feat(go-kev): update go-kev deps (#1352 )

GPLv3 (#1351 )
Create SECURITY.md
2022-01-07 08:21:48 +09:00 · 2021-12-26 09:08:38 +09:00 · 2021-12-26 08:51:44 +09:00 · 2021-12-26 08:31:11 +09:00 · 2021-12-26 07:53:18 +09:00 · 2021-12-26 07:48:11 +09:00
59 changed files with 2456 additions and 6335 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    target-branch: "master"
--- a/.github/workflows/tidy.yml
+++ b/.github/workflows/tidy.yml
@@ -1,22 +0,0 @@
-name: go-mod-tidy-pr
-
-on:
-  schedule:
-    - cron: "0 0 * * 1" # Weekly build
-
-jobs:
-  go-mod-tidy-pr:
-    name: go-mod-tidy-pr
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Run go-mod-tidy-pr
-        uses: sue445/go-mod-tidy-pr@master
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          git_user_name: kotakanbe
-          git_user_email: kotakanbe@gmail.com
-          go_version: 1.16.x
--- a/7
+++ b/7
@@ -17,8 +17,7 @@ PKGS = $(shell go list ./...)
 VERSION := $(shell git describe --tags --abbrev=0)
 REVISION := $(shell git rev-parse --short HEAD)
 BUILDTIME := $(shell date "+%Y%m%d_%H%M%S")
-LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' \
-    -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
+LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
 GO := GO111MODULE=on go
 CGO_UNABLED := CGO_ENABLED=0 go
 GO_OFF := GO111MODULE=off go
@@ -78,11 +77,11 @@ clean:

 # trivy-to-vuls
 build-trivy-to-vuls: pretest fmt
-	$(GO) build -o trivy-to-vuls contrib/trivy/cmd/*.go
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o trivy-to-vuls contrib/trivy/cmd/*.go

 # future-vuls
 build-future-vuls: pretest fmt
-	$(GO) build -o future-vuls contrib/future-vuls/cmd/*.go
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o future-vuls contrib/future-vuls/cmd/*.go


 # integration-test
--- a/153
+++ b/153
@@ -1,21 +1,23 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007

- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

                            Preamble

-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.

  The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
+the GNU General Public License is intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.

  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -24,34 +26,44 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.

-  Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.

-  A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate.  Many developers of free software are heartened and
-encouraged by the resulting cooperation.  However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.

-  The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community.  It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server.  Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.

-  An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals.  This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing under
-this license.
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.

  The precise terms and conditions for copying, distribution and
 modification follow.
@@ -60,7 +72,7 @@ modification follow.

  0. Definitions.

-  "This License" refers to version 3 of the GNU Affero General Public License.
+  "This License" refers to version 3 of the GNU General Public License.

  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -537,45 +549,35 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.

-  13. Remote Network Interaction; Use with the GNU General Public License.
-
-  Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software.  This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
+  13. Use with the GNU Affero General Public License.

  Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
+under version 3 of the GNU Affero General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.

  14. Revised Versions of this License.

  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.

  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
+Program specifies that a certain numbered version of the GNU General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
+GNU General Public License, you may choose any version ever published
 by the Free Software Foundation.

  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
+versions of the GNU General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.

@@ -629,33 +631,44 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.

-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
+    Vuls - Vulnerability Scanner
+    Copyright (C) 2016  Future Corporation , Japan.

    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
+    GNU General Public License for more details.

-    You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.

 Also add information on how to contact you by electronic and paper mail.

-  If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source.  For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code.  There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for the
-specific requirements.
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    Vuls  Copyright (C) 2016  Future Corporation , Japan.
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".

  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
-<https://www.gnu.org/licenses/>.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
--- a/README.md
+++ b/README.md
@@ -87,6 +87,9 @@ Vuls is a tool created to solve the problems listed above. It has the following
  - [US-CERT](https://www.us-cert.gov/ncas/alerts)
  - [JPCERT](http://www.jpcert.or.jp/at/2019.html)

+- CISA(Cybersecurity & Infrastructure Security Agency)
+  - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
+
 - Libraries
  - [Node.js Security Working Group](https://github.com/nodejs/security-wg)
  - [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db)
@@ -186,11 +189,14 @@ see [vulsdoc](https://vuls.io/docs/en/how-to-contribute.html)

 ----

-## Stargazers over time
+## Sponsors

-[![Stargazers over time](https://starcharts.herokuapp.com/future-architect/vuls.svg)](https://starcharts.herokuapp.com/future-architect/vuls)
+|  |  |
+| ------------- | ------------- |
+| <a href="https://www.tines.com/?utm_source=oss&utm_medium=sponsorship&utm_campaign=vuls"><img src="img/sponsor/tines.png" align="left" width="600px" ></a> | Tines is no-code automation for security teams. Build powerful, reliable workflows without a development team. |
+| <a href="https://www.sakura.ad.jp/"><img src="https://vuls.io/img/icons/sakura.svg" align="left" width="600px" ></a> | SAKURA internet Inc. is an Internet company founded in 1996. We provide cloud computing services such as "Sakura's Shared Server", "Sakura's VPS", and "Sakura's Cloud" to meet the needs of a wide range of customers, from individuals and corporations to the education and public sectors, using its own data centers in Japan. Based on the philosophy of "changing what you want to do into what you can do," we offer DX solutions for all fields.  |

-----;
+----

 ## License

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version is supported.
+
+## Reporting a Vulnerability
+
+Email kotakanbe@gmail.com
--- a/config/config.go
+++ b/config/config.go
@@ -41,6 +41,7 @@ type Config struct {
 	Gost       GostConf       `json:"gost,omitempty"`
 	Exploit    ExploitConf    `json:"exploit,omitempty"`
 	Metasploit MetasploitConf `json:"metasploit,omitempty"`
+	KEVuln     KEVulnConf     `json:"kevuln,omitempty"`

 	Slack      SlackConf      `json:"-"`
 	EMail      SMTPConf       `json:"-"`
@@ -176,6 +177,7 @@ func (c *Config) ValidateOnReport() bool {
 		&Conf.Gost,
 		&Conf.Exploit,
 		&Conf.Metasploit,
+		&Conf.KEVuln,
 	} {
 		if err := cnf.Validate(); err != nil {
 			errs = append(errs, xerrors.Errorf("Failed to validate %s: %+v", cnf.GetName(), err))
@@ -299,10 +301,7 @@ func (l Distro) String() string {
 // MajorVersion returns Major version
 func (l Distro) MajorVersion() (int, error) {
 	if l.Family == constant.Amazon {
-		if isAmazonLinux1(l.Release) {
-			return 1, nil
-		}
-		return 2, nil
+		return strconv.Atoi(getAmazonLinuxVersion(l.Release))
 	}
 	if 0 < len(l.Release) {
 		return strconv.Atoi(strings.Split(l.Release, ".")[0])
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -70,6 +70,13 @@ func TestDistro_MajorVersion(t *testing.T) {
 		in  Distro
 		out int
 	}{
+		{
+			in: Distro{
+				Family:  Amazon,
+				Release: "2022 (Amazon Linux)",
+			},
+			out: 2022,
+		},
 		{
 			in: Distro{
 				Family:  Amazon,
--- a/config/os.go
+++ b/config/os.go
@@ -39,14 +39,11 @@ func (e EOL) IsExtendedSuppportEnded(now time.Time) bool {
 func GetEOL(family, release string) (eol EOL, found bool) {
 	switch family {
 	case constant.Amazon:
-		rel := "2"
-		if isAmazonLinux1(release) {
-			rel = "1"
-		}
 		eol, found = map[string]EOL{
-			"1": {StandardSupportUntil: time.Date(2023, 6, 30, 23, 59, 59, 0, time.UTC)},
-			"2": {},
-		}[rel]
+			"1":    {StandardSupportUntil: time.Date(2023, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"2":    {},
+			"2022": {},
+		}[getAmazonLinuxVersion(release)]
 	case constant.RedHat:
 		// https://access.redhat.com/support/policy/updates/errata
 		eol, found = map[string]EOL{
@@ -206,6 +203,10 @@ func majorDotMinor(osVer string) (majorDotMinor string) {
 	return fmt.Sprintf("%s.%s", ss[0], ss[1])
 }

-func isAmazonLinux1(osRelease string) bool {
-	return len(strings.Fields(osRelease)) == 1
+func getAmazonLinuxVersion(osRelease string) string {
+	ss := strings.Fields(osRelease)
+	if len(ss) == 1 {
+		return "1"
+	}
+	return ss[0]
 }
--- a/config/os_test.go
+++ b/config/os_test.go
@@ -45,6 +45,14 @@ func TestEOL_IsStandardSupportEnded(t *testing.T) {
 			extEnded: false,
 			found:    true,
 		},
+		{
+			name:     "amazon linux 2022 supported",
+			fields:   fields{family: Amazon, release: "2022 (Amazon Linux)"},
+			now:      time.Date(2023, 7, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
 		//RHEL
 		{
 			name:     "RHEL7 supported",
--- a/config/tomlloader.go
+++ b/config/tomlloader.go
@@ -27,6 +27,7 @@ func (c TOMLLoader) Load(pathToToml, _ string) error {
 		&Conf.Gost,
 		&Conf.Exploit,
 		&Conf.Metasploit,
+		&Conf.KEVuln,
 	} {
 		cnf.Init()
 	}
--- a/config/vulnDictConf.go
+++ b/config/vulnDictConf.go
@@ -248,7 +248,7 @@ func (cnf *GostConf) Init() {
 	cnf.DebugSQL = Conf.DebugSQL
 }

-// MetasploitConf is gost go-metasploitdb
+// MetasploitConf is go-msfdb config
 type MetasploitConf struct {
 	VulnDict
 }
@@ -274,3 +274,30 @@ func (cnf *MetasploitConf) Init() {
 	cnf.setDefault("go-msfdb.sqlite3")
 	cnf.DebugSQL = Conf.DebugSQL
 }
+
+// KEVulnConf is go-kev config
+type KEVulnConf struct {
+	VulnDict
+}
+
+const kevulnDBType = "KEVULN_TYPE"
+const kevulnDBURL = "KEVULN_URL"
+const kevulnDBPATH = "KEVULN_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *KEVulnConf) Init() {
+	cnf.Name = "kevuln"
+	if os.Getenv(kevulnDBType) != "" {
+		cnf.Type = os.Getenv(kevulnDBType)
+	}
+	if os.Getenv(kevulnDBURL) != "" {
+		cnf.URL = os.Getenv(kevulnDBURL)
+	}
+	if os.Getenv(kevulnDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(kevulnDBPATH)
+	}
+	cnf.setDefault("go-kev.sqlite3")
+	cnf.DebugSQL = Conf.DebugSQL
+}
--- a/contrib/future-vuls/cmd/main.go
+++ b/contrib/future-vuls/cmd/main.go
@@ -81,6 +81,14 @@ func main() {
 			return
 		},
 	}
+	var cmdVersion = &cobra.Command{
+		Use:   "version",
+		Short: "Show version",
+		Long:  "Show version",
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Printf("future-vuls-%s-%s\n", config.Version, config.Revision)
+		},
+	}
 	cmdFvulsUploader.PersistentFlags().StringVar(&serverUUID, "uuid", "", "server uuid. ENV: VULS_SERVER_UUID")
 	cmdFvulsUploader.PersistentFlags().StringVar(&configFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
 	cmdFvulsUploader.PersistentFlags().BoolVarP(&stdIn, "stdin", "s", false, "input from stdin. ENV: VULS_STDIN")
@@ -92,6 +100,7 @@ func main() {

 	var rootCmd = &cobra.Command{Use: "future-vuls"}
 	rootCmd.AddCommand(cmdFvulsUploader)
+	rootCmd.AddCommand(cmdVersion)
 	if err = rootCmd.Execute(); err != nil {
 		fmt.Println("Failed to execute command", err)
 	}
--- a/contrib/trivy/cmd/main.go
+++ b/contrib/trivy/cmd/main.go
@@ -9,8 +9,8 @@ import (
 	"os"
 	"path/filepath"

+	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/contrib/trivy/parser"
-	"github.com/future-architect/vuls/models"
 	"github.com/spf13/cobra"
 )

@@ -34,45 +34,55 @@ func main() {
 				reader := bufio.NewReader(os.Stdin)
 				buf := new(bytes.Buffer)
 				if _, err = buf.ReadFrom(reader); err != nil {
+					fmt.Printf("Failed to read file. err: %+v\n", err)
 					os.Exit(1)
-					return
 				}
 				trivyJSON = buf.Bytes()
 			} else {
 				if trivyJSON, err = ioutil.ReadFile(jsonFilePath); err != nil {
-					fmt.Println("Failed to read file", err)
+					fmt.Printf("Failed to read file. err: %+v\n", err)
 					os.Exit(1)
-					return
 				}
 			}

-			scanResult := &models.ScanResult{
-				JSONVersion: models.JSONVersion,
-				ScannedCves: models.VulnInfos{},
-			}
-			if scanResult, err = parser.Parse(trivyJSON, scanResult); err != nil {
-				fmt.Println("Failed to execute command", err)
+			parser, err := parser.NewParser(trivyJSON)
+			if err != nil {
+				fmt.Printf("Failed to new parser. err: %+v\n", err)
+				os.Exit(1)
+			}
+			scanResult, err := parser.Parse(trivyJSON)
+			if err != nil {
+				fmt.Printf("Failed to parse. err: %+v\n", err)
 				os.Exit(1)
-				return
 			}
 			var resultJSON []byte
 			if resultJSON, err = json.MarshalIndent(scanResult, "", "   "); err != nil {
-				fmt.Println("Failed to create json", err)
+				fmt.Printf("Failed to create json. err: %+v\n", err)
 				os.Exit(1)
-				return
 			}
 			fmt.Println(string(resultJSON))
-			return
 		},
 	}
+
+	var cmdVersion = &cobra.Command{
+		Use:   "version",
+		Short: "Show version",
+		Long:  "Show version",
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Printf("trivy-to-vuls-%s-%s\n", config.Version, config.Revision)
+		},
+	}
+
 	cmdTrivyToVuls.Flags().BoolVarP(&stdIn, "stdin", "s", false, "input from stdin")
 	cmdTrivyToVuls.Flags().StringVarP(&jsonDir, "trivy-json-dir", "d", "./", "trivy json dir")
 	cmdTrivyToVuls.Flags().StringVarP(&jsonFileName, "trivy-json-file-name", "f", "results.json", "trivy json file name")

 	var rootCmd = &cobra.Command{Use: "trivy-to-vuls"}
 	rootCmd.AddCommand(cmdTrivyToVuls)
+	rootCmd.AddCommand(cmdVersion)
 	if err = rootCmd.Execute(); err != nil {
-		fmt.Println("Failed to execute command", err)
+		fmt.Printf("Failed to execute command. err: %+v\n", err)
 		os.Exit(1)
 	}
+	os.Exit(0)
 }
--- a/contrib/trivy/parser/parser.go
+++ b/contrib/trivy/parser/parser.go
@@ -2,212 +2,32 @@ package parser

 import (
 	"encoding/json"
-	"sort"
-	"time"

-	"github.com/aquasecurity/fanal/analyzer/os"
-	ftypes "github.com/aquasecurity/fanal/types"
-	"github.com/aquasecurity/trivy/pkg/report"
-
-	"github.com/aquasecurity/trivy/pkg/types"
-	"github.com/future-architect/vuls/constant"
+	v2 "github.com/future-architect/vuls/contrib/trivy/parser/v2"
 	"github.com/future-architect/vuls/models"
+	"golang.org/x/xerrors"
 )

