fix(debian): false negative of kernel cves with rdb backend (#1075)

* fix(debian): false negative of kernel cves with rdb backend

* update golangci.yml

* add --timeout=10m to golangci.yml

.github/workflows/golangci.yml

@@ -13,10 +13,11 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v1
+        uses: golangci/golangci-lint-action@v2
         with:
           # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.26
+          version: v1.32
+          args: --timeout=10m
           
           # Optional: working directory, useful for monorepos
           # working-directory: somedir

commands/report.go

@@ -143,6 +143,7 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
 
 	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
 	f.BoolVar(&c.Conf.FormatXML, "format-xml", false, "XML format")
+	f.BoolVar(&c.Conf.FormatCsvList, "format-csv", false, "CSV format")
 	f.BoolVar(&c.Conf.FormatOneEMail, "format-one-email", false,
 		"Send all the host report via only one EMail (Specify with -to-email)")
 	f.BoolVar(&c.Conf.FormatOneLineText, "format-one-line-text", false,
@@ -235,97 +236,16 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		return subcommands.ExitFailure
 	}
 
-	// report
-	reports := []report.ResultWriter{
-		report.StdoutWriter{},
-	}
-
-	if c.Conf.ToSlack {
-		reports = append(reports, report.SlackWriter{})
-	}
-
-	if c.Conf.ToStride {
-		reports = append(reports, report.StrideWriter{})
-	}
-
-	if c.Conf.ToHipChat {
-		reports = append(reports, report.HipChatWriter{})
-	}
-
-	if c.Conf.ToChatWork {
-		reports = append(reports, report.ChatWorkWriter{})
-	}
-
-	if c.Conf.ToTelegram {
-		reports = append(reports, report.TelegramWriter{})
-	}
-
-	if c.Conf.ToEmail {
-		reports = append(reports, report.EMailWriter{})
-	}
-
-	if c.Conf.ToSyslog {
-		reports = append(reports, report.SyslogWriter{})
-	}
-
-	if c.Conf.ToHTTP {
-		reports = append(reports, report.HTTPRequestWriter{})
-	}
-
-	if c.Conf.ToLocalFile {
-		reports = append(reports, report.LocalFileWriter{
-			CurrentDir: dir,
-		})
-	}
-
-	if c.Conf.ToS3 {
-		if err := report.CheckIfBucketExists(); err != nil {
-			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %+v",
-				c.Conf.AWS.S3Bucket, err)
-			return subcommands.ExitUsageError
-		}
-		reports = append(reports, report.S3Writer{})
-	}
-
-	if c.Conf.ToAzureBlob {
-		if len(c.Conf.Azure.AccountName) == 0 {
-			c.Conf.Azure.AccountName = os.Getenv("AZURE_STORAGE_ACCOUNT")
-		}
-
-		if len(c.Conf.Azure.AccountKey) == 0 {
-			c.Conf.Azure.AccountKey = os.Getenv("AZURE_STORAGE_ACCESS_KEY")
-		}
-
-		if len(c.Conf.Azure.ContainerName) == 0 {
-			util.Log.Error("Azure storage container name is required with -azure-container option")
-			return subcommands.ExitUsageError
-		}
-		if err := report.CheckIfAzureContainerExists(); err != nil {
-			util.Log.Errorf("Check if there is a container beforehand: %s, err: %+v",
-				c.Conf.Azure.ContainerName, err)
-			return subcommands.ExitUsageError
-		}
-		reports = append(reports, report.AzureBlobWriter{})
-	}
-
-	if c.Conf.ToSaas {
-		if !c.Conf.UUID {
-			util.Log.Errorf("If you use the -to-saas option, you need to enable the uuid option")
-			return subcommands.ExitUsageError
-		}
-		reports = append(reports, report.SaasWriter{})
-	}
-
-	if !(c.Conf.FormatJSON || c.Conf.FormatOneLineText ||
-		c.Conf.FormatList || c.Conf.FormatFullText || c.Conf.FormatXML) {
-		c.Conf.FormatList = true
-	}
-
 	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnReport() {
 		return subcommands.ExitUsageError
 	}
 
