContents{}
+		}
+		vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+		cveContents[ctype] = ovalContent
+		vinfo.CveContents = cveContents
+	}
+
+	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+	for _, pack := range vinfo.AffectedPackages {
+		defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+	}
+	vinfo.AffectedPackages = defPacks.toPackStatuses()
+	vinfo.AffectedPackages.Sort()
+	r.ScannedCves[defPacks.def.Title] = vinfo
+}
+
+func (o SUSE) convertToModel(def *ovalmodels.Definition) *models.CveContent {
+	var refs []models.Reference
+	for _, r := range def.References {
+		refs = append(refs, models.Reference{
+			Link:   r.RefURL,
+			Source: r.Source,
+			RefID:  r.RefID,
+		})
+	}
+
+	return &models.CveContent{
+		CveID:      def.Title,
+		Title:      def.Title,
+		Summary:    def.Description,
+		References: refs,
+	}
+}
--- a/oval/util.go
+++ b/oval/util.go
@@ -0,0 +1,353 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	debver "github.com/knqyf263/go-deb-version"
+	rpmver "github.com/knqyf263/go-rpm-version"
+	"github.com/kotakanbe/goval-dictionary/db"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+	"github.com/parnurzeal/gorequest"
+)
+
+type ovalResult struct {
+	entries []defPacks
+}
+
+type defPacks struct {
+	def ovalmodels.Definition
+
+	// BinaryPackageName : NotFixedYet
+	actuallyAffectedPackNames map[string]bool
+}
+
+func (e defPacks) toPackStatuses() (ps models.PackageStatuses) {
+	for name, notFixedYet := range e.actuallyAffectedPackNames {
+		ps = append(ps, models.PackageStatus{
+			Name:        name,
+			NotFixedYet: notFixedYet,
+		})
+	}
+	return
+}
+
+func (e *ovalResult) upsert(def ovalmodels.Definition, packName string, notFixedYet bool) (upserted bool) {
+	// alpine's entry is empty since Alpine secdb is not OVAL format
+	if def.DefinitionID != "" {
+		for i, entry := range e.entries {
+			if entry.def.DefinitionID == def.DefinitionID {
+				e.entries[i].actuallyAffectedPackNames[packName] = notFixedYet
+				return true
+			}
+		}
+	}
+	e.entries = append(e.entries, defPacks{
+		def:                       def,
+		actuallyAffectedPackNames: map[string]bool{packName: notFixedYet},
+	})
+
+	return false
+}
+
+type request struct {
+	packName          string
+	versionRelease    string
+	NewVersionRelease string
+	binaryPackNames   []string
+	isSrcPack         bool
+}
+
+type response struct {
+	request request
+	defs    []ovalmodels.Definition
+}
+
+// getDefsByPackNameViaHTTP fetches OVAL information via HTTP
+func getDefsByPackNameViaHTTP(r *models.ScanResult) (
+	relatedDefs ovalResult, err error) {
+
+	nReq := len(r.Packages) + len(r.SrcPackages)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, pack := range r.Packages {
+			reqChan <- request{
+				packName:          pack.Name,
+				versionRelease:    pack.FormatVer(),
+				NewVersionRelease: pack.FormatVer(),
+				isSrcPack:         false,
+			}
+		}
+		for _, pack := range r.SrcPackages {
+			reqChan <- request{
+				packName:        pack.Name,
+				binaryPackNames: pack.BinaryNames,
+				versionRelease:  pack.Version,
+				isSrcPack:       true,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					config.Conf.OvalDict.URL,
+					"packs",
+					r.Family,
+					r.Release,
+					req.packName,
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			for _, def := range res.defs {
+				affected, notFixedYet := isOvalDefAffected(def, res.request, r.Family, r.RunningKernel)
+				if !affected {
+					continue
+				}
+
+				if res.request.isSrcPack {
+					for _, n := range res.request.binaryPackNames {
+						relatedDefs.upsert(def, n, false)
+					}
+				} else {
+					relatedDefs.upsert(def, res.request.packName, notFixedYet)
+				}
+			}
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return relatedDefs, fmt.Errorf("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return relatedDefs, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+	}
+	return
+}
+
+func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- fmt.Errorf("HTTP Error %s", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- fmt.Errorf("HRetry count exceeded")
+		return
+	}
+
+	defs := []ovalmodels.Definition{}
+	if err := json.Unmarshal([]byte(body), &defs); err != nil {
+		errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
+			body, err)
+		return
+	}
+	resChan <- response{
+		request: req,
+		defs:    defs,
+	}
+}
+
+func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDefs ovalResult, err error) {
+	requests := []request{}
+	for _, pack := range r.Packages {
+		requests = append(requests, request{
+			packName:          pack.Name,
+			versionRelease:    pack.FormatVer(),
+			NewVersionRelease: pack.FormatNewVer(),
+			isSrcPack:         false,
+		})
+	}
+	for _, pack := range r.SrcPackages {
+		requests = append(requests, request{
+			packName:        pack.Name,
+			binaryPackNames: pack.BinaryNames,
+			versionRelease:  pack.Version,
+			isSrcPack:       true,
+		})
+	}
+
+	for _, req := range requests {
+		definitions, err := driver.GetByPackName(r.Release, req.packName)
+		if err != nil {
+			return relatedDefs, fmt.Errorf("Failed to get %s OVAL info by package: %#v, err: %s", r.Family, req, err)
+		}
+		for _, def := range definitions {
+			affected, notFixedYet := isOvalDefAffected(def, req, r.Family, r.RunningKernel)
+			if !affected {
+				continue
+			}
+
+			if req.isSrcPack {
+				for _, n := range req.binaryPackNames {
+					relatedDefs.upsert(def, n, false)
+				}
+			} else {
+				relatedDefs.upsert(def, req.packName, notFixedYet)
+			}
+		}
+	}
+	return
+}
+
+func major(version string) string {
+	ss := strings.SplitN(version, ":", 2)
+	ver := ""
+	if len(ss) == 1 {
+		ver = ss[0]
+	} else {
+		ver = ss[1]
+	}
+	return ver[0:strings.Index(ver, ".")]
+}
+
+func isOvalDefAffected(def ovalmodels.Definition, req request, family string, running models.Kernel) (affected, notFixedYet bool) {
+	for _, ovalPack := range def.AffectedPacks {
+		if req.packName != ovalPack.Name {
+			continue
+		}
+
+		if running.Release != "" {
+			switch family {
+			case config.RedHat, config.CentOS:
+				// For kernel related packages, ignore OVAL information with different major versions
+				if _, ok := kernelRelatedPackNames[ovalPack.Name]; ok {
+					if major(ovalPack.Version) != major(running.Release) {
+						continue
+					}
+				}
+			}
+		}
+
+		if ovalPack.NotFixedYet {
+			return true, true
+		}
+
+		less, err := lessThan(family, req.versionRelease, ovalPack)
+		if err != nil {
+			util.Log.Debugf("Failed to parse versions: %s, Ver: %#v, OVAL: %#v, DefID: %s",
+				err, req.versionRelease, ovalPack, def.DefinitionID)
+			return false, false
+		}
+
+		if less {
+			if req.isSrcPack {
+				// Unable to judge whether fixed or not fixed of src package(Ubuntu, Debian)
+				return true, false
+			}
+
+			// `offline` or `fast` scan mode can't get a updatable version.
+			// In these mode, the blow field was set empty.
+			// Vuls can not judge fixed or unfixed.
+			if req.NewVersionRelease == "" {
+				return true, false
+			}
+
+			// compare version: newVer vs oval
+			less, err := lessThan(family, req.NewVersionRelease, ovalPack)
+			if err != nil {
+				util.Log.Debugf("Failed to parse versions: %s, NewVer: %#v, OVAL: %#v, DefID: %s",
+					err, req.NewVersionRelease, ovalPack, def.DefinitionID)
+				return false, false
+			}
+			return true, less
+		}
+	}
+	return false, false
+}
+
+func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, error) {
+	switch family {
+	case config.Debian, config.Ubuntu:
+		vera, err := debver.NewVersion(versionRelease)
+		if err != nil {
+			return false, err
+		}
+		verb, err := debver.NewVersion(packB.Version)
+		if err != nil {
+			return false, err
+		}
+		return vera.LessThan(verb), nil
+	case config.Oracle, config.SUSEEnterpriseServer, config.Alpine:
+		vera := rpmver.NewVersion(versionRelease)
+		verb := rpmver.NewVersion(packB.Version)
+		return vera.LessThan(verb), nil
+	case config.RedHat, config.CentOS: // TODO: Suport config.Scientific
+		rea := regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`)
+		reb := regexp.MustCompile(`\.el(\d+)(?:_\d+)?`)
+		vera := rpmver.NewVersion(rea.ReplaceAllString(versionRelease, ".el$1"))
+		verb := rpmver.NewVersion(reb.ReplaceAllString(packB.Version, ".el$1"))
+		return vera.LessThan(verb), nil
+	default:
+		util.Log.Errorf("Not implemented yet: %s", family)
+	}
+	return false, fmt.Errorf("Package version comparison not supported: %s", family)
+}
--- a/oval/util_test.go
+++ b/oval/util_test.go
--- a/report/azureblob.go
+++ b/report/azureblob.go
@@ -0,0 +1,149 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"encoding/json"
+	"encoding/xml"
+	"fmt"
+	"time"
+
+	storage "github.com/Azure/azure-sdk-for-go/storage"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// AzureBlobWriter writes results to AzureBlob
+type AzureBlobWriter struct{}
+
+// Write results to Azure Blob storage
+func (w AzureBlobWriter) Write(rs ...models.ScanResult) (err error) {
+	if len(rs) == 0 {
+		return nil
+	}
+
+	cli, err := getBlobClient()
+	if err != nil {
+		return err
+	}
+
+	if c.Conf.FormatOneLineText {
+		timestr := rs[0].ScannedAt.Format(time.RFC3339)
+		k := fmt.Sprintf(timestr + "/summary.txt")
+		text := formatOneLineSummary(rs...)