-// Parse :
-func Parse(vulnJSON []byte, scanResult *models.ScanResult) (result *models.ScanResult, err error) {
-	var trivyResults report.Results
-	if err = json.Unmarshal(vulnJSON, &trivyResults); err != nil {
-		return nil, err
-	}
-
-	pkgs := models.Packages{}
-	vulnInfos := models.VulnInfos{}
-	uniqueLibraryScannerPaths := map[string]models.LibraryScanner{}
-	for _, trivyResult := range trivyResults {
-		setScanResultMeta(scanResult, &trivyResult)
-		for _, vuln := range trivyResult.Vulnerabilities {
-			if _, ok := vulnInfos[vuln.VulnerabilityID]; !ok {
-				vulnInfos[vuln.VulnerabilityID] = models.VulnInfo{
-					CveID: vuln.VulnerabilityID,
-					Confidences: models.Confidences{
-						{
-							Score:           100,
-							DetectionMethod: models.TrivyMatchStr,
-						},
-					},
-					AffectedPackages: models.PackageFixStatuses{},
-					CveContents:      models.CveContents{},
-					LibraryFixedIns:  models.LibraryFixedIns{},
-					// VulnType : "",
-				}
-			}
-			vulnInfo := vulnInfos[vuln.VulnerabilityID]
-			var notFixedYet bool
-			fixState := ""
-			if len(vuln.FixedVersion) == 0 {
-				notFixedYet = true
-				fixState = "Affected"
-			}
-			var references models.References
-			for _, reference := range vuln.References {
-				references = append(references, models.Reference{
-					Source: "trivy",
-					Link:   reference,
-				})
-			}
-
-			sort.Slice(references, func(i, j int) bool {
-				return references[i].Link < references[j].Link
-			})
-
-			var published time.Time
-			if vuln.PublishedDate != nil {
-				published = *vuln.PublishedDate
-			}
-
-			var lastModified time.Time
-			if vuln.LastModifiedDate != nil {
-				lastModified = *vuln.LastModifiedDate
-			}
-
-			vulnInfo.CveContents = models.CveContents{
-				models.Trivy: []models.CveContent{{
-					Cvss3Severity: vuln.Severity,
-					References:    references,
-					Title:         vuln.Title,
-					Summary:       vuln.Description,
-					Published:     published,
-					LastModified:  lastModified,
-				}},
-			}
-			// do only if image type is Vuln
-			if isTrivySupportedOS(trivyResult.Type) {
-				pkgs[vuln.PkgName] = models.Package{
-					Name:    vuln.PkgName,
-					Version: vuln.InstalledVersion,
-				}
-				vulnInfo.AffectedPackages = append(vulnInfo.AffectedPackages, models.PackageFixStatus{
-					Name:        vuln.PkgName,
-					NotFixedYet: notFixedYet,
-					FixState:    fixState,
-					FixedIn:     vuln.FixedVersion,
-				})
-			} else {
-				vulnInfo.LibraryFixedIns = append(vulnInfo.LibraryFixedIns, models.LibraryFixedIn{
-					Key:     trivyResult.Type,
-					Name:    vuln.PkgName,
-					Path:    trivyResult.Target,
-					FixedIn: vuln.FixedVersion,
-				})
-				libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
-				libScanner.Type = trivyResult.Type
-				libScanner.Libs = append(libScanner.Libs, types.Library{
-					Name:    vuln.PkgName,
-					Version: vuln.InstalledVersion,
-				})
-				uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
-			}
-			vulnInfos[vuln.VulnerabilityID] = vulnInfo
-		}
-	}
-	// flatten and unique libraries
-	libraryScanners := make([]models.LibraryScanner, 0, len(uniqueLibraryScannerPaths))
-	for path, v := range uniqueLibraryScannerPaths {
-		uniqueLibrary := map[string]types.Library{}
-		for _, lib := range v.Libs {
-			uniqueLibrary[lib.Name+lib.Version] = lib
-		}
-
-		var libraries []types.Library
-		for _, library := range uniqueLibrary {
-			libraries = append(libraries, library)
-		}
-
-		sort.Slice(libraries, func(i, j int) bool {
-			return libraries[i].Name < libraries[j].Name
-		})
-
-		libscanner := models.LibraryScanner{
-			Type: v.Type,
-			Path: path,
-			Libs: libraries,
-		}
-		libraryScanners = append(libraryScanners, libscanner)
-	}
-	sort.Slice(libraryScanners, func(i, j int) bool {
-		return libraryScanners[i].Path < libraryScanners[j].Path
-	})
-	scanResult.ScannedCves = vulnInfos
-	scanResult.Packages = pkgs
-	scanResult.LibraryScanners = libraryScanners
-	return scanResult, nil
+// Parser is a parser interface
+type Parser interface {
+	Parse(vulnJSON []byte) (result *models.ScanResult, err error)
 }

-const trivyTarget = "trivy-target"
-
-func setScanResultMeta(scanResult *models.ScanResult, trivyResult *report.Result) {
-	if isTrivySupportedOS(trivyResult.Type) {
-		scanResult.Family = trivyResult.Type
-		scanResult.ServerName = trivyResult.Target
-		scanResult.Optional = map[string]interface{}{
-			trivyTarget: trivyResult.Target,
-		}
-	} else if isTrivySupportedLib(trivyResult.Type) {
-		if scanResult.Family == "" {
-			scanResult.Family = constant.ServerTypePseudo
-		}
-		if scanResult.ServerName == "" {
-			scanResult.ServerName = "library scan by trivy"
-		}
-		if _, ok := scanResult.Optional[trivyTarget]; !ok {
-			scanResult.Optional = map[string]interface{}{
-				trivyTarget: trivyResult.Target,
-			}
-		}
-	}
-	scanResult.ScannedAt = time.Now()
-	scanResult.ScannedBy = "trivy"
-	scanResult.ScannedVia = "trivy"
+// Report is used for judgeing the scheme version of trivy
+type Report struct {
+	SchemaVersion int `json:",omitempty"`
 }

