chore(deps): update goval-dictionary and gost (#1452 )

chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 (#1451 )
* chore(deps): bump github.com/aquasecurity/trivy from 0.25.4 to 0.27.0 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.25.4 to 0.27.0. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.25.4...v0.27.0) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix(library): support go.mod scan Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
2022-04-27 13:03:11 +09:00 · 2022-04-27 12:46:47 +09:00 · 2022-04-27 11:04:00 +09:00 · 2022-04-27 10:28:20 +09:00 · 2022-04-15 18:12:13 +09:00 · 2022-04-05 13:27:49 +09:00
190 changed files with 21919 additions and 18218 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,7 +1,6 @@
 .dockerignore
 Dockerfile
 vendor/
-cve.sqlite3*
-oval.sqlite3*
+*.sqlite3*
 setup/
-img/
+img/
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    target-branch: "master"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,67 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '32 20 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,67 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches:
+      - 'master'
+    tags:
+      - '*'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: vuls/vuls image meta
+        id: oss-meta
+        uses: docker/metadata-action@v3
+        with:
+          images: vuls/vuls
+          tags: |
+            type=ref,event=tag
+
+      - name: vuls/fvuls image meta
+        id: fvuls-meta
+        uses: docker/metadata-action@v3
+        with:
+          images: vuls/fvuls
+          tags: |
+            type=ref,event=tag
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: OSS image build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            vuls/vuls:latest
+            ${{ steps.oss-meta.outputs.tags }}
+          secrets: |
+            "github_token=${{ secrets.GITHUB_TOKEN }}"
+
+      - name: FutureVuls image build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./contrib/Dockerfile
+          push: true
+          tags: |
+            vuls/fvuls:latest
+            ${{ steps.fvuls-meta.outputs.tags }}
+          secrets: |
+            "github_token=${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/golangci.yml
+++ b/.github/workflows/golangci.yml
@@ -13,10 +13,11 @@ jobs:
    steps:
      - uses: actions/checkout@v2
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v1
+        uses: golangci/golangci-lint-action@v2
        with:
          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.26
+          version: v1.45
+          args: --timeout=10m
          
          # Optional: working directory, useful for monorepos
          # working-directory: somedir
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -19,7 +19,7 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.14
+          go-version: 1.18
      -
        name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v2
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -11,7 +11,7 @@ jobs:
    - name: Set up Go 1.x
      uses: actions/setup-go@v2
      with:
-        go-version: 1.14.x
+        go-version: 1.18.x
      id: go

    - name: Check out code into the Go module directory
--- a/.github/workflows/tidy.yml
+++ b/.github/workflows/tidy.yml
@@ -1,22 +0,0 @@
-name: go-mod-tidy-pr
-
-on:
-  schedule:
-    - cron: "0 0 * * 1" # Weekly build
-
-jobs:
-  go-mod-tidy-pr:
-    name: go-mod-tidy-pr
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Run go-mod-tidy-pr
-        uses: sue445/go-mod-tidy-pr@master
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          git_user_name: kotakanbe
-          git_user_email: kotakanbe@gmail.com
-          go_version: 1.14.x
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,6 @@
-vuls
 .vscode
 *.txt
-*.json
+*.swp
 *.sqlite3*
 *.db
 tags
@@ -10,9 +9,14 @@ coverage.out
 issues/
 vendor/
 log/
-results/
-*config.toml
+results
+config.toml
 !setup/docker/*
 .DS_Store
 dist/
 .idea
+vuls.*
+vuls
+!cmd/vuls
+future-vuls
+trivy-to-vuls
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "integration"]
+	path = integration
+	url = https://github.com/vulsio/integration
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,14 +1,48 @@
 name: golang-ci

+run:
+  timeout: 10m
+  go: '1.18'
+  
 linters-settings:
-  errcheck:
+  revive:
+    # see https://github.com/mgechev/revive#available-rules for details.
+    ignore-generated-header: true
+    severity: warning
+    confidence: 0.8
+    rules:
+      - name: blank-imports
+      - name: context-as-argument
+      - name: context-keys-type
+      - name: dot-imports
+      - name: error-return
+      - name: error-strings
+      - name: error-naming
+      - name: exported
+      - name: if-return
+      - name: increment-decrement
+      - name: var-naming
+      - name: var-declaration
+      - name: package-comments
+      - name: range
+      - name: receiver-naming
+      - name: time-naming
+      - name: unexported-return
+      - name: indent-error-flow
+      - name: errorf
+      - name: empty-block
+      - name: superfluous-else
+      - name: unused-parameter
+      - name: unreachable-code
+      - name: redefines-builtin-id
+  # errcheck:
    #exclude: /path/to/file.txt

 linters:
  disable-all: true
  enable:
    - goimports
-    - golint
+    - revive
    - govet
    - misspell
    - errcheck
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -11,27 +11,64 @@ builds:
  - linux
  goarch:
  - amd64
-  main: .
+  main: ./cmd/vuls/main.go
  flags:
-      - -a
-  ldflags: -s -w -X main.version={{.Version}} -X main.revision={{.Commit}} 
+  - -a
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
  binary: vuls

- id: trivy-to-vuls
+- id: vuls-scanner
+  env:
+  - CGO_ENABLED=0
  goos:
  - linux
  goarch:
+  - 386
  - amd64
+  - arm
+  - arm64
+  main: ./cmd/scanner/main.go
+  flags:
+  - -a
+  tags:
+  - scanner
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
+  binary: vuls-scanner
+
+- id: trivy-to-vuls
+  env:
+  - CGO_ENABLED=0
+  goos:
+  - linux
+  goarch:
+  - 386
+  - amd64
+  - arm
+  - arm64
+  tags:
+  - scanner
  main: ./contrib/trivy/cmd/main.go
  binary: trivy-to-vuls

 - id: future-vuls
+  env:
+  - CGO_ENABLED=0
  goos:
  - linux
  goarch:
+  - 386
  - amd64
+  - arm
+  - arm64
+  flags:
+  - -a
+  tags:
+  - scanner
  main: ./contrib/future-vuls/cmd/main.go
  binary: future-vuls
+
 archives:

 - id: vuls
@@ -41,7 +78,16 @@ archives:
  format: tar.gz
  files:
  - LICENSE
-  - NOTICE
+  - README*
+  - CHANGELOG.md
+
+- id: vuls-scanner
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - vuls-scanner
+  format: tar.gz
+  files:
+  - LICENSE
  - README*
  - CHANGELOG.md

@@ -52,18 +98,16 @@ archives:
  format: tar.gz
  files:
  - LICENSE
-  - NOTICE
  - README*
  - CHANGELOG.md
+
 - id: future-vuls
  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
  builds:
-
  - future-vuls
  format: tar.gz
  files:
  - LICENSE
-  - NOTICE
  - README*
  - CHANGELOG.md
 snapshot:
--- a/.revive.toml
+++ b/.revive.toml
@@ -0,0 +1,30 @@
+ignoreGeneratedHeader = false
+severity = "warning"
+confidence = 0.8
+errorCode = 0
+warningCode = 0
+
+[rule.blank-imports]
+[rule.context-as-argument]
+[rule.context-keys-type]
+[rule.dot-imports]
+[rule.error-return]
+[rule.error-strings]
+[rule.error-naming]
+[rule.exported]
+[rule.if-return]
+[rule.increment-decrement]
+[rule.var-naming]
+[rule.var-declaration]
+[rule.package-comments]
+[rule.range]
+[rule.receiver-naming]
+[rule.time-naming]
+[rule.unexported-return]
+[rule.indent-error-flow]
+[rule.errorf]
+[rule.empty-block]
+[rule.superfluous-else]
+[rule.unused-parameter]
+[rule.unreachable-code]
+[rule.redefines-builtin-id]
--- a/6
+++ b/6
@@ -10,10 +10,7 @@ ENV REPOSITORY github.com/future-architect/vuls
 COPY . $GOPATH/src/$REPOSITORY
 RUN cd $GOPATH/src/$REPOSITORY && make install

-
-FROM alpine:3.11
-
-MAINTAINER hikachan sadayuki-matsuno
+FROM alpine:3.15

 ENV LOGDIR /var/log/vuls
 ENV WORKDIR /vuls
@@ -22,6 +19,7 @@ RUN apk add --no-cache \
        openssh-client \
        ca-certificates \
        git \
+        nmap \
    && mkdir -p $WORKDIR $LOGDIR

 COPY --from=builder /go/bin/vuls /usr/local/bin/
--- a/204
+++ b/204
@@ -17,30 +17,37 @@ PKGS = $(shell go list ./...)
 VERSION := $(shell git describe --tags --abbrev=0)
 REVISION := $(shell git rev-parse --short HEAD)
 BUILDTIME := $(shell date "+%Y%m%d_%H%M%S")
-LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' \
-    -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
+LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
 GO := GO111MODULE=on go
+CGO_UNABLED := CGO_ENABLED=0 go
 GO_OFF := GO111MODULE=off go


-all: build
+all: build test

-build: main.go pretest fmt
-	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls $<
+build: ./cmd/vuls/main.go
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/vuls

-b: 	main.go pretest fmt
-	$(GO) build -ldflags "$(LDFLAGS)" -o vuls $<
+install: ./cmd/vuls/main.go
+	$(GO) install -ldflags "$(LDFLAGS)" ./cmd/vuls

-install: main.go pretest
-	$(GO) install -ldflags "$(LDFLAGS)"
+build-scanner: ./cmd/scanner/main.go 
+	$(CGO_UNABLED) build -tags=scanner -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/scanner
+
+install-scanner: ./cmd/scanner/main.go 
+	$(CGO_UNABLED) install -tags=scanner -ldflags "$(LDFLAGS)" ./cmd/scanner

 lint:
-	$(GO_OFF) get -u golang.org/x/lint/golint
-	golint $(PKGS)
+	$(GO) install github.com/mgechev/revive@latest
+	revive -config ./.revive.toml -formatter plain $(PKGS)

 vet:
 	echo $(PKGS) | xargs env $(GO) vet || exit;

+golangci:
+	$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	golangci-lint run
+
 fmt:
 	gofmt -s -w $(SRCS)

@@ -52,7 +59,7 @@ fmtcheck:

 pretest: lint vet fmtcheck

-test: 
+test: pretest
 	$(GO) test -cover -v ./... || exit;

 unused:
@@ -61,15 +68,178 @@ unused:
 cov:
 	@ go get -v github.com/axw/gocov/gocov
 	@ go get golang.org/x/tools/cmd/cover
-	gocov test | gocov report
+	gocov test -v ./... | gocov report

 clean:
 	echo $(PKGS) | xargs go clean || exit;

 # trivy-to-vuls
-build-trivy-to-vuls: pretest fmt
-	$(GO) build -o trivy-to-vuls contrib/trivy/cmd/*.go
+build-trivy-to-vuls: ./contrib/trivy/cmd/main.go
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o trivy-to-vuls ./contrib/trivy/cmd

 # future-vuls
-build-future-vuls: pretest fmt
-	$(GO) build -o future-vuls contrib/future-vuls/cmd/*.go
+build-future-vuls: ./contrib/future-vuls/cmd/main.go
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o future-vuls ./contrib/future-vuls/cmd
+
+# integration-test
+BASE_DIR := '${PWD}/integration/results'
+# $(shell mkdir -p ${BASE_DIR})
+NOW=$(shell date --iso-8601=seconds)
+NOW_JSON_DIR := '${BASE_DIR}/$(NOW)'
+ONE_SEC_AFTER=$(shell date -d '+1 second' --iso-8601=seconds)
+ONE_SEC_AFTER_JSON_DIR := '${BASE_DIR}/$(ONE_SEC_AFTER)'
+LIBS := 'bundler' 'pip' 'pipenv' 'poetry' 'composer' 'npm' 'yarn' 'cargo' 'gomod' 'gobinary' 'jar' 'pom' 'nuget-lock' 'nuget-config' 'nvd_exact' 'nvd_rough' 'nvd_vendor_product' 'nvd_match_no_jvn' 'jvn_vendor_product' 'jvn_vendor_product_nover'
+
+diff:
+	# git clone git@github.com:vulsio/vulsctl.git
+	# cd vulsctl/docker
+	# ./update-all.sh
+	# cd /path/to/vuls
+	# vim integration/int-config.toml
+	# ln -s vuls vuls.new
+	# ln -s oldvuls vuls.old
+	# make int
+    # (ex. test 10 times: for i in `seq 10`; do make int ARGS=-quiet ; done)
+ifneq ($(shell ls -U1 ${BASE_DIR} | wc -l), 0)
+	mv ${BASE_DIR} /tmp/${NOW}
+endif
+	mkdir -p ${NOW_JSON_DIR}
+	sleep 1
+	./vuls.old scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
+	cp ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	- cp integration/data/results/*.json ${NOW_JSON_DIR}
+	./vuls.old report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${NOW}
+
+	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
+	sleep 1
+	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
+	cp ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	- cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${ONE_SEC_AFTER}
+
+	$(call sed-d)
+	- diff -c ${NOW_JSON_DIR} ${ONE_SEC_AFTER_JSON_DIR}
+	echo "old: ${NOW_JSON_DIR} , new: ${ONE_SEC_AFTER_JSON_DIR}"
+	$(call count-cve)
+
+diff-redis:
+	# docker network create redis-nw
+    # docker run --name redis -d --network redis-nw -p 127.0.0.1:6379:6379 redis
+	# git clone git@github.com:vulsio/vulsctl.git
+	# cd vulsctl/docker
+	# ./update-all-redis.sh
+	# (or export DOCKER_NETWORK=redis-nw; cd /home/ubuntu/vulsctl/docker; ./update-all.sh --dbtype redis --dbpath "redis://redis/0")
+	# vim integration/int-redis-config.toml
+	# ln -s vuls vuls.new
+	# ln -s oldvuls vuls.old
+	# make int-redis
+ifneq ($(shell ls -U1 ${BASE_DIR} | wc -l), 0)
+	mv ${BASE_DIR} /tmp/${NOW}
+endif
+	mkdir -p ${NOW_JSON_DIR}
+	sleep 1
+	./vuls.old scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
+	cp -f ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	- cp integration/data/results/*.json ${NOW_JSON_DIR}
+	./vuls.old report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${NOW}
+
+	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
+	sleep 1
+	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
+	cp -f ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	- cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${ONE_SEC_AFTER}
+
+	$(call sed-d)
+	- diff -c ${NOW_JSON_DIR} ${ONE_SEC_AFTER_JSON_DIR}
+	echo "old: ${NOW_JSON_DIR} , new: ${ONE_SEC_AFTER_JSON_DIR}"
+	$(call count-cve)
+
+diff-rdb-redis:
+ifneq ($(shell ls -U1 ${BASE_DIR} | wc -l), 0)
+	mv ${BASE_DIR} /tmp/${NOW}
+endif
+	mkdir -p ${NOW_JSON_DIR}
+	sleep 1
+	# new vs new
+	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
+	cp -f ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	cp integration/data/results/*.json ${NOW_JSON_DIR}
+	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${NOW}
+
+	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
+	sleep 1
+	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
+	cp -f ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${ONE_SEC_AFTER}
+
+	$(call sed-d)
+	- diff -c ${NOW_JSON_DIR} ${ONE_SEC_AFTER_JSON_DIR}
+	echo "old: ${NOW_JSON_DIR} , new: ${ONE_SEC_AFTER_JSON_DIR}"
+	$(call count-cve)
+
+head= $(shell git rev-parse HEAD)
+prev= $(shell git rev-parse HEAD^)
+branch=$(shell git rev-parse --abbrev-ref HEAD)
+build-integration:
+	git stash
+
+	# buld HEAD
+	git checkout ${head}
+	make build
+	mv -f ./vuls ./vuls.${head}
+
+	# HEAD^
+	git checkout ${prev}
+	make build
+	mv -f ./vuls ./vuls.${prev}
+
+	# master
+	git checkout master
+	make build
+	mv -f ./vuls ./vuls.master
+
+	# working tree
+	git checkout ${branch}
+	git stash apply stash@\{0\}
+	make build
+
+	# update integration data
+	git submodule update --remote
+
+	# for integration testing, vuls.new and vuls.old needed.
+	# ex)
+	# $ ln -s ./vuls ./vuls.new
+	# $ ln -s ./vuls.${head} ./vuls.old
+	# or 
+	# $ ln -s ./vuls.${prev} ./vuls.old
+	# then
+	# $ make diff
+	# $ make diff-redis
+	# $ make diff-rdb-redis
+
+
+define sed-d
+	find ${NOW_JSON_DIR} -type f -exec sed -i -e '/scannedAt/d' {} \;
+	find ${ONE_SEC_AFTER_JSON_DIR} -type f -exec sed -i -e '/scannedAt/d' {} \;
+	find ${NOW_JSON_DIR} -type f -exec sed -i -e '/reportedAt/d' {} \;
+	find ${ONE_SEC_AFTER_JSON_DIR} -type f -exec sed -i -e '/reportedAt/d' {} \;
+	find ${NOW_JSON_DIR} -type f -exec sed -i -e '/"Type":/d' {} \;
+	find ${ONE_SEC_AFTER_JSON_DIR} -type f -exec sed -i -e '/"Type":/d' {} \;
+	find ${NOW_JSON_DIR} -type f -exec sed -i -e '/"SQLite3Path":/d' {} \;
+	find ${ONE_SEC_AFTER_JSON_DIR} -type f -exec sed -i -e '/"SQLite3Path":/d' {} \;
+	find ${NOW_JSON_DIR} -type f -exec sed -i -e '/reportedRevision/d' {} \;
+	find ${ONE_SEC_AFTER_JSON_DIR} -type f -exec sed -i -e '/reportedRevision/d' {} \;
+	find ${NOW_JSON_DIR} -type f -exec sed -i -e '/scannedRevision/d' {} \;
+	find ${ONE_SEC_AFTER_JSON_DIR} -type f -exec sed -i -e '/scannedRevision/d' {} \;
+endef
+
+define count-cve
+	for jsonfile in ${NOW_JSON_DIR}/*.json ;  do \
+		echo $$jsonfile; cat $$jsonfile | jq ".scannedCves | length" ; \
+	done
+	for jsonfile in ${ONE_SEC_AFTER_JSON_DIR}/*.json ;  do \
+		echo $$jsonfile; cat $$jsonfile | jq ".scannedCves | length" ; \
+	done
+endef
--- a/153
+++ b/153
@@ -1,21 +1,23 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007

- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

                            Preamble

-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.

  The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
+the GNU General Public License is intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.

  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -24,34 +26,44 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.

-  Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.

-  A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate.  Many developers of free software are heartened and
-encouraged by the resulting cooperation.  However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.

-  The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community.  It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server.  Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.

-  An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals.  This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing under
-this license.
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.

  The precise terms and conditions for copying, distribution and
 modification follow.
@@ -60,7 +72,7 @@ modification follow.

  0. Definitions.

-  "This License" refers to version 3 of the GNU Affero General Public License.
+  "This License" refers to version 3 of the GNU General Public License.

  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -537,45 +549,35 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.

-  13. Remote Network Interaction; Use with the GNU General Public License.
-
-  Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software.  This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
+  13. Use with the GNU Affero General Public License.

  Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
+under version 3 of the GNU Affero General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.

  14. Revised Versions of this License.

  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.

  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
+Program specifies that a certain numbered version of the GNU General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
+GNU General Public License, you may choose any version ever published
 by the Free Software Foundation.

  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
+versions of the GNU General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.

@@ -629,33 +631,44 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.

-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
+    Vuls - Vulnerability Scanner
+    Copyright (C) 2016  Future Corporation , Japan.

    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
+    GNU General Public License for more details.

-    You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.

 Also add information on how to contact you by electronic and paper mail.

-  If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source.  For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code.  There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for the
-specific requirements.
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    Vuls  Copyright (C) 2016  Future Corporation , Japan.
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".

  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
-<https://www.gnu.org/licenses/>.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
--- a/2
+++ b/2
@@ -1,2 +0,0 @@
-Vuls Copyright (C) 2016  Future Corporation , Japan.
-
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@

 ![Vuls-logo](img/vuls_logo.png)

-Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.
+Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go.
 We have a slack team. [Join slack team](http://goo.gl/forms/xm5KFo35tu)
 Twitter: [@vuls_en](https://twitter.com/vuls_en)

@@ -23,20 +23,6 @@ Twitter: [@vuls_en](https://twitter.com/vuls_en)

 ----

-## NEWS
-
-| Version     | Main Feature |  Date |
-|:------------|:---------------------------------|:--------------------|
-| [v0.8.0](https://github.com/future-architect/vuls/releases/tag/v0.8.0) | secret | Coming soon |
-| [v0.7.0](https://github.com/future-architect/vuls/releases/tag/v0.7.0) | WordPress Vulnerability Scan | 2019/Apr/8 |
-| [v0.6.3](https://github.com/future-architect/vuls/releases/tag/v0.6.3) | GitHub Integration | 2019/Feb/20 |
-| [v0.6.2](https://github.com/future-architect/vuls/releases/tag/v0.6.2) | Add US-CERT/JPCERT Alerts as VulnSrc | 2019/Jan/23 |
-| [v0.6.1](https://github.com/future-architect/vuls/releases/tag/v0.6.1) | BugFix | 2018/Nov/16 |
-| [v0.6.0](https://github.com/future-architect/vuls/releases/tag/v0.6.0) | Add ExploitDB as VulnSrc | 2018/Nov/3 |
-| [v0.5.0](https://github.com/future-architect/vuls/releases/tag/v0.5.0) | Scan accuracy improvement | 2018/Aug/27 |
-
----
-
 ## Abstract

 For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden.
@@ -64,38 +50,56 @@ Vuls is a tool created to solve the problems listed above. It has the following

 [Supports major Linux/FreeBSD](https://vuls.io/docs/en/supported-os.html)

- Alpine, Amazon Linux, CentOS, Debian, Oracle Linux, Raspbian, RHEL, SUSE Enterprise Linux, and Ubuntu
+- Alpine, Amazon Linux, CentOS, AlmaLinux, Rocky Linux, Debian, Oracle Linux, Raspbian, RHEL, openSUSE, openSUSE Leap, SUSE Enterprise Linux, Fedora, and Ubuntu
 - FreeBSD
- Cloud, on-premise, Docker Container and Docker Image
+- Cloud, on-premise, Running Docker Container

 ### High-quality scan

-Vuls uses multiple vulnerability databases
+- Vulnerability Database
+  - [NVD](https://nvd.nist.gov/)
+  - [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)

- [NVD](https://nvd.nist.gov/)
- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
 - OVAL
+  - [Red Hat](https://www.redhat.com/security/data/oval/)
  - [Debian](https://www.debian.org/security/oval/)
-  - [Oracle Linux](https://linux.oracle.com/security/oval/)
-  - [RedHat](https://www.redhat.com/security/data/oval/)
-  - [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
  - [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
+  - [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
+  - [Oracle Linux](https://linux.oracle.com/security/oval/)

- [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
- [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/)
- [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
- Commands (yum, zypper, and pkg-audit)
-  - RHSA/ALAS/ELSA/FreeBSD-SA
- [Exploit Database](https://www.exploit-db.com/)
- [US-CERT](https://www.us-cert.gov/ncas/alerts)
- [JPCERT](http://www.jpcert.or.jp/at/2019.html)
- [WPVulnDB](https://wpvulndb.com/api)
- [Node.js Security Working Group](https://github.com/nodejs/security-wg)
- [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db)
- [Safety DB(Python)](https://github.com/pyupio/safety-db)
- [PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories)
- [RustSec Advisory Database](https://github.com/RustSec/advisory-db)
- Changelog
+- Security Advisory
+  - [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
+  - [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
+  - [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/)
+  - [Ubuntu CVE Tracker](https://people.canonical.com/~ubuntu-security/cve/)
+
+- Commands(yum, zypper, pkg-audit)
+  - RHSA / ALAS / ELSA / FreeBSD-SA
+  - Changelog
+
+- PoC, Exploit
+  - [Exploit Database](https://www.exploit-db.com/)
+  - [Metasploit-Framework modules](https://www.rapid7.com/db/?q=&type=metasploit)
+  - [qazbnm456/awesome-cve-poc](https://github.com/qazbnm456/awesome-cve-poc)
+  - [nomi-sec/PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)
+  - [gmatuz/inthewilddb](https://github.com/gmatuz/inthewilddb)
+
+- CERT
+  - [US-CERT](https://www.us-cert.gov/ncas/alerts)
+  - [JPCERT](http://www.jpcert.or.jp/at/2019.html)
+
+- CISA(Cybersecurity & Infrastructure Security Agency)
+  - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
+
+- Libraries
+  - [Node.js Security Working Group](https://github.com/nodejs/security-wg)
+  - [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db)
+  - [Safety DB(Python)](https://github.com/pyupio/safety-db)
+  - [PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories)
+  - [RustSec Advisory Database](https://github.com/RustSec/advisory-db)
+
+- WordPress
+  - [wpscan](https://wpscan.com/api)

 ### Scan mode

@@ -103,15 +107,15 @@ Vuls uses multiple vulnerability databases

 - Scan without root privilege, no dependencies
 - Almost no load on the scan target server
- Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)
+- Offline mode scan with no internet access. (CentOS, Alma Linux, Rocky Linux, Debian, Oracle Linux, Red Hat, Fedora, and Ubuntu)

 [Fast Root Scan](https://vuls.io/docs/en/architecture-fast-root-scan.html)

 - Scan with root privilege
 - Almost no load on the scan target server
- Detect processes affected by update using yum-ps (Amazon Linux, CentOS, Oracle Linux, and RedHat)
+- Detect processes affected by update using yum-ps (Amazon Linux, CentOS, Alma Linux, Rocky Linux, Oracle Linux, Fedora, and RedHat)
 - Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
- Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)
+- Offline mode scan with no internet access. (CentOS, Alma Linux, Rocky Linux, Debian, Oracle Linux, Red Hat, Fedora, and Ubuntu)

 ### [Remote, Local scan mode, Server mode](https://vuls.io/docs/en/architecture-remote-local.html)

@@ -134,19 +138,6 @@ Vuls uses multiple vulnerability databases
 - It is possible to acquire the state of the server by connecting via SSH and executing the command.
 - Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

-### **Static** Analysis
-
-**Image scan function is no longer supported from Vuls v0.9.5. Use Trivy directry**
-
-~~Vuls v0.8.0 can scan Docker images using [knqyf263/trivy](https://github.com/knqyf263/trivy).
-Following Registry supported.~~
-
- ~~ECR~~
- ~~GCR~~
- ~~Local Image~~
-
-~~For details, see [Scan docker image](https://vuls.io/docs/en/tutorial-scan-docker-image.html)~~  
-
 ### Scan vulnerabilities of non-OS-packages

 - Libraries of programming language
@@ -184,7 +175,7 @@ Vuls has some options to detect the vulnerabilities

 ## Document

-For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)
+For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)  
 [日本語翻訳ドキュメント](https://vuls.io/ja/)

 ----
@@ -193,19 +184,20 @@ For more information such as Installation, Tutorial, Usage, visit [vuls.io](http

 kotakanbe ([@kotakanbe](https://twitter.com/kotakanbe)) created vuls and [these fine people](https://github.com/future-architect/vuls/graphs/contributors) have contributed.

----
+## Contribute

-## Change Log
-
-Please see [CHANGELOG](https://github.com/future-architect/vuls/blob/master/CHANGELOG.md).
+see [vulsdoc](https://vuls.io/docs/en/how-to-contribute.html)

 ----

-## Stargazers over time
+## Sponsors

-[![Stargazers over time](https://starcharts.herokuapp.com/future-architect/vuls.svg)](https://starcharts.herokuapp.com/future-architect/vuls)
+|  |  |
+| ------------- | ------------- |
+| <a href="https://www.tines.com/?utm_source=oss&utm_medium=sponsorship&utm_campaign=vuls"><img src="img/sponsor/tines.png" align="left" width="600px" ></a> | Tines is no-code automation for security teams. Build powerful, reliable workflows without a development team. |
+| <a href="https://www.sakura.ad.jp/"><img src="https://vuls.io/img/icons/sakura.svg" align="left" width="600px" ></a> | SAKURA internet Inc. is an Internet company founded in 1996. We provide cloud computing services such as "Sakura's Shared Server", "Sakura's VPS", and "Sakura's Cloud" to meet the needs of a wide range of customers, from individuals and corporations to the education and public sectors, using its own data centers in Japan. Based on the philosophy of "changing what you want to do into what you can do," we offer DX solutions for all fields.  |

-----;
+----

 ## License

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version is supported.
+
+## Reporting a Vulnerability
+
+Email kotakanbe@gmail.com
--- a/cache/bolt.go
+++ b/cache/bolt.go
@@ -5,8 +5,8 @@ import (
 	"time"

 	"github.com/boltdb/bolt"
+	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/util"
-	"github.com/sirupsen/logrus"
 	"golang.org/x/xerrors"
 )

@@ -14,12 +14,12 @@ import (
 // boltdb is used to store a cache of Changelogs of Ubuntu/Debian
 type Bolt struct {
 	Path string
-	Log  *logrus.Entry
+	Log  logging.Logger
 	db   *bolt.DB
 }

 // SetupBolt opens a boltdb and creates a meta bucket if not exists.
-func SetupBolt(path string, l *logrus.Entry) error {
+func SetupBolt(path string, l logging.Logger) error {
 	l.Infof("Open boltDB: %s", path)
 	db, err := bolt.Open(path, 0600, nil)
 	if err != nil {
@@ -47,7 +47,7 @@ func (b Bolt) Close() error {
 	return b.db.Close()
 }

-//  CreateBucketIfNotExists creates a buket that is specified by arg.
+//  CreateBucketIfNotExists creates a bucket that is specified by arg.
 func (b *Bolt) createBucketIfNotExists(name string) error {
 	return b.db.Update(func(tx *bolt.Tx) error {
 		_, err := tx.CreateBucketIfNotExists([]byte(name))
@@ -93,7 +93,7 @@ func (b Bolt) RefreshMeta(meta Meta) error {
 	})
 }

-// EnsureBuckets puts a Meta information and create a buket that holds changelogs.
+// EnsureBuckets puts a Meta information and create a bucket that holds changelogs.
 func (b Bolt) EnsureBuckets(meta Meta) error {
 	jsonBytes, err := json.Marshal(meta)
 	if err != nil {
@@ -159,7 +159,7 @@ func (b Bolt) GetChangelog(servername, packName string) (changelog string, err e
 	return
 }

-// PutChangelog put the changelgo of specified packName into the Bucket
+// PutChangelog put the changelog of specified packName into the Bucket
 func (b Bolt) PutChangelog(servername, packName, changelog string) error {
 	return b.db.Update(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
--- a/cache/bolt_test.go
+++ b/cache/bolt_test.go
@@ -7,8 +7,8 @@ import (

 	"github.com/boltdb/bolt"
 	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
-	"github.com/sirupsen/logrus"
 )

 const path = "/tmp/vuls-test-cache-11111111.db"
@@ -29,7 +29,7 @@ var meta = Meta{
 }

 func TestSetupBolt(t *testing.T) {
-	log := logrus.NewEntry(&logrus.Logger{})
+	log := logging.NewNormalLogger()
 	err := SetupBolt(path, log)
 	if err != nil {
 		t.Errorf("Failed to setup bolt: %s", err)
@@ -57,7 +57,7 @@ func TestSetupBolt(t *testing.T) {
 }

 func TestEnsureBuckets(t *testing.T) {
-	log := logrus.NewEntry(&logrus.Logger{})
+	log := logging.NewNormalLogger()
 	if err := SetupBolt(path, log); err != nil {
 		t.Errorf("Failed to setup bolt: %s", err)
 	}
@@ -98,7 +98,7 @@ func TestEnsureBuckets(t *testing.T) {

 func TestPutGetChangelog(t *testing.T) {
 	clog := "changelog-text"
-	log := logrus.NewEntry(&logrus.Logger{})
+	log := logging.NewNormalLogger()
 	if err := SetupBolt(path, log); err != nil {
 		t.Errorf("Failed to setup bolt: %s", err)
 	}
--- a/cmd/scanner/main.go
+++ b/cmd/scanner/main.go
@@ -0,0 +1,36 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+
+	"context"
+
+	"github.com/future-architect/vuls/config"
+	commands "github.com/future-architect/vuls/subcmds"
+	"github.com/google/subcommands"
+)
+
+func main() {
+	subcommands.Register(subcommands.HelpCommand(), "")
+	subcommands.Register(subcommands.FlagsCommand(), "")
+	subcommands.Register(subcommands.CommandsCommand(), "")
+	subcommands.Register(&commands.DiscoverCmd{}, "discover")
+	subcommands.Register(&commands.ScanCmd{}, "scan")
+	subcommands.Register(&commands.HistoryCmd{}, "history")
+	subcommands.Register(&commands.ConfigtestCmd{}, "configtest")
+	subcommands.Register(&commands.SaaSCmd{}, "saas")
+
+	var v = flag.Bool("v", false, "Show version")
+
+	flag.Parse()
+
+	if *v {
+		fmt.Printf("vuls %s %s\n", config.Version, config.Revision)
+		os.Exit(int(subcommands.ExitSuccess))
+	}
+
+	ctx := context.Background()
+	os.Exit(int(subcommands.Execute(ctx)))
+}
--- a/cmd/vuls/main.go
+++ b/cmd/vuls/main.go
@@ -7,8 +7,8 @@ import (

 	"context"

-	"github.com/future-architect/vuls/commands"
 	"github.com/future-architect/vuls/config"
+	commands "github.com/future-architect/vuls/subcmds"
 	"github.com/google/subcommands"
 )

@@ -29,7 +29,7 @@ func main() {
 	flag.Parse()

 	if *v {
-		fmt.Printf("vuls %s %s\n", config.Version, config.Revision)
+		fmt.Printf("vuls-%s-%s\n", config.Version, config.Revision)
 		os.Exit(int(subcommands.ExitSuccess))
 	}