+		b := []byte(text)
+		if err := createBlockBlob(cli, k, b); err != nil {
+			return err
+		}
+	}
+
+	for _, r := range rs {
+		key := r.ReportKeyName()
+		if c.Conf.FormatJSON {
+			k := key + ".json"
+			var b []byte
+			if b, err = json.Marshal(r); err != nil {
+				return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+			}
+			if err := createBlockBlob(cli, k, b); err != nil {
+				return err
+			}
+		}
+
+		if c.Conf.FormatList {
+			k := key + "_short.txt"
+			b := []byte(formatList(r))
+			if err := createBlockBlob(cli, k, b); err != nil {
+				return err
+			}
+		}
+
+		if c.Conf.FormatFullText {
+			k := key + "_full.txt"
+			b := []byte(formatFullPlainText(r))
+			if err := createBlockBlob(cli, k, b); err != nil {
+				return err
+			}
+		}
+
+		if c.Conf.FormatXML {
+			k := key + ".xml"
+			var b []byte
+			if b, err = xml.Marshal(r); err != nil {
+				return fmt.Errorf("Failed to Marshal to XML: %s", err)
+			}
+			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
+			if err := createBlockBlob(cli, k, allBytes); err != nil {
+				return err
+			}
+		}
+	}
+	return
+}
+
+// CheckIfAzureContainerExists check the existence of Azure storage container
+func CheckIfAzureContainerExists() error {
+	cli, err := getBlobClient()
+	if err != nil {
+		return err
+	}
+	r, err := cli.ListContainers(storage.ListContainersParameters{})
+	if err != nil {
+		return err
+	}
+
+	found := false
+	for _, con := range r.Containers {
+		if con.Name == c.Conf.Azure.ContainerName {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return fmt.Errorf("Container not found. Container: %s", c.Conf.Azure.ContainerName)
+	}
+	return nil
+}
+
+func getBlobClient() (storage.BlobStorageClient, error) {
+	api, err := storage.NewBasicClient(c.Conf.Azure.AccountName, c.Conf.Azure.AccountKey)
+	if err != nil {
+		return storage.BlobStorageClient{}, err
+	}
+	return api.GetBlobService(), nil
+}
+
+func createBlockBlob(cli storage.BlobStorageClient, k string, b []byte) error {
+	var err error
+	if c.Conf.GZIP {
+		if b, err = gz(b); err != nil {
+			return err
+		}
+		k += ".gz"
+	}
+
+	ref := cli.GetContainerReference(c.Conf.Azure.ContainerName)
+	blob := ref.GetBlobReference(k)
+	if err := blob.CreateBlockBlobFromReader(bytes.NewReader(b), nil); err != nil {
+		return fmt.Errorf("Failed to upload data to %s/%s, %s",
+			c.Conf.Azure.ContainerName, k, err)
+	}
+	return nil
+}
--- a/report/chatwork.go
+++ b/report/chatwork.go
@@ -0,0 +1,73 @@
+package report
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// ChatWorkWriter send report to ChatWork
+type ChatWorkWriter struct{}
+
+func (w ChatWorkWriter) Write(rs ...models.ScanResult) (err error) {
+	conf := config.Conf.ChatWork
+
+	for _, r := range rs {
+		serverInfo := fmt.Sprintf("%s", r.ServerInfo())
+		if err = chatWorkpostMessage(conf.Room, conf.APIToken, serverInfo); err != nil {
+			return err
+		}
+
+		for _, vinfo := range r.ScannedCves {
+			maxCvss := vinfo.MaxCvssScore()
+			severity := strings.ToUpper(maxCvss.Value.Severity)
+			if severity == "" {
+				severity = "?"
+			}
+
+			message := fmt.Sprintf(`%s[info][title]"https://nvd.nist.gov/vuln/detail/%s" %s %s[/title]%s[/info]`,
+				serverInfo,
+				vinfo.CveID,
+				strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
+				severity,
+				vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value)
+
+			if err = chatWorkpostMessage(conf.Room, conf.APIToken, message); err != nil {
+				return err
+			}
+		}
+
+	}
+	return nil
+}
+
+func chatWorkpostMessage(room, token, message string) error {
+	uri := fmt.Sprintf("https://api.chatwork.com/v2/rooms/%s/messages=%s", room, token)
+
+	payload := url.Values{
+		"body": {message},
+	}
+
+	reqs, err := http.NewRequest("POST", uri, strings.NewReader(payload.Encode()))
+
+	reqs.Header.Add("X-ChatWorkToken", token)
+	reqs.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+	if err != nil {
+		return err
+	}
+	client := &http.Client{}
+
+	resp, err := client.Do(reqs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
--- a/report/chatwork_test.go
+++ b/report/chatwork_test.go
@@ -0,0 +1 @@
+package report
--- a/report/cve_client.go
+++ b/report/cve_client.go
@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -15,21 +15,20 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

-package cveapi
+package report

 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"sort"
 	"time"

 	"github.com/cenkalti/backoff"
 	"github.com/parnurzeal/gorequest"

-	log "github.com/Sirupsen/logrus"
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/util"
+	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
 	cve "github.com/kotakanbe/go-cve-dictionary/models"
 )

@@ -42,23 +41,26 @@ type cvedictClient struct {
 }

 func (api *cvedictClient) initialize() {
-	api.baseURL = config.Conf.CveDictionaryURL
+	api.baseURL = config.Conf.CveDict.URL
 }

-func (api cvedictClient) CheckHealth() (ok bool, err error) {
+func (api cvedictClient) CheckHealth() error {
+	if !config.Conf.CveDict.IsFetchViaHTTP() {
+		util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDict.Type)
+		return nil
+	}
+
 	api.initialize()
 	url := fmt.Sprintf("%s/health", api.baseURL)
 	var errs []error
 	var resp *http.Response
 	resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if len(errs) > 0 || resp.StatusCode != 200 {
-		return false, fmt.Errorf("Failed to request to CVE server. url: %s, errs: %v",
-			url,
-			errs,
-		)
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return fmt.Errorf("Failed to request to CVE server. url: %s, errs: %v",
+			url, errs)
 	}
-	return true, nil
+	return nil
 }

 type response struct {
@@ -66,8 +68,25 @@ type response struct {
 	CveDetail cve.CveDetail
 }

-func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDetails, err error) {
-	api.baseURL = config.Conf.CveDictionaryURL
+func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveDetails []cve.CveDetail, err error) {
+	if !config.Conf.CveDict.IsFetchViaHTTP() {
+		for _, cveID := range cveIDs {
+			cveDetail, err := driver.Get(cveID)
+			if err != nil {
+				return nil, fmt.Errorf("Failed to fetch CVE. err: %s", err)
+			}
+			if len(cveDetail.CveID) == 0 {
+				cveDetails = append(cveDetails, cve.CveDetail{
+					CveID: cveID,
+				})
+			} else {
+				cveDetails = append(cveDetails, *cveDetail)
+			}
+		}
+		return
+	}
+
+	api.baseURL = config.Conf.CveDict.URL
 	reqChan := make(chan string, len(cveIDs))
 	resChan := make(chan response, len(cveIDs))
 	errChan := make(chan error, len(cveIDs))
@@ -91,7 +110,7 @@ func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDet
 				if err != nil {
 					errChan <- err
 				} else {
-					log.Debugf("HTTP Request to %s", url)
+					util.Log.Debugf("HTTP Request to %s", url)
 					api.httpGet(cveID, url, resChan, errChan)
 				}
 			}
@@ -113,41 +132,43 @@ func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDet
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return []cve.CveDetail{}, fmt.Errorf("Timeout Fetching CVE")
+			return nil, fmt.Errorf("Timeout Fetching CVE")
 		}
 	}
 	if len(errs) != 0 {
-		return []cve.CveDetail{},
+		return nil,
 			fmt.Errorf("Failed to fetch CVE. err: %v", errs)
 	}
-
-	// order by CVE ID desc
-	sort.Sort(cveDetails)
 	return
 }

 func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errChan chan<- error) {
-
 	var body string
 	var errs []error
 	var resp *http.Response
 	f := func() (err error) {
-		resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-		if len(errs) > 0 || resp.StatusCode != 200 {
-			errChan <- fmt.Errorf("HTTP error. errs: %v, url: %s", errs, url)
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
 		}
 		return nil
 	}
 	notify := func(err error, t time.Duration) {
-		log.Warnf("Failed to get. retrying in %s seconds. err: %s", t, err)
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s",
+			t, err)
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
 		errChan <- fmt.Errorf("HTTP Error %s", err)
+		return
 	}
 	cveDetail := cve.CveDetail{}
 	if err := json.Unmarshal([]byte(body), &cveDetail); err != nil {
-		errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s", body, err)