+	if !(c.Conf.FormatJSON || c.Conf.FormatOneLineText ||
+		c.Conf.FormatList || c.Conf.FormatFullText || c.Conf.FormatXML || c.Conf.FormatCsvList) {
+		c.Conf.FormatList = true
+	}
+
 	var loaded models.ScanResults
 	if loaded, err = report.LoadScanResults(dir); err != nil {
 		util.Log.Error(err)
@@ -437,6 +357,87 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		}
 	}
 
+	// report
+	reports := []report.ResultWriter{
+		report.StdoutWriter{},
+	}
+
+	if c.Conf.ToSlack {
+		reports = append(reports, report.SlackWriter{})
+	}
+
+	if c.Conf.ToStride {
+		reports = append(reports, report.StrideWriter{})
+	}
+
+	if c.Conf.ToHipChat {
+		reports = append(reports, report.HipChatWriter{})
+	}
+
+	if c.Conf.ToChatWork {
+		reports = append(reports, report.ChatWorkWriter{})
+	}
+
+	if c.Conf.ToTelegram {
+		reports = append(reports, report.TelegramWriter{})
+	}
+
+	if c.Conf.ToEmail {
+		reports = append(reports, report.EMailWriter{})
+	}
+
+	if c.Conf.ToSyslog {
+		reports = append(reports, report.SyslogWriter{})
+	}
+
+	if c.Conf.ToHTTP {
+		reports = append(reports, report.HTTPRequestWriter{})
+	}
+
+	if c.Conf.ToLocalFile {
+		reports = append(reports, report.LocalFileWriter{
+			CurrentDir: dir,
+		})
+	}
+
+	if c.Conf.ToS3 {
+		if err := report.CheckIfBucketExists(); err != nil {
+			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %+v",
+				c.Conf.AWS.S3Bucket, err)
+			return subcommands.ExitUsageError
+		}
+		reports = append(reports, report.S3Writer{})
+	}
+
+	if c.Conf.ToAzureBlob {
+		if len(c.Conf.Azure.AccountName) == 0 {
+			c.Conf.Azure.AccountName = os.Getenv("AZURE_STORAGE_ACCOUNT")
+		}
+
+		if len(c.Conf.Azure.AccountKey) == 0 {
+			c.Conf.Azure.AccountKey = os.Getenv("AZURE_STORAGE_ACCESS_KEY")
+		}
+
+		if len(c.Conf.Azure.ContainerName) == 0 {
+			util.Log.Error("Azure storage container name is required with -azure-container option")
+			return subcommands.ExitUsageError
+		}
+		if err := report.CheckIfAzureContainerExists(); err != nil {
+			util.Log.Errorf("Check if there is a container beforehand: %s, err: %+v",
+				c.Conf.Azure.ContainerName, err)
+			return subcommands.ExitUsageError
+		}
+		reports = append(reports, report.AzureBlobWriter{})
+	}
+
+	if c.Conf.ToSaas {
+		if !c.Conf.UUID {
+			util.Log.Errorf("If you use the -to-saas option, you need to enable the uuid option")
+			return subcommands.ExitUsageError
+		}
+		reports = append(reports, report.SaasWriter{})
+	}
+
 	for _, w := range reports {
 		if err := w.Write(res...); err != nil {
 			util.Log.Errorf("Failed to report. err: %+v", err)

config/config.go

@@ -151,6 +151,7 @@ type Config struct {
 	FormatOneLineText bool `json:"formatOneLineText,omitempty"`
 	FormatList        bool `json:"formatList,omitempty"`
 	FormatFullText    bool `json:"formatFullText,omitempty"`
+	FormatCsvList     bool `json:"formatCsvList,omitempty"`
 	GZIP              bool `json:"gzip,omitempty"`
 	Diff              bool `json:"diff,omitempty"`
 	WpIgnoreInactive  bool `json:"wpIgnoreInactive,omitempty"`
@@ -1121,18 +1122,17 @@ type ServerInfo struct {
 	Lockfiles              []string                    `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"`   // ie) path/to/package-lock.json
 	FindLock               bool                        `toml:"findLock,omitempty" json:"findLock,omitempty"`
 	Type                   string                      `toml:"type,omitempty" json:"type,omitempty"` // "pseudo" or ""
+	WordPress              WordPressConf               `toml:"wordpress,omitempty" json:"wordpress,omitempty"`
+	IgnoredJSONKeys        []string                    `toml:"ignoredJSONKeys,omitempty" json:"ignoredJSONKeys,omitempty"`
 