--- a/commands/configtest.go
+++ b/commands/configtest.go
@@ -1,173 +0,0 @@
-package commands
-
-import (
-	"context"
-	"flag"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/google/subcommands"
-
-	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/scan"
-	"github.com/future-architect/vuls/util"
-)
-
-// ConfigtestCmd is Subcommand
-type ConfigtestCmd struct {
-	configPath     string
-	askKeyPassword bool
-	timeoutSec     int
-}
-
-// Name return subcommand name
-func (*ConfigtestCmd) Name() string { return "configtest" }
-
-// Synopsis return synopsis
-func (*ConfigtestCmd) Synopsis() string { return "Test configuration" }
-
-// Usage return usage
-func (*ConfigtestCmd) Usage() string {
-	return `configtest:
-	configtest
-			[-config=/path/to/config.toml]
-			[-log-dir=/path/to/log]
-			[-ask-key-password]
-			[-timeout=300]
-			[-ssh-config]
-			[-containers-only]
-			[-http-proxy=http://192.168.0.1:8080]
-			[-debug]
-			[-vvv]
-
-			[SERVER]...
-`
-}
-
-// SetFlags set flag
-func (p *ConfigtestCmd) SetFlags(f *flag.FlagSet) {
-	wd, _ := os.Getwd()
-	defaultConfPath := filepath.Join(wd, "config.toml")
-	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
-
-	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
-	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
-
-	f.IntVar(&p.timeoutSec, "timeout", 5*60, "Timeout(Sec)")
-
-	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
-		"Ask ssh privatekey password before scanning",
-	)
-
-	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
-		"http://proxy-url:port (default: empty)")
-
-	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
-		"Use Native Go implementation of SSH. Default: Use the external command")
-
-	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
-		"[Deprecated] Use SSH options specified in ssh_config preferentially")
-
-	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
-		"Test containers only. Default: Test both of hosts and containers")
-
-	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")
-}
-
-// Execute execute
-func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	util.Log = util.NewCustomLogger(c.ServerInfo{})
-
-	if err := mkdirDotVuls(); err != nil {
-		util.Log.Errorf("Failed to create .vuls. err: %+v", err)
-		return subcommands.ExitUsageError
-	}
-
-	var keyPass string
-	var err error
-	if p.askKeyPassword {
-		prompt := "SSH key password: "
-		if keyPass, err = getPasswd(prompt); err != nil {
-			util.Log.Error(err)
-			return subcommands.ExitFailure
-		}
-	}
-
-	err = c.Load(p.configPath, keyPass)
-	if err != nil {
-		msg := []string{
-			fmt.Sprintf("Error loading %s", p.configPath),
-			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
-			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
-		}
-		util.Log.Errorf("%s\n%+v", strings.Join(msg, "\n"), err)
-		return subcommands.ExitUsageError
-	}
-
-	if c.Conf.SSHConfig {
-		msg := []string{
-			"-ssh-config is deprecated",
-			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
-			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
-		}
-		util.Log.Errorf("%s", strings.Join(msg, "\n"))
-		return subcommands.ExitUsageError
-	}
-
-	var servernames []string
-	if 0 < len(f.Args()) {
-		servernames = f.Args()
-	}
-
-	target := make(map[string]c.ServerInfo)
-	for _, arg := range servernames {
-		found := false
-		for servername, info := range c.Conf.Servers {
-			if servername == arg {
-				target[servername] = info
-				found = true
-				break
-			}
-		}
-		if !found {
-			util.Log.Errorf("%s is not in config", arg)
-			return subcommands.ExitUsageError
-		}
-	}
-	if 0 < len(servernames) {
-		c.Conf.Servers = target
-	}
-
-	util.Log.Info("Validating config...")
-	if !c.Conf.ValidateOnConfigtest() {
-		return subcommands.ExitUsageError
-	}
-
-	util.Log.Info("Detecting Server/Container OS... ")
-	if err := scan.InitServers(p.timeoutSec); err != nil {
-		util.Log.Errorf("Failed to init servers. err: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	util.Log.Info("Checking Scan Modes...")
-	if err := scan.CheckScanModes(); err != nil {
-		util.Log.Errorf("Fix config.toml. err: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	util.Log.Info("Checking dependencies...")
-	scan.CheckDependencies(p.timeoutSec)
-
-	util.Log.Info("Checking sudo settings...")
-	scan.CheckIfSudoNoPasswd(p.timeoutSec)
-
-	util.Log.Info("It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode")
-
-	if scan.PrintSSHableServerNames() {
-		return subcommands.ExitSuccess
-	}
-	return subcommands.ExitFailure
-}
--- a/commands/report.go
+++ b/commands/report.go
@@ -1,452 +0,0 @@
-package commands
-
-import (
-	"context"
-	"flag"
-	"os"
-	"path/filepath"
-
-	"github.com/aquasecurity/trivy/pkg/utils"
-	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/exploit"
-	"github.com/future-architect/vuls/gost"
-	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/msf"
-	"github.com/future-architect/vuls/oval"
-	"github.com/future-architect/vuls/report"
-	"github.com/future-architect/vuls/util"
-	"github.com/google/subcommands"
-	"github.com/k0kubun/pp"
-)
-
-// ReportCmd is subcommand for reporting
-type ReportCmd struct {
-	configPath     string
-	cveDict        c.GoCveDictConf
-	ovalDict       c.GovalDictConf
-	gostConf       c.GostConf
-	exploitConf    c.ExploitConf
-	metasploitConf c.MetasploitConf
-	httpConf       c.HTTPConf
-}
-
-// Name return subcommand name
-func (*ReportCmd) Name() string { return "report" }
-
-// Synopsis return synopsis
-func (*ReportCmd) Synopsis() string { return "Reporting" }
-
-// Usage return usage
-func (*ReportCmd) Usage() string {
-	return `report:
-	report
-		[-lang=en|ja]
-		[-config=/path/to/config.toml]
-		[-results-dir=/path/to/results]
-		[-log-dir=/path/to/log]
-		[-refresh-cve]
-		[-cvss-over=7]
-		[-diff]
-		[-wp-ignore-inactive]
-		[-ignore-unscored-cves]
-		[-ignore-unfixed]
-		[-ignore-github-dismissed]
-		[-to-email]
-		[-to-http]
-		[-to-slack]
-		[-to-stride]
-		[-to-hipchat]
-		[-to-chatwork]
-		[-to-telegram]
-		[-to-localfile]
-		[-to-s3]
-		[-to-azure-blob]
-		[-to-saas]
-		[-format-json]
-		[-format-xml]
-		[-format-one-email]
-		[-format-one-line-text]
-		[-format-list]
-		[-format-full-text]
-		[-gzip]
-		[-uuid]
-		[-http-proxy=http://192.168.0.1:8080]
-		[-debug]
-		[-debug-sql]
-		[-quiet]
-		[-no-progress]
-		[-pipe]
-		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
-		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
-		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis|http]
-		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
-		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis|http]
-		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
-		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
-		[-exploitdb-type=sqlite3|mysql|redis|http]
-		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
-		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
-		[-msfdb-type=sqlite3|mysql|redis|http]
-		[-msfdb-sqlite3-path=/path/to/msfdb.sqlite3]
-		[-msfdb-url=http://127.0.0.1:1327 or DB connection string]
-		[-http="http://vuls-report-server"]
-		[-trivy-cachedb-dir=/path/to/dir]
-
-		[RFC3339 datetime format under results dir]
-`
-}
-
-// SetFlags set flag
-func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
-	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
-	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
-	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
-	f.BoolVar(&c.Conf.NoProgress, "no-progress", false, "Suppress progress bar")
-
-	wd, _ := os.Getwd()
-	defaultConfPath := filepath.Join(wd, "config.toml")
-	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
-
-	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
-
-	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
-
-	f.BoolVar(&c.Conf.RefreshCve, "refresh-cve", false,
-		"Refresh CVE information in JSON file under results dir")
-
-	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
-		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")
-
-	f.BoolVar(&c.Conf.Diff, "diff", false,
-		"Difference between previous result and current result ")
-
-	f.BoolVar(&c.Conf.WpIgnoreInactive, "wp-ignore-inactive", false,
-		"ignore inactive on wordpress's plugin and theme")
-
-	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
-		"Don't report the unscored CVEs")
-
-	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
-		"Don't report the unfixed CVEs")
-
-	f.BoolVar(&c.Conf.IgnoreGitHubDismissed, "ignore-github-dismissed", false,
-		"Don't report the dismissed CVEs on GitHub Security Alerts")
-
-	f.StringVar(
-		&c.Conf.HTTPProxy, "http-proxy", "",
-		"http://proxy-url:port (default: empty)")
-
-	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
-	f.BoolVar(&c.Conf.FormatXML, "format-xml", false, "XML format")
-	f.BoolVar(&c.Conf.FormatOneEMail, "format-one-email", false,
-		"Send all the host report via only one EMail (Specify with -to-email)")
-	f.BoolVar(&c.Conf.FormatOneLineText, "format-one-line-text", false,
-		"One line summary in plain text")
-	f.BoolVar(&c.Conf.FormatList, "format-list", false, "Display as list format")
-	f.BoolVar(&c.Conf.FormatFullText, "format-full-text", false,
-		"Detail report in plain text")
-
-	f.BoolVar(&c.Conf.ToSlack, "to-slack", false, "Send report via Slack")
-	f.BoolVar(&c.Conf.ToStride, "to-stride", false, "Send report via Stride")
-	f.BoolVar(&c.Conf.ToHipChat, "to-hipchat", false, "Send report via hipchat")
-	f.BoolVar(&c.Conf.ToChatWork, "to-chatwork", false, "Send report via chatwork")
-	f.BoolVar(&c.Conf.ToTelegram, "to-telegram", false, "Send report via Telegram")
-	f.BoolVar(&c.Conf.ToEmail, "to-email", false, "Send report via Email")
-	f.BoolVar(&c.Conf.ToSyslog, "to-syslog", false, "Send report via Syslog")
-	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
-	f.BoolVar(&c.Conf.ToS3, "to-s3", false,
-		"Write report to S3 (bucket/yyyyMMdd_HHmm/servername.json/xml/txt)")
-	f.BoolVar(&c.Conf.ToHTTP, "to-http", false, "Send report via HTTP POST")
-	f.BoolVar(&c.Conf.ToAzureBlob, "to-azure-blob", false,
-		"Write report to Azure Storage blob (container/yyyyMMdd_HHmm/servername.json/xml/txt)")
-	f.BoolVar(&c.Conf.ToSaas, "to-saas", false,
-		"Upload report to Future Vuls(https://vuls.biz/) before report")
-
-	f.BoolVar(&c.Conf.GZIP, "gzip", false, "gzip compression")
-	f.BoolVar(&c.Conf.UUID, "uuid", false,
-		"Auto generate of scan target servers and then write to config.toml and scan result")
-	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE")
-
-	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
-		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
-		"http://go-cve-dictionary.com:1323 or DB connection string")
-
-	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
-		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
-		"http://goval-dictionary.com:1324 or DB connection string")
-
-	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
-		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
-		"http://gost.com:1325 or DB connection string")
-
-	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
-		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
-		"http://exploit.com:1326 or DB connection string")
-
-	f.StringVar(&p.metasploitConf.Type, "msfdb-type", "",
-		"DB type of msf (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.metasploitConf.SQLite3Path, "msfdb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.metasploitConf.URL, "msfdb-url", "",
-		"http://metasploit.com:1327 or DB connection string")
-
-	f.StringVar(&p.httpConf.URL, "http", "", "-to-http http://vuls-report")
-
-	f.StringVar(&c.Conf.TrivyCacheDBDir, "trivy-cachedb-dir",
-		utils.DefaultCacheDir(), "/path/to/dir")
-}
-
-// Execute execute
-func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	util.Log = util.NewCustomLogger(c.ServerInfo{})
-	if err := c.Load(p.configPath, ""); err != nil {
-		util.Log.Errorf("Error loading %s, %+v", p.configPath, err)
-		return subcommands.ExitUsageError
-	}
-
-	c.Conf.CveDict.Overwrite(p.cveDict)
-	c.Conf.OvalDict.Overwrite(p.ovalDict)
-	c.Conf.Gost.Overwrite(p.gostConf)
-	c.Conf.Exploit.Overwrite(p.exploitConf)
-	c.Conf.Metasploit.Overwrite(p.metasploitConf)
-	c.Conf.HTTP.Overwrite(p.httpConf)
-
-	var dir string
-	var err error
-	if c.Conf.Diff {
-		dir, err = report.JSONDir([]string{})
-	} else {
-		dir, err = report.JSONDir(f.Args())
-	}
-	if err != nil {
-		util.Log.Errorf("Failed to read from JSON: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	// report
-	reports := []report.ResultWriter{
-		report.StdoutWriter{},
-	}
-
-	if c.Conf.ToSlack {
-		reports = append(reports, report.SlackWriter{})
-	}
-
-	if c.Conf.ToStride {
-		reports = append(reports, report.StrideWriter{})
-	}
-
-	if c.Conf.ToHipChat {
-		reports = append(reports, report.HipChatWriter{})
-	}
-
-	if c.Conf.ToChatWork {
-		reports = append(reports, report.ChatWorkWriter{})
-	}
-
-	if c.Conf.ToTelegram {
-		reports = append(reports, report.TelegramWriter{})
-	}
-
-	if c.Conf.ToEmail {
-		reports = append(reports, report.EMailWriter{})
-	}
-
-	if c.Conf.ToSyslog {
-		reports = append(reports, report.SyslogWriter{})
-	}
-
-	if c.Conf.ToHTTP {
-		reports = append(reports, report.HTTPRequestWriter{})
-	}
-
-	if c.Conf.ToLocalFile {
-		reports = append(reports, report.LocalFileWriter{
-			CurrentDir: dir,
-		})
-	}
-
-	if c.Conf.ToS3 {
-		if err := report.CheckIfBucketExists(); err != nil {
-			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %+v",
-				c.Conf.AWS.S3Bucket, err)
-			return subcommands.ExitUsageError
-		}
-		reports = append(reports, report.S3Writer{})
-	}
-
-	if c.Conf.ToAzureBlob {
-		if len(c.Conf.Azure.AccountName) == 0 {
-			c.Conf.Azure.AccountName = os.Getenv("AZURE_STORAGE_ACCOUNT")
-		}
-
-		if len(c.Conf.Azure.AccountKey) == 0 {
-			c.Conf.Azure.AccountKey = os.Getenv("AZURE_STORAGE_ACCESS_KEY")
-		}
-
-		if len(c.Conf.Azure.ContainerName) == 0 {
-			util.Log.Error("Azure storage container name is required with -azure-container option")
-			return subcommands.ExitUsageError
-		}
-		if err := report.CheckIfAzureContainerExists(); err != nil {
-			util.Log.Errorf("Check if there is a container beforehand: %s, err: %+v",
-				c.Conf.Azure.ContainerName, err)
-			return subcommands.ExitUsageError
-		}
-		reports = append(reports, report.AzureBlobWriter{})
-	}
-
-	if c.Conf.ToSaas {
-		if !c.Conf.UUID {
-			util.Log.Errorf("If you use the -to-saas option, you need to enable the uuid option")
-			return subcommands.ExitUsageError
-		}
-		reports = append(reports, report.SaasWriter{})
-	}
-
-	if !(c.Conf.FormatJSON || c.Conf.FormatOneLineText ||
-		c.Conf.FormatList || c.Conf.FormatFullText || c.Conf.FormatXML) {
-		c.Conf.FormatList = true
-	}
-
-	util.Log.Info("Validating config...")
-	if !c.Conf.ValidateOnReport() {
-		return subcommands.ExitUsageError
-	}
-
-	var loaded models.ScanResults
-	if loaded, err = report.LoadScanResults(dir); err != nil {
-		util.Log.Error(err)
-		return subcommands.ExitFailure
-	}
-	util.Log.Infof("Loaded: %s", dir)
-
-	var res models.ScanResults
-	hasError := false
-	for _, r := range loaded {
-		if len(r.Errors) == 0 {
-			res = append(res, r)
-		} else {
-			util.Log.Errorf("Ignored since errors occurred during scanning: %s, err: %v",
-				r.ServerName, r.Errors)
-			hasError = true
-		}
-	}
-
-	if len(res) == 0 {
-		return subcommands.ExitFailure
-	}
-
-	for _, r := range res {
-		util.Log.Debugf("%s: %s",
-			r.ServerInfo(),
-			pp.Sprintf("%s", c.Conf.Servers[r.ServerName]))
-	}
-
-	if c.Conf.UUID {
-		// Ensure UUIDs of scan target servers in config.toml
-		if err := report.EnsureUUIDs(p.configPath, res); err != nil {
-			util.Log.Errorf("Failed to ensure UUIDs. err: %+v", err)
-			return subcommands.ExitFailure
-		}
-	}
-
-	if !c.Conf.ToSaas {
-		util.Log.Info("Validating db config...")
-		if !c.Conf.ValidateOnReportDB() {
-			return subcommands.ExitUsageError
-		}
-
-		if c.Conf.CveDict.URL != "" {
-			if err := report.CveClient.CheckHealth(); err != nil {
-				util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
-				util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
-				return subcommands.ExitFailure
-			}
-		}
-
-		if c.Conf.OvalDict.URL != "" {
-			err := oval.Base{}.CheckHTTPHealth()
-			if err != nil {
-				util.Log.Errorf("OVAL HTTP server is not running. err: %+v", err)
-				util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
-				return subcommands.ExitFailure
-			}
-		}
-
-		if c.Conf.Gost.URL != "" {
-			util.Log.Infof("gost: %s", c.Conf.Gost.URL)
-			err := gost.Base{}.CheckHTTPHealth()
-			if err != nil {
-				util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
-				util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
-				return subcommands.ExitFailure
-			}
-		}
-
-		if c.Conf.Exploit.URL != "" {
-			err := exploit.CheckHTTPHealth()
-			if err != nil {
-				util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
-				util.Log.Errorf("Run go-exploitdb as server mode before reporting")
-				return subcommands.ExitFailure
-			}
-		}
-
-		if c.Conf.Metasploit.URL != "" {
-			err := msf.CheckHTTPHealth()
-			if err != nil {
-				util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
-				util.Log.Errorf("Run go-msfdb as server mode before reporting")
-				return subcommands.ExitFailure
-			}
-		}
-		dbclient, locked, err := report.NewDBClient(report.DBClientConf{
-			CveDictCnf:    c.Conf.CveDict,
-			OvalDictCnf:   c.Conf.OvalDict,
-			GostCnf:       c.Conf.Gost,
-			ExploitCnf:    c.Conf.Exploit,
-			MetasploitCnf: c.Conf.Metasploit,
-			DebugSQL:      c.Conf.DebugSQL,
-		})
-		if locked {
-			util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again. err: %+v", err)
-			return subcommands.ExitFailure
-		}
-		if err != nil {
-			util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
-			return subcommands.ExitFailure
-		}
-		defer dbclient.CloseDB()
-
-		if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
-			util.Log.Errorf("%+v", err)
-			return subcommands.ExitFailure
-		}
-	}
-
-	for _, w := range reports {
-		if err := w.Write(res...); err != nil {
-			util.Log.Errorf("Failed to report. err: %+v", err)
-			return subcommands.ExitFailure
-		}
-	}
-
-	if hasError {
-		return subcommands.ExitFailure
-	}
-
-	return subcommands.ExitSuccess
-}
--- a/commands/scan.go
+++ b/commands/scan.go
@@ -1,231 +0,0 @@
-package commands
-
-import (
-	"context"
-	"flag"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-
-	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/scan"
-	"github.com/future-architect/vuls/util"
-	"github.com/google/subcommands"
-	"github.com/k0kubun/pp"
-)
-
-// ScanCmd is Subcommand of host discovery mode
-type ScanCmd struct {
-	configPath     string
-	askKeyPassword bool
-	timeoutSec     int
-	scanTimeoutSec int
-}
-
-// Name return subcommand name
-func (*ScanCmd) Name() string { return "scan" }
-
-// Synopsis return synopsis
-func (*ScanCmd) Synopsis() string { return "Scan vulnerabilities" }
-
-// Usage return usage
-func (*ScanCmd) Usage() string {
-	return `scan:
-	scan
-		[-config=/path/to/config.toml]
-		[-results-dir=/path/to/results]
-		[-log-dir=/path/to/log]
-		[-cachedb-path=/path/to/cache.db]
-		[-ssh-native-insecure]
-		[-ssh-config]
-		[-containers-only]
-		[-libs-only]
-		[-wordpress-only]
-		[-skip-broken]
-		[-http-proxy=http://192.168.0.1:8080]
-		[-ask-key-password]
-		[-timeout=300]
-		[-timeout-scan=7200]
-		[-debug]
-		[-quiet]
-		[-pipe]
-		[-vvv]
-		[-ips]
-
-
-		[SERVER]...
-`
-}
-
-// SetFlags set flag
-func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
-	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
-	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
-
-	wd, _ := os.Getwd()
-	defaultConfPath := filepath.Join(wd, "config.toml")
-	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
-
-	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
-
-	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
-
-	defaultCacheDBPath := filepath.Join(wd, "cache.db")
-	f.StringVar(&c.Conf.CacheDBPath, "cachedb-path", defaultCacheDBPath,
-		"/path/to/cache.db (local cache of changelog for Ubuntu/Debian)")
-
-	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
-		"Use Native Go implementation of SSH. Default: Use the external command")
-
-	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
-		"[Deprecated] Use SSH options specified in ssh_config preferentially")
-
-	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
-		"Scan running containers only. Default: Scan both of hosts and running containers")
-
-	f.BoolVar(&c.Conf.LibsOnly, "libs-only", false,
-		"Scan libraries (lock files) specified in config.toml only.")
-
-	f.BoolVar(&c.Conf.WordPressOnly, "wordpress-only", false,
-		"Scan WordPress only.")
-
-	f.BoolVar(&c.Conf.SkipBroken, "skip-broken", false,
-		"[For CentOS] yum update changelog with --skip-broken option")
-
-	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
-		"http://proxy-url:port (default: empty)")
-
-	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
-		"Ask ssh privatekey password before scanning",
-	)
-
-	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
-
-	f.BoolVar(&c.Conf.DetectIPS, "ips", false, "retrieve IPS information")
-	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")
-
-	f.IntVar(&p.timeoutSec, "timeout", 5*60,
-		"Number of seconds for processing other than scan",
-	)
-
-	f.IntVar(&p.scanTimeoutSec, "timeout-scan", 120*60,
-		"Number of seconds for scanning vulnerabilities for all servers",
-	)
-}
-
-// Execute execute
-func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	// Setup Logger
-	util.Log = util.NewCustomLogger(c.ServerInfo{})
-
-	if err := mkdirDotVuls(); err != nil {
-		util.Log.Errorf("Failed to create .vuls. err: %+v", err)
-		return subcommands.ExitUsageError
-	}
-
-	var keyPass string
-	var err error
-	if p.askKeyPassword {
-		prompt := "SSH key password: "
-		if keyPass, err = getPasswd(prompt); err != nil {
-			util.Log.Error(err)
-			return subcommands.ExitFailure
-		}
-	}
-
-	err = c.Load(p.configPath, keyPass)
-	if err != nil {
-		msg := []string{
-			fmt.Sprintf("Error loading %s", p.configPath),
-			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
-			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
-		}
-		util.Log.Errorf("%s\n%+v", strings.Join(msg, "\n"), err)
-		return subcommands.ExitUsageError
-	}
-
-	if c.Conf.SSHConfig {
-		msg := []string{
-			"-ssh-config is deprecated",
-			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
-			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
-		}
-		util.Log.Errorf("%s", strings.Join(msg, "\n"))
-		return subcommands.ExitUsageError
-	}
-
-	util.Log.Info("Start scanning")
-	util.Log.Infof("config: %s", p.configPath)
-
-	var servernames []string
-	if 0 < len(f.Args()) {
-		servernames = f.Args()
-	} else if c.Conf.Pipe {
-		bytes, err := ioutil.ReadAll(os.Stdin)
-		if err != nil {
-			util.Log.Errorf("Failed to read stdin. err: %+v", err)
-			return subcommands.ExitFailure
-		}
-		fields := strings.Fields(string(bytes))
-		if 0 < len(fields) {
-			servernames = fields
-		}
-	}
-
-	target := make(map[string]c.ServerInfo)
-	for _, arg := range servernames {
-		found := false
-		for servername, info := range c.Conf.Servers {
-			if servername == arg {
-				target[servername] = info
-				found = true
-				break
-			}
-		}
-		if !found {
-			util.Log.Errorf("%s is not in config", arg)
-			return subcommands.ExitUsageError
-		}
-	}
-	if 0 < len(servernames) {
-		c.Conf.Servers = target
-	}
-	util.Log.Debugf("%s", pp.Sprintf("%v", target))
-
-	util.Log.Info("Validating config...")
-	if !c.Conf.ValidateOnScan() {
-		return subcommands.ExitUsageError
-	}
-
-	util.Log.Info("Detecting Server/Container OS... ")
-	if err := scan.InitServers(p.timeoutSec); err != nil {
-		util.Log.Errorf("Failed to init servers: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	util.Log.Info("Checking Scan Modes... ")
-	if err := scan.CheckScanModes(); err != nil {
-		util.Log.Errorf("Fix config.toml. err: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	util.Log.Info("Detecting Platforms... ")
-	scan.DetectPlatforms(p.timeoutSec)
-	util.Log.Info("Detecting IPS identifiers... ")
-	scan.DetectIPSs(p.timeoutSec)
-
-	util.Log.Info("Scanning vulnerabilities... ")
-	if err := scan.Scan(p.scanTimeoutSec); err != nil {
-		util.Log.Errorf("Failed to scan. err: %+v", err)
-		return subcommands.ExitFailure
-	}
-	fmt.Printf("\n\n\n")
-	fmt.Println("To view the detail, vuls tui is useful.")
-	fmt.Println("To send a report, run vuls report -h.")
-
-	return subcommands.ExitSuccess
-}
--- a/commands/server.go
+++ b/commands/server.go
@@ -1,241 +0,0 @@
-package commands
-
-import (
-	"context"
-	"flag"
-	"fmt"
-	"net/http"
-	"os"
-	"path/filepath"
-
-	// "github.com/future-architect/vuls/Server"
-
-	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/exploit"
-	"github.com/future-architect/vuls/gost"
-	"github.com/future-architect/vuls/msf"
-	"github.com/future-architect/vuls/oval"
-	"github.com/future-architect/vuls/report"
-	"github.com/future-architect/vuls/server"
-	"github.com/future-architect/vuls/util"
-	"github.com/google/subcommands"
-)
-
-// ServerCmd is subcommand for server
-type ServerCmd struct {
-	configPath     string
-	listen         string
-	cveDict        c.GoCveDictConf
-	ovalDict       c.GovalDictConf
-	gostConf       c.GostConf
-	exploitConf    c.ExploitConf
-	metasploitConf c.MetasploitConf
-}
-
-// Name return subcommand name
-func (*ServerCmd) Name() string { return "server" }
-
-// Synopsis return synopsis
-func (*ServerCmd) Synopsis() string { return "Server" }
-
-// Usage return usage
-func (*ServerCmd) Usage() string {
-	return `Server:
-	Server
-		[-lang=en|ja]
-		[-config=/path/to/config.toml]
-		[-log-dir=/path/to/log]
-		[-cvss-over=7]
-		[-ignore-unscored-cves]
-		[-ignore-unfixed]
-		[-to-localfile]
-		[-format-json]
-		[-http-proxy=http://192.168.0.1:8080]
-		[-debug]
-		[-debug-sql]
-		[-listen=localhost:5515]
-		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
-		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
-		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis|http]
-		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
-		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis|http]
-		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
-		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
-		[-exploitdb-type=sqlite3|mysql|redis|http]
-		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
-		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
-		[-msfdb-type=sqlite3|mysql|redis|http]
-		[-msfdb-sqlite3-path=/path/to/msfdb.sqlite3]
-		[-msfdb-url=http://127.0.0.1:1327 or DB connection string]
-
-		[RFC3339 datetime format under results dir]
-`
-}
-
-// SetFlags set flag
-func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
-	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
-	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
-
-	wd, _ := os.Getwd()
-	f.StringVar(&p.configPath, "config", "", "/path/to/toml")
-
-	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
-
-	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
-
-	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
-		"-cvss-over=6.5 means Servering CVSS Score 6.5 and over (default: 0 (means Server all))")
-
-	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
-		"Don't Server the unscored CVEs")
-
-	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
-		"Don't Server the unfixed CVEs")
-
-	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
-		"http://proxy-url:port (default: empty)")
-
-	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
-
-	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
-	f.StringVar(&p.listen, "listen", "localhost:5515",
-		"host:port (default: localhost:5515)")
-
-	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
-		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
-		"http://go-cve-dictionary.com:1323 or DB connection string")
-
-	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
-		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
-		"http://goval-dictionary.com:1324 or DB connection string")
-
-	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
-		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
-		"http://gost.com:1325 or DB connection string")
-
-	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
-		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
-		"http://exploit.com:1326 or DB connection string")
-
-	f.StringVar(&p.metasploitConf.Type, "msfdb-type", "",
-		"DB type of msf (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.metasploitConf.SQLite3Path, "msfdb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.metasploitConf.URL, "msfdb-url", "",
-		"http://metasploit.com:1327 or DB connection string")
-}
-
-// Execute execute
-func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	util.Log = util.NewCustomLogger(c.ServerInfo{})
-	if p.configPath != "" {
-		if err := c.Load(p.configPath, ""); err != nil {
-			util.Log.Errorf("Error loading %s. err: %+v", p.configPath, err)
-			return subcommands.ExitUsageError
-		}
-	}
-
-	c.Conf.CveDict.Overwrite(p.cveDict)
-	c.Conf.OvalDict.Overwrite(p.ovalDict)
-	c.Conf.Gost.Overwrite(p.gostConf)
-	c.Conf.Exploit.Overwrite(p.exploitConf)
-	c.Conf.Metasploit.Overwrite(p.metasploitConf)
-
-	util.Log.Info("Validating config...")
-	if !c.Conf.ValidateOnReport() {
-		return subcommands.ExitUsageError
-	}
-
-	util.Log.Info("Validating db config...")
-	if !c.Conf.ValidateOnReportDB() {
-		return subcommands.ExitUsageError
-	}
-
-	if c.Conf.CveDict.URL != "" {
-		if err := report.CveClient.CheckHealth(); err != nil {
-			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.OvalDict.URL != "" {
-		err := oval.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Gost.URL != "" {
-		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
-		err := gost.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Exploit.URL != "" {
-		err := exploit.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Metasploit.URL != "" {
-		err := msf.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-msfdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
-	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
-		CveDictCnf:    c.Conf.CveDict,
-		OvalDictCnf:   c.Conf.OvalDict,
-		GostCnf:       c.Conf.Gost,
-		ExploitCnf:    c.Conf.Exploit,
-		MetasploitCnf: c.Conf.Metasploit,
-		DebugSQL:      c.Conf.DebugSQL,
-	})
-	if locked {
-		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	if err != nil {
-		util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	defer dbclient.CloseDB()
-
-	http.Handle("/vuls", server.VulsHandler{DBclient: *dbclient})
-	http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
-		fmt.Fprintf(w, "ok")
-	})
-	util.Log.Infof("Listening on %s", p.listen)
-	if err := http.ListenAndServe(p.listen, nil); err != nil {
-		util.Log.Errorf("Failed to start server. err: %+v", err)
-		return subcommands.ExitFailure
-	}
-	return subcommands.ExitSuccess
-}
--- a/commands/tui.go
+++ b/commands/tui.go
@@ -1,265 +0,0 @@
-package commands
-
-import (
-	"context"
-	"flag"
-	"os"
-	"path/filepath"
-
-	"github.com/aquasecurity/trivy/pkg/utils"
-	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/exploit"
-	"github.com/future-architect/vuls/gost"
-	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/msf"
-	"github.com/future-architect/vuls/oval"
-	"github.com/future-architect/vuls/report"
-	"github.com/future-architect/vuls/util"
-	"github.com/google/subcommands"
-)
-
-// TuiCmd is Subcommand of host discovery mode
-type TuiCmd struct {
-	configPath     string
-	cveDict        c.GoCveDictConf
-	ovalDict       c.GovalDictConf
-	gostConf       c.GostConf
-	exploitConf    c.ExploitConf
-	metasploitConf c.MetasploitConf
-}
-
-// Name return subcommand name
-func (*TuiCmd) Name() string { return "tui" }
-
-// Synopsis return synopsis
-func (*TuiCmd) Synopsis() string { return "Run Tui view to analyze vulnerabilities" }
-
-// Usage return usage
-func (*TuiCmd) Usage() string {
-	return `tui:
-	tui
-		[-refresh-cve]
-		[-config=/path/to/config.toml]
-		[-cvss-over=7]
-		[-diff]
-		[-ignore-unscored-cves]
-		[-ignore-unfixed]
-		[-results-dir=/path/to/results]
-		[-log-dir=/path/to/log]
-		[-debug]
-		[-debug-sql]
-		[-quiet]
-		[-no-progress]
-		[-pipe]
-		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
-		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
-		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis|http]
-		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
-		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis|http]
-		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
-		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
-		[-exploitdb-type=sqlite3|mysql|redis|http]
-		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
-		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
-		[-msfdb-type=sqlite3|mysql|redis|http]
-		[-msfdb-sqlite3-path=/path/to/msfdb.sqlite3]
-		[-msfdb-url=http://127.0.0.1:1327 or DB connection string]
-		[-trivy-cachedb-dir=/path/to/dir]
-
-`
-}
-
-// SetFlags set flag
-func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
-	//  f.StringVar(&p.lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "debug SQL")
-	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
-	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
-	f.BoolVar(&c.Conf.NoProgress, "no-progress", false, "Suppress progress bar")
-
-	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
-
-	wd, _ := os.Getwd()
-	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
-
-	defaultConfPath := filepath.Join(wd, "config.toml")
-	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
-
-	f.BoolVar(&c.Conf.RefreshCve, "refresh-cve", false,
-		"Refresh CVE information in JSON file under results dir")
-
-	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
-		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")
-
-	f.BoolVar(&c.Conf.Diff, "diff", false,
-		"Difference between previous result and current result ")
-
-	f.BoolVar(
-		&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
-		"Don't report the unscored CVEs")
-
-	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
-		"Don't report the unfixed CVEs")
-
-	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
-
-	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
-		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
-		"http://go-cve-dictionary.com:1323 or DB connection string")
-
-	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
-		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
-		"http://goval-dictionary.com:1324 or DB connection string")
-
-	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
-		"DB type of gost (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
-		"http://gost.com:1325 or DB connection string")
-
-	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
-		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
-		"http://exploit.com:1326 or DB connection string")
-
-	f.StringVar(&p.metasploitConf.Type, "msfdb-type", "",
-		"DB type of msf (sqlite3, mysql, postgres, redis or http)")
-	f.StringVar(&p.metasploitConf.SQLite3Path, "msfdb-sqlite3-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.metasploitConf.URL, "msfdb-url", "",
-		"http://metasploit.com:1327 or DB connection string")
-
-	f.StringVar(&c.Conf.TrivyCacheDBDir, "trivy-cachedb-dir",
-		utils.DefaultCacheDir(), "/path/to/dir")
-}
-
-// Execute execute
-func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	util.Log = util.NewCustomLogger(c.ServerInfo{})
-	if err := c.Load(p.configPath, ""); err != nil {
-		util.Log.Errorf("Error loading %s, err: %+v", p.configPath, err)
-		return subcommands.ExitUsageError
-	}
-
-	c.Conf.Lang = "en"
-	c.Conf.CveDict.Overwrite(p.cveDict)
-	c.Conf.OvalDict.Overwrite(p.ovalDict)
-	c.Conf.Gost.Overwrite(p.gostConf)
-	c.Conf.Exploit.Overwrite(p.exploitConf)
-	c.Conf.Metasploit.Overwrite(p.metasploitConf)
-
-	var dir string
-	var err error
-	if c.Conf.Diff {
-		dir, err = report.JSONDir([]string{})
-	} else {
-		dir, err = report.JSONDir(f.Args())
-	}
-	if err != nil {
-		util.Log.Errorf("Failed to read from JSON. err: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	util.Log.Info("Validating config...")
-	if !c.Conf.ValidateOnTui() {
-		return subcommands.ExitUsageError
-	}
-
-	var res models.ScanResults
-	if res, err = report.LoadScanResults(dir); err != nil {
-		util.Log.Error(err)
-		return subcommands.ExitFailure
-	}
-	util.Log.Infof("Loaded: %s", dir)
-
-	util.Log.Info("Validating db config...")
-	if !c.Conf.ValidateOnReportDB() {
-		return subcommands.ExitUsageError
-	}
-
-	if c.Conf.CveDict.URL != "" {
-		if err := report.CveClient.CheckHealth(); err != nil {
-			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.OvalDict.URL != "" {
-		err := oval.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("OVAL HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Gost.URL != "" {
-		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
-		err := gost.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Exploit.URL != "" {
-		err := exploit.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
-
-	if c.Conf.Metasploit.URL != "" {
-		err := msf.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
-			util.Log.Errorf("Run go-msfdb as server mode before reporting")
-			return subcommands.ExitFailure
-		}
-	}
-	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
-		CveDictCnf:    c.Conf.CveDict,
-		OvalDictCnf:   c.Conf.OvalDict,
-		GostCnf:       c.Conf.Gost,
-		ExploitCnf:    c.Conf.Exploit,
-		MetasploitCnf: c.Conf.Metasploit,
-		DebugSQL:      c.Conf.DebugSQL,
-	})
-	if locked {
-		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	if err != nil {
-		util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
-		return subcommands.ExitFailure
-	}
-
-	defer dbclient.CloseDB()
-
-	if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
-		util.Log.Error(err)
-		return subcommands.ExitFailure
-	}
-
-	for _, r := range res {
-		if len(r.Warnings) != 0 {
-			util.Log.Warnf("Warning: Some warnings occurred while scanning on %s: %s",
-				r.FormatServerName(), r.Warnings)
-		}
-	}
-
-	return report.RunTui(res)
-}
--- a/config/awsconf.go
+++ b/config/awsconf.go
@@ -0,0 +1,30 @@
+package config
+
+// AWSConf is aws config
+type AWSConf struct {
+	// AWS profile to use
+	Profile string `json:"profile"`
+
+	// AWS region to use
+	Region string `json:"region"`
+
+	// S3 bucket name
+	S3Bucket string `json:"s3Bucket"`
+
+	// /bucket/path/to/results
+	S3ResultsDir string `json:"s3ResultsDir"`
+
+	// The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms).
+	S3ServerSideEncryption string `json:"s3ServerSideEncryption"`
+
+	Enabled bool `toml:"-" json:"-"`
+}
+
+// Validate configuration
+func (c *AWSConf) Validate() (errs []error) {
+	// TODO
+	if !c.Enabled {
+		return
+	}
+	return
+}
--- a/config/azureconf.go
+++ b/config/azureconf.go
@@ -0,0 +1,46 @@
+package config
+
+import (
+	"os"
+
+	"golang.org/x/xerrors"
+)
+
+// AzureConf is azure config
+type AzureConf struct {
+	// Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified
+	AccountName string `json:"accountName"`
+
+	// Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified
+	AccountKey string `json:"-"`
+
+	// Azure storage container name
+	ContainerName string `json:"containerName"`
+
+	Enabled bool `toml:"-" json:"-"`
+}
+
+const (
+	azureAccount = "AZURE_STORAGE_ACCOUNT"
+	azureKey     = "AZURE_STORAGE_ACCESS_KEY"
+)
+
+// Validate configuration
+func (c *AzureConf) Validate() (errs []error) {
+	if !c.Enabled {
+		return
+	}
+
+	// overwrite if env var is not empty
+	if os.Getenv(azureAccount) != "" {
+		c.AccountName = os.Getenv(azureAccount)
+	}
+	if os.Getenv(azureKey) != "" {
+		c.AccountKey = os.Getenv(azureKey)
+	}
+
+	if c.ContainerName == "" {
+		errs = append(errs, xerrors.Errorf("Azure storage container name is required"))
+	}
+	return
+}
--- a/config/chatworkconf.go
+++ b/config/chatworkconf.go
@@ -0,0 +1,33 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// ChatWorkConf is ChatWork config
+type ChatWorkConf struct {
+	APIToken string `json:"-"`
+	Room     string `json:"-"`
+	Enabled  bool   `toml:"-" json:"-"`
+}
+
+// Validate validates configuration
+func (c *ChatWorkConf) Validate() (errs []error) {
+	if !c.Enabled {
+		return
+	}
+	if len(c.Room) == 0 {
+		errs = append(errs, xerrors.New("chatWorkConf.room must not be empty"))
+	}
+
+	if len(c.APIToken) == 0 {
+		errs = append(errs, xerrors.New("chatWorkConf.ApiToken must not be empty"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/config.go
+++ b/config/config.go
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -2,6 +2,8 @@ package config

 import (
 	"testing"
+
+	. "github.com/future-architect/vuls/constant"
 )

 func TestSyslogConfValidate(t *testing.T) {
@@ -55,7 +57,7 @@ func TestSyslogConfValidate(t *testing.T) {
 	}

 	for i, tt := range tests {
-		Conf.ToSyslog = true
+		tt.conf.Enabled = true
 		errs := tt.conf.Validate()
 		if len(errs) != tt.expectedErrLength {
 			t.Errorf("test: %d, expected %d, actual %d", i, tt.expectedErrLength, len(errs))
@@ -68,6 +70,13 @@ func TestDistro_MajorVersion(t *testing.T) {
 		in  Distro
 		out int
 	}{
+		{
+			in: Distro{
+				Family:  Amazon,
+				Release: "2022 (Amazon Linux)",
+			},
+			out: 2022,
+		},
 		{
 			in: Distro{
 				Family:  Amazon,
--- a/config/googlechatconf.go
+++ b/config/googlechatconf.go
@@ -0,0 +1,32 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// GoogleChatConf is GoogleChat config
+type GoogleChatConf struct {
+	WebHookURL       string `valid:"url" json:"-" toml:"webHookURL,omitempty"`
+	SkipIfNoCve      bool   `valid:"type(bool)" json:"-" toml:"skipIfNoCve"`
+	ServerNameRegexp string `valid:"type(string)" json:"-" toml:"serverNameRegexp,omitempty"`
+	Enabled          bool   `valid:"type(bool)" json:"-" toml:"-"`
+}
+
+// Validate validates configuration
+func (c *GoogleChatConf) Validate() (errs []error) {
+	if !c.Enabled {
+		return
+	}
+	if len(c.WebHookURL) == 0 {
+		errs = append(errs, xerrors.New("googleChatConf.webHookURL must not be empty"))
+	}
+	if !govalidator.IsRegex(c.ServerNameRegexp) {
+		errs = append(errs, xerrors.New("googleChatConf.serverNameRegexp must be regex"))
+	}
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/httpconf.go
+++ b/config/httpconf.go
@@ -0,0 +1,32 @@
+package config
+
+import (
+	"os"
+
+	"github.com/asaskevich/govalidator"
+)
+
+// HTTPConf is HTTP config
+type HTTPConf struct {
+	URL     string `valid:"url" json:"-"`
+	Enabled bool   `toml:"-" json:"-"`
+}
+
+const httpKey = "VULS_HTTP_URL"
+
+// Validate validates configuration
+func (c *HTTPConf) Validate() (errs []error) {
+	if !c.Enabled {
+		return nil
+	}
+
+	// overwrite if env var is not empty
+	if os.Getenv(httpKey) != "" {
+		c.URL = os.Getenv(httpKey)
+	}
+
+	if _, err := govalidator.ValidateStruct(c); err != nil {
+		errs = append(errs, err)
+	}
+	return errs
+}
--- a/config/ips.go
+++ b/config/ips.go
@@ -1,9 +0,0 @@
-package config
-
-// IPS is
-type IPS string
-
-const (
-	// DeepSecurity is
-	DeepSecurity IPS = "deepsecurity"
-)
--- a/config/jsonloader.go
+++ b/config/jsonloader.go
@@ -7,6 +7,6 @@ type JSONLoader struct {
 }

 // Load load the configuration JSON file specified by path arg.
-func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error) {
+func (c JSONLoader) Load(_, _, _ string) (err error) {
 	return xerrors.New("Not implement yet")
 }
--- a/config/loader.go
+++ b/config/loader.go
@@ -1,10 +1,9 @@
 package config

 // Load loads configuration
-func Load(path, keyPass string) error {
-	var loader Loader
-	loader = TOMLLoader{}
-	return loader.Load(path, keyPass)
+func Load(path string) error {
+	loader := TOMLLoader{}
+	return loader.Load(path)
 }