+		errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
+			body, err)
+		return
 	}
 	resChan <- response{
 		key,
@@ -155,57 +176,19 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 	}
 }

-//  func (api cvedictClient) httpGet(key, url string, query map[string]string, resChan chan<- response, errChan chan<- error) {
+func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName string) ([]cve.CveDetail, error) {
+	if config.Conf.CveDict.IsFetchViaHTTP() {
+		api.baseURL = config.Conf.CveDict.URL
+		url, err := util.URLPathJoin(api.baseURL, "cpes")
+		if err != nil {
+			return nil, err
+		}

-//      var body string
-//      var errs []error
-//      var resp *http.Response
-//      f := func() (err error) {
-//          req := gorequest.New().SetDebug(true).Proxy(api.httpProxy).Get(url)
-//          for key := range query {
-//              req = req.Query(fmt.Sprintf("%s=%s", key, query[key])).Set("Content-Type", "application/x-www-form-urlencoded")
-//          }
-//          pp.Println(req)
-//          resp, body, errs = req.End()
-//          if len(errs) > 0 || resp.StatusCode != 200 {
-//              errChan <- fmt.Errorf("HTTP error. errs: %v, url: %s", errs, url)
-//          }
-//          return nil
-//      }
-//      notify := func(err error, t time.Duration) {
-//          log.Warnf("Failed to get. retrying in %s seconds. err: %s", t, err)
-//      }
-//      err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
-//      if err != nil {
-//          errChan <- fmt.Errorf("HTTP Error %s", err)
-//      }
-//      //  resChan <- body
-//      cveDetail := cve.CveDetail{}
-//      if err := json.Unmarshal([]byte(body), &cveDetail); err != nil {
-//          errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s", body, err)
-//      }
-//      resChan <- response{
-//          key,
-//          cveDetail,
-//      }
-//  }
-
-type responseGetCveDetailByCpeName struct {
-	CpeName    string
-	CveDetails []cve.CveDetail
-}
-
-func (api cvedictClient) FetchCveDetailsByCpeName(cpeName string) ([]cve.CveDetail, error) {
-	api.baseURL = config.Conf.CveDictionaryURL
-
-	url, err := util.URLPathJoin(api.baseURL, "cpes")
-	if err != nil {
-		return []cve.CveDetail{}, err
+		query := map[string]string{"name": cpeName}
+		util.Log.Debugf("HTTP Request to %s, query: %#v", url, query)
+		return api.httpPost(cpeName, url, query)
 	}
-
-	query := map[string]string{"name": cpeName}
-	log.Debugf("HTTP Request to %s, query: %#v", url, query)
-	return api.httpPost(cpeName, url, query)
+	return driver.GetByCpeURI(cpeName)
 }

 func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]cve.CveDetail, error) {
@@ -213,27 +196,28 @@ func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]c
 	var errs []error
 	var resp *http.Response
 	f := func() (err error) {
-		req := gorequest.New().SetDebug(config.Conf.Debug).Post(url)
+		//  req := gorequest.New().SetDebug(config.Conf.Debug).Post(url)
+		req := gorequest.New().Post(url)
 		for key := range query {
 			req = req.Send(fmt.Sprintf("%s=%s", key, query[key])).Type("json")
 		}
 		resp, body, errs = req.End()
-		if len(errs) > 0 || resp.StatusCode != 200 {
-			return fmt.Errorf("HTTP error. errs: %v, url: %s", errs, url)
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			return fmt.Errorf("HTTP POST error: %v, url: %s, resp: %v", errs, url, resp)
 		}
 		return nil
 	}
 	notify := func(err error, t time.Duration) {
-		log.Warnf("Failed to get. retrying in %s seconds. err: %s", t, err)
+		util.Log.Warnf("Failed to HTTP POST. retrying in %s seconds. err: %s", t, err)
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
-		return []cve.CveDetail{}, fmt.Errorf("HTTP Error %s", err)
+		return nil, fmt.Errorf("HTTP Error %s", err)
 	}

 	cveDetails := []cve.CveDetail{}
 	if err := json.Unmarshal([]byte(body), &cveDetails); err != nil {
-		return []cve.CveDetail{},
+		return nil,
 			fmt.Errorf("Failed to Unmarshall. body: %s, err: %s", body, err)
 	}
 	return cveDetails, nil
--- a/report/db_client.go
+++ b/report/db_client.go
@@ -0,0 +1,188 @@
+package report
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/util"
+	gostdb "github.com/knqyf263/gost/db"
+	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
+	ovaldb "github.com/kotakanbe/goval-dictionary/db"
+	exploitdb "github.com/mozqnet/go-exploitdb/db"
+)
+
+// DBClient is a dictionarie's db client for reporting
+type DBClient struct {
+	CveDB     cvedb.DB
+	OvalDB    ovaldb.DB
+	GostDB    gostdb.DB
+	ExploitDB exploitdb.DB
+}
+
+// DBClientConf has a configuration of Vulnerability DBs
+type DBClientConf struct {
+	CveDictCnf  config.GoCveDictConf
+	OvalDictCnf config.GovalDictConf
+	GostCnf     config.GostConf
+	ExploitCnf  config.ExploitConf
+	DebugSQL    bool
+}
+
+// NewDBClient returns db clients
+func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error) {
+	cveDriver, locked, err := NewCveDB(cnf)
+	if locked {
+		return nil, true, fmt.Errorf("CveDB is locked: %s",
+			cnf.OvalDictCnf.SQLite3Path)
+	} else if err != nil {
+		return nil, locked, err
+	}
+
+	ovaldb, locked, err := NewOvalDB(cnf)
+	if locked {
+		return nil, true, fmt.Errorf("OvalDB is locked: %s",
+			cnf.OvalDictCnf.SQLite3Path)
+	} else if err != nil {
+		util.Log.Warnf("Unable to use OvalDB: %s, err: %s",
+			cnf.OvalDictCnf.SQLite3Path, err)
+	}
+
+	gostdb, locked, err := NewGostDB(cnf)
+	if locked {
+		return nil, true, fmt.Errorf("gostDB is locked: %s",
+			cnf.GostCnf.SQLite3Path)
+	} else if err != nil {
+		util.Log.Warnf("Unable to use gostDB: %s, err: %s",
+			cnf.GostCnf.SQLite3Path, err)
+	}
+
+	exploitdb, locked, err := NewExploitDB(cnf)
+	if locked {
+		return nil, true, fmt.Errorf("exploitDB is locked: %s",
+			cnf.ExploitCnf.SQLite3Path)
+	} else if err != nil {
+		util.Log.Warnf("Unable to use exploitDB: %s, err: %s",
+			cnf.ExploitCnf.SQLite3Path, err)
+	}
+
+	return &DBClient{
+		CveDB:     cveDriver,
+		OvalDB:    ovaldb,
+		GostDB:    gostdb,
+		ExploitDB: exploitdb,
+	}, false, nil
+}
+
+// NewCveDB returns cve db client
+func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {
+	if config.Conf.CveDict.IsFetchViaHTTP() {
+		return nil, false, nil
+	}
+	util.Log.Debugf("open cve-dictionary db (%s)", cnf.CveDictCnf.Type)
+	path := cnf.CveDictCnf.URL
+	if cnf.CveDictCnf.Type == "sqlite3" {
+		path = cnf.CveDictCnf.SQLite3Path
+	}
+
+	util.Log.Debugf("Open cve-dictionary db (%s): %s", cnf.CveDictCnf.Type, path)
+	driver, locked, err = cvedb.NewDB(cnf.CveDictCnf.Type, path, cnf.DebugSQL)
+	if err != nil {
+		err = fmt.Errorf("Failed to init CVE DB. err: %s, path: %s", err, path)
+		return nil, locked, err
+	}
+	return driver, false, nil
+}
+
+// NewOvalDB returns oval db client
+func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
+		return nil, false, nil
+	}
+	path := cnf.OvalDictCnf.URL
+	if cnf.OvalDictCnf.Type == "sqlite3" {
+		path = cnf.OvalDictCnf.SQLite3Path
+
+		if _, err := os.Stat(path); os.IsNotExist(err) {
+			util.Log.Warnf("--ovaldb-path=%s is not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage", path)
+			return nil, false, nil
+		}
+	}
+
+	util.Log.Debugf("Open oval-dictionary db (%s): %s", cnf.OvalDictCnf.Type, path)
+	driver, locked, err = ovaldb.NewDB("", cnf.OvalDictCnf.Type, path, cnf.DebugSQL)
+	if err != nil {
+		err = fmt.Errorf("Failed to new OVAL DB. err: %s", err)
+		if locked {
+			return nil, true, err
+		}
+		return nil, false, err
+	}
+	return driver, false, nil
+}
+
+// NewGostDB returns db client for Gost
+func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
+	if config.Conf.Gost.IsFetchViaHTTP() {
+		return nil, false, nil
+	}
+	path := cnf.GostCnf.URL
+	if cnf.GostCnf.Type == "sqlite3" {
+		path = cnf.GostCnf.SQLite3Path
+
+		if _, err := os.Stat(path); os.IsNotExist(err) {
+			util.Log.Warnf("--gostdb-path=%s is not found. If the scan target server is Debian, RHEL or CentOS, it's recommended to use gost to improve scanning accuracy. To use gost database, see https://github.com/knqyf263/gost#fetch-redhat", path)
+			return nil, false, nil
+		}
+	}
+
+	util.Log.Debugf("Open gost db (%s): %s", cnf.GostCnf.Type, path)
+	if driver, locked, err = gostdb.NewDB(cnf.GostCnf.Type, path, cnf.DebugSQL); err != nil {