-	WordPress WordPressConf `toml:"wordpress,omitempty" json:"wordpress,omitempty"`
-
-	// used internal
-	IPv4Addrs      []string       `toml:"-" json:"ipv4Addrs,omitempty"`
-	IPv6Addrs      []string       `toml:"-" json:"ipv6Addrs,omitempty"`
-	IPSIdentifiers map[IPS]string `toml:"-" json:"ipsIdentifiers,omitempty"`
-
-	LogMsgAnsiColor string    `toml:"-" json:"-"` // DebugLog Color
-	Container       Container `toml:"-" json:"-"`
-	Distro          Distro    `toml:"-" json:"-"`
-	Mode            ScanMode  `toml:"-" json:"-"`
+	// internal use
+	IPv4Addrs       []string       `toml:"-" json:"ipv4Addrs,omitempty"`
+	IPv6Addrs       []string       `toml:"-" json:"ipv6Addrs,omitempty"`
+	IPSIdentifiers  map[IPS]string `toml:"-" json:"ipsIdentifiers,omitempty"`
+	LogMsgAnsiColor string         `toml:"-" json:"-"` // DebugLog Color
+	Container       Container      `toml:"-" json:"-"`
+	Distro          Distro         `toml:"-" json:"-"`
+	Mode            ScanMode       `toml:"-" json:"-"`
 }
 
 // ContainerSetting is used for loading container setting in config.toml

config/tomlloader.go

@@ -45,7 +45,7 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 		d.KeyPassword = keyPass
 	}
 
-	i := 0
+	index := 0
 	for serverName, v := range conf.Servers {
 		if 0 < len(v.KeyPassword) {
 			return xerrors.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", serverName)
@@ -268,8 +268,13 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 		s.WordPress.OSUser = v.WordPress.OSUser
 		s.WordPress.IgnoreInactive = v.WordPress.IgnoreInactive
 
-		s.LogMsgAnsiColor = Colors[i%len(Colors)]
-		i++
+		s.IgnoredJSONKeys = v.IgnoredJSONKeys
+		if len(s.IgnoredJSONKeys) == 0 {
+			s.IgnoredJSONKeys = d.IgnoredJSONKeys
+		}
+
+		s.LogMsgAnsiColor = Colors[index%len(Colors)]
+		index++
 
 		servers[serverName] = s
 	}

go.mod

@@ -15,19 +15,22 @@ require (
 	github.com/aquasecurity/fanal v0.0.0-20200820074632-6de62ef86882
 	github.com/aquasecurity/trivy v0.12.0
 	github.com/aquasecurity/trivy-db v0.0.0-20200826140828-6da6467703aa
-	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
+	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef
 	github.com/aws/aws-sdk-go v1.33.21
 	github.com/boltdb/bolt v1.3.1
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
 	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
 	github.com/emersion/go-smtp v0.13.0
+	github.com/go-redis/redis v6.15.9+incompatible // indirect
 	github.com/google/subcommands v1.2.0
 	github.com/gosuri/uitable v0.0.4
 	github.com/hashicorp/go-uuid v1.0.2
 	github.com/hashicorp/go-version v1.2.1
 	github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c
+	github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac // indirect
 	github.com/jesseduffield/gocui v0.3.0
+	github.com/jinzhu/gorm v1.9.16 // indirect
 	github.com/k0kubun/pp v3.0.1+incompatible
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
 	github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2
@@ -36,8 +39,10 @@ require (
 	github.com/knqyf263/gost v0.1.4
 	github.com/kotakanbe/go-cve-dictionary v0.5.0
 	github.com/kotakanbe/go-pingscanner v0.1.0
-	github.com/kotakanbe/goval-dictionary v0.2.10
+	github.com/kotakanbe/goval-dictionary v0.2.14
 	github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96
+	github.com/lib/pq v1.8.0 // indirect
+	github.com/mattn/go-colorable v0.1.8 // indirect
 	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mozqnet/go-exploitdb v0.1.0
@@ -50,9 +55,13 @@ require (
 	github.com/spf13/afero v1.3.0
 	github.com/spf13/cobra v1.0.0
 	github.com/takuzoo3868/go-msfdb v0.1.1
-	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+	github.com/valyala/fasttemplate v1.2.1 // indirect
+	golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9
 	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
+	golang.org/x/net v0.0.0-20201110031124-69a78807bb2b // indirect
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	golang.org/x/sys v0.0.0-20201117222635-ba5294a509c7 // indirect
+	golang.org/x/text v0.3.4 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	k8s.io/utils v0.0.0-20200619165400-6e3d28b6ed19
 )