 // Loader is interface of concrete loader
--- a/config/os.go
+++ b/config/os.go
@@ -0,0 +1,294 @@
+package config
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/future-architect/vuls/constant"
+)
+
+// EOL has End-of-Life information
+type EOL struct {
+	StandardSupportUntil time.Time
+	ExtendedSupportUntil time.Time
+	Ended                bool
+}
+
+// IsStandardSupportEnded checks now is under standard support
+func (e EOL) IsStandardSupportEnded(now time.Time) bool {
+	return e.Ended ||
+		!e.ExtendedSupportUntil.IsZero() && e.StandardSupportUntil.IsZero() ||
+		!e.StandardSupportUntil.IsZero() && now.After(e.StandardSupportUntil)
+}
+
+// IsExtendedSuppportEnded checks now is under extended support
+func (e EOL) IsExtendedSuppportEnded(now time.Time) bool {
+	if e.Ended {
+		return true
+	}
+	if e.StandardSupportUntil.IsZero() && e.ExtendedSupportUntil.IsZero() {
+		return false
+	}
+	return !e.ExtendedSupportUntil.IsZero() && now.After(e.ExtendedSupportUntil) ||
+		e.ExtendedSupportUntil.IsZero() && now.After(e.StandardSupportUntil)
+}
+
+// GetEOL return EOL information for the OS-release passed by args
+// https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/redhat/redhat.go#L20
+func GetEOL(family, release string) (eol EOL, found bool) {
+	switch family {
+	case constant.Amazon:
+		eol, found = map[string]EOL{
+			"1":    {StandardSupportUntil: time.Date(2023, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"2":    {},
+			"2022": {},
+		}[getAmazonLinuxVersion(release)]
+	case constant.RedHat:
+		// https://access.redhat.com/support/policy/updates/errata
+		eol, found = map[string]EOL{
+			"3": {Ended: true},
+			"4": {Ended: true},
+			"5": {Ended: true},
+			"6": {
+				StandardSupportUntil: time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
+			},
+			"7": {
+				StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
+			},
+			"8": {
+				StandardSupportUntil: time.Date(2029, 5, 31, 23, 59, 59, 0, time.UTC),
+			},
+		}[major(release)]
+	case constant.CentOS:
+		// https://en.wikipedia.org/wiki/CentOS#End-of-support_schedule
+		eol, found = map[string]EOL{
+			"3":       {Ended: true},
+			"4":       {Ended: true},
+			"5":       {Ended: true},
+			"6":       {Ended: true},
+			"7":       {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"8":       {StandardSupportUntil: time.Date(2021, 12, 31, 23, 59, 59, 0, time.UTC)},
+			"stream8": {StandardSupportUntil: time.Date(2024, 5, 31, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	case constant.Alma:
+		eol, found = map[string]EOL{
+			"8": {StandardSupportUntil: time.Date(2029, 12, 31, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	case constant.Rocky:
+		eol, found = map[string]EOL{
+			"8": {StandardSupportUntil: time.Date(2029, 5, 31, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	case constant.Oracle:
+		eol, found = map[string]EOL{
+			// Source:
+			// https://www.oracle.com/a/ocom/docs/elsp-lifetime-069338.pdf
+			// https://community.oracle.com/docs/DOC-917964
+			"3": {Ended: true},
+			"4": {Ended: true},
+			"5": {Ended: true},
+			"6": {
+				StandardSupportUntil: time.Date(2021, 3, 1, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2024, 3, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"7": {
+				StandardSupportUntil: time.Date(2024, 7, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"8": {
+				StandardSupportUntil: time.Date(2029, 7, 1, 23, 59, 59, 0, time.UTC),
+			},
+		}[major(release)]
+	case constant.Debian:
+		eol, found = map[string]EOL{
+			// https://wiki.debian.org/LTS
+			"6":  {Ended: true},
+			"7":  {Ended: true},
+			"8":  {Ended: true},
+			"9":  {StandardSupportUntil: time.Date(2022, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"10": {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"11": {StandardSupportUntil: time.Date(2026, 6, 30, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	case constant.Raspbian:
+		// Not found
+		eol, found = map[string]EOL{}[major(release)]
+	case constant.Ubuntu:
+		// https://wiki.ubuntu.com/Releases
+		eol, found = map[string]EOL{
+			"14.10": {Ended: true},
+			"14.04": {
+				ExtendedSupportUntil: time.Date(2022, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"15.04": {Ended: true},
+			"16.10": {Ended: true},
+			"17.04": {Ended: true},
+			"17.10": {Ended: true},
+			"16.04": {
+				StandardSupportUntil: time.Date(2021, 4, 1, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2024, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"18.04": {
+				StandardSupportUntil: time.Date(2023, 4, 1, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2028, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"18.10": {Ended: true},
+			"19.04": {Ended: true},
+			"19.10": {Ended: true},
+			"20.04": {
+				StandardSupportUntil: time.Date(2025, 4, 1, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2030, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"20.10": {
+				StandardSupportUntil: time.Date(2021, 7, 22, 23, 59, 59, 0, time.UTC),
+			},
+			"21.04": {
+				StandardSupportUntil: time.Date(2022, 1, 20, 23, 59, 59, 0, time.UTC),
+			},
+			"21.10": {
+				StandardSupportUntil: time.Date(2022, 7, 14, 23, 59, 59, 0, time.UTC),
+			},
+			"22.04": {
+				StandardSupportUntil: time.Date(2027, 4, 1, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2032, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+		}[release]
+	case constant.OpenSUSE:
+		// https://en.opensuse.org/Lifetime
+		eol, found = map[string]EOL{
+			"10.2":       {Ended: true},
+			"10.3":       {Ended: true},
+			"11.0":       {Ended: true},
+			"11.1":       {Ended: true},
+			"11.2":       {Ended: true},
+			"11.3":       {Ended: true},
+			"11.4":       {Ended: true},
+			"12.1":       {Ended: true},
+			"12.2":       {Ended: true},
+			"12.3":       {Ended: true},
+			"13.1":       {Ended: true},
+			"13.2":       {Ended: true},
+			"tumbleweed": {},
+		}[release]
+	case constant.OpenSUSELeap:
+		// https://en.opensuse.org/Lifetime
+		eol, found = map[string]EOL{
+			"42.1": {Ended: true},
+			"42.2": {Ended: true},
+			"42.3": {Ended: true},
+			"15.0": {Ended: true},
+			"15.1": {Ended: true},
+			"15.2": {Ended: true},
+			"15.3": {StandardSupportUntil: time.Date(2022, 11, 30, 23, 59, 59, 0, time.UTC)},
+			"15.4": {StandardSupportUntil: time.Date(2023, 11, 30, 23, 59, 59, 0, time.UTC)},
+		}[release]
+	case constant.SUSEEnterpriseServer:
+		// https://www.suse.com/lifecycle
+		eol, found = map[string]EOL{
+			"11":   {Ended: true},
+			"11.1": {Ended: true},
+			"11.2": {Ended: true},
+			"11.3": {Ended: true},
+			"11.4": {Ended: true},
+			"12":   {Ended: true},
+			"12.1": {Ended: true},
+			"12.2": {Ended: true},
+			"12.3": {Ended: true},
+			"12.4": {Ended: true},
+			"12.5": {StandardSupportUntil: time.Date(2024, 10, 31, 23, 59, 59, 0, time.UTC)},
+			"15":   {Ended: true},
+			"15.1": {Ended: true},
+			"15.2": {Ended: true},
+			"15.3": {StandardSupportUntil: time.Date(2022, 11, 30, 23, 59, 59, 0, time.UTC)},
+			"15.4": {StandardSupportUntil: time.Date(2023, 11, 30, 23, 59, 59, 0, time.UTC)},
+		}[release]
+	case constant.SUSEEnterpriseDesktop:
+		// https://www.suse.com/lifecycle
+		eol, found = map[string]EOL{
+			"11":   {Ended: true},
+			"11.1": {Ended: true},
+			"11.2": {Ended: true},
+			"11.3": {Ended: true},
+			"11.4": {Ended: true},
+			"12":   {Ended: true},
+			"12.1": {Ended: true},
+			"12.2": {Ended: true},
+			"12.3": {Ended: true},
+			"12.4": {Ended: true},
+			"15":   {Ended: true},
+			"15.1": {Ended: true},
+			"15.2": {Ended: true},
+			"15.3": {StandardSupportUntil: time.Date(2022, 11, 30, 23, 59, 59, 0, time.UTC)},
+			"15.4": {StandardSupportUntil: time.Date(2023, 11, 30, 23, 59, 59, 0, time.UTC)},
+		}[release]
+	case constant.Alpine:
+		// https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/alpine/alpine.go#L19
+		// https://alpinelinux.org/releases/
+		eol, found = map[string]EOL{
+			"2.0":  {Ended: true},
+			"2.1":  {Ended: true},
+			"2.2":  {Ended: true},
+			"2.3":  {Ended: true},
+			"2.4":  {Ended: true},
+			"2.5":  {Ended: true},
+			"2.6":  {Ended: true},
+			"2.7":  {Ended: true},
+			"3.0":  {Ended: true},
+			"3.1":  {Ended: true},
+			"3.2":  {Ended: true},
+			"3.3":  {Ended: true},
+			"3.4":  {Ended: true},
+			"3.5":  {Ended: true},
+			"3.6":  {Ended: true},
+			"3.7":  {Ended: true},
+			"3.8":  {Ended: true},
+			"3.9":  {Ended: true},
+			"3.10": {StandardSupportUntil: time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC)},
+			"3.11": {StandardSupportUntil: time.Date(2021, 11, 1, 23, 59, 59, 0, time.UTC)},
+			"3.12": {StandardSupportUntil: time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC)},
+			"3.13": {StandardSupportUntil: time.Date(2022, 11, 1, 23, 59, 59, 0, time.UTC)},
+			"3.14": {StandardSupportUntil: time.Date(2023, 5, 1, 23, 59, 59, 0, time.UTC)},
+			"3.15": {StandardSupportUntil: time.Date(2023, 11, 1, 23, 59, 59, 0, time.UTC)},
+		}[majorDotMinor(release)]
+	case constant.FreeBSD:
+		// https://www.freebsd.org/security/
+		eol, found = map[string]EOL{
+			"7":  {Ended: true},
+			"8":  {Ended: true},
+			"9":  {Ended: true},
+			"10": {Ended: true},
+			"11": {StandardSupportUntil: time.Date(2021, 9, 30, 23, 59, 59, 0, time.UTC)},
+			"12": {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"13": {StandardSupportUntil: time.Date(2026, 1, 31, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	case constant.Fedora:
+		// https://docs.fedoraproject.org/en-US/releases/eol/
+		// https://endoflife.date/fedora
+		eol, found = map[string]EOL{
+			"32": {StandardSupportUntil: time.Date(2021, 5, 25, 23, 59, 59, 0, time.UTC)},
+			"33": {StandardSupportUntil: time.Date(2021, 11, 30, 23, 59, 59, 0, time.UTC)},
+			"34": {StandardSupportUntil: time.Date(2022, 5, 17, 23, 59, 59, 0, time.UTC)},
+			"35": {StandardSupportUntil: time.Date(2022, 12, 7, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	}
+	return
+}
+
+func major(osVer string) (majorVersion string) {
+	return strings.Split(osVer, ".")[0]
+}
+
+func majorDotMinor(osVer string) (majorDotMinor string) {
+	ss := strings.SplitN(osVer, ".", 3)
+	if len(ss) == 1 {
+		return osVer
+	}
+	return fmt.Sprintf("%s.%s", ss[0], ss[1])
+}
+
+func getAmazonLinuxVersion(osRelease string) string {
+	ss := strings.Fields(osRelease)
+	if len(ss) == 1 {
+		return "1"
+	}
+	return ss[0]
+}
--- a/config/os_test.go
+++ b/config/os_test.go
@@ -0,0 +1,570 @@
+package config
+
+import (
+	"testing"
+	"time"
+
+	. "github.com/future-architect/vuls/constant"
+)
+
+func TestEOL_IsStandardSupportEnded(t *testing.T) {
+	type fields struct {
+		family  string
+		release string
+	}
+	tests := []struct {
+		name     string
+		fields   fields
+		now      time.Time
+		found    bool
+		stdEnded bool
+		extEnded bool
+	}{
+		// Amazon Linux
+		{
+			name:     "amazon linux 1 supported",
+			fields:   fields{family: Amazon, release: "2018.03"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "amazon linux 1 eol on 2023-6-30",
+			fields:   fields{family: Amazon, release: "2018.03"},
+			now:      time.Date(2023, 7, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "amazon linux 2 supported",
+			fields:   fields{family: Amazon, release: "2 (Karoo)"},
+			now:      time.Date(2023, 7, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "amazon linux 2022 supported",
+			fields:   fields{family: Amazon, release: "2022 (Amazon Linux)"},
+			now:      time.Date(2023, 7, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		//RHEL
+		{
+			name:     "RHEL7 supported",
+			fields:   fields{family: RedHat, release: "7"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "RHEL8 supported",
+			fields:   fields{family: RedHat, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "RHEL6 eol",
+			fields:   fields{family: RedHat, release: "6"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "RHEL9 not found",
+			fields:   fields{family: RedHat, release: "9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		//CentOS
+		{
+			name:     "CentOS 7 supported",
+			fields:   fields{family: CentOS, release: "7"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "CentOS 8 supported",
+			fields:   fields{family: CentOS, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "CentOS 6 eol",
+			fields:   fields{family: CentOS, release: "6"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "CentOS 9 not found",
+			fields:   fields{family: CentOS, release: "9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		// Alma
+		{
+			name:     "Alma Linux 8 supported",
+			fields:   fields{family: Alma, release: "8"},
+			now:      time.Date(2021, 7, 2, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alma Linux 8 EOL",
+			fields:   fields{family: Alma, release: "8"},
+			now:      time.Date(2029, 2, 1, 0, 0, 0, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alma Linux 9 Not Found",
+			fields:   fields{family: Alma, release: "9"},
+			now:      time.Date(2021, 7, 2, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		// Rocky
+		{
+			name:     "Rocky Linux 8 supported",
+			fields:   fields{family: Rocky, release: "8"},
+			now:      time.Date(2021, 7, 2, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Rocky Linux 8 EOL",
+			fields:   fields{family: Rocky, release: "8"},
+			now:      time.Date(2026, 2, 1, 0, 0, 0, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Rocky Linux 9 Not Found",
+			fields:   fields{family: Rocky, release: "9"},
+			now:      time.Date(2021, 7, 2, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		//Oracle
+		{
+			name:     "Oracle Linux 7 supported",
+			fields:   fields{family: Oracle, release: "7"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Oracle Linux 8 supported",
+			fields:   fields{family: Oracle, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Oracle Linux 6 eol",
+			fields:   fields{family: Oracle, release: "6"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Oracle Linux 9 not found",
+			fields:   fields{family: Oracle, release: "9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		//Ubuntu
+		{
+			name:     "Ubuntu 12.10 not found",
+			fields:   fields{family: Ubuntu, release: "12.10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			found:    false,
+			stdEnded: false,
+			extEnded: false,
+		},
+		{
+			name:     "Ubuntu 14.04 eol",
+			fields:   fields{family: Ubuntu, release: "14.04"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 14.10 eol",
+			fields:   fields{family: Ubuntu, release: "14.10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 16.04 supported",
+			fields:   fields{family: Ubuntu, release: "18.04"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 18.04 supported",
+			fields:   fields{family: Ubuntu, release: "18.04"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 18.04 ext supported",
+			fields:   fields{family: Ubuntu, release: "18.04"},
+			now:      time.Date(2025, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 20.04 supported",
+			fields:   fields{family: Ubuntu, release: "20.04"},
+			now:      time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: false,
+			extEnded: false,
+		},
+		{
+			name:     "Ubuntu 20.04 ext supported",
+			fields:   fields{family: Ubuntu, release: "20.04"},
+			now:      time.Date(2025, 5, 1, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: true,
+			extEnded: false,
+		},
+		{
+			name:     "Ubuntu 20.10 supported",
+			fields:   fields{family: Ubuntu, release: "20.10"},
+			now:      time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: false,
+			extEnded: false,
+		},
+		{
+			name:     "Ubuntu 21.04 supported",
+			fields:   fields{family: Ubuntu, release: "21.04"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: false,
+			extEnded: false,
+		},
+		{
+			name:     "Ubuntu 21.10 supported",
+			fields:   fields{family: Ubuntu, release: "21.10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: false,
+			extEnded: false,
+		},
+		{
+			name:     "Ubuntu 22.04 supported",
+			fields:   fields{family: Ubuntu, release: "22.04"},
+			now:      time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: false,
+			extEnded: false,
+		},
+		//Debian
+		{
+			name:     "Debian 9 supported",
+			fields:   fields{family: Debian, release: "9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Debian 10 supported",
+			fields:   fields{family: Debian, release: "10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Debian 8 supported",
+			fields:   fields{family: Debian, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Debian 11 supported",
+			fields:   fields{family: Debian, release: "11"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Debian 12 is not supported yet",
+			fields:   fields{family: Debian, release: "12"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		//alpine
+		{
+			name:     "alpine 3.10 supported",
+			fields:   fields{family: Alpine, release: "3.10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alpine 3.11 supported",
+			fields:   fields{family: Alpine, release: "3.11"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alpine 3.12 supported",
+			fields:   fields{family: Alpine, release: "3.12"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alpine 3.9 eol",
+			fields:   fields{family: Alpine, release: "3.9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Alpine 3.14 supported",
+			fields:   fields{family: Alpine, release: "3.14"},
+			now:      time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alpine 3.15 supported",
+			fields:   fields{family: Alpine, release: "3.15"},
+			now:      time.Date(2022, 11, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alpine 3.16 not found",
+			fields:   fields{family: Alpine, release: "3.16"},
+			now:      time.Date(2022, 1, 14, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		// freebsd
+		{
+			name:     "freebsd 11 supported",
+			fields:   fields{family: FreeBSD, release: "11"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "freebsd 11 eol on 2021-9-30",
+			fields:   fields{family: FreeBSD, release: "11"},
+			now:      time.Date(2021, 10, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "freebsd 12 supported",
+			fields:   fields{family: FreeBSD, release: "12"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "freebsd 13 supported",
+			fields:   fields{family: FreeBSD, release: "13"},
+			now:      time.Date(2021, 7, 2, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "freebsd 10 eol",
+			fields:   fields{family: FreeBSD, release: "10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		// Fedora
+		{
+			name:     "Fedora 32 supported",
+			fields:   fields{family: Fedora, release: "32"},
+			now:      time.Date(2021, 5, 25, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Fedora 32 eol on 2021-5-25",
+			fields:   fields{family: Fedora, release: "32"},
+			now:      time.Date(2021, 5, 26, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Fedora 33 supported",
+			fields:   fields{family: Fedora, release: "33"},
+			now:      time.Date(2021, 11, 30, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Fedora 33 eol on 2021-5-26",
+			fields:   fields{family: Fedora, release: "32"},
+			now:      time.Date(2021, 5, 27, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Fedora 34 supported",
+			fields:   fields{family: Fedora, release: "34"},
+			now:      time.Date(2022, 5, 17, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Fedora 32 eol on 2022-5-17",
+			fields:   fields{family: Fedora, release: "34"},
+			now:      time.Date(2022, 5, 18, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Fedora 35 supported",
+			fields:   fields{family: Fedora, release: "35"},
+			now:      time.Date(2022, 12, 7, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Fedora 35 eol on 2022-12-7",
+			fields:   fields{family: Fedora, release: "35"},
+			now:      time.Date(2022, 12, 8, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			eol, found := GetEOL(tt.fields.family, tt.fields.release)
+			if found != tt.found {
+				t.Errorf("GetEOL.found = %v, want %v", found, tt.found)
+			}
+			if found {
+				if got := eol.IsStandardSupportEnded(tt.now); got != tt.stdEnded {
+					t.Errorf("EOL.IsStandardSupportEnded() = %v, want %v", got, tt.stdEnded)
+				}
+				if got := eol.IsExtendedSuppportEnded(tt.now); got != tt.extEnded {
+					t.Errorf("EOL.IsExtendedSupportEnded() = %v, want %v", got, tt.extEnded)
+				}
+			}
+		})
+	}
+}
+
+func Test_majorDotMinor(t *testing.T) {
+	type args struct {
+		osVer string
+	}
+	tests := []struct {
+		name              string
+		args              args
+		wantMajorDotMinor string
+	}{
+		{
+			name: "empty",
+			args: args{
+				osVer: "",
+			},
+			wantMajorDotMinor: "",
+		},
+		{
+			name: "major",
+			args: args{
+				osVer: "3",
+			},
+			wantMajorDotMinor: "3",
+		},
+		{
+			name: "major dot minor",
+			args: args{
+				osVer: "3.1",
+			},
+			wantMajorDotMinor: "3.1",
+		},
+		{
+			name: "major dot minor dot release",
+			args: args{
+				osVer: "3.1.4",
+			},
+			wantMajorDotMinor: "3.1",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if gotMajorDotMinor := majorDotMinor(tt.args.osVer); gotMajorDotMinor != tt.wantMajorDotMinor {
+				t.Errorf("majorDotMinor() = %v, want %v", gotMajorDotMinor, tt.wantMajorDotMinor)
+			}
+		})
+	}
+}
--- a/config/portscan.go
+++ b/config/portscan.go
@@ -0,0 +1,222 @@
+package config
+
+import (
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// PortScanConf is the setting for using an external port scanner
+type PortScanConf struct {
+	IsUseExternalScanner bool `toml:"-" json:"-"`
+
+	// Path to external scanner
+	ScannerBinPath string `toml:"scannerBinPath,omitempty" json:"scannerBinPath,omitempty"`
+
+	// set user has privileged
+	HasPrivileged bool `toml:"hasPrivileged,omitempty" json:"hasPrivileged,omitempty"`
+
+	// set the ScanTechniques for ScannerBinPath
+	ScanTechniques []string `toml:"scanTechniques,omitempty" json:"scanTechniques,omitempty"`
+
+	// set the FIREWALL/IDS EVASION AND SPOOFING(Use given port number)
+	SourcePort string `toml:"sourcePort,omitempty" json:"sourcePort,omitempty"`
+}
+
+// ScanTechnique is implemented to represent the supported ScanTechniques in an Enum.
+type ScanTechnique int
+
+const (
+	// NotSupportTechnique is a ScanTechnique that is currently not supported.
+	NotSupportTechnique ScanTechnique = iota
+	// TCPSYN is SYN scan
+	TCPSYN
+	// TCPConnect is TCP connect scan
+	TCPConnect
+	// TCPACK is ACK scan
+	TCPACK
+	// TCPWindow is Window scan
+	TCPWindow
+	// TCPMaimon is Maimon scan
+	TCPMaimon
+	// TCPNull is Null scan
+	TCPNull
+	// TCPFIN is FIN scan
+	TCPFIN
+	// TCPXmas is Xmas scan
+	TCPXmas
+)
+
+var scanTechniqueMap = map[ScanTechnique]string{
+	TCPSYN:     "sS",
+	TCPConnect: "sT",
+	TCPACK:     "sA",
+	TCPWindow:  "sW",
+	TCPMaimon:  "sM",
+	TCPNull:    "sN",
+	TCPFIN:     "sF",
+	TCPXmas:    "sX",
+}
+
+func (s ScanTechnique) String() string {
+	switch s {
+	case TCPSYN:
+		return "TCPSYN"
+	case TCPConnect:
+		return "TCPConnect"
+	case TCPACK:
+		return "TCPACK"
+	case TCPWindow:
+		return "TCPWindow"
+	case TCPMaimon:
+		return "TCPMaimon"
+	case TCPNull:
+		return "TCPNull"
+	case TCPFIN:
+		return "TCPFIN"
+	case TCPXmas:
+		return "TCPXmas"
+	default:
+		return "NotSupportTechnique"
+	}
+}
+
+// GetScanTechniques converts ScanTechniques loaded from config.toml to []scanTechniques.
+func (c *PortScanConf) GetScanTechniques() []ScanTechnique {
+	if len(c.ScanTechniques) == 0 {
+		return []ScanTechnique{}
+	}
+
+	scanTechniques := []ScanTechnique{}
+	for _, technique := range c.ScanTechniques {
+		findScanTechniqueFlag := false
+		for key, value := range scanTechniqueMap {
+			if strings.EqualFold(value, technique) {
+				scanTechniques = append(scanTechniques, key)
+				findScanTechniqueFlag = true
+				break
+			}
+		}
+
+		if !findScanTechniqueFlag {
+			scanTechniques = append(scanTechniques, NotSupportTechnique)
+		}
+	}
+
+	if len(scanTechniques) == 0 {
+		return []ScanTechnique{NotSupportTechnique}
+	}
+	return scanTechniques
+}
+
+// Validate validates configuration
+func (c *PortScanConf) Validate() (errs []error) {
+	if !c.IsUseExternalScanner {
+		if c.IsZero() {
+			return
+		}
+		errs = append(errs, xerrors.New("To enable the PortScan option, ScannerBinPath must be set."))
+	}
+
+	if _, err := os.Stat(c.ScannerBinPath); err != nil {
+		errs = append(errs, xerrors.Errorf(
+			"scanner is not found. ScannerBinPath: %s not exists", c.ScannerBinPath))
+	}
+
+	scanTechniques := c.GetScanTechniques()
+	for _, scanTechnique := range scanTechniques {
+		if scanTechnique == NotSupportTechnique {
+			errs = append(errs, xerrors.New("There is an unsupported option in ScanTechniques."))
+		}
+	}
+
+	// It does not currently support multiple ScanTechniques.
+	// But if it supports UDP scanning, it will need to accept multiple ScanTechniques.
+	if len(scanTechniques) > 1 {
+		errs = append(errs, xerrors.New("Currently multiple ScanTechniques are not supported."))
+	}
+
+	if c.HasPrivileged {
+		if os.Geteuid() != 0 {
+			output, err := exec.Command("getcap", c.ScannerBinPath).Output()
+			if err != nil {
+				errs = append(errs, xerrors.Errorf("Failed to check capability of %s. error message: %w", c.ScannerBinPath, err))
+			} else {
+				parseOutput := strings.SplitN(string(output), "=", 2)
+				if len(parseOutput) != 2 {
+					errs = append(errs, xerrors.Errorf("Failed to parse getcap outputs. please execute this command: `$ getcap %s`. If the following string (`/usr/bin/nmap = ... `) is not displayed, you need to set the capability with the following command. `$ setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip %s`", c.ScannerBinPath, c.ScannerBinPath))
+				} else {
+					parseCapability := strings.Split(strings.TrimSpace(parseOutput[1]), "+")
+					capabilities := strings.Split(parseCapability[0], ",")
+					for _, needCap := range []string{"cap_net_bind_service", "cap_net_admin", "cap_net_raw"} {
+						existCapFlag := false
+						for _, cap := range capabilities {
+							if needCap == cap {
+								existCapFlag = true
+								break
+							}
+						}
+
+						if existCapFlag {
+							continue
+						}
+
+						errs = append(errs, xerrors.Errorf("Not enough capability to execute. needs: ['cap_net_bind_service', 'cap_net_admin', 'cap_net_raw'], actual: %s. To fix this, run the following command. `$ setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip %s`", capabilities, c.ScannerBinPath))
+						break
+					}
+
+					if parseCapability[1] != "eip" {
+						errs = append(errs, xerrors.Errorf("Capability(`cap_net_bind_service,cap_net_admin,cap_net_raw`) must belong to the following capability set(need: eip, actual: %s). To fix this, run the following command. `$ setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip %s`", parseCapability[1], c.ScannerBinPath))
+					}
+				}
+			}
+		}
+	}
+
+	if !c.HasPrivileged {
+		for _, scanTechnique := range scanTechniques {
+			if scanTechnique != TCPConnect && scanTechnique != NotSupportTechnique {
+				errs = append(errs, xerrors.New("If not privileged, only TCPConnect Scan(-sT) can be used."))
+				break
+			}
+		}
+	}
+
+	if c.SourcePort != "" {
+		for _, scanTechnique := range scanTechniques {
+			if scanTechnique == TCPConnect {
+				errs = append(errs, xerrors.New("SourcePort Option(-g/--source-port) is incompatible with the default TCPConnect Scan(-sT)."))
+				break
+			}
+		}
+
+		portNumber, err := strconv.Atoi(c.SourcePort)
+		if err != nil {
+			errs = append(errs, xerrors.Errorf("SourcePort conversion failed. %w", err))
+		} else {
+			if portNumber < 0 || 65535 < portNumber {
+				errs = append(errs, xerrors.Errorf("SourcePort(%s) must be between 0 and 65535.", c.SourcePort))
+			}
+
+			if portNumber == 0 {
+				errs = append(errs, xerrors.New("SourcePort(0) may not work on all systems."))
+			}
+		}
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+
+	return
+}
+
+// IsZero return  whether this struct is not specified in config.toml
+func (c PortScanConf) IsZero() bool {
+	return c.ScannerBinPath == "" && !c.HasPrivileged && len(c.ScanTechniques) == 0 && c.SourcePort == ""
+}
--- a/config/portscan_test.go
+++ b/config/portscan_test.go
@@ -0,0 +1,69 @@
+package config
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestPortScanConf_getScanTechniques(t *testing.T) {
+	tests := []struct {
+		name       string
+		techniques []string
+		want       []ScanTechnique
+	}{
+		{
+			name:       "nil",
+			techniques: []string{},
+			want:       []ScanTechnique{},
+		},
+		{
+			name:       "single",
+			techniques: []string{"sS"},
+			want:       []ScanTechnique{TCPSYN},
+		},
+		{
+			name:       "multiple",
+			techniques: []string{"sS", "sT"},
+			want:       []ScanTechnique{TCPSYN, TCPConnect},
+		},
+		{
+			name:       "unknown",
+			techniques: []string{"sU"},
+			want:       []ScanTechnique{NotSupportTechnique},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := PortScanConf{ScanTechniques: tt.techniques}
+			if got := c.GetScanTechniques(); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("PortScanConf.getScanTechniques() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestPortScanConf_IsZero(t *testing.T) {
+	tests := []struct {
+		name string
+		conf PortScanConf
+		want bool
+	}{
+		{
+			name: "not zero",
+			conf: PortScanConf{ScannerBinPath: "/usr/bin/nmap"},
+			want: false,
+		},
+		{
+			name: "zero",
+			conf: PortScanConf{},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.conf.IsZero(); got != tt.want {
+				t.Errorf("PortScanConf.IsZero() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/config/saasconf.go
+++ b/config/saasconf.go
@@ -0,0 +1,34 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// SaasConf is FutureVuls config
+type SaasConf struct {
+	GroupID int64  `json:"-"`
+	Token   string `json:"-"`
+	URL     string `json:"-"`
+}
+
+// Validate validates configuration
+func (c *SaasConf) Validate() (errs []error) {
+	if c.GroupID == 0 {
+		errs = append(errs, xerrors.New("GroupID must not be empty"))
+	}
+
+	if len(c.Token) == 0 {
+		errs = append(errs, xerrors.New("Token must not be empty"))
+	}
+
+	if len(c.URL) == 0 {
+		errs = append(errs, xerrors.New("URL must not be empty"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/scanmode.go
+++ b/config/scanmode.go
@@ -0,0 +1,110 @@
+package config
+
+import (
+	"strings"
+
+	"golang.org/x/xerrors"
+)
+
+// ScanMode has a type of scan mode. fast, fast-root, deep and offline
+type ScanMode struct {
+	flag byte
+}
+
+const (
+	// Fast is fast scan mode
+	Fast = byte(1 << iota)
+	// FastRoot is scanmode
+	FastRoot
+	// Deep is scanmode
+	Deep
+	// Offline is scanmode
+	Offline
+
+	fastStr     = "fast"
+	fastRootStr = "fast-root"
+	deepStr     = "deep"
+	offlineStr  = "offline"
+)
+
+// Set mode
+func (s *ScanMode) Set(f byte) {
+	s.flag |= f
+}
+
+// IsFast return whether scan mode is fast
+func (s ScanMode) IsFast() bool {
+	return s.flag&Fast == Fast
+}
+
+// IsFastRoot return whether scan mode is fastroot
+func (s ScanMode) IsFastRoot() bool {
+	return s.flag&FastRoot == FastRoot
+}
+
+// IsDeep return whether scan mode is deep
+func (s ScanMode) IsDeep() bool {
+	return s.flag&Deep == Deep
+}
+
+// IsOffline return whether scan mode is offline
+func (s ScanMode) IsOffline() bool {
+	return s.flag&Offline == Offline
+}
+
+func (s *ScanMode) ensure() error {
+	numTrue := 0
+	for _, b := range []bool{s.IsFast(), s.IsFastRoot(), s.IsDeep()} {
+		if b {
+			numTrue++
+		}
+	}
+	if numTrue == 0 {
+		s.Set(Fast)
+	} else if s.IsDeep() && s.IsOffline() {
+		return xerrors.New("Don't specify both of deep and offline")
+	} else if numTrue != 1 {
+		return xerrors.New("Specify only one of offline, fast, fast-root or deep")
+	}
+	return nil
+}
+
+func (s ScanMode) String() string {
+	ss := ""
+	if s.IsFast() {
+		ss = fastStr
+	} else if s.IsFastRoot() {
+		ss = fastRootStr
+	} else if s.IsDeep() {
+		ss = deepStr
+	}
+	if s.IsOffline() {
+		ss += " " + offlineStr
+	}
+	return ss + " mode"
+}
+
+func setScanMode(server *ServerInfo) error {
+	if len(server.ScanMode) == 0 {
+		server.ScanMode = Conf.Default.ScanMode
+	}
+	for _, m := range server.ScanMode {
+		switch strings.ToLower(m) {
+		case fastStr:
+			server.Mode.Set(Fast)
+		case fastRootStr:
+			server.Mode.Set(FastRoot)
+		case deepStr:
+			server.Mode.Set(Deep)
+		case offlineStr:
+			server.Mode.Set(Offline)
+		default:
+			return xerrors.Errorf("scanMode: %s of %s is invalid. Specify -fast, -fast-root, -deep or offline",
+				m, server.ServerName)
+		}
+	}
+	if err := server.Mode.ensure(); err != nil {
+		return xerrors.Errorf("%s in %s", err, server.ServerName)
+	}
+	return nil
+}
--- a/config/scanmodule.go
+++ b/config/scanmodule.go
@@ -0,0 +1,97 @@
+package config
+
+import (
+	"strings"
+
+	"golang.org/x/xerrors"
+)
+
+// ScanModule has a type of scan module
+type ScanModule struct {
+	flag byte
+}
+
+const (
+	// OSPkg is scanmodule
+	OSPkg = byte(1 << iota)
+	// WordPress is scanmodule
+	WordPress
+	// Lockfile is scanmodule
+	Lockfile
+	// Port is scanmodule
+	Port
+
+	osPkgStr     = "ospkg"
+	wordPressStr = "wordpress"
+	lockfileStr  = "lockfile"
+	portStr      = "port"
+)
+
+var allModules = []string{osPkgStr, wordPressStr, lockfileStr, portStr}
+
+// Set module
+func (s *ScanModule) Set(f byte) {
+	s.flag |= f
+}
+
+// IsScanOSPkg return whether scanning os pkg
+func (s ScanModule) IsScanOSPkg() bool {
+	return s.flag&OSPkg == OSPkg
+}
+
+// IsScanWordPress return whether scanning wordpress
+func (s ScanModule) IsScanWordPress() bool {
+	return s.flag&WordPress == WordPress
+}
+
+// IsScanLockFile whether scanning lock file
+func (s ScanModule) IsScanLockFile() bool {
+	return s.flag&Lockfile == Lockfile
+}
+
+// IsScanPort whether scanning listening ports
+func (s ScanModule) IsScanPort() bool {
+	return s.flag&Port == Port
+}
+
+// IsZero return the struct value are all false
+func (s ScanModule) IsZero() bool {
+	return !(s.IsScanOSPkg() || s.IsScanWordPress() || s.IsScanLockFile() || s.IsScanPort())
+}
+
+func (s *ScanModule) ensure() error {
+	if s.IsZero() {
+		s.Set(OSPkg)
+		s.Set(WordPress)
+		s.Set(Lockfile)
+		s.Set(Port)
+	} else if !s.IsScanOSPkg() && s.IsScanPort() {
+		return xerrors.New("When specifying the Port, Specify OSPkg as well")
+	}
+	return nil
+}
+
+func setScanModules(server *ServerInfo, d ServerInfo) error {
+	if len(server.ScanModules) == 0 {
+		server.ScanModules = d.ScanModules
+	}
+	for _, m := range server.ScanModules {
+		switch strings.ToLower(m) {
+		case osPkgStr:
+			server.Module.Set(OSPkg)
+		case wordPressStr:
+			server.Module.Set(WordPress)
+		case lockfileStr:
+			server.Module.Set(Lockfile)
+		case portStr:
+			server.Module.Set(Port)
+		default:
+			return xerrors.Errorf("scanMode: %s of %s is invalid. Specify %s",
+				m, server.ServerName, allModules)
+		}
+	}
+	if err := server.Module.ensure(); err != nil {
+		return xerrors.Errorf("%s in %s", err, server.ServerName)
+	}
+	return nil
+}
--- a/config/scanmodule_test.go
+++ b/config/scanmodule_test.go
@@ -0,0 +1,65 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestScanModule_IsZero(t *testing.T) {
+	tests := []struct {
+		name  string
+		modes []byte
+		want  bool
+	}{
+		{
+			name:  "not zero",
+			modes: []byte{OSPkg},
+			want:  false,
+		},
+		{
+			name:  "zero",
+			modes: []byte{},
+			want:  true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := ScanModule{}
+			for _, b := range tt.modes {
+				s.Set(b)
+			}
+			if got := s.IsZero(); got != tt.want {
+				t.Errorf("ScanModule.IsZero() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestScanModule_validate(t *testing.T) {
+	tests := []struct {
+		name    string
+		modes   []byte
+		wantErr bool
+	}{
+		{
+			name:    "valid",
+			modes:   []byte{},
+			wantErr: false,
+		},
+		{
+			name:    "err",
+			modes:   []byte{WordPress, Lockfile, Port},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := ScanModule{}
+			for _, b := range tt.modes {
+				s.Set(b)
+			}
+			if err := s.ensure(); (err != nil) != tt.wantErr {
+				t.Errorf("ScanModule.validate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
--- a/config/slackconf.go
+++ b/config/slackconf.go
@@ -0,0 +1,52 @@
+package config
+
+import (
+	"strings"
+
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// SlackConf is slack config
+type SlackConf struct {
+	HookURL     string   `valid:"url" json:"-" toml:"hookURL,omitempty"`
+	LegacyToken string   `json:"-" toml:"legacyToken,omitempty"`
+	Channel     string   `json:"-" toml:"channel,omitempty"`
+	IconEmoji   string   `json:"-" toml:"iconEmoji,omitempty"`
+	AuthUser    string   `json:"-" toml:"authUser,omitempty"`
+	NotifyUsers []string `toml:"notifyUsers,omitempty" json:"-"`
+	Text        string   `json:"-"`
+	Enabled     bool     `toml:"-" json:"-"`
+}
+
+// Validate validates configuration
+func (c *SlackConf) Validate() (errs []error) {
+	if !c.Enabled {
+		return
+	}
+
+	if len(c.HookURL) == 0 && len(c.LegacyToken) == 0 {
+		errs = append(errs, xerrors.New("slack.hookURL or slack.LegacyToken must not be empty"))
+	}
+
+	if len(c.Channel) == 0 {
+		errs = append(errs, xerrors.New("slack.channel must not be empty"))
+	} else {
+		if !(strings.HasPrefix(c.Channel, "#") ||
+			c.Channel == "${servername}") {
+			errs = append(errs, xerrors.Errorf(
+				"channel's prefix must be '#', channel: %s", c.Channel))
+		}
+	}
+
+	if len(c.AuthUser) == 0 {
+		errs = append(errs, xerrors.New("slack.authUser must not be empty"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+
+	return
+}
--- a/config/smtpconf.go
+++ b/config/smtpconf.go
@@ -0,0 +1,65 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// SMTPConf is smtp config
+type SMTPConf struct {
+	SMTPAddr      string   `toml:"smtpAddr,omitempty" json:"-"`
+	SMTPPort      string   `toml:"smtpPort,omitempty" valid:"port" json:"-"`
+	User          string   `toml:"user,omitempty" json:"-"`
+	Password      string   `toml:"password,omitempty" json:"-"`
+	From          string   `toml:"from,omitempty" json:"-"`
+	To            []string `toml:"to,omitempty" json:"-"`
+	Cc            []string `toml:"cc,omitempty" json:"-"`
+	SubjectPrefix string   `toml:"subjectPrefix,omitempty" json:"-"`
+	Enabled       bool     `toml:"-" json:"-"`
+}
+
+func checkEmails(emails []string) (errs []error) {
+	for _, addr := range emails {
+		if len(addr) == 0 {
+			return
+		}
+		if ok := govalidator.IsEmail(addr); !ok {
+			errs = append(errs, xerrors.Errorf("Invalid email address. email: %s", addr))
+		}
+	}
+	return
+}
+
+// Validate SMTP configuration
+func (c *SMTPConf) Validate() (errs []error) {
+	if !c.Enabled {
+		return
+	}
+	emails := []string{}
+	emails = append(emails, c.From)
+	emails = append(emails, c.To...)
+	emails = append(emails, c.Cc...)
+
+	if emailErrs := checkEmails(emails); 0 < len(emailErrs) {
+		errs = append(errs, emailErrs...)
+	}
+
+	if c.SMTPAddr == "" {
+		errs = append(errs, xerrors.New("email.smtpAddr must not be empty"))
+	}
+	if c.SMTPPort == "" {
+		errs = append(errs, xerrors.New("email.smtpPort must not be empty"))
+	}
+	if len(c.To) == 0 {
+		errs = append(errs, xerrors.New("email.To required at least one address"))
+	}
+	if len(c.From) == 0 {
+		errs = append(errs, xerrors.New("email.From required at least one address"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/syslogconf.go
+++ b/config/syslogconf.go
@@ -0,0 +1,130 @@
+package config
+
+import (
+	"errors"
+	"log/syslog"
+
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// SyslogConf is syslog config
+type SyslogConf struct {
+	Protocol string `json:"-"`
+	Host     string `valid:"host" json:"-"`
+	Port     string `valid:"port" json:"-"`
+	Severity string `json:"-"`
+	Facility string `json:"-"`
+	Tag      string `json:"-"`
+	Verbose  bool   `json:"-"`
+	Enabled  bool   `toml:"-" json:"-"`
+}
+
+// Validate validates configuration
+func (c *SyslogConf) Validate() (errs []error) {
+	if !c.Enabled {
+		return nil
+	}
+	//  If protocol is empty, it will connect to the local syslog server.
+	if len(c.Protocol) > 0 && c.Protocol != "tcp" && c.Protocol != "udp" {
+		errs = append(errs, errors.New(`syslog.protocol must be "tcp" or "udp"`))
+	}
+
+	// Default port: 514
+	if c.Port == "" {
+		c.Port = "514"
+	}
+
+	if _, err := c.GetSeverity(); err != nil {
+		errs = append(errs, err)
+	}
+
+	if _, err := c.GetFacility(); err != nil {
+		errs = append(errs, err)
+	}
+
+	if _, err := govalidator.ValidateStruct(c); err != nil {
+		errs = append(errs, err)
+	}
+	return errs
+}
+
+// GetSeverity gets severity
+func (c *SyslogConf) GetSeverity() (syslog.Priority, error) {
+	if c.Severity == "" {
+		return syslog.LOG_INFO, nil
+	}
+
+	switch c.Severity {
+	case "emerg":
+		return syslog.LOG_EMERG, nil
+	case "alert":
+		return syslog.LOG_ALERT, nil
+	case "crit":
+		return syslog.LOG_CRIT, nil
+	case "err":
+		return syslog.LOG_ERR, nil
+	case "warning":
+		return syslog.LOG_WARNING, nil
+	case "notice":
+		return syslog.LOG_NOTICE, nil
+	case "info":
+		return syslog.LOG_INFO, nil
+	case "debug":
+		return syslog.LOG_DEBUG, nil
+	default:
+		return -1, xerrors.Errorf("Invalid severity: %s", c.Severity)
+	}
+}
+
+// GetFacility gets facility
+func (c *SyslogConf) GetFacility() (syslog.Priority, error) {
+	if c.Facility == "" {
+		return syslog.LOG_AUTH, nil
+	}
+
+	switch c.Facility {
+	case "kern":
+		return syslog.LOG_KERN, nil
+	case "user":
+		return syslog.LOG_USER, nil
+	case "mail":
+		return syslog.LOG_MAIL, nil
+	case "daemon":
+		return syslog.LOG_DAEMON, nil
+	case "auth":
+		return syslog.LOG_AUTH, nil
+	case "syslog":
+		return syslog.LOG_SYSLOG, nil
+	case "lpr":
+		return syslog.LOG_LPR, nil
+	case "news":
+		return syslog.LOG_NEWS, nil
+	case "uucp":
+		return syslog.LOG_UUCP, nil
+	case "cron":
+		return syslog.LOG_CRON, nil
+	case "authpriv":
+		return syslog.LOG_AUTHPRIV, nil
+	case "ftp":
+		return syslog.LOG_FTP, nil
+	case "local0":
+		return syslog.LOG_LOCAL0, nil
+	case "local1":
+		return syslog.LOG_LOCAL1, nil
+	case "local2":
+		return syslog.LOG_LOCAL2, nil
+	case "local3":
+		return syslog.LOG_LOCAL3, nil
+	case "local4":
+		return syslog.LOG_LOCAL4, nil
+	case "local5":
+		return syslog.LOG_LOCAL5, nil
+	case "local6":
+		return syslog.LOG_LOCAL6, nil
+	case "local7":
+		return syslog.LOG_LOCAL7, nil
+	default:
+		return -1, xerrors.Errorf("Invalid facility: %s", c.Facility)
+	}
+}
--- a/config/telegramconf.go
+++ b/config/telegramconf.go
@@ -0,0 +1,33 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// TelegramConf is Telegram config
+type TelegramConf struct {
+	Token   string `json:"-"`
+	ChatID  string `json:"-"`
+	Enabled bool   `toml:"-" json:"-"`
+}
+
+// Validate validates configuration
+func (c *TelegramConf) Validate() (errs []error) {
+	if !c.Enabled {
+		return
+	}
+	if len(c.ChatID) == 0 {
+		errs = append(errs, xerrors.New("TelegramConf.ChatID must not be empty"))
+	}
+
+	if len(c.Token) == 0 {
+		errs = append(errs, xerrors.New("TelegramConf.Token must not be empty"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/tomlloader.go
+++ b/config/tomlloader.go
@@ -5,6 +5,7 @@ import (
 	"strings"

 	"github.com/BurntSushi/toml"
+	"github.com/future-architect/vuls/constant"
 	"github.com/knqyf263/go-cpe/naming"
 	"golang.org/x/xerrors"
 )
@@ -14,266 +15,212 @@ type TOMLLoader struct {
 }

 // Load load the configuration TOML file specified by path arg.
-func (c TOMLLoader) Load(pathToToml, keyPass string) error {
-	var conf Config
-	if _, err := toml.DecodeFile(pathToToml, &conf); err != nil {
+func (c TOMLLoader) Load(pathToToml string) error {
+	// util.Log.Infof("Loading config: %s", pathToToml)
+	if _, err := toml.DecodeFile(pathToToml, &Conf); err != nil {
 		return err
 	}
-	Conf.EMail = conf.EMail
-	Conf.Slack = conf.Slack
-	Conf.Stride = conf.Stride
-	Conf.HipChat = conf.HipChat
-	Conf.ChatWork = conf.ChatWork
-	Conf.Telegram = conf.Telegram
-	Conf.Saas = conf.Saas
-	Conf.Syslog = conf.Syslog
-	Conf.HTTP = conf.HTTP
-	Conf.AWS = conf.AWS
-	Conf.Azure = conf.Azure

-	Conf.CveDict = conf.CveDict
-	Conf.OvalDict = conf.OvalDict
-	Conf.Gost = conf.Gost
-	Conf.Exploit = conf.Exploit
-	Conf.Metasploit = conf.Metasploit
-
-	d := conf.Default
-	Conf.Default = d
-	servers := make(map[string]ServerInfo)
-
-	if keyPass != "" {
-		d.KeyPassword = keyPass
+	for _, cnf := range []VulnDictInterface{
+		&Conf.CveDict,
+		&Conf.OvalDict,
+		&Conf.Gost,
+		&Conf.Exploit,
+		&Conf.Metasploit,
+		&Conf.KEVuln,
+	} {
+		cnf.Init()
 	}

-	i := 0
-	for serverName, v := range conf.Servers {
-		if 0 < len(v.KeyPassword) {
-			return xerrors.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", serverName)
+	index := 0
+	for name, server := range Conf.Servers {
+		server.ServerName = name
+		if err := setDefaultIfEmpty(&server); err != nil {
+			return xerrors.Errorf("Failed to set default value to config. server: %s, err: %w", name, err)
 		}

-		s := ServerInfo{ServerName: serverName}
-		if v.Type != ServerTypePseudo {
-			s.Host = v.Host
-			if len(s.Host) == 0 {
-				return xerrors.Errorf("%s is invalid. host is empty", serverName)
-			}
-
-			s.JumpServer = v.JumpServer
-			if len(s.JumpServer) == 0 {
-				s.JumpServer = d.JumpServer
-			}
-
-			switch {
-			case v.Port != "":
-				s.Port = v.Port
-			case d.Port != "":
-				s.Port = d.Port
-			default:
-				s.Port = "22"
-			}
-
-			switch {
-			case v.User != "":
-				s.User = v.User
-			case d.User != "":
-				s.User = d.User
-			default:
-				if s.Port != "local" {
-					return xerrors.Errorf("%s is invalid. User is empty", serverName)
-				}
-			}
-
-			s.SSHConfigPath = v.SSHConfigPath
-			if len(s.SSHConfigPath) == 0 {
-				s.SSHConfigPath = d.SSHConfigPath
-			}
-
-			s.KeyPath = v.KeyPath
-			if len(s.KeyPath) == 0 {
-				s.KeyPath = d.KeyPath
-			}
-			s.KeyPassword = v.KeyPassword
-			if len(s.KeyPassword) == 0 {
-				s.KeyPassword = d.KeyPassword
-			}
+		if err := setScanMode(&server); err != nil {
+			return xerrors.Errorf("Failed to set ScanMode: %w", err)
 		}

-		s.ScanMode = v.ScanMode
-		if len(s.ScanMode) == 0 {
-			s.ScanMode = d.ScanMode
-			if len(s.ScanMode) == 0 {
-				s.ScanMode = []string{"fast"}
-			}
-		}
-		for _, m := range s.ScanMode {
-			switch m {
-			case "fast":
-				s.Mode.Set(Fast)
-			case "fast-root":
-				s.Mode.Set(FastRoot)
-			case "deep":
-				s.Mode.Set(Deep)
-			case "offline":
-				s.Mode.Set(Offline)
-			default:
-				return xerrors.Errorf("scanMode: %s of %s is invalid. Specify -fast, -fast-root, -deep or offline", m, serverName)
-			}
-		}
-		if err := s.Mode.validate(); err != nil {
-			return xerrors.Errorf("%s in %s", err, serverName)
+		if err := setScanModules(&server, Conf.Default); err != nil {
+			return xerrors.Errorf("Failed to set ScanModule: %w", err)
 		}

-		s.CpeNames = v.CpeNames
-		if len(s.CpeNames) == 0 {
-			s.CpeNames = d.CpeNames
+		if len(server.CpeNames) == 0 {
+			server.CpeNames = Conf.Default.CpeNames
 		}
-
-		s.Lockfiles = v.Lockfiles
-		if len(s.Lockfiles) == 0 {
-			s.Lockfiles = d.Lockfiles
-		}
-
-		s.FindLock = v.FindLock
-
-		for i, n := range s.CpeNames {
+		for i, n := range server.CpeNames {
 			uri, err := toCpeURI(n)
 			if err != nil {
-				return xerrors.Errorf("Failed to parse CPENames %s in %s, err: %w", n, serverName, err)
+				return xerrors.Errorf("Failed to parse CPENames %s in %s, err: %w", n, name, err)
 			}
-			s.CpeNames[i] = uri
+			server.CpeNames[i] = uri
 		}

-		s.ContainersIncluded = v.ContainersIncluded
-		if len(s.ContainersIncluded) == 0 {
-			s.ContainersIncluded = d.ContainersIncluded
-		}
-
-		s.ContainersExcluded = v.ContainersExcluded
-		if len(s.ContainersExcluded) == 0 {
-			s.ContainersExcluded = d.ContainersExcluded
-		}
-
-		s.ContainerType = v.ContainerType
-		if len(s.ContainerType) == 0 {
-			s.ContainerType = d.ContainerType
-		}
-
-		s.Containers = v.Containers
-		for contName, cont := range s.Containers {
-			cont.IgnoreCves = append(cont.IgnoreCves, d.IgnoreCves...)
-			s.Containers[contName] = cont
-		}
-
-		if len(v.DependencyCheckXMLPath) != 0 || len(d.DependencyCheckXMLPath) != 0 {
-			return xerrors.Errorf("[DEPRECATED] dependencyCheckXMLPath IS DEPRECATED. USE owaspDCXMLPath INSTEAD: %s", serverName)
-		}
-
-		s.OwaspDCXMLPath = v.OwaspDCXMLPath
-		if len(s.OwaspDCXMLPath) == 0 {
-			s.OwaspDCXMLPath = d.OwaspDCXMLPath
-		}
-
-		s.Memo = v.Memo
-		if s.Memo == "" {
-			s.Memo = d.Memo
-		}
-
-		s.IgnoreCves = v.IgnoreCves
-		for _, cve := range d.IgnoreCves {
+		for _, cve := range Conf.Default.IgnoreCves {
 			found := false
-			for _, c := range s.IgnoreCves {
+			for _, c := range server.IgnoreCves {
 				if cve == c {
 					found = true
 					break
 				}
 			}
 			if !found {
-				s.IgnoreCves = append(s.IgnoreCves, cve)
+				server.IgnoreCves = append(server.IgnoreCves, cve)
 			}
 		}

-		s.IgnorePkgsRegexp = v.IgnorePkgsRegexp
-		for _, pkg := range d.IgnorePkgsRegexp {
+		for _, pkg := range Conf.Default.IgnorePkgsRegexp {
 			found := false
-			for _, p := range s.IgnorePkgsRegexp {
+			for _, p := range server.IgnorePkgsRegexp {
 				if pkg == p {
 					found = true
 					break
 				}
 			}
 			if !found {
-				s.IgnorePkgsRegexp = append(s.IgnorePkgsRegexp, pkg)
+				server.IgnorePkgsRegexp = append(server.IgnorePkgsRegexp, pkg)
 			}
 		}
-		for _, reg := range s.IgnorePkgsRegexp {
+		for _, reg := range server.IgnorePkgsRegexp {
 			_, err := regexp.Compile(reg)
 			if err != nil {
-				return xerrors.Errorf("Failed to parse %s in %s. err: %w", reg, serverName, err)
+				return xerrors.Errorf("Failed to parse %s in %s. err: %w", reg, name, err)
 			}
 		}
-		for contName, cont := range s.Containers {
+		for contName, cont := range server.Containers {
 			for _, reg := range cont.IgnorePkgsRegexp {
 				_, err := regexp.Compile(reg)
 				if err != nil {
 					return xerrors.Errorf("Failed to parse %s in %s@%s. err: %w",
-						reg, contName, serverName, err)
+						reg, contName, name, err)
 				}
 			}
 		}

-		opt := map[string]interface{}{}
-		for k, v := range d.Optional {
-			opt[k] = v
+		for ownerRepo, githubSetting := range server.GitHubRepos {
+			if ss := strings.Split(ownerRepo, "/"); len(ss) != 2 {
+				return xerrors.Errorf("Failed to parse GitHub owner/repo: %s in %s",
+					ownerRepo, name)
+			}
+			if githubSetting.Token == "" {
+				return xerrors.Errorf("GitHub owner/repo: %s in %s token is empty",
+					ownerRepo, name)
+			}
 		}
-		for k, v := range v.Optional {
-			opt[k] = v
-		}
-		s.Optional = opt

-		s.Enablerepo = v.Enablerepo
-		if len(s.Enablerepo) == 0 {
-			s.Enablerepo = d.Enablerepo
+		if len(server.Enablerepo) == 0 {
+			server.Enablerepo = Conf.Default.Enablerepo
 		}
-		if len(s.Enablerepo) != 0 {
-			for _, repo := range s.Enablerepo {
+		if len(server.Enablerepo) != 0 {
+			for _, repo := range server.Enablerepo {
 				switch repo {
 				case "base", "updates":
 					// nop
 				default:
 					return xerrors.Errorf(
-						"For now, enablerepo have to be base or updates: %s, servername: %s",
-						s.Enablerepo, serverName)
+						"For now, enablerepo have to be base or updates: %s",
+						server.Enablerepo)
 				}
 			}
 		}

-		s.GitHubRepos = v.GitHubRepos
-		for ownerRepo, githubSetting := range s.GitHubRepos {
-			if ss := strings.Split(ownerRepo, "/"); len(ss) != 2 {
-				return xerrors.Errorf("Failed to parse GitHub owner/repo: %s in %s",
-					ownerRepo, serverName)
-			}
-			if githubSetting.Token == "" {
-				return xerrors.Errorf("GitHub owner/repo: %s in %s token is empty",
-					ownerRepo, serverName)
-			}
+		if server.PortScan.ScannerBinPath != "" {
+			server.PortScan.IsUseExternalScanner = true
 		}

-		s.UUIDs = v.UUIDs
-		s.Type = v.Type
+		server.LogMsgAnsiColor = Colors[index%len(Colors)]
+		index++

-		s.WordPress.WPVulnDBToken = v.WordPress.WPVulnDBToken
-		s.WordPress.CmdPath = v.WordPress.CmdPath
-		s.WordPress.DocRoot = v.WordPress.DocRoot
-		s.WordPress.OSUser = v.WordPress.OSUser
-		s.WordPress.IgnoreInactive = v.WordPress.IgnoreInactive
-
-		s.LogMsgAnsiColor = Colors[i%len(Colors)]
-		i++
-
-		servers[serverName] = s
+		Conf.Servers[name] = server
 	}
-	Conf.Servers = servers
+	return nil
+}
+
+func setDefaultIfEmpty(server *ServerInfo) error {
+	if server.Type != constant.ServerTypePseudo {
+		if len(server.Host) == 0 {
+			return xerrors.Errorf("server.host is empty")
+		}
+
+		if len(server.JumpServer) == 0 {
+			server.JumpServer = Conf.Default.JumpServer
+		}
+
+		if server.Port == "" {
+			server.Port = Conf.Default.Port
+		}
+
+		if server.User == "" {
+			server.User = Conf.Default.User
+		}
+
+		if server.SSHConfigPath == "" {
+			server.SSHConfigPath = Conf.Default.SSHConfigPath
+		}
+
+		if server.KeyPath == "" {
+			server.KeyPath = Conf.Default.KeyPath
+		}
+	}
+
+	if len(server.Lockfiles) == 0 {
+		server.Lockfiles = Conf.Default.Lockfiles
+	}
+
+	if len(server.ContainersIncluded) == 0 {
+		server.ContainersIncluded = Conf.Default.ContainersIncluded
+	}
+
+	if len(server.ContainersExcluded) == 0 {
+		server.ContainersExcluded = Conf.Default.ContainersExcluded
+	}
+
+	if server.ContainerType == "" {
+		server.ContainerType = Conf.Default.ContainerType
+	}
+
+	for contName, cont := range server.Containers {
+		cont.IgnoreCves = append(cont.IgnoreCves, Conf.Default.IgnoreCves...)
+		server.Containers[contName] = cont
+	}
+
+	if server.OwaspDCXMLPath == "" {
+		server.OwaspDCXMLPath = Conf.Default.OwaspDCXMLPath
+	}
+
+	if server.Memo == "" {
+		server.Memo = Conf.Default.Memo
+	}
+
+	if server.WordPress == nil {
+		server.WordPress = Conf.Default.WordPress
+		if server.WordPress == nil {
+			server.WordPress = &WordPressConf{}
+		}
+	}
+
+	if server.PortScan == nil {
+		server.PortScan = Conf.Default.PortScan
+		if server.PortScan == nil {
+			server.PortScan = &PortScanConf{}
+		}
+	}
+
+	if len(server.IgnoredJSONKeys) == 0 {
+		server.IgnoredJSONKeys = Conf.Default.IgnoredJSONKeys
+	}
+
+	opt := map[string]interface{}{}
+	for k, v := range Conf.Default.Optional {
+		opt[k] = v
+	}
+	for k, v := range server.Optional {
+		opt[k] = v
+	}
+	server.Optional = opt
+
 	return nil
 }

--- a/config/vulnDictConf.go
+++ b/config/vulnDictConf.go
@@ -0,0 +1,303 @@
+package config
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/future-architect/vuls/logging"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+)
+
+// VulnDictInterface is an interface of vulnsrc
+type VulnDictInterface interface {
+	Init()
+	Validate() error
+	IsFetchViaHTTP() bool
+	CheckHTTPHealth() error
+	GetName() string
+	GetType() string
+	GetURL() string
+	GetSQLite3Path() string
+	GetDebugSQL() bool
+}
+
+// VulnDict is a base struct of vuln dicts
+type VulnDict struct {
+	Name string
+
+	// DB type of CVE dictionary (sqlite3, mysql, postgres or redis)
+	Type string
+
+	// http://cve-dictionary.com:1323 or DB connection string
+	URL string `json:"-"`
+
+	// /path/to/cve.sqlite3
+	SQLite3Path string
+
+	DebugSQL bool
+}
+
+// GetType returns type
+func (cnf VulnDict) GetType() string {
+	return cnf.Type
+}
+
+// GetName returns name
+func (cnf VulnDict) GetName() string {
+	return cnf.Name
+}
+
+// GetURL returns url
+func (cnf VulnDict) GetURL() string {
+	return cnf.URL
+}
+
+// GetSQLite3Path return the path of SQLite3
+func (cnf VulnDict) GetSQLite3Path() string {
+	return cnf.SQLite3Path
+}
+
+// GetDebugSQL return debugSQL flag
+func (cnf VulnDict) GetDebugSQL() bool {
+	return cnf.DebugSQL
+}
+
+// Validate settings
+func (cnf VulnDict) Validate() error {
+	logging.Log.Infof("%s.type=%s, %s.url=%s, %s.SQLite3Path=%s",
+		cnf.Name, cnf.Type, cnf.Name, cnf.URL, cnf.Name, cnf.SQLite3Path)
+
+	switch cnf.Type {
+	case "sqlite3":
+		if cnf.URL != "" {
+			return xerrors.Errorf("To use SQLite3, specify %s.type=sqlite3 and %s.SQLite3Path. To use as HTTP server mode, specify %s.type=http and %s.url",
+				cnf.Name, cnf.Name, cnf.Name, cnf.Name)
+		}
+		if ok, _ := govalidator.IsFilePath(cnf.SQLite3Path); !ok {
+			return xerrors.Errorf("SQLite3 path must be a *Absolute* file path. %s.SQLite3Path: %s",
+				cnf.Name, cnf.SQLite3Path)
+		}
+		if _, err := os.Stat(cnf.SQLite3Path); os.IsNotExist(err) {
+			logging.Log.Warnf("%s.SQLite3Path=%s file not found", cnf.Name, cnf.SQLite3Path)
+		}
+	case "mysql":
+		if cnf.URL == "" {
+			return xerrors.Errorf(`MySQL connection string is needed. %s.url="user:pass@tcp(localhost:3306)/dbname"`, cnf.Name)
+		}
+	case "postgres":
+		if cnf.URL == "" {
+			return xerrors.Errorf(`PostgreSQL connection string is needed. %s.url="host=myhost user=user dbname=dbname sslmode=disable password=password"`, cnf.Name)
+		}
+	case "redis":
+		if cnf.URL == "" {
+			return xerrors.Errorf(`Redis connection string is needed. %s.url="redis://localhost/0"`, cnf.Name)
+		}
+	case "http":
+		if cnf.URL == "" {
+			return xerrors.Errorf(`URL is needed. -%s-url="http://localhost:1323"`, cnf.Name)
+		}
+	default:
+		return xerrors.Errorf("%s.type must be either 'sqlite3', 'mysql', 'postgres', 'redis' or 'http'.  %s.type: %s", cnf.Name, cnf.Name, cnf.Type)
+	}
+	return nil
+}
+
+// Init the struct
+func (cnf VulnDict) Init() {}
+
+func (cnf *VulnDict) setDefault(sqlite3Name string) {
+	if cnf.Type == "" {
+		cnf.Type = "sqlite3"
+	}
+	if cnf.URL == "" && cnf.SQLite3Path == "" {
+		wd, _ := os.Getwd()
+		cnf.SQLite3Path = filepath.Join(wd, sqlite3Name)
+	}
+}
+
+// IsFetchViaHTTP returns if fetch via HTTP
+func (cnf VulnDict) IsFetchViaHTTP() bool {
+	return cnf.Type == "http"
+}
+
+// CheckHTTPHealth checks http server status
+func (cnf VulnDict) CheckHTTPHealth() error {
+	if !cnf.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.URL)
+	resp, _, errs := gorequest.New().Timeout(10 * time.Second).SetDebug(Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to request to CVE server. url: %s, errs: %s",
+			url, errs)
+	}
+	return nil
+}
+
+// GovalDictConf is goval-dictionary config
+type GovalDictConf struct {
+	VulnDict
+}
+
+const govalType = "OVALDB_TYPE"
+const govalURL = "OVALDB_URL"
+const govalPATH = "OVALDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *GovalDictConf) Init() {
+	cnf.Name = "ovalDict"
+	if os.Getenv(govalType) != "" {
+		cnf.Type = os.Getenv(govalType)
+	}
+	if os.Getenv(govalURL) != "" {
+		cnf.URL = os.Getenv(govalURL)
+	}
+	if os.Getenv(govalPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(govalPATH)
+	}
+	cnf.setDefault("oval.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
+}
+
+// ExploitConf is exploit config
+type ExploitConf struct {
+	VulnDict
+}
+
+const exploitDBType = "EXPLOITDB_TYPE"
+const exploitDBURL = "EXPLOITDB_URL"
+const exploitDBPATH = "EXPLOITDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *ExploitConf) Init() {
+	cnf.Name = "exploit"
+	if os.Getenv(exploitDBType) != "" {
+		cnf.Type = os.Getenv(exploitDBType)
+	}
+	if os.Getenv(exploitDBURL) != "" {
+		cnf.URL = os.Getenv(exploitDBURL)
+	}
+	if os.Getenv(exploitDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(exploitDBPATH)
+	}
+	cnf.setDefault("go-exploitdb.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
+}
+
+// GoCveDictConf is GoCveDict config
+type GoCveDictConf struct {
+	VulnDict
+}
+
+const cveDBType = "CVEDB_TYPE"
+const cveDBURL = "CVEDB_URL"
+const cveDBPATH = "CVEDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *GoCveDictConf) Init() {
+	cnf.Name = "cveDict"
+	if os.Getenv(cveDBType) != "" {
+		cnf.Type = os.Getenv(cveDBType)
+	}
+	if os.Getenv(cveDBURL) != "" {
+		cnf.URL = os.Getenv(cveDBURL)
+	}
+	if os.Getenv(cveDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(cveDBPATH)
+	}
+	cnf.setDefault("cve.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
+}
+
+// GostConf is gost config
+type GostConf struct {
+	VulnDict
+}
+
+const gostDBType = "GOSTDB_TYPE"
+const gostDBURL = "GOSTDB_URL"
+const gostDBPATH = "GOSTDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *GostConf) Init() {
+	cnf.Name = "gost"
+	if os.Getenv(gostDBType) != "" {
+		cnf.Type = os.Getenv(gostDBType)
+	}
+	if os.Getenv(gostDBURL) != "" {
+		cnf.URL = os.Getenv(gostDBURL)
+	}
+	if os.Getenv(gostDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(gostDBPATH)
+	}
+	cnf.setDefault("gost.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
+}
+
+// MetasploitConf is go-msfdb config
+type MetasploitConf struct {
+	VulnDict
+}
+
+const metasploitDBType = "METASPLOITDB_TYPE"
+const metasploitDBURL = "METASPLOITDB_URL"
+const metasploitDBPATH = "METASPLOITDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *MetasploitConf) Init() {
+	cnf.Name = "metasploit"
+	if os.Getenv(metasploitDBType) != "" {
+		cnf.Type = os.Getenv(metasploitDBType)
+	}
+	if os.Getenv(metasploitDBURL) != "" {
+		cnf.URL = os.Getenv(metasploitDBURL)
+	}
+	if os.Getenv(metasploitDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(metasploitDBPATH)
+	}
+	cnf.setDefault("go-msfdb.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
+}
+
+// KEVulnConf is go-kev config
+type KEVulnConf struct {
+	VulnDict
+}
+
+const kevulnDBType = "KEVULN_TYPE"
+const kevulnDBURL = "KEVULN_URL"
+const kevulnDBPATH = "KEVULN_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *KEVulnConf) Init() {
+	cnf.Name = "kevuln"
+	if os.Getenv(kevulnDBType) != "" {
+		cnf.Type = os.Getenv(kevulnDBType)
+	}
+	if os.Getenv(kevulnDBURL) != "" {
+		cnf.URL = os.Getenv(kevulnDBURL)
+	}
+	if os.Getenv(kevulnDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(kevulnDBPATH)
+	}
+	cnf.setDefault("go-kev.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
+}
--- a/constant/constant.go
+++ b/constant/constant.go
@@ -0,0 +1,64 @@
+package constant
+
+// Global constant
+// Pkg local constants should not be defined here.
+// Define them in the each package.
+
+const (
+	// RedHat is
+	RedHat = "redhat"
+
+	// Debian is
+	Debian = "debian"
+
+	// Ubuntu is
+	Ubuntu = "ubuntu"
+
+	// CentOS is
+	CentOS = "centos"
+
+	// Alma is
+	Alma = "alma"
+
+	// Rocky is
+	Rocky = "rocky"
+
+	// Fedora is
+	Fedora = "fedora"
+
+	// Amazon is
+	Amazon = "amazon"
+
+	// Oracle is
+	Oracle = "oracle"
+
+	// FreeBSD is
+	FreeBSD = "freebsd"
+
+	// Raspbian is
+	Raspbian = "raspbian"
+
+	// Windows is
+	Windows = "windows"
+
+	// OpenSUSE is
+	OpenSUSE = "opensuse"
+
+	// OpenSUSELeap is
+	OpenSUSELeap = "opensuse.leap"
+
+	// SUSEEnterpriseServer is
+	SUSEEnterpriseServer = "suse.linux.enterprise.server"
+
+	// SUSEEnterpriseDesktop is
+	SUSEEnterpriseDesktop = "suse.linux.enterprise.desktop"
+
+	// Alpine is
+	Alpine = "alpine"
+
+	// ServerTypePseudo is used for ServerInfo.Type, r.Family
+	ServerTypePseudo = "pseudo"
+
+	// DeepSecurity is
+	DeepSecurity = "deepsecurity"
+)
--- a/contrib/Dockerfile
+++ b/contrib/Dockerfile
@@ -0,0 +1,33 @@
+FROM golang:alpine as builder
+
+RUN apk add --no-cache \
+        git \
+        make \
+        gcc \
+        musl-dev
+
+ENV REPOSITORY github.com/future-architect/vuls
+COPY . $GOPATH/src/$REPOSITORY
+RUN cd $GOPATH/src/$REPOSITORY && \
+        make build-scanner && mv vuls $GOPATH/bin && \
+        make build-trivy-to-vuls && mv trivy-to-vuls $GOPATH/bin && \
+        make build-future-vuls && mv future-vuls $GOPATH/bin
+
+FROM alpine:3.15
+
+ENV LOGDIR /var/log/vuls
+ENV WORKDIR /vuls
+
+RUN apk add --no-cache \
+        openssh-client \
+        ca-certificates \
+        git \
+        nmap \
+    && mkdir -p $WORKDIR $LOGDIR
+
+COPY --from=builder /go/bin/vuls /go/bin/trivy-to-vuls /go/bin/future-vuls /usr/local/bin/
+COPY --from=aquasec/trivy:latest /usr/local/bin/trivy /usr/local/bin/trivy
+
+VOLUME ["$WORKDIR", "$LOGDIR"]
+WORKDIR $WORKDIR
+ENV PWD $WORKDIR
--- a/contrib/future-vuls/cmd/main.go
+++ b/contrib/future-vuls/cmd/main.go
@@ -10,7 +10,7 @@ import (