+		if locked {
+			util.Log.Errorf("gostDB is locked: %s", err)
+			return nil, true, err
+		}
+		return nil, false, err
+	}
+	return driver, false, nil
+}
+
+// NewExploitDB returns db client for Exploit
+func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error) {
+	if config.Conf.Exploit.IsFetchViaHTTP() {
+		return nil, false, nil
+	}
+	path := cnf.ExploitCnf.URL
+	if cnf.ExploitCnf.Type == "sqlite3" {
+		path = cnf.ExploitCnf.SQLite3Path
+
+		if _, err := os.Stat(path); os.IsNotExist(err) {
+			util.Log.Warnf("--exploitdb-path=%s is not found. It's recommended to use exploit to improve scanning accuracy. To use exploit db database, see https://github.com/mozqnet/go-exploitdb", path)
+			return nil, false, nil
+		}
+	}
+
+	util.Log.Debugf("Open exploit db (%s): %s", cnf.ExploitCnf.Type, path)
+	if driver, locked, err = exploitdb.NewDB(cnf.ExploitCnf.Type, path, cnf.DebugSQL); err != nil {
+		if locked {
+			util.Log.Errorf("exploitDB is locked: %s", err)
+			return nil, true, err
+		}
+		return nil, false, err
+	}
+	return driver, false, nil
+}
+
+// CloseDB close dbs
+func (d DBClient) CloseDB() {
+	if d.CveDB != nil {
+		if err := d.CveDB.CloseDB(); err != nil {
+			util.Log.Errorf("Failed to close DB: %s", err)
+		}
+	}
+	if d.OvalDB != nil {
+		if err := d.OvalDB.CloseDB(); err != nil {
+			util.Log.Errorf("Failed to close DB: %s", err)
+		}
+	}
+}
--- a/report/email.go
+++ b/report/email.go
@@ -0,0 +1,150 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"fmt"
+	"net"
+	"net/mail"
+	"net/smtp"
+	"strings"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// EMailWriter send mail
+type EMailWriter struct{}
+
+func (w EMailWriter) Write(rs ...models.ScanResult) (err error) {
+	conf := config.Conf
+	var message string
+	sender := NewEMailSender()
+
+	m := map[string]int{}
+	for _, r := range rs {
+		if conf.FormatOneEMail {
+			message += formatFullPlainText(r) + "\r\n\r\n"
+
+			mm := r.ScannedCves.CountGroupBySeverity()
+			keys := []string{"High", "Medium", "Low", "Unknown"}
+			for _, k := range keys {
+				m[k] += mm[k]
+			}
+		} else {
+			var subject string
+			if len(r.Errors) != 0 {
+				subject = fmt.Sprintf("%s%s An error occurred while scanning",
+					conf.EMail.SubjectPrefix, r.ServerInfo())
+			} else {
+				subject = fmt.Sprintf("%s%s %s",
+					conf.EMail.SubjectPrefix,
+					r.ServerInfo(),
+					r.ScannedCves.FormatCveSummary())
+			}
+			message = formatFullPlainText(r)
+			if err := sender.Send(subject, message); err != nil {
+				return err
+			}
+		}
+	}
+
+	summary := ""
+	if config.Conf.IgnoreUnscoredCves {
+		summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d)",
+			m["High"]+m["Medium"]+m["Low"], m["High"], m["Medium"], m["Low"])
+	}
+	summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d ?:%d)",
+		m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
+		m["High"], m["Medium"], m["Low"], m["Unknown"])
+
+	if conf.FormatOneEMail {
+		message = fmt.Sprintf(
+			`
+One Line Summary
+================
+%s
+
+
+%s`,
+			formatOneLineSummary(rs...), message)
+
+		subject := fmt.Sprintf("%s %s",
+			conf.EMail.SubjectPrefix, summary)
+		return sender.Send(subject, message)
+	}
+	return nil
+}
+
+// EMailSender is interface of sending e-mail
+type EMailSender interface {
+	Send(subject, body string) error
+}
+
+type emailSender struct {
+	conf config.SMTPConf
+	send func(string, smtp.Auth, string, []string, []byte) error
+}
+
+func (e *emailSender) Send(subject, body string) (err error) {
+	emailConf := e.conf
+	to := strings.Join(emailConf.To[:], ", ")
+	cc := strings.Join(emailConf.Cc[:], ", ")
+	mailAddresses := append(emailConf.To, emailConf.Cc...)
+	if _, err := mail.ParseAddressList(strings.Join(mailAddresses[:], ", ")); err != nil {
+		return fmt.Errorf("Failed to parse email addresses: %s", err)
+	}
+
+	headers := make(map[string]string)
+	headers["From"] = emailConf.From
+	headers["To"] = to
+	headers["Cc"] = cc
+	headers["Subject"] = subject
+	headers["Date"] = time.Now().Format(time.RFC1123Z)
+	headers["Content-Type"] = "text/plain; charset=utf-8"
+
+	var header string
+	for k, v := range headers {
+		header += fmt.Sprintf("%s: %s\r\n", k, v)
+	}
+	message := fmt.Sprintf("%s\r\n%s", header, body)
+
+	smtpServer := net.JoinHostPort(emailConf.SMTPAddr, emailConf.SMTPPort)
+	err = e.send(
+		smtpServer,
+		smtp.PlainAuth(
+			"",
+			emailConf.User,
+			emailConf.Password,
+			emailConf.SMTPAddr,
+		),
+		emailConf.From,
+		mailAddresses,
+		[]byte(message),
+	)
+	if err != nil {
+		return fmt.Errorf("Failed to send emails: %s", err)
+	}
+	return nil
+}
+
+// NewEMailSender creates emailSender
+func NewEMailSender() EMailSender {
+	return &emailSender{config.Conf.EMail, smtp.SendMail}
+}
--- a/report/email_test.go
+++ b/report/email_test.go
@@ -0,0 +1,132 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"net/smtp"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/future-architect/vuls/config"
+)
+
+type emailRecorder struct {
+	addr string
+	auth smtp.Auth
+	from string
+	to   []string
+	body string
+}
+
+type mailTest struct {
+	in  config.SMTPConf
+	out emailRecorder
+}
+
+var mailTests = []mailTest{
+	{
+		config.SMTPConf{
+			SMTPAddr: "127.0.0.1",
+			SMTPPort: "25",
+
+			From: "from@address.com",
+			To:   []string{"to@address.com"},
+			Cc:   []string{"cc@address.com"},
+		},
+		emailRecorder{
+			addr: "127.0.0.1:25",
+			auth: smtp.PlainAuth("", "", "", "127.0.0.1"),
+			from: "from@address.com",
+			to:   []string{"to@address.com", "cc@address.com"},
+			body: "body",
+		},
+	},
+	{
+		config.SMTPConf{
+			SMTPAddr: "127.0.0.1",
+			SMTPPort: "25",
+
+			User:     "vuls",
+			Password: "password",
+
+			From: "from@address.com",
+			To:   []string{"to1@address.com", "to2@address.com"},
+			Cc:   []string{"cc1@address.com", "cc2@address.com"},
+		},
+		emailRecorder{
+			addr: "127.0.0.1:25",
+			auth: smtp.PlainAuth(
+				"",
+				"vuls",
+				"password",
+				"127.0.0.1",
+			),
+			from: "from@address.com",
+			to: []string{"to1@address.com", "to2@address.com",
+				"cc1@address.com", "cc2@address.com"},
+			body: "body",
+		},
+	},
+}
+
+func TestSend(t *testing.T) {
+	for i, test := range mailTests {
+		f, r := mockSend(nil)
+		sender := &emailSender{conf: test.in, send: f}
+
+		subject := "subject"
+		body := "body"
+		if err := sender.Send(subject, body); err != nil {
+			t.Errorf("unexpected error: %s", err)
+		}
+
+		if r.addr != test.out.addr {
+			t.Errorf("#%d: wrong 'addr' field.\r\nexpected: %s\n got: %s", i, test.out.addr, r.addr)
+		}
+
+		if !reflect.DeepEqual(r.auth, test.out.auth) {
+			t.Errorf("#%d: wrong 'auth' field.\r\nexpected: %v\n got: %v", i, test.out.auth, r.auth)
+		}
+
+		if r.from != test.out.from {
+			t.Errorf("#%d: wrong 'from' field.\r\nexpected: %v\n got: %v", i, test.out.from, r.from)
+		}
+
+		if !reflect.DeepEqual(r.to, test.out.to) {
+			t.Errorf("#%d: wrong 'to' field.\r\nexpected: %v\n got: %v", i, test.out.to, r.to)
+		}
+
+		if r.body != test.out.body {
+			t.Errorf("#%d: wrong 'body' field.\r\nexpected: %v\n got: %v", i, test.out.body, r.body)
+		}
+
+	}
+
+}
+
+func mockSend(errToReturn error) (func(string, smtp.Auth, string, []string, []byte) error, *emailRecorder) {
+	r := new(emailRecorder)
+	return func(addr string, a smtp.Auth, from string, to []string, msg []byte) error {
+		// Split into header and body
+		messages := strings.Split(string(msg), "\r\n\r\n")
+		body := messages[1]
+		*r = emailRecorder{addr, a, from, to, body}
+		return errToReturn
+	}, r
+}
--- a/report/hipchat.go
+++ b/report/hipchat.go
@@ -0,0 +1,74 @@
+package report
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// HipChatWriter send report to HipChat
+type HipChatWriter struct{}
+
+func (w HipChatWriter) Write(rs ...models.ScanResult) (err error) {
+	conf := config.Conf.HipChat
+
+	for _, r := range rs {
+		serverInfo := fmt.Sprintf("%s", r.ServerInfo())
+		if err = postMessage(conf.Room, conf.AuthToken, serverInfo); err != nil {
+			return err
+		}
+
+		for _, vinfo := range r.ScannedCves {
+			maxCvss := vinfo.MaxCvssScore()
+			severity := strings.ToUpper(maxCvss.Value.Severity)
+			if severity == "" {
+				severity = "?"