-// isTrivySupportedOS :
-func isTrivySupportedOS(family string) bool {
-	supportedFamilies := map[string]interface{}{
-		os.RedHat:             struct{}{},
-		os.Debian:             struct{}{},
-		os.Ubuntu:             struct{}{},
-		os.CentOS:             struct{}{},
-		os.Fedora:             struct{}{},
-		os.Amazon:             struct{}{},
-		os.Oracle:             struct{}{},
-		os.Windows:            struct{}{},
-		os.OpenSUSE:           struct{}{},
-		os.OpenSUSELeap:       struct{}{},
-		os.OpenSUSETumbleweed: struct{}{},
-		os.SLES:               struct{}{},
-		os.Photon:             struct{}{},
-		os.Alpine:             struct{}{},
+// NewParser make a parser for the schema version of trivy
+func NewParser(vulnJSON []byte) (Parser, error) {
+	r := Report{}
+	if err := json.Unmarshal(vulnJSON, &r); err != nil {
+		return nil, xerrors.Errorf("Failed to parse JSON. Please use the latest version of trivy, trivy-to-vuls and future-vuls")
 	}
-	_, ok := supportedFamilies[family]
-	return ok
-}
-
-func isTrivySupportedLib(typestr string) bool {
-	supportedLibs := map[string]interface{}{
-		ftypes.Bundler:  struct{}{},
-		ftypes.Cargo:    struct{}{},
-		ftypes.Composer: struct{}{},
-		ftypes.Npm:      struct{}{},
-		ftypes.NuGet:    struct{}{},
-		ftypes.Pip:      struct{}{},
-		ftypes.Pipenv:   struct{}{},
-		ftypes.Poetry:   struct{}{},
-		ftypes.Yarn:     struct{}{},
-		ftypes.Jar:      struct{}{},
-		ftypes.GoBinary: struct{}{},
-		ftypes.GoMod:    struct{}{},
+	switch r.SchemaVersion {
+	case 2:
+		return v2.ParserV2{}, nil
+	default:
+		return nil, xerrors.Errorf("Failed to parse trivy json. SchemeVersion %d is not supported yet. Please contact support", r.SchemaVersion)
 	}
-	_, ok := supportedLibs[typestr]
-	return ok
 }
--- a/contrib/trivy/parser/parser_test.go
+++ b/contrib/trivy/parser/parser_test.go
--- a/contrib/trivy/parser/v2/parser.go
+++ b/contrib/trivy/parser/v2/parser.go
@@ -0,0 +1,60 @@
+package v2
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/aquasecurity/trivy/pkg/report"
+
+	"github.com/future-architect/vuls/constant"
+	"github.com/future-architect/vuls/contrib/trivy/pkg"
+	"github.com/future-architect/vuls/models"
+)
+
+// ParserV2 is a parser for scheme v2
+type ParserV2 struct {
+}
+
+// Parse trivy's JSON and convert to the Vuls struct
+func (p ParserV2) Parse(vulnJSON []byte) (result *models.ScanResult, err error) {
+	var report report.Report
+	if err = json.Unmarshal(vulnJSON, &report); err != nil {
+		return nil, err
+	}
+
+	scanResult, err := pkg.Convert(report.Results)
+	if err != nil {
+		return nil, err
+	}
+
+	setScanResultMeta(scanResult, &report)
+	return scanResult, nil
+}
+
+func setScanResultMeta(scanResult *models.ScanResult, report *report.Report) {
+	for _, r := range report.Results {
+		const trivyTarget = "trivy-target"
+		if pkg.IsTrivySupportedOS(r.Type) {
+			scanResult.Family = r.Type
+			scanResult.ServerName = r.Target
+			scanResult.Optional = map[string]interface{}{
+				trivyTarget: r.Target,
+			}
+		} else if pkg.IsTrivySupportedLib(r.Type) {
+			if scanResult.Family == "" {
+				scanResult.Family = constant.ServerTypePseudo
+			}
+			if scanResult.ServerName == "" {
+				scanResult.ServerName = "library scan by trivy"
+			}
+			if _, ok := scanResult.Optional[trivyTarget]; !ok {
+				scanResult.Optional = map[string]interface{}{
+					trivyTarget: r.Target,
+				}
+			}
+		}
+		scanResult.ScannedAt = time.Now()
+		scanResult.ScannedBy = "trivy"
+		scanResult.ScannedVia = "trivy"
+	}
+}
--- a/contrib/trivy/parser/v2/parser_test.go
+++ b/contrib/trivy/parser/v2/parser_test.go
@@ -0,0 +1,725 @@
+package v2
+
+import (
+	"testing"
+
+	"github.com/d4l3k/messagediff"
+
+	"github.com/future-architect/vuls/models"
+)
+
+func TestParse(t *testing.T) {
+	cases := map[string]struct {
+		vulnJSON []byte
+		expected *models.ScanResult
+	}{
+		"image redis": {
+			vulnJSON: redisTrivy,
+			expected: redisSR,
+		},
+		"image struts": {
+			vulnJSON: strutsTrivy,
+			expected: strutsSR,
+		},
+		"image osAndLib": {
+			vulnJSON: osAndLibTrivy,
+			expected: osAndLibSR,
+		},
+	}
+
+	for testcase, v := range cases {
+		actual, err := ParserV2{}.Parse(v.vulnJSON)
+		if err != nil {
+			t.Errorf("%s", err)
+		}
+
+		diff, equal := messagediff.PrettyDiff(
+			v.expected,
+			actual,
+			messagediff.IgnoreStructField("ScannedAt"),
+			messagediff.IgnoreStructField("Title"),
+			messagediff.IgnoreStructField("Summary"),
+			messagediff.IgnoreStructField("LastModified"),
+			messagediff.IgnoreStructField("Published"),
+		)
+		if !equal {
+			t.Errorf("test: %s, diff %s", testcase, diff)
+		}
+	}
+}
+
+var redisTrivy = []byte(`
+{
+  "SchemaVersion": 2,
+  "ArtifactName": "redis",
+  "ArtifactType": "container_image",
+  "Metadata": {
+    "OS": {
+      "Family": "debian",
+      "Name": "10.10"
+    },
+    "ImageID": "sha256:ddcca4b8a6f0367b5de2764dfe76b0a4bfa6d75237932185923705da47004347",
+    "DiffIDs": [
+      "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781",
+      "sha256:b6fc243eaea74d1a41b242da4c3ec5166db80f38c4d57a10ce8860c00d902ace",
+      "sha256:ec92e47b7c52dacc26df07ee13e8e81c099b5a5661ccc97b06692a9c9d01e772",
+      "sha256:4be6d4460d3615186717f21ffc0023b168dce48967d01934bbe31127901d3d5c",
+      "sha256:992463b683270e164936e9c48fa395d05a7b8b5cc0aa208e4fa81aa9158fcae1",
+      "sha256:0083597d42d190ddb86c35587a7b196fe18d79382520544b5f715c1e4792b19a"
+    ],
+    "RepoTags": [
+      "redis:latest"
+    ],
+    "RepoDigests": [
+      "redis@sha256:66ce9bc742609650afc3de7009658473ed601db4e926a5b16d239303383bacad"
+    ],
+    "ImageConfig": {
+      "architecture": "amd64",
+      "container": "fa59f1c2817c9095f8f7272a4ab9b11db0332b33efb3a82c00a3d1fec8763684",
+      "created": "2021-08-17T14:30:06.550779326Z",
+      "docker_version": "20.10.7",
+      "history": [
+        {
+          "created": "2021-08-17T01:24:06Z",
+          "created_by": "/bin/sh -c #(nop) ADD file:87b4e60fe3af680c6815448374365a44e9ea461bc8ade2960b4639c25aed3ba9 in / "
+        },
+        {
+          "created": "2021-08-17T14:30:06Z",
+          "created_by": "/bin/sh -c #(nop)  CMD [\"redis-server\"]",
+          "empty_layer": true
+        }
+      ],
+      "os": "linux",
+      "rootfs": {
+        "type": "layers",
+        "diff_ids": [
+          "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781",
+          "sha256:b6fc243eaea74d1a41b242da4c3ec5166db80f38c4d57a10ce8860c00d902ace",
+          "sha256:ec92e47b7c52dacc26df07ee13e8e81c099b5a5661ccc97b06692a9c9d01e772",
+          "sha256:4be6d4460d3615186717f21ffc0023b168dce48967d01934bbe31127901d3d5c",
+          "sha256:992463b683270e164936e9c48fa395d05a7b8b5cc0aa208e4fa81aa9158fcae1",
+          "sha256:0083597d42d190ddb86c35587a7b196fe18d79382520544b5f715c1e4792b19a"
+        ]
+      },
+      "config": {
+        "Cmd": [
+          "redis-server"
+        ],
+        "Entrypoint": [
+          "docker-entrypoint.sh"
+        ],
+        "Env": [
+          "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+          "GOSU_VERSION=1.12",
+          "REDIS_VERSION=6.2.5",
+          "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-6.2.5.tar.gz",
+          "REDIS_DOWNLOAD_SHA=4b9a75709a1b74b3785e20a6c158cab94cf52298aa381eea947a678a60d551ae"
+        ],
+        "Image": "sha256:befbd3fc62bffcd0115008969a014faaad07828b2c54b4bcfd2d9fc3aa2508cd",
+        "Volumes": {
+          "/data": {}
+        },
+        "WorkingDir": "/data"
+      }
+    }
+  },
+  "Results": [
+    {
+      "Target": "redis (debian 10.10)",
+      "Class": "os-pkgs",
+      "Type": "debian",
+      "Packages": [
+        {
+          "Name": "adduser",
+          "Version": "3.118",
+          "SrcName": "adduser",
+          "SrcVersion": "3.118",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          }
+        },
+        {
+          "Name": "apt",
+          "Version": "1.8.2.3",
+          "SrcName": "apt",
+          "SrcVersion": "1.8.2.3",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          }
+        },
+        {
+          "Name": "bsdutils",
+          "Version": "1:2.33.1-0.1",
+          "SrcName": "util-linux",
+          "SrcVersion": "2.33.1-0.1",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          }
+        },
+        {
+          "Name": "pkgA",
+          "Version": "1:2.33.1-0.1",
+          "SrcName": "util-linux",
+          "SrcVersion": "2.33.1-0.1",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          }
+        }
+      ],
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2011-3374",
+          "PkgName": "apt",
+          "InstalledVersion": "1.8.2.3",
+          "Layer": {
+            "DiffID": "sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781"
+          },
+          "SeveritySource": "debian",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374",
+          "Description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.",
+          "Severity": "LOW",
+          "CweIDs": [
+            "CWE-347"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
+              "V2Score": 4.3,
+              "V3Score": 3.7
+            }
+          },
+          "References": [
+            "https://access.redhat.com/security/cve/cve-2011-3374"
+          ],
+          "PublishedDate": "2019-11-26T00:15:00Z",
+          "LastModifiedDate": "2021-02-09T16:08:00Z"
+        }
+      ]
+    }
+  ]
+}
+`)
+var redisSR = &models.ScanResult{
+	JSONVersion: 4,
+	ServerName:  "redis (debian 10.10)",
+	Family:      "debian",
+	ScannedBy:   "trivy",
+	ScannedVia:  "trivy",
+	ScannedCves: models.VulnInfos{
+		"CVE-2011-3374": {
+			CveID: "CVE-2011-3374",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{
+				models.PackageFixStatus{
+					Name:        "apt",
+					NotFixedYet: true,
+					FixState:    "Affected",
+					FixedIn:     "",
+				}},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "",
+					Summary:       "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.",
+					Cvss3Severity: "LOW",
+					References: models.References{
+						{Source: "trivy", Link: "https://access.redhat.com/security/cve/cve-2011-3374"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{},
+		},
+	},
+	LibraryScanners: models.LibraryScanners{},
+	Packages: models.Packages{
+		"apt": models.Package{
+			Name:    "apt",
+			Version: "1.8.2.3",
+		},
+		"adduser": models.Package{
+			Name:    "adduser",
+			Version: "3.118",
+		},
+		"bsdutils": models.Package{
+			Name:    "bsdutils",
+			Version: "1:2.33.1-0.1",
+		},
+		"pkgA": models.Package{
+			Name:    "pkgA",
+			Version: "1:2.33.1-0.1",
+		},
+	},
+	SrcPackages: models.SrcPackages{
+		"util-linux": models.SrcPackage{
+			Name:        "util-linux",
+			Version:     "2.33.1-0.1",
+			BinaryNames: []string{"bsdutils", "pkgA"},
+		},
+	},
+	Optional: map[string]interface{}{
+		"trivy-target": "redis (debian 10.10)",
+	},
+}
+
+var strutsTrivy = []byte(`
+{
+  "SchemaVersion": 2,
+  "ArtifactName": "/data/struts-1.2.7/lib",
+  "ArtifactType": "filesystem",
+  "Metadata": {
+    "ImageConfig": {
+      "architecture": "",
+      "created": "0001-01-01T00:00:00Z",
+      "os": "",
+      "rootfs": {
+        "type": "",
+        "diff_ids": null
+      },
+      "config": {}
+    }
+  },
+  "Results": [
+    {
+      "Target": "Java",
+      "Class": "lang-pkgs",
+      "Type": "jar",
+      "Packages": [
+        {
+          "Name": "oro:oro",
+          "Version": "2.0.7",
+          "Layer": {}
+        },
+        {
+          "Name": "struts:struts",
+          "Version": "1.2.7",
+          "Layer": {}
+        },
+        {
+          "Name": "commons-beanutils:commons-beanutils",
+          "Version": "1.7.0",
+          "Layer": {}
+        }
+      ],
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2014-0114",
+          "PkgName": "commons-beanutils:commons-beanutils",
+          "InstalledVersion": "1.7.0",
+          "FixedVersion": "1.9.2",
+          "Layer": {},
+          "SeveritySource": "nvd",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-0114",
+          "Title": "Apache Struts 1: Class Loader manipulation via request parameters",
+          "Description": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
+          "Severity": "HIGH",
+          "CweIDs": [
+            "CWE-20"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V2Score": 7.5
+            },
+            "redhat": {
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V2Score": 7.5
+            }
+          },
+          "References": [
+            "http://advisories.mageia.org/MGASA-2014-0219.html"
+          ],
+          "PublishedDate": "2014-04-30T10:49:00Z",
+          "LastModifiedDate": "2021-01-26T18:15:00Z"
+        },
+        {
+          "VulnerabilityID": "CVE-2012-1007",
+          "PkgName": "struts:struts",
+          "InstalledVersion": "1.2.7",
+          "Layer": {},
+          "SeveritySource": "nvd",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-1007",
+          "Title": "struts: multiple XSS flaws",
+          "Description": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.",
+          "Severity": "MEDIUM",
+          "CweIDs": [
+            "CWE-79"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+              "V2Score": 4.3
+            },
+            "redhat": {
+              "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+              "V2Score": 4.3
+            }
+          },
+          "References": [
+            "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007"
+          ],
+          "PublishedDate": "2012-02-07T04:09:00Z",
+          "LastModifiedDate": "2018-10-17T01:29:00Z"
+        }
+      ]
+    }
+  ]
+}`)
+
+var strutsSR = &models.ScanResult{
+	JSONVersion: 4,
+	ServerName:  "library scan by trivy",
+	Family:      "pseudo",
+	ScannedBy:   "trivy",
+	ScannedVia:  "trivy",
+	ScannedCves: models.VulnInfos{
+		"CVE-2014-0114": {
+			CveID: "CVE-2014-0114",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "Apache Struts 1: Class Loader manipulation via request parameters",
+					Summary:       "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
+					Cvss3Severity: "HIGH",
+					References: models.References{
+						{Source: "trivy", Link: "http://advisories.mageia.org/MGASA-2014-0219.html"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{
+				models.LibraryFixedIn{
+					Key:     "jar",
+					Name:    "commons-beanutils:commons-beanutils",
+					FixedIn: "1.9.2",
+					//TODO use Artifactname?
+					Path: "Java",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{},
+		},
+		"CVE-2012-1007": {
+			CveID: "CVE-2012-1007",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "struts: multiple XSS flaws",
+					Summary:       "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.",
+					Cvss3Severity: "MEDIUM",
+					References: models.References{
+						{Source: "trivy", Link: "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{
+				models.LibraryFixedIn{
+					Key:     "jar",
+					Name:    "struts:struts",
+					FixedIn: "",
+					//TODO use Artifactname?
+					Path: "Java",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{},
+		},
+	},
+	LibraryScanners: models.LibraryScanners{
+		models.LibraryScanner{
+			Type:         "jar",
+			LockfilePath: "Java",
+			Libs: []models.Library{
+				{
+					Name:    "commons-beanutils:commons-beanutils",
+					Version: "1.7.0",
+				},
+				{
+					Name:    "oro:oro",
+					Version: "2.0.7",
+				},
+				{
+					Name:    "struts:struts",
+					Version: "1.2.7",
+				},
+			},
+		},
+	},
+	Packages:    models.Packages{},
+	SrcPackages: models.SrcPackages{},
+	Optional: map[string]interface{}{
+		"trivy-target": "Java",
+	},
+}
+
+var osAndLibTrivy = []byte(`
+{
+  "SchemaVersion": 2,
+  "ArtifactName": "quay.io/fluentd_elasticsearch/fluentd:v2.9.0",
+  "ArtifactType": "container_image",
+  "Metadata": {
+    "OS": {
+      "Family": "debian",
+      "Name": "10.2"
+    },
+    "ImageID": "sha256:5a992077baba51b97f27591a10d54d2f2723dc9c81a3fe419e261023f2554933",
+    "DiffIDs": [
+      "sha256:25165eb51d15842f870f97873e0a58409d5e860e6108e3dd829bd10e484c0065"
+    ],
+    "RepoTags": [
+      "quay.io/fluentd_elasticsearch/fluentd:v2.9.0"
+    ],
+    "RepoDigests": [
+      "quay.io/fluentd_elasticsearch/fluentd@sha256:54716d825ec9791ffb403ac17a1e82159c98ac6161e02b2a054595ad01aa6726"
+    ],
+    "ImageConfig": {
+      "architecture": "amd64",
+      "container": "232f3fc7ddffd71dc3ff52c6c0c3a5feea2f51acffd9b53850a8fc6f1a15319a",
+      "created": "2020-03-04T13:59:39.161374106Z",
+      "docker_version": "19.03.4",
+      "history": [
+        {
+          "created": "2020-03-04T13:59:39.161374106Z",
+          "created_by": "/bin/sh -c #(nop)  CMD [\"/run.sh\"]",
+          "empty_layer": true
+        }
+      ],
+      "os": "linux",
+      "rootfs": {
+        "type": "layers",
+        "diff_ids": [
+          "sha256:25165eb51d15842f870f97873e0a58409d5e860e6108e3dd829bd10e484c0065"
+        ]
+      },
+      "config": {
+        "Cmd": [
+          "/run.sh"
+        ],
+        "Env": [
+          "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+          "LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2"
+        ],
+        "Image": "sha256:2a538358cddc4824e9eff1531e0c63ae5e3cda85d2984c647df9b1c816b9b86b",
+        "ExposedPorts": {
+          "80/tcp": {}
+        }
+      }
+    }
+  },
+  "Results": [
+    {
+      "Target": "quay.io/fluentd_elasticsearch/fluentd:v2.9.0 (debian 10.2)",
+      "Class": "os-pkgs",
+      "Type": "debian",
+      "Packages": [
+        {
+          "Name": "libgnutls30",
+          "Version": "3.6.7-4",
+          "SrcName": "gnutls28",
+          "SrcVersion": "3.6.7-4",
+          "Layer": {
+            "Digest": "sha256:000eee12ec04cc914bf96e8f5dee7767510c2aca3816af6078bd9fbe3150920c",
+            "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f"
+          }
+        }
+      ],
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2021-20231",
+          "PkgName": "libgnutls30",
+          "InstalledVersion": "3.6.7-4",
+          "FixedVersion": "3.6.7-4+deb10u7",
+          "Layer": {
+            "Digest": "sha256:000eee12ec04cc914bf96e8f5dee7767510c2aca3816af6078bd9fbe3150920c",
+            "DiffID": "sha256:831c5620387fb9efec59fc82a42b948546c6be601e3ab34a87108ecf852aa15f"
+          },
+          "SeveritySource": "nvd",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20231",
+          "Title": "gnutls: Use after free in client key_share extension",
+          "Description": "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
+          "Severity": "CRITICAL",
+          "CweIDs": [
+            "CWE-416"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+              "V2Score": 7.5,
+              "V3Score": 9.8
+            },
+            "redhat": {
+              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
+              "V3Score": 3.7
+            }
+          },
+          "References": [
+            "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"
+          ],
+          "PublishedDate": "2021-03-12T19:15:00Z",
+          "LastModifiedDate": "2021-06-01T14:07:00Z"
+        }
+      ]
+    },
+    {
+      "Target": "Ruby",
+      "Class": "lang-pkgs",
+      "Type": "gemspec",
+      "Packages": [
+        {
+          "Name": "activesupport",
+          "Version": "6.0.2.1",
+          "License": "MIT",
+          "Layer": {
+            "Digest": "sha256:a8877cad19f14a7044524a145ce33170085441a7922458017db1631dcd5f7602",
+            "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9"
+          },
+          "FilePath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec"
+        }
+      ],
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2020-8165",
+          "PkgName": "activesupport",
+          "PkgPath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec",
+          "InstalledVersion": "6.0.2.1",
+          "FixedVersion": "6.0.3.1, 5.2.4.3",
+          "Layer": {
+            "Digest": "sha256:a8877cad19f14a7044524a145ce33170085441a7922458017db1631dcd5f7602",
+            "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9"
+          },
+          "SeveritySource": "nvd",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8165",
+          "Title": "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore",
+          "Description": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.",
+          "Severity": "CRITICAL",
+          "CweIDs": [
+            "CWE-502"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+              "V2Score": 7.5,
+              "V3Score": 9.8
+            },
+            "redhat": {
+              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+              "V3Score": 9.8
+            }
+          },
+          "References": [
+            "https://www.debian.org/security/2020/dsa-4766"
+          ],
+          "PublishedDate": "2020-06-19T18:15:00Z",
+          "LastModifiedDate": "2020-10-17T12:15:00Z"
+        }
+      ]
+    }
+  ]
+}`)
+
+var osAndLibSR = &models.ScanResult{
+	JSONVersion: 4,
+	ServerName:  "quay.io/fluentd_elasticsearch/fluentd:v2.9.0 (debian 10.2)",
+	Family:      "debian",
+	ScannedBy:   "trivy",
+	ScannedVia:  "trivy",
+	ScannedCves: models.VulnInfos{
+		"CVE-2021-20231": {
+			CveID: "CVE-2021-20231",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{
+				models.PackageFixStatus{
+					Name:        "libgnutls30",
+					NotFixedYet: false,
+					FixState:    "",
+					FixedIn:     "3.6.7-4+deb10u7",
+				}},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "gnutls: Use after free in client key_share extension",
+					Summary:       "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
+					Cvss3Severity: "CRITICAL",
+					References: models.References{
+						{Source: "trivy", Link: "https://bugzilla.redhat.com/show_bug.cgi?id=1922276"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{},
+		},
+		"CVE-2020-8165": {
+			CveID: "CVE-2020-8165",
+			Confidences: models.Confidences{
+				models.Confidence{
+					Score:           100,
+					DetectionMethod: "TrivyMatch",
+				},
+			},
+			AffectedPackages: models.PackageFixStatuses{},
+			CveContents: models.CveContents{
+				"trivy": []models.CveContent{{
+					Title:         "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore",
+					Summary:       "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.",
+					Cvss3Severity: "CRITICAL",
+					References: models.References{
+						{Source: "trivy", Link: "https://www.debian.org/security/2020/dsa-4766"},
+					},
+				}},
+			},
+			LibraryFixedIns: models.LibraryFixedIns{
+				models.LibraryFixedIn{
+					Key:     "gemspec",
+					Name:    "activesupport",
+					FixedIn: "6.0.3.1, 5.2.4.3",
+					Path:    "Ruby",
+				},
+			},
+		},
+	},
+	LibraryScanners: models.LibraryScanners{
+		models.LibraryScanner{
+			Type:         "gemspec",
+			LockfilePath: "Ruby",
+			Libs: []models.Library{
+				{
+					Name:     "activesupport",
+					Version:  "6.0.2.1",
+					FilePath: "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec",
+				},
+			},
+		},
+	},
+	Packages: models.Packages{
+		"libgnutls30": models.Package{
+			Name:    "libgnutls30",
+			Version: "3.6.7-4",
+		},
+	},
+	SrcPackages: models.SrcPackages{
+		"gnutls28": models.SrcPackage{
+			Name:        "gnutls28",
+			Version:     "3.6.7-4",
+			BinaryNames: []string{"libgnutls30"},
+		},
+	},
+	Optional: map[string]interface{}{
+		"trivy-target": "quay.io/fluentd_elasticsearch/fluentd:v2.9.0 (debian 10.2)",
+	},
+}
--- a/contrib/trivy/pkg/converter.go
+++ b/contrib/trivy/pkg/converter.go
@@ -0,0 +1,226 @@
+package pkg
+
+import (
+	"sort"
+	"time"
+
+	ftypes "github.com/aquasecurity/fanal/types"
+
+	"github.com/aquasecurity/fanal/analyzer/os"
+	"github.com/aquasecurity/trivy/pkg/report"
+
+	"github.com/future-architect/vuls/models"
+)
+
+// Convert :
+func Convert(results report.Results) (result *models.ScanResult, err error) {
+	scanResult := &models.ScanResult{
+		JSONVersion: models.JSONVersion,
+		ScannedCves: models.VulnInfos{},
+	}
+
+	pkgs := models.Packages{}
+	srcPkgs := models.SrcPackages{}
+	vulnInfos := models.VulnInfos{}
+	uniqueLibraryScannerPaths := map[string]models.LibraryScanner{}
+	for _, trivyResult := range results {
+		for _, vuln := range trivyResult.Vulnerabilities {
+			if _, ok := vulnInfos[vuln.VulnerabilityID]; !ok {
+				vulnInfos[vuln.VulnerabilityID] = models.VulnInfo{
+					CveID: vuln.VulnerabilityID,
+					Confidences: models.Confidences{
+						{
+							Score:           100,
+							DetectionMethod: models.TrivyMatchStr,
+						},
+					},
+					AffectedPackages: models.PackageFixStatuses{},
+					CveContents:      models.CveContents{},
+					LibraryFixedIns:  models.LibraryFixedIns{},
+					// VulnType : "",
+				}
+			}
+			vulnInfo := vulnInfos[vuln.VulnerabilityID]
+			var notFixedYet bool
+			fixState := ""
+			if len(vuln.FixedVersion) == 0 {
+				notFixedYet = true
+				fixState = "Affected"
+			}
+			var references models.References
+			for _, reference := range vuln.References {
+				references = append(references, models.Reference{
+					Source: "trivy",
+					Link:   reference,
+				})
+			}
+
+			sort.Slice(references, func(i, j int) bool {
+				return references[i].Link < references[j].Link
+			})
+
+			var published time.Time
+			if vuln.PublishedDate != nil {
+				published = *vuln.PublishedDate
+			}
+
+			var lastModified time.Time
+			if vuln.LastModifiedDate != nil {
+				lastModified = *vuln.LastModifiedDate
+			}
+
+			vulnInfo.CveContents = models.CveContents{
+				models.Trivy: []models.CveContent{{
+					Cvss3Severity: vuln.Severity,
+					References:    references,
+					Title:         vuln.Title,
+					Summary:       vuln.Description,
+					Published:     published,
+					LastModified:  lastModified,
+				}},
+			}
+			// do onlyIif image type is Vuln
+			if IsTrivySupportedOS(trivyResult.Type) {
+				pkgs[vuln.PkgName] = models.Package{
+					Name:    vuln.PkgName,
+					Version: vuln.InstalledVersion,
+				}
+				vulnInfo.AffectedPackages = append(vulnInfo.AffectedPackages, models.PackageFixStatus{
+					Name:        vuln.PkgName,
+					NotFixedYet: notFixedYet,
+					FixState:    fixState,
+					FixedIn:     vuln.FixedVersion,
+				})
+			} else {
+				vulnInfo.LibraryFixedIns = append(vulnInfo.LibraryFixedIns, models.LibraryFixedIn{
+					Key:     trivyResult.Type,
+					Name:    vuln.PkgName,
+					Path:    trivyResult.Target,
+					FixedIn: vuln.FixedVersion,
+				})
+				libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
+				libScanner.Type = trivyResult.Type
+				libScanner.Libs = append(libScanner.Libs, models.Library{
+					Name:     vuln.PkgName,
+					Version:  vuln.InstalledVersion,
+					FilePath: vuln.PkgPath,
+				})
+				uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
+			}
+			vulnInfos[vuln.VulnerabilityID] = vulnInfo
+		}
+
+		// --list-all-pkgs flg of trivy will output all installed packages, so collect them.
+		if trivyResult.Class == report.ClassOSPkg {
+			for _, p := range trivyResult.Packages {
+				pkgs[p.Name] = models.Package{
+					Name:    p.Name,
+					Version: p.Version,
+				}
+				if p.Name != p.SrcName {
+					if v, ok := srcPkgs[p.SrcName]; !ok {
+						srcPkgs[p.SrcName] = models.SrcPackage{
+							Name:        p.SrcName,
+							Version:     p.SrcVersion,
+							BinaryNames: []string{p.Name},
+						}
+					} else {
+						v.AddBinaryName(p.Name)
+						srcPkgs[p.SrcName] = v
+					}
+				}
+			}
+		} else if trivyResult.Class == report.ClassLangPkg {
+			libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
+			libScanner.Type = trivyResult.Type
+			for _, p := range trivyResult.Packages {
+				libScanner.Libs = append(libScanner.Libs, models.Library{
+					Name:     p.Name,
+					Version:  p.Version,
+					FilePath: p.FilePath,
+				})
+			}
+			uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
+		}
+	}
+
+	// flatten and unique libraries
+	libraryScanners := make([]models.LibraryScanner, 0, len(uniqueLibraryScannerPaths))
+	for path, v := range uniqueLibraryScannerPaths {
+		uniqueLibrary := map[string]models.Library{}
+		for _, lib := range v.Libs {
+			uniqueLibrary[lib.Name+lib.Version] = lib
+		}
+
+		var libraries []models.Library
+		for _, library := range uniqueLibrary {
+			libraries = append(libraries, library)
+		}
+
+		sort.Slice(libraries, func(i, j int) bool {
+			return libraries[i].Name < libraries[j].Name
+		})
+
+		libscanner := models.LibraryScanner{
+			Type:         v.Type,
+			LockfilePath: path,
+			Libs:         libraries,
+		}
+		libraryScanners = append(libraryScanners, libscanner)
+	}
+	sort.Slice(libraryScanners, func(i, j int) bool {
+		return libraryScanners[i].LockfilePath < libraryScanners[j].LockfilePath
+	})
+	scanResult.ScannedCves = vulnInfos
+	scanResult.Packages = pkgs
+	scanResult.SrcPackages = srcPkgs
+	scanResult.LibraryScanners = libraryScanners
+	return scanResult, nil
+}
+
+// IsTrivySupportedOS :
+func IsTrivySupportedOS(family string) bool {
+	supportedFamilies := map[string]interface{}{
+		os.RedHat:             struct{}{},
+		os.Debian:             struct{}{},
+		os.Ubuntu:             struct{}{},
+		os.CentOS:             struct{}{},
+		os.Rocky:              struct{}{},
+		os.Alma:               struct{}{},
+		os.Fedora:             struct{}{},
+		os.Amazon:             struct{}{},
+		os.Oracle:             struct{}{},
+		os.Windows:            struct{}{},
+		os.OpenSUSE:           struct{}{},
+		os.OpenSUSELeap:       struct{}{},
+		os.OpenSUSETumbleweed: struct{}{},
+		os.SLES:               struct{}{},
+		os.Photon:             struct{}{},
+		os.Alpine:             struct{}{},
+	}
+	_, ok := supportedFamilies[family]
+	return ok
+}
+
+// IsTrivySupportedLib :
+func IsTrivySupportedLib(typestr string) bool {
+	supportedLibs := map[string]interface{}{
+		ftypes.Bundler:   struct{}{},
+		ftypes.GemSpec:   struct{}{},
+		ftypes.Cargo:     struct{}{},
+		ftypes.Composer:  struct{}{},
+		ftypes.Npm:       struct{}{},
+		ftypes.NuGet:     struct{}{},
+		ftypes.Pip:       struct{}{},
+		ftypes.Pipenv:    struct{}{},
+		ftypes.Poetry:    struct{}{},
+		ftypes.PythonPkg: struct{}{},
+		ftypes.NodePkg:   struct{}{},
+		ftypes.Yarn:      struct{}{},
+		ftypes.Jar:       struct{}{},
+		ftypes.GoBinary:  struct{}{},
+		ftypes.GoMod:     struct{}{},
+	}
+	_, ok := supportedLibs[typestr]
+	return ok
+}
--- a/detector/cve_client.go
+++ b/detector/cve_client.go
@@ -27,7 +27,7 @@ type goCveDictClient struct {
 }