 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/report"
+	"github.com/future-architect/vuls/saas"
 	"github.com/spf13/cobra"
 )

@@ -73,7 +73,7 @@ func main() {
 			config.Conf.Saas.GroupID = groupID
 			config.Conf.Saas.Token = token
 			config.Conf.Saas.URL = url
-			if err = (report.SaasWriter{}).Write(scanResult); err != nil {
+			if err = (saas.Writer{}).Write(scanResult); err != nil {
 				fmt.Println(err)
 				os.Exit(1)
 				return
@@ -81,6 +81,14 @@ func main() {
 			return
 		},
 	}
+	var cmdVersion = &cobra.Command{
+		Use:   "version",
+		Short: "Show version",
+		Long:  "Show version",
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Printf("future-vuls-%s-%s\n", config.Version, config.Revision)
+		},
+	}
 	cmdFvulsUploader.PersistentFlags().StringVar(&serverUUID, "uuid", "", "server uuid. ENV: VULS_SERVER_UUID")
 	cmdFvulsUploader.PersistentFlags().StringVar(&configFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
 	cmdFvulsUploader.PersistentFlags().BoolVarP(&stdIn, "stdin", "s", false, "input from stdin. ENV: VULS_STDIN")
@@ -92,6 +100,7 @@ func main() {

 	var rootCmd = &cobra.Command{Use: "future-vuls"}
 	rootCmd.AddCommand(cmdFvulsUploader)
+	rootCmd.AddCommand(cmdVersion)
 	if err = rootCmd.Execute(); err != nil {
 		fmt.Println("Failed to execute command", err)
 	}
--- a/contrib/trivy/cmd/main.go
+++ b/contrib/trivy/cmd/main.go
@@ -9,8 +9,8 @@ import (
 	"os"
 	"path/filepath"

+	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/contrib/trivy/parser"
-	"github.com/future-architect/vuls/models"
 	"github.com/spf13/cobra"
 )

@@ -34,45 +34,55 @@ func main() {
 				reader := bufio.NewReader(os.Stdin)
 				buf := new(bytes.Buffer)
 				if _, err = buf.ReadFrom(reader); err != nil {
+					fmt.Printf("Failed to read file. err: %+v\n", err)
 					os.Exit(1)
-					return
 				}
 				trivyJSON = buf.Bytes()
 			} else {
 				if trivyJSON, err = ioutil.ReadFile(jsonFilePath); err != nil {
-					fmt.Println("Failed to read file", err)
+					fmt.Printf("Failed to read file. err: %+v\n", err)
 					os.Exit(1)
-					return
 				}
 			}

-			scanResult := &models.ScanResult{
-				JSONVersion: models.JSONVersion,
-				ScannedCves: models.VulnInfos{},
-			}
-			if scanResult, err = parser.Parse(trivyJSON, scanResult); err != nil {
-				fmt.Println("Failed to execute command", err)
+			parser, err := parser.NewParser(trivyJSON)
+			if err != nil {
+				fmt.Printf("Failed to new parser. err: %+v\n", err)
+				os.Exit(1)
+			}
+			scanResult, err := parser.Parse(trivyJSON)
+			if err != nil {
+				fmt.Printf("Failed to parse. err: %+v\n", err)
 				os.Exit(1)
-				return
 			}
 			var resultJSON []byte
 			if resultJSON, err = json.MarshalIndent(scanResult, "", "   "); err != nil {
-				fmt.Println("Failed to create json", err)
+				fmt.Printf("Failed to create json. err: %+v\n", err)
 				os.Exit(1)
-				return
 			}
 			fmt.Println(string(resultJSON))
-			return
 		},
 	}
+
+	var cmdVersion = &cobra.Command{
+		Use:   "version",
+		Short: "Show version",
+		Long:  "Show version",
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Printf("trivy-to-vuls-%s-%s\n", config.Version, config.Revision)
+		},
+	}
+
 	cmdTrivyToVuls.Flags().BoolVarP(&stdIn, "stdin", "s", false, "input from stdin")
 	cmdTrivyToVuls.Flags().StringVarP(&jsonDir, "trivy-json-dir", "d", "./", "trivy json dir")
 	cmdTrivyToVuls.Flags().StringVarP(&jsonFileName, "trivy-json-file-name", "f", "results.json", "trivy json file name")

 	var rootCmd = &cobra.Command{Use: "trivy-to-vuls"}
 	rootCmd.AddCommand(cmdTrivyToVuls)
+	rootCmd.AddCommand(cmdVersion)
 	if err = rootCmd.Execute(); err != nil {
-		fmt.Println("Failed to execute command", err)
+		fmt.Printf("Failed to execute command. err: %+v\n", err)
 		os.Exit(1)
 	}
+	os.Exit(0)
 }
--- a/contrib/trivy/parser/parser.go
+++ b/contrib/trivy/parser/parser.go
@@ -2,163 +2,32 @@ package parser

 import (
 	"encoding/json"
-	"sort"
-	"time"

-	"github.com/aquasecurity/fanal/analyzer/os"
-	"github.com/aquasecurity/trivy/pkg/report"
-	"github.com/aquasecurity/trivy/pkg/types"
+	v2 "github.com/future-architect/vuls/contrib/trivy/parser/v2"
 	"github.com/future-architect/vuls/models"
+	"golang.org/x/xerrors"
 )

-// Parse :
-func Parse(vulnJSON []byte, scanResult *models.ScanResult) (result *models.ScanResult, err error) {
-	var trivyResults report.Results
-	if err = json.Unmarshal(vulnJSON, &trivyResults); err != nil {
-		return nil, err
-	}
-
-	pkgs := models.Packages{}
-	vulnInfos := models.VulnInfos{}
-	uniqueLibraryScannerPaths := map[string]models.LibraryScanner{}
-	for _, trivyResult := range trivyResults {
-		for _, vuln := range trivyResult.Vulnerabilities {
-			if _, ok := vulnInfos[vuln.VulnerabilityID]; !ok {
-				vulnInfos[vuln.VulnerabilityID] = models.VulnInfo{
-					CveID: vuln.VulnerabilityID,
-					Confidences: models.Confidences{
-						{
-							Score:           100,
-							DetectionMethod: models.TrivyMatchStr,
-						},
-					},
-					AffectedPackages: models.PackageFixStatuses{},
-					CveContents:      models.CveContents{},
-					LibraryFixedIns:  models.LibraryFixedIns{},
-					// VulnType : "",
-				}
-			}
-			vulnInfo := vulnInfos[vuln.VulnerabilityID]
-			var notFixedYet bool
-			fixState := ""
-			if len(vuln.FixedVersion) == 0 {
-				notFixedYet = true
-				fixState = "Affected"
-			}
-			var references models.References
-			for _, reference := range vuln.References {
-				references = append(references, models.Reference{
-					Source: "trivy",
-					Link:   reference,
-				})
-			}
-
-			sort.Slice(references, func(i, j int) bool {
-				return references[i].Link < references[j].Link
-			})
-
-			vulnInfo.CveContents = models.CveContents{
-				models.Trivy: models.CveContent{
-					Cvss3Severity: vuln.Severity,
-					References:    references,
-					Title:         vuln.Title,
-					Summary:       vuln.Description,
-				},
-			}
-			// do only if image type is Vuln
-			if IsTrivySupportedOS(trivyResult.Type) {
-				pkgs[vuln.PkgName] = models.Package{
-					Name:    vuln.PkgName,
-					Version: vuln.InstalledVersion,
-				}
-				vulnInfo.AffectedPackages = append(vulnInfo.AffectedPackages, models.PackageFixStatus{
-					Name:        vuln.PkgName,
-					NotFixedYet: notFixedYet,
-					FixState:    fixState,
-					FixedIn:     vuln.FixedVersion,
-				})
-
-				// overwrite every time if os package
-				scanResult.Family = trivyResult.Type
-				scanResult.ServerName = trivyResult.Target
-				scanResult.Optional = map[string]interface{}{
-					"trivy-target": trivyResult.Target,
-				}
-				scanResult.ScannedAt = time.Now()
-				scanResult.ScannedBy = "trivy"
-				scanResult.ScannedVia = "trivy"
-			} else {
-				// LibraryScanの結果
-				vulnInfo.LibraryFixedIns = append(vulnInfo.LibraryFixedIns, models.LibraryFixedIn{
-					Key:     trivyResult.Type,
-					Name:    vuln.PkgName,
-					Path:    trivyResult.Target,
-					FixedIn: vuln.FixedVersion,
-				})
-				libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
-				libScanner.Libs = append(libScanner.Libs, types.Library{
-					Name:    vuln.PkgName,
-					Version: vuln.InstalledVersion,
-				})
-				uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
-			}
-			vulnInfos[vuln.VulnerabilityID] = vulnInfo
-		}
-	}
-	// flatten and unique libraries
-	libraryScanners := make([]models.LibraryScanner, 0, len(uniqueLibraryScannerPaths))
-	for path, v := range uniqueLibraryScannerPaths {
-		uniqueLibrary := map[string]types.Library{}
-		for _, lib := range v.Libs {
-			uniqueLibrary[lib.Name+lib.Version] = lib
-		}
-
-		var libraries []types.Library
-		for _, library := range uniqueLibrary {
-			libraries = append(libraries, library)
-		}
-
-		sort.Slice(libraries, func(i, j int) bool {
-			return libraries[i].Name < libraries[j].Name
-		})
-
-		libscanner := models.LibraryScanner{
-			Path: path,
-			Libs: libraries,
-		}
-		libraryScanners = append(libraryScanners, libscanner)
-	}
-	sort.Slice(libraryScanners, func(i, j int) bool {
-		return libraryScanners[i].Path < libraryScanners[j].Path
-	})
-	scanResult.ScannedCves = vulnInfos
-	scanResult.Packages = pkgs
-	scanResult.LibraryScanners = libraryScanners
-	return scanResult, nil
+// Parser is a parser interface
+type Parser interface {
+	Parse(vulnJSON []byte) (result *models.ScanResult, err error)
 }

-// IsTrivySupportedOS :
-func IsTrivySupportedOS(family string) bool {
-	supportedFamilies := []string{
-		os.RedHat,
-		os.Debian,
-		os.Ubuntu,
-		os.CentOS,
-		os.Fedora,
-		os.Amazon,
-		os.Oracle,
-		os.Windows,
-		os.OpenSUSE,
-		os.OpenSUSELeap,
-		os.OpenSUSETumbleweed,
-		os.SLES,
-		os.Photon,
-		os.Alpine,
-	}
-	for _, supportedFamily := range supportedFamilies {
-		if family == supportedFamily {
-			return true
-		}
-	}
-	return false
+// Report is used for judgeing the scheme version of trivy
+type Report struct {
+	SchemaVersion int `json:",omitempty"`
+}
+
+// NewParser make a parser for the schema version of trivy
+func NewParser(vulnJSON []byte) (Parser, error) {
+	r := Report{}
+	if err := json.Unmarshal(vulnJSON, &r); err != nil {
+		return nil, xerrors.Errorf("Failed to parse JSON. Please use the latest version of trivy, trivy-to-vuls and future-vuls")
+	}
+	switch r.SchemaVersion {
+	case 2:
+		return v2.ParserV2{}, nil
+	default:
+		return nil, xerrors.Errorf("Failed to parse trivy json. SchemeVersion %d is not supported yet. Please contact support", r.SchemaVersion)
+	}
 }
--- a/contrib/trivy/parser/parser_test.go
+++ b/contrib/trivy/parser/parser_test.go
--- a/contrib/trivy/parser/v2/parser.go
+++ b/contrib/trivy/parser/v2/parser.go
@@ -0,0 +1,62 @@
+package v2
+
+import (
+	"encoding/json"
+	"regexp"
+	"time"
+
+	"github.com/aquasecurity/trivy/pkg/types"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/constant"
+	"github.com/future-architect/vuls/contrib/trivy/pkg"
+	"github.com/future-architect/vuls/models"
+)
+
+// ParserV2 is a parser for scheme v2
+type ParserV2 struct {
+}
+
+// Parse trivy's JSON and convert to the Vuls struct
+func (p ParserV2) Parse(vulnJSON []byte) (result *models.ScanResult, err error) {
+	var report types.Report
+	if err = json.Unmarshal(vulnJSON, &report); err != nil {
+		return nil, err
+	}
+
+	scanResult, err := pkg.Convert(report.Results)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := setScanResultMeta(scanResult, &report); err != nil {
+		return nil, err
+	}
+	return scanResult, nil
+}
+
+var dockerTagPattern = regexp.MustCompile(`:.+$`)
+
+func setScanResultMeta(scanResult *models.ScanResult, report *types.Report) error {
+	if len(report.Results) == 0 {
+		return xerrors.Errorf("scanned images or libraries are not supported by Trivy. see https://aquasecurity.github.io/trivy/dev/vulnerability/detection/os/, https://aquasecurity.github.io/trivy/dev/vulnerability/detection/language/")
+	}
+
+	scanResult.ServerName = report.ArtifactName
+	if report.ArtifactType == "container_image" && !dockerTagPattern.MatchString(scanResult.ServerName) {
+		scanResult.ServerName += ":latest" // Complement if the tag is omitted
+	}
+
+	if report.Metadata.OS != nil {
+		scanResult.Family = report.Metadata.OS.Family
+		scanResult.Release = report.Metadata.OS.Name
+	} else {
+		scanResult.Family = constant.ServerTypePseudo
+	}
+
+	scanResult.ScannedAt = time.Now()
+	scanResult.ScannedBy = "trivy"
+	scanResult.ScannedVia = "trivy"
+
+	return nil
+}
--- a/contrib/trivy/parser/v2/parser_test.go
+++ b/contrib/trivy/parser/v2/parser_test.go
@@ -0,0 +1,799 @@
+package v2
+
+import (
+	"testing"
+
+	"github.com/d4l3k/messagediff"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/models"
+)
+
+func TestParse(t *testing.T) {
+	cases := map[string]struct {
+		vulnJSON []byte
+		expected *models.ScanResult
+	}{
+		"image redis": {
+			vulnJSON: redisTrivy,
+			expected: redisSR,
+		},
+		"image struts": {
+			vulnJSON: strutsTrivy,
+			expected: strutsSR,
+		},
+		"image osAndLib": {
+			vulnJSON: osAndLibTrivy,
+			expected: osAndLibSR,
+		},
+	}
+
+	for testcase, v := range cases {
+		actual, err := ParserV2{}.Parse(v.vulnJSON)
+		if err != nil {
+			t.Errorf("%s", err)
+		}
+
+		diff, equal := messagediff.PrettyDiff(
+			v.expected,
+			actual,
+			messagediff.IgnoreStructField("ScannedAt"),
+			messagediff.IgnoreStructField("Title"),
+			messagediff.IgnoreStructField("Summary"),
+			messagediff.IgnoreStructField("LastModified"),
+			messagediff.IgnoreStructField("Published"),
+		)
+		if !equal {
+			t.Errorf("test: %s, diff %s", testcase, diff)
+		}
+	}
+}
+
+var redisTrivy = []byte(`
+{
+  "SchemaVersion": 2,
+  "ArtifactName": "redis",
+  "ArtifactType": "container_image",
+  "Metadata": {
+    "OS": {
+      "Family": "debian",
+      "Name": "10.10"
+    },
+    "ImageID": "sha256:ddcca4b8a6f0367b5de2764dfe76b0a4bfa6d75237932185923705da47004347",
+    "DiffIDs": [
+      "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781",
+      "sha256:b6fc243eaea74d1a41b242da4c3ec5166db80f38c4d57a10ce8860c00d902ace",
+      "sha256:ec92e47b7c52dacc26df07ee13e8e81c099b5a5661ccc97b06692a9c9d01e772",
+      "sha256:4be6d4460d3615186717f21ffc0023b168dce48967d01934bbe31127901d3d5c",
+      "sha256:992463b683270e164936e9c48fa395d05a7b8b5cc0aa208e4fa81aa9158fcae1",
+      "sha256:0083597d42d190ddb86c35587a7b196fe18d79382520544b5f715c1e4792b19a"
+    ],
+    "RepoTags": [
+      "redis:latest"
+    ],
+    "RepoDigests": [
+      "redis@sha256:66ce9bc742609650afc3de7009658473ed601db4e926a5b16d239303383bacad"
+    ],
+    "ImageConfig": {
+      "architecture": "amd64",
+      "container": "fa59f1c2817c9095f8f7272a4ab9b11db0332b33efb3a82c00a3d1fec8763684",
+      "created": "2021-08-17T14:30:06.550779326Z",
+      "docker_version": "20.10.7",
+      "history": [
+        {
+          "created": "2021-08-17T01:24:06Z",
+          "created_by": "/bin/sh -c #(nop) ADD file:87b4e60fe3af680c6815448374365a44e9ea461bc8ade2960b4639c25aed3ba9 in / "
+        },
+        {
+          "created": "2021-08-17T14:30:06Z",
+          "created_by": "/bin/sh -c #(nop)  CMD [\"redis-server\"]",
+          "empty_layer": true
+        }
+      ],
+      "os": "linux",
+      "rootfs": {
+        "type": "layers",
+        "diff_ids": [
+          "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781",
+          "sha256:b6fc243eaea74d1a41b242da4c3ec5166db80f38c4d57a10ce8860c00d902ace",
+          "sha256:ec92e47b7c52dacc26df07ee13e8e81c099b5a5661ccc97b06692a9c9d01e772",
+          "sha256:4be6d4460d3615186717f21ffc0023b168dce48967d01934bbe31127901d3d5c",
+          "sha256:992463b683270e164936e9c48fa395d05a7b8b5cc0aa208e4fa81aa9158fcae1",
+          "sha256:0083597d42d190ddb86c35587a7b196fe18d79382520544b5f715c1e4792b19a"
+        ]
+      },
+      "config": {
+        "Cmd": [
+          "redis-server"
+        ],
+        "Entrypoint": [
+          "docker-entrypoint.sh"
+        ],
+        "Env": [
+          "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+          "GOSU_VERSION=1.12",
+          "REDIS_VERSION=6.2.5",
+          "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-6.2.5.tar.gz",
+          "REDIS_DOWNLOAD_SHA=4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae"
+        ],
+        "Image": "sha256:befbd3fc62bffcd0115008969a014faaad07828b2c54b4bcfd2d9fc3aa2508cd",
+        "Volumes": {
+          "/data": {}
+        },
+        "WorkingDir": "/data"
+      }
+    }
+  },
+  "Results": [
+    {
+      "Target": "redis (debian 10.10)",
+      "Class": "os-pkgs",
+      "Type": "debian",
+      "Packages": [
+        {
+          "Name": "adduser",
+          "Version": "3.118",
+          "SrcName": "adduser",
+          "SrcVersion": "3.118",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          }
+        },
+        {
+          "Name": "apt",
+          "Version": "1.8.2.3",
+          "SrcName": "apt",
+          "SrcVersion": "1.8.2.3",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          }
+        },
+        {
+          "Name": "bsdutils",
+          "Version": "1:2.33.1-0.1",
+          "SrcName": "util-linux",
+          "SrcVersion": "2.33.1-0.1",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          }
+        },
+        {
+          "Name": "pkgA",
+          "Version": "1:2.33.1-0.1",
+          "SrcName": "util-linux",
+          "SrcVersion": "2.33.1-0.1",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          }
+        }
+      ],
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2011-3374",
+          "PkgName": "apt",
+          "InstalledVersion": "1.8.2.3",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          },
+          "SeveritySource": "debian",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374",
+          "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.",
+          "Severity": "LOW",
+          "CweIDs": [
+            "CWE-347"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
+              "V2Score": 4.3,
+              "V3Score": 3.7
+            }
+          },
+          "References": [
+            "https://access.redhat.com/security/cve/cve-2011-3374"
+          ],
+          "PublishedDate": "2019-11-26T00:15:00Z",
+          "LastModifiedDate": "2021-02-09T16:08:00Z"
+        }
+      ]
+    }
+  ]
+}
+`)
+var redisSR = &models.ScanResult{
+	JSONVersion: 4,
+	ServerName:  "redis:latest",
+	Family:      "debian",
+	Release:     "10.10",
+	ScannedBy:   "trivy",
+	ScannedVia:  "trivy",
+	ScannedCves: models.VulnInfos{
+		"CVE-2011-3374": {
+			CveID: "CVE-2011-3374",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{
+				models.PackageFixStatus{
+					Name:        "apt",
+					NotFixedYet: true,
+					FixState:    "Affected",
+					FixedIn:     "",
+				}},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "",
+					Summary:       "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.",
+					Cvss3Severity: "LOW",
+					References: models.References{
+						{Source: "trivy", Link: "https://access.redhat.com/security/cve/cve-2011-3374"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{},
+		},
+	},
+	LibraryScanners: models.LibraryScanners{},
+	Packages: models.Packages{
+		"apt": models.Package{
+			Name:    "apt",
+			Version: "1.8.2.3",
+		},
+		"adduser": models.Package{
+			Name:    "adduser",
+			Version: "3.118",
+		},
+		"bsdutils": models.Package{
+			Name:    "bsdutils",
+			Version: "1:2.33.1-0.1",
+		},
+		"pkgA": models.Package{
+			Name:    "pkgA",
+			Version: "1:2.33.1-0.1",
+		},
+	},
+	SrcPackages: models.SrcPackages{
+		"util-linux": models.SrcPackage{
+			Name:        "util-linux",
+			Version:     "2.33.1-0.1",
+			BinaryNames: []string{"bsdutils", "pkgA"},
+		},
+	},
+	Optional: nil,
+}
+
+var strutsTrivy = []byte(`
+{
+  "SchemaVersion": 2,
+  "ArtifactName": "/data/struts-1.2.7/lib",
+  "ArtifactType": "filesystem",
+  "Metadata": {
+    "ImageConfig": {
+      "architecture": "",
+      "created": "0001-01-01T00:00:00Z",
+      "os": "",
+      "rootfs": {
+        "type": "",
+        "diff_ids": null
+      },
+      "config": {}
+    }
+  },
+  "Results": [
+    {
+      "Target": "Java",
+      "Class": "lang-pkgs",
+      "Type": "jar",
+      "Packages": [
+        {
+          "Name": "oro:oro",
+          "Version": "2.0.7",
+          "Layer": {}
+        },
+        {
+          "Name": "struts:struts",
+          "Version": "1.2.7",
+          "Layer": {}
+        },
+        {
+          "Name": "commons-beanutils:commons-beanutils",
+          "Version": "1.7.0",
+          "Layer": {}
+        }
+      ],
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2014-0114",
+          "PkgName": "commons-beanutils:commons-beanutils",
+          "InstalledVersion": "1.7.0",
+          "FixedVersion": "1.9.2",
+          "Layer": {},
+          "SeveritySource": "nvd",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-0114",
+          "Title": "Apache Struts 1: Class Loader manipulation via request parameters",
+          "Description": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
+          "Severity": "HIGH",
+          "CweIDs": [
+            "CWE-20"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V2Score": 7.5
+            },
+            "redhat": {
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V2Score": 7.5
+            }
+          },
+          "References": [
+            "http://advisories.mageia.org/MGASA-2014-0219.html"
+          ],
+          "PublishedDate": "2014-04-30T10:49:00Z",
+          "LastModifiedDate": "2021-01-26T18:15:00Z"
+        },
+        {
+          "VulnerabilityID": "CVE-2012-1007",
+          "PkgName": "struts:struts",
+          "InstalledVersion": "1.2.7",
+          "Layer": {},
+          "SeveritySource": "nvd",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-1007",
+          "Title": "struts: multiple XSS flaws",
+          "Description": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.",
+          "Severity": "MEDIUM",
+          "CweIDs": [
+            "CWE-79"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+              "V2Score": 4.3
+            },
+            "redhat": {
+              "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+              "V2Score": 4.3
+            }
+          },
+          "References": [
+            "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007"
+          ],
+          "PublishedDate": "2012-02-07T04:09:00Z",
+          "LastModifiedDate": "2018-10-17T01:29:00Z"
+        }
+      ]
+    }
+  ]
+}`)
+
+var strutsSR = &models.ScanResult{
+	JSONVersion: 4,
+	ServerName:  "/data/struts-1.2.7/lib",
+	Family:      "pseudo",
+	ScannedBy:   "trivy",
+	ScannedVia:  "trivy",
+	ScannedCves: models.VulnInfos{
+		"CVE-2014-0114": {
+			CveID: "CVE-2014-0114",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "Apache Struts 1: Class Loader manipulation via request parameters",
+					Summary:       "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
+					Cvss3Severity: "HIGH",
+					References: models.References{
+						{Source: "trivy", Link: "http://advisories.mageia.org/MGASA-2014-0219.html"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{
+				models.LibraryFixedIn{
+					Key:     "jar",
+					Name:    "commons-beanutils:commons-beanutils",
+					FixedIn: "1.9.2",
+					//TODO use Artifactname?
+					Path: "Java",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{},
+		},
+		"CVE-2012-1007": {
+			CveID: "CVE-2012-1007",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "struts: multiple XSS flaws",
+					Summary:       "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.",
+					Cvss3Severity: "MEDIUM",
+					References: models.References{
+						{Source: "trivy", Link: "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{
+				models.LibraryFixedIn{
+					Key:     "jar",
+					Name:    "struts:struts",
+					FixedIn: "",
+					//TODO use Artifactname?
+					Path: "Java",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{},
+		},
+	},
+	LibraryScanners: models.LibraryScanners{
+		models.LibraryScanner{
+			Type:         "jar",
+			LockfilePath: "Java",
+			Libs: []models.Library{
+				{
+					Name:    "commons-beanutils:commons-beanutils",
+					Version: "1.7.0",
+				},
+				{
+					Name:    "oro:oro",
+					Version: "2.0.7",
+				},
+				{
+					Name:    "struts:struts",
+					Version: "1.2.7",
+				},
+			},
+		},
+	},
+	Packages:    models.Packages{},
+	SrcPackages: models.SrcPackages{},
+	Optional:    nil,
+}
+
+var osAndLibTrivy = []byte(`
+{
+  "SchemaVersion": 2,
+  "ArtifactName": "quay.io/fluentd_elasticsearch/fluentd:v2.9.0",
+  "ArtifactType": "container_image",
+  "Metadata": {
+    "OS": {
+      "Family": "debian",
+      "Name": "10.2"
+    },
+    "ImageID": "sha256:5a992077baba51b97f27591a10d54d2f2723dc9c81a3fe419e261023f2554933",
+    "DiffIDs": [
+      "sha256:25165eb51d15842f870f97873e0a58409d5e860e6108e3dd829bd10e484c0065"
+    ],
+    "RepoTags": [
+      "quay.io/fluentd_elasticsearch/fluentd:v2.9.0"
+    ],
+    "RepoDigests": [
+      "quay.io/fluentd_elasticsearch/fluentd@sha256:54716d825ec9791ffb403ac17a1e82159c98ac6161e02b2a054595ad01aa6726"
+    ],
+    "ImageConfig": {
+      "architecture": "amd64",
+      "container": "232f3fc7ddffd71dc3ff52c6c0c3a5feea2f51acffd9b53850a8fc6f1a15319a",
+      "created": "2020-03-04T13:59:39.161374106Z",
+      "docker_version": "19.03.4",
+      "history": [
+        {
+          "created": "2020-03-04T13:59:39.161374106Z",
+          "created_by": "/bin/sh -c #(nop)  CMD [\"/run.sh\"]",
+          "empty_layer": true
+        }
+      ],
+      "os": "linux",
+      "rootfs": {
+        "type": "layers",
+        "diff_ids": [
+          "sha256:25165eb51d15842f870f97873e0a58409d5e860e6108e3dd829bd10e484c0065"
+        ]
+      },
+      "config": {
+        "Cmd": [
+          "/run.sh"
+        ],
+        "Env": [
+          "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+          "LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2"
+        ],
+        "Image": "sha256:2a538358cddc4824e9eff1531e0c63ae5e3cda85d2984c647df9b1c816b9b86b",
+        "ExposedPorts": {
+          "80/tcp": {}
+        }
+      }
+    }
+  },
+  "Results": [
+    {
+      "Target": "quay.io/fluentd_elasticsearch/fluentd:v2.9.0 (debian 10.2)",
+      "Class": "os-pkgs",
+      "Type": "debian",
+      "Packages": [
+        {
+          "Name": "libgnutls30",
+          "Version": "3.6.7-4",
+          "SrcName": "gnutls28",
+          "SrcVersion": "3.6.7-4",
+          "Layer": {
+            "Digest": "sha256:000eee12ec04cc914bf96e8f5dee7767510c2aca3816af6078bd9fbe3150920c",
+            "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f"
+          }
+        }
+      ],
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2021-20231",
+          "PkgName": "libgnutls30",
+          "InstalledVersion": "3.6.7-4",
+          "FixedVersion": "3.6.7-4+deb10u7",
+          "Layer": {
+            "Digest": "sha256:000eee12ec04cc914bf96e8f5dee7767510c2aca3816af6078bd9fbe3150920c",
+            "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f"
+          },
+          "SeveritySource": "nvd",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20231",
+          "Title": "gnutls: Use after free in client key_share extension",
+          "Description": "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
+          "Severity": "CRITICAL",
+          "CweIDs": [
+            "CWE-416"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+              "V2Score": 7.5,
+              "V3Score": 9.8
+            },
+            "redhat": {
+              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
+              "V3Score": 3.7
+            }
+          },
+          "References": [
+            "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"
+          ],
+          "PublishedDate": "2021-03-12T19:15:00Z",
+          "LastModifiedDate": "2021-06-01T14:07:00Z"
+        }
+      ]
+    },
+    {
+      "Target": "Ruby",
+      "Class": "lang-pkgs",
+      "Type": "gemspec",
+      "Packages": [
+        {
+          "Name": "activesupport",
+          "Version": "6.0.2.1",
+          "License": "MIT",
+          "Layer": {
+            "Digest": "sha256:a8877cad19f14a7044524a145ce33170085441a7922458017db1631dcd5f7602",
+            "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9"
+          },
+          "FilePath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec"
+        }
+      ],
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2020-8165",
+          "PkgName": "activesupport",
+          "PkgPath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec",
+          "InstalledVersion": "6.0.2.1",
+          "FixedVersion": "6.0.3.1, 5.2.4.3",
+          "Layer": {
+            "Digest": "sha256:a8877cad19f14a7044524a145ce33170085441a7922458017db1631dcd5f7602",
+            "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9"
+          },
+          "SeveritySource": "nvd",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8165",
+          "Title": "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore",
+          "Description": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.",
+          "Severity": "CRITICAL",
+          "CweIDs": [
+            "CWE-502"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+              "V2Score": 7.5,
+              "V3Score": 9.8
+            },
+            "redhat": {
+              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+              "V3Score": 9.8
+            }
+          },
+          "References": [
+            "https://www.debian.org/security/2020/dsa-4766"
+          ],
+          "PublishedDate": "2020-06-19T18:15:00Z",
+          "LastModifiedDate": "2020-10-17T12:15:00Z"
+        }
+      ]
+    }
+  ]
+}`)
+
+var osAndLibSR = &models.ScanResult{
+	JSONVersion: 4,
+	ServerName:  "quay.io/fluentd_elasticsearch/fluentd:v2.9.0",
+	Family:      "debian",
+	Release:     "10.2",
+	ScannedBy:   "trivy",
+	ScannedVia:  "trivy",
+	ScannedCves: models.VulnInfos{
+		"CVE-2021-20231": {
+			CveID: "CVE-2021-20231",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{
+				models.PackageFixStatus{
+					Name:        "libgnutls30",
+					NotFixedYet: false,
+					FixState:    "",
+					FixedIn:     "3.6.7-4+deb10u7",
+				}},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "gnutls: Use after free in client key_share extension",
+					Summary:       "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
+					Cvss3Severity: "CRITICAL",
+					References: models.References{
+						{Source: "trivy", Link: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{},
+		},
+		"CVE-2020-8165": {
+			CveID: "CVE-2020-8165",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore",
+					Summary:       "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.",
+					Cvss3Severity: "CRITICAL",
+					References: models.References{
+						{Source: "trivy", Link: "https://www.debian.org/security/2020/dsa-4766"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{
+				models.LibraryFixedIn{
+					Key:     "gemspec",
+					Name:    "activesupport",
+					FixedIn: "6.0.3.1, 5.2.4.3",
+					Path:    "Ruby",
+				},
+			},
+		},
+	},
+	LibraryScanners: models.LibraryScanners{
+		models.LibraryScanner{
+			Type:         "gemspec",
+			LockfilePath: "Ruby",
+			Libs: []models.Library{
+				{
+					Name:     "activesupport",
+					Version:  "6.0.2.1",
+					FilePath: "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec",
+				},
+			},
+		},
+	},
+	Packages: models.Packages{
+		"libgnutls30": models.Package{
+			Name:    "libgnutls30",
+			Version: "3.6.7-4",
+		},
+	},
+	SrcPackages: models.SrcPackages{
+		"gnutls28": models.SrcPackage{
+			Name:        "gnutls28",
+			Version:     "3.6.7-4",
+			BinaryNames: []string{"libgnutls30"},
+		},
+	},
+	Optional: nil,
+}
+
+func TestParseError(t *testing.T) {
+	cases := map[string]struct {
+		vulnJSON []byte
+		expected error
+	}{
+		"image hello-world": {
+			vulnJSON: helloWorldTrivy,
+			expected: xerrors.Errorf("scanned images or libraries are not supported by Trivy. see https://aquasecurity.github.io/trivy/dev/vulnerability/detection/os/, https://aquasecurity.github.io/trivy/dev/vulnerability/detection/language/"),
+		},
+	}
+
+	for testcase, v := range cases {
+		_, err := ParserV2{}.Parse(v.vulnJSON)
+
+		diff, equal := messagediff.PrettyDiff(
+			v.expected,
+			err,
+			messagediff.IgnoreStructField("frame"),
+		)
+		if !equal {
+			t.Errorf("test: %s, diff %s", testcase, diff)
+		}
+	}
+}
+
+var helloWorldTrivy = []byte(`
+{
+  "SchemaVersion": 2,
+  "ArtifactName": "hello-world:latest",
+  "ArtifactType": "container_image",
+  "Metadata": {
+    "ImageID": "sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412",
+    "DiffIDs": [
+      "sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359"
+    ],
+    "RepoTags": [
+      "hello-world:latest"
+    ],
+    "RepoDigests": [
+      "hello-world@sha256:97a379f4f88575512824f3b352bc03cd75e239179eea0fecc38e597b2209f49a"
+    ],
+    "ImageConfig": {
+      "architecture": "amd64",
+      "container": "8746661ca3c2f215da94e6d3f7dfdcafaff5ec0b21c9aff6af3dc379a82fbc72",
+      "created": "2021-09-23T23:47:57.442225064Z",
+      "docker_version": "20.10.7",
+      "history": [
+        {
+          "created": "2021-09-23T23:47:57Z",
+          "created_by": "/bin/sh -c #(nop) COPY file:50563a97010fd7ce1ceebd1fa4f4891ac3decdf428333fb2683696f4358af6c2 in / "
+        },
+        {
+          "created": "2021-09-23T23:47:57Z",
+          "created_by": "/bin/sh -c #(nop)  CMD [\"/hello\"]",
+          "empty_layer": true
+        }
+      ],
+      "os": "linux",
+      "rootfs": {
+        "type": "layers",
+        "diff_ids": [
+          "sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359"
+        ]
+      },
+      "config": {
+        "Cmd": [
+          "/hello"
+        ],
+        "Env": [
+          "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "Image": "sha256:b9935d4e8431fb1a7f0989304ec86b3329a99a25f5efdc7f09f3f8c41434ca6d"
+      }
+    }
+  }
+}`)
--- a/contrib/trivy/pkg/converter.go
+++ b/contrib/trivy/pkg/converter.go
@@ -0,0 +1,200 @@
+package pkg
+
+import (
+	"sort"
+	"time"
+
+	"github.com/aquasecurity/fanal/analyzer/os"
+	"github.com/aquasecurity/trivy/pkg/types"
+
+	"github.com/future-architect/vuls/models"
+)
+
+// Convert :
+func Convert(results types.Results) (result *models.ScanResult, err error) {
+	scanResult := &models.ScanResult{
+		JSONVersion: models.JSONVersion,
+		ScannedCves: models.VulnInfos{},
+	}
+
+	pkgs := models.Packages{}
+	srcPkgs := models.SrcPackages{}
+	vulnInfos := models.VulnInfos{}
+	uniqueLibraryScannerPaths := map[string]models.LibraryScanner{}
+	for _, trivyResult := range results {
+		for _, vuln := range trivyResult.Vulnerabilities {
+			if _, ok := vulnInfos[vuln.VulnerabilityID]; !ok {
+				vulnInfos[vuln.VulnerabilityID] = models.VulnInfo{
+					CveID: vuln.VulnerabilityID,
+					Confidences: models.Confidences{
+						{
+							Score:           100,
+							DetectionMethod: models.TrivyMatchStr,
+						},
+					},
+					AffectedPackages: models.PackageFixStatuses{},
+					CveContents:      models.CveContents{},
+					LibraryFixedIns:  models.LibraryFixedIns{},
+					// VulnType : "",
+				}
+			}
+			vulnInfo := vulnInfos[vuln.VulnerabilityID]
+			var notFixedYet bool
+			fixState := ""
+			if len(vuln.FixedVersion) == 0 {
+				notFixedYet = true
+				fixState = "Affected"
+			}
+			var references models.References
+			for _, reference := range vuln.References {
+				references = append(references, models.Reference{
+					Source: "trivy",
+					Link:   reference,
+				})
+			}
+
+			sort.Slice(references, func(i, j int) bool {
+				return references[i].Link < references[j].Link
+			})
+
+			var published time.Time
+			if vuln.PublishedDate != nil {
+				published = *vuln.PublishedDate
+			}
+
+			var lastModified time.Time
+			if vuln.LastModifiedDate != nil {
+				lastModified = *vuln.LastModifiedDate
+			}
+
+			vulnInfo.CveContents = models.CveContents{
+				models.Trivy: []models.CveContent{{
+					Cvss3Severity: vuln.Severity,
+					References:    references,
+					Title:         vuln.Title,
+					Summary:       vuln.Description,
+					Published:     published,
+					LastModified:  lastModified,
+				}},
+			}
+			// do only if image type is Vuln
+			if isTrivySupportedOS(trivyResult.Type) {
+				pkgs[vuln.PkgName] = models.Package{
+					Name:    vuln.PkgName,
+					Version: vuln.InstalledVersion,
+				}
+				vulnInfo.AffectedPackages = append(vulnInfo.AffectedPackages, models.PackageFixStatus{
+					Name:        vuln.PkgName,
+					NotFixedYet: notFixedYet,
+					FixState:    fixState,
+					FixedIn:     vuln.FixedVersion,
+				})
+			} else {
+				vulnInfo.LibraryFixedIns = append(vulnInfo.LibraryFixedIns, models.LibraryFixedIn{
+					Key:     trivyResult.Type,
+					Name:    vuln.PkgName,
+					Path:    trivyResult.Target,
+					FixedIn: vuln.FixedVersion,
+				})
+				libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
+				libScanner.Type = trivyResult.Type
+				libScanner.Libs = append(libScanner.Libs, models.Library{
+					Name:     vuln.PkgName,
+					Version:  vuln.InstalledVersion,
+					FilePath: vuln.PkgPath,
+				})
+				uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
+			}
+			vulnInfos[vuln.VulnerabilityID] = vulnInfo
+		}
+
+		// --list-all-pkgs flg of trivy will output all installed packages, so collect them.
+		if trivyResult.Class == types.ClassOSPkg {
+			for _, p := range trivyResult.Packages {
+				pkgs[p.Name] = models.Package{
+					Name:    p.Name,
+					Version: p.Version,
+				}
+				if p.Name != p.SrcName {
+					if v, ok := srcPkgs[p.SrcName]; !ok {
+						srcPkgs[p.SrcName] = models.SrcPackage{
+							Name:        p.SrcName,
+							Version:     p.SrcVersion,
+							BinaryNames: []string{p.Name},
+						}
+					} else {
+						v.AddBinaryName(p.Name)
+						srcPkgs[p.SrcName] = v
+					}
+				}
+			}
+		} else if trivyResult.Class == types.ClassLangPkg {
+			libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
+			libScanner.Type = trivyResult.Type
+			for _, p := range trivyResult.Packages {
+				libScanner.Libs = append(libScanner.Libs, models.Library{
+					Name:     p.Name,
+					Version:  p.Version,
+					FilePath: p.FilePath,
+				})
+			}
+			uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
+		}
+	}
+
+	// flatten and unique libraries
+	libraryScanners := make([]models.LibraryScanner, 0, len(uniqueLibraryScannerPaths))
+	for path, v := range uniqueLibraryScannerPaths {
+		uniqueLibrary := map[string]models.Library{}
+		for _, lib := range v.Libs {
+			uniqueLibrary[lib.Name+lib.Version] = lib
+		}
+
+		var libraries []models.Library
+		for _, library := range uniqueLibrary {
+			libraries = append(libraries, library)
+		}
+
+		sort.Slice(libraries, func(i, j int) bool {
+			return libraries[i].Name < libraries[j].Name
+		})
+
+		libscanner := models.LibraryScanner{
+			Type:         v.Type,
+			LockfilePath: path,
+			Libs:         libraries,
+		}
+		libraryScanners = append(libraryScanners, libscanner)
+	}
+	sort.Slice(libraryScanners, func(i, j int) bool {
+		return libraryScanners[i].LockfilePath < libraryScanners[j].LockfilePath
+	})
+	scanResult.ScannedCves = vulnInfos
+	scanResult.Packages = pkgs
+	scanResult.SrcPackages = srcPkgs
+	scanResult.LibraryScanners = libraryScanners
+	return scanResult, nil
+}
+
+func isTrivySupportedOS(family string) bool {
+	supportedFamilies := map[string]struct{}{
+		os.RedHat:             {},
+		os.Debian:             {},
+		os.Ubuntu:             {},
+		os.CentOS:             {},
+		os.Rocky:              {},
+		os.Alma:               {},
+		os.Fedora:             {},
+		os.Amazon:             {},
+		os.Oracle:             {},
+		os.Windows:            {},
+		os.OpenSUSE:           {},
+		os.OpenSUSELeap:       {},
+		os.OpenSUSETumbleweed: {},
+		os.SLES:               {},
+		os.Photon:             {},
+		os.Alpine:             {},
+	}
+	_, ok := supportedFamilies[family]
+	return ok
+}
--- a/detector/cve_client.go
+++ b/detector/cve_client.go
@@ -0,0 +1,224 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/util"
+	cvedb "github.com/vulsio/go-cve-dictionary/db"
+	cvelog "github.com/vulsio/go-cve-dictionary/log"
+	cvemodels "github.com/vulsio/go-cve-dictionary/models"
+)
+
+type goCveDictClient struct {
+	driver  cvedb.DB
+	baseURL string
+}
+
+func newGoCveDictClient(cnf config.VulnDictInterface, o logging.LogOpts) (*goCveDictClient, error) {
+	if err := cvelog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil {
+		return nil, xerrors.Errorf("Failed to set go-cve-dictionary logger. err: %w", err)
+	}
+
+	driver, err := newCveDB(cnf)
+	if err != nil {
+		return nil, xerrors.Errorf("Failed to newCveDB. err: %w", err)
+	}
+	return &goCveDictClient{driver: driver, baseURL: cnf.GetURL()}, nil
+}
+
+func (client goCveDictClient) closeDB() error {
+	if client.driver == nil {
+		return nil
+	}
+	return client.driver.CloseDB()
+}
+
+type response struct {
+	Key       string
+	CveDetail cvemodels.CveDetail
+}
+
+func (client goCveDictClient) fetchCveDetails(cveIDs []string) (cveDetails []cvemodels.CveDetail, err error) {
+	if client.driver == nil {
+		reqChan := make(chan string, len(cveIDs))
+		resChan := make(chan response, len(cveIDs))
+		errChan := make(chan error, len(cveIDs))
+		defer close(reqChan)
+		defer close(resChan)
+		defer close(errChan)
+
+		go func() {
+			for _, cveID := range cveIDs {
+				reqChan <- cveID
+			}
+		}()
+
+		concurrency := 10
+		tasks := util.GenWorkers(concurrency)
+		for range cveIDs {
+			tasks <- func() {
+				select {
+				case cveID := <-reqChan:
+					url, err := util.URLPathJoin(client.baseURL, "cves", cveID)
+					if err != nil {
+						errChan <- err
+					} else {
+						logging.Log.Debugf("HTTP Request to %s", url)
+						httpGet(cveID, url, resChan, errChan)
+					}
+				}
+			}
+		}
+
+		timeout := time.After(2 * 60 * time.Second)
+		var errs []error
+		for range cveIDs {
+			select {
+			case res := <-resChan:
+				cveDetails = append(cveDetails, res.CveDetail)
+			case err := <-errChan:
+				errs = append(errs, err)
+			case <-timeout:
+				return nil, xerrors.New("Timeout Fetching CVE")
+			}
+		}
+		if len(errs) != 0 {
+			return nil,
+				xerrors.Errorf("Failed to fetch CVE. err: %w", errs)
+		}
+	} else {
+		m, err := client.driver.GetMulti(cveIDs)
+		if err != nil {
+			return nil, xerrors.Errorf("Failed to GetMulti. err: %w", err)
+		}
+		for _, v := range m {
+			cveDetails = append(cveDetails, v)
+		}
+	}
+	return cveDetails, nil
+}
+
+func httpGet(key, url string, resChan chan<- response, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	f := func() (err error) {
+		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			return xerrors.Errorf("HTTP GET Error, url: %s, resp: %v, err: %+v",
+				url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %+v", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- xerrors.Errorf("HTTP Error: %w", err)
+		return
+	}
+	cveDetail := cvemodels.CveDetail{}
+	if err := json.Unmarshal([]byte(body), &cveDetail); err != nil {
+		errChan <- xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
+		return
+	}
+	resChan <- response{
+		key,
+		cveDetail,
+	}
+}
+
+func (client goCveDictClient) detectCveByCpeURI(cpeURI string, useJVN bool) (cves []cvemodels.CveDetail, err error) {
+	if client.driver == nil {
+		url, err := util.URLPathJoin(client.baseURL, "cpes")
+		if err != nil {
+			return nil, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+		}
+
+		query := map[string]string{"name": cpeURI}
+		logging.Log.Debugf("HTTP Request to %s, query: %#v", url, query)
+		if cves, err = httpPost(url, query); err != nil {
+			return nil, xerrors.Errorf("Failed to post HTTP Request. err: %w", err)
+		}
+	} else {
+		if cves, err = client.driver.GetByCpeURI(cpeURI); err != nil {
+			return nil, xerrors.Errorf("Failed to get CVEs by CPEURI. err: %w", err)
+		}
+	}
+
+	if useJVN {
+		return cves, nil
+	}
+
+	nvdCves := []cvemodels.CveDetail{}
+	for _, cve := range cves {
+		if !cve.HasNvd() {
+			continue
+		}
+		cve.Jvns = []cvemodels.Jvn{}
+		nvdCves = append(nvdCves, cve)
+	}
+	return nvdCves, nil
+}
+
+func httpPost(url string, query map[string]string) ([]cvemodels.CveDetail, error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	f := func() (err error) {
+		req := gorequest.New().Timeout(10 * time.Second).Post(url)
+		for key := range query {
+			req = req.Send(fmt.Sprintf("%s=%s", key, query[key])).Type("json")
+		}
+		resp, body, errs = req.End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			return xerrors.Errorf("HTTP POST error. url: %s, resp: %v, err: %+v", url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed to HTTP POST. retrying in %s seconds. err: %+v", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		return nil, xerrors.Errorf("HTTP Error: %w", err)
+	}
+
+	cveDetails := []cvemodels.CveDetail{}
+	if err := json.Unmarshal([]byte(body), &cveDetails); err != nil {
+		return nil,
+			xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
+	}
+	return cveDetails, nil
+}
+
+func newCveDB(cnf config.VulnDictInterface) (cvedb.DB, error) {
+	if cnf.IsFetchViaHTTP() {
+		return nil, nil
+	}
+	path := cnf.GetURL()
+	if cnf.GetType() == "sqlite3" {
+		path = cnf.GetSQLite3Path()
+	}
+	driver, locked, err := cvedb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), cvedb.Option{})
+	if err != nil {
+		if locked {
+			return nil, xerrors.Errorf("Failed to init CVE DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
+		}
+		return nil, xerrors.Errorf("Failed to init CVE DB. DB Path: %s, err: %w", path, err)
+	}
+	return driver, nil
+}
--- a/detector/detector.go
+++ b/detector/detector.go
@@ -0,0 +1,608 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"os"
+	"strings"
+	"time"
+
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/constant"
+	"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
+	"github.com/future-architect/vuls/cwe"
+	"github.com/future-architect/vuls/gost"
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/oval"
+	"github.com/future-architect/vuls/reporter"
+	"github.com/future-architect/vuls/util"
+	cvemodels "github.com/vulsio/go-cve-dictionary/models"
+)
+
+// Cpe :
+type Cpe struct {
+	CpeURI string
+	UseJVN bool
+}
+
+// Detect vulns and fill CVE detailed information
+func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
+
+	// Use the same reportedAt for all rs
+	reportedAt := time.Now()
+	for i, r := range rs {
+		if !config.Conf.RefreshCve && !needToRefreshCve(r) {
+			logging.Log.Info("No need to refresh")
+			continue
+		}
+
+		if !reuseScannedCves(&r) {
+			r.ScannedCves = models.VulnInfos{}
+		}
+
+		if err := DetectLibsCves(&r, config.Conf.TrivyCacheDBDir, config.Conf.NoProgress); err != nil {
+			return nil, xerrors.Errorf("Failed to fill with Library dependency: %w", err)
+		}
+
+		if err := DetectPkgCves(&r, config.Conf.OvalDict, config.Conf.Gost, config.Conf.LogOpts); err != nil {
+			return nil, xerrors.Errorf("Failed to detect Pkg CVE: %w", err)
+		}
+
+		cpeURIs, owaspDCXMLPath := []string{}, ""
+		cpes := []Cpe{}
+		if len(r.Container.ContainerID) == 0 {
+			cpeURIs = config.Conf.Servers[r.ServerName].CpeNames
+			owaspDCXMLPath = config.Conf.Servers[r.ServerName].OwaspDCXMLPath
+		} else {
+			if s, ok := config.Conf.Servers[r.ServerName]; ok {
+				if con, ok := s.Containers[r.Container.Name]; ok {
+					cpeURIs = con.Cpes
+					owaspDCXMLPath = con.OwaspDCXMLPath
+				}
+			}
+		}
+		if owaspDCXMLPath != "" {
+			cpes, err := parser.Parse(owaspDCXMLPath)
+			if err != nil {
+				return nil, xerrors.Errorf("Failed to read OWASP Dependency Check XML on %s, `%s`, err: %w",
+					r.ServerInfo(), owaspDCXMLPath, err)
+			}
+			cpeURIs = append(cpeURIs, cpes...)
+		}
+		for _, uri := range cpeURIs {
+			cpes = append(cpes, Cpe{
+				CpeURI: uri,
+				UseJVN: true,
+			})
+		}
+		if err := DetectCpeURIsCves(&r, cpes, config.Conf.CveDict, config.Conf.LogOpts); err != nil {
+			return nil, xerrors.Errorf("Failed to detect CVE of `%s`: %w", cpeURIs, err)
+		}
+
+		repos := config.Conf.Servers[r.ServerName].GitHubRepos
+		if err := DetectGitHubCves(&r, repos); err != nil {
+			return nil, xerrors.Errorf("Failed to detect GitHub Cves: %w", err)
+		}
+
+		if err := DetectWordPressCves(&r, config.Conf.WpScan); err != nil {
+			return nil, xerrors.Errorf("Failed to detect WordPress Cves: %w", err)
+		}
+
+		if err := gost.FillCVEsWithRedHat(&r, config.Conf.Gost, config.Conf.LogOpts); err != nil {
+			return nil, xerrors.Errorf("Failed to fill with gost: %w", err)
+		}
+
+		if err := FillCvesWithNvdJvn(&r, config.Conf.CveDict, config.Conf.LogOpts); err != nil {
+			return nil, xerrors.Errorf("Failed to fill with CVE: %w", err)
+		}
+
+		nExploitCve, err := FillWithExploit(&r, config.Conf.Exploit, config.Conf.LogOpts)
+		if err != nil {
+			return nil, xerrors.Errorf("Failed to fill with exploit: %w", err)
+		}
+		logging.Log.Infof("%s: %d PoC are detected", r.FormatServerName(), nExploitCve)
+
+		nMetasploitCve, err := FillWithMetasploit(&r, config.Conf.Metasploit, config.Conf.LogOpts)
+		if err != nil {
+			return nil, xerrors.Errorf("Failed to fill with metasploit: %w", err)
+		}
+		logging.Log.Infof("%s: %d exploits are detected", r.FormatServerName(), nMetasploitCve)
+
+		if err := FillWithKEVuln(&r, config.Conf.KEVuln, config.Conf.LogOpts); err != nil {
+			return nil, xerrors.Errorf("Failed to fill with Known Exploited Vulnerabilities: %w", err)
+		}
+
+		FillCweDict(&r)
+
+		r.ReportedBy, _ = os.Hostname()
+		r.Lang = config.Conf.Lang
+		r.ReportedAt = reportedAt
+		r.ReportedVersion = config.Version
+		r.ReportedRevision = config.Revision
+		r.Config.Report = config.Conf
+		r.Config.Report.Servers = map[string]config.ServerInfo{
+			r.ServerName: config.Conf.Servers[r.ServerName],
+		}
+		rs[i] = r
+	}
+
+	// Overwrite the json file every time to clear the fields specified in config.IgnoredJSONKeys
+	for _, r := range rs {
+		if s, ok := config.Conf.Servers[r.ServerName]; ok {
+			r = r.ClearFields(s.IgnoredJSONKeys)
+		}
+		//TODO don't call here
+		if err := reporter.OverwriteJSONFile(dir, r); err != nil {
+			return nil, xerrors.Errorf("Failed to write JSON: %w", err)
+		}
+	}
+
+	if config.Conf.DiffPlus || config.Conf.DiffMinus {
+		prevs, err := loadPrevious(rs, config.Conf.ResultsDir)
+		if err != nil {
+			return nil, xerrors.Errorf("Failed to load previous results. err: %w", err)
+		}
+		rs = diff(rs, prevs, config.Conf.DiffPlus, config.Conf.DiffMinus)
+	}
+
+	for i, r := range rs {
+		nFiltered := 0
+		logging.Log.Infof("%s: total %d CVEs detected", r.FormatServerName(), len(r.ScannedCves))
+
+		if 0 < config.Conf.CvssScoreOver {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterByCvssOver(config.Conf.CvssScoreOver)
+			logging.Log.Infof("%s: %d CVEs filtered by --cvss-over=%g", r.FormatServerName(), nFiltered, config.Conf.CvssScoreOver)
+		}
+
+		if config.Conf.IgnoreUnfixed {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterUnfixed(config.Conf.IgnoreUnfixed)
+			logging.Log.Infof("%s: %d CVEs filtered by --ignore-unfixed", r.FormatServerName(), nFiltered)
+		}
+
+		if 0 < config.Conf.ConfidenceScoreOver {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterByConfidenceOver(config.Conf.ConfidenceScoreOver)
+			logging.Log.Infof("%s: %d CVEs filtered by --confidence-over=%d", r.FormatServerName(), nFiltered, config.Conf.ConfidenceScoreOver)
+		}
+
+		// IgnoreCves
+		ignoreCves := []string{}
+		if r.Container.Name == "" {
+			ignoreCves = config.Conf.Servers[r.ServerName].IgnoreCves
+		} else if con, ok := config.Conf.Servers[r.ServerName].Containers[r.Container.Name]; ok {
+			ignoreCves = con.IgnoreCves
+		}
+		if 0 < len(ignoreCves) {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterIgnoreCves(ignoreCves)
+			logging.Log.Infof("%s: %d CVEs filtered by ignoreCves=%s", r.FormatServerName(), nFiltered, ignoreCves)
+		}
+
+		// ignorePkgs
+		ignorePkgsRegexps := []string{}
+		if r.Container.Name == "" {
+			ignorePkgsRegexps = config.Conf.Servers[r.ServerName].IgnorePkgsRegexp
+		} else if s, ok := config.Conf.Servers[r.ServerName].Containers[r.Container.Name]; ok {
+			ignorePkgsRegexps = s.IgnorePkgsRegexp
+		}
+		if 0 < len(ignorePkgsRegexps) {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterIgnorePkgs(ignorePkgsRegexps)
+			logging.Log.Infof("%s: %d CVEs filtered by ignorePkgsRegexp=%s", r.FormatServerName(), nFiltered, ignorePkgsRegexps)
+		}
+
+		// IgnoreUnscored
+		if config.Conf.IgnoreUnscoredCves {
+			r.ScannedCves, nFiltered = r.ScannedCves.FindScoredVulns()
+			logging.Log.Infof("%s: %d CVEs filtered by --ignore-unscored-cves", r.FormatServerName(), nFiltered)
+		}
+
+		r.FilterInactiveWordPressLibs(config.Conf.WpScan.DetectInactive)
+		rs[i] = r
+	}
+	return rs, nil
+}
+
+// DetectPkgCves detects OS pkg cves
+// pass 2 configs
+func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf, logOpts logging.LogOpts) error {
+	// Pkg Scan
+	if isPkgCvesDetactable(r) {
+		// OVAL, gost(Debian Security Tracker) does not support Package for Raspbian, so skip it.
+		if r.Family == constant.Raspbian {
+			r = r.RemoveRaspbianPackFromResult()
+		}
+
+		// OVAL
+		if err := detectPkgsCvesWithOval(ovalCnf, r, logOpts); err != nil {
+			return xerrors.Errorf("Failed to detect CVE with OVAL: %w", err)
+		}
+
+		// gost
+		if err := detectPkgsCvesWithGost(gostCnf, r, logOpts); err != nil {
+			return xerrors.Errorf("Failed to detect CVE with gost: %w", err)
+		}
+	}
+
+	for i, v := range r.ScannedCves {
+		for j, p := range v.AffectedPackages {
+			if p.NotFixedYet && p.FixState == "" {
+				p.FixState = "Not fixed yet"
+				r.ScannedCves[i].AffectedPackages[j] = p
+			}
+		}
+	}
+
+	// To keep backward compatibility
+	// Newer versions use ListenPortStats,
+	// but older versions of Vuls are set to ListenPorts.
+	// Set ListenPorts to ListenPortStats to allow newer Vuls to report old results.
+	for i, pkg := range r.Packages {
+		for j, proc := range pkg.AffectedProcs {
+			for _, ipPort := range proc.ListenPorts {
+				ps, err := models.NewPortStat(ipPort)
+				if err != nil {
+					logging.Log.Warnf("Failed to parse ip:port: %s, err:%+v", ipPort, err)
+					continue
+				}
+				r.Packages[i].AffectedProcs[j].ListenPortStats = append(
+					r.Packages[i].AffectedProcs[j].ListenPortStats, *ps)
+			}
+		}
+	}
+
+	return nil
+}
+
+// isPkgCvesDetactable checks whether CVEs is detactable with gost and oval from the result
+func isPkgCvesDetactable(r *models.ScanResult) bool {
+	if r.Release == "" {
+		logging.Log.Infof("r.Release is empty. Skip OVAL and gost detection")
+		return false
+	}
+
+	if r.ScannedBy == "trivy" {
+		logging.Log.Infof("r.ScannedBy is trivy. Skip OVAL and gost detection")
+		return false
+	}
+
+	switch r.Family {
+	case constant.FreeBSD, constant.ServerTypePseudo:
+		logging.Log.Infof("%s type. Skip OVAL and gost detection", r.Family)
+		return false
+	default:
+		if len(r.Packages)+len(r.SrcPackages) == 0 {
+			logging.Log.Infof("Number of packages is 0. Skip OVAL and gost detection")
+			return false
+		}
+		return true
+	}
+}
+
+// DetectGitHubCves fetches CVEs from GitHub Security Alerts
+func DetectGitHubCves(r *models.ScanResult, githubConfs map[string]config.GitHubConf) error {
+	if len(githubConfs) == 0 {
+		return nil
+	}
+	for ownerRepo, setting := range githubConfs {
+		ss := strings.Split(ownerRepo, "/")
+		if len(ss) != 2 {
+			return xerrors.Errorf("Failed to parse GitHub owner/repo: %s", ownerRepo)
+		}
+		owner, repo := ss[0], ss[1]
+		n, err := DetectGitHubSecurityAlerts(r, owner, repo, setting.Token, setting.IgnoreGitHubDismissed)
+		if err != nil {
+			return xerrors.Errorf("Failed to access GitHub Security Alerts: %w", err)
+		}
+		logging.Log.Infof("%s: %d CVEs detected with GHSA %s/%s",
+			r.FormatServerName(), n, owner, repo)
+	}
+	return nil
+}
+
+// DetectWordPressCves detects CVEs of WordPress
+func DetectWordPressCves(r *models.ScanResult, wpCnf config.WpScanConf) error {
+	if len(r.WordPressPackages) == 0 {
+		return nil
+	}
+	logging.Log.Infof("%s: Detect WordPress CVE. Number of pkgs: %d ", r.ServerInfo(), len(r.WordPressPackages))
+	n, err := detectWordPressCves(r, wpCnf)
+	if err != nil {
+		return xerrors.Errorf("Failed to detect WordPress CVE: %w", err)
+	}
+	logging.Log.Infof("%s: found %d WordPress CVEs", r.FormatServerName(), n)
+	return nil
+}
+
+// FillCvesWithNvdJvn fills CVE detail with NVD, JVN
+func FillCvesWithNvdJvn(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error) {
+	cveIDs := []string{}
+	for _, v := range r.ScannedCves {
+		cveIDs = append(cveIDs, v.CveID)
+	}
+
+	client, err := newGoCveDictClient(&cnf, logOpts)
+	if err != nil {
+		return xerrors.Errorf("Failed to newGoCveDictClient. err: %w", err)
+	}
+	defer func() {
+		if err := client.closeDB(); err != nil {
+			logging.Log.Errorf("Failed to close DB. err: %+v", err)
+		}
+	}()
+
+	ds, err := client.fetchCveDetails(cveIDs)
+	if err != nil {
+		return xerrors.Errorf("Failed to fetchCveDetails. err: %w", err)
+	}
+
+	for _, d := range ds {
+		nvds, exploits, mitigations := models.ConvertNvdToModel(d.CveID, d.Nvds)
+		jvns := models.ConvertJvnToModel(d.CveID, d.Jvns)
+
+		alerts := fillCertAlerts(&d)
+		for cveID, vinfo := range r.ScannedCves {
+			if vinfo.CveID == d.CveID {
+				if vinfo.CveContents == nil {
+					vinfo.CveContents = models.CveContents{}
+				}
+				for _, con := range nvds {
+					if !con.Empty() {
+						vinfo.CveContents[con.Type] = []models.CveContent{con}
+					}
+				}
+				for _, con := range jvns {
+					if !con.Empty() {
+						found := false
+						for _, cveCont := range vinfo.CveContents[con.Type] {
+							if con.SourceLink == cveCont.SourceLink {
+								found = true
+								break
+							}
+						}
+						if !found {
+							vinfo.CveContents[con.Type] = append(vinfo.CveContents[con.Type], con)
+						}
+					}
+				}
+				vinfo.AlertDict = alerts
+				vinfo.Exploits = append(vinfo.Exploits, exploits...)
+				vinfo.Mitigations = append(vinfo.Mitigations, mitigations...)
+				r.ScannedCves[cveID] = vinfo
+				break
+			}
+		}
+	}
+	return nil
+}
+
+func fillCertAlerts(cvedetail *cvemodels.CveDetail) (dict models.AlertDict) {
+	for _, nvd := range cvedetail.Nvds {
+		for _, cert := range nvd.Certs {
+			dict.USCERT = append(dict.USCERT, models.Alert{
+				URL:   cert.Link,
+				Title: cert.Title,
+				Team:  "uscert",
+			})
+		}
+	}
+
+	for _, jvn := range cvedetail.Jvns {
+		for _, cert := range jvn.Certs {
+			dict.JPCERT = append(dict.JPCERT, models.Alert{
+				URL:   cert.Link,
+				Title: cert.Title,
+				Team:  "jpcert",
+			})
+		}
+	}
+
+	return dict
+}
+
+// detectPkgsCvesWithOval fetches OVAL database
+func detectPkgsCvesWithOval(cnf config.GovalDictConf, r *models.ScanResult, logOpts logging.LogOpts) error {
+	client, err := oval.NewOVALClient(r.Family, cnf, logOpts)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err := client.CloseDB(); err != nil {
+			logging.Log.Errorf("Failed to close the OVAL DB. err: %+v", err)
+		}
+	}()
+
+	logging.Log.Debugf("Check if oval fetched: %s %s", r.Family, r.Release)
+	ok, err := client.CheckIfOvalFetched(r.Family, r.Release)
+	if err != nil {
+		return err
+	}
+	if !ok {
+		switch r.Family {
+		case constant.Debian:
+			logging.Log.Infof("Skip OVAL and Scan with gost alone.")
+			logging.Log.Infof("%s: %d CVEs are detected with OVAL", r.FormatServerName(), 0)
+			return nil
+		case constant.Windows, constant.FreeBSD, constant.ServerTypePseudo:
+			return nil
+		default:
+			return xerrors.Errorf("OVAL entries of %s %s are not found. Fetch OVAL before reporting. For details, see `https://github.com/vulsio/goval-dictionary#usage`", r.Family, r.Release)
+		}
+	}
+
+	logging.Log.Debugf("Check if oval fresh: %s %s", r.Family, r.Release)
+	_, err = client.CheckIfOvalFresh(r.Family, r.Release)
+	if err != nil {
+		return err
+	}
+
+	logging.Log.Debugf("Fill with oval: %s %s", r.Family, r.Release)
+	nCVEs, err := client.FillWithOval(r)
+	if err != nil {
+		return err
+	}
+
+	logging.Log.Infof("%s: %d CVEs are detected with OVAL", r.FormatServerName(), nCVEs)
+	return nil
+}
+
+func detectPkgsCvesWithGost(cnf config.GostConf, r *models.ScanResult, logOpts logging.LogOpts) error {
+	client, err := gost.NewGostClient(cnf, r.Family, logOpts)
+	if err != nil {
+		return xerrors.Errorf("Failed to new a gost client: %w", err)
+	}
+	defer func() {
+		if err := client.CloseDB(); err != nil {
+			logging.Log.Errorf("Failed to close the gost DB. err: %+v", err)
+		}
+	}()
+
+	nCVEs, err := client.DetectCVEs(r, true)
+	if err != nil {
+		if r.Family == constant.Debian {
+			return xerrors.Errorf("Failed to detect CVEs with gost: %w", err)
+		}
+		return xerrors.Errorf("Failed to detect unfixed CVEs with gost: %w", err)
+	}
+
+	if r.Family == constant.Debian {
+		logging.Log.Infof("%s: %d CVEs are detected with gost",
+			r.FormatServerName(), nCVEs)
+	} else {
+		logging.Log.Infof("%s: %d unfixed CVEs are detected with gost",
+			r.FormatServerName(), nCVEs)
+	}
+	return nil
+}
+
+// DetectCpeURIsCves detects CVEs of given CPE-URIs
+func DetectCpeURIsCves(r *models.ScanResult, cpes []Cpe, cnf config.GoCveDictConf, logOpts logging.LogOpts) error {
+	client, err := newGoCveDictClient(&cnf, logOpts)
+	if err != nil {
+		return xerrors.Errorf("Failed to newGoCveDictClient. err: %w", err)
+	}
+	defer func() {
+		if err := client.closeDB(); err != nil {
+			logging.Log.Errorf("Failed to close DB. err: %+v", err)
+		}
+	}()
+
+	nCVEs := 0
+	for _, cpe := range cpes {
+		details, err := client.detectCveByCpeURI(cpe.CpeURI, cpe.UseJVN)
+		if err != nil {
+			return xerrors.Errorf("Failed to detectCveByCpeURI. err: %w", err)
+		}
+
+		for _, detail := range details {
+			advisories := []models.DistroAdvisory{}
+			if !detail.HasNvd() && detail.HasJvn() {
+				for _, jvn := range detail.Jvns {
+					advisories = append(advisories, models.DistroAdvisory{
+						AdvisoryID: jvn.JvnID,
+					})
+				}
+			}
+			maxConfidence := getMaxConfidence(detail)
+
+			if val, ok := r.ScannedCves[detail.CveID]; ok {
+				val.CpeURIs = util.AppendIfMissing(val.CpeURIs, cpe.CpeURI)
+				val.Confidences.AppendIfMissing(maxConfidence)
+				val.DistroAdvisories = advisories
+				r.ScannedCves[detail.CveID] = val
+			} else {
+				v := models.VulnInfo{
+					CveID:            detail.CveID,
+					CpeURIs:          []string{cpe.CpeURI},
+					Confidences:      models.Confidences{maxConfidence},
+					DistroAdvisories: advisories,
+				}
+				r.ScannedCves[detail.CveID] = v
+				nCVEs++
+			}
+		}
+	}
+	logging.Log.Infof("%s: %d CVEs are detected with CPE", r.FormatServerName(), nCVEs)
+	return nil
+}
+
+func getMaxConfidence(detail cvemodels.CveDetail) (max models.Confidence) {
+	if !detail.HasNvd() && detail.HasJvn() {
+		return models.JvnVendorProductMatch
+	} else if detail.HasNvd() {
+		for _, nvd := range detail.Nvds {
+			confidence := models.Confidence{}
+			switch nvd.DetectionMethod {
+			case cvemodels.NvdExactVersionMatch:
+				confidence = models.NvdExactVersionMatch
+			case cvemodels.NvdRoughVersionMatch:
+				confidence = models.NvdRoughVersionMatch
+			case cvemodels.NvdVendorProductMatch:
+				confidence = models.NvdVendorProductMatch
+			}
+			if max.Score < confidence.Score {
+				max = confidence
+			}
+		}
+	}
+	return max
+}
+
+// FillCweDict fills CWE
+func FillCweDict(r *models.ScanResult) {
+	uniqCweIDMap := map[string]bool{}
+	for _, vinfo := range r.ScannedCves {
+		for _, conts := range vinfo.CveContents {
+			for _, cont := range conts {
+				for _, id := range cont.CweIDs {
+					if strings.HasPrefix(id, "CWE-") {
+						id = strings.TrimPrefix(id, "CWE-")
+						uniqCweIDMap[id] = true
+					}
+				}
+			}
+		}
+	}
+
+	dict := map[string]models.CweDictEntry{}
+	for id := range uniqCweIDMap {
+		entry := models.CweDictEntry{}
+		if e, ok := cwe.CweDictEn[id]; ok {
+			if rank, ok := cwe.OwaspTopTen2017[id]; ok {
+				entry.OwaspTopTen2017 = rank
+			}
+			if rank, ok := cwe.CweTopTwentyfive2019[id]; ok {
+				entry.CweTopTwentyfive2019 = rank
+			}
+			if rank, ok := cwe.SansTopTwentyfive[id]; ok {
+				entry.SansTopTwentyfive = rank
+			}
+			entry.En = &e
+		} else {
+			logging.Log.Debugf("CWE-ID %s is not found in English CWE Dict", id)
+			entry.En = &cwe.Cwe{CweID: id}
+		}
+
+		if r.Lang == "ja" {
+			if e, ok := cwe.CweDictJa[id]; ok {
+				if rank, ok := cwe.OwaspTopTen2017[id]; ok {
+					entry.OwaspTopTen2017 = rank
+				}
+				if rank, ok := cwe.CweTopTwentyfive2019[id]; ok {
+					entry.CweTopTwentyfive2019 = rank
+				}
+				if rank, ok := cwe.SansTopTwentyfive[id]; ok {
+					entry.SansTopTwentyfive = rank
+				}
+				entry.Ja = &e
+			} else {
+				logging.Log.Debugf("CWE-ID %s is not found in Japanese CWE Dict", id)
+				entry.Ja = &cwe.Cwe{CweID: id}
+			}
+		}
+		dict[id] = entry
+	}
+	r.CweDict = dict
+	return
+}
--- a/detector/detector_test.go
+++ b/detector/detector_test.go
@@ -0,0 +1,90 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/future-architect/vuls/models"
+	cvemodels "github.com/vulsio/go-cve-dictionary/models"
+)
+
+func Test_getMaxConfidence(t *testing.T) {
+	type args struct {
+		detail cvemodels.CveDetail
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantMax models.Confidence
+	}{
+		{
+			name: "JvnVendorProductMatch",
+			args: args{
+				detail: cvemodels.CveDetail{
+					Nvds: []cvemodels.Nvd{},
+					Jvns: []cvemodels.Jvn{{}},
+				},
+			},
+			wantMax: models.JvnVendorProductMatch,
+		},
+		{
+			name: "NvdExactVersionMatch",
+			args: args{
+				detail: cvemodels.CveDetail{
+					Nvds: []cvemodels.Nvd{
+						{DetectionMethod: cvemodels.NvdRoughVersionMatch},
+						{DetectionMethod: cvemodels.NvdVendorProductMatch},
+						{DetectionMethod: cvemodels.NvdExactVersionMatch},
+					},
+					Jvns: []cvemodels.Jvn{{DetectionMethod: cvemodels.JvnVendorProductMatch}},
+				},
+			},
+			wantMax: models.NvdExactVersionMatch,
+		},
+		{
+			name: "NvdRoughVersionMatch",
+			args: args{
+				detail: cvemodels.CveDetail{
+					Nvds: []cvemodels.Nvd{
+						{DetectionMethod: cvemodels.NvdRoughVersionMatch},
+						{DetectionMethod: cvemodels.NvdVendorProductMatch},
+					},
+					Jvns: []cvemodels.Jvn{},
+				},
+			},
+			wantMax: models.NvdRoughVersionMatch,
+		},
+		{
+			name: "NvdVendorProductMatch",
+			args: args{
+				detail: cvemodels.CveDetail{
+					Nvds: []cvemodels.Nvd{
+						{DetectionMethod: cvemodels.NvdVendorProductMatch},
+					},
+					Jvns: []cvemodels.Jvn{{DetectionMethod: cvemodels.JvnVendorProductMatch}},
+				},
+			},
+			wantMax: models.NvdVendorProductMatch,
+		},
+		{
+			name: "empty",
+			args: args{
+				detail: cvemodels.CveDetail{
+					Nvds: []cvemodels.Nvd{},
+					Jvns: []cvemodels.Jvn{},
+				},
+			},
+			wantMax: models.Confidence{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if gotMax := getMaxConfidence(tt.args.detail); !reflect.DeepEqual(gotMax, tt.wantMax) {
+				t.Errorf("getMaxConfidence() = %v, want %v", gotMax, tt.wantMax)
+			}
+		})
+	}
+}
--- a/detector/exploitdb.go
+++ b/detector/exploitdb.go
@@ -0,0 +1,250 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	exploitdb "github.com/vulsio/go-exploitdb/db"
+	exploitmodels "github.com/vulsio/go-exploitdb/models"
+	exploitlog "github.com/vulsio/go-exploitdb/util"
+)
+
+// goExploitDBClient is a DB Driver
+type goExploitDBClient struct {
+	driver  exploitdb.DB
+	baseURL string
+}
+
+// closeDB close a DB connection
+func (client goExploitDBClient) closeDB() error {
+	if client.driver == nil {
+		return nil
+	}
+	return client.driver.CloseDB()
+}
+
+func newGoExploitDBClient(cnf config.VulnDictInterface, o logging.LogOpts) (*goExploitDBClient, error) {
+	if err := exploitlog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil {
+		return nil, xerrors.Errorf("Failed to set go-exploitdb logger. err: %w", err)
+	}
+
+	db, err := newExploitDB(cnf)
+	if err != nil {
+		return nil, xerrors.Errorf("Failed to newExploitDB. err: %w", err)
+	}
+	return &goExploitDBClient{driver: db, baseURL: cnf.GetURL()}, nil
+}
+
+// FillWithExploit fills exploit information that has in Exploit
+func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf, logOpts logging.LogOpts) (nExploitCve int, err error) {
+	client, err := newGoExploitDBClient(&cnf, logOpts)
+	if err != nil {
+		return 0, xerrors.Errorf("Failed to newGoExploitDBClient. err: %w", err)
+	}
+	defer func() {
+		if err := client.closeDB(); err != nil {
+			logging.Log.Errorf("Failed to close DB. err: %+v", err)
+		}
+	}()
+
+	if client.driver == nil {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, err := util.URLPathJoin(client.baseURL, "cves")
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+		}
+		responses, err := getExploitsViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to get Exploits via HTTP. err: %w", err)
+		}
+		for _, res := range responses {
+			exps := []exploitmodels.Exploit{}
+			if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
+				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			}
+			exploits := ConvertToModelsExploit(exps)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.Exploits = exploits
+			}
+			r.ScannedCves[res.request.cveID] = v
+			nExploitCve++
+		}
+	} else {
+		for cveID, vuln := range r.ScannedCves {
+			if cveID == "" {
+				continue
+			}
+			es, err := client.driver.GetExploitByCveID(cveID)
+			if err != nil {
+				return 0, xerrors.Errorf("Failed to get Exploits by CVE-ID. err: %w", err)
+			}
+			if len(es) == 0 {
+				continue
+			}
+			exploits := ConvertToModelsExploit(es)
+			vuln.Exploits = exploits
+			r.ScannedCves[cveID] = vuln
+			nExploitCve++
+		}
+	}
+	return nExploitCve, nil
+}
+
+// ConvertToModelsExploit converts exploit model to vuls model
+func ConvertToModelsExploit(es []exploitmodels.Exploit) (exploits []models.Exploit) {
+	for _, e := range es {
+		var documentURL, shellURL *string
+		if e.OffensiveSecurity != nil {
+			os := e.OffensiveSecurity
+			if os.Document != nil {
+				documentURL = &os.Document.DocumentURL
+			}
+			if os.ShellCode != nil {
+				shellURL = &os.ShellCode.ShellCodeURL
+			}
+		}
+		exploit := models.Exploit{
+			ExploitType:  e.ExploitType,
+			ID:           e.ExploitUniqueID,
+			URL:          e.URL,
+			Description:  e.Description,
+			DocumentURL:  documentURL,
+			ShellCodeURL: shellURL,
+		}
+		exploits = append(exploits, exploit)
+	}
+	return exploits
+}
+
+type exploitResponse struct {
+	request exploitRequest
+	json    string
+}
+
+func getExploitsViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []exploitResponse, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan exploitRequest, nReq)
+	resChan := make(chan exploitResponse, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- exploitRequest{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			req := <-reqChan
+			url, err := util.URLPathJoin(
+				urlPrefix,
+				req.cveID,
+			)
+			if err != nil {
+				errChan <- err
+			} else {
+				logging.Log.Debugf("HTTP Request to %s", url)
+				httpGetExploit(url, req, resChan, errChan)
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, xerrors.New("Timeout Fetching Exploit")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, xerrors.Errorf("Failed to fetch Exploit. err: %w", errs)
+	}
+	return
+}
+
+type exploitRequest struct {
+	cveID string
+}
+
+func httpGetExploit(url string, req exploitRequest, resChan chan<- exploitResponse, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %+v", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- xerrors.New("Retry count exceeded")
+		return
+	}
+
+	resChan <- exploitResponse{
+		request: req,
+		json:    body,
+	}
+}
+
+func newExploitDB(cnf config.VulnDictInterface) (driver exploitdb.DB, err error) {
+	if cnf.IsFetchViaHTTP() {
+		return nil, nil
+	}
+	path := cnf.GetURL()
+	if cnf.GetType() == "sqlite3" {
+		path = cnf.GetSQLite3Path()
+	}
+	driver, locked, err := exploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), exploitdb.Option{})
+	if err != nil {
+		if locked {
+			return nil, xerrors.Errorf("Failed to init exploit DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
+		}
+		return nil, xerrors.Errorf("Failed to init exploit DB. DB Path: %s, err: %w", path, err)
+	}
+	return driver, nil
+}
--- a/detector/github.go
+++ b/detector/github.go
@@ -1,4 +1,7 @@
-package github
+//go:build !scanner
+// +build !scanner
+
+package detector