+			}
+
+			message := fmt.Sprintf(`<a href="https://nvd.nist.gov/vuln/detail\%s"> %s </a> <br/>%s (%s)<br/>%s`,
+				vinfo.CveID,
+				vinfo.CveID,
+				strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
+				severity,
+				vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value,
+			)
+
+			if err = postMessage(conf.Room, conf.AuthToken, message); err != nil {
+				return err
+			}
+		}
+
+	}
+	return nil
+}
+
+func postMessage(room, token, message string) error {
+	uri := fmt.Sprintf("https://api.hipchat.com/v2/room/%s/notification?auth_token=%s", room, token)
+
+	payload := url.Values{
+		"color":          {"purple"},
+		"message_format": {"html"},
+		"message":        {message},
+	}
+	reqs, err := http.NewRequest("POST", uri, strings.NewReader(payload.Encode()))
+	if err != nil {
+		return err
+	}
+
+	reqs.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+	client := &http.Client{}
+
+	resp, err := client.Do(reqs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
--- a/report/hipchat_test.go
+++ b/report/hipchat_test.go
@@ -0,0 +1 @@
+package report
--- a/report/http.go
+++ b/report/http.go
@@ -0,0 +1,62 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+
+	"github.com/pkg/errors"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// HTTPRequestWriter writes results to HTTP request
+type HTTPRequestWriter struct{}
+
+// Write sends results as HTTP response
+func (w HTTPRequestWriter) Write(rs ...models.ScanResult) (err error) {
+	for _, r := range rs {
+		b := new(bytes.Buffer)
+		json.NewEncoder(b).Encode(r)
+		_, err = http.Post(c.Conf.HTTP.URL, "application/json; charset=utf-8", b)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// HTTPResponseWriter writes results to HTTP response
+type HTTPResponseWriter struct {
+	Writer http.ResponseWriter
+}
+
+// Write sends results as HTTP response
+func (w HTTPResponseWriter) Write(rs ...models.ScanResult) (err error) {
+	res, err := json.Marshal(rs)
+	if err != nil {
+		return errors.Wrap(err, "Failed to marshal scah results")
+	}
+	w.Writer.Header().Set("Content-Type", "application/json")
+	_, err = w.Writer.Write(res)
+
+	return err
+}
--- a/report/localfile.go
+++ b/report/localfile.go
@@ -0,0 +1,135 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"encoding/json"
+	"encoding/xml"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// LocalFileWriter writes results to a local file.
+type LocalFileWriter struct {
+	CurrentDir string
+}
+
+func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
+	if c.Conf.FormatOneLineText {
+		path := filepath.Join(w.CurrentDir, "summary.txt")
+		text := formatOneLineSummary(rs...)
+		if err := writeFile(path, []byte(text), 0600); err != nil {
+			return fmt.Errorf(
+				"Failed to write to file. path: %s, err: %s",
+				path, err)
+		}
+	}
+
+	for _, r := range rs {
+		path := filepath.Join(w.CurrentDir, r.ReportFileName())
+
+		if c.Conf.FormatJSON {
+			var p string
+			if c.Conf.Diff {
+				p = path + "_diff.json"
+			} else {
+				p = path + ".json"
+			}
+
+			var b []byte
+			if c.Conf.Debug {
+				if b, err = json.MarshalIndent(r, "", "    "); err != nil {
+					return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+				}
+			} else {
+				if b, err = json.Marshal(r); err != nil {
+					return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+				}
+			}
+			if err := writeFile(p, b, 0600); err != nil {
+				return fmt.Errorf("Failed to write JSON. path: %s, err: %s", p, err)
+			}
+		}
+
+		if c.Conf.FormatList {
+			var p string
+			if c.Conf.Diff {
+				p = path + "_short_diff.txt"
+			} else {
+				p = path + "_short.txt"
+			}
+
+			if err := writeFile(
+				p, []byte(formatList(r)), 0600); err != nil {
+				return fmt.Errorf(
+					"Failed to write text files. path: %s, err: %s", p, err)
+			}
+		}
+
+		if c.Conf.FormatFullText {
+			var p string
+			if c.Conf.Diff {
+				p = path + "_full_diff.txt"
+			} else {
+				p = path + "_full.txt"
+			}
+
+			if err := writeFile(
+				p, []byte(formatFullPlainText(r)), 0600); err != nil {
+				return fmt.Errorf(
+					"Failed to write text files. path: %s, err: %s", p, err)
+			}
+		}
+
+		if c.Conf.FormatXML {
+			var p string
+			if c.Conf.Diff {
+				p = path + "_diff.xml"
+			} else {
+				p = path + ".xml"
+			}
+
+			var b []byte
+			if b, err = xml.Marshal(r); err != nil {
+				return fmt.Errorf("Failed to Marshal to XML: %s", err)
+			}
+			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
+			if err := writeFile(p, allBytes, 0600); err != nil {
+				return fmt.Errorf("Failed to write XML. path: %s, err: %s", p, err)
+			}
+		}
+	}
+	return nil
+}
+
+func writeFile(path string, data []byte, perm os.FileMode) error {
+	var err error
+	if c.Conf.GZIP {
+		if data, err = gz(data); err != nil {
+			return err
+		}
+		path += ".gz"
+	}
+	return ioutil.WriteFile(path, []byte(data), perm)
+}
--- a/report/mail.go
+++ b/report/mail.go
@@ -1,70 +0,0 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package report
-
-import (
-	"crypto/tls"
-	"fmt"
-	"strconv"
-
-	"github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/models"
-	"gopkg.in/gomail.v2"
-)
-
-// MailWriter send mail
-type MailWriter struct{}
-
-func (w MailWriter) Write(scanResults []models.ScanResult) (err error) {
-	conf := config.Conf
-	for _, s := range scanResults {
-		m := gomail.NewMessage()
-		m.SetHeader("From", conf.Mail.From)
-		m.SetHeader("To", conf.Mail.To...)
-		m.SetHeader("Cc", conf.Mail.Cc...)
-
-		subject := fmt.Sprintf("%s%s %s",
-			conf.Mail.SubjectPrefix,
-			s.ServerName,
-			s.CveSummary(),
-		)
-		m.SetHeader("Subject", subject)
-
-		var body string
-		if body, err = toPlainText(s); err != nil {
-			return err
-		}
-		m.SetBody("text/plain", body)
-		port, _ := strconv.Atoi(conf.Mail.SMTPPort)
-		d := gomail.NewPlainDialer(
-			conf.Mail.SMTPAddr,
-			port,
-			conf.Mail.User,
-			conf.Mail.Password,
-		)
-
-		d.TLSConfig = &tls.Config{
-			InsecureSkipVerify: true,
-		}
-
-		if err := d.DialAndSend(m); err != nil {
-			panic(err)
-		}
-	}
-	return nil
-}
--- a/report/report.go
+++ b/report/report.go
@@ -0,0 +1,634 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"reflect"
+	"regexp"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/BurntSushi/toml"
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
+	"github.com/future-architect/vuls/cwe"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/oval"
+	"github.com/future-architect/vuls/util"
+	"github.com/hashicorp/uuid"
+	gostdb "github.com/knqyf263/gost/db"
+	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
+	ovaldb "github.com/kotakanbe/goval-dictionary/db"
+	exploitdb "github.com/mozqnet/go-exploitdb/db"
+)
+
+const (
+	vulsOpenTag  = "<vulsreport>"
+	vulsCloseTag = "</vulsreport>"
+)
+
+// FillCveInfos fills CVE Detailed Information
+func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
+	var filledResults []models.ScanResult
+	reportedAt := time.Now()
+	hostname, _ := os.Hostname()
+	for _, r := range rs {
+		if c.Conf.RefreshCve || needToRefreshCve(r) {
+			r.ScannedCves = models.VulnInfos{}
+			cpeURIs := []string{}
+			if len(r.Container.ContainerID) == 0 {
+				cpeURIs = c.Conf.Servers[r.ServerName].CpeNames
+				owaspDCXMLPath := c.Conf.Servers[r.ServerName].OwaspDCXMLPath
+				if owaspDCXMLPath != "" {
+					cpes, err := parser.Parse(owaspDCXMLPath)
+					if err != nil {
+						return nil, fmt.Errorf("Failed to read OWASP Dependency Check XML: %s, %s, %s",
+							r.ServerName, owaspDCXMLPath, err)
+					}
+					cpeURIs = append(cpeURIs, cpes...)