 func newGoCveDictClient(cnf config.VulnDictInterface, o logging.LogOpts) (*goCveDictClient, error) {
-	if err := cvelog.SetLogger(o.LogToFile, o.LogDir, o.Debug, false); err != nil {
+	if err := cvelog.SetLogger(o.LogToFile, o.LogDir, o.Debug, o.LogJSON); err != nil {
 		return nil, err
 	}

@@ -44,21 +44,18 @@ func (api goCveDictClient) closeDB() error {
 	if api.driver == nil {
 		return nil
 	}
-	if err := api.driver.CloseDB(); err != nil {
-		return xerrors.Errorf("Failed to close DB: %+v", err)
-	}
-	return nil
+	return api.driver.CloseDB()
 }

 func (api goCveDictClient) fetchCveDetails(cveIDs []string) (cveDetails []cvemodels.CveDetail, err error) {
-	for _, cveID := range cveIDs {
-		cveDetail, err := api.driver.Get(cveID)
-		if err != nil {
-			return nil, xerrors.Errorf("Failed to fetch CVE. err: %w", err)
-		}
-		cveDetails = append(cveDetails, *cveDetail)
+	m, err := api.driver.GetMulti(cveIDs)
+	if err != nil {
+		return nil, xerrors.Errorf("Failed to GetMulti. err: %w", err)
 	}
-	return
+	for _, v := range m {
+		cveDetails = append(cveDetails, v)
+	}
+	return cveDetails, nil
 }

 type response struct {
@@ -219,7 +216,7 @@ func newCveDB(cnf config.VulnDictInterface) (driver cvedb.DB, locked bool, err e
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err = cvedb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL())
+	driver, locked, err = cvedb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), cvedb.Option{})
 	if err != nil {
 		err = xerrors.Errorf("Failed to init CVE DB. err: %w, path: %s", err, path)
 		return nil, locked, err
--- a/detector/detector.go
+++ b/detector/detector.go
@@ -111,6 +111,10 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 		}
 		logging.Log.Infof("%s: %d exploits are detected", r.FormatServerName(), nMetasploitCve)

+		if err := FillWithKEVuln(&r, config.Conf.KEVuln); err != nil {
+			return nil, xerrors.Errorf("Failed to fill with Known Exploited Vulnerabilities: %w", err)
+		}
+
 		FillCweDict(&r)

 		r.ReportedBy, _ = os.Hostname()
@@ -145,9 +149,23 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 	}

 	for i, r := range rs {
-		r.ScannedCves = r.ScannedCves.FilterByCvssOver(config.Conf.CvssScoreOver)
-		r.ScannedCves = r.ScannedCves.FilterUnfixed(config.Conf.IgnoreUnfixed)
-		r.ScannedCves = r.ScannedCves.FilterByConfidenceOver(config.Conf.ConfidenceScoreOver)
+		nFiltered := 0
+		logging.Log.Infof("%s: total %d CVEs detected", r.FormatServerName(), len(r.ScannedCves))
+
+		if 0 < config.Conf.CvssScoreOver {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterByCvssOver(config.Conf.CvssScoreOver)
+			logging.Log.Infof("%s: %d CVEs filtered by --cvss-over=%g", r.FormatServerName(), nFiltered, config.Conf.CvssScoreOver)
+		}
+
+		if config.Conf.IgnoreUnfixed {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterUnfixed(config.Conf.IgnoreUnfixed)
+			logging.Log.Infof("%s: %d CVEs filtered by --ignore-unfixed", r.FormatServerName(), nFiltered)
+		}
+
+		if 0 < config.Conf.ConfidenceScoreOver {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterByConfidenceOver(config.Conf.ConfidenceScoreOver)
+			logging.Log.Infof("%s: %d CVEs filtered by --confidence-over=%d", r.FormatServerName(), nFiltered, config.Conf.ConfidenceScoreOver)
+		}

 		// IgnoreCves
 		ignoreCves := []string{}
@@ -156,7 +174,10 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 		} else if con, ok := config.Conf.Servers[r.ServerName].Containers[r.Container.Name]; ok {
 			ignoreCves = con.IgnoreCves
 		}
-		r.ScannedCves = r.ScannedCves.FilterIgnoreCves(ignoreCves)
+		if 0 < len(ignoreCves) {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterIgnoreCves(ignoreCves)
+			logging.Log.Infof("%s: %d CVEs filtered by ignoreCves=%s", r.FormatServerName(), nFiltered, ignoreCves)
+		}

 		// ignorePkgs
 		ignorePkgsRegexps := []string{}
@@ -165,11 +186,15 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 		} else if s, ok := config.Conf.Servers[r.ServerName].Containers[r.Container.Name]; ok {
 			ignorePkgsRegexps = s.IgnorePkgsRegexp
 		}
-		r.ScannedCves = r.ScannedCves.FilterIgnorePkgs(ignorePkgsRegexps)
+		if 0 < len(ignorePkgsRegexps) {
+			r.ScannedCves, nFiltered = r.ScannedCves.FilterIgnorePkgs(ignorePkgsRegexps)
+			logging.Log.Infof("%s: %d CVEs filtered by ignorePkgsRegexp=%s", r.FormatServerName(), nFiltered, ignorePkgsRegexps)
+		}

 		// IgnoreUnscored
 		if config.Conf.IgnoreUnscoredCves {
-			r.ScannedCves = r.ScannedCves.FindScoredVulns()
+			r.ScannedCves, nFiltered = r.ScannedCves.FindScoredVulns()
+			logging.Log.Infof("%s: %d CVEs filtered by --ignore-unscored-cves", r.FormatServerName(), nFiltered)
 		}

 		r.FilterInactiveWordPressLibs(config.Conf.WpScan.DetectInactive)
@@ -183,19 +208,23 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
 func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf) error {
 	// Pkg Scan
 	if r.Release != "" {
-		// OVAL, gost(Debian Security Tracker) does not support Package for Raspbian, so skip it.
-		if r.Family == constant.Raspbian {
-			r = r.RemoveRaspbianPackFromResult()
-		}
+		if len(r.Packages)+len(r.SrcPackages) > 0 {
+			// OVAL, gost(Debian Security Tracker) does not support Package for Raspbian, so skip it.
+			if r.Family == constant.Raspbian {
+				r = r.RemoveRaspbianPackFromResult()
+			}

-		// OVAL
-		if err := detectPkgsCvesWithOval(ovalCnf, r); err != nil {
-			return xerrors.Errorf("Failed to detect CVE with OVAL: %w", err)
-		}
+			// OVAL
+			if err := detectPkgsCvesWithOval(ovalCnf, r); err != nil {
+				return xerrors.Errorf("Failed to detect CVE with OVAL: %w", err)
+			}

-		// gost
-		if err := detectPkgsCvesWithGost(gostCnf, r); err != nil {
-			return xerrors.Errorf("Failed to detect CVE with gost: %w", err)
+			// gost
+			if err := detectPkgsCvesWithGost(gostCnf, r); err != nil {
+				return xerrors.Errorf("Failed to detect CVE with gost: %w", err)
+			}
+		} else {
+			logging.Log.Infof("Number of packages is 0. Skip OVAL and gost detection")
 		}
 	} else if reuseScannedCves(r) {
 		logging.Log.Infof("r.Release is empty. Use CVEs as it as.")
@@ -340,20 +369,20 @@ func FillCvesWithNvdJvn(r *models.ScanResult, cnf config.GoCveDictConf, logOpts
 func fillCertAlerts(cvedetail *cvemodels.CveDetail) (dict models.AlertDict) {
 	for _, nvd := range cvedetail.Nvds {
 		for _, cert := range nvd.Certs {
-			dict.En = append(dict.En, models.Alert{
+			dict.USCERT = append(dict.USCERT, models.Alert{
 				URL:   cert.Link,
 				Title: cert.Title,
-				Team:  "us",
+				Team:  "uscert",
 			})
 		}
 	}

 	for _, jvn := range cvedetail.Jvns {
 		for _, cert := range jvn.Certs {
-			dict.Ja = append(dict.Ja, models.Alert{
+			dict.JPCERT = append(dict.JPCERT, models.Alert{
 				URL:   cert.Link,
 				Title: cert.Title,
-				Team:  "jp",
+				Team:  "jpcert",
 			})
 		}
 	}
--- a/detector/exploitdb.go
+++ b/detector/exploitdb.go
@@ -28,7 +28,7 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve
 			cveIDs = append(cveIDs, cveID)
 		}
 		prefix, _ := util.URLPathJoin(cnf.GetURL(), "cves")
-		responses, err := getCvesViaHTTP(cveIDs, prefix)
+		responses, err := getExploitsViaHTTP(cveIDs, prefix)
 		if err != nil {
 			return 0, err
 		}
@@ -37,7 +37,7 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve
 			if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
 				return 0, err
 			}
-			exploits := ConvertToModels(exps)
+			exploits := ConvertToModelsExploit(exps)
 			v, ok := r.ScannedCves[res.request.cveID]
 			if ok {
 				v.Exploits = exploits
@@ -46,7 +46,6 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve
 			nExploitCve++
 		}
 	} else {
-
 		driver, locked, err := newExploitDB(&cnf)
 		if locked {
 			return 0, xerrors.Errorf("SQLite3 is locked: %s", cnf.GetSQLite3Path())
@@ -63,11 +62,14 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve
 			if cveID == "" {
 				continue
 			}
-			es := driver.GetExploitByCveID(cveID)
+			es, err := driver.GetExploitByCveID(cveID)
+			if err != nil {
+				return 0, err
+			}
 			if len(es) == 0 {
 				continue
 			}
-			exploits := ConvertToModels(es)
+			exploits := ConvertToModelsExploit(es)
 			vuln.Exploits = exploits
 			r.ScannedCves[cveID] = vuln
 			nExploitCve++
@@ -76,8 +78,8 @@ func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf) (nExploitCve
 	return nExploitCve, nil
 }

-// ConvertToModels converts gost model to vuls model
-func ConvertToModels(es []exploitmodels.Exploit) (exploits []models.Exploit) {
+// ConvertToModelsExploit converts exploit model to vuls model
+func ConvertToModelsExploit(es []exploitmodels.Exploit) (exploits []models.Exploit) {
 	for _, e := range es {
 		var documentURL, shellURL *string
 		if e.OffensiveSecurity != nil {
@@ -103,14 +105,14 @@ func ConvertToModels(es []exploitmodels.Exploit) (exploits []models.Exploit) {
 }

 type exploitResponse struct {
-	request request
+	request exploitRequest
 	json    string
 }