 import (
 	"bytes"
@@ -9,18 +12,18 @@ import (
 	"net/http"
 	"time"

-	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/errof"
 	"github.com/future-architect/vuls/models"
 	"golang.org/x/oauth2"
 )

-// FillGitHubSecurityAlerts access to owner/repo on GitHub and fetch security alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult.
+// DetectGitHubSecurityAlerts access to owner/repo on GitHub and fetch security alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult.
 // https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
-func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error) {
+func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string, ignoreDismissed bool) (nCVEs int, err error) {
 	src := oauth2.StaticTokenSource(
 		&oauth2.Token{AccessToken: token},
 	)
+	//TODO Proxy
 	httpClient := oauth2.NewClient(context.Background(), src)

 	// TODO Use `https://github.com/shurcooL/githubv4` if the tool supports vulnerabilityAlerts Endpoint
@@ -31,10 +34,12 @@ func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (

 	for {
 		jsonStr := fmt.Sprintf(jsonfmt, owner, repo, 100, after)
-		req, err := http.NewRequest("POST",
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		req, err := http.NewRequestWithContext(ctx, http.MethodPost,
 			"https://api.github.com/graphql",
 			bytes.NewBuffer([]byte(jsonStr)),
 		)
+		defer cancel()
 		if err != nil {
 			return 0, err
 		}
@@ -65,14 +70,12 @@ func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (
 		// util.Log.Debugf("%s", pp.Sprint(alerts))
 		// util.Log.Debugf("%s", string(body))
 		if alerts.Data.Repository.URL == "" {
-			return 0, errof.New(
-				errof.ErrFailedToAccessGithubAPI,
-				fmt.Sprintf("Failed to access to GitHub API. Response: %s", string(body)),
-			)
+			return 0, errof.New(errof.ErrFailedToAccessGithubAPI,
+				fmt.Sprintf("Failed to access to GitHub API. Response: %s", string(body)))
 		}

 		for _, v := range alerts.Data.Repository.VulnerabilityAlerts.Edges {
-			if config.Conf.IgnoreGitHubDismissed && v.Node.DismissReason != "" {
+			if ignoreDismissed && v.Node.DismissReason != "" {
 				continue
 			}

@@ -102,20 +105,39 @@ func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (
 				cveIDs = other
 			}

+			refs := []models.Reference{}
+			for _, r := range v.Node.SecurityAdvisory.References {
+				refs = append(refs, models.Reference{Link: r.URL})
+			}
+
 			for _, cveID := range cveIDs {
+				cveContent := models.CveContent{
+					Type:          models.GitHub,
+					CveID:         cveID,
+					Title:         v.Node.SecurityAdvisory.Summary,
+					Summary:       v.Node.SecurityAdvisory.Description,
+					Cvss2Severity: v.Node.SecurityVulnerability.Severity,
+					Cvss3Severity: v.Node.SecurityVulnerability.Severity,
+					SourceLink:    v.Node.SecurityAdvisory.Permalink,
+					References:    refs,
+					Published:     v.Node.SecurityAdvisory.PublishedAt,
+					LastModified:  v.Node.SecurityAdvisory.UpdatedAt,
+				}
+
 				if val, ok := r.ScannedCves[cveID]; ok {
 					val.GitHubSecurityAlerts = val.GitHubSecurityAlerts.Add(m)
+					val.CveContents[models.GitHub] = []models.CveContent{cveContent}
 					r.ScannedCves[cveID] = val
-					nCVEs++
 				} else {
 					v := models.VulnInfo{
 						CveID:                cveID,
 						Confidences:          models.Confidences{models.GitHubMatch},
 						GitHubSecurityAlerts: models.GitHubSecurityAlerts{m},
+						CveContents:          models.NewCveContents(cveContent),
 					}
 					r.ScannedCves[cveID] = v
-					nCVEs++
 				}
+				nCVEs++
 			}
 		}
 		if !alerts.Data.Repository.VulnerabilityAlerts.PageInfo.HasNextPage {
--- a/detector/kevuln.go
+++ b/detector/kevuln.go
@@ -0,0 +1,240 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	kevulndb "github.com/vulsio/go-kev/db"
+	kevulnmodels "github.com/vulsio/go-kev/models"
+	kevulnlog "github.com/vulsio/go-kev/utils"
+)
+
+// goKEVulnDBClient is a DB Driver
+type goKEVulnDBClient struct {
+	driver  kevulndb.DB
+	baseURL string
+}
+
+// closeDB close a DB connection
+func (client goKEVulnDBClient) closeDB() error {
+	if client.driver == nil {
+		return nil
+	}
+	return client.driver.CloseDB()
+}
+
+func newGoKEVulnDBClient(cnf config.VulnDictInterface, o logging.LogOpts) (*goKEVulnDBClient, error) {
+	if err := kevulnlog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil {
+		return nil, xerrors.Errorf("Failed to set go-kev logger. err: %w", err)
+	}
+
+	db, err := newKEVulnDB(cnf)
+	if err != nil {
+		return nil, xerrors.Errorf("Failed to newKEVulnDB. err: %w", err)
+	}
+	return &goKEVulnDBClient{driver: db, baseURL: cnf.GetURL()}, nil
+}
+
+// FillWithKEVuln :
+func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging.LogOpts) error {
+	client, err := newGoKEVulnDBClient(&cnf, logOpts)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err := client.closeDB(); err != nil {
+			logging.Log.Errorf("Failed to close DB. err: %+v", err)
+		}
+	}()
+
+	if client.driver == nil {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, err := util.URLPathJoin(client.baseURL, "cves")
+		if err != nil {
+			return err
+		}
+		responses, err := getKEVulnsViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return err
+		}
+		for _, res := range responses {
+			kevulns := []kevulnmodels.KEVuln{}
+			if err := json.Unmarshal([]byte(res.json), &kevulns); err != nil {
+				return err
+			}
+
+			alerts := []models.Alert{}
+			if len(kevulns) > 0 {
+				alerts = append(alerts, models.Alert{
+					Title: "Known Exploited Vulnerabilities Catalog",
+					URL:   "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+					Team:  "cisa",
+				})
+			}
+
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.AlertDict.CISA = alerts
+			}
+			r.ScannedCves[res.request.cveID] = v
+		}
+	} else {
+		for cveID, vuln := range r.ScannedCves {
+			if cveID == "" {
+				continue
+			}
+			kevulns, err := client.driver.GetKEVulnByCveID(cveID)
+			if err != nil {
+				return err
+			}
+			if len(kevulns) == 0 {
+				continue
+			}
+
+			alerts := []models.Alert{}
+			if len(kevulns) > 0 {
+				alerts = append(alerts, models.Alert{
+					Title: "Known Exploited Vulnerabilities Catalog",
+					URL:   "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+					Team:  "cisa",
+				})
+			}
+
+			vuln.AlertDict.CISA = alerts
+			r.ScannedCves[cveID] = vuln
+		}
+	}
+	return nil
+}
+
+type kevulnResponse struct {
+	request kevulnRequest
+	json    string
+}
+
+func getKEVulnsViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []kevulnResponse, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan kevulnRequest, nReq)
+	resChan := make(chan kevulnResponse, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- kevulnRequest{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			req := <-reqChan
+			url, err := util.URLPathJoin(
+				urlPrefix,
+				req.cveID,
+			)
+			if err != nil {
+				errChan <- err
+			} else {
+				logging.Log.Debugf("HTTP Request to %s", url)
+				httpGetKEVuln(url, req, resChan, errChan)
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, xerrors.New("Timeout Fetching KEVuln")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, xerrors.Errorf("Failed to fetch KEVuln. err: %w", errs)
+	}
+	return
+}
+
+type kevulnRequest struct {
+	cveID string
+}
+
+func httpGetKEVuln(url string, req kevulnRequest, resChan chan<- kevulnResponse, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %+v", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- xerrors.New("Retry count exceeded")
+		return
+	}
+
+	resChan <- kevulnResponse{
+		request: req,
+		json:    body,
+	}
+}
+
+func newKEVulnDB(cnf config.VulnDictInterface) (kevulndb.DB, error) {
+	if cnf.IsFetchViaHTTP() {
+		return nil, nil
+	}
+	path := cnf.GetURL()
+	if cnf.GetType() == "sqlite3" {
+		path = cnf.GetSQLite3Path()
+	}
+	driver, locked, err := kevulndb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), kevulndb.Option{})
+	if err != nil {
+		if locked {
+			return nil, xerrors.Errorf("Failed to init kevuln DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
+		}
+		return nil, xerrors.Errorf("Failed to init kevuln DB. DB Path: %s, err: %w", path, err)
+	}
+	return driver, nil
+}
--- a/detector/library.go
+++ b/detector/library.go
@@ -0,0 +1,97 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"context"
+
+	trivydb "github.com/aquasecurity/trivy-db/pkg/db"
+	"github.com/aquasecurity/trivy-db/pkg/metadata"
+	"github.com/aquasecurity/trivy/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/log"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+)
+
+// DetectLibsCves fills LibraryScanner information
+func DetectLibsCves(r *models.ScanResult, cacheDir string, noProgress bool) (err error) {
+	totalCnt := 0
+	if len(r.LibraryScanners) == 0 {
+		return
+	}
+
+	// initialize trivy's logger and db
+	err = log.InitLogger(false, false)
+	if err != nil {
+		return err
+	}
+
+	logging.Log.Info("Updating library db...")
+	if err := downloadDB("", cacheDir, noProgress, false); err != nil {
+		return err
+	}
+
+	if err := trivydb.Init(cacheDir); err != nil {
+		return err
+	}
+	defer trivydb.Close()
+
+	for _, lib := range r.LibraryScanners {
+		vinfos, err := lib.Scan()
+		if err != nil {
+			return err
+		}
+		for _, vinfo := range vinfos {
+			vinfo.Confidences.AppendIfMissing(models.TrivyMatch)
+			if v, ok := r.ScannedCves[vinfo.CveID]; !ok {
+				r.ScannedCves[vinfo.CveID] = vinfo
+			} else {
+				v.LibraryFixedIns = append(v.LibraryFixedIns, vinfo.LibraryFixedIns...)
+				r.ScannedCves[vinfo.CveID] = v
+			}
+		}
+		totalCnt += len(vinfos)
+	}
+
+	logging.Log.Infof("%s: %d CVEs are detected with Library",
+		r.FormatServerName(), totalCnt)
+
+	return nil
+}
+
+func downloadDB(appVersion, cacheDir string, quiet, skipUpdate bool) error {
+	client := db.NewClient(cacheDir, quiet)
+	ctx := context.Background()
+	needsUpdate, err := client.NeedsUpdate(appVersion, skipUpdate)
+	if err != nil {
+		return xerrors.Errorf("database error: %w", err)
+	}
+
+	if needsUpdate {
+		logging.Log.Info("Need to update DB")
+		logging.Log.Info("Downloading DB...")
+		if err := client.Download(ctx, cacheDir); err != nil {
+			return xerrors.Errorf("failed to download vulnerability DB: %w", err)
+		}
+	}
+
+	// for debug
+	if err := showDBInfo(cacheDir); err != nil {
+		return xerrors.Errorf("failed to show database info: %w", err)
+	}
+	return nil
+}
+
+func showDBInfo(cacheDir string) error {
+	m := metadata.NewClient(cacheDir)
+	meta, err := m.Get()
+	if err != nil {
+		return xerrors.Errorf("something wrong with DB: %w", err)
+	}
+	log.Logger.Debugf("DB Schema: %d, UpdatedAt: %s, NextUpdate: %s, DownloadedAt: %s",
+		meta.Version, meta.UpdatedAt, meta.NextUpdate, meta.DownloadedAt)
+	return nil
+}
--- a/detector/msf.go
+++ b/detector/msf.go
@@ -0,0 +1,244 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	metasploitdb "github.com/vulsio/go-msfdb/db"
+	metasploitmodels "github.com/vulsio/go-msfdb/models"
+	metasploitlog "github.com/vulsio/go-msfdb/utils"
+)
+
+// goMetasploitDBClient is a DB Driver
+type goMetasploitDBClient struct {
+	driver  metasploitdb.DB
+	baseURL string
+}
+
+// closeDB close a DB connection
+func (client goMetasploitDBClient) closeDB() error {
+	if client.driver == nil {
+		return nil
+	}
+	return client.driver.CloseDB()
+}
+
+func newGoMetasploitDBClient(cnf config.VulnDictInterface, o logging.LogOpts) (*goMetasploitDBClient, error) {
+	if err := metasploitlog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil {
+		return nil, xerrors.Errorf("Failed to set go-msfdb logger. err: %w", err)
+	}
+
+	db, err := newMetasploitDB(cnf)
+	if err != nil {
+		return nil, xerrors.Errorf("Failed to newMetasploitDB. err: %w", err)
+	}
+	return &goMetasploitDBClient{driver: db, baseURL: cnf.GetURL()}, nil
+}
+
+// FillWithMetasploit fills metasploit module information that has in module
+func FillWithMetasploit(r *models.ScanResult, cnf config.MetasploitConf, logOpts logging.LogOpts) (nMetasploitCve int, err error) {
+	client, err := newGoMetasploitDBClient(&cnf, logOpts)
+	if err != nil {
+		return 0, xerrors.Errorf("Failed to newGoMetasploitDBClient. err: %w", err)
+	}
+	defer func() {
+		if err := client.closeDB(); err != nil {
+			logging.Log.Errorf("Failed to close DB. err: %+v", err)
+		}
+	}()
+
+	if client.driver == nil {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, err := util.URLPathJoin(client.baseURL, "cves")
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+		}
+		responses, err := getMetasploitsViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to get Metasploits via HTTP. err: %w", err)
+		}
+		for _, res := range responses {
+			msfs := []metasploitmodels.Metasploit{}
+			if err := json.Unmarshal([]byte(res.json), &msfs); err != nil {
+				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			}
+			metasploits := ConvertToModelsMsf(msfs)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.Metasploits = metasploits
+			}
+			r.ScannedCves[res.request.cveID] = v
+			nMetasploitCve++
+		}
+	} else {
+		for cveID, vuln := range r.ScannedCves {
+			if cveID == "" {
+				continue
+			}
+			ms, err := client.driver.GetModuleByCveID(cveID)
+			if err != nil {
+				return 0, xerrors.Errorf("Failed to get Metasploits by CVE-ID. err: %w", err)
+			}
+			if len(ms) == 0 {
+				continue
+			}
+			modules := ConvertToModelsMsf(ms)
+			vuln.Metasploits = modules
+			r.ScannedCves[cveID] = vuln
+			nMetasploitCve++
+		}
+	}
+	return nMetasploitCve, nil
+}
+
+type metasploitResponse struct {
+	request metasploitRequest
+	json    string
+}
+
+func getMetasploitsViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []metasploitResponse, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan metasploitRequest, nReq)
+	resChan := make(chan metasploitResponse, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- metasploitRequest{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			req := <-reqChan
+			url, err := util.URLPathJoin(
+				urlPrefix,
+				req.cveID,
+			)
+			if err != nil {
+				errChan <- err
+			} else {
+				logging.Log.Debugf("HTTP Request to %s", url)
+				httpGetMetasploit(url, req, resChan, errChan)
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, xerrors.New("Timeout Fetching Metasploit")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, xerrors.Errorf("Failed to fetch Metasploit. err: %w", errs)
+	}
+	return
+}
+
+type metasploitRequest struct {
+	cveID string
+}
+
+func httpGetMetasploit(url string, req metasploitRequest, resChan chan<- metasploitResponse, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %+v", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- xerrors.New("Retry count exceeded")
+		return
+	}
+
+	resChan <- metasploitResponse{
+		request: req,
+		json:    body,
+	}
+}
+
+// ConvertToModelsMsf converts metasploit model to vuls model
+func ConvertToModelsMsf(ms []metasploitmodels.Metasploit) (modules []models.Metasploit) {
+	for _, m := range ms {
+		var links []string
+		if 0 < len(m.References) {
+			for _, u := range m.References {
+				links = append(links, u.Link)
+			}
+		}
+		module := models.Metasploit{
+			Name:        m.Name,
+			Title:       m.Title,
+			Description: m.Description,
+			URLs:        links,
+		}
+		modules = append(modules, module)
+	}
+	return modules
+}
+
+func newMetasploitDB(cnf config.VulnDictInterface) (metasploitdb.DB, error) {
+	if cnf.IsFetchViaHTTP() {
+		return nil, nil
+	}
+	path := cnf.GetURL()
+	if cnf.GetType() == "sqlite3" {
+		path = cnf.GetSQLite3Path()
+	}
+	driver, locked, err := metasploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), metasploitdb.Option{})
+	if err != nil {
+		if locked {
+			return nil, xerrors.Errorf("Failed to init metasploit DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
+		}
+		return nil, xerrors.Errorf("Failed to init metasploit DB. DB Path: %s, err: %w", path, err)
+	}
+	return driver, nil
+}
--- a/detector/util.go
+++ b/detector/util.go
@@ -0,0 +1,269 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"regexp"
+	"sort"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/constant"
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+	"golang.org/x/xerrors"
+)
+
+func reuseScannedCves(r *models.ScanResult) bool {
+	switch r.Family {
+	case constant.FreeBSD, constant.Raspbian:
+		return true
+	}
+	return r.ScannedBy == "trivy"
+}
+
+func needToRefreshCve(r models.ScanResult) bool {
+	for _, cve := range r.ScannedCves {
+		if 0 < len(cve.CveContents) {
+			return false
+		}
+	}
+	return true
+}
+
+func loadPrevious(currs models.ScanResults, resultsDir string) (prevs models.ScanResults, err error) {
+	dirs, err := ListValidJSONDirs(resultsDir)
+	if err != nil {
+		return
+	}
+
+	for _, result := range currs {
+		filename := result.ServerName + ".json"
+		if result.Container.Name != "" {
+			filename = fmt.Sprintf("%s@%s.json", result.Container.Name, result.ServerName)
+		}
+		for _, dir := range dirs[1:] {
+			path := filepath.Join(dir, filename)
+			r, err := loadOneServerScanResult(path)
+			if err != nil {
+				logging.Log.Debugf("%+v", err)
+				continue
+			}
+			if r.Family == result.Family && r.Release == result.Release {
+				prevs = append(prevs, *r)
+				logging.Log.Infof("Previous json found: %s", path)
+				break
+			}
+			logging.Log.Infof("Previous json is different family.Release: %s, pre: %s.%s cur: %s.%s",
+				path, r.Family, r.Release, result.Family, result.Release)
+		}
+	}
+	return prevs, nil
+}
+
+func diff(curResults, preResults models.ScanResults, isPlus, isMinus bool) (diffed models.ScanResults) {
+	for _, current := range curResults {
+		found := false
+		var previous models.ScanResult
+		for _, r := range preResults {
+			if current.ServerName == r.ServerName && current.Container.Name == r.Container.Name {
+				found = true
+				previous = r
+				break
+			}
+		}
+
+		if !found {
+			diffed = append(diffed, current)
+			continue
+		}
+
+		cves := models.VulnInfos{}
+		if isPlus {
+			cves = getPlusDiffCves(previous, current)
+		}
+		if isMinus {
+			minus := getMinusDiffCves(previous, current)
+			if len(cves) == 0 {
+				cves = minus
+			} else {
+				for k, v := range minus {
+					cves[k] = v
+				}
+			}
+		}
+
+		packages := models.Packages{}
+		for _, s := range cves {
+			for _, affected := range s.AffectedPackages {
+				var p models.Package
+				if s.DiffStatus == models.DiffPlus {
+					p = current.Packages[affected.Name]
+				} else {
+					p = previous.Packages[affected.Name]
+				}
+				packages[affected.Name] = p
+			}
+		}
+		current.ScannedCves = cves
+		current.Packages = packages
+		diffed = append(diffed, current)
+	}
+	return
+}
+
+func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos {
+	previousCveIDsSet := map[string]bool{}
+	for _, previousVulnInfo := range previous.ScannedCves {
+		previousCveIDsSet[previousVulnInfo.CveID] = true
+	}
+
+	newer := models.VulnInfos{}
+	updated := models.VulnInfos{}
+	for _, v := range current.ScannedCves {
+		if previousCveIDsSet[v.CveID] {
+			if isCveInfoUpdated(v.CveID, previous, current) {
+				v.DiffStatus = models.DiffPlus
+				updated[v.CveID] = v
+				logging.Log.Debugf("updated: %s", v.CveID)
+
+				// TODO commented out because  a bug of diff logic when multiple oval defs found for a certain CVE-ID and same updated_at
+				// if these OVAL defs have different affected packages, this logic detects as updated.
+				// This logic will be uncomented after integration with gost https://github.com/vulsio/gost
+				// } else if isCveFixed(v, previous) {
+				// updated[v.CveID] = v
+				// logging.Log.Debugf("fixed: %s", v.CveID)
+
+			} else {
+				logging.Log.Debugf("same: %s", v.CveID)
+			}
+		} else {
+			logging.Log.Debugf("newer: %s", v.CveID)
+			v.DiffStatus = models.DiffPlus
+			newer[v.CveID] = v
+		}
+	}
+
+	if len(updated) == 0 && len(newer) == 0 {
+		logging.Log.Infof("%s: There are %d vulnerabilities, but no difference between current result and previous one.", current.FormatServerName(), len(current.ScannedCves))
+	}
+
+	for cveID, vuln := range newer {
+		updated[cveID] = vuln
+	}
+	return updated
+}
+
+func getMinusDiffCves(previous, current models.ScanResult) models.VulnInfos {
+	currentCveIDsSet := map[string]bool{}
+	for _, currentVulnInfo := range current.ScannedCves {
+		currentCveIDsSet[currentVulnInfo.CveID] = true
+	}
+
+	clear := models.VulnInfos{}
+	for _, v := range previous.ScannedCves {
+		if !currentCveIDsSet[v.CveID] {
+			v.DiffStatus = models.DiffMinus
+			clear[v.CveID] = v
+			logging.Log.Debugf("clear: %s", v.CveID)
+		}
+	}
+	if len(clear) == 0 {
+		logging.Log.Infof("%s: There are %d vulnerabilities, but no difference between current result and previous one.", current.FormatServerName(), len(current.ScannedCves))
+	}
+
+	return clear
+}
+
+func isCveInfoUpdated(cveID string, previous, current models.ScanResult) bool {
+	cTypes := []models.CveContentType{
+		models.Nvd,
+		models.Jvn,
+		models.NewCveContentType(current.Family),
+	}
+
+	prevLastModified := map[models.CveContentType][]time.Time{}
+	preVinfo, ok := previous.ScannedCves[cveID]
+	if !ok {
+		return true
+	}
+	for _, cType := range cTypes {
+		if conts, ok := preVinfo.CveContents[cType]; ok {
+			for _, cont := range conts {
+				prevLastModified[cType] = append(prevLastModified[cType], cont.LastModified)
+			}
+		}
+	}
+
+	curLastModified := map[models.CveContentType][]time.Time{}
+	curVinfo, ok := current.ScannedCves[cveID]
+	if !ok {
+		return true
+	}
+	for _, cType := range cTypes {
+		if conts, ok := curVinfo.CveContents[cType]; ok {
+			for _, cont := range conts {
+				curLastModified[cType] = append(curLastModified[cType], cont.LastModified)
+			}
+		}
+	}
+
+	for _, t := range cTypes {
+		if !reflect.DeepEqual(curLastModified[t], prevLastModified[t]) {
+			logging.Log.Debugf("%s LastModified not equal: \n%s\n%s",
+				cveID, curLastModified[t], prevLastModified[t])
+			return true
+		}
+	}
+	return false
+}
+
+// jsonDirPattern is file name pattern of JSON directory
+// 2016-11-16T10:43:28+09:00
+// 2016-11-16T10:43:28Z
+var jsonDirPattern = regexp.MustCompile(
+	`^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:Z|[+-]\d{2}:\d{2})$`)
+
+// ListValidJSONDirs returns valid json directory as array
+// Returned array is sorted so that recent directories are at the head
+func ListValidJSONDirs(resultsDir string) (dirs []string, err error) {
+	var dirInfo []os.FileInfo
+	if dirInfo, err = ioutil.ReadDir(resultsDir); err != nil {
+		err = xerrors.Errorf("Failed to read %s: %w",
+			config.Conf.ResultsDir, err)
+		return
+	}
+	for _, d := range dirInfo {
+		if d.IsDir() && jsonDirPattern.MatchString(d.Name()) {
+			jsonDir := filepath.Join(resultsDir, d.Name())
+			dirs = append(dirs, jsonDir)
+		}
+	}
+	sort.Slice(dirs, func(i, j int) bool {
+		return dirs[j] < dirs[i]
+	})
+	return
+}
+
+// loadOneServerScanResult read JSON data of one server
+func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) {
+	var (
+		data []byte
+		err  error
+	)
+	if data, err = ioutil.ReadFile(jsonFile); err != nil {
+		return nil, xerrors.Errorf("Failed to read %s: %w", jsonFile, err)
+	}
+	result := &models.ScanResult{}
+	if err := json.Unmarshal(data, result); err != nil {
+		return nil, xerrors.Errorf("Failed to parse %s: %w", jsonFile, err)
+	}
+	return result, nil
+}
--- a/wordpress/wordpress.go
+++ b/wordpress/wordpress.go
@@ -1,6 +1,10 @@
-package wordpress
+//go:build !scanner
+// +build !scanner
+
+package detector