+				}
+			} else {
+				if s, ok := c.Conf.Servers[r.ServerName]; ok {
+					if con, ok := s.Containers[r.Container.Name]; ok {
+						cpeURIs = con.Cpes
+						owaspDCXMLPath := con.OwaspDCXMLPath
+						if owaspDCXMLPath != "" {
+							cpes, err := parser.Parse(owaspDCXMLPath)
+							if err != nil {
+								return nil, fmt.Errorf("Failed to read OWASP Dependency Check XML: %s, %s, %s",
+									r.ServerInfo(), owaspDCXMLPath, err)
+							}
+							cpeURIs = append(cpeURIs, cpes...)
+						}
+					}
+				}
+			}
+
+			if err := FillCveInfo(dbclient, &r, cpeURIs); err != nil {
+				return nil, err
+			}
+			r.Lang = c.Conf.Lang
+			r.ReportedAt = reportedAt
+			r.ReportedVersion = c.Version
+			r.ReportedRevision = c.Revision
+			r.ReportedBy = hostname
+			r.Config.Report = c.Conf
+			r.Config.Report.Servers = map[string]c.ServerInfo{
+				r.ServerName: c.Conf.Servers[r.ServerName],
+			}
+			if err := overwriteJSONFile(dir, r); err != nil {
+				return nil, fmt.Errorf("Failed to write JSON: %s", err)
+			}
+			filledResults = append(filledResults, r)
+		} else {
+			util.Log.Debugf("No need to refresh")
+			filledResults = append(filledResults, r)
+		}
+	}
+
+	if c.Conf.Diff {
+		prevs, err := loadPrevious(filledResults)
+		if err != nil {
+			return nil, err
+		}
+
+		diff, err := diff(filledResults, prevs)
+		if err != nil {
+			return nil, err
+		}
+		filledResults = []models.ScanResult{}
+		for _, r := range diff {
+			if err := fillCveDetail(dbclient.CveDB, &r); err != nil {
+				return nil, err
+			}
+			filledResults = append(filledResults, r)
+		}
+	}
+
+	filtered := []models.ScanResult{}
+	for _, r := range filledResults {
+		r = r.FilterByCvssOver(c.Conf.CvssScoreOver)
+		r = r.FilterIgnoreCves()
+		r = r.FilterUnfixed()
+		r = r.FilterIgnorePkgs()
+		if c.Conf.IgnoreUnscoredCves {
+			r.ScannedCves = r.ScannedCves.FindScoredVulns()
+		}
+		filtered = append(filtered, r)
+	}
+	return filtered, nil
+}
+
+// FillCveInfo fill scanResult with cve info.
+func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) error {
+	util.Log.Debugf("need to refresh")
+
+	nCVEs, err := FillWithOval(dbclient.OvalDB, r)
+	if err != nil {
+		return fmt.Errorf("Failed to fill with OVAL: %s", err)
+	}
+	util.Log.Infof("%s: %d CVEs are detected with OVAL",
+		r.FormatServerName(), nCVEs)
+
+	for i, v := range r.ScannedCves {
+		for j, p := range v.AffectedPackages {
+			if p.NotFixedYet && p.FixState == "" {
+				p.FixState = "Not fixed yet"
+				r.ScannedCves[i].AffectedPackages[j] = p
+			}
+		}
+	}
+
+	nCVEs, err = fillVulnByCpeURIs(dbclient.CveDB, r, cpeURIs)
+	if err != nil {
+		return fmt.Errorf("Failed to detect vulns of %s: %s", cpeURIs, err)
+	}
+	util.Log.Infof("%s: %d CVEs are detected with CPE", r.FormatServerName(), nCVEs)
+
+	nCVEs, err = FillWithGost(dbclient.GostDB, r)
+	if err != nil {
+		return fmt.Errorf("Failed to fill with gost: %s", err)
+	}
+	util.Log.Infof("%s: %d unfixed CVEs are detected with gost",
+		r.FormatServerName(), nCVEs)
+
+	util.Log.Infof("Fill CVE detailed information with CVE-DB")
+	if err := fillCveDetail(dbclient.CveDB, r); err != nil {
+		return fmt.Errorf("Failed to fill with CVE: %s", err)
+	}
+
+	util.Log.Infof("Fill exploit information with Exploit-DB")
+	nExploitCve, err := FillWithExploit(dbclient.ExploitDB, r)
+	if err != nil {
+		return fmt.Errorf("Failed to fill with exploit: %s", err)
+	}
+	util.Log.Infof("%s: %d exploits are detected",
+		r.FormatServerName(), nExploitCve)
+
+	fillCweDict(r)
+	return nil
+}
+
+// fillCveDetail fetches NVD, JVN from CVE Database
+func fillCveDetail(driver cvedb.DB, r *models.ScanResult) error {
+	var cveIDs []string
+	for _, v := range r.ScannedCves {
+		cveIDs = append(cveIDs, v.CveID)
+	}
+
+	ds, err := CveClient.FetchCveDetails(driver, cveIDs)
+	if err != nil {
+		return err
+	}
+	for _, d := range ds {
+		nvd := models.ConvertNvdJSONToModel(d.CveID, d.NvdJSON)
+		if nvd == nil {
+			nvd = models.ConvertNvdXMLToModel(d.CveID, d.NvdXML)
+		}
+		jvn := models.ConvertJvnToModel(d.CveID, d.Jvn)
+
+		for cveID, vinfo := range r.ScannedCves {
+			if vinfo.CveID == d.CveID {
+				if vinfo.CveContents == nil {
+					vinfo.CveContents = models.CveContents{}
+				}
+				for _, con := range []*models.CveContent{nvd, jvn} {
+					if con != nil && !con.Empty() {
+						vinfo.CveContents[con.Type] = *con
+					}
+				}
+				r.ScannedCves[cveID] = vinfo
+				break
+			}
+		}
+	}
+	return nil
+}
+
+// FillWithOval fetches OVAL database
+func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var ovalClient oval.Client
+	var ovalFamily string
+
+	switch r.Family {
+	case c.Debian:
+		ovalClient = oval.NewDebian()
+		ovalFamily = c.Debian
+	case c.Ubuntu:
+		ovalClient = oval.NewUbuntu()
+		ovalFamily = c.Ubuntu
+	case c.RedHat:
+		ovalClient = oval.NewRedhat()
+		ovalFamily = c.RedHat
+	case c.CentOS:
+		ovalClient = oval.NewCentOS()
+		//use RedHat's OVAL
+		ovalFamily = c.RedHat
+	case c.Oracle:
+		ovalClient = oval.NewOracle()
+		ovalFamily = c.Oracle
+	case c.SUSEEnterpriseServer:
+		// TODO other suse family
+		ovalClient = oval.NewSUSE()
+		ovalFamily = c.SUSEEnterpriseServer
+	case c.Alpine:
+		ovalClient = oval.NewAlpine()
+		ovalFamily = c.Alpine
+	case c.Amazon, c.Raspbian, c.FreeBSD, c.Windows:
+		return 0, nil
+	case c.ServerTypePseudo:
+		return 0, nil
+	default:
+		if r.Family == "" {
+			return 0, fmt.Errorf("Probably an error occurred during scanning. Check the error message")
+		}
+		return 0, fmt.Errorf("OVAL for %s is not implemented yet", r.Family)
+	}
+
+	if !c.Conf.OvalDict.IsFetchViaHTTP() {
+		if driver == nil {
+			return 0, nil
+		}
+		if err = driver.NewOvalDB(ovalFamily); err != nil {
+			return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
+		}
+	}
+
+	util.Log.Debugf("Check whether oval fetched: %s %s", ovalFamily, r.Release)
+	ok, err := ovalClient.CheckIfOvalFetched(driver, ovalFamily, r.Release)
+	if err != nil {
+		return 0, err
+	}
+	if !ok {
+		util.Log.Warnf("OVAL entries of %s %s are not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage , Then report with --ovaldb-path or --ovaldb-url flag", ovalFamily, r.Release)
+		return 0, nil
+	}
+
+	_, err = ovalClient.CheckIfOvalFresh(driver, ovalFamily, r.Release)
+	if err != nil {
+		return 0, err
+	}
+
+	return ovalClient.FillWithOval(driver, r)
+}
+
+// FillWithGost fills CVEs with gost dataabase
+// https://github.com/knqyf263/gost
+func FillWithGost(driver gostdb.DB, r *models.ScanResult) (nCVEs int, err error) {
+	gostClient := gost.NewClient(r.Family)
+	// TODO chekc if fetched
+	// TODO chekc if fresh enough
+	return gostClient.FillWithGost(driver, r)
+}
+
+// FillWithExploit fills Exploits with exploit dataabase
+// https://github.com/mozqnet/go-exploitdb
+func FillWithExploit(driver exploitdb.DB, r *models.ScanResult) (nExploitCve int, err error) {
+	// TODO chekc if fetched
+	// TODO chekc if fresh enough
+	return exploit.FillWithExploit(driver, r)
+}
+
+func fillVulnByCpeURIs(driver cvedb.DB, r *models.ScanResult, cpeURIs []string) (nCVEs int, err error) {
+	for _, name := range cpeURIs {
+		details, err := CveClient.FetchCveDetailsByCpeName(driver, name)
+		if err != nil {
+			return 0, err
+		}
+		for _, detail := range details {
+			if val, ok := r.ScannedCves[detail.CveID]; ok {
+				names := val.CpeURIs
+				names = util.AppendIfMissing(names, name)
+				val.CpeURIs = names
+				val.Confidences.AppendIfMissing(models.CpeNameMatch)
+				r.ScannedCves[detail.CveID] = val
+			} else {
+				v := models.VulnInfo{
+					CveID:       detail.CveID,
+					CpeURIs:     []string{name},
+					Confidences: models.Confidences{models.CpeNameMatch},
+				}
+				r.ScannedCves[detail.CveID] = v
+				nCVEs++
+			}
+		}
+	}
+	return nCVEs, nil
+}
+
+func fillCweDict(r *models.ScanResult) {
+	uniqCweIDMap := map[string]bool{}
+	for _, vinfo := range r.ScannedCves {
+		for _, cont := range vinfo.CveContents {
+			for _, id := range cont.CweIDs {
+				if strings.HasPrefix(id, "CWE-") {
+					id = strings.TrimPrefix(id, "CWE-")
+					uniqCweIDMap[id] = true
+				}
+			}
+		}
+	}
+
+	// TODO check the format of CWEID, clean CWEID
+	// JVN, NVD XML, JSON, OVALs
+
+	dict := map[string]models.CweDictEntry{}
+	for id := range uniqCweIDMap {
+		entry := models.CweDictEntry{}
+		if e, ok := cwe.CweDictEn[id]; ok {
+			if rank, ok := cwe.OwaspTopTen2017[id]; ok {
+				entry.OwaspTopTen2017 = rank
+			}
+			entry.En = &e
+		} else {
+			util.Log.Debugf("CWE-ID %s is not found in English CWE Dict", id)
+			entry.En = &cwe.Cwe{CweID: id}
+		}
+
+		if c.Conf.Lang == "ja" {
+			if e, ok := cwe.CweDictJa[id]; ok {
+				if rank, ok := cwe.OwaspTopTen2017[id]; ok {
+					entry.OwaspTopTen2017 = rank
+				}
+				entry.Ja = &e
+			} else {
+				util.Log.Debugf("CWE-ID %s is not found in Japanese CWE Dict", id)
+				entry.Ja = &cwe.Cwe{CweID: id}
+			}
+		}
+		dict[id] = entry
+	}
+	r.CweDict = dict
+	return
+}
+
+const reUUID = "[\\da-f]{8}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{12}"
+
+// EnsureUUIDs generate a new UUID of the scan target server if UUID is not assigned yet.