go.sum

@@ -55,6 +55,7 @@ github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OneOfOne/xxhash v1.2.7/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg=
+github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
@@ -69,6 +70,7 @@ github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/g
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/andybalholm/cascadia v1.0.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
+github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200825112230-c0f517aea2ed h1:o6vSjobtDn634//l4yBCGCC2RWoRc4K5AUH8W8DZZds=
@@ -93,6 +95,8 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGLmAjMPwCCCo7Jf0W6f9slllCkkv7vyc1yOSg=
+github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.19.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.27.1 h1:MXnqY6SlWySaZAqNnXThOvjRFdiiOuKtC6i7baFdNdU=
@@ -257,6 +261,8 @@ github.com/go-redis/redis v6.15.7+incompatible h1:3skhDh95XQMpnqeqNftPkQD9jL9e5e
 github.com/go-redis/redis v6.15.7+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis v6.15.8+incompatible h1:BKZuG6mCnRj5AOaWJXoCgf6rqTYnYJLe4en2hxT7r9o=
 github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg=
+github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
@@ -389,6 +395,8 @@ github.com/inconshreveable/log15 v0.0.0-20180818164646-67afb5ed74ec h1:CGkYB1Q7D
 github.com/inconshreveable/log15 v0.0.0-20180818164646-67afb5ed74ec/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o=
 github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1 h1:KUDFlmBg2buRWNzIcwLlKvfcnujcHQRQ1As1LoaCLAM=
 github.com/inconshreveable/log15 v0.0.0-20200109203555-b30bc20e4fd1/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o=
+github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac h1:n1DqxAo4oWPMvH1+v+DLYlMCecgumhhgnxAPdqDIFHI=
+github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
@@ -399,6 +407,8 @@ github.com/jinzhu/gorm v1.9.10 h1:HvrsqdhCW78xpJF67g1hMxS6eCToo9PZH4LDB8WKPac=
 github.com/jinzhu/gorm v1.9.10/go.mod h1:Kh6hTsSGffh4ui079FHrR5Gg+5D0hgihqDcsDN2BBJY=
 github.com/jinzhu/gorm v1.9.12 h1:Drgk1clyWT9t9ERbzHza6Mj/8FY/CqMyVzOiHviMo6Q=
 github.com/jinzhu/gorm v1.9.12/go.mod h1:vhTjlKSJUTWNtcbQtrMBFCxy7eXTzeCAzfL5fBZT/Qs=
+github.com/jinzhu/gorm v1.9.16 h1:+IyIjPEABKRpsu/F8OvDPy9fyQlgsg2luMV2ZIH5i5o=
+github.com/jinzhu/gorm v1.9.16/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M=
@@ -449,13 +459,14 @@ github.com/kotakanbe/go-cve-dictionary v0.5.0 h1:wai3ymaI0BFhcofW7ITOAAILm4CvsBn
 github.com/kotakanbe/go-cve-dictionary v0.5.0/go.mod h1:zgnFBROvdhyd30KU0yekNI0J1kQkjTMND8GqlL8y25k=
 github.com/kotakanbe/go-pingscanner v0.1.0 h1:VG4/9l0i8WeToXclj7bIGoAZAu7a07Z3qmQiIfU0gT0=
 github.com/kotakanbe/go-pingscanner v0.1.0/go.mod h1:/761QZzuZFcfN8h/1QuawUA+pKukp3qcNj5mxJCOiAk=
-github.com/kotakanbe/goval-dictionary v0.2.10 h1:ilzsGCwe74b+OsajFO+VbOW9IUxu5i3dYNWdl+8JZrw=
-github.com/kotakanbe/goval-dictionary v0.2.10/go.mod h1:OozI5ZbKWHIPcjYgOITYHRy+Vo6ZbksY1FU8aCwojK4=