 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -8,14 +12,16 @@ import (
 	"strings"
 	"time"

-	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/errof"
+	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
 	version "github.com/hashicorp/go-version"
 	"golang.org/x/xerrors"
 )

-//WpCveInfos is for wpvulndb's json
+//WpCveInfos is for wpscan json
 type WpCveInfos struct {
 	ReleaseDate  string `json:"release_date"`
 	ChangelogURL string `json:"changelog_url"`
@@ -27,151 +33,75 @@ type WpCveInfos struct {
 	Error           string      `json:"error"`
 }

-//WpCveInfo is for wpvulndb's json
+//WpCveInfo is for wpscan json
 type WpCveInfo struct {
-	ID        int    `json:"id"`
-	Title     string `json:"title"`
-	CreatedAt string `json:"created_at"`
-	UpdatedAt string `json:"updated_at"`
-	// PublishedDate string     `json:"published_date"`
+	ID         string     `json:"id"`
+	Title      string     `json:"title"`
+	CreatedAt  time.Time  `json:"created_at"`
+	UpdatedAt  time.Time  `json:"updated_at"`
 	VulnType   string     `json:"vuln_type"`
 	References References `json:"references"`
 	FixedIn    string     `json:"fixed_in"`
 }

-//References is for wpvulndb's json
+//References is for wpscan json
 type References struct {
 	URL     []string `json:"url"`
 	Cve     []string `json:"cve"`
 	Secunia []string `json:"secunia"`
 }

-// FillWordPress access to wpvulndb and fetch scurity alerts and then set to the given ScanResult.
-// https://wpvulndb.com/
-func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]string) (int, error) {
+// DetectWordPressCves access to wpscan and fetch scurity alerts and then set to the given ScanResult.
+// https://wpscan.com/
+func detectWordPressCves(r *models.ScanResult, cnf config.WpScanConf) (int, error) {
+	if len(r.WordPressPackages) == 0 {
+		return 0, nil
+	}
 	// Core
 	ver := strings.Replace(r.WordPressPackages.CoreVersion(), ".", "", -1)
 	if ver == "" {
-		return 0, xerrors.New("Failed to get WordPress core version")
+		return 0, errof.New(errof.ErrFailedToAccessWpScan,
+			fmt.Sprintf("Failed to get WordPress core version."))
 	}
-
-	body, ok := searchCache(ver, wpVulnCaches)
-	if !ok {
-		url := fmt.Sprintf("https://wpvulndb.com/api/v3/wordpresses/%s", ver)
-		var err error
-		body, err = httpRequest(url, token)
-		if err != nil {
-			return 0, err
-		}
-		if body == "" {
-			util.Log.Warnf("A result of REST access is empty: %s", url)
-		}
-
-		(*wpVulnCaches)[ver] = body
-	}
-
-	wpVinfos, err := convertToVinfos(models.WPCore, body)
+	url := fmt.Sprintf("https://wpscan.com/api/v3/wordpresses/%s", ver)
+	wpVinfos, err := wpscan(url, ver, cnf.Token, true)
 	if err != nil {
 		return 0, err
 	}

-	themes := r.WordPressPackages.Themes()
-	plugins := r.WordPressPackages.Plugins()
-
-	if c.Conf.WpIgnoreInactive {
-		themes = removeInactives(themes)
-		plugins = removeInactives(plugins)
-	}
-
 	// Themes
+	themes := r.WordPressPackages.Themes()
+	if !cnf.DetectInactive {
+		themes = removeInactives(themes)
+	}
 	for _, p := range themes {
-		body, ok := searchCache(p.Name, wpVulnCaches)
-		if !ok {
-			url := fmt.Sprintf("https://wpvulndb.com/api/v3/themes/%s", p.Name)
-			var err error
-			body, err = httpRequest(url, token)
-			if err != nil {
-				return 0, err
-			}
-			(*wpVulnCaches)[p.Name] = body
-		}
-
-		if body == "" {
-			continue
-		}
-
-		templateVinfos, err := convertToVinfos(p.Name, body)
+		url := fmt.Sprintf("https://wpscan.com/api/v3/themes/%s", p.Name)
+		candidates, err := wpscan(url, p.Name, cnf.Token, false)
 		if err != nil {
 			return 0, err
 		}
-
-		for _, v := range templateVinfos {
-			for _, fixstat := range v.WpPackageFixStats {
-				pkg, ok := r.WordPressPackages.Find(fixstat.Name)
-				if !ok {
-					continue
-				}
-				ok, err := match(pkg.Version, fixstat.FixedIn)
-				if err != nil {
-					return 0, xerrors.Errorf("Not a semantic versioning: %w", err)
-				}
-				if ok {
-					wpVinfos = append(wpVinfos, v)
-					util.Log.Infof("[match] %s installed: %s, fixedIn: %s", pkg.Name, pkg.Version, fixstat.FixedIn)
-				} else {
-					util.Log.Debugf("[miss] %s installed: %s, fixedIn: %s", pkg.Name, pkg.Version, fixstat.FixedIn)
-				}
-			}
-		}
+		vulns := detect(p, candidates)
+		wpVinfos = append(wpVinfos, vulns...)
 	}

 	// Plugins
+	plugins := r.WordPressPackages.Plugins()
+	if !cnf.DetectInactive {
+		plugins = removeInactives(plugins)
+	}
 	for _, p := range plugins {
-		body, ok := searchCache(p.Name, wpVulnCaches)
-		if !ok {
-			url := fmt.Sprintf("https://wpvulndb.com/api/v3/plugins/%s", p.Name)
-			var err error
-			body, err = httpRequest(url, token)
-			if err != nil {
-				return 0, err
-			}
-			(*wpVulnCaches)[p.Name] = body
-		}
-
-		if body == "" {
-			continue
-		}
-
-		pluginVinfos, err := convertToVinfos(p.Name, body)
+		url := fmt.Sprintf("https://wpscan.com/api/v3/plugins/%s", p.Name)
+		candidates, err := wpscan(url, p.Name, cnf.Token, false)
 		if err != nil {
 			return 0, err
 		}
-
-		for _, v := range pluginVinfos {
-			for _, fixstat := range v.WpPackageFixStats {
-				pkg, ok := r.WordPressPackages.Find(fixstat.Name)
-				if !ok {
-					continue
-				}
-				ok, err := match(pkg.Version, fixstat.FixedIn)
-				if err != nil {
-					return 0, xerrors.Errorf("Not a semantic versioning: %w", err)
-				}
-				if ok {
-					wpVinfos = append(wpVinfos, v)
-					//TODO Debugf
-					util.Log.Infof("[match] %s installed: %s, fixedIn: %s", pkg.Name, pkg.Version, fixstat.FixedIn)
-				} else {
-					//TODO Debugf
-					util.Log.Infof("[miss] %s installed: %s, fixedIn: %s", pkg.Name, pkg.Version, fixstat.FixedIn)
-				}
-			}
-		}
+		vulns := detect(p, candidates)
+		wpVinfos = append(wpVinfos, vulns...)
 	}

 	for _, wpVinfo := range wpVinfos {
 		if vinfo, ok := r.ScannedCves[wpVinfo.CveID]; ok {
-			vinfo.CveContents[models.WPVulnDB] = wpVinfo.CveContents[models.WPVulnDB]
+			vinfo.CveContents[models.WpScan] = wpVinfo.CveContents[models.WpScan]
 			vinfo.VulnType = wpVinfo.VulnType
 			vinfo.Confidences = append(vinfo.Confidences, wpVinfo.Confidences...)
 			vinfo.WpPackageFixStats = append(vinfo.WpPackageFixStats, wpVinfo.WpPackageFixStats...)
@@ -183,6 +113,43 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 	return len(wpVinfos), nil
 }

+func wpscan(url, name, token string, isCore bool) (vinfos []models.VulnInfo, err error) {
+	body, err := httpRequest(url, token)
+	if err != nil {
+		return nil, err
+	}
+	if body == "" {
+		logging.Log.Debugf("wpscan.com response body is empty. URL: %s", url)
+	}
+	if isCore {
+		name = "core"
+	}
+	return convertToVinfos(name, body)
+}
+
+func detect(installed models.WpPackage, candidates []models.VulnInfo) (vulns []models.VulnInfo) {
+	for _, v := range candidates {
+		for _, fixstat := range v.WpPackageFixStats {
+			ok, err := match(installed.Version, fixstat.FixedIn)
+			if err != nil {
+				logging.Log.Warnf("Failed to compare versions %s installed: %s, fixedIn: %s, v: %+v",
+					installed.Name, installed.Version, fixstat.FixedIn, v)
+				// continue scanning
+				continue
+			}
+			if ok {
+				vulns = append(vulns, v)
+				logging.Log.Debugf("Affected: %s installed: %s, fixedIn: %s",
+					installed.Name, installed.Version, fixstat.FixedIn)
+			} else {
+				logging.Log.Debugf("Not affected: %s : %s, fixedIn: %s",
+					installed.Name, installed.Version, fixstat.FixedIn)
+			}
+		}
+	}
+	return
+}
+
 func match(installedVer, fixedIn string) (bool, error) {
 	v1, err := version.NewVersion(installedVer)
 	if err != nil {
@@ -217,7 +184,7 @@ func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnI
 		var cveIDs []string

 		if len(vulnerability.References.Cve) == 0 {
-			cveIDs = append(cveIDs, fmt.Sprintf("WPVDBID-%d", vulnerability.ID))
+			cveIDs = append(cveIDs, fmt.Sprintf("WPVDBID-%s", vulnerability.ID))
 		}
 		for _, cveNumber := range vulnerability.References.Cve {
 			cveIDs = append(cveIDs, "CVE-"+cveNumber)
@@ -235,15 +202,17 @@ func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnI
 				CveID: cveID,
 				CveContents: models.NewCveContents(
 					models.CveContent{
-						Type:       models.WPVulnDB,
-						CveID:      cveID,
-						Title:      vulnerability.Title,
-						References: refs,
+						Type:         models.WpScan,
+						CveID:        cveID,
+						Title:        vulnerability.Title,
+						References:   refs,
+						Published:    vulnerability.CreatedAt,
+						LastModified: vulnerability.UpdatedAt,
 					},
 				),
 				VulnType: vulnerability.VulnType,
 				Confidences: []models.Confidence{
-					models.WPVulnDBMatch,
+					models.WpScanMatch,
 				},
 				WpPackageFixStats: []models.WpPackageFixStatus{{
 					Name:    pkgName,
@@ -256,36 +225,41 @@ func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnI
 }

 func httpRequest(url, token string) (string, error) {
-	retry := 1
-	util.Log.Debugf("%s", url)
-	req, err := http.NewRequest("GET", url, nil)
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	defer cancel()
+	if err != nil {
+		return "", errof.New(errof.ErrFailedToAccessWpScan,
+			fmt.Sprintf("Failed to access to wpscan.com. err: %s", err))
+	}
+	req.Header.Set("Authorization", fmt.Sprintf("Token token=%s", token))
+	client, err := util.GetHTTPClient(config.Conf.HTTPProxy)
 	if err != nil {
 		return "", err
 	}
-	req.Header.Set("Authorization", fmt.Sprintf("Token token=%s", token))
-loop:
-	resp, err := new(http.Client).Do(req)
+	resp, err := client.Do(req)
 	if err != nil {
-		return "", err
+		return "", errof.New(errof.ErrFailedToAccessWpScan,
+			fmt.Sprintf("Failed to access to wpscan.com. err: %s", err))
 	}
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return "", err
+		return "", errof.New(errof.ErrFailedToAccessWpScan,
+			fmt.Sprintf("Failed to access to wpscan.com. err: %s", err))
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode == 200 {
 		return string(body), nil
 	} else if resp.StatusCode == 404 {
-		// This package is not in WPVulnDB
+		// This package is not in wpscan
+		return "", nil
+	} else if resp.StatusCode == 429 {
+		return "", errof.New(errof.ErrWpScanAPILimitExceeded,
+			fmt.Sprintf("wpscan.com API limit exceeded: %+v", resp.Status))
+	} else {
+		logging.Log.Warnf("wpscan.com unknown status code: %+v", resp.Status)
 		return "", nil
-	} else if resp.StatusCode == 429 && retry <= 3 {
-		// 429 Too Many Requests
-		util.Log.Debugf("sleep %d min(s): %s", retry, resp.Status)
-		time.Sleep(time.Duration(retry) * time.Minute)
-		retry++
-		goto loop
 	}
-	return "", err
 }

 func removeInactives(pkgs models.WordPressPackages) (removed models.WordPressPackages) {
@@ -297,11 +271,3 @@ func removeInactives(pkgs models.WordPressPackages) (removed models.WordPressPac
 	}
 	return removed
 }
-
-func searchCache(name string, wpVulnCaches *map[string]string) (string, bool) {
-	value, ok := (*wpVulnCaches)[name]
-	if ok {
-		return value, true
-	}
-	return "", false
-}
--- a/wordpress/wordpress_test.go
+++ b/wordpress/wordpress_test.go
@@ -1,4 +1,7 @@
-package wordpress
+//go:build !scanner
+// +build !scanner
+
+package detector

 import (
 	"reflect"
@@ -79,52 +82,3 @@ func TestRemoveInactive(t *testing.T) {
 		}
 	}
 }
-
-func TestSearchCache(t *testing.T) {
-
-	var tests = []struct {
-		name        string
-		wpVulnCache map[string]string
-		value       string
-		ok          bool
-	}{
-		{
-			name: "akismet",
-			wpVulnCache: map[string]string{
-				"akismet": "body",
-			},
-			value: "body",
-			ok:    true,
-		},
-		{
-			name: "akismet",
-			wpVulnCache: map[string]string{
-				"BackWPup": "body",
-				"akismet":  "body",
-			},
-			value: "body",
-			ok:    true,
-		},
-		{
-			name: "akismet",
-			wpVulnCache: map[string]string{
-				"BackWPup": "body",
-			},
-			value: "",
-			ok:    false,
-		},
-		{
-			name:        "akismet",
-			wpVulnCache: nil,
-			value:       "",
-			ok:          false,
-		},
-	}
-
-	for i, tt := range tests {
-		value, ok := searchCache(tt.name, &tt.wpVulnCache)
-		if value != tt.value || ok != tt.ok {
-			t.Errorf("[%d] searchCache error ", i)
-		}
-	}
-}
--- a/errof/errof.go
+++ b/errof/errof.go
@@ -16,6 +16,12 @@ func (e Error) Error() string {
 var (
 	// ErrFailedToAccessGithubAPI is error of github alert's api access
 	ErrFailedToAccessGithubAPI ErrorCode = "ErrFailedToAccessGithubAPI"
+
+	// ErrFailedToAccessWpScan is error of wpscan.com api access
+	ErrFailedToAccessWpScan ErrorCode = "ErrFailedToAccessWpScan"
+
+	// ErrWpScanAPILimitExceeded is error of wpscan.com api limit exceeded
+	ErrWpScanAPILimitExceeded ErrorCode = "ErrWpScanAPILimitExceeded"
 )

 // New :
--- a/exploit/exploit.go
+++ b/exploit/exploit.go
@@ -1,117 +0,0 @@
-package exploit
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	cnf "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/util"
-	"github.com/mozqnet/go-exploitdb/db"
-	exploitmodels "github.com/mozqnet/go-exploitdb/models"
-	"github.com/parnurzeal/gorequest"
-	"golang.org/x/xerrors"
-)
-
-// FillWithExploit fills exploit information that has in Exploit
-func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
-	if cnf.Conf.Exploit.IsFetchViaHTTP() {
-		var cveIDs []string
-		for cveID := range r.ScannedCves {
-			cveIDs = append(cveIDs, cveID)
-		}
-		prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves")
-		responses, err := getCvesViaHTTP(cveIDs, prefix)
-		if err != nil {
-			return 0, err
-		}
-		for _, res := range responses {
-			exps := []*exploitmodels.Exploit{}
-			if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
-				return 0, err
-			}
-			exploits := ConvertToModels(exps)
-			v, ok := r.ScannedCves[res.request.cveID]
-			if ok {
-				v.Exploits = exploits
-			}
-			r.ScannedCves[res.request.cveID] = v
-			nExploitCve++
-		}
-	} else {
-		if driver == nil {
-			return 0, nil
-		}
-		for cveID, vuln := range r.ScannedCves {
-			if cveID == "" {
-				continue
-			}
-			es := driver.GetExploitByCveID(cveID)
-			if len(es) == 0 {
-				continue
-			}
-			exploits := ConvertToModels(es)
-			vuln.Exploits = exploits
-			r.ScannedCves[cveID] = vuln
-			nExploitCve++
-		}
-	}
-	return nExploitCve, nil
-}
-
-// ConvertToModels converts gost model to vuls model
-func ConvertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
-	for _, e := range es {
-		var documentURL, shellURL *string
-		if e.OffensiveSecurity != nil {
-			os := e.OffensiveSecurity
-			if os.Document != nil {
-				documentURL = &os.Document.DocumentURL
-			}
-			if os.ShellCode != nil {
-				shellURL = &os.ShellCode.ShellCodeURL
-			}
-		}
-		exploit := models.Exploit{
-			ExploitType:  e.ExploitType,
-			ID:           e.ExploitUniqueID,
-			URL:          e.URL,
-			Description:  e.Description,
-			DocumentURL:  documentURL,
-			ShellCodeURL: shellURL,
-		}
-		exploits = append(exploits, exploit)
-	}
-	return exploits
-}
-
-// CheckHTTPHealth do health check
-func CheckHTTPHealth() error {
-	if !cnf.Conf.Exploit.IsFetchViaHTTP() {
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/health", cnf.Conf.Exploit.URL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().Get(url).End()
-	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return xerrors.Errorf("Failed to connect to exploit server. url: %s, errs: %w", url, errs)
-	}
-	return nil
-}
-
-// CheckIfExploitFetched checks if oval entries are in DB by family, release.
-func CheckIfExploitFetched(driver db.DB, osFamily string) (fetched bool, err error) {
-	//TODO
-	return true, nil
-}
-
-// CheckIfExploitFresh checks if oval entries are fresh enough
-func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
-	//TODO
-	return true, nil
-}
--- a/exploit/util.go
+++ b/exploit/util.go
@@ -1,115 +0,0 @@
-package exploit
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/cenkalti/backoff"
-	"github.com/future-architect/vuls/util"
-	"github.com/parnurzeal/gorequest"
-	"golang.org/x/xerrors"
-)
-
-type response struct {
-	request request
-	json    string
-}
-
-func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
-	responses []response, err error) {
-	nReq := len(cveIDs)
-	reqChan := make(chan request, nReq)
-	resChan := make(chan response, nReq)
-	errChan := make(chan error, nReq)
-	defer close(reqChan)
-	defer close(resChan)
-	defer close(errChan)
-
-	go func() {
-		for _, cveID := range cveIDs {
-			reqChan <- request{
-				cveID: cveID,
-			}
-		}
-	}()
-
-	concurrency := 10
-	tasks := util.GenWorkers(concurrency)
-	for i := 0; i < nReq; i++ {
-		tasks <- func() {
-			select {
-			case req := <-reqChan:
-				url, err := util.URLPathJoin(
-					urlPrefix,
-					req.cveID,
-				)
-				if err != nil {
-					errChan <- err
-				} else {
-					util.Log.Debugf("HTTP Request to %s", url)
-					httpGet(url, req, resChan, errChan)
-				}
-			}
-		}
-	}
-
-	timeout := time.After(2 * 60 * time.Second)
-	var errs []error
-	for i := 0; i < nReq; i++ {
-		select {
-		case res := <-resChan:
-			responses = append(responses, res)
-		case err := <-errChan:
-			errs = append(errs, err)
-		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching OVAL")
-		}
-	}
-	if len(errs) != 0 {
-		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
-	}
-	return
-}
-
-type request struct {
-	osMajorVersion string
-	packName       string
-	isSrcPack      bool
-	cveID          string
-}
-
-func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
-	var body string
-	var errs []error
-	var resp *http.Response
-	count, retryMax := 0, 3
-	f := func() (err error) {
-		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-		resp, body, errs = gorequest.New().Get(url).End()
-		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			count++
-			if count == retryMax {
-				return nil
-			}
-			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
-		}
-		return nil
-	}
-	notify := func(err error, t time.Duration) {
-		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
-	}
-	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
-	if err != nil {
-		errChan <- xerrors.Errorf("HTTP Error %w", err)
-		return
-	}
-	if count == retryMax {
-		errChan <- xerrors.New("Retry count exceeded")
-		return
-	}
-
-	resChan <- response{
-		request: req,
-		json:    body,
-	}
-}
--- a/go.mod
+++ b/go.mod
@@ -1,56 +1,167 @@
 module github.com/future-architect/vuls

-go 1.14
-
-replace (
-	gopkg.in/mattn/go-colorable.v0 => github.com/mattn/go-colorable v0.1.0
-	gopkg.in/mattn/go-isatty.v0 => github.com/mattn/go-isatty v0.0.6
-)
+go 1.18

 require (
-	github.com/Azure/azure-sdk-for-go v43.3.0+incompatible
-	github.com/BurntSushi/toml v0.3.1
-	github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91
-	github.com/aquasecurity/fanal v0.0.0-20200615091807-df25cfa5f9af
-	github.com/aquasecurity/trivy v0.9.1
-	github.com/aquasecurity/trivy-db v0.0.0-20200616161554-cd5b3da29bc8
-	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
-	github.com/aws/aws-sdk-go v1.33.21
+	github.com/Azure/azure-sdk-for-go v63.0.0+incompatible
+	github.com/BurntSushi/toml v1.1.0
+	github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f
+	github.com/VividCortex/ewma v1.2.0 // indirect
+	github.com/aquasecurity/fanal v0.0.0-20220424145104-2e3e0044128c
+	github.com/aquasecurity/go-dep-parser v0.0.0-20220412145205-d0501f906d90
+	github.com/aquasecurity/trivy v0.27.0
+	github.com/aquasecurity/trivy-db v0.0.0-20220327074450-74195d9604b2
+	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
+	github.com/aws/aws-sdk-go v1.43.31
 	github.com/boltdb/bolt v1.3.1
+	github.com/briandowns/spinner v1.18.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
+	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
+	github.com/emersion/go-smtp v0.14.0
 	github.com/google/subcommands v1.2.0
 	github.com/gosuri/uitable v0.0.4
 	github.com/hashicorp/go-uuid v1.0.2
-	github.com/hashicorp/go-version v1.2.1
-	github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c
+	github.com/hashicorp/go-version v1.4.0
 	github.com/jesseduffield/gocui v0.3.0
 	github.com/k0kubun/pp v3.0.1+incompatible
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
-	github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2
+	github.com/knqyf263/go-cpe v0.0.0-20201213041631-54f6ab28673f
 	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
 	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
-	github.com/knqyf263/go-version v1.1.1
-	github.com/knqyf263/gost v0.1.4
-	github.com/kotakanbe/go-cve-dictionary v0.5.0
 	github.com/kotakanbe/go-pingscanner v0.1.0
-	github.com/kotakanbe/goval-dictionary v0.2.10
 	github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/mozqnet/go-exploitdb v0.1.0
 	github.com/nlopes/slack v0.6.0
 	github.com/nsf/termbox-go v0.0.0-20200418040025-38ba6e5628f1 // indirect
-	github.com/olekukonko/tablewriter v0.0.4
+	github.com/olekukonko/tablewriter v0.0.5
 	github.com/parnurzeal/gorequest v0.2.16
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
-	github.com/sirupsen/logrus v1.6.0
-	github.com/spf13/afero v1.3.0
-	github.com/spf13/cobra v1.0.0
-	github.com/takuzoo3868/go-msfdb v0.1.1
-	golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
-	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
-	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
-	golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
-	k8s.io/utils v0.0.0-20200619165400-6e3d28b6ed19
+	github.com/sirupsen/logrus v1.8.1
+	github.com/spf13/cobra v1.4.0
+	github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85
+	github.com/vulsio/go-exploitdb v0.4.2
+	github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f
+	github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14
+	github.com/vulsio/gost v0.4.1
+	github.com/vulsio/goval-dictionary v0.7.3
+	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f
+	gopkg.in/ini.v1 v1.66.4 // indirect
+	gorm.io/driver/mysql v1.3.3 // indirect
+	gorm.io/driver/postgres v1.3.5 // indirect
+	gorm.io/driver/sqlite v1.3.2 // indirect
+)
+
+require (
+	cloud.google.com/go v0.100.2 // indirect
+	cloud.google.com/go/compute v1.5.0 // indirect
+	cloud.google.com/go/iam v0.3.0 // indirect
+	cloud.google.com/go/storage v1.14.0 // indirect
+	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest v0.11.25 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/PuerkitoBio/goquery v1.6.1 // indirect
+	github.com/andybalholm/cascadia v1.2.0 // indirect
+	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce // indirect
+	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 // indirect
+	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
+	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
+	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/caarlos0/env/v6 v6.9.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cheggaaa/pb/v3 v3.0.8 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/docker/cli v20.10.12+incompatible // indirect
+	github.com/docker/distribution v2.7.1+incompatible // indirect
+	github.com/docker/docker v20.10.14+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.6.4 // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/go-redis/redis/v8 v8.11.5 // indirect
+	github.com/go-sql-driver/mysql v1.6.0 // indirect
+	github.com/go-stack/stack v1.8.1 // indirect
+	github.com/gofrs/uuid v4.0.0+incompatible // indirect
+	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-containerregistry v0.8.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.3.0 // indirect
+	github.com/gorilla/websocket v1.4.2 // indirect
+	github.com/grokify/html-strip-tags-go v0.0.1 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-getter v1.5.11 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
+	github.com/hashicorp/go-safetemp v1.0.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
+	github.com/jackc/pgconn v1.12.0 // indirect
+	github.com/jackc/pgio v1.0.0 // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgproto3/v2 v2.3.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
+	github.com/jackc/pgtype v1.11.0 // indirect
+	github.com/jackc/pgx/v4 v4.16.0 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/klauspost/compress v1.14.2 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-sqlite3 v1.14.12 // indirect
+	github.com/mitchellh/go-testing-interface v1.0.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.0.2 // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.0-beta.8 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/spf13/afero v1.8.2 // indirect
+	github.com/spf13/cast v1.4.1 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/viper v1.11.0 // indirect
+	github.com/stretchr/objx v0.3.0 // indirect
+	github.com/stretchr/testify v1.7.1 // indirect
+	github.com/subosito/gotenv v1.2.0 // indirect
+	github.com/ulikunitz/xz v0.5.10 // indirect
+	go.etcd.io/bbolt v1.3.6 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/goleak v1.1.12 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.21.0 // indirect
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
+	golang.org/x/exp v0.0.0-20220407100705-7b9b53b0aca4 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect
+	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 // indirect
+	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
+	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/api v0.74.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac // indirect
+	google.golang.org/grpc v1.45.0 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	gorm.io/gorm v1.23.5 // indirect
+	k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect
+	moul.io/http2curl v1.0.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/gost/base.go
+++ b/gost/base.go
@@ -1,51 +0,0 @@
-package gost
-
-import (
-	"fmt"
-	"net/http"
-
-	cnf "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/models"
-	"github.com/knqyf263/gost/db"
-	"github.com/parnurzeal/gorequest"
-	"golang.org/x/xerrors"
-)
-
-// Base is a base struct
-type Base struct {
-}
-
-// FillCVEsWithRedHat fills cve information that has in Gost
-func (b Base) FillCVEsWithRedHat(driver db.DB, r *models.ScanResult) error {
-	return RedHat{}.fillFixed(driver, r)
-}
-
-// CheckHTTPHealth do health check
-func (b Base) CheckHTTPHealth() error {
-	if !cnf.Conf.Gost.IsFetchViaHTTP() {
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().Get(url).End()
-	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %w", url, errs)
-	}
-	return nil
-}
-
-// CheckIfGostFetched checks if oval entries are in DB by family, release.
-func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
-	//TODO
-	return true, nil
-}
-
-// CheckIfGostFresh checks if oval entries are fresh enough
-func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
-	//TODO
-	return true, nil
-}
--- a/gost/debian.go
+++ b/gost/debian.go
@@ -1,13 +1,18 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import (
 	"encoding/json"

-	"github.com/future-architect/vuls/config"
+	debver "github.com/knqyf263/go-deb-version"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
-	"github.com/knqyf263/gost/db"
-	gostmodels "github.com/knqyf263/gost/models"
+	gostmodels "github.com/vulsio/gost/models"
 )

 // Debian is Gost client for Debian GNU/Linux
@@ -19,98 +24,128 @@ type packCves struct {
 	packName  string
 	isSrcPack bool
 	cves      []models.CveContent
+	fixes     models.PackageFixStatuses
 }

-func (deb Debian) Supported(major string) bool {
+func (deb Debian) supported(major string) bool {
 	_, ok := map[string]string{
 		"8":  "jessie",
 		"9":  "stretch",
 		"10": "buster",
+		"11": "bullseye",
 	}[major]
 	return ok
 }

-// DetectUnfixed fills cve information that has in Gost
-func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
-	if !deb.Supported(major(r.Release)) {
+// DetectCVEs fills cve information that has in Gost
+func (deb Debian) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error) {
+	if !deb.supported(major(r.Release)) {
 		// only logging
-		util.Log.Warnf("Debian %s is not supported yet", r.Release)
+		logging.Log.Warnf("Debian %s is not supported yet", r.Release)
 		return 0, nil
 	}

-	linuxImage := "linux-image-" + r.RunningKernel.Release
-	// Add linux and set the version of running kernel to search OVAL.
+	// Add linux and set the version of running kernel to search Gost.
 	if r.Container.ContainerID == "" {
-		newVer := ""
-		if p, ok := r.Packages[linuxImage]; ok {
-			newVer = p.NewVersion
-		}
-		r.Packages["linux"] = models.Package{
-			Name:       "linux",
-			Version:    r.RunningKernel.Version,
-			NewVersion: newVer,
+		if r.RunningKernel.Version != "" {
+			newVer := ""
+			if p, ok := r.Packages["linux-image-"+r.RunningKernel.Release]; ok {
+				newVer = p.NewVersion
+			}
+			r.Packages["linux"] = models.Package{
+				Name:       "linux",
+				Version:    r.RunningKernel.Version,
+				NewVersion: newVer,
+			}
+		} else {
+			logging.Log.Warnf("Since the exact kernel version is not available, the vulnerability in the linux package is not detected.")
 		}
 	}

-	// Debian Security Tracker does not support Package for Raspbian, so skip it.
-	var scanResult models.ScanResult
-	if r.Family != config.Raspbian {
-		scanResult = *r
-	} else {
-		scanResult = r.RemoveRaspbianPackFromResult()
+	var stashLinuxPackage models.Package
+	if linux, ok := r.Packages["linux"]; ok {
+		stashLinuxPackage = linux
+	}
+	nFixedCVEs, err := deb.detectCVEsWithFixState(r, "resolved")
+	if err != nil {
+		return 0, xerrors.Errorf("Failed to detect fixed CVEs. err: %w", err)
+	}
+
+	if stashLinuxPackage.Name != "" {
+		r.Packages["linux"] = stashLinuxPackage
+	}
+	nUnfixedCVEs, err := deb.detectCVEsWithFixState(r, "open")
+	if err != nil {
+		return 0, xerrors.Errorf("Failed to detect unfixed CVEs. err: %w", err)
+	}
+
+	return (nFixedCVEs + nUnfixedCVEs), nil
+}
+
+func (deb Debian) detectCVEsWithFixState(r *models.ScanResult, fixStatus string) (nCVEs int, err error) {
+	if fixStatus != "resolved" && fixStatus != "open" {
+		return 0, xerrors.Errorf(`Failed to detectCVEsWithFixState. fixStatus is not allowed except "open" and "resolved"(actual: fixStatus -> %s).`, fixStatus)
 	}

 	packCvesList := []packCves{}
-	if config.Conf.Gost.IsFetchViaHTTP() {
-		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(scanResult.Release), "pkgs")
-		responses, err := getAllUnfixedCvesViaHTTP(r, url)
+	if deb.driver == nil {
+		url, err := util.URLPathJoin(deb.baseURL, "debian", major(r.Release), "pkgs")
 		if err != nil {
-			return 0, err
+			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+		}
+
+		s := "unfixed-cves"
+		if s == "resolved" {
+			s = "fixed-cves"
+		}
+		responses, err := getCvesWithFixStateViaHTTP(r, url, s)
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to get CVEs via HTTP. err: %w", err)
 		}

 		for _, res := range responses {
 			debCves := map[string]gostmodels.DebianCVE{}
 			if err := json.Unmarshal([]byte(res.json), &debCves); err != nil {
-				return 0, err
+				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
 			}
 			cves := []models.CveContent{}
+			fixes := []models.PackageFixStatus{}
 			for _, debcve := range debCves {
 				cves = append(cves, *deb.ConvertToModel(&debcve))
+				fixes = append(fixes, checkPackageFixStatus(&debcve)...)
 			}
 			packCvesList = append(packCvesList, packCves{
 				packName:  res.request.packName,
 				isSrcPack: res.request.isSrcPack,
 				cves:      cves,
+				fixes:     fixes,
 			})
 		}
 	} else {
-		if driver == nil {
-			return 0, nil
-		}
-		for _, pack := range scanResult.Packages {
-			cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
-			cves := []models.CveContent{}
-			for _, cveDeb := range cveDebs {
-				cves = append(cves, *deb.ConvertToModel(&cveDeb))
+		for _, pack := range r.Packages {
+			cves, fixes, err := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
+			if err != nil {
+				return 0, xerrors.Errorf("Failed to get CVEs for Package. err: %w", err)
 			}
 			packCvesList = append(packCvesList, packCves{
 				packName:  pack.Name,
 				isSrcPack: false,
 				cves:      cves,
+				fixes:     fixes,
 			})
 		}

 		// SrcPack
-		for _, pack := range scanResult.SrcPackages {
-			cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
-			cves := []models.CveContent{}
-			for _, cveDeb := range cveDebs {
-				cves = append(cves, *deb.ConvertToModel(&cveDeb))
+		for _, pack := range r.SrcPackages {
+			cves, fixes, err := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
+			if err != nil {
+				return 0, xerrors.Errorf("Failed to get CVEs for SrcPackage. err: %w", err)
 			}
 			packCvesList = append(packCvesList, packCves{
 				packName:  pack.Name,
 				isSrcPack: true,
 				cves:      cves,
+				fixes:     fixes,
 			})
 		}
 	}
@@ -118,13 +153,14 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
 	delete(r.Packages, "linux")

 	for _, p := range packCvesList {
-		for _, cve := range p.cves {
+		for i, cve := range p.cves {
 			v, ok := r.ScannedCves[cve.CveID]
 			if ok {
 				if v.CveContents == nil {
 					v.CveContents = models.NewCveContents(cve)
 				} else {
-					v.CveContents[models.DebianSecurityTracker] = cve
+					v.CveContents[models.DebianSecurityTracker] = []models.CveContent{cve}
+					v.Confidences = models.Confidences{models.DebianSecurityTrackerMatch}
 				}
 			} else {
 				v = models.VulnInfo{
@@ -132,6 +168,31 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
 					CveContents: models.NewCveContents(cve),
 					Confidences: models.Confidences{models.DebianSecurityTrackerMatch},
 				}
+
+				if fixStatus == "resolved" {
+					versionRelease := ""
+					if p.isSrcPack {
+						versionRelease = r.SrcPackages[p.packName].Version
+					} else {
+						versionRelease = r.Packages[p.packName].FormatVer()
+					}
+
+					if versionRelease == "" {
+						break
+					}
+
+					affected, err := isGostDefAffected(versionRelease, p.fixes[i].FixedIn)
+					if err != nil {
+						logging.Log.Debugf("Failed to parse versions: %s, Ver: %s, Gost: %s",
+							err, versionRelease, p.fixes[i].FixedIn)
+						continue
+					}
+
+					if !affected {
+						continue
+					}
+				}
+
 				nCVEs++
 			}

@@ -146,25 +207,69 @@ func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCV
 				}
 			} else {
 				if p.packName == "linux" {
-					names = append(names, linuxImage)
+					names = append(names, "linux-image-"+r.RunningKernel.Release)
 				} else {
 					names = append(names, p.packName)
 				}
 			}

-			for _, name := range names {
-				v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
-					Name:        name,
-					FixState:    "open",
-					NotFixedYet: true,
-				})
+			if fixStatus == "resolved" {
+				for _, name := range names {
+					v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
+						Name:    name,
+						FixedIn: p.fixes[i].FixedIn,
+					})
+				}
+			} else {
+				for _, name := range names {
+					v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
+						Name:        name,
+						FixState:    "open",
+						NotFixedYet: true,
+					})
+				}
 			}
+
 			r.ScannedCves[cve.CveID] = v
 		}
 	}
+
 	return nCVEs, nil
 }

+func isGostDefAffected(versionRelease, gostVersion string) (affected bool, err error) {
+	vera, err := debver.NewVersion(versionRelease)
+	if err != nil {
+		return false, xerrors.Errorf("Failed to parse version. version: %s, err: %w", versionRelease, err)
+	}
+	verb, err := debver.NewVersion(gostVersion)
+	if err != nil {
+		return false, xerrors.Errorf("Failed to parse version. version: %s, err: %w", gostVersion, err)
+	}
+	return vera.LessThan(verb), nil
+}
+
+func (deb Debian) getCvesDebianWithfixStatus(fixStatus, release, pkgName string) ([]models.CveContent, []models.PackageFixStatus, error) {
+	var f func(string, string) (map[string]gostmodels.DebianCVE, error)
+	if fixStatus == "resolved" {
+		f = deb.driver.GetFixedCvesDebian
+	} else {
+		f = deb.driver.GetUnfixedCvesDebian
+	}
+	debCves, err := f(release, pkgName)
+	if err != nil {
+		return nil, nil, xerrors.Errorf("Failed to get CVEs. fixStatus: %s, release: %s, src package: %s, err: %w", fixStatus, release, pkgName, err)
+	}
+
+	cves := []models.CveContent{}
+	fixes := []models.PackageFixStatus{}
+	for _, devbCve := range debCves {
+		cves = append(cves, *deb.ConvertToModel(&devbCve))
+		fixes = append(fixes, checkPackageFixStatus(&devbCve)...)
+	}
+	return cves, fixes, nil
+}
+
 // ConvertToModel converts gost model to vuls model
 func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
 	severity := ""
@@ -186,3 +291,22 @@ func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
 		},
 	}
 }
+
+func checkPackageFixStatus(cve *gostmodels.DebianCVE) []models.PackageFixStatus {
+	fixes := []models.PackageFixStatus{}
+	for _, p := range cve.Package {
+		for _, r := range p.Release {
+			f := models.PackageFixStatus{Name: p.PackageName}
+
+			if r.Status == "open" {
+				f.NotFixedYet = true
+			} else {
+				f.FixedIn = r.FixedVersion
+			}
+
+			fixes = append(fixes, f)
+		}
+	}
+
+	return fixes
+}
--- a/gost/debian_test.go
+++ b/gost/debian_test.go
@@ -1,3 +1,6 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import "testing"
@@ -36,10 +39,17 @@ func TestDebian_Supported(t *testing.T) {
 			want: true,
 		},
 		{
-			name: "11 is not supported yet",
+			name: "11 is supported",
 			args: args{
 				major: "11",
 			},
+			want: true,
+		},
+		{
+			name: "12 is not supported yet",
+			args: args{
+				major: "12",
+			},
 			want: false,
 		},
 		{
@@ -53,7 +63,7 @@ func TestDebian_Supported(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			deb := Debian{}
-			if got := deb.Supported(tt.args.major); got != tt.want {
+			if got := deb.supported(tt.args.major); got != tt.want {
 				t.Errorf("Debian.Supported() = %v, want %v", got, tt.want)
 			}
 		})
--- a/gost/gost.go
+++ b/gost/gost.go
@@ -1,33 +1,100 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import (
-	cnf "github.com/future-architect/vuls/config"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/constant"
+	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
-	"github.com/knqyf263/gost/db"
+	gostdb "github.com/vulsio/gost/db"
+	gostlog "github.com/vulsio/gost/util"
 )

-// Client is the interface of OVAL client.
+// Client is the interface of Gost client.
 type Client interface {
-	DetectUnfixed(db.DB, *models.ScanResult, bool) (int, error)
-	FillCVEsWithRedHat(db.DB, *models.ScanResult) error
-
-	//TODO implement
-	// CheckHTTPHealth() error
-	// CheckIfGostFetched checks if Gost entries are fetched
-	// CheckIfGostFetched(db.DB, string, string) (bool, error)
-	// CheckIfGostFresh(db.DB, string, string) (bool, error)
+	DetectCVEs(*models.ScanResult, bool) (int, error)
+	CloseDB() error
 }

-// NewClient make Client by family
-func NewClient(family string) Client {
+// Base is a base struct
+type Base struct {
+	driver  gostdb.DB
+	baseURL string
+}
+
+// CloseDB close a DB connection
+func (b Base) CloseDB() error {
+	if b.driver == nil {
+		return nil
+	}
+	return b.driver.CloseDB()
+}
+
+// FillCVEsWithRedHat fills CVE detailed with Red Hat Security
+func FillCVEsWithRedHat(r *models.ScanResult, cnf config.GostConf, o logging.LogOpts) error {
+	if err := gostlog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil {
+		return err
+	}
+
+	db, err := newGostDB(&cnf)
+	if err != nil {
+		return xerrors.Errorf("Failed to newGostDB. err: %w", err)
+	}
+
+	client := RedHat{Base{driver: db, baseURL: cnf.GetURL()}}
+	defer func() {
+		if err := client.CloseDB(); err != nil {
+			logging.Log.Errorf("Failed to close DB. err: %+v", err)
+		}
+	}()
+	return client.fillCvesWithRedHatAPI(r)
+}
+
+// NewGostClient make Client by family
+func NewGostClient(cnf config.GostConf, family string, o logging.LogOpts) (Client, error) {
+	if err := gostlog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil {
+		return nil, xerrors.Errorf("Failed to set gost logger. err: %w", err)
+	}
+
+	db, err := newGostDB(&cnf)
+	if err != nil {
+		return nil, xerrors.Errorf("Failed to newGostDB. err: %w", err)
+	}
+
+	base := Base{driver: db, baseURL: cnf.GetURL()}
 	switch family {
-	case cnf.RedHat, cnf.CentOS:
-		return RedHat{}
-	case cnf.Debian, cnf.Raspbian:
-		return Debian{}
-	case cnf.Windows:
-		return Microsoft{}
+	case constant.RedHat, constant.CentOS, constant.Rocky, constant.Alma:
+		return RedHat{base}, nil
+	case constant.Debian, constant.Raspbian:
+		return Debian{base}, nil
+	case constant.Ubuntu:
+		return Ubuntu{base}, nil
+	case constant.Windows:
+		return Microsoft{base}, nil
 	default:
-		return Pseudo{}
+		return Pseudo{base}, nil
 	}
 }
+
+// NewGostDB returns db client for Gost
+func newGostDB(cnf config.VulnDictInterface) (gostdb.DB, error) {
+	if cnf.IsFetchViaHTTP() {
+		return nil, nil
+	}
+	path := cnf.GetURL()
+	if cnf.GetType() == "sqlite3" {
+		path = cnf.GetSQLite3Path()
+	}
+	driver, locked, err := gostdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), gostdb.Option{})
+	if err != nil {
+		if locked {
+			return nil, xerrors.Errorf("Failed to init gost DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
+		}
+		return nil, xerrors.Errorf("Failed to init gost DB. DB Path: %s, err: %w", path, err)
+	}
+	return driver, nil
+}
--- a/gost/gost_test.go
+++ b/gost/gost_test.go
@@ -1,3 +1,6 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import (
@@ -5,7 +8,7 @@ import (
 	"testing"