+// And then set the generated UUID to config.toml and scan results.
+func EnsureUUIDs(configPath string, results models.ScanResults) error {
+	// Sort Host->Container
+	sort.Slice(results, func(i, j int) bool {
+		if results[i].ServerName == results[j].ServerName {
+			return results[i].Container.ContainerID < results[j].Container.ContainerID
+		}
+		return results[i].ServerName < results[j].ServerName
+	})
+
+	for i, r := range results {
+		server := c.Conf.Servers[r.ServerName]
+		if server.UUIDs == nil {
+			server.UUIDs = map[string]string{}
+		}
+
+		name := ""
+		if r.IsContainer() {
+			name = fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
+
+			// Scanning with the -containers-only flag at scan time, the UUID of Container Host may not be generated,
+			// so check it. Otherwise create a UUID of the Container Host and set it.
+			serverUUID := ""
+			if id, ok := server.UUIDs[r.ServerName]; !ok {
+				serverUUID = uuid.GenerateUUID()
+			} else {
+				matched, err := regexp.MatchString(reUUID, id)
+				if !matched || err != nil {
+					serverUUID = uuid.GenerateUUID()
+				}
+			}
+			if serverUUID != "" {
+				server.UUIDs[r.ServerName] = serverUUID
+			}
+		} else {
+			name = r.ServerName
+		}
+
+		if id, ok := server.UUIDs[name]; ok {
+			matched, err := regexp.MatchString(reUUID, id)
+			if !matched || err != nil {
+				util.Log.Warnf("UUID is invalid. Re-generate UUID %s: %s", id, err)
+			} else {
+				if r.IsContainer() {
+					results[i].Container.UUID = id
+					results[i].ServerUUID = server.UUIDs[r.ServerName]
+				} else {
+					results[i].ServerUUID = id
+				}
+				// continue if the UUID has already assigned and valid
+				continue
+			}
+		}
+
+		// Generate a new UUID and set to config and scan result
+		id := uuid.GenerateUUID()
+		server.UUIDs[name] = id
+		server = cleanForTOMLEncoding(server, c.Conf.Default)
+		c.Conf.Servers[r.ServerName] = server
+
+		if r.IsContainer() {
+			results[i].Container.UUID = id
+			results[i].ServerUUID = server.UUIDs[r.ServerName]
+		} else {
+			results[i].ServerUUID = id
+		}
+	}
+
+	for name, server := range c.Conf.Servers {
+		server = cleanForTOMLEncoding(server, c.Conf.Default)
+		c.Conf.Servers[name] = server
+	}
+
+	email := &c.Conf.EMail
+	if email.SMTPAddr == "" {
+		email = nil
+	}
+
+	slack := &c.Conf.Slack
+	if slack.HookURL == "" {
+		slack = nil
+	}
+
+	cveDict := &c.Conf.CveDict
+	ovalDict := &c.Conf.OvalDict
+	gost := &c.Conf.Gost
+	exploit := &c.Conf.Exploit
+	http := &c.Conf.HTTP
+	if http.URL == "" {
+		http = nil
+	}
+
+	syslog := &c.Conf.Syslog
+	if syslog.Host == "" {
+		syslog = nil
+	}
+
+	aws := &c.Conf.AWS
+	if aws.S3Bucket == "" {
+		aws = nil
+	}
+
+	azure := &c.Conf.Azure
+	if azure.AccountName == "" {
+		azure = nil
+	}
+
+	stride := &c.Conf.Stride
+	if stride.HookURL == "" {
+		stride = nil
+	}
+
+	hipChat := &c.Conf.HipChat
+	if hipChat.AuthToken == "" {
+		hipChat = nil
+	}
+
+	chatWork := &c.Conf.ChatWork
+	if chatWork.APIToken == "" {
+		chatWork = nil
+	}
+
+	saas := &c.Conf.Saas
+	if saas.GroupID == 0 {
+		saas = nil
+	}
+
+	c := struct {
+		CveDict  *c.GoCveDictConf `toml:"cveDict"`
+		OvalDict *c.GovalDictConf `toml:"ovalDict"`
+		Gost     *c.GostConf      `toml:"gost"`
+		Exploit  *c.ExploitConf   `toml:"exploit"`
+		Slack    *c.SlackConf     `toml:"slack"`
+		Email    *c.SMTPConf      `toml:"email"`
+		HTTP     *c.HTTPConf      `toml:"http"`
+		Syslog   *c.SyslogConf    `toml:"syslog"`
+		AWS      *c.AWS           `toml:"aws"`
+		Azure    *c.Azure         `toml:"azure"`
+		Stride   *c.StrideConf    `toml:"stride"`
+		HipChat  *c.HipChatConf   `toml:"hipChat"`
+		ChatWork *c.ChatWorkConf  `toml:"chatWork"`
+		Saas     *c.SaasConf      `toml:"saas"`
+
+		Default c.ServerInfo            `toml:"default"`
+		Servers map[string]c.ServerInfo `toml:"servers"`
+	}{
+		CveDict:  cveDict,
+		OvalDict: ovalDict,
+		Gost:     gost,
+		Exploit:  exploit,
+		Slack:    slack,
+		Email:    email,
+		HTTP:     http,
+		Syslog:   syslog,
+		AWS:      aws,
+		Azure:    azure,
+		Stride:   stride,
+		HipChat:  hipChat,
+		ChatWork: chatWork,
+		Saas:     saas,
+
+		Default: c.Conf.Default,
+		Servers: c.Conf.Servers,
+	}
+
+	// rename the current config.toml to config.toml.bak
+	info, err := os.Lstat(configPath)
+	if err != nil {
+		return fmt.Errorf("Failed to lstat %s: %s", configPath, err)
+	}
+	realPath := configPath
+	if info.Mode()&os.ModeSymlink == os.ModeSymlink {
+		if realPath, err = os.Readlink(configPath); err != nil {
+			return fmt.Errorf("Failed to Read link %s: %s", configPath, err)
+		}
+	}
+	if err := os.Rename(realPath, realPath+".bak"); err != nil {
+		return fmt.Errorf("Failed to rename %s: %s", configPath, err)
+	}
+
+	var buf bytes.Buffer
+	if err := toml.NewEncoder(&buf).Encode(c); err != nil {
+		return fmt.Errorf("Failed to encode to toml: %s", err)
+	}
+	str := strings.Replace(buf.String(), "\n  [", "\n\n  [", -1)
+	str = fmt.Sprintf("%s\n\n%s",
+		"# See REAME for details: https://vuls.io/docs/en/usage-settings.html",
+		str)
+
+	return ioutil.WriteFile(realPath, []byte(str), 0600)
+}
+
+func cleanForTOMLEncoding(server c.ServerInfo, def c.ServerInfo) c.ServerInfo {
+	if reflect.DeepEqual(server.Optional, def.Optional) {
+		server.Optional = nil
+	}
+
+	if def.User == server.User {
+		server.User = ""
+	}
+
+	if def.Host == server.Host {
+		server.Host = ""
+	}
+
+	if def.Port == server.Port {
+		server.Port = ""
+	}
+
+	if def.KeyPath == server.KeyPath {
+		server.KeyPath = ""
+	}
+
+	if reflect.DeepEqual(server.ScanMode, def.ScanMode) {
+		server.ScanMode = nil
+	}
+
+	if def.Type == server.Type {
+		server.Type = ""
+	}
+
+	if reflect.DeepEqual(server.CpeNames, def.CpeNames) {
+		server.CpeNames = nil
+	}
+
+	if def.OwaspDCXMLPath == server.OwaspDCXMLPath {
+		server.OwaspDCXMLPath = ""
+	}
+
+	if reflect.DeepEqual(server.IgnoreCves, def.IgnoreCves) {
+		server.IgnoreCves = nil
+	}
+
+	if reflect.DeepEqual(server.Enablerepo, def.Enablerepo) {
+		server.Enablerepo = nil
+	}
+
+	for k, v := range def.Optional {
+		if vv, ok := server.Optional[k]; ok && v == vv {
+			delete(server.Optional, k)
+		}
+	}
+
+	return server
+}
--- a/report/report_test.go
+++ b/report/report_test.go
@@ -0,0 +1 @@
+package report
--- a/report/s3.go
+++ b/report/s3.go
@@ -0,0 +1,165 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"encoding/json"
+	"encoding/xml"
+	"fmt"
+	"path"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/s3"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// S3Writer writes results to S3
+type S3Writer struct{}
+
+func getS3() *s3.S3 {
+	Config := &aws.Config{
+		Region: aws.String(c.Conf.AWS.Region),
+		Credentials: credentials.NewChainCredentials([]credentials.Provider{
+			&credentials.EnvProvider{},
+			&credentials.SharedCredentialsProvider{Filename: "", Profile: c.Conf.AWS.Profile},
+			&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New())},
+		}),
+	}
+	return s3.New(session.New(Config))
+}
+
+// Write results to S3
+// http://docs.aws.amazon.com/sdk-for-go/latest/v1/developerguide/common-examples.title.html
+func (w S3Writer) Write(rs ...models.ScanResult) (err error) {
+	if len(rs) == 0 {
+		return nil
+	}
+
+	svc := getS3()
+
+	if c.Conf.FormatOneLineText {
+		timestr := rs[0].ScannedAt.Format(time.RFC3339)
+		k := fmt.Sprintf(timestr + "/summary.txt")
+		text := formatOneLineSummary(rs...)