+github.com/kotakanbe/goval-dictionary v0.2.14 h1:r6kES0vDurn0Fkc0aKy64DXOCuPillg+1FLG6PqTGeQ=
+github.com/kotakanbe/goval-dictionary v0.2.14/go.mod h1:SboH42dYROL26r/Q4kuLRdtNCZ25dMzydv2DQlUAvIw=
 github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96 h1:xNVK0mQJdQjw+QYeaMM4G6fvucWr8rTGGIhlPakx1wU=
 github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96/go.mod h1:ljq48H1V+0Vh0u7ucA3LjR4AfkAeCpxrf7LaaCk8Vmo=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
@@ -475,6 +486,8 @@ github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgx
 github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
+github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
@@ -492,6 +505,8 @@ github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaa
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.7 h1:bQGKb3vps/j0E9GfJQ03JyhRuxsvdAanXlT9BTw3mdw=
 github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
+github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
@@ -516,6 +531,7 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
 github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v1.11.0 h1:LDdKkqtYlom37fkvqs8rMPFKAMe8+SgjbwZ6ex1/A/Q=
 github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus=
 github.com/mattn/go-sqlite3 v2.0.1+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
@@ -730,6 +746,8 @@ github.com/valyala/fasttemplate v1.0.1 h1:tY9CJiPnMXf1ERmG2EyK7gNUd+c6RKGD0IfU8W
 github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
 github.com/valyala/fasttemplate v1.1.0 h1:RZqt0yGBsps8NGvLSGW804QQqCUYYLsaOjTVHy1Ocw4=
 github.com/valyala/fasttemplate v1.1.0/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
+github.com/valyala/fasttemplate v1.2.1 h1:TVEnxayobAdVkhQfrfes2IzOB6o+z4roRkPF52WA1u4=
+github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vdemeester/k8s-pkg-credentialprovider v1.17.4/go.mod h1:inCTmtUdr5KJbreVojo06krnTgaeAz/Z7lynpPk/Q2c=
 github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
 github.com/xanzy/ssh-agent v0.2.0/go.mod h1:0NyE30eGUDliuLEHJgYte/zncp2zdTStcOnWhgSqHD8=
@@ -784,6 +802,8 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 h1:phUcVbl53swtrUN8kQEXFhUxPlIlWyBfKmidCu7P95o=
+golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -839,10 +859,13 @@ golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dDLfdtbT/IVn4keq83P0=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -904,11 +927,19 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200824131525-c12d262b63d8 h1:AvbQYmiaaaza3cW3QXRyPo5kYgpFIzOAfeAAN7m3qQ4=
 golang.org/x/sys v0.0.0-20200824131525-c12d262b63d8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201117222635-ba5294a509c7 h1:s330+6z/Ko3J0o6rvOcwXe5nzs7UT9tLKHoOXYn6uE0=
+golang.org/x/sys v0.0.0-20201117222635-ba5294a509c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

models/scanresults.go

@@ -3,6 +3,7 @@ package models
 import (
 	"bytes"
 	"fmt"
+	"reflect"
 	"regexp"
 	"strings"
 	"time"
@@ -503,3 +504,23 @@ func (r ScanResult) RemoveRaspbianPackFromResult() ScanResult {
 