 	"github.com/future-architect/vuls/models"
-	gostmodels "github.com/knqyf263/gost/models"
+	gostmodels "github.com/vulsio/gost/models"
 )

 func TestSetPackageStates(t *testing.T) {
--- a/gost/microsoft.go
+++ b/gost/microsoft.go
@@ -1,11 +1,14 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import (
+	"sort"
 	"strings"

 	"github.com/future-architect/vuls/models"
-	"github.com/knqyf263/gost/db"
-	gostmodels "github.com/knqyf263/gost/models"
+	gostmodels "github.com/vulsio/gost/models"
 )

 // Microsoft is Gost client for windows
@@ -13,32 +16,40 @@ type Microsoft struct {
 	Base
 }

-// DetectUnfixed fills cve information that has in Gost
-func (ms Microsoft) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
-	if driver == nil {
+// DetectCVEs fills cve information that has in Gost
+func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error) {
+	if ms.driver == nil {
 		return 0, nil
 	}
 	cveIDs := []string{}
 	for cveID := range r.ScannedCves {
 		cveIDs = append(cveIDs, cveID)
 	}
-	for cveID, msCve := range driver.GetMicrosoftMulti(cveIDs) {
+	msCves, err := ms.driver.GetMicrosoftMulti(cveIDs)
+	if err != nil {
+		return 0, nil
+	}
+	for cveID, msCve := range msCves {
 		if _, ok := r.ScannedCves[cveID]; !ok {
 			continue
 		}
-		cveCont := ms.ConvertToModel(&msCve)
-		v, _ := r.ScannedCves[cveID]
+		cveCont, mitigations := ms.ConvertToModel(&msCve)
+		v := r.ScannedCves[cveID]
 		if v.CveContents == nil {
 			v.CveContents = models.CveContents{}
 		}
-		v.CveContents[models.Microsoft] = *cveCont
+		v.CveContents[models.Microsoft] = []models.CveContent{*cveCont}
+		v.Mitigations = append(v.Mitigations, mitigations...)
 		r.ScannedCves[cveID] = v
 	}
 	return len(cveIDs), nil
 }

 // ConvertToModel converts gost model to vuls model
-func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveContent {
+func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) (*models.CveContent, []models.Mitigation) {
+	sort.Slice(cve.ScoreSets, func(i, j int) bool {
+		return cve.ScoreSets[i].Vector < cve.ScoreSets[j].Vector
+	})
 	v3score := 0.0
 	var v3Vector string
 	for _, scoreSet := range cve.ScoreSets {
@@ -67,11 +78,10 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveCont

 	option := map[string]string{}
 	if 0 < len(cve.ExploitStatus) {
+		// TODO: CVE-2020-0739
+		// "exploit_status": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A",
 		option["exploit"] = cve.ExploitStatus
 	}
-	if 0 < len(cve.Workaround) {
-		option["workaround"] = cve.Workaround
-	}
 	kbids := []string{}
 	for _, kbid := range cve.KBIDs {
 		kbids = append(kbids, kbid.KBID)
@@ -80,6 +90,23 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveCont
 		option["kbids"] = strings.Join(kbids, ",")
 	}

+	vendorURL := "https://msrc.microsoft.com/update-guide/vulnerability/" + cve.CveID
+	mitigations := []models.Mitigation{}
+	if cve.Mitigation != "" {
+		mitigations = append(mitigations, models.Mitigation{
+			CveContentType: models.Microsoft,
+			Mitigation:     cve.Mitigation,
+			URL:            vendorURL,
+		})
+	}
+	if cve.Workaround != "" {
+		mitigations = append(mitigations, models.Mitigation{
+			CveContentType: models.Microsoft,
+			Mitigation:     cve.Workaround,
+			URL:            vendorURL,
+		})
+	}
+
 	return &models.CveContent{
 		Type:          models.Microsoft,
 		CveID:         cve.CveID,
@@ -90,10 +117,9 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveCont
 		Cvss3Severity: v3Severity,
 		References:    refs,
 		CweIDs:        cwe,
-		Mitigation:    cve.Mitigation,
 		Published:     cve.PublishDate,
 		LastModified:  cve.LastUpdateDate,
-		SourceLink:    "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/" + cve.CveID,
+		SourceLink:    vendorURL,
 		Optional:      option,
-	}
+	}, mitigations
 }
--- a/gost/pseudo.go
+++ b/gost/pseudo.go
@@ -1,22 +1,18 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import (
-	"strings"
-
 	"github.com/future-architect/vuls/models"
-	"github.com/knqyf263/gost/db"
 )

-// Pseudo is Gost client except for RedHat family and Debian
+// Pseudo is Gost client except for RedHat family, Debian, Ubuntu and Windows
 type Pseudo struct {
 	Base
 }

-// DetectUnfixed fills cve information that has in Gost
-func (pse Pseudo) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (int, error) {
+// DetectCVEs fills cve information that has in Gost
+func (pse Pseudo) DetectCVEs(_ *models.ScanResult, _ bool) (int, error) {
 	return 0, nil
 }
-
-func major(osVer string) (majorVersion string) {
-	return strings.Split(osVer, ".")[0]
-}
--- a/gost/redhat.go
+++ b/gost/redhat.go
@@ -1,3 +1,6 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import (
@@ -5,11 +8,12 @@ import (
 	"strconv"
 	"strings"

-	"github.com/future-architect/vuls/config"
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/constant"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
-	"github.com/knqyf263/gost/db"
-	gostmodels "github.com/knqyf263/gost/models"
+	gostmodels "github.com/vulsio/gost/models"
 )

 // RedHat is Gost client for RedHat family linux
@@ -17,12 +21,51 @@ type RedHat struct {
 	Base
 }

-// DetectUnfixed fills cve information that has in Gost
-func (red RedHat) DetectUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
-	return red.fillUnfixed(driver, r, ignoreWillNotFix)
+// DetectCVEs fills cve information that has in Gost
+func (red RedHat) DetectCVEs(r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
+	gostRelease := r.Release
+	if r.Family == constant.CentOS {
+		gostRelease = strings.TrimPrefix(r.Release, "stream")
+	}
+	if red.driver == nil {
+		prefix, err := util.URLPathJoin(red.baseURL, "redhat", major(gostRelease), "pkgs")
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+		}
+		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to get Unfixed CVEs via HTTP. err: %w", err)
+		}
+		for _, res := range responses {
+			// CVE-ID: RedhatCVE
+			cves := map[string]gostmodels.RedhatCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cves); err != nil {
+				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			}
+			for _, cve := range cves {
+				if newly := red.setUnfixedCveToScanResult(&cve, r); newly {
+					nCVEs++
+				}
+			}
+		}
+	} else {
+		for _, pack := range r.Packages {
+			// CVE-ID: RedhatCVE
+			cves, err := red.driver.GetUnfixedCvesRedhat(major(gostRelease), pack.Name, ignoreWillNotFix)
+			if err != nil {
+				return 0, xerrors.Errorf("Failed to get Unfixed CVEs. err: %w", err)
+			}
+			for _, cve := range cves {
+				if newly := red.setUnfixedCveToScanResult(&cve, r); newly {
+					nCVEs++
+				}
+			}
+		}
+	}
+	return nCVEs, nil
 }

-func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
+func (red RedHat) fillCvesWithRedHatAPI(r *models.ScanResult) error {
 	cveIDs := []string{}
 	for cveID, vuln := range r.ScannedCves {
 		if _, ok := vuln.CveContents[models.RedHatAPI]; ok {
@@ -31,9 +74,11 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 		cveIDs = append(cveIDs, cveID)
 	}

-	if config.Conf.Gost.IsFetchViaHTTP() {
-		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
-			"redhat", "cves")
+	if red.driver == nil {
+		prefix, err := util.URLPathJoin(red.baseURL, "redhat", "cves")
+		if err != nil {
+			return err
+		}
 		responses, err := getCvesViaHTTP(cveIDs, prefix)
 		if err != nil {
 			return err
@@ -46,128 +91,73 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 			if redCve.ID == 0 {
 				continue
 			}
-			cveCont := red.ConvertToModel(&redCve)
-			v, ok := r.ScannedCves[res.request.cveID]
-			if ok {
-				if v.CveContents == nil {
-					v.CveContents = models.NewCveContents(*cveCont)
-				} else {
-					v.CveContents[models.RedHatAPI] = *cveCont
-				}
-			} else {
-				v = models.VulnInfo{
-					CveID:       cveCont.CveID,
-					CveContents: models.NewCveContents(*cveCont),
-					Confidences: models.Confidences{models.RedHatAPIMatch},
-				}
-			}
-			r.ScannedCves[res.request.cveID] = v
+			red.setFixedCveToScanResult(&redCve, r)
 		}
 	} else {
-		if driver == nil {
-			return nil
+		redCves, err := red.driver.GetRedhatMulti(cveIDs)
+		if err != nil {
+			return err
 		}
-		for cveID, redCve := range driver.GetRedhatMulti(cveIDs) {
+		for _, redCve := range redCves {
 			if len(redCve.Name) == 0 {
 				continue
 			}
-			cveCont := red.ConvertToModel(&redCve)
-			v, ok := r.ScannedCves[cveID]
-			if ok {
-				if v.CveContents == nil {
-					v.CveContents = models.NewCveContents(*cveCont)
-				} else {
-					v.CveContents[models.RedHatAPI] = *cveCont
-				}
-			} else {
-				v = models.VulnInfo{
-					CveID:       cveCont.CveID,
-					CveContents: models.NewCveContents(*cveCont),
-					Confidences: models.Confidences{models.RedHatAPIMatch},
-				}
-			}
-			r.ScannedCves[cveID] = v
+			red.setFixedCveToScanResult(&redCve, r)
 		}
 	}

 	return nil
 }

-func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
-	if config.Conf.Gost.IsFetchViaHTTP() {
-		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
-			"redhat", major(r.Release), "pkgs")
-		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
-		if err != nil {
-			return 0, err
-		}
-		for _, res := range responses {
-			// CVE-ID: RedhatCVE
-			cves := map[string]gostmodels.RedhatCVE{}
-			if err := json.Unmarshal([]byte(res.json), &cves); err != nil {
-				return 0, err
-			}
-
-			for _, cve := range cves {
-				cveCont := red.ConvertToModel(&cve)
-				v, ok := r.ScannedCves[cve.Name]
-				if ok {
-					if v.CveContents == nil {
-						v.CveContents = models.NewCveContents(*cveCont)
-					} else {
-						v.CveContents[models.RedHatAPI] = *cveCont
-					}
-				} else {
-					v = models.VulnInfo{
-						CveID:       cveCont.CveID,
-						CveContents: models.NewCveContents(*cveCont),
-						Confidences: models.Confidences{models.RedHatAPIMatch},
-					}
-					nCVEs++
-				}
-				pkgStats := red.mergePackageStates(v,
-					cve.PackageState, r.Packages, r.Release)
-				if 0 < len(pkgStats) {
-					v.AffectedPackages = pkgStats
-					r.ScannedCves[cve.Name] = v
-				}
-			}
+func (red RedHat) setFixedCveToScanResult(cve *gostmodels.RedhatCVE, r *models.ScanResult) {
+	cveCont, mitigations := red.ConvertToModel(cve)
+	v, ok := r.ScannedCves[cveCont.CveID]
+	if ok {
+		if v.CveContents == nil {
+			v.CveContents = models.NewCveContents(*cveCont)
+		} else {
+			v.CveContents[models.RedHatAPI] = []models.CveContent{*cveCont}
 		}
 	} else {
-		if driver == nil {
-			return 0, nil
-		}
-		for _, pack := range r.Packages {
-			// CVE-ID: RedhatCVE
-			cves := driver.GetUnfixedCvesRedhat(major(r.Release), pack.Name, ignoreWillNotFix)
-			for _, cve := range cves {
-				cveCont := red.ConvertToModel(&cve)
-				v, ok := r.ScannedCves[cve.Name]
-				if ok {
-					if v.CveContents == nil {
-						v.CveContents = models.NewCveContents(*cveCont)
-					} else {
-						v.CveContents[models.RedHatAPI] = *cveCont
-					}
-				} else {
-					v = models.VulnInfo{
-						CveID:       cveCont.CveID,
-						CveContents: models.NewCveContents(*cveCont),
-						Confidences: models.Confidences{models.RedHatAPIMatch},
-					}
-					nCVEs++
-				}
-
-				pkgStats := red.mergePackageStates(v,
-					cve.PackageState, r.Packages, r.Release)
-				if 0 < len(pkgStats) {
-					v.AffectedPackages = pkgStats
-					r.ScannedCves[cve.Name] = v
-				}
-			}
+		v = models.VulnInfo{
+			CveID:       cveCont.CveID,
+			CveContents: models.NewCveContents(*cveCont),
+			Confidences: models.Confidences{models.RedHatAPIMatch},
 		}
 	}
-	return nCVEs, nil
+	v.Mitigations = append(v.Mitigations, mitigations...)
+	r.ScannedCves[cveCont.CveID] = v
+}
+
+func (red RedHat) setUnfixedCveToScanResult(cve *gostmodels.RedhatCVE, r *models.ScanResult) (newly bool) {
+	cveCont, mitigations := red.ConvertToModel(cve)
+	v, ok := r.ScannedCves[cve.Name]
+	if ok {
+		if v.CveContents == nil {
+			v.CveContents = models.NewCveContents(*cveCont)
+		} else {
+			v.CveContents[models.RedHatAPI] = []models.CveContent{*cveCont}
+		}
+	} else {
+		v = models.VulnInfo{
+			CveID:       cveCont.CveID,
+			CveContents: models.NewCveContents(*cveCont),
+			Confidences: models.Confidences{models.RedHatAPIMatch},
+		}
+		newly = true
+	}
+	v.Mitigations = append(v.Mitigations, mitigations...)
+
+	gostRelease := r.Release
+	if r.Family == constant.CentOS {
+		gostRelease = strings.TrimPrefix(r.Release, "stream")
+	}
+	pkgStats := red.mergePackageStates(v, cve.PackageState, r.Packages, gostRelease)
+	if 0 < len(pkgStats) {
+		v.AffectedPackages = pkgStats
+		r.ScannedCves[cve.Name] = v
+	}
+	return
 }

 func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPackageState, installed models.Packages, release string) (pkgStats models.PackageFixStatuses) {
@@ -218,7 +208,7 @@ func (red RedHat) parseCwe(str string) (cwes []string) {
 }

 // ConvertToModel converts gost model to vuls model
-func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
+func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) (*models.CveContent, []models.Mitigation) {
 	cwes := red.parseCwe(cve.Cwe)

 	details := []string{}
@@ -249,6 +239,18 @@ func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
 		refs = append(refs, models.Reference{Link: r.Reference})
 	}

+	vendorURL := "https://access.redhat.com/security/cve/" + cve.Name
+	mitigations := []models.Mitigation{}
+	if cve.Mitigation != "" {
+		mitigations = []models.Mitigation{
+			{
+				CveContentType: models.RedHatAPI,
+				Mitigation:     cve.Mitigation,
+				URL:            vendorURL,
+			},
+		}
+	}
+
 	return &models.CveContent{
 		Type:          models.RedHatAPI,
 		CveID:         cve.Name,
@@ -262,8 +264,7 @@ func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
 		Cvss3Severity: v3severity,
 		References:    refs,
 		CweIDs:        cwes,
-		Mitigation:    cve.Mitigation,
 		Published:     cve.PublicDate,
-		SourceLink:    "https://access.redhat.com/security/cve/" + cve.Name,
-	}
+		SourceLink:    vendorURL,
+	}, mitigations
 }
--- a/gost/redhat_test.go
+++ b/gost/redhat_test.go
@@ -1,3 +1,6 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import (
--- a/gost/ubuntu.go
+++ b/gost/ubuntu.go
@@ -0,0 +1,202 @@
+//go:build !scanner
+// +build !scanner
+
+package gost
+
+import (
+	"encoding/json"
+	"strings"
+
+	"golang.org/x/xerrors"
+
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	gostmodels "github.com/vulsio/gost/models"
+)
+
+// Ubuntu is Gost client for Ubuntu
+type Ubuntu struct {
+	Base
+}
+
+func (ubu Ubuntu) supported(version string) bool {
+	_, ok := map[string]string{
+		"1404": "trusty",
+		"1604": "xenial",
+		"1804": "bionic",
+		"1910": "eoan",
+		"2004": "focal",
+		"2010": "groovy",
+		"2104": "hirsute",
+		"2110": "impish",
+		"2204": "jammy",
+	}[version]
+	return ok
+}
+
+// DetectCVEs fills cve information that has in Gost
+func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error) {
+	ubuReleaseVer := strings.Replace(r.Release, ".", "", 1)
+	if !ubu.supported(ubuReleaseVer) {
+		logging.Log.Warnf("Ubuntu %s is not supported yet", r.Release)
+		return 0, nil
+	}
+
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+	// Add linux and set the version of running kernel to search Gost.
+	if r.Container.ContainerID == "" {
+		newVer := ""
+		if p, ok := r.Packages[linuxImage]; ok {
+			newVer = p.NewVersion
+		}
+		r.Packages["linux"] = models.Package{
+			Name:       "linux",
+			Version:    r.RunningKernel.Version,
+			NewVersion: newVer,
+		}
+	}
+
+	packCvesList := []packCves{}
+	if ubu.driver == nil {
+		url, err := util.URLPathJoin(ubu.baseURL, "ubuntu", ubuReleaseVer, "pkgs")
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+		}
+		responses, err := getAllUnfixedCvesViaHTTP(r, url)
+		if err != nil {
+			return 0, xerrors.Errorf("Failed to get Unfixed CVEs via HTTP. err: %w", err)
+		}
+
+		for _, res := range responses {
+			ubuCves := map[string]gostmodels.UbuntuCVE{}
+			if err := json.Unmarshal([]byte(res.json), &ubuCves); err != nil {
+				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			}
+			cves := []models.CveContent{}
+			for _, ubucve := range ubuCves {
+				cves = append(cves, *ubu.ConvertToModel(&ubucve))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  res.request.packName,
+				isSrcPack: res.request.isSrcPack,
+				cves:      cves,
+			})
+		}
+	} else {
+		for _, pack := range r.Packages {
+			ubuCves, err := ubu.driver.GetUnfixedCvesUbuntu(ubuReleaseVer, pack.Name)
+			if err != nil {
+				return 0, xerrors.Errorf("Failed to get Unfixed CVEs For Package. err: %w", err)
+			}
+			cves := []models.CveContent{}
+			for _, ubucve := range ubuCves {
+				cves = append(cves, *ubu.ConvertToModel(&ubucve))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  pack.Name,
+				isSrcPack: false,
+				cves:      cves,
+			})
+		}
+
+		// SrcPack
+		for _, pack := range r.SrcPackages {
+			ubuCves, err := ubu.driver.GetUnfixedCvesUbuntu(ubuReleaseVer, pack.Name)
+			if err != nil {
+				return 0, xerrors.Errorf("Failed to get Unfixed CVEs For SrcPackage. err: %w", err)
+			}
+			cves := []models.CveContent{}
+			for _, ubucve := range ubuCves {
+				cves = append(cves, *ubu.ConvertToModel(&ubucve))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  pack.Name,
+				isSrcPack: true,
+				cves:      cves,
+			})
+		}
+	}
+
+	delete(r.Packages, "linux")
+
+	for _, p := range packCvesList {
+		for _, cve := range p.cves {
+			v, ok := r.ScannedCves[cve.CveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(cve)
+				} else {
+					v.CveContents[models.UbuntuAPI] = []models.CveContent{cve}
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cve.CveID,
+					CveContents: models.NewCveContents(cve),
+					Confidences: models.Confidences{models.UbuntuAPIMatch},
+				}
+				nCVEs++
+			}
+
+			names := []string{}
+			if p.isSrcPack {
+				if srcPack, ok := r.SrcPackages[p.packName]; ok {
+					for _, binName := range srcPack.BinaryNames {
+						if _, ok := r.Packages[binName]; ok {
+							names = append(names, binName)
+						}
+					}
+				}
+			} else {
+				if p.packName == "linux" {
+					names = append(names, linuxImage)
+				} else {
+					names = append(names, p.packName)
+				}
+			}
+
+			for _, name := range names {
+				v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
+					Name:        name,
+					FixState:    "open",
+					NotFixedYet: true,
+				})
+			}
+			r.ScannedCves[cve.CveID] = v
+		}
+	}
+	return nCVEs, nil
+}
+
+// ConvertToModel converts gost model to vuls model
+func (ubu Ubuntu) ConvertToModel(cve *gostmodels.UbuntuCVE) *models.CveContent {
+	references := []models.Reference{}
+	for _, r := range cve.References {
+		if strings.Contains(r.Reference, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=") {
+			references = append(references, models.Reference{Source: "CVE", Link: r.Reference})
+		} else {
+			references = append(references, models.Reference{Link: r.Reference})
+		}
+	}
+
+	for _, b := range cve.Bugs {
+		references = append(references, models.Reference{Source: "Bug", Link: b.Bug})
+	}
+
+	for _, u := range cve.Upstreams {
+		for _, upstreamLink := range u.UpstreamLinks {
+			references = append(references, models.Reference{Source: "UPSTREAM", Link: upstreamLink.Link})
+		}
+	}
+
+	return &models.CveContent{
+		Type:          models.UbuntuAPI,
+		CveID:         cve.Candidate,
+		Summary:       cve.Description,
+		Cvss2Severity: cve.Priority,
+		Cvss3Severity: cve.Priority,
+		SourceLink:    "https://ubuntu.com/security/" + cve.Candidate,
+		References:    references,
+		Published:     cve.PublicDate,
+	}
+}
--- a/gost/ubuntu_test.go
+++ b/gost/ubuntu_test.go
@@ -0,0 +1,137 @@
+package gost
+
+import (
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/future-architect/vuls/models"
+	gostmodels "github.com/vulsio/gost/models"
+)
+
+func TestUbuntu_Supported(t *testing.T) {
+	type args struct {
+		ubuReleaseVer string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "14.04 is supported",
+			args: args{
+				ubuReleaseVer: "1404",
+			},
+			want: true,
+		},
+		{
+			name: "16.04 is supported",
+			args: args{
+				ubuReleaseVer: "1604",
+			},
+			want: true,
+		},
+		{
+			name: "18.04 is supported",
+			args: args{
+				ubuReleaseVer: "1804",
+			},
+			want: true,
+		},
+		{
+			name: "20.04 is supported",
+			args: args{
+				ubuReleaseVer: "2004",
+			},
+			want: true,
+		},
+		{
+			name: "20.10 is supported",
+			args: args{
+				ubuReleaseVer: "2010",
+			},
+			want: true,
+		},
+		{
+			name: "21.04 is supported",
+			args: args{
+				ubuReleaseVer: "2104",
+			},
+			want: true,
+		},
+		{
+			name: "empty string is not supported yet",
+			args: args{
+				ubuReleaseVer: "",
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ubu := Ubuntu{}
+			if got := ubu.supported(tt.args.ubuReleaseVer); got != tt.want {
+				t.Errorf("Ubuntu.Supported() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestUbuntuConvertToModel(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    gostmodels.UbuntuCVE
+		expected models.CveContent
+	}{
+		{
+			name: "gost Ubuntu.ConvertToModel",
+			input: gostmodels.UbuntuCVE{
+				Candidate:  "CVE-2021-3517",
+				PublicDate: time.Date(2021, 5, 19, 14, 15, 0, 0, time.UTC),
+				References: []gostmodels.UbuntuReference{
+					{Reference: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517"},
+					{Reference: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/235"},
+					{Reference: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2"}},
+				Description: "description.",
+				Notes:       []gostmodels.UbuntuNote{},
+				Bugs:        []gostmodels.UbuntuBug{{Bug: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738"}},
+				Priority:    "medium",
+				Patches: []gostmodels.UbuntuPatch{
+					{PackageName: "libxml2", ReleasePatches: []gostmodels.UbuntuReleasePatch{
+						{ReleaseName: "focal", Status: "needed", Note: ""},
+					}},
+				},
+				Upstreams: []gostmodels.UbuntuUpstream{{
+					PackageName: "libxml2", UpstreamLinks: []gostmodels.UbuntuUpstreamLink{
+						{Link: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2"},
+					},
+				}},
+			},
+			expected: models.CveContent{
+				Type:          models.UbuntuAPI,
+				CveID:         "CVE-2021-3517",
+				Summary:       "description.",
+				Cvss2Severity: "medium",
+				Cvss3Severity: "medium",
+				SourceLink:    "https://ubuntu.com/security/CVE-2021-3517",
+				References: []models.Reference{
+					{Source: "CVE", Link: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517"},
+					{Link: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/235"},
+					{Link: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2"},
+					{Source: "Bug", Link: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738"},
+					{Source: "UPSTREAM", Link: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2"}},
+				Published: time.Date(2021, 5, 19, 14, 15, 0, 0, time.UTC),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ubu := Ubuntu{}
+			got := ubu.ConvertToModel(&tt.input)
+			if !reflect.DeepEqual(got, &tt.expected) {
+				t.Errorf("Ubuntu.ConvertToModel() = %#v, want %#v", got, &tt.expected)
+			}
+		})
+	}
+}
--- a/gost/util.go
+++ b/gost/util.go
@@ -1,10 +1,15 @@
+//go:build !scanner
+// +build !scanner
+
 package gost

 import (
 	"net/http"
+	"strings"
 	"time"

 	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
 	"github.com/parnurzeal/gorequest"
@@ -47,7 +52,7 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 				if err != nil {
 					errChan <- err
 				} else {
-					util.Log.Debugf("HTTP Request to %s", url)
+					logging.Log.Debugf("HTTP Request to %s", url)
 					httpGet(url, req, resChan, errChan)
 				}
 			}
@@ -81,7 +86,10 @@ type request struct {

 func getAllUnfixedCvesViaHTTP(r *models.ScanResult, urlPrefix string) (
 	responses []response, err error) {
+	return getCvesWithFixStateViaHTTP(r, urlPrefix, "unfixed-cves")
+}

+func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string) (responses []response, err error) {
 	nReq := len(r.Packages) + len(r.SrcPackages)
 	reqChan := make(chan request, nReq)
 	resChan := make(chan response, nReq)
@@ -116,12 +124,12 @@ func getAllUnfixedCvesViaHTTP(r *models.ScanResult, urlPrefix string) (
 				url, err := util.URLPathJoin(
 					urlPrefix,
 					req.packName,
-					"unfixed-cves",
+					fixState,
 				)
 				if err != nil {
 					errChan <- err
 				} else {
-					util.Log.Debugf("HTTP Request to %s", url)
+					logging.Log.Debugf("HTTP Request to %s", url)
 					httpGet(url, req, resChan, errChan)
 				}
 			}
@@ -153,18 +161,18 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 	count, retryMax := 0, 3
 	f := func() (err error) {
 		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-		resp, body, errs = gorequest.New().Get(url).End()
+		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
 			count++
 			if count == retryMax {
 				return nil
 			}
-			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs)
 		}
 		return nil
 	}
 	notify := func(err error, t time.Duration) {
-		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+		logging.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %+v", t, err)
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
@@ -181,3 +189,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 		json:    body,
 	}
 }
+
+func major(osVer string) (majorVersion string) {
+	return strings.Split(osVer, ".")[0]
+}
--- a/img/sponsor/tines.png
+++ b/img/sponsor/tines.png
--- a/1
+++ b/1
--- a/libmanager/libManager.go
+++ b/libmanager/libManager.go
@@ -1,108 +0,0 @@
-package libmanager
-
-import (
-	"context"
-
-	db2 "github.com/aquasecurity/trivy-db/pkg/db"
-	"github.com/aquasecurity/trivy/pkg/db"
-	"github.com/aquasecurity/trivy/pkg/github"
-	"github.com/aquasecurity/trivy/pkg/indicator"
-	"github.com/aquasecurity/trivy/pkg/log"
-	"github.com/spf13/afero"
-	"golang.org/x/xerrors"
-	"k8s.io/utils/clock"
-
-	"github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/util"
-)
-
-// FillLibrary fills LibraryScanner information
-func FillLibrary(r *models.ScanResult) (totalCnt int, err error) {
-	if len(r.LibraryScanners) == 0 {
-		return
-	}
-
-	// initialize trivy's logger and db
-	err = log.InitLogger(false, false)
-	if err != nil {
-		return 0, err
-	}
-
-	util.Log.Info("Updating library db...")
-	if err := downloadDB(config.Version, config.Conf.TrivyCacheDBDir, config.Conf.NoProgress, false, false); err != nil {
-		return 0, err
-	}
-
-	if err := db2.Init(config.Conf.TrivyCacheDBDir); err != nil {
-		return 0, err
-	}
-	defer db2.Close()
-
-	for _, lib := range r.LibraryScanners {
-		vinfos, err := lib.Scan()
-		if err != nil {
-			return 0, err
-		}
-		for _, vinfo := range vinfos {
-			vinfo.Confidences.AppendIfMissing(models.TrivyMatch)
-			if v, ok := r.ScannedCves[vinfo.CveID]; !ok {
-				r.ScannedCves[vinfo.CveID] = vinfo
-			} else {
-				v.LibraryFixedIns = append(v.LibraryFixedIns, vinfo.LibraryFixedIns...)
-				r.ScannedCves[vinfo.CveID] = v
-			}
-		}
-		totalCnt += len(vinfos)
-	}
-
-	return totalCnt, nil
-}
-
-func downloadDB(appVersion, cacheDir string, quiet, light, skipUpdate bool) error {
-	client := initializeDBClient(cacheDir, quiet)
-	ctx := context.Background()
-	needsUpdate, err := client.NeedsUpdate(appVersion, light, skipUpdate)
-	if err != nil {
-		return xerrors.Errorf("database error: %w", err)
-	}
-
-	if needsUpdate {
-		util.Log.Info("Need to update DB")
-		util.Log.Info("Downloading DB...")
-		if err := client.Download(ctx, cacheDir, light); err != nil {
-			return xerrors.Errorf("failed to download vulnerability DB: %w", err)
-		}
-		if err = client.UpdateMetadata(cacheDir); err != nil {
-			return xerrors.Errorf("unable to update database metadata: %w", err)
-		}
-	}
-
-	// for debug
-	if err := showDBInfo(cacheDir); err != nil {
-		return xerrors.Errorf("failed to show database info: %w", err)
-	}
-	return nil
-}
-
-func initializeDBClient(cacheDir string, quiet bool) db.Client {
-	config := db2.Config{}
-	client := github.NewClient()
-	progressBar := indicator.NewProgressBar(quiet)
-	realClock := clock.RealClock{}
-	fs := afero.NewOsFs()
-	metadata := db.NewMetadata(fs, cacheDir)
-	dbClient := db.NewClient(config, client, progressBar, realClock, metadata)
-	return dbClient
-}
-
-func showDBInfo(cacheDir string) error {
-	m := db.NewMetadata(afero.NewOsFs(), cacheDir)
-	metadata, err := m.Get()
-	if err != nil {
-		return xerrors.Errorf("something wrong with DB: %w", err)
-	}
-	util.Log.Debugf("DB Schema: %d, Type: %d, UpdatedAt: %s, NextUpdate: %s",
-		metadata.Version, metadata.Type, metadata.UpdatedAt, metadata.NextUpdate)
-	return nil
-}
--- a/logging/logutil.go
+++ b/logging/logutil.go
@@ -0,0 +1,120 @@
+package logging
+
+import (
+	"flag"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"runtime"
+
+	"github.com/k0kubun/pp"
+	"github.com/rifflock/lfshook"
+	"github.com/sirupsen/logrus"
+
+	formatter "github.com/kotakanbe/logrus-prefixed-formatter"
+)
+
+//LogOpts has options for logging
+type LogOpts struct {
+	Debug     bool   `json:"debug,omitempty"`
+	DebugSQL  bool   `json:"debugSQL,omitempty"`
+	LogToFile bool   `json:"logToFile,omitempty"`
+	LogDir    string `json:"logDir,omitempty"`
+	LogJSON   bool   `json:"logJSON"`
+	Quiet     bool   `json:"quiet,omitempty"`
+}
+
+// Log for localhost
+var Log Logger
+
+// Logger has logrus entry
+type Logger struct {
+	logrus.Entry
+}
+
+func init() {
+	log := logrus.New()
+	log.Out = ioutil.Discard
+	fields := logrus.Fields{"prefix": ""}
+	Log = Logger{Entry: *log.WithFields(fields)}
+}
+
+// NewNormalLogger creates normal logger
+func NewNormalLogger() Logger {
+	return Logger{Entry: logrus.Entry{Logger: logrus.New()}}
+}
+
+// NewCustomLogger creates logrus
+func NewCustomLogger(debug, quiet, logToFile bool, logDir, logMsgAnsiColor, serverName string) Logger {
+	log := logrus.New()
+	log.Formatter = &formatter.TextFormatter{MsgAnsiColor: logMsgAnsiColor}
+	log.Level = logrus.InfoLevel
+	if debug {
+		log.Level = logrus.DebugLevel
+		pp.ColoringEnabled = false
+	}
+
+	if flag.Lookup("test.v") != nil {
+		return Logger{Entry: *logrus.NewEntry(log)}
+	}
+
+	whereami := "localhost"
+	if serverName != "" {
+		whereami = serverName
+	}
+
+	if logToFile {
+		dir := GetDefaultLogDir()
+		if logDir != "" {
+			dir = logDir
+		}
+
+		if _, err := os.Stat(dir); os.IsNotExist(err) {
+			if err := os.Mkdir(dir, 0700); err != nil {
+				log.Errorf("Failed to create log directory. path: %s, err: %+v", dir, err)
+			}
+		}
+
+		logFile := dir + "/vuls.log"
+		if file, err := os.OpenFile(logFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644); err == nil {
+			log.Out = io.MultiWriter(os.Stderr, file)
+		} else {
+			log.Out = os.Stderr
+			log.Errorf("Failed to create log file. path: %s, err: %+v", logFile, err)
+		}
+
+		if _, err := os.Stat(dir); err == nil {
+			path := filepath.Join(dir, fmt.Sprintf("%s.log", whereami))
+			if _, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644); err == nil {
+				log.Hooks.Add(lfshook.NewHook(lfshook.PathMap{
+					logrus.DebugLevel: path,
+					logrus.InfoLevel:  path,
+					logrus.WarnLevel:  path,
+					logrus.ErrorLevel: path,
+					logrus.FatalLevel: path,
+					logrus.PanicLevel: path,
+				}, nil))
+			} else {
+				log.Errorf("Failed to create log file. path: %s, err: %+v", path, err)
+			}
+		}
+	} else if quiet {
+		log.Out = ioutil.Discard
+	} else {
+		log.Out = os.Stderr
+	}
+
+	entry := log.WithFields(logrus.Fields{"prefix": whereami})
+	return Logger{Entry: *entry}
+}
+
+// GetDefaultLogDir returns default log directory
+func GetDefaultLogDir() string {
+	defaultLogDir := "/var/log/vuls"
+	if runtime.GOOS == "windows" {
+		defaultLogDir = filepath.Join(os.Getenv("APPDATA"), "vuls")
+	}
+	return defaultLogDir
+}
--- a/models/cvecontents.go
+++ b/models/cvecontents.go
@@ -1,19 +1,34 @@
 package models

 import (
+	"sort"
+	"strings"
 	"time"

-	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
+	"github.com/future-architect/vuls/constant"
 )

 // CveContents has CveContent
-type CveContents map[CveContentType]CveContent
+type CveContents map[CveContentType][]CveContent

 // NewCveContents create CveContents
 func NewCveContents(conts ...CveContent) CveContents {
 	m := CveContents{}
 	for _, cont := range conts {
-		m[cont.Type] = cont
+		if cont.Type == Jvn {
+			found := false
+			for _, cveCont := range m[cont.Type] {
+				if cont.SourceLink == cveCont.SourceLink {
+					found = true
+					break
+				}
+			}
+			if !found {
+				m[cont.Type] = append(m[cont.Type], cont)
+			}
+		} else {
+			m[cont.Type] = []CveContent{cont}
+		}
 	}
 	return m
 }
@@ -42,25 +57,55 @@ func (v CveContents) Except(exceptCtypes ...CveContentType) (values CveContents)
 	return
 }

-// SourceLinks returns link of source
-func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveContentStr) {
-	if lang == "ja" {
-		if cont, found := v[Jvn]; found && 0 < len(cont.SourceLink) {
-			values = append(values, CveContentStr{Jvn, cont.SourceLink})
-		}
+// PrimarySrcURLs returns link of source
+func (v CveContents) PrimarySrcURLs(lang, myFamily, cveID string, confidences Confidences) (values []CveContentStr) {
+	if cveID == "" {
+		return
 	}

-	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
-	for _, ctype := range order {
-		if cont, found := v[ctype]; found {
-			if cont.SourceLink == "" {
-				continue
+	if conts, found := v[Nvd]; found {
+		for _, cont := range conts {
+			for _, r := range cont.References {
+				for _, t := range r.Tags {
+					if t == "Vendor Advisory" {
+						values = append(values, CveContentStr{Nvd, r.Link})
+					}
+				}
 			}
-			values = append(values, CveContentStr{ctype, cont.SourceLink})
 		}
 	}

-	if len(values) == 0 {
+	order := CveContentTypes{Nvd, NewCveContentType(myFamily), GitHub}
+	for _, ctype := range order {
+		if conts, found := v[ctype]; found {
+			for _, cont := range conts {
+				if cont.SourceLink == "" {
+					continue
+				}
+				values = append(values, CveContentStr{ctype, cont.SourceLink})
+			}
+		}
+	}
+
+	jvnMatch := false
+	for _, confidence := range confidences {
+		if confidence.DetectionMethod == JvnVendorProductMatchStr {
+			jvnMatch = true
+			break
+		}
+	}
+
+	if lang == "ja" || jvnMatch {
+		if conts, found := v[Jvn]; found {
+			for _, cont := range conts {
+				if 0 < len(cont.SourceLink) {
+					values = append(values, CveContentStr{Jvn, cont.SourceLink})
+				}
+			}
+		}
+	}
+
+	if len(values) == 0 && strings.HasPrefix(cveID, "CVE") {
 		return []CveContentStr{{
 			Type:  Nvd,
 			Value: "https://nvd.nist.gov/vuln/detail/" + cveID,
@@ -69,6 +114,25 @@ func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveCont
 	return values
 }

+// PatchURLs returns link of patch
+func (v CveContents) PatchURLs() (urls []string) {
+	conts, found := v[Nvd]
+	if !found {
+		return
+	}
+
+	for _, cont := range conts {
+		for _, r := range cont.References {
+			for _, t := range r.Tags {
+				if t == "Patch" {
+					urls = append(urls, r.Link)
+				}
+			}
+		}
+	}
+	return
+}
+
 /*
 // Severities returns Severities
 func (v CveContents) Severities(myFamily string) (values []CveContentStr) {
@@ -99,11 +163,15 @@ func (v CveContents) Cpes(myFamily string) (values []CveContentCpes) {
 	order = append(order, AllCveContetTypes.Except(order...)...)

 	for _, ctype := range order {
-		if cont, found := v[ctype]; found && 0 < len(cont.Cpes) {
-			values = append(values, CveContentCpes{
-				Type:  ctype,
-				Value: cont.Cpes,
-			})
+		if conts, found := v[ctype]; found {
+			for _, cont := range conts {
+				if 0 < len(cont.Cpes) {
+					values = append(values, CveContentCpes{
+						Type:  ctype,
+						Value: cont.Cpes,
+					})
+				}
+			}
 		}
 	}
 	return
@@ -121,11 +189,15 @@ func (v CveContents) References(myFamily string) (values []CveContentRefs) {
 	order = append(order, AllCveContetTypes.Except(order...)...)

 	for _, ctype := range order {
-		if cont, found := v[ctype]; found && 0 < len(cont.References) {
-			values = append(values, CveContentRefs{
-				Type:  ctype,
-				Value: cont.References,
-			})
+		if conts, found := v[ctype]; found {
+			for _, cont := range conts {
+				if 0 < len(cont.References) {
+					values = append(values, CveContentRefs{
+						Type:  ctype,
+						Value: cont.References,
+					})
+				}
+			}
 		}
 	}

@@ -137,17 +209,21 @@ func (v CveContents) CweIDs(myFamily string) (values []CveContentStr) {
 	order := CveContentTypes{NewCveContentType(myFamily)}
 	order = append(order, AllCveContetTypes.Except(order...)...)
 	for _, ctype := range order {
-		if cont, found := v[ctype]; found && 0 < len(cont.CweIDs) {
-			for _, cweID := range cont.CweIDs {
-				for _, val := range values {
-					if val.Value == cweID {
-						continue
+		if conts, found := v[ctype]; found {
+			for _, cont := range conts {
+				if 0 < len(cont.CweIDs) {
+					for _, cweID := range cont.CweIDs {
+						for _, val := range values {
+							if val.Value == cweID {
+								continue
+							}
+						}
+						values = append(values, CveContentStr{
+							Type:  ctype,
+							Value: cweID,
+						})
 					}
 				}
-				values = append(values, CveContentStr{
-					Type:  ctype,
-					Value: cweID,
-				})
 			}
 		}
 	}
@@ -166,6 +242,47 @@ func (v CveContents) UniqCweIDs(myFamily string) (values []CveContentStr) {
 	return values
 }

+// Sort elements for integration-testing
+func (v CveContents) Sort() {
+	for contType, contents := range v {
+		// CVSS3 desc, CVSS2 desc, SourceLink asc
+		sort.Slice(contents, func(i, j int) bool {
+			if contents[i].Cvss3Score > contents[j].Cvss3Score {
+				return true
+			} else if contents[i].Cvss3Score == contents[i].Cvss3Score {
+				if contents[i].Cvss2Score > contents[j].Cvss2Score {
+					return true
+				} else if contents[i].Cvss2Score == contents[i].Cvss2Score {
+					if contents[i].SourceLink < contents[j].SourceLink {
+						return true
+					}
+				}
+			}
+			return false
+		})
+		v[contType] = contents
+	}
+	for contType, contents := range v {
+		for cveID, cont := range contents {
+			sort.Slice(cont.References, func(i, j int) bool {
+				return cont.References[i].Link < cont.References[j].Link
+			})
+			sort.Slice(cont.CweIDs, func(i, j int) bool {
+				return cont.CweIDs[i] < cont.CweIDs[j]
+			})
+			for i, ref := range cont.References {
+				// sort v.CveContents[].References[].Tags
+				sort.Slice(ref.Tags, func(j, k int) bool {
+					return ref.Tags[j] < ref.Tags[k]
+				})
+				cont.References[i] = ref
+			}
+			contents[cveID] = cont
+		}
+		v[contType] = contents
+	}
+}
+
 // CveContent has abstraction of various vulnerability information
 type CveContent struct {
 	Type          CveContentType    `json:"type"`
@@ -184,7 +301,6 @@ type CveContent struct {
 	CweIDs        []string          `json:"cweIDs,omitempty"`
 	Published     time.Time         `json:"published"`
 	LastModified  time.Time         `json:"lastModified"`
-	Mitigation    string            `json:"mitigation"` // RedHat API
 	Optional      map[string]string `json:"optional,omitempty"`
 }

@@ -199,52 +315,45 @@ type CveContentType string
 // NewCveContentType create CveContentType
 func NewCveContentType(name string) CveContentType {
 	switch name {
-	case "nvdxml":
-		return NvdXML
 	case "nvd":
 		return Nvd
 	case "jvn":
 		return Jvn
-	case "redhat", "centos":
+	case "redhat", "centos", "alma", "rocky":
 		return RedHat
+	case "fedora":
+		return Fedora
 	case "oracle":
 		return Oracle
 	case "ubuntu":
 		return Ubuntu
-	case "debian", vulnerability.DebianOVAL:
+	case "debian", "debian-oval":
 		return Debian
 	case "redhat_api":
 		return RedHatAPI
 	case "debian_security_tracker":
 		return DebianSecurityTracker
+	case "ubuntu_api":
+		return UbuntuAPI
+	case constant.OpenSUSE, constant.OpenSUSELeap, constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop:
+		return SUSE
 	case "microsoft":
 		return Microsoft
 	case "wordpress":
-		return WPVulnDB
+		return WpScan
 	case "amazon":
 		return Amazon
 	case "trivy":
 		return Trivy
-	// case vulnerability.NodejsSecurityWg:
-	// 	return NodeSec
-	// case vulnerability.PythonSafetyDB:
-	// 	return PythonSec
-	// case vulnerability.RustSec:
-	// 	return RustSec
-	// case vulnerability.PhpSecurityAdvisories:
-	// 	return PhpSec
-	// case vulnerability.RubySec:
-	// 	return RubySec
+	case "GitHub":
+		return Trivy
 	default:
 		return Unknown
 	}
 }

 const (
-	// NvdXML is NvdXML
-	NvdXML CveContentType = "nvdxml"
-
-	// Nvd is Nvd
+	// Nvd is Nvd JSON
 	Nvd CveContentType = "nvd"

 	// Jvn is Jvn
@@ -265,38 +374,32 @@ const (
 	// Ubuntu is Ubuntu
 	Ubuntu CveContentType = "ubuntu"

+	// UbuntuAPI is Ubuntu
+	UbuntuAPI CveContentType = "ubuntu_api"
+
 	// Oracle is Oracle Linux
 	Oracle CveContentType = "oracle"

 	// Amazon is Amazon Linux
 	Amazon CveContentType = "amazon"

+	// Fedora is Fedora Linux
+	Fedora CveContentType = "fedora"
+
 	// SUSE is SUSE Linux
 	SUSE CveContentType = "suse"

 	// Microsoft is Microsoft
 	Microsoft CveContentType = "microsoft"

-	// WPVulnDB is WordPress
-	WPVulnDB CveContentType = "wpvulndb"
+	// WpScan is WordPress
+	WpScan CveContentType = "wpscan"

 	// Trivy is Trivy
 	Trivy CveContentType = "trivy"

-	// NodeSec : for JS
-	// NodeSec CveContentType = "node"
-
-	// // PythonSec : for PHP
-	// PythonSec CveContentType = "python"
-
-	// // PhpSec : for PHP
-	// PhpSec CveContentType = "php"
-
-	// // RubySec : for Ruby
-	// RubySec CveContentType = "ruby"
-
-	// // RustSec : for Rust
-	// RustSec CveContentType = "rust"
+	// GitHub is GitHub Security Alerts
+	GitHub CveContentType = "github"

 	// Unknown is Unknown
 	Unknown CveContentType = "unknown"
@@ -308,22 +411,19 @@ type CveContentTypes []CveContentType
 // AllCveContetTypes has all of CveContentTypes
 var AllCveContetTypes = CveContentTypes{
 	Nvd,
-	NvdXML,
 	Jvn,
 	RedHat,
 	RedHatAPI,
 	Debian,
-	Ubuntu,
-	Amazon,
-	SUSE,
 	DebianSecurityTracker,
-	WPVulnDB,
+	Ubuntu,
+	UbuntuAPI,
+	Amazon,
+	Fedora,
+	SUSE,
+	WpScan,
 	Trivy,
-	// NodeSec,
-	// PythonSec,
-	// PhpSec,
-	// RubySec,
-	// RustSec,
+	GitHub,
 }

 // Except returns CveContentTypes except for given args
@@ -354,7 +454,8 @@ type References []Reference

 // Reference has a related link of the CVE
 type Reference struct {
-	Source string `json:"source"`
-	Link   string `json:"link"`
-	RefID  string `json:"refID"`
+	Link   string   `json:"link,omitempty"`
+	Source string   `json:"source,omitempty"`
+	RefID  string   `json:"refID,omitempty"`
+	Tags   []string `json:"tags,omitempty"`
 }
--- a/models/cvecontents_test.go
+++ b/models/cvecontents_test.go
@@ -11,12 +11,12 @@ func TestExcept(t *testing.T) {
 		out CveContents
 	}{{
 		in: CveContents{
-			RedHat: {Type: RedHat},
-			Ubuntu: {Type: Ubuntu},
-			Debian: {Type: Debian},
+			RedHat: []CveContent{{Type: RedHat}},
+			Ubuntu: []CveContent{{Type: Ubuntu}},
+			Debian: []CveContent{{Type: Debian}},
 		},
 		out: CveContents{
-			RedHat: {Type: RedHat},
+			RedHat: []CveContent{{Type: RedHat}},
 		},
 	},
 	}
@@ -30,9 +30,10 @@ func TestExcept(t *testing.T) {

 func TestSourceLinks(t *testing.T) {
 	type in struct {
-		lang  string
-		cveID string
-		cont  CveContents
+		lang        string
+		cveID       string
+		cont        CveContents
+		confidences Confidences
 	}
 	var tests = []struct {
 		in  in
@@ -44,33 +45,51 @@ func TestSourceLinks(t *testing.T) {
 				lang:  "ja",
 				cveID: "CVE-2017-6074",
 				cont: CveContents{
-					Jvn: {
+					Jvn: []CveContent{{
 						Type:       Jvn,
 						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
-					},
-					RedHat: {
+					}},
+					RedHat: []CveContent{{
 						Type:       RedHat,
 						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
-					},
-					NvdXML: {
-						Type:       NvdXML,
+					}},
+					Nvd: []CveContent{{
+						Type: Nvd,
+						References: []Reference{
+							{
+								Link:   "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E",
+								Source: "",
+								RefID:  "",
+								Tags:   []string{"Vendor Advisory"},
+							},
+							{
+								Link:   "http://yahoo.com",
+								Source: "",
+								RefID:  "",
+								Tags:   []string{"Vendor"},
+							},
+						},
 						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
-					},
+					}},
 				},
 			},
 			out: []CveContentStr{
 				{
-					Type:  Jvn,
-					Value: "https://jvn.jp/vu/JVNVU93610402/",
+					Type:  Nvd,
+					Value: "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E",
 				},
 				{
-					Type:  NvdXML,
+					Type:  Nvd,
 					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 				},
 				{
 					Type:  RedHat,
 					Value: "https://access.redhat.com/security/cve/CVE-2017-6074",
 				},
+				{
+					Type:  Jvn,
+					Value: "https://jvn.jp/vu/JVNVU93610402/",
+				},
 			},
 		},
 		// lang: en
@@ -79,25 +98,17 @@ func TestSourceLinks(t *testing.T) {
 				lang:  "en",
 				cveID: "CVE-2017-6074",
 				cont: CveContents{
-					Jvn: {
+					Jvn: []CveContent{{
 						Type:       Jvn,
 						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
-					},
-					RedHat: {
+					}},
+					RedHat: []CveContent{{
 						Type:       RedHat,
 						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
-					},
-					NvdXML: {
-						Type:       NvdXML,
-						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
-					},
+					}},
 				},
 			},
 			out: []CveContentStr{
-				{
-					Type:  NvdXML,
-					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
-				},
 				{
 					Type:  RedHat,
 					Value: "https://access.redhat.com/security/cve/CVE-2017-6074",
@@ -118,73 +129,123 @@ func TestSourceLinks(t *testing.T) {
 				},
 			},
 		},
+		// Confidence: JvnVendorProductMatch
+		{
+			in: in{
+				lang:  "en",
+				cveID: "CVE-2017-6074",
+				cont: CveContents{
+					Jvn: []CveContent{{
+						Type:       Jvn,
+						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
+					}},
+				},
+				confidences: Confidences{
+					Confidence{DetectionMethod: JvnVendorProductMatchStr},
+				},
+			},
+			out: []CveContentStr{
+				{
+					Type:  Jvn,
+					Value: "https://jvn.jp/vu/JVNVU93610402/",
+				},
+			},
+		},
 	}
 	for i, tt := range tests {
-		actual := tt.in.cont.SourceLinks(tt.in.lang, "redhat", tt.in.cveID)
+		actual := tt.in.cont.PrimarySrcURLs(tt.in.lang, "redhat", tt.in.cveID, tt.in.confidences)
 		if !reflect.DeepEqual(tt.out, actual) {
 			t.Errorf("\n[%d] expected: %v\n  actual: %v\n", i, tt.out, actual)
 		}
 	}
 }