-func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
+func getExploitsViaHTTP(cveIDs []string, urlPrefix string) (
 	responses []exploitResponse, err error) {
 	nReq := len(cveIDs)
-	reqChan := make(chan request, nReq)
+	reqChan := make(chan exploitRequest, nReq)
 	resChan := make(chan exploitResponse, nReq)
 	errChan := make(chan error, nReq)
 	defer close(reqChan)
@@ -119,7 +121,7 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (

 	go func() {
 		for _, cveID := range cveIDs {
-			reqChan <- request{
+			reqChan <- exploitRequest{
 				cveID: cveID,
 			}
 		}
@@ -129,18 +131,16 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 	tasks := util.GenWorkers(concurrency)
 	for i := 0; i < nReq; i++ {
 		tasks <- func() {
-			select {
-			case req := <-reqChan:
-				url, err := util.URLPathJoin(
-					urlPrefix,
-					req.cveID,
-				)
-				if err != nil {
-					errChan <- err
-				} else {
-					logging.Log.Debugf("HTTP Request to %s", url)
-					httpGet(url, req, resChan, errChan)
-				}
+			req := <-reqChan
+			url, err := util.URLPathJoin(
+				urlPrefix,
+				req.cveID,
+			)
+			if err != nil {
+				errChan <- err
+			} else {
+				logging.Log.Debugf("HTTP Request to %s", url)
+				httpGetExploit(url, req, resChan, errChan)
 			}
 		}
 	}
@@ -154,23 +154,20 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching OVAL")
+			return nil, xerrors.New("Timeout Fetching Exploit")
 		}
 	}
 	if len(errs) != 0 {
-		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
+		return nil, xerrors.Errorf("Failed to fetch Exploit. err: %w", errs)
 	}
 	return
 }

-type request struct {
-	osMajorVersion string
-	packName       string
-	isSrcPack      bool
-	cveID          string
+type exploitRequest struct {
+	cveID string
 }

-func httpGet(url string, req request, resChan chan<- exploitResponse, errChan chan<- error) {
+func httpGetExploit(url string, req exploitRequest, resChan chan<- exploitResponse, errChan chan<- error) {
 	var body string
 	var errs []error
 	var resp *http.Response
@@ -214,7 +211,7 @@ func newExploitDB(cnf config.VulnDictInterface) (driver exploitdb.DB, locked boo
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	if driver, locked, err = exploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL()); err != nil {
+	if driver, locked, err = exploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), exploitdb.Option{}); err != nil {
 		if locked {
 			return nil, true, xerrors.Errorf("exploitDB is locked. err: %w", err)
 		}
--- a/detector/kevuln.go
+++ b/detector/kevuln.go
@@ -0,0 +1,214 @@
+//go:build !scanner
+// +build !scanner
+
+package detector
+
+import (
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/logging"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+
+	kevulndb "github.com/vulsio/go-kev/db"
+	kevulnmodels "github.com/vulsio/go-kev/models"
+)
+
+// FillWithKEVuln :
+func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf) error {
+	if cnf.IsFetchViaHTTP() {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, err := util.URLPathJoin(cnf.GetURL(), "cves")
+		if err != nil {
+			return err
+		}
+		responses, err := getKEVulnsViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return err
+		}
+		for _, res := range responses {
+			kevulns := []kevulnmodels.KEVuln{}
+			if err := json.Unmarshal([]byte(res.json), &kevulns); err != nil {
+				return err
+			}
+
+			alerts := []models.Alert{}
+			if len(kevulns) > 0 {
+				alerts = append(alerts, models.Alert{
+					Title: "Known Exploited Vulnerabilities Catalog",
+					URL:   "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+					Team:  "cisa",
+				})
+			}
+
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.AlertDict.CISA = alerts
+			}
+			r.ScannedCves[res.request.cveID] = v
+		}
+	} else {
+		driver, locked, err := newKEVulnDB(&cnf)
+		if locked {
+			return xerrors.Errorf("SQLite3 is locked: %s", cnf.GetSQLite3Path())
+		} else if err != nil {
+			return err
+		}
+		defer func() {
+			if err := driver.CloseDB(); err != nil {
+				logging.Log.Errorf("Failed to close DB. err: %+v", err)
+			}
+		}()
+
+		for cveID, vuln := range r.ScannedCves {
+			if cveID == "" {
+				continue
+			}
+			kevulns, err := driver.GetKEVulnByCveID(cveID)
+			if err != nil {
+				return err
+			}
+			if len(kevulns) == 0 {
+				continue
+			}
+
+			alerts := []models.Alert{}
+			if len(kevulns) > 0 {
+				alerts = append(alerts, models.Alert{
+					Title: "Known Exploited Vulnerabilities Catalog",
+					URL:   "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+					Team:  "cisa",
+				})
+			}
+
+			vuln.AlertDict.CISA = alerts
+			r.ScannedCves[cveID] = vuln
+		}
+	}
+	return nil
+}
+
+type kevulnResponse struct {
+	request kevulnRequest
+	json    string
+}
+
+func getKEVulnsViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []kevulnResponse, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan kevulnRequest, nReq)
+	resChan := make(chan kevulnResponse, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- kevulnRequest{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			req := <-reqChan
+			url, err := util.URLPathJoin(
+				urlPrefix,
+				req.cveID,
+			)
+			if err != nil {
+				errChan <- err
+			} else {
+				logging.Log.Debugf("HTTP Request to %s", url)
+				httpGetKEVuln(url, req, resChan, errChan)
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, xerrors.New("Timeout Fetching KEVuln")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, xerrors.Errorf("Failed to fetch KEVuln. err: %w", errs)
+	}
+	return
+}
+
+type kevulnRequest struct {
+	cveID string
+}
+
+func httpGetKEVuln(url string, req kevulnRequest, resChan chan<- kevulnResponse, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %+v", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- xerrors.New("Retry count exceeded")
+		return
+	}
+
+	resChan <- kevulnResponse{
+		request: req,
+		json:    body,
+	}
+}
+
+func newKEVulnDB(cnf config.VulnDictInterface) (driver kevulndb.DB, locked bool, err error) {
+	if cnf.IsFetchViaHTTP() {
+		return nil, false, nil
+	}
+	path := cnf.GetURL()
+	if cnf.GetType() == "sqlite3" {
+		path = cnf.GetSQLite3Path()
+	}
+	if driver, locked, err = kevulndb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), kevulndb.Option{}); err != nil {
+		if locked {
+			return nil, true, xerrors.Errorf("kevulnDB is locked. err: %w", err)
+		}
+		return nil, false, err
+	}
+	return driver, false, nil
+}
--- a/detector/msf.go
+++ b/detector/msf.go
@@ -4,9 +4,16 @@
 package detector

 import (
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/parnurzeal/gorequest"
 	metasploitdb "github.com/vulsio/go-msfdb/db"
 	metasploitmodels "github.com/vulsio/go-msfdb/models"
 	"golang.org/x/xerrors"
@@ -14,37 +21,165 @@ import (

 // FillWithMetasploit fills metasploit module information that has in module
 func FillWithMetasploit(r *models.ScanResult, cnf config.MetasploitConf) (nMetasploitCve int, err error) {
+	if cnf.IsFetchViaHTTP() {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, err := util.URLPathJoin(cnf.GetURL(), "cves")
+		if err != nil {
+			return 0, err
+		}
+		responses, err := getMetasploitsViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			msfs := []metasploitmodels.Metasploit{}
+			if err := json.Unmarshal([]byte(res.json), &msfs); err != nil {
+				return 0, err
+			}
+			metasploits := ConvertToModelsMsf(msfs)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.Metasploits = metasploits
+			}
+			r.ScannedCves[res.request.cveID] = v
+			nMetasploitCve++
+		}
+	} else {
+		driver, locked, err := newMetasploitDB(&cnf)
+		if locked {
+			return 0, xerrors.Errorf("SQLite3 is locked: %s", cnf.GetSQLite3Path())
+		} else if err != nil {
+			return 0, err
+		}
+		defer func() {
+			if err := driver.CloseDB(); err != nil {
+				logging.Log.Errorf("Failed to close DB. err: %+v", err)
+			}
+		}()

-	driver, locked, err := newMetasploitDB(&cnf)
-	if locked {
-		return 0, xerrors.Errorf("SQLite3 is locked: %s", cnf.GetSQLite3Path())
-	} else if err != nil {
-		return 0, err
+		for cveID, vuln := range r.ScannedCves {
+			if cveID == "" {
+				continue
+			}
+			ms, err := driver.GetModuleByCveID(cveID)
+			if err != nil {
+				return 0, err
+			}
+			if len(ms) == 0 {
+				continue
+			}
+			modules := ConvertToModelsMsf(ms)
+			vuln.Metasploits = modules
+			r.ScannedCves[cveID] = vuln
+			nMetasploitCve++
+		}
 	}
-	defer func() {
-		if err := driver.CloseDB(); err != nil {
-			logging.Log.Errorf("Failed to close DB. err: %+v", err)
-		}
-	}()
-
-	for cveID, vuln := range r.ScannedCves {
-		if cveID == "" {
-			continue
-		}
-		ms := driver.GetModuleByCveID(cveID)
-		if len(ms) == 0 {
-			continue
-		}
-		modules := ConvertToModelsMsf(ms)
-		vuln.Metasploits = modules
-		r.ScannedCves[cveID] = vuln
-		nMetasploitCve++
-	}
-
 	return nMetasploitCve, nil
 }

-// ConvertToModelsMsf converts gost model to vuls model
+type metasploitResponse struct {
+	request metasploitRequest
+	json    string
+}
+
+func getMetasploitsViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []metasploitResponse, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan metasploitRequest, nReq)
+	resChan := make(chan metasploitResponse, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- metasploitRequest{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			req := <-reqChan
+			url, err := util.URLPathJoin(
+				urlPrefix,
+				req.cveID,
+			)
+			if err != nil {
+				errChan <- err
+			} else {
+				logging.Log.Debugf("HTTP Request to %s", url)
+				httpGetMetasploit(url, req, resChan, errChan)
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, xerrors.New("Timeout Fetching Metasploit")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, xerrors.Errorf("Failed to fetch Metasploit. err: %w", errs)
+	}
+	return
+}
+
+type metasploitRequest struct {
+	cveID string
+}
+
+func httpGetMetasploit(url string, req metasploitRequest, resChan chan<- metasploitResponse, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Timeout(10 * time.Second).Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %+v", url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %+v", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- xerrors.New("Retry count exceeded")
+		return
+	}
+
+	resChan <- metasploitResponse{
+		request: req,
+		json:    body,
+	}
+}
+
+// ConvertToModelsMsf converts metasploit model to vuls model
 func ConvertToModelsMsf(ms []metasploitmodels.Metasploit) (modules []models.Metasploit) {
 	for _, m := range ms {
 		var links []string
@@ -72,7 +207,7 @@ func newMetasploitDB(cnf config.VulnDictInterface) (driver metasploitdb.DB, lock
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	if driver, locked, err = metasploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL()); err != nil {
+	if driver, locked, err = metasploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), metasploitdb.Option{}); err != nil {
 		if locked {
 			return nil, true, xerrors.Errorf("metasploitDB is locked. err: %w", err)
 		}
--- a/detector/util.go
+++ b/detector/util.go
@@ -26,10 +26,7 @@ func reuseScannedCves(r *models.ScanResult) bool {
 	case constant.FreeBSD, constant.Raspbian:
 		return true
 	}
-	if isTrivyResult(r) {
-		return true
-	}
-	return false
+	return isTrivyResult(r)
 }

 func isTrivyResult(r *models.ScanResult) bool {
--- a/go.mod
+++ b/go.mod
@@ -7,11 +7,11 @@ require (
 	github.com/BurntSushi/toml v0.4.1
 	github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f
 	github.com/VividCortex/ewma v1.2.0 // indirect
-	github.com/aquasecurity/fanal v0.0.0-20210815095355-42429a80d0e3
-	github.com/aquasecurity/trivy v0.19.3-0.20210909113250-19c0b70d2613
-	github.com/aquasecurity/trivy-db v0.0.0-20210809142931-da8e09204404
+	github.com/aquasecurity/fanal v0.0.0-20211005172059-69527b46560c
+	github.com/aquasecurity/trivy v0.20.0
+	github.com/aquasecurity/trivy-db v0.0.0-20210916043317-726b7b72a47b
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
-	github.com/aws/aws-sdk-go v1.40.22
+	github.com/aws/aws-sdk-go v1.40.49
 	github.com/boltdb/bolt v1.3.1
 	github.com/briandowns/spinner v1.16.0 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible
@@ -20,9 +20,9 @@ require (
 	github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
 	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
 	github.com/emersion/go-smtp v0.14.0
-	github.com/fatih/color v1.12.0 // indirect
+	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
-	github.com/go-redis/redis/v8 v8.11.3 // indirect
+	github.com/go-redis/redis/v8 v8.11.4 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/google/subcommands v1.2.0
 	github.com/gosuri/uitable v0.0.4
@@ -48,28 +48,31 @@ require (
 	github.com/pelletier/go-toml v1.9.4 // indirect
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
 	github.com/sirupsen/logrus v1.8.1
-	github.com/spf13/afero v1.6.0
+	github.com/spf13/afero v1.7.0
 	github.com/spf13/cast v1.4.1 // indirect
-	github.com/spf13/cobra v1.2.1
-	github.com/vulsio/go-cve-dictionary v0.8.1
-	github.com/vulsio/go-exploitdb v0.4.0
-	github.com/vulsio/go-msfdb v0.2.0
-	github.com/vulsio/gost v0.4.1-0.20210919121048-2a7957bf1885
-	github.com/vulsio/goval-dictionary v0.6.1
-	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
-	golang.org/x/net v0.0.0-20210902165921-8d991716f632 // indirect
-	golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c
+	github.com/spf13/cobra v1.3.0
+	github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85
+	github.com/vulsio/go-exploitdb v0.4.2-0.20211028071949-1ebf9c4f6c4d
+	github.com/vulsio/go-kev v0.1.0
+	github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14
+	github.com/vulsio/gost v0.4.1-0.20211028071837-7ad032a6ffa8
+	github.com/vulsio/goval-dictionary v0.6.1-0.20211224012144-554a54938173
+	golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa // indirect
+	golang.org/x/net v0.0.0-20211206223403-eba003a116a9 // indirect
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
-	gopkg.in/ini.v1 v1.63.2 // indirect
-	gorm.io/driver/mysql v1.1.2 // indirect
-	gorm.io/driver/postgres v1.1.1 // indirect
-	gorm.io/driver/sqlite v1.1.5 // indirect
+	gopkg.in/ini.v1 v1.66.2 // indirect
+	gorm.io/driver/mysql v1.2.1 // indirect
+	gorm.io/driver/postgres v1.2.3 // indirect
+	gorm.io/driver/sqlite v1.2.6 // indirect
 	k8s.io/utils v0.0.0-20210111153108-fddb29f9d009
 )