 	return result
 }
+
+func (r ScanResult) ClearFields(targetTagNames []string) ScanResult {
+	if len(targetTagNames) == 0 {
+		return r
+	}
+	target := map[string]bool{}
+	for _, n := range targetTagNames {
+		target[strings.ToLower(n)] = true
+	}
+	t := reflect.ValueOf(r).Type()
+	for i := 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+		jsonValue := strings.Split(f.Tag.Get("json"), ",")[0]
+		if ok := target[strings.ToLower(jsonValue)]; ok {
+			vv := reflect.New(f.Type).Elem().Interface()
+			reflect.ValueOf(&r).Elem().FieldByName(f.Name).Set(reflect.ValueOf(vv))
+		}
+	}
+	return r
+}

report/localfile.go

@@ -41,14 +41,8 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 			}
 
 			var b []byte
-			if c.Conf.Debug {
-				if b, err = json.MarshalIndent(r, "", "    "); err != nil {
-					return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
-				}
-			} else {
-				if b, err = json.Marshal(r); err != nil {
-					return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
-				}
+			if b, err = json.MarshalIndent(r, "", "    "); err != nil {
+				return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
 			}
 			if err := writeFile(p, b, 0600); err != nil {
 				return xerrors.Errorf("Failed to write JSON. path: %s, err: %w", p, err)
@@ -102,6 +96,17 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 				return xerrors.Errorf("Failed to write XML. path: %s, err: %w", p, err)
 			}
 		}
+
+		if c.Conf.FormatCsvList {
+			p := path + "_short.csv"
+			if c.Conf.Diff {
+				p = path + "_short_diff.csv"
+			}
+			if err := formatCsvList(r, p); err != nil {
+				return xerrors.Errorf("Failed to write CSV: %s, %w", p, err)
+			}
+		}
+
 	}
 	return nil
 }

report/report.go

@@ -43,105 +43,112 @@ const (
 
 // FillCveInfos fills CVE Detailed Information
 func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
-	var filledResults []models.ScanResult
+
+	// Use the same reportedAt for all rs
 	reportedAt := time.Now()
-	hostname, _ := os.Hostname()
-	wpVulnCaches := map[string]string{}
-	for _, r := range rs {
-		if c.Conf.RefreshCve || needToRefreshCve(r) {
-			if !useScannedCves(&r) {
-				r.ScannedCves = models.VulnInfos{}
-			}
-			cpeURIs := []string{}
+	for i, r := range rs {
+		if !c.Conf.RefreshCve && !needToRefreshCve(r) {
+			util.Log.Info("No need to refresh")
+			continue
+		}
 