+		if err := putObject(svc, k, []byte(text)); err != nil {
+			return err
+		}
+	}
+
+	for _, r := range rs {
+		key := r.ReportKeyName()
+		if c.Conf.FormatJSON {
+			k := key + ".json"
+			var b []byte
+			if b, err = json.Marshal(r); err != nil {
+				return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+			}
+			if err := putObject(svc, k, b); err != nil {
+				return err
+			}
+		}
+
+		if c.Conf.FormatList {
+			k := key + "_short.txt"
+			text := formatList(r)
+			if err := putObject(svc, k, []byte(text)); err != nil {
+				return err
+			}
+		}
+
+		if c.Conf.FormatFullText {
+			k := key + "_full.txt"
+			text := formatFullPlainText(r)
+			if err := putObject(svc, k, []byte(text)); err != nil {
+				return err
+			}
+		}
+
+		if c.Conf.FormatXML {
+			k := key + ".xml"
+			var b []byte
+			if b, err = xml.Marshal(r); err != nil {
+				return fmt.Errorf("Failed to Marshal to XML: %s", err)
+			}
+			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
+			if err := putObject(svc, k, allBytes); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+// CheckIfBucketExists check the existence of S3 bucket
+func CheckIfBucketExists() error {
+	svc := getS3()
+	result, err := svc.ListBuckets(&s3.ListBucketsInput{})
+	if err != nil {
+		return fmt.Errorf(
+			"Failed to list buckets. err: %s, profile: %s, region: %s",
+			err, c.Conf.AWS.Profile, c.Conf.AWS.Region)
+	}
+
+	found := false
+	for _, bucket := range result.Buckets {
+		if *bucket.Name == c.Conf.AWS.S3Bucket {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return fmt.Errorf(
+			"Failed to find the buckets. profile: %s, region: %s, bucket: %s",
+			c.Conf.AWS.Profile, c.Conf.AWS.Region, c.Conf.AWS.S3Bucket)
+	}
+	return nil
+}
+
+func putObject(svc *s3.S3, k string, b []byte) error {
+	var err error
+	if c.Conf.GZIP {
+		if b, err = gz(b); err != nil {
+			return err
+		}
+		k += ".gz"
+	}
+
+	putObjectInput := &s3.PutObjectInput{
+		Bucket: aws.String(c.Conf.AWS.S3Bucket),
+		Key:    aws.String(path.Join(c.Conf.AWS.S3ResultsDir, k)),
+		Body:   bytes.NewReader(b),
+	}
+
+	if c.Conf.AWS.S3ServerSideEncryption != "" {
+		putObjectInput.ServerSideEncryption = aws.String(c.Conf.AWS.S3ServerSideEncryption)
+	}
+
+	if _, err := svc.PutObject(putObjectInput); err != nil {
+		return fmt.Errorf("Failed to upload data to %s/%s, %s",
+			c.Conf.AWS.S3Bucket, k, err)
+	}
+	return nil
+}
--- a/report/saas.go
+++ b/report/saas.go
@@ -0,0 +1,153 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"path"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/s3"
+	"github.com/aws/aws-sdk-go/service/sts"
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+)
+
+// SaasWriter writes results to SaaS
+type SaasWriter struct{}
+
+// TempCredential : TempCredential
+type TempCredential struct {
+	Credential   *sts.Credentials `json:"Credential"`
+	S3Bucket     string           `json:"S3Bucket"`
+	S3ResultsDir string           `json:"S3ResultsDir"`
+}
+
+type payload struct {
+	GroupID int    `json:"GroupID"`
+	Token   string `json:"Token"`
+}
+
+// UploadSaas : UploadSaas
+func (w SaasWriter) Write(rs ...models.ScanResult) (err error) {
+	// dir string, configPath string, config *c.Config
+	if len(rs) == 0 {
+		return nil
+	}
+
+	payload := payload{
+		GroupID: c.Conf.Saas.GroupID,
+		Token:   c.Conf.Saas.Token,
+	}
+
+	var body []byte
+	if body, err = json.Marshal(payload); err != nil {
+		return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+	}
+
+	var req *http.Request
+	if req, err = http.NewRequest("POST", c.Conf.Saas.URL, bytes.NewBuffer(body)); err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+
+	proxy := c.Conf.HTTPProxy
+	var client http.Client
+	if proxy != "" {
+		proxyURL, _ := url.Parse(proxy)
+		client = http.Client{
+			Transport: &http.Transport{
+				Proxy: http.ProxyURL(proxyURL),
+			},
+		}
+	} else {
+		client = http.Client{}
+	}
+
+	var resp *http.Response
+	if resp, err = client.Do(req); err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != 200 {
+		return fmt.Errorf("Failed to get Credential. Request JSON : %s,", string(body))
+	}
+
+	var t []byte
+	if t, err = ioutil.ReadAll(resp.Body); err != nil {
+		return err
+	}
+
+	var tempCredential TempCredential
+	if err = json.Unmarshal(t, &tempCredential); err != nil {
+		return fmt.Errorf("Failed to unmarshal saas credential file. err : %s", err)
+	}
+
+	credential := credentials.NewStaticCredentialsFromCreds(credentials.Value{
+		AccessKeyID:     *tempCredential.Credential.AccessKeyId,
+		SecretAccessKey: *tempCredential.Credential.SecretAccessKey,
+		SessionToken:    *tempCredential.Credential.SessionToken,
+	})
+
+	var sess *session.Session
+	if sess, err = session.NewSession(&aws.Config{
+		Credentials: credential,
+		Region:      aws.String("ap-northeast-1"),
+	}); err != nil {
+		return fmt.Errorf("Failed to new aws session. err : %s", err)
+	}
+
+	svc := s3.New(sess)
+	for _, r := range rs {
+		s3Key := renameKeyNameUTC(r.ScannedAt, r.ServerUUID, r.Container)
+		var b []byte
+		if b, err = json.Marshal(r); err != nil {
+			return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+		}
+		util.Log.Infof("Uploading...: ServerName: %s, ", r.ServerName)
+		putObjectInput := &s3.PutObjectInput{
+			Bucket: aws.String(tempCredential.S3Bucket),
+			Key:    aws.String(path.Join(tempCredential.S3ResultsDir, s3Key)),
+			Body:   bytes.NewReader(b),
+		}
+
+		if _, err := svc.PutObject(putObjectInput); err != nil {
+			return fmt.Errorf("Failed to upload data to %s/%s, %s",
+				tempCredential.S3Bucket, s3Key, err)
+		}
+	}
+	return nil
+}
+
+func renameKeyNameUTC(scannedAt time.Time, uuid string, container models.Container) string {
+	timestr := scannedAt.UTC().Format(time.RFC3339)
+	if len(container.ContainerID) == 0 {
+		return fmt.Sprintf("%s/%s.json", timestr, uuid)
+	}
+	return fmt.Sprintf("%s/%s@%s.json", timestr, container.UUID, uuid)
+}
--- a/Show More
+++ b/Show More