 require (
+	cloud.google.com/go v0.99.0 // indirect
+	cloud.google.com/go/storage v1.18.2 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.1 // indirect
 	github.com/Azure/go-autorest/autorest/adal v0.9.5 // indirect
@@ -80,28 +83,38 @@ require (
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/sprig v2.22.0+incompatible // indirect
 	github.com/PuerkitoBio/goquery v1.7.1 // indirect
-	github.com/andybalholm/cascadia v1.2.0 // indirect
-	github.com/aquasecurity/go-dep-parser v0.0.0-20210815080135-5be65146849a // indirect
+	github.com/andybalholm/cascadia v1.3.1 // indirect
+	github.com/aquasecurity/go-dep-parser v0.0.0-20210919151457-76db061b9305 // indirect
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce // indirect
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 // indirect
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
 	github.com/caarlos0/env/v6 v6.0.0 // indirect
+	github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
+	github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect
+	github.com/cncf/xds/go v0.0.0-20211216145620-d92e9ce0af51 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/envoyproxy/go-control-plane v0.10.1 // indirect
+	github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
 	github.com/form3tech-oss/jwt-go v3.2.2+incompatible // indirect
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.6 // indirect
+	github.com/google/go-containerregistry v0.6.0 // indirect
 	github.com/google/go-github/v33 v33.0.0 // indirect
 	github.com/google/go-querystring v1.0.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/google/wire v0.4.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.1.1 // indirect
+	github.com/googleapis/google-cloud-go-testing v0.0.0-20210719221736-1c9a4c676720 // indirect
 	github.com/gorilla/websocket v1.4.2 // indirect
 	github.com/grokify/html-strip-tags-go v0.0.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.6.8 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/htcat/htcat v1.0.2 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
@@ -109,22 +122,22 @@ require (
 	github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
-	github.com/jackc/pgconn v1.10.0 // indirect
+	github.com/jackc/pgconn v1.10.1 // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgproto3/v2 v2.1.1 // indirect
+	github.com/jackc/pgproto3/v2 v2.2.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
-	github.com/jackc/pgtype v1.8.1 // indirect
-	github.com/jackc/pgx/v4 v4.13.0 // indirect
+	github.com/jackc/pgtype v1.9.1 // indirect
+	github.com/jackc/pgx/v4 v4.14.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
-	github.com/jinzhu/now v1.1.2 // indirect
+	github.com/jinzhu/now v1.1.4 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
-	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-sqlite3 v1.14.9 // indirect
 	github.com/mitchellh/copystructure v1.1.1 // indirect
-	github.com/mitchellh/mapstructure v1.4.2 // indirect
+	github.com/mitchellh/mapstructure v1.4.3 // indirect
 	github.com/mitchellh/reflectwalk v1.0.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -132,22 +145,26 @@ require (
 	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.8.1 // indirect
+	github.com/spf13/viper v1.10.0 // indirect
 	github.com/stretchr/objx v0.3.0 // indirect
 	github.com/stretchr/testify v1.7.0 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
 	github.com/ymomoi/goval-parser v0.0.0-20170813122243-0a0be1dd9d08 // indirect
 	go.etcd.io/bbolt v1.3.6 // indirect
+	go.opencensus.io v0.23.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.17.0 // indirect
-	golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 // indirect
+	go.uber.org/zap v1.19.1 // indirect
+	golang.org/x/sys v0.0.0-20211210111614-af8b64212486 // indirect
 	golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf // indirect
+	google.golang.org/api v0.63.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.26.0 // indirect
+	google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb // indirect
+	google.golang.org/grpc v1.43.0 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
-	gorm.io/gorm v1.21.15 // indirect
+	gorm.io/gorm v1.22.4 // indirect
 	moul.io/http2curl v1.0.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/gost/debian.go
+++ b/gost/debian.go
@@ -113,7 +113,10 @@ func (deb Debian) detectCVEsWithFixState(r *models.ScanResult, fixStatus string)
 			return 0, nil
 		}
 		for _, pack := range r.Packages {
-			cves, fixes := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
+			cves, fixes, err := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
+			if err != nil {
+				return 0, err
+			}
 			packCvesList = append(packCvesList, packCves{
 				packName:  pack.Name,
 				isSrcPack: false,
@@ -124,7 +127,10 @@ func (deb Debian) detectCVEsWithFixState(r *models.ScanResult, fixStatus string)

 		// SrcPack
 		for _, pack := range r.SrcPackages {
-			cves, fixes := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
+			cves, fixes, err := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
+			if err != nil {
+				return 0, err
+			}
 			packCvesList = append(packCvesList, packCves{
 				packName:  pack.Name,
 				isSrcPack: true,
@@ -233,21 +239,25 @@ func isGostDefAffected(versionRelease, gostVersion string) (affected bool, err e
 	return vera.LessThan(verb), nil
 }

-func (deb Debian) getCvesDebianWithfixStatus(fixStatus, release, pkgName string) (cves []models.CveContent, fixes []models.PackageFixStatus) {
-	var f func(string, string) map[string]gostmodels.DebianCVE
-
+func (deb Debian) getCvesDebianWithfixStatus(fixStatus, release, pkgName string) ([]models.CveContent, []models.PackageFixStatus, error) {
+	var f func(string, string) (map[string]gostmodels.DebianCVE, error)
 	if fixStatus == "resolved" {
 		f = deb.DBDriver.DB.GetFixedCvesDebian
 	} else {
 		f = deb.DBDriver.DB.GetUnfixedCvesDebian
 	}
-
-	for _, cveDeb := range f(release, pkgName) {
-		cves = append(cves, *deb.ConvertToModel(&cveDeb))
-		fixes = append(fixes, checkPackageFixStatus(&cveDeb)...)
+	debCves, err := f(release, pkgName)
+	if err != nil {
+		return nil, nil, err
 	}

-	return
+	cves := []models.CveContent{}
+	fixes := []models.PackageFixStatus{}
+	for _, devbCve := range debCves {
+		cves = append(cves, *deb.ConvertToModel(&devbCve))
+		fixes = append(fixes, checkPackageFixStatus(&devbCve)...)
+	}
+	return cves, fixes, nil
 }

 // ConvertToModel converts gost model to vuls model
--- a/gost/gost.go
+++ b/gost/gost.go
@@ -88,7 +88,7 @@ func newGostDB(cnf config.GostConf) (driver db.DB, locked bool, err error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	if driver, locked, err = db.NewDB(cnf.GetType(), path, cnf.GetDebugSQL()); err != nil {
+	if driver, locked, err = db.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), db.Option{}); err != nil {
 		if locked {
 			return nil, true, xerrors.Errorf("gostDB is locked. err: %w", err)
 		}
--- a/gost/microsoft.go
+++ b/gost/microsoft.go
@@ -25,7 +25,11 @@ func (ms Microsoft) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err err
 	for cveID := range r.ScannedCves {
 		cveIDs = append(cveIDs, cveID)
 	}
-	for cveID, msCve := range ms.DBDriver.DB.GetMicrosoftMulti(cveIDs) {
+	msCves, err := ms.DBDriver.DB.GetMicrosoftMulti(cveIDs)
+	if err != nil {
+		return 0, nil
+	}
+	for cveID, msCve := range msCves {
 		if _, ok := r.ScannedCves[cveID]; !ok {
 			continue
 		}
--- a/gost/redhat.go
+++ b/gost/redhat.go
@@ -45,7 +45,10 @@ func (red RedHat) DetectCVEs(r *models.ScanResult, ignoreWillNotFix bool) (nCVEs
 		}
 		for _, pack := range r.Packages {
 			// CVE-ID: RedhatCVE
-			cves := red.DBDriver.DB.GetUnfixedCvesRedhat(major(r.Release), pack.Name, ignoreWillNotFix)
+			cves, err := red.DBDriver.DB.GetUnfixedCvesRedhat(major(r.Release), pack.Name, ignoreWillNotFix)
+			if err != nil {
+				return 0, err
+			}
 			for _, cve := range cves {
 				if newly := red.setUnfixedCveToScanResult(&cve, r); newly {
 					nCVEs++
@@ -85,7 +88,11 @@ func (red RedHat) fillCvesWithRedHatAPI(r *models.ScanResult) error {
 		if red.DBDriver.DB == nil {
 			return nil
 		}
-		for _, redCve := range red.DBDriver.DB.GetRedhatMulti(cveIDs) {
+		redCves, err := red.DBDriver.DB.GetRedhatMulti(cveIDs)
+		if err != nil {
+			return err
+		}
+		for _, redCve := range redCves {
 			if len(redCve.Name) == 0 {
 				continue
 			}
--- a/gost/ubuntu.go
+++ b/gost/ubuntu.go
@@ -80,7 +80,10 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 			return 0, nil
 		}
 		for _, pack := range r.Packages {
-			ubuCves := ubu.DBDriver.DB.GetUnfixedCvesUbuntu(ubuReleaseVer, pack.Name)
+			ubuCves, err := ubu.DBDriver.DB.GetUnfixedCvesUbuntu(ubuReleaseVer, pack.Name)
+			if err != nil {
+				return 0, nil
+			}
 			cves := []models.CveContent{}
 			for _, ubucve := range ubuCves {
 				cves = append(cves, *ubu.ConvertToModel(&ubucve))
@@ -94,7 +97,10 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error

 		// SrcPack
 		for _, pack := range r.SrcPackages {
-			ubuCves := ubu.DBDriver.DB.GetUnfixedCvesUbuntu(ubuReleaseVer, pack.Name)
+			ubuCves, err := ubu.DBDriver.DB.GetUnfixedCvesUbuntu(ubuReleaseVer, pack.Name)
+			if err != nil {
+				return 0, nil
+			}
 			cves := []models.CveContent{}
 			for _, ubucve := range ubuCves {
 				cves = append(cves, *ubu.ConvertToModel(&ubucve))
--- a/img/sponsor/tines.png
+++ b/img/sponsor/tines.png
--- a/logging/logutil.go
+++ b/logging/logutil.go
@@ -22,6 +22,7 @@ type LogOpts struct {
 	DebugSQL  bool   `json:"debugSQL,omitempty"`
 	LogToFile bool   `json:"logToFile,omitempty"`
 	LogDir    string `json:"logDir,omitempty"`
+	LogJSON   bool   `json:"logJSON"`
 	Quiet     bool   `json:"quiet,omitempty"`
 }

--- a/models/library.go
+++ b/models/library.go
@@ -10,19 +10,18 @@ import (

 	"github.com/aquasecurity/trivy/pkg/types"
 	"golang.org/x/xerrors"
-	// "github.com/aquasecurity/go-dep-parser/pkg/types"
 )

 // LibraryScanners is an array of LibraryScanner
 type LibraryScanners []LibraryScanner

 // Find : find by name
-func (lss LibraryScanners) Find(path, name string) map[string]types.Library {
-	filtered := map[string]types.Library{}
+func (lss LibraryScanners) Find(path, name string) map[string]Library {
+	filtered := map[string]Library{}
 	for _, ls := range lss {
 		for _, lib := range ls.Libs {
-			if ls.Path == path && lib.Name == name {
-				filtered[ls.Path] = lib
+			if ls.LockfilePath == path && lib.Name == name {
+				filtered[ls.LockfilePath] = lib
 				break
 			}
 		}
@@ -41,8 +40,20 @@ func (lss LibraryScanners) Total() (total int) {
 // LibraryScanner has libraries information
 type LibraryScanner struct {
 	Type string
-	Path string
-	Libs []types.Library
+	Libs []Library
+
+	// The path to the Lockfile is stored.
+	LockfilePath string `json:"path,omitempty"`
+}
+
+// Library holds the attribute of a package library
+type Library struct {
+	Name    string
+	Version string
+
+	// The Path to the library in the container image. Empty string when Lockfile scan.
+	// This field is used to convert the result JSON of a `trivy image` using trivy-to-vuls.
+	FilePath string
 }

 // Scan : scan target library
@@ -93,7 +104,7 @@ func (s LibraryScanner) getVulnDetail(tvuln types.DetectedVulnerability) (vinfo
 			Key:     s.GetLibraryKey(),
 			Name:    tvuln.PkgName,
 			FixedIn: tvuln.FixedVersion,
-			Path:    s.Path,
+			Path:    s.LockfilePath,
 		},
 	}
 	return vinfo, nil
@@ -121,19 +132,24 @@ func getCveContents(cveID string, vul trivyDBTypes.Vulnerability) (contents map[

 // LibraryMap is filename and library type
 var LibraryMap = map[string]string{
-	"package-lock.json": "node",
-	"yarn.lock":         "node",
-	"Gemfile.lock":      "ruby",
-	"Cargo.lock":        "rust",
-	"composer.lock":     "php",
-	"Pipfile.lock":      "python",
-	"poetry.lock":       "python",
-	"go.sum":            "gomod",
+	"package-lock.json":  "node",
+	"yarn.lock":          "node",
+	"Gemfile.lock":       "ruby",
+	"Cargo.lock":         "rust",
+	"composer.lock":      "php",
+	"Pipfile.lock":       "python",
+	"poetry.lock":        "python",
+	"packages.lock.json": ".net",
+	"go.sum":             "gomod",
 }

 // GetLibraryKey returns target library key
 func (s LibraryScanner) GetLibraryKey() string {
-	fileName := filepath.Base(s.Path)
+	fileName := filepath.Base(s.LockfilePath)
+	switch s.Type {
+	case "jar", "war", "ear":
+		return "java"
+	}
 	return LibraryMap[fileName]
 }

--- a/models/library_test.go
+++ b/models/library_test.go
@@ -3,8 +3,6 @@ package models
 import (
 	"reflect"
 	"testing"
-
-	"github.com/aquasecurity/trivy/pkg/types"
 )

 func TestLibraryScanners_Find(t *testing.T) {
@@ -16,14 +14,14 @@ func TestLibraryScanners_Find(t *testing.T) {
 		name string
 		lss  LibraryScanners
 		args args
-		want map[string]types.Library
+		want map[string]Library
 	}{
 		{
 			name: "single file",
 			lss: LibraryScanners{
 				{
-					Path: "/pathA",
-					Libs: []types.Library{
+					LockfilePath: "/pathA",
+					Libs: []Library{
 						{
 							Name:    "libA",
 							Version: "1.0.0",
@@ -32,7 +30,7 @@ func TestLibraryScanners_Find(t *testing.T) {
 				},
 			},
 			args: args{"/pathA", "libA"},
-			want: map[string]types.Library{
+			want: map[string]Library{
 				"/pathA": {
 					Name:    "libA",
 					Version: "1.0.0",
@@ -43,8 +41,8 @@ func TestLibraryScanners_Find(t *testing.T) {
 			name: "multi file",
 			lss: LibraryScanners{
 				{
-					Path: "/pathA",
-					Libs: []types.Library{
+					LockfilePath: "/pathA",
+					Libs: []Library{
 						{
 							Name:    "libA",
 							Version: "1.0.0",
@@ -52,8 +50,8 @@ func TestLibraryScanners_Find(t *testing.T) {
 					},
 				},
 				{
-					Path: "/pathB",
-					Libs: []types.Library{
+					LockfilePath: "/pathB",
+					Libs: []Library{
 						{
 							Name:    "libA",
 							Version: "1.0.5",
@@ -62,7 +60,7 @@ func TestLibraryScanners_Find(t *testing.T) {
 				},
 			},
 			args: args{"/pathA", "libA"},
-			want: map[string]types.Library{
+			want: map[string]Library{
 				"/pathA": {
 					Name:    "libA",
 					Version: "1.0.0",
@@ -73,8 +71,8 @@ func TestLibraryScanners_Find(t *testing.T) {
 			name: "miss",
 			lss: LibraryScanners{
 				{
-					Path: "/pathA",
-					Libs: []types.Library{
+					LockfilePath: "/pathA",
+					Libs: []Library{
 						{
 							Name:    "libA",
 							Version: "1.0.0",
@@ -83,7 +81,7 @@ func TestLibraryScanners_Find(t *testing.T) {
 				},
 			},
 			args: args{"/pathA", "libB"},
-			want: map[string]types.Library{},
+			want: map[string]Library{},
 		},
 	}
 	for _, tt := range tests {
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -105,13 +105,12 @@ func (r *ScanResult) FilterInactiveWordPressLibs(detectInactive bool) {
 		return false
 	})
 	r.ScannedCves = filtered
-	return
 }

 // ReportFileName returns the filename on localhost without extension
 func (r ScanResult) ReportFileName() (name string) {
 	if r.Container.ContainerID == "" {
-		return fmt.Sprintf("%s", r.ServerName)
+		return r.ServerName
 	}
 	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
 }
@@ -246,17 +245,21 @@ func (r ScanResult) FormatMetasploitCveSummary() string {

 // FormatAlertSummary returns a summary of CERT alerts
 func (r ScanResult) FormatAlertSummary() string {
-	jaCnt := 0
-	enCnt := 0
+	cisaCnt := 0
+	uscertCnt := 0
+	jpcertCnt := 0
 	for _, vuln := range r.ScannedCves {
-		if len(vuln.AlertDict.En) > 0 {
-			enCnt += len(vuln.AlertDict.En)
+		if len(vuln.AlertDict.CISA) > 0 {
+			cisaCnt += len(vuln.AlertDict.CISA)
 		}
-		if len(vuln.AlertDict.Ja) > 0 {
-			jaCnt += len(vuln.AlertDict.Ja)
+		if len(vuln.AlertDict.USCERT) > 0 {
+			uscertCnt += len(vuln.AlertDict.USCERT)
+		}
+		if len(vuln.AlertDict.JPCERT) > 0 {
+			jpcertCnt += len(vuln.AlertDict.JPCERT)
 		}
 	}
-	return fmt.Sprintf("en: %d, ja: %d alerts", enCnt, jaCnt)
+	return fmt.Sprintf("cisa: %d, uscert: %d, jpcert: %d alerts", cisaCnt, uscertCnt, jpcertCnt)
 }

 func (r ScanResult) isDisplayUpdatableNum(mode config.ScanMode) bool {
@@ -306,7 +309,6 @@ func (r ScanResult) RemoveRaspbianPackFromResult() *ScanResult {
 	for _, pack := range r.SrcPackages {
 		if !IsRaspbianPackage(pack.Name, pack.Version) {
 			srcPacks[pack.Name] = pack
-
 		}
 	}