-			if len(r.Container.ContainerID) == 0 {
-				cpeURIs = c.Conf.Servers[r.ServerName].CpeNames
-				owaspDCXMLPath := c.Conf.Servers[r.ServerName].OwaspDCXMLPath
-				if owaspDCXMLPath != "" {
-					cpes, err := parser.Parse(owaspDCXMLPath)
-					if err != nil {
-						return nil, xerrors.Errorf("Failed to read OWASP Dependency Check XML on %s, `%s`, err: %w",
-							r.ServerName, owaspDCXMLPath, err)
-					}
-					cpeURIs = append(cpeURIs, cpes...)
-				}
-			} else {
-				// runningContainer
-				if s, ok := c.Conf.Servers[r.ServerName]; ok {
-					if con, ok := s.Containers[r.Container.Name]; ok {
-						cpeURIs = con.Cpes
-						owaspDCXMLPath := con.OwaspDCXMLPath
-						if owaspDCXMLPath != "" {
-							cpes, err := parser.Parse(owaspDCXMLPath)
-							if err != nil {
-								return nil, xerrors.Errorf("Failed to read OWASP Dependency Check XML on %s, `%s`, err: %w",
-									r.ServerInfo(), owaspDCXMLPath, err)
-							}
-							cpeURIs = append(cpeURIs, cpes...)
-						}
-					}
+		if !useScannedCves(&r) {
+			r.ScannedCves = models.VulnInfos{}
+		}
+
+		cpeURIs := []string{}
+		if len(r.Container.ContainerID) == 0 {
+			cpeURIs = c.Conf.Servers[r.ServerName].CpeNames
+			owaspDCXMLPath := c.Conf.Servers[r.ServerName].OwaspDCXMLPath
+			if owaspDCXMLPath != "" {
+				cpes, err := parser.Parse(owaspDCXMLPath)
+				if err != nil {
+					return nil, xerrors.Errorf("Failed to read OWASP Dependency Check XML on %s, `%s`, err: %w",
+						r.ServerName, owaspDCXMLPath, err)
 				}
+				cpeURIs = append(cpeURIs, cpes...)
 			}
-
-			nCVEs, err := libmanager.DetectLibsCves(&r)
-			if err != nil {
-				return nil, xerrors.Errorf("Failed to fill with Library dependency: %w", err)
-			}
-			util.Log.Infof("%s: %d CVEs are detected with Library",
-				r.FormatServerName(), nCVEs)
-
-			// Integrations
-			githubInts := GithubSecurityAlerts(c.Conf.Servers[r.ServerName].GitHubRepos)
-			wpOpt := WordPressOption{c.Conf.Servers[r.ServerName].WordPress.WPVulnDBToken, &wpVulnCaches}
-
-			if err := FillCveInfo(dbclient,
-				&r,
-				cpeURIs,
-				true,
-				githubInts,
-				wpOpt); err != nil {
-				return nil, err
-			}
-			r.Lang = c.Conf.Lang
-			r.ReportedAt = reportedAt
-			r.ReportedVersion = c.Version
-			r.ReportedRevision = c.Revision
-			r.ReportedBy = hostname
-			r.Config.Report = c.Conf
-			r.Config.Report.Servers = map[string]c.ServerInfo{
-				r.ServerName: c.Conf.Servers[r.ServerName],
-			}
-			if err := overwriteJSONFile(dir, r); err != nil {
-				return nil, xerrors.Errorf("Failed to write JSON: %w", err)
-			}
-			filledResults = append(filledResults, r)
 		} else {
-			util.Log.Debugf("No need to refresh")
-			filledResults = append(filledResults, r)
+			// runningContainer
+			if s, ok := c.Conf.Servers[r.ServerName]; ok {
+				if con, ok := s.Containers[r.Container.Name]; ok {
+					cpeURIs = con.Cpes
+					owaspDCXMLPath := con.OwaspDCXMLPath
+					if owaspDCXMLPath != "" {
+						cpes, err := parser.Parse(owaspDCXMLPath)
+						if err != nil {
+							return nil, xerrors.Errorf("Failed to read OWASP Dependency Check XML on %s, `%s`, err: %w",
+								r.ServerInfo(), owaspDCXMLPath, err)
+						}
+						cpeURIs = append(cpeURIs, cpes...)
+					}
+				}
+			}
+		}
+
+		nCVEs, err := libmanager.DetectLibsCves(&r)
+		if err != nil {
+			return nil, xerrors.Errorf("Failed to fill with Library dependency: %w", err)
+		}
+		util.Log.Infof("%s: %d CVEs are detected with Library",
+			r.FormatServerName(), nCVEs)
+
+		// Integrations
+		githubInts := GithubSecurityAlerts(c.Conf.Servers[r.ServerName].GitHubRepos)
+
+		wpVulnCaches := map[string]string{}
+		wpOpt := WordPressOption{c.Conf.Servers[r.ServerName].WordPress.WPVulnDBToken, &wpVulnCaches}
+
+		if err := FillCveInfo(dbclient,
+			&r,
+			cpeURIs,
+			true,
+			githubInts,
+			wpOpt); err != nil {
+			return nil, err
+		}
+
+		r.ReportedBy, _ = os.Hostname()
+		r.Lang = c.Conf.Lang
+		r.ReportedAt = reportedAt
+		r.ReportedVersion = c.Version
+		r.ReportedRevision = c.Revision
+		r.Config.Report = c.Conf
+		r.Config.Report.Servers = map[string]c.ServerInfo{
+			r.ServerName: c.Conf.Servers[r.ServerName],
+		}
+		rs[i] = r
+	}
+
+	// Overwrite the json file every time to clear the fields specified in config.IgnoredJSONKeys
+	for _, r := range rs {
+		if s, ok := c.Conf.Servers[r.ServerName]; ok {
+			r = r.ClearFields(s.IgnoredJSONKeys)
+		}
+		if err := overwriteJSONFile(dir, r); err != nil {
+			return nil, xerrors.Errorf("Failed to write JSON: %w", err)
 		}
 	}
 