-func TestVendorLink(t *testing.T) {
-	type in struct {
-		family string
-		vinfo  VulnInfo
-	}
-	var tests = []struct {
-		in  in
-		out map[string]string
+func TestCveContents_Sort(t *testing.T) {
+	tests := []struct {
+		name string
+		v    CveContents
+		want CveContents
 	}{
 		{
-			in: in{
-				family: "redhat",
-				vinfo: VulnInfo{
-					CveID: "CVE-2017-6074",
-					CveContents: CveContents{
-						Jvn: {
-							Type:       Jvn,
-							SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
-						},
-						RedHat: {
-							Type:       RedHat,
-							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
-						},
-						NvdXML: {
-							Type:       NvdXML,
-							SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
-						},
-					},
+			name: "sorted",
+			v: map[CveContentType][]CveContent{
+				"jvn": {
+					{Cvss3Score: 3},
+					{Cvss3Score: 10},
 				},
 			},
-			out: map[string]string{
-				"RHEL-CVE": "https://access.redhat.com/security/cve/CVE-2017-6074",
+			want: map[CveContentType][]CveContent{
+				"jvn": {
+					{Cvss3Score: 10},
+					{Cvss3Score: 3},
+				},
 			},
 		},
 		{
-			in: in{
-				family: "ubuntu",
-				vinfo: VulnInfo{
-					CveID: "CVE-2017-6074",
-					CveContents: CveContents{
-						RedHat: {
-							Type:       Ubuntu,
-							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
-						},
+			name: "sort JVN by cvss3, cvss2, sourceLink",
+			v: map[CveContentType][]CveContent{
+				"jvn": {
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 3,
+						SourceLink: "https://jvndb.jvn.jp/ja/contents/2023/JVNDB-2023-001210.html",
+					},
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 3,
+						SourceLink: "https://jvndb.jvn.jp/ja/contents/2021/JVNDB-2021-001210.html",
 					},
 				},
 			},
-			out: map[string]string{
-				"Ubuntu-CVE": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074",
+			want: map[CveContentType][]CveContent{
+				"jvn": {
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 3,
+						SourceLink: "https://jvndb.jvn.jp/ja/contents/2021/JVNDB-2021-001210.html",
+					},
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 3,
+						SourceLink: "https://jvndb.jvn.jp/ja/contents/2023/JVNDB-2023-001210.html",
+					},
+				},
+			},
+		},
+		{
+			name: "sort JVN by cvss3, cvss2",
+			v: map[CveContentType][]CveContent{
+				"jvn": {
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 1,
+					},
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 10,
+					},
+				},
+			},
+			want: map[CveContentType][]CveContent{
+				"jvn": {
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 10,
+					},
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 1,
+					},
+				},
 			},
 		},
 	}
 	for _, tt := range tests {
-		actual := tt.in.vinfo.VendorLinks(tt.in.family)
-		for k := range tt.out {
-			if tt.out[k] != actual[k] {
-				t.Errorf("\nexpected: %s\n  actual: %s\n", tt.out[k], actual[k])
+		t.Run(tt.name, func(t *testing.T) {
+			tt.v.Sort()
+			if !reflect.DeepEqual(tt.v, tt.want) {
+				t.Errorf("\n[%s] expected: %v\n  actual: %v\n", tt.name, tt.want, tt.v)
 			}
-		}
+		})
 	}
 }
--- a/models/library.go
+++ b/models/library.go
@@ -3,28 +3,26 @@ package models
 import (
 	"path/filepath"

+	ftypes "github.com/aquasecurity/fanal/types"
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	trivyDBTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/detector/library"
-
 	"github.com/aquasecurity/trivy/pkg/types"
-	"github.com/future-architect/vuls/util"
 	"golang.org/x/xerrors"

-	// "github.com/aquasecurity/go-dep-parser/pkg/types"
-	"github.com/knqyf263/go-version"
+	"github.com/future-architect/vuls/logging"
 )

 // LibraryScanners is an array of LibraryScanner
 type LibraryScanners []LibraryScanner

 // Find : find by name
-func (lss LibraryScanners) Find(path, name string) map[string]types.Library {
-	filtered := map[string]types.Library{}
+func (lss LibraryScanners) Find(path, name string) map[string]Library {
+	filtered := map[string]Library{}
 	for _, ls := range lss {
 		for _, lib := range ls.Libs {
-			if ls.Path == path && lib.Name == name {
-				filtered[ls.Path] = lib
+			if ls.LockfilePath == path && lib.Name == name {
+				filtered[ls.LockfilePath] = lib
 				break
 			}
 		}
@@ -32,27 +30,42 @@ func (lss LibraryScanners) Find(path, name string) map[string]types.Library {
 	return filtered
 }

+// Total returns total count of pkgs
+func (lss LibraryScanners) Total() (total int) {
+	for _, lib := range lss {
+		total += len(lib.Libs)
+	}
+	return
+}
+
 // LibraryScanner has libraries information
 type LibraryScanner struct {
-	Path string
-	Libs []types.Library
+	Type string
+	Libs []Library
+
+	// The path to the Lockfile is stored.
+	LockfilePath string `json:"path,omitempty"`
+}
+
+// Library holds the attribute of a package library
+type Library struct {
+	Name    string
+	Version string
+
+	// The Path to the library in the container image. Empty string when Lockfile scan.
+	// This field is used to convert the result JSON of a `trivy image` using trivy-to-vuls.
+	FilePath string
 }

 // Scan : scan target library
 func (s LibraryScanner) Scan() ([]VulnInfo, error) {
-	scanner, err := library.DriverFactory{}.NewDriver(filepath.Base(string(s.Path)))
+	scanner, err := library.NewDriver(s.Type)
 	if err != nil {
 		return nil, xerrors.Errorf("Failed to new a library driver: %w", err)
 	}
 	var vulnerabilities = []VulnInfo{}
 	for _, pkg := range s.Libs {
-		v, err := version.NewVersion(pkg.Version)
-		if err != nil {
-			util.Log.Debugf("new version cant detected %s@%s", pkg.Name, pkg.Version)
-			continue
-		}
-
-		tvulns, err := scanner.Detect(pkg.Name, v)
+		tvulns, err := scanner.DetectVulnerabilities(pkg.Name, pkg.Version)
 		if err != nil {
 			return nil, xerrors.Errorf("failed to detect %s vulnerabilities: %w", scanner.Type(), err)
 		}
@@ -71,7 +84,7 @@ func (s LibraryScanner) convertFanalToVuln(tvulns []types.DetectedVulnerability)
 	for _, tvuln := range tvulns {
 		vinfo, err := s.getVulnDetail(tvuln)
 		if err != nil {
-			util.Log.Debugf("failed to getVulnDetail. err: %s, tvuln: %#v", err, tvuln)
+			logging.Log.Debugf("failed to getVulnDetail. err: %+v, tvuln: %#v", err, tvuln)
 			continue
 		}
 		vulns = append(vulns, vinfo)
@@ -87,53 +100,86 @@ func (s LibraryScanner) getVulnDetail(tvuln types.DetectedVulnerability) (vinfo

 	vinfo.CveID = tvuln.VulnerabilityID
 	vinfo.CveContents = getCveContents(tvuln.VulnerabilityID, vul)
-	if tvuln.FixedVersion != "" {
-		vinfo.LibraryFixedIns = []LibraryFixedIn{
-			{
-				Key:     s.GetLibraryKey(),
-				Name:    tvuln.PkgName,
-				FixedIn: tvuln.FixedVersion,
-				Path:    s.Path,
-			},
-		}
+	vinfo.LibraryFixedIns = []LibraryFixedIn{
+		{
+			Key:     s.GetLibraryKey(),
+			Name:    tvuln.PkgName,
+			FixedIn: tvuln.FixedVersion,
+			Path:    s.LockfilePath,
+		},
 	}
 	return vinfo, nil
 }

-func getCveContents(cveID string, vul trivyDBTypes.Vulnerability) (contents map[CveContentType]CveContent) {
-	contents = map[CveContentType]CveContent{}
+func getCveContents(cveID string, vul trivyDBTypes.Vulnerability) (contents map[CveContentType][]CveContent) {
+	contents = map[CveContentType][]CveContent{}
 	refs := []Reference{}
 	for _, refURL := range vul.References {
 		refs = append(refs, Reference{Source: "trivy", Link: refURL})
 	}

-	content := CveContent{
-		Type:          Trivy,
-		CveID:         cveID,
-		Title:         vul.Title,
-		Summary:       vul.Description,
-		Cvss3Severity: string(vul.Severity),
-		References:    refs,
+	contents[Trivy] = []CveContent{
+		{
+			Type:          Trivy,
+			CveID:         cveID,
+			Title:         vul.Title,
+			Summary:       vul.Description,
+			Cvss3Severity: string(vul.Severity),
+			References:    refs,
+		},
 	}
-	contents[Trivy] = content
 	return contents
 }

 // LibraryMap is filename and library type
 var LibraryMap = map[string]string{
-	"package-lock.json": "node",
-	"yarn.lock":         "node",
-	"Gemfile.lock":      "ruby",
-	"Cargo.lock":        "rust",
-	"composer.lock":     "php",
-	"Pipfile.lock":      "python",
-	"poetry.lock":       "python",
+	ftypes.NpmPkgLock:      "node",
+	ftypes.YarnLock:        "node",
+	ftypes.GemfileLock:     "ruby",
+	ftypes.CargoLock:       "rust",
+	ftypes.ComposerLock:    "php",
+	ftypes.PipRequirements: "python",
+	ftypes.PipfileLock:     "python",
+	ftypes.PoetryLock:      "python",
+	ftypes.NuGetPkgsLock:   ".net",
+	ftypes.NuGetPkgsConfig: ".net",
+	ftypes.GoMod:           "gomod",
+	ftypes.GoSum:           "gomod",
+	ftypes.MavenPom:        "java",
+	"*.jar":                "java",
+	"*.war":                "java",
+	"*.ear":                "java",
+	"*.par":                "java",
 }

 // GetLibraryKey returns target library key
 func (s LibraryScanner) GetLibraryKey() string {
-	fileName := filepath.Base(s.Path)
-	return LibraryMap[fileName]
+	switch s.Type {
+	case ftypes.Bundler, ftypes.GemSpec:
+		return "ruby"
+	case ftypes.Cargo:
+		return "rust"
+	case ftypes.Composer:
+		return "php"
+	case ftypes.GoBinary, ftypes.GoModule:
+		return "gomod"
+	case ftypes.Jar, ftypes.Pom:
+		return "java"
+	case ftypes.Npm, ftypes.Yarn, ftypes.NodePkg, ftypes.JavaScript:
+		return "node"
+	case ftypes.NuGet:
+		return ".net"
+	case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip, ftypes.PythonPkg:
+		return "python"
+	default:
+		filename := filepath.Base(s.LockfilePath)
+		switch filepath.Ext(filename) {
+		case ".jar", ".war", ".ear", ".par":
+			return "java"
+		default:
+			return LibraryMap[filename]
+		}
+	}
 }

 // LibraryFixedIn has library fixed information
--- a/models/library_test.go
+++ b/models/library_test.go
@@ -3,8 +3,6 @@ package models
 import (
 	"reflect"
 	"testing"
-
-	"github.com/aquasecurity/trivy/pkg/types"
 )

 func TestLibraryScanners_Find(t *testing.T) {
@@ -16,14 +14,14 @@ func TestLibraryScanners_Find(t *testing.T) {
 		name string
 		lss  LibraryScanners
 		args args
-		want map[string]types.Library
+		want map[string]Library
 	}{
 		{
 			name: "single file",
 			lss: LibraryScanners{
 				{
-					Path: "/pathA",
-					Libs: []types.Library{
+					LockfilePath: "/pathA",
+					Libs: []Library{
 						{
 							Name:    "libA",
 							Version: "1.0.0",
@@ -32,7 +30,7 @@ func TestLibraryScanners_Find(t *testing.T) {
 				},
 			},
 			args: args{"/pathA", "libA"},
-			want: map[string]types.Library{
+			want: map[string]Library{
 				"/pathA": {
 					Name:    "libA",
 					Version: "1.0.0",
@@ -43,8 +41,8 @@ func TestLibraryScanners_Find(t *testing.T) {
 			name: "multi file",
 			lss: LibraryScanners{
 				{
-					Path: "/pathA",
-					Libs: []types.Library{
+					LockfilePath: "/pathA",
+					Libs: []Library{
 						{
 							Name:    "libA",
 							Version: "1.0.0",
@@ -52,8 +50,8 @@ func TestLibraryScanners_Find(t *testing.T) {
 					},
 				},
 				{
-					Path: "/pathB",
-					Libs: []types.Library{
+					LockfilePath: "/pathB",
+					Libs: []Library{
 						{
 							Name:    "libA",
 							Version: "1.0.5",
@@ -62,7 +60,7 @@ func TestLibraryScanners_Find(t *testing.T) {
 				},
 			},
 			args: args{"/pathA", "libA"},
-			want: map[string]types.Library{
+			want: map[string]Library{
 				"/pathA": {
 					Name:    "libA",
 					Version: "1.0.0",
@@ -73,8 +71,8 @@ func TestLibraryScanners_Find(t *testing.T) {
 			name: "miss",
 			lss: LibraryScanners{
 				{
-					Path: "/pathA",
-					Libs: []types.Library{
+					LockfilePath: "/pathA",
+					Libs: []Library{
 						{
 							Name:    "libA",
 							Version: "1.0.0",
@@ -83,7 +81,7 @@ func TestLibraryScanners_Find(t *testing.T) {
 				},
 			},
 			args: args{"/pathA", "libB"},
-			want: map[string]types.Library{},
+			want: map[string]Library{},
 		},
 	}
 	for _, tt := range tests {
--- a/models/packages.go
+++ b/models/packages.go
@@ -63,13 +63,13 @@ func (ps Packages) FindOne(f func(Package) bool) (string, Package, bool) {
 }

 // FindByFQPN search a package by Fully-Qualified-Package-Name
-func (ps Packages) FindByFQPN(nameVerRelArc string) (*Package, error) {
+func (ps Packages) FindByFQPN(nameVerRel string) (*Package, error) {
 	for _, p := range ps {
-		if nameVerRelArc == p.FQPN() {
+		if nameVerRel == p.FQPN() {
 			return &p, nil
 		}
 	}
-	return nil, xerrors.Errorf("Failed to find the package: %s", nameVerRelArc)
+	return nil, xerrors.Errorf("Failed to find the package: %s", nameVerRel)
 }

 // Package has installed binary packages.
@@ -81,7 +81,7 @@ type Package struct {
 	NewRelease       string               `json:"newRelease"`
 	Arch             string               `json:"arch"`
 	Repository       string               `json:"repository"`
-	Changelog        Changelog            `json:"changelog"`
+	Changelog        *Changelog           `json:"changelog,omitempty"`
 	AffectedProcs    []AffectedProcess    `json:",omitempty"`
 	NeedRestartProcs []NeedRestartProcess `json:",omitempty"`
 }
@@ -96,9 +96,6 @@ func (p Package) FQPN() string {
 	if p.Release != "" {
 		fqpn += fmt.Sprintf("-%s", p.Release)
 	}
-	if p.Arch != "" {
-		fqpn += fmt.Sprintf(".%s", p.Arch)
-	}
 	return fqpn
 }

@@ -174,9 +171,44 @@ type Changelog struct {

 // AffectedProcess keep a processes information affected by software update
 type AffectedProcess struct {
-	PID         string   `json:"pid,omitempty"`
-	Name        string   `json:"name,omitempty"`
-	ListenPorts []string `json:"listenPorts,omitempty"`
+	PID             string     `json:"pid,omitempty"`
+	Name            string     `json:"name,omitempty"`
+	ListenPorts     []string   `json:"listenPorts,omitempty"`
+	ListenPortStats []PortStat `json:"listenPortStats,omitempty"`
+}
+
+// PortStat has the result of parsing the port information to the address and port.
+type PortStat struct {
+	BindAddress     string   `json:"bindAddress"`
+	Port            string   `json:"port"`
+	PortReachableTo []string `json:"portReachableTo"`
+}
+
+// NewPortStat create a PortStat from ipPort str
+func NewPortStat(ipPort string) (*PortStat, error) {
+	if ipPort == "" {
+		return &PortStat{}, nil
+	}
+	sep := strings.LastIndex(ipPort, ":")
+	if sep == -1 {
+		return nil, xerrors.Errorf("Failed to parse IP:Port: %s", ipPort)
+	}
+	return &PortStat{
+		BindAddress: ipPort[:sep],
+		Port:        ipPort[sep+1:],
+	}, nil
+}
+
+// HasReachablePort checks if Package.AffectedProcs has PortReachableTo
+func (p Package) HasReachablePort() bool {
+	for _, ap := range p.AffectedProcs {
+		for _, lp := range ap.ListenPortStats {
+			if len(lp.PortReachableTo) > 0 {
+				return true
+			}
+		}
+	}
+	return false
 }

 // NeedRestartProcess keep a processes information affected by software update
--- a/models/packages_test.go
+++ b/models/packages_test.go
@@ -287,7 +287,7 @@ func TestPackage_FormatVersionFromTo(t *testing.T) {
 				NewRelease:       tt.fields.NewRelease,
 				Arch:             tt.fields.Arch,
 				Repository:       tt.fields.Repository,
-				Changelog:        tt.fields.Changelog,
+				Changelog:        &tt.fields.Changelog,
 				AffectedProcs:    tt.fields.AffectedProcs,
 				NeedRestartProcs: tt.fields.NeedRestartProcs,
 			}
@@ -381,3 +381,50 @@ func Test_IsRaspbianPackage(t *testing.T) {
 		})
 	}
 }
+
+func Test_NewPortStat(t *testing.T) {
+	tests := []struct {
+		name   string
+		args   string
+		expect PortStat
+	}{{
+		name: "empty",
+		args: "",
+		expect: PortStat{
+			BindAddress: "",
+			Port:        "",
+		},
+	}, {
+		name: "normal",
+		args: "127.0.0.1:22",
+		expect: PortStat{
+			BindAddress: "127.0.0.1",
+			Port:        "22",
+		},
+	}, {
+		name: "asterisk",
+		args: "*:22",
+		expect: PortStat{
+			BindAddress: "*",
+			Port:        "22",
+		},
+	}, {
+		name: "ipv6_loopback",
+		args: "[::1]:22",
+		expect: PortStat{
+			BindAddress: "[::1]",
+			Port:        "22",
+		},
+	}}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			listenPort, err := NewPortStat(tt.args)
+			if err != nil {
+				t.Errorf("unexpected error occurred: %s", err)
+			} else if !reflect.DeepEqual(*listenPort, tt.expect) {
+				t.Errorf("base.NewPortStat() = %v, want %v", *listenPort, tt.expect)
+			}
+		})
+	}
+}
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -3,13 +3,15 @@ package models
 import (
 	"bytes"
 	"fmt"
-	"regexp"
+	"reflect"
+	"sort"
 	"strings"
 	"time"

 	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/constant"
 	"github.com/future-architect/vuls/cwe"
-	"github.com/future-architect/vuls/util"
+	"github.com/future-architect/vuls/logging"
 )

 // ScanResults is a slide of ScanResult
@@ -17,37 +19,38 @@ type ScanResults []ScanResult

 // ScanResult has the result of scanned CVE information.
 type ScanResult struct {
-	JSONVersion      int                   `json:"jsonVersion"`
-	Lang             string                `json:"lang"`
-	ServerUUID       string                `json:"serverUUID"`
-	ServerName       string                `json:"serverName"` // TOML Section key
-	Family           string                `json:"family"`
-	Release          string                `json:"release"`
-	Container        Container             `json:"container"`
-	Platform         Platform              `json:"platform"`
-	IPv4Addrs        []string              `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
-	IPv6Addrs        []string              `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
-	IPSIdentifiers   map[config.IPS]string `json:"ipsIdentifiers,omitempty"`
-	ScannedAt        time.Time             `json:"scannedAt"`
-	ScanMode         string                `json:"scanMode"`
-	ScannedVersion   string                `json:"scannedVersion"`
-	ScannedRevision  string                `json:"scannedRevision"`
-	ScannedBy        string                `json:"scannedBy"`
-	ScannedVia       string                `json:"scannedVia"`
-	ScannedIPv4Addrs []string              `json:"scannedIpv4Addrs,omitempty"`
-	ScannedIPv6Addrs []string              `json:"scannedIpv6Addrs,omitempty"`
-	ReportedAt       time.Time             `json:"reportedAt"`
-	ReportedVersion  string                `json:"reportedVersion"`
-	ReportedRevision string                `json:"reportedRevision"`
-	ReportedBy       string                `json:"reportedBy"`
-	Errors           []string              `json:"errors"`
-	Warnings         []string              `json:"warnings"`
+	JSONVersion      int               `json:"jsonVersion"`
+	Lang             string            `json:"lang"`
+	ServerUUID       string            `json:"serverUUID"`
+	ServerName       string            `json:"serverName"` // TOML Section key
+	Family           string            `json:"family"`
+	Release          string            `json:"release"`
+	Container        Container         `json:"container"`
+	Platform         Platform          `json:"platform"`
+	IPv4Addrs        []string          `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPv6Addrs        []string          `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPSIdentifiers   map[string]string `json:"ipsIdentifiers,omitempty"`
+	ScannedAt        time.Time         `json:"scannedAt"`
+	ScanMode         string            `json:"scanMode"`
+	ScannedVersion   string            `json:"scannedVersion"`
+	ScannedRevision  string            `json:"scannedRevision"`
+	ScannedBy        string            `json:"scannedBy"`
+	ScannedVia       string            `json:"scannedVia"`
+	ScannedIPv4Addrs []string          `json:"scannedIpv4Addrs,omitempty"`
+	ScannedIPv6Addrs []string          `json:"scannedIpv6Addrs,omitempty"`
+	ReportedAt       time.Time         `json:"reportedAt"`
+	ReportedVersion  string            `json:"reportedVersion"`
+	ReportedRevision string            `json:"reportedRevision"`
+	ReportedBy       string            `json:"reportedBy"`
+	Errors           []string          `json:"errors"`
+	Warnings         []string          `json:"warnings"`

 	ScannedCves       VulnInfos              `json:"scannedCves"`
 	RunningKernel     Kernel                 `json:"runningKernel"`
 	Packages          Packages               `json:"packages"`
 	SrcPackages       SrcPackages            `json:",omitempty"`
-	WordPressPackages *WordPressPackages     `json:",omitempty"`
+	EnabledDnfModules []string               `json:"enabledDnfModules,omitempty"` // for dnf modules
+	WordPressPackages WordPressPackages      `json:",omitempty"`
 	LibraryScanners   LibraryScanners        `json:"libraries,omitempty"`
 	CweDict           CweDict                `json:"cweDict,omitempty"`
 	Optional          map[string]interface{} `json:",omitempty"`
@@ -57,13 +60,386 @@ type ScanResult struct {
 	} `json:"config"`
 }

+// Container has Container information
+type Container struct {
+	ContainerID string `json:"containerID"`
+	Name        string `json:"name"`
+	Image       string `json:"image"`
+	Type        string `json:"type"`
+	UUID        string `json:"uuid"`
+}
+
+// Platform has platform information
+type Platform struct {
+	Name       string `json:"name"` // aws or azure or gcp or other...
+	InstanceID string `json:"instanceID"`
+}
+
+// Kernel has the Release, version and whether need restart
+type Kernel struct {
+	Release        string `json:"release"`
+	Version        string `json:"version"`
+	RebootRequired bool   `json:"rebootRequired"`
+}
+
+// FilterInactiveWordPressLibs is filter function.
+func (r *ScanResult) FilterInactiveWordPressLibs(detectInactive bool) {
+	if detectInactive {
+		return
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		if len(v.WpPackageFixStats) == 0 {
+			return true
+		}
+		// Ignore if all libs in this vulnInfo inactive
+		for _, wp := range v.WpPackageFixStats {
+			if p, ok := r.WordPressPackages.Find(wp.Name); ok {
+				if p.Status != Inactive {
+					return true
+				}
+			} else {
+				logging.Log.Warnf("Failed to find the WordPress pkg: %+s", wp.Name)
+			}
+		}
+		return false
+	})
+	r.ScannedCves = filtered
+}
+
+// ReportFileName returns the filename on localhost without extension
+func (r ScanResult) ReportFileName() (name string) {
+	if r.Container.ContainerID == "" {
+		return r.ServerName
+	}
+	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
+}
+
+// ReportKeyName returns the name of key on S3, Azure-Blob without extension
+func (r ScanResult) ReportKeyName() (name string) {
+	timestr := r.ScannedAt.Format(time.RFC3339)
+	if r.Container.ContainerID == "" {
+		return fmt.Sprintf("%s/%s", timestr, r.ServerName)
+	}
+	return fmt.Sprintf("%s/%s@%s", timestr, r.Container.Name, r.ServerName)
+}
+
+// ServerInfo returns server name one line
+func (r ScanResult) ServerInfo() string {
+	if r.Container.ContainerID == "" {
+		return fmt.Sprintf("%s (%s%s)",
+			r.FormatServerName(), r.Family, r.Release)
+	}
+	return fmt.Sprintf(
+		"%s (%s%s) on %s",
+		r.FormatServerName(),
+		r.Family,
+		r.Release,
+		r.ServerName,
+	)
+}
+
+// ServerInfoTui returns server information for TUI sidebar
+func (r ScanResult) ServerInfoTui() string {
+	if r.Container.ContainerID == "" {
+		line := fmt.Sprintf("%s (%s%s)",
+			r.ServerName, r.Family, r.Release)
+		if len(r.Warnings) != 0 {
+			line = "[Warn] " + line
+		}
+		if r.RunningKernel.RebootRequired {
+			return "[Reboot] " + line
+		}
+		return line
+	}
+
+	fmtstr := "|-- %s (%s%s)"
+	if r.RunningKernel.RebootRequired {
+		fmtstr = "|-- [Reboot] %s (%s%s)"
+	}
+	return fmt.Sprintf(fmtstr, r.Container.Name, r.Family, r.Release)
+}
+
+// FormatServerName returns server and container name
+func (r ScanResult) FormatServerName() (name string) {
+	if r.Container.ContainerID == "" {
+		name = r.ServerName
+	} else {
+		name = fmt.Sprintf("%s@%s",
+			r.Container.Name, r.ServerName)
+	}
+	if r.RunningKernel.RebootRequired {
+		name = "[Reboot Required] " + name
+	}
+	return
+}
+
+// FormatTextReportHeader returns header of text report
+func (r ScanResult) FormatTextReportHeader() string {
+	var buf bytes.Buffer
+	for i := 0; i < len(r.ServerInfo()); i++ {
+		buf.WriteString("=")
+	}
+
+	pkgs := r.FormatUpdatablePkgsSummary()
+	if 0 < len(r.WordPressPackages) {
+		pkgs = fmt.Sprintf("%s, %d WordPress pkgs", pkgs, len(r.WordPressPackages))
+	}
+	if 0 < len(r.LibraryScanners) {
+		pkgs = fmt.Sprintf("%s, %d libs", pkgs, r.LibraryScanners.Total())
+	}
+
+	return fmt.Sprintf("%s\n%s\n%s\n%s, %s, %s, %s\n%s\n",
+		r.ServerInfo(),
+		buf.String(),
+		r.ScannedCves.FormatCveSummary(),
+		r.ScannedCves.FormatFixedStatus(r.Packages),
+		r.FormatExploitCveSummary(),
+		r.FormatMetasploitCveSummary(),
+		r.FormatAlertSummary(),
+		pkgs)
+}
+
+// FormatUpdatablePkgsSummary returns a summary of updatable packages
+func (r ScanResult) FormatUpdatablePkgsSummary() string {
+	mode := r.Config.Scan.Servers[r.ServerName].Mode
+	if !r.isDisplayUpdatableNum(mode) {
+		return fmt.Sprintf("%d installed", len(r.Packages))
+	}
+
+	nUpdatable := 0
+	for _, p := range r.Packages {
+		if p.NewVersion == "" {
+			continue
+		}
+		if p.Version != p.NewVersion || p.Release != p.NewRelease {
+			nUpdatable++
+		}
+	}
+	return fmt.Sprintf("%d installed, %d updatable",
+		len(r.Packages),
+		nUpdatable)
+}
+
+// FormatExploitCveSummary returns a summary of exploit cve
+func (r ScanResult) FormatExploitCveSummary() string {
+	nExploitCve := 0
+	for _, vuln := range r.ScannedCves {
+		if 0 < len(vuln.Exploits) {
+			nExploitCve++
+		}
+	}
+	return fmt.Sprintf("%d poc", nExploitCve)
+}
+
+// FormatMetasploitCveSummary returns a summary of exploit cve
+func (r ScanResult) FormatMetasploitCveSummary() string {
+	nMetasploitCve := 0
+	for _, vuln := range r.ScannedCves {
+		if 0 < len(vuln.Metasploits) {
+			nMetasploitCve++
+		}
+	}
+	return fmt.Sprintf("%d exploits", nMetasploitCve)
+}
+
+// FormatAlertSummary returns a summary of CERT alerts
+func (r ScanResult) FormatAlertSummary() string {
+	cisaCnt := 0
+	uscertCnt := 0
+	jpcertCnt := 0
+	for _, vuln := range r.ScannedCves {
+		if len(vuln.AlertDict.CISA) > 0 {
+			cisaCnt += len(vuln.AlertDict.CISA)
+		}
+		if len(vuln.AlertDict.USCERT) > 0 {
+			uscertCnt += len(vuln.AlertDict.USCERT)
+		}
+		if len(vuln.AlertDict.JPCERT) > 0 {
+			jpcertCnt += len(vuln.AlertDict.JPCERT)
+		}
+	}
+	return fmt.Sprintf("cisa: %d, uscert: %d, jpcert: %d alerts", cisaCnt, uscertCnt, jpcertCnt)
+}
+
+func (r ScanResult) isDisplayUpdatableNum(mode config.ScanMode) bool {
+	if r.Family == constant.FreeBSD {
+		return false
+	}
+
+	if mode.IsOffline() {
+		return false
+	}
+	if mode.IsFastRoot() || mode.IsDeep() {
+		return true
+	}
+	if mode.IsFast() {
+		switch r.Family {
+		case constant.RedHat,
+			constant.Oracle,
+			constant.Debian,
+			constant.Ubuntu,
+			constant.Raspbian:
+			return false
+		default:
+			return true
+		}
+	}
+	return false
+}
+
+// IsContainer returns whether this ServerInfo is about container
+func (r ScanResult) IsContainer() bool {
+	return 0 < len(r.Container.ContainerID)
+}
+
+// RemoveRaspbianPackFromResult is for Raspberry Pi and removes the Raspberry Pi dedicated package from ScanResult.
+func (r ScanResult) RemoveRaspbianPackFromResult() *ScanResult {
+	if r.Family != constant.Raspbian {
+		return &r
+	}
+
+	packs := make(Packages)
+	for _, pack := range r.Packages {
+		if !IsRaspbianPackage(pack.Name, pack.Version) {
+			packs[pack.Name] = pack
+		}
+	}
+	srcPacks := make(SrcPackages)
+	for _, pack := range r.SrcPackages {
+		if !IsRaspbianPackage(pack.Name, pack.Version) {
+			srcPacks[pack.Name] = pack
+		}
+	}
+
+	r.Packages = packs
+	r.SrcPackages = srcPacks
+
+	return &r
+}
+
+// ClearFields clears a given fields of ScanResult
+func (r ScanResult) ClearFields(targetTagNames []string) ScanResult {
+	if len(targetTagNames) == 0 {
+		return r
+	}
+	target := map[string]bool{}
+	for _, n := range targetTagNames {
+		target[strings.ToLower(n)] = true
+	}
+	t := reflect.ValueOf(r).Type()
+	for i := 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+		jsonValue := strings.Split(f.Tag.Get("json"), ",")[0]
+		if ok := target[strings.ToLower(jsonValue)]; ok {
+			vv := reflect.New(f.Type).Elem().Interface()
+			reflect.ValueOf(&r).Elem().FieldByName(f.Name).Set(reflect.ValueOf(vv))
+		}
+	}
+	return r
+}
+
+// CheckEOL checks the EndOfLife of the OS
+func (r *ScanResult) CheckEOL() {
+	switch r.Family {
+	case constant.ServerTypePseudo, constant.Raspbian:
+		return
+	}
+
+	eol, found := config.GetEOL(r.Family, r.Release)
+	if !found {
+		r.Warnings = append(r.Warnings,
+			fmt.Sprintf("Failed to check EOL. Register the issue to https://github.com/future-architect/vuls/issues with the information in `Family: %s Release: %s`",
+				r.Family, r.Release))
+		return
+	}
+
+	now := time.Now()
+	if eol.IsStandardSupportEnded(now) {
+		r.Warnings = append(r.Warnings, "Standard OS support is EOL(End-of-Life). Purchase extended support if available or Upgrading your OS is strongly recommended.")
+		if eol.ExtendedSupportUntil.IsZero() {
+			return
+		}
+		if !eol.IsExtendedSuppportEnded(now) {
+			r.Warnings = append(r.Warnings,
+				fmt.Sprintf("Extended support available until %s. Check the vendor site.",
+					eol.ExtendedSupportUntil.Format("2006-01-02")))
+		} else {
+			r.Warnings = append(r.Warnings,
+				"Extended support is also EOL. There are many Vulnerabilities that are not detected, Upgrading your OS strongly recommended.")
+		}
+	} else if !eol.StandardSupportUntil.IsZero() &&
+		now.AddDate(0, 3, 0).After(eol.StandardSupportUntil) {
+		r.Warnings = append(r.Warnings,
+			fmt.Sprintf("Standard OS support will be end in 3 months. EOL date: %s",
+				eol.StandardSupportUntil.Format("2006-01-02")))
+	}
+}
+
+// SortForJSONOutput sort list elements in the ScanResult to diff in integration-test
+func (r *ScanResult) SortForJSONOutput() {
+	for k, v := range r.Packages {
+		sort.Slice(v.AffectedProcs, func(i, j int) bool {
+			return v.AffectedProcs[i].PID < v.AffectedProcs[j].PID
+		})
+		sort.Slice(v.NeedRestartProcs, func(i, j int) bool {
+			return v.NeedRestartProcs[i].PID < v.NeedRestartProcs[j].PID
+		})
+		r.Packages[k] = v
+	}
+	for i, v := range r.LibraryScanners {
+		sort.Slice(v.Libs, func(i, j int) bool {
+			switch strings.Compare(v.Libs[i].Name, v.Libs[j].Name) {
+			case -1:
+				return true
+			case 1:
+				return false
+			}
+			return v.Libs[i].Version < v.Libs[j].Version
+
+		})
+		r.LibraryScanners[i] = v
+	}
+
+	for k, v := range r.ScannedCves {
+		sort.Slice(v.AffectedPackages, func(i, j int) bool {
+			return v.AffectedPackages[i].Name < v.AffectedPackages[j].Name
+		})
+		sort.Slice(v.DistroAdvisories, func(i, j int) bool {
+			return v.DistroAdvisories[i].AdvisoryID < v.DistroAdvisories[j].AdvisoryID
+		})
+		sort.Slice(v.Exploits, func(i, j int) bool {
+			return v.Exploits[i].URL < v.Exploits[j].URL
+		})
+		sort.Slice(v.Metasploits, func(i, j int) bool {
+			return v.Metasploits[i].Name < v.Metasploits[j].Name
+		})
+		sort.Slice(v.Mitigations, func(i, j int) bool {
+			return v.Mitigations[i].URL < v.Mitigations[j].URL
+		})
+
+		v.CveContents.Sort()
+
+		sort.Slice(v.AlertDict.USCERT, func(i, j int) bool {
+			return v.AlertDict.USCERT[i].Title < v.AlertDict.USCERT[j].Title
+		})
+		sort.Slice(v.AlertDict.JPCERT, func(i, j int) bool {
+			return v.AlertDict.JPCERT[i].Title < v.AlertDict.JPCERT[j].Title
+		})
+		sort.Slice(v.AlertDict.CISA, func(i, j int) bool {
+			return v.AlertDict.CISA[i].Title < v.AlertDict.CISA[j].Title
+		})
+		r.ScannedCves[k] = v
+	}
+}
+
 // CweDict is a dictionary for CWE
 type CweDict map[string]CweDictEntry

 // Get the name, url, top10URL for the specified cweID, lang
 func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL string) {
 	cweNum := strings.TrimPrefix(cweID, "CWE-")
-	switch config.Conf.Lang {
+	switch lang {
 	case "ja":
 		if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" {
 			top10Rank = dict.OwaspTopTen2017
@@ -115,387 +491,3 @@ type CweDictEntry struct {
 	CweTopTwentyfive2019 string   `json:"cweTopTwentyfive2019"`
 	SansTopTwentyfive    string   `json:"sansTopTwentyfive"`
 }
-
-// Kernel has the Release, version and whether need restart
-type Kernel struct {
-	Release        string `json:"release"`
-	Version        string `json:"version"`
-	RebootRequired bool   `json:"rebootRequired"`
-}
-
-// FilterByCvssOver is filter function.
-func (r ScanResult) FilterByCvssOver(over float64) ScanResult {
-	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
-		v2Max := v.MaxCvss2Score()
-		v3Max := v.MaxCvss3Score()
-		max := v2Max.Value.Score
-		if max < v3Max.Value.Score {
-			max = v3Max.Value.Score
-		}
-		if over <= max {
-			return true
-		}
-		return false
-	})
-	r.ScannedCves = filtered
-	return r
-}
-
-// FilterIgnoreCves is filter function.
-func (r ScanResult) FilterIgnoreCves() ScanResult {
-
-	ignoreCves := []string{}
-	if len(r.Container.Name) == 0 {
-		ignoreCves = config.Conf.Servers[r.ServerName].IgnoreCves
-	} else {
-		if s, ok := config.Conf.Servers[r.ServerName]; ok {
-			if con, ok := s.Containers[r.Container.Name]; ok {
-				ignoreCves = con.IgnoreCves
-			} else {
-				return r
-			}
-		} else {
-			util.Log.Errorf("%s is not found in config.toml",
-				r.ServerName)
-			return r
-		}
-	}
-
-	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
-		for _, c := range ignoreCves {
-			if v.CveID == c {
-				return false
-			}
-		}
-		return true
-	})
-	r.ScannedCves = filtered
-	return r
-}
-
-// FilterUnfixed is filter function.
-func (r ScanResult) FilterUnfixed() ScanResult {
-	if !config.Conf.IgnoreUnfixed {
-		return r
-	}
-	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
-		// Report cves detected by CPE because Vuls can't know 'fixed' or 'unfixed'
-		if len(v.CpeURIs) != 0 {
-			return true
-		}
-		NotFixedAll := true
-		for _, p := range v.AffectedPackages {
-			NotFixedAll = NotFixedAll && p.NotFixedYet
-		}
-		return !NotFixedAll
-	})
-	r.ScannedCves = filtered
-	return r
-}
-
-// FilterIgnorePkgs is filter function.
-func (r ScanResult) FilterIgnorePkgs() ScanResult {
-	var ignorePkgsRegexps []string
-	if len(r.Container.Name) == 0 {
-		ignorePkgsRegexps = config.Conf.Servers[r.ServerName].IgnorePkgsRegexp
-	} else {
-		if s, ok := config.Conf.Servers[r.ServerName]; ok {
-			if con, ok := s.Containers[r.Container.Name]; ok {
-				ignorePkgsRegexps = con.IgnorePkgsRegexp
-			} else {
-				return r
-			}
-		} else {
-			util.Log.Errorf("%s is not found in config.toml",
-				r.ServerName)
-			return r
-		}
-	}
-
-	regexps := []*regexp.Regexp{}
-	for _, pkgRegexp := range ignorePkgsRegexps {
-		re, err := regexp.Compile(pkgRegexp)
-		if err != nil {
-			util.Log.Errorf("Failed to parse %s. err: %+v", pkgRegexp, err)
-			continue
-		} else {
-			regexps = append(regexps, re)
-		}
-	}
-	if len(regexps) == 0 {
-		return r
-	}
-
-	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
-		if len(v.AffectedPackages) == 0 {
-			return true
-		}
-		for _, p := range v.AffectedPackages {
-			match := false
-			for _, re := range regexps {
-				if re.MatchString(p.Name) {
-					match = true
-				}
-			}
-			if !match {
-				return true
-			}
-		}
-		return false
-	})
-
-	r.ScannedCves = filtered
-	return r
-}
-
-// FilterInactiveWordPressLibs is filter function.
-func (r ScanResult) FilterInactiveWordPressLibs() ScanResult {
-	if !config.Conf.Servers[r.ServerName].WordPress.IgnoreInactive {
-		return r
-	}
-
-	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
-		if len(v.WpPackageFixStats) == 0 {
-			return true
-		}
-		// Ignore if all libs in this vulnInfo inactive
-		for _, wp := range v.WpPackageFixStats {
-			if p, ok := r.WordPressPackages.Find(wp.Name); ok {
-				if p.Status != Inactive {
-					return true
-				}
-			}
-		}
-		return false
-	})
-	r.ScannedCves = filtered
-	return r
-}
-
-// ReportFileName returns the filename on localhost without extension
-func (r ScanResult) ReportFileName() (name string) {
-	if len(r.Container.ContainerID) == 0 {
-		return fmt.Sprintf("%s", r.ServerName)
-	}
-	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
-}
-
-// ReportKeyName returns the name of key on S3, Azure-Blob without extension
-func (r ScanResult) ReportKeyName() (name string) {
-	timestr := r.ScannedAt.Format(time.RFC3339)
-	if len(r.Container.ContainerID) == 0 {
-		return fmt.Sprintf("%s/%s", timestr, r.ServerName)
-	}
-	return fmt.Sprintf("%s/%s@%s", timestr, r.Container.Name, r.ServerName)
-}
-
-// ServerInfo returns server name one line
-func (r ScanResult) ServerInfo() string {
-	if len(r.Container.ContainerID) == 0 {
-		return fmt.Sprintf("%s (%s%s)",
-			r.FormatServerName(), r.Family, r.Release)
-	}
-	return fmt.Sprintf(
-		"%s (%s%s) on %s",
-		r.FormatServerName(),
-		r.Family,
-		r.Release,
-		r.ServerName,
-	)
-}
-
-// ServerInfoTui returns server information for TUI sidebar
-func (r ScanResult) ServerInfoTui() string {
-	if len(r.Container.ContainerID) == 0 {
-		line := fmt.Sprintf("%s (%s%s)",
-			r.ServerName, r.Family, r.Release)
-		if len(r.Warnings) != 0 {
-			line = "[Warn] " + line
-		}
-		if r.RunningKernel.RebootRequired {
-			return "[Reboot] " + line
-		}
-		return line
-	}
-
-	fmtstr := "|-- %s (%s%s)"
-	if r.RunningKernel.RebootRequired {
-		fmtstr = "|-- [Reboot] %s (%s%s)"
-	}
-	return fmt.Sprintf(fmtstr, r.Container.Name, r.Family, r.Release)
-}
-
-// FormatServerName returns server and container name
-func (r ScanResult) FormatServerName() (name string) {
-	if len(r.Container.ContainerID) == 0 {
-		name = r.ServerName
-	} else {
-		name = fmt.Sprintf("%s@%s",
-			r.Container.Name, r.ServerName)
-	}
-	if r.RunningKernel.RebootRequired {
-		name = "[Reboot Required] " + name
-	}
-	return
-}
-
-// FormatTextReportHeader returns header of text report
-func (r ScanResult) FormatTextReportHeader() string {
-	var buf bytes.Buffer
-	for i := 0; i < len(r.ServerInfo()); i++ {
-		buf.WriteString("=")
-	}
-
-	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s, %s\n",
-		r.ServerInfo(),
-		buf.String(),
-		r.ScannedCves.FormatCveSummary(),
-		r.ScannedCves.FormatFixedStatus(r.Packages),
-		r.FormatUpdatablePacksSummary(),
-		r.FormatExploitCveSummary(),
-		r.FormatMetasploitCveSummary(),
-		r.FormatAlertSummary(),
-	)
-}
-
-// FormatUpdatablePacksSummary returns a summary of updatable packages
-func (r ScanResult) FormatUpdatablePacksSummary() string {
-	if !r.isDisplayUpdatableNum() {
-		return fmt.Sprintf("%d installed", len(r.Packages))
-	}
-
-	nUpdatable := 0
-	for _, p := range r.Packages {
-		if p.NewVersion == "" {
-			continue
-		}
-		if p.Version != p.NewVersion || p.Release != p.NewRelease {
-			nUpdatable++
-		}
-	}
-	return fmt.Sprintf("%d installed, %d updatable",
-		len(r.Packages),
-		nUpdatable)
-}
-
-// FormatExploitCveSummary returns a summary of exploit cve
-func (r ScanResult) FormatExploitCveSummary() string {
-	nExploitCve := 0
-	for _, vuln := range r.ScannedCves {
-		if 0 < len(vuln.Exploits) {
-			nExploitCve++
-		}
-	}
-	return fmt.Sprintf("%d exploits", nExploitCve)
-}
-
-// FormatMetasploitCveSummary returns a summary of exploit cve
-func (r ScanResult) FormatMetasploitCveSummary() string {
-	nMetasploitCve := 0
-	for _, vuln := range r.ScannedCves {
-		if 0 < len(vuln.Metasploits) {
-			nMetasploitCve++
-		}
-	}
-	return fmt.Sprintf("%d modules", nMetasploitCve)
-}
-
-// FormatAlertSummary returns a summary of CERT alerts
-func (r ScanResult) FormatAlertSummary() string {
-	jaCnt := 0
-	enCnt := 0
-	for _, vuln := range r.ScannedCves {
-		if len(vuln.AlertDict.En) > 0 {
-			enCnt += len(vuln.AlertDict.En)
-		}
-		if len(vuln.AlertDict.Ja) > 0 {
-			jaCnt += len(vuln.AlertDict.Ja)
-		}
-	}
-	return fmt.Sprintf("en: %d, ja: %d alerts", enCnt, jaCnt)
-}
-
-func (r ScanResult) isDisplayUpdatableNum() bool {
-	var mode config.ScanMode
-	s, _ := config.Conf.Servers[r.ServerName]
-	mode = s.Mode
-
-	if mode.IsOffline() {
-		return false
-	}
-	if mode.IsFastRoot() || mode.IsDeep() {
-		return true
-	}
-	if mode.IsFast() {
-		switch r.Family {
-		case config.RedHat,
-			config.Oracle,
-			config.Debian,
-			config.Ubuntu,
-			config.Raspbian:
-			return false
-		default:
-			return true
-		}
-	}
-	return false
-}
-
-// IsContainer returns whether this ServerInfo is about container
-func (r ScanResult) IsContainer() bool {
-	return 0 < len(r.Container.ContainerID)
-}
-
-// IsDeepScanMode checks if the scan mode is deep scan mode.
-func (r ScanResult) IsDeepScanMode() bool {
-	for _, s := range r.Config.Scan.Servers {
-		for _, m := range s.ScanMode {
-			if m == "deep" {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-// Container has Container information
-type Container struct {
-	ContainerID string `json:"containerID"`
-	Name        string `json:"name"`
-	Image       string `json:"image"`
-	Type        string `json:"type"`
-	UUID        string `json:"uuid"`
-}
-
-// Platform has platform information
-type Platform struct {
-	Name       string `json:"name"` // aws or azure or gcp or other...
-	InstanceID string `json:"instanceID"`
-}
-
-// RemoveRaspbianPackFromResult is for Raspberry Pi and removes the Raspberry Pi dedicated package from ScanResult.
-func (r ScanResult) RemoveRaspbianPackFromResult() ScanResult {
-	if r.Family != config.Raspbian {
-		return r
-	}
-
-	result := r
-	packs := make(Packages)
-	for _, pack := range r.Packages {
-		if !IsRaspbianPackage(pack.Name, pack.Version) {
-			packs[pack.Name] = pack
-		}
-	}
-	srcPacks := make(SrcPackages)
-	for _, pack := range r.SrcPackages {
-		if !IsRaspbianPackage(pack.Name, pack.Version) {
-			srcPacks[pack.Name] = pack
-
-		}
-	}
-
-	result.Packages = packs
-	result.SrcPackages = srcPacks
-
-	return result
-}
--- a/Show More
+++ b/Show More
				`@@ -1,2 +0,0 @@`
				`Vuls Copyright (C) 2016 Future Corporation , Japan.`