@@ -418,11 +420,14 @@ func (r *ScanResult) SortForJSONOutput() {

 		v.CveContents.Sort()

-		sort.Slice(v.AlertDict.En, func(i, j int) bool {
-			return v.AlertDict.En[i].Title < v.AlertDict.En[j].Title
+		sort.Slice(v.AlertDict.USCERT, func(i, j int) bool {
+			return v.AlertDict.USCERT[i].Title < v.AlertDict.USCERT[j].Title
 		})
-		sort.Slice(v.AlertDict.Ja, func(i, j int) bool {
-			return v.AlertDict.Ja[i].Title < v.AlertDict.Ja[j].Title
+		sort.Slice(v.AlertDict.JPCERT, func(i, j int) bool {
+			return v.AlertDict.JPCERT[i].Title < v.AlertDict.JPCERT[j].Title
+		})
+		sort.Slice(v.AlertDict.CISA, func(i, j int) bool {
+			return v.AlertDict.CISA[i].Title < v.AlertDict.CISA[j].Title
 		})
 		r.ScannedCves[k] = v
 	}
--- a/models/scanresults_test.go
+++ b/models/scanresults_test.go
@@ -212,11 +212,15 @@ func TestScanResult_Sort(t *testing.T) {
 							},
 						},
 						AlertDict: AlertDict{
-							En: []Alert{
+							USCERT: []Alert{
 								{Title: "a"},
 								{Title: "b"},
 							},
-							Ja: []Alert{
+							JPCERT: []Alert{
+								{Title: "a"},
+								{Title: "b"},
+							},
+							CISA: []Alert{
 								{Title: "a"},
 								{Title: "b"},
 							},
@@ -271,11 +275,15 @@ func TestScanResult_Sort(t *testing.T) {
 							},
 						},
 						AlertDict: AlertDict{
-							En: []Alert{
+							USCERT: []Alert{
 								{Title: "a"},
 								{Title: "b"},
 							},
-							Ja: []Alert{
+							JPCERT: []Alert{
+								{Title: "a"},
+								{Title: "b"},
+							},
+							CISA: []Alert{
 								{Title: "a"},
 								{Title: "b"},
 							},
@@ -333,11 +341,15 @@ func TestScanResult_Sort(t *testing.T) {
 							},
 						},
 						AlertDict: AlertDict{
-							En: []Alert{
+							USCERT: []Alert{
 								{Title: "b"},
 								{Title: "a"},
 							},
-							Ja: []Alert{
+							JPCERT: []Alert{
+								{Title: "b"},
+								{Title: "a"},
+							},
+							CISA: []Alert{
 								{Title: "b"},
 								{Title: "a"},
 							},
@@ -392,11 +404,15 @@ func TestScanResult_Sort(t *testing.T) {
 							},
 						},
 						AlertDict: AlertDict{
-							En: []Alert{
+							USCERT: []Alert{
 								{Title: "a"},
 								{Title: "b"},
 							},
-							Ja: []Alert{
+							JPCERT: []Alert{
+								{Title: "a"},
+								{Title: "b"},
+							},
+							CISA: []Alert{
 								{Title: "a"},
 								{Title: "b"},
 							},
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -28,43 +28,46 @@ func (v VulnInfos) Find(f func(VulnInfo) bool) VulnInfos {
 }

 // FilterByCvssOver return scored vulnerabilities
-func (v VulnInfos) FilterByCvssOver(over float64) VulnInfos {
+func (v VulnInfos) FilterByCvssOver(over float64) (_ VulnInfos, nFiltered int) {
 	return v.Find(func(v VulnInfo) bool {
 		if over <= v.MaxCvssScore().Value.Score {
 			return true
 		}
+		nFiltered++
 		return false
-	})
+	}), nFiltered
 }

 // FilterByConfidenceOver scored vulnerabilities
-func (v VulnInfos) FilterByConfidenceOver(over int) VulnInfos {
+func (v VulnInfos) FilterByConfidenceOver(over int) (_ VulnInfos, nFiltered int) {
 	return v.Find(func(v VulnInfo) bool {
 		for _, c := range v.Confidences {
 			if over <= c.Score {
 				return true
 			}
 		}
+		nFiltered++
 		return false
-	})
+	}), nFiltered
 }

 // FilterIgnoreCves filter function.
-func (v VulnInfos) FilterIgnoreCves(ignoreCveIDs []string) VulnInfos {
+func (v VulnInfos) FilterIgnoreCves(ignoreCveIDs []string) (_ VulnInfos, nFiltered int) {
 	return v.Find(func(v VulnInfo) bool {
 		for _, c := range ignoreCveIDs {
 			if v.CveID == c {
+				nFiltered++
 				return false
 			}
 		}
 		return true
-	})
+	}), nFiltered
 }

 // FilterUnfixed filter unfixed CVE-IDs
-func (v VulnInfos) FilterUnfixed(ignoreUnfixed bool) VulnInfos {
+func (v VulnInfos) FilterUnfixed(ignoreUnfixed bool) (_ VulnInfos, nFiltered int) {
 	if !ignoreUnfixed {
-		return v
+		return v, 0
 	}
 	return v.Find(func(v VulnInfo) bool {
 		// Report cves detected by CPE because Vuls can't know 'fixed' or 'unfixed'
@@ -75,12 +78,15 @@ func (v VulnInfos) FilterUnfixed(ignoreUnfixed bool) VulnInfos {
 		for _, p := range v.AffectedPackages {
 			NotFixedAll = NotFixedAll && p.NotFixedYet
 		}
+		if NotFixedAll {
+			nFiltered++
+		}
 		return !NotFixedAll
-	})
+	}), nFiltered
 }

 // FilterIgnorePkgs is filter function.
-func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) VulnInfos {
+func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) (_ VulnInfos, nFiltered int) {
 	regexps := []*regexp.Regexp{}
 	for _, pkgRegexp := range ignorePkgsRegexps {
 		re, err := regexp.Compile(pkgRegexp)
@@ -91,7 +97,7 @@ func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) VulnInfos {
 		regexps = append(regexps, re)
 	}
 	if len(regexps) == 0 {
-		return v
+		return v, 0
 	}

 	return v.Find(func(v VulnInfo) bool {
@@ -109,19 +115,21 @@ func (v VulnInfos) FilterIgnorePkgs(ignorePkgsRegexps []string) VulnInfos {
 				return true
 			}
 		}
+		nFiltered++
 		return false
-	})
+	}), nFiltered
 }

 // FindScoredVulns return scored vulnerabilities
-func (v VulnInfos) FindScoredVulns() VulnInfos {
+func (v VulnInfos) FindScoredVulns() (_ VulnInfos, nFiltered int) {
 	return v.Find(func(vv VulnInfo) bool {
 		if 0 < vv.MaxCvss2Score().Value.Score ||
 			0 < vv.MaxCvss3Score().Value.Score {
 			return true
 		}
+		nFiltered++
 		return false
-	})
+	}), nFiltered
 }

 // ToSortedSlice returns slice of VulnInfos that is sorted by Score, CVE-ID
@@ -233,7 +241,6 @@ func (ps PackageFixStatuses) Sort() {
 	sort.Slice(ps, func(i, j int) bool {
 		return ps[i].Name < ps[j].Name
 	})
-	return
 }

 // PackageFixStatus has name and other status about the package
@@ -352,7 +359,7 @@ func (v VulnInfo) CveIDDiffFormat() string {
 	if v.DiffStatus != "" {
 		return fmt.Sprintf("%s %s", v.DiffStatus, v.CveID)
 	}
-	return fmt.Sprintf("%s", v.CveID)
+	return v.CveID
 }

 // Titles returns title (TUI)
@@ -806,18 +813,28 @@ type Mitigation struct {
 	URL            string         `json:"url,omitempty"`
 }

-// AlertDict has target cve JPCERT and USCERT alert data
+// AlertDict has target cve JPCERT, USCERT and CISA alert data
 type AlertDict struct {
-	Ja []Alert `json:"ja"`
-	En []Alert `json:"en"`
+	CISA   []Alert `json:"cisa"`
+	JPCERT []Alert `json:"jpcert"`
+	USCERT []Alert `json:"uscert"`
+}
+
+// IsEmpty checks if the content of AlertDict is empty
+func (a AlertDict) IsEmpty() bool {
+	return len(a.CISA) == 0 && len(a.JPCERT) == 0 && len(a.USCERT) == 0
 }

 // FormatSource returns which source has this alert
 func (a AlertDict) FormatSource() string {
-	if len(a.En) != 0 || len(a.Ja) != 0 {
-		return "CERT"
+	var s []string
+	if len(a.CISA) != 0 {
+		s = append(s, "CISA")
 	}
-	return ""
+	if len(a.USCERT) != 0 || len(a.JPCERT) != 0 {
+		s = append(s, "CERT")
+	}
+	return strings.Join(s, "/")
 }

 // Confidences is a list of Confidence
--- a/models/vulninfos_test.go
+++ b/models/vulninfos_test.go
@@ -1247,10 +1247,11 @@ func TestVulnInfos_FilterByCvssOver(t *testing.T) {
 		over float64
 	}
 	tests := []struct {
-		name string
-		v    VulnInfos
-		args args
-		want VulnInfos
+		name  string
+		v     VulnInfos
+		args  args
+		want  VulnInfos
+		nwant int
 	}{
 		{
 			name: "over 7.0",
@@ -1296,6 +1297,7 @@ func TestVulnInfos_FilterByCvssOver(t *testing.T) {
 					),
 				},
 			},
+			nwant: 1,
 			want: VulnInfos{
 				"CVE-2017-0001": {
 					CveID: "CVE-2017-0001",
@@ -1404,9 +1406,13 @@ func TestVulnInfos_FilterByCvssOver(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := tt.v.FilterByCvssOver(tt.args.over); !reflect.DeepEqual(got, tt.want) {
+			got, ngot := tt.v.FilterByCvssOver(tt.args.over)
+			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("VulnInfos.FindByCvssOver() = %v, want %v", got, tt.want)
 			}
+			if ngot != tt.nwant {
+				t.Errorf("VulnInfos.FindByCvssOver() = %d, want %d", ngot, tt.nwant)
+			}
 		})
 	}
 }
@@ -1416,10 +1422,11 @@ func TestVulnInfos_FilterIgnoreCves(t *testing.T) {
 		ignoreCveIDs []string
 	}
 	tests := []struct {
-		name string
-		v    VulnInfos
-		args args
-		want VulnInfos
+		name  string
+		v     VulnInfos
+		args  args
+		want  VulnInfos
+		nwant int
 	}{
 		{
 			name: "filter ignored",
@@ -1435,6 +1442,7 @@ func TestVulnInfos_FilterIgnoreCves(t *testing.T) {
 					CveID: "CVE-2017-0003",
 				},
 			},
+			nwant: 1,
 			want: VulnInfos{
 				"CVE-2017-0001": {
 					CveID: "CVE-2017-0001",
@@ -1447,9 +1455,13 @@ func TestVulnInfos_FilterIgnoreCves(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := tt.v.FilterIgnoreCves(tt.args.ignoreCveIDs); !reflect.DeepEqual(got, tt.want) {
+			got, ngot := tt.v.FilterIgnoreCves(tt.args.ignoreCveIDs)
+			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("VulnInfos.FindIgnoreCves() = %v, want %v", got, tt.want)
 			}
+			if ngot != tt.nwant {
+				t.Errorf("VulnInfos.FindByCvssOver() = %d, want %d", ngot, tt.nwant)
+			}
 		})
 	}
 }
@@ -1459,10 +1471,11 @@ func TestVulnInfos_FilterUnfixed(t *testing.T) {
 		ignoreUnfixed bool
 	}
 	tests := []struct {
-		name string
-		v    VulnInfos
-		args args
-		want VulnInfos
+		name  string
+		v     VulnInfos
+		args  args
+		want  VulnInfos
+		nwant int
 	}{
 		{
 			name: "filter ok",
@@ -1500,6 +1513,7 @@ func TestVulnInfos_FilterUnfixed(t *testing.T) {
 					},
 				},
 			},
+			nwant: 1,
 			want: VulnInfos{
 				"CVE-2017-0002": {
 					CveID: "CVE-2017-0002",
@@ -1528,9 +1542,13 @@ func TestVulnInfos_FilterUnfixed(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := tt.v.FilterUnfixed(tt.args.ignoreUnfixed); !reflect.DeepEqual(got, tt.want) {
+			got, ngot := tt.v.FilterUnfixed(tt.args.ignoreUnfixed)
+			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("VulnInfos.FilterUnfixed() = %v, want %v", got, tt.want)
 			}
+			if ngot != tt.nwant {
+				t.Errorf("VulnInfos.FindByCvssOver() = %d, want %d", ngot, tt.nwant)
+			}
 		})
 	}
 }
@@ -1540,10 +1558,11 @@ func TestVulnInfos_FilterIgnorePkgs(t *testing.T) {
 		ignorePkgsRegexps []string
 	}
 	tests := []struct {
-		name string
-		v    VulnInfos
-		args args
-		want VulnInfos
+		name  string
+		v     VulnInfos
+		args  args
+		want  VulnInfos
+		nwant int
 	}{
 		{
 			name: "filter pkgs 1",
@@ -1559,6 +1578,7 @@ func TestVulnInfos_FilterIgnorePkgs(t *testing.T) {
 					CveID: "CVE-2017-0002",
 				},
 			},
+			nwant: 1,
 			want: VulnInfos{
 				"CVE-2017-0002": {
 					CveID: "CVE-2017-0002",
@@ -1577,6 +1597,7 @@ func TestVulnInfos_FilterIgnorePkgs(t *testing.T) {
 					},
 				},
 			},
+			nwant: 0,
 			want: VulnInfos{
 				"CVE-2017-0001": {
 					CveID: "CVE-2017-0001",
@@ -1599,14 +1620,19 @@ func TestVulnInfos_FilterIgnorePkgs(t *testing.T) {
 					},
 				},
 			},
-			want: VulnInfos{},
+			nwant: 1,
+			want:  VulnInfos{},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := tt.v.FilterIgnorePkgs(tt.args.ignorePkgsRegexps); !reflect.DeepEqual(got, tt.want) {
+			got, ngot := tt.v.FilterIgnorePkgs(tt.args.ignorePkgsRegexps)
+			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("VulnInfos.FilterIgnorePkgs() = %v, want %v", got, tt.want)
 			}
+			if ngot != tt.nwant {
+				t.Errorf("VulnInfos.FilterIgnorePkgs() = %d, want %d", ngot, tt.nwant)
+			}
 		})
 	}
 }
@@ -1616,10 +1642,11 @@ func TestVulnInfos_FilterByConfidenceOver(t *testing.T) {
 		over int
 	}
 	tests := []struct {
-		name string
-		v    VulnInfos
-		args args
-		want VulnInfos
+		name  string
+		v     VulnInfos
+		args  args
+		want  VulnInfos
+		nwant int
 	}{
 		{
 			name: "over 0",
@@ -1650,7 +1677,8 @@ func TestVulnInfos_FilterByConfidenceOver(t *testing.T) {
 			args: args{
 				over: 20,
 			},
-			want: map[string]VulnInfo{},
+			nwant: 1,
+			want:  map[string]VulnInfo{},
 		},
 		{
 			name: "over 100",
@@ -1679,9 +1707,13 @@ func TestVulnInfos_FilterByConfidenceOver(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := tt.v.FilterByConfidenceOver(tt.args.over); !reflect.DeepEqual(got, tt.want) {
+			got, ngot := tt.v.FilterByConfidenceOver(tt.args.over)
+			if !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("VulnInfos.FilterByConfidenceOver() = %v, want %v", got, tt.want)
 			}
+			if ngot != tt.nwant {
+				t.Errorf("VulnInfos.FilterByConfidenceOver() = %d, want %d", ngot, tt.nwant)
+			}
 		})
 	}
 }
--- a/oval/alpine.go
+++ b/oval/alpine.go
@@ -33,7 +33,7 @@ func (o Alpine) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
 			return 0, err
 		}
 	} else {
-		driver, err := newOvalDB(o.Cnf, r.Family)
+		driver, err := newOvalDB(o.Cnf)
 		if err != nil {
 			return 0, err
 		}
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -158,7 +158,7 @@ func (o Debian) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
 			return 0, err
 		}
 	} else {
-		driver, err := newOvalDB(o.Cnf, r.Family)
+		driver, err := newOvalDB(o.Cnf)
 		if err != nil {
 			return 0, err
 		}
@@ -472,7 +472,7 @@ func (o Ubuntu) fillWithOval(r *models.ScanResult, kernelNamesInOval []string) (
 			return 0, err
 		}
 	} else {
-		driver, err := newOvalDB(o.Cnf, r.Family)
+		driver, err := newOvalDB(o.Cnf)
 		if err != nil {
 			return 0, err
 		}
--- a/oval/oval.go
+++ b/oval/oval.go
@@ -36,7 +36,7 @@ func (b Base) CheckIfOvalFetched(osFamily, release string) (fetched bool, err er
 		return false, err
 	}
 	if !b.Cnf.IsFetchViaHTTP() {
-		driver, err := newOvalDB(b.Cnf, ovalFamily)
+		driver, err := newOvalDB(b.Cnf)
 		if err != nil {
 			return false, err
 		}
@@ -75,7 +75,7 @@ func (b Base) CheckIfOvalFresh(osFamily, release string) (ok bool, err error) {
 	}
 	var lastModified time.Time
 	if !b.Cnf.IsFetchViaHTTP() {
-		driver, err := newOvalDB(b.Cnf, ovalFamily)
+		driver, err := newOvalDB(b.Cnf)
 		if err != nil {
 			return false, err
 		}
@@ -112,7 +112,7 @@ func (b Base) CheckIfOvalFresh(osFamily, release string) (ok bool, err error) {
 }

 // NewOvalDB returns oval db client
-func newOvalDB(cnf config.VulnDictInterface, familyInScanResult string) (driver db.DB, err error) {
+func newOvalDB(cnf config.VulnDictInterface) (driver db.DB, err error) {
 	if cnf.IsFetchViaHTTP() {
 		return nil, nil
 	}
@@ -122,12 +122,7 @@ func newOvalDB(cnf config.VulnDictInterface, familyInScanResult string) (driver
 		path = cnf.GetSQLite3Path()
 	}

-	ovalFamily, err := GetFamilyInOval(familyInScanResult)
-	if err != nil {
-		return nil, err
-	}
-
-	driver, locked, err := db.NewDB(ovalFamily, cnf.GetType(), path, cnf.GetDebugSQL())
+	driver, locked, err := db.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), db.Option{})
 	if err != nil {
 		if locked {
 			err = xerrors.Errorf("SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
--- a/oval/redhat.go
+++ b/oval/redhat.go
@@ -28,7 +28,7 @@ func (o RedHatBase) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
 			return 0, err
 		}
 	} else {
-		driver, err := newOvalDB(o.Cnf, r.Family)
+		driver, err := newOvalDB(o.Cnf)
 		if err != nil {
 			return 0, err
 		}
@@ -64,6 +64,21 @@ func (o RedHatBase) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
 					vuln.CveContents[models.Oracle][i] = cont
 				}
 			}
+		case models.Amazon:
+			for _, d := range vuln.DistroAdvisories {
+				if conts, ok := vuln.CveContents[models.Amazon]; ok {
+					for i, cont := range conts {
+						if strings.HasPrefix(d.AdvisoryID, "ALAS2022-") {
+							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/AL2022/%s.html", strings.ReplaceAll(d.AdvisoryID, "ALAS2022", "ALAS"))
+						} else if strings.HasPrefix(d.AdvisoryID, "ALAS2-") {
+							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/AL2/%s.html", strings.ReplaceAll(d.AdvisoryID, "ALAS2", "ALAS"))
+						} else if strings.HasPrefix(d.AdvisoryID, "ALAS-") {
+							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/%s.html", d.AdvisoryID)
+						}
+						vuln.CveContents[models.Amazon][i] = cont
+					}
+				}
+			}
 		}
 	}

--- a/oval/suse.go
+++ b/oval/suse.go
@@ -35,7 +35,7 @@ func (o SUSE) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
 			return 0, err
 		}
 	} else {
-		driver, err := newOvalDB(o.Cnf, r.Family)
+		driver, err := newOvalDB(o.Cnf)
 		if err != nil {
 			return 0, err
 		}
--- a/reporter/util.go
+++ b/reporter/util.go
@@ -277,7 +277,7 @@ No CVE-IDs are found in updatable packages.
 			// fmt.Sprintf("%4.1f", v2max),
 			// fmt.Sprintf("%4.1f", v3max),
 			exploits,
-			vinfo.AlertDict.FormatSource(),
+			fmt.Sprintf("%9s", vinfo.AlertDict.FormatSource()),
 			fmt.Sprintf("%7s", vinfo.PatchStatus(r.Packages)),
 			link,
 		})
@@ -292,7 +292,7 @@ No CVE-IDs are found in updatable packages.
 		// "v3",
 		// "v2",
 		"PoC",
-		"CERT",
+		"Alert",
 		"Fixed",
 		"NVD",
 	})
@@ -475,11 +475,15 @@ No CVE-IDs are found in updatable packages.
 			data = append(data, []string{"SANS/CWE Top25", sansTop25URLs[0]})
 		}

-		for _, alert := range vuln.AlertDict.Ja {
+		for _, alert := range vuln.AlertDict.CISA {
+			data = append(data, []string{"CISA Alert", alert.URL})
+		}
+
+		for _, alert := range vuln.AlertDict.JPCERT {
 			data = append(data, []string{"JPCERT Alert", alert.URL})
 		}

-		for _, alert := range vuln.AlertDict.En {
+		for _, alert := range vuln.AlertDict.USCERT {
 			data = append(data, []string{"US-CERT Alert", alert.URL})
 		}

--- a/scanner/alma.go
+++ b/scanner/alma.go
@@ -90,7 +90,7 @@ func (o *alma) sudoNoPasswdCmdsFastRoot() []cmd {
 			{"stat /proc/1/exe", exitStatusZero},
 			{"ls -l /proc/1/exe", exitStatusZero},
 			{"cat /proc/1/maps", exitStatusZero},
-			{"lsof -i -P", exitStatusZero},
+			{"lsof -i -P -n", exitStatusZero},
 		}
 	}
 	return []cmd{
--- a/scanner/amazon.go
+++ b/scanner/amazon.go
@@ -84,7 +84,7 @@ func (o *amazon) sudoNoPasswdCmdsFastRoot() []cmd {
 		{"stat /proc/1/exe", exitStatusZero},
 		{"ls -l /proc/1/exe", exitStatusZero},
 		{"cat /proc/1/maps", exitStatusZero},
-		{"lsof -i -P", exitStatusZero},
+		{"lsof -i -P -n", exitStatusZero},
 	}
 }

--- a/scanner/centos.go
+++ b/scanner/centos.go
@@ -84,17 +84,15 @@ func (o *centos) sudoNoPasswdCmdsFast() []cmd {
 func (o *centos) sudoNoPasswdCmdsFastRoot() []cmd {
 	if !o.ServerInfo.IsContainer() {
 		return []cmd{
-			{"repoquery -h", exitStatusZero},
 			{"needs-restarting", exitStatusZero},
 			{"which which", exitStatusZero},
 			{"stat /proc/1/exe", exitStatusZero},
 			{"ls -l /proc/1/exe", exitStatusZero},
 			{"cat /proc/1/maps", exitStatusZero},
-			{"lsof -i -P", exitStatusZero},
+			{"lsof -i -P -n", exitStatusZero},
 		}
 	}
 	return []cmd{
-		{"repoquery -h", exitStatusZero},
 		{"needs-restarting", exitStatusZero},
 	}
 }
--- a/scanner/debian.go
+++ b/scanner/debian.go
@@ -139,7 +139,7 @@ func (o *debian) checkIfSudoNoPasswd() error {
 		"stat /proc/1/exe",
 		"ls -l /proc/1/exe",
 		"cat /proc/1/maps",
-		"lsof -i -P",
+		"lsof -i -P -n",
 	}

 	if !o.getServerInfo().Mode.IsOffline() {
--- a/scanner/freebsd.go
+++ b/scanner/freebsd.go
@@ -1,6 +1,8 @@
 package scanner

 import (
+	"bufio"
+	"fmt"
 	"net"
 	"strings"

@@ -207,7 +209,7 @@ func (o *bsd) scanUnsecurePackages() (models.VulnInfos, error) {
 	blocks := o.splitIntoBlocks(r.Stdout)
 	for _, b := range blocks {
 		name, cveIDs, vulnID := o.parseBlock(b)
-		if len(cveIDs) == 0 {
+		if name == "" || len(cveIDs) == 0 {
 			continue
 		}
 		pack, found := o.Packages[name]
@@ -331,20 +333,21 @@ type pkgAuditResult struct {
 }

 func (o *bsd) splitIntoBlocks(stdout string) (blocks []string) {
-	lines := strings.Split(stdout, "\n")
-	block := []string{}
-	for _, l := range lines {
-		if len(strings.TrimSpace(l)) == 0 {
-			if 0 < len(block) {
-				blocks = append(blocks, strings.Join(block, "\n"))
-				block = []string{}
-			}
+	scanner := bufio.NewScanner(strings.NewReader(stdout))
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if strings.HasSuffix(line, " is vulnerable:") {
+			blocks = append(blocks, line)
 			continue
 		}
-		block = append(block, strings.TrimSpace(l))
-	}
-	if 0 < len(block) {
-		blocks = append(blocks, strings.Join(block, "\n"))
+
+		if len(blocks) == 0 {
+			continue
+		}
+
+		last := blocks[len(blocks)-1]
+		last = fmt.Sprintf("%s\n%s", last, line)
+		blocks[len(blocks)-1] = last
 	}
 	return
 }
--- a/scanner/freebsd_test.go
+++ b/scanner/freebsd_test.go
@@ -107,20 +107,46 @@ func TestSplitIntoBlocks(t *testing.T) {
 		expected []string
 	}{
 		{
-			`
-block1
+			`vulnxml file up-to-date
+bind95-9.6.3.2.ESV.R10_2 is vulnerable:
+bind -- denial of service vulnerability
+CVE: CVE-2014-8680
+CVE: CVE-2014-8500
+WWW: https://vuxml.FreeBSD.org/freebsd/ab3e98d9-8175-11e4-907d-d050992ecde8.html

-block2
-block2
-block2
+go-1.17.1,1 is vulnerable:
+  go -- multiple vulnerabilities
+  CVE: CVE-2021-41772
+  CVE: CVE-2021-41771
+  WWW: https://vuxml.FreeBSD.org/freebsd/930def19-3e05-11ec-9ba8-002324b2fba8.html

-block3
-block3`,
+  go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data
+  CVE: CVE-2021-38297
+  WWW: https://vuxml.FreeBSD.org/freebsd/4fce9635-28c0-11ec-9ba8-002324b2fba8.html
+
+  Packages that depend on go: 
+
+2 problem(s) in 1 installed package(s) found.`,
 			[]string{
-				`block1`,
-				"block2\nblock2\nblock2",
-				"block3\nblock3",
-			},
+				`bind95-9.6.3.2.ESV.R10_2 is vulnerable:
+bind -- denial of service vulnerability
+CVE: CVE-2014-8680
+CVE: CVE-2014-8500
+WWW: https://vuxml.FreeBSD.org/freebsd/ab3e98d9-8175-11e4-907d-d050992ecde8.html
+`,
+				`go-1.17.1,1 is vulnerable:
+go -- multiple vulnerabilities
+CVE: CVE-2021-41772
+CVE: CVE-2021-41771
+WWW: https://vuxml.FreeBSD.org/freebsd/930def19-3e05-11ec-9ba8-002324b2fba8.html
+
+go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data
+CVE: CVE-2021-38297
+WWW: https://vuxml.FreeBSD.org/freebsd/4fce9635-28c0-11ec-9ba8-002324b2fba8.html
+
+Packages that depend on go:
+
+2 problem(s) in 1 installed package(s) found.`},
 		},
 	}

@@ -128,9 +154,10 @@ block3`,
 	for _, tt := range tests {
 		actual := d.splitIntoBlocks(tt.in)
 		if !reflect.DeepEqual(tt.expected, actual) {
-			e := pp.Sprintf("%v", tt.expected)
-			a := pp.Sprintf("%v", actual)
-			t.Errorf("expected %s, actual %s", e, a)
+			pp.ColoringEnabled = false
+			t.Errorf("expected %s\n, actual %s",
+				pp.Sprintf("%s", tt.expected),
+				pp.Sprintf("%s", actual))
 		}
 	}

@@ -179,6 +206,39 @@ WWW: https://vuxml.FreeBSD.org/freebsd/ab3e98d9-8175-11e4-907d-d050992ecde8.html
 			cveIDs: []string{},
 			vulnID: "",
 		},
+		{
+			in: `vulnxml file up-to-date
+libxml2-2.9.10 is vulnerable:
+libxml -- multiple vulnerabilities
+WWW: https://vuxml.FreeBSD.org/freebsd/f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9.html`,
+			name:   "libxml2",
+			cveIDs: []string{},
+			vulnID: "f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9",
+		},
+		{
+			in: `go-1.17.1,1 is vulnerable:
+go -- multiple vulnerabilities
+CVE: CVE-2021-41772
+CVE: CVE-2021-41771
+WWW: https://vuxml.FreeBSD.org/freebsd/930def19-3e05-11ec-9ba8-002324b2fba8.html`,
+			name:   "go",
+			cveIDs: []string{"CVE-2021-41772", "CVE-2021-41771"},
+			vulnID: "930def19-3e05-11ec-9ba8-002324b2fba8",
+		},
+		{
+			in: `go-1.17.1,1 is vulnerable:
+go -- multiple vulnerabilities
+CVE: CVE-2021-41772
+CVE: CVE-2021-41771
+WWW: https://vuxml.FreeBSD.org/freebsd/930def19-3e05-11ec-9ba8-002324b2fba8.html
+
+go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data
+CVE: CVE-2021-38297
+WWW: https://vuxml.FreeBSD.org/freebsd/4fce9635-28c0-11ec-9ba8-002324b2fba8.html`,
+			name:   "go",
+			cveIDs: []string{"CVE-2021-41772", "CVE-2021-41771", "CVE-2021-38297"},
+			vulnID: "4fce9635-28c0-11ec-9ba8-002324b2fba8",
+		},
 	}

 	d := newBsd(config.ServerInfo{})
--- a/scanner/library.go
+++ b/scanner/library.go
@@ -3,24 +3,23 @@ package scanner
 import (
 	"github.com/aquasecurity/fanal/types"
 	"github.com/future-architect/vuls/models"
-
-	trivyTypes "github.com/aquasecurity/trivy/pkg/types"
 )

 func convertLibWithScanner(apps []types.Application) ([]models.LibraryScanner, error) {
 	scanners := []models.LibraryScanner{}
 	for _, app := range apps {
-		libs := []trivyTypes.Library{}
+		libs := []models.Library{}
 		for _, lib := range app.Libraries {
-			libs = append(libs, trivyTypes.Library{
-				Name:    lib.Library.Name,
-				Version: lib.Library.Version,
+			libs = append(libs, models.Library{
+				Name:     lib.Name,
+				Version:  lib.Version,
+				FilePath: lib.FilePath,
 			})
 		}
 		scanners = append(scanners, models.LibraryScanner{
-			Type: app.Type,
-			Path: app.FilePath,
-			Libs: libs,
+			Type:         app.Type,
+			LockfilePath: app.FilePath,
+			Libs:         libs,
 		})
 	}
 	return scanners, nil
--- a/scanner/redhatbase.go
+++ b/scanner/redhatbase.go
@@ -150,7 +150,13 @@ func detectRedhat(c config.ServerInfo) (bool, osTypeInterface) {
 		family := constant.Amazon
 		release := "unknown"
 		if r := exec(c, "cat /etc/system-release", noSudo); r.isSuccess() {
-			if strings.HasPrefix(r.Stdout, "Amazon Linux release 2") {
+			if strings.HasPrefix(r.Stdout, "Amazon Linux release 2022") {
+