 	if c.Conf.Diff {
-		prevs, err := loadPrevious(filledResults)
+		prevs, err := loadPrevious(rs)
 		if err != nil {
 			return nil, err
 		}
 
-		diff, err := diff(filledResults, prevs)
+		diff, err := diff(rs, prevs)
 		if err != nil {
 			return nil, err
 		}
-		filledResults = []models.ScanResult{}
-		for _, r := range diff {
+		for i, r := range diff {
 			if err := fillCvesWithNvdJvn(dbclient.CveDB, &r); err != nil {
 				return nil, err
 			}
-			filledResults = append(filledResults, r)
+			rs[i] = r
 		}
 	}
 
-	filtered := []models.ScanResult{}
-	for _, r := range filledResults {
+	for i, r := range rs {
 		r = r.FilterByCvssOver(c.Conf.CvssScoreOver)
 		r = r.FilterIgnoreCves()
 		r = r.FilterUnfixed()
@@ -150,9 +157,9 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 		if c.Conf.IgnoreUnscoredCves {
 			r.ScannedCves = r.ScannedCves.FindScoredVulns()
 		}
-		filtered = append(filtered, r)
+		rs[i] = r
 	}
-	return filtered, nil
+	return rs, nil
 }
 
 // FillCveInfo fill scanResult with cve info.

report/stdout.go

@@ -27,7 +27,7 @@ func (w StdoutWriter) Write(rs ...models.ScanResult) error {
 		fmt.Print("\n")
 	}
 
-	if c.Conf.FormatList {
+	if c.Conf.FormatList || c.Conf.FormatCsvList {
 		for _, r := range rs {
 			fmt.Println(formatList(r))
 		}

report/util.go

@@ -2,6 +2,7 @@ package report
 
 import (
 	"bytes"
+	"encoding/csv"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -382,6 +383,45 @@ No CVE-IDs are found in updatable packages.
 	return
 }
 
+func formatCsvList(r models.ScanResult, path string) error {
+	data := [][]string{{"CVE-ID", "CVSS", "Attack", "PoC", "CERT", "Fixed", "NVD"}}
+	for _, vinfo := range r.ScannedCves.ToSortedSlice() {
+		max := vinfo.MaxCvssScore().Value.Score
+
+		exploits := ""
+		if 0 < len(vinfo.Exploits) || 0 < len(vinfo.Metasploits) {
+			exploits = "POC"
+		}
+
+		link := ""
+		if strings.HasPrefix(vinfo.CveID, "CVE-") {
+			link = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID)
+		} else if strings.HasPrefix(vinfo.CveID, "WPVDBID-") {
+			link = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
+		}
+
+		data = append(data, []string{
+			vinfo.CveID,
+			fmt.Sprintf("%4.1f", max),
+			vinfo.AttackVector(),
+			exploits,
+			vinfo.AlertDict.FormatSource(),
+			vinfo.PatchStatus(r.Packages),
+			link,
+		})
+	}
+
+	file, err := os.Create(path)
+	if err != nil {
+		return xerrors.Errorf("Failed to create a file: %s, err: %w", path, err)
+	}
+	defer file.Close()
+	if err := csv.NewWriter(file).WriteAll(data); err != nil {
+		return xerrors.Errorf("Failed to write to file: %s, err: %w", path, err)
+	}
+	return nil
+}
+
 func cweURL(cweID string) string {
 	return fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html",
 		strings.TrimPrefix(cweID, "CWE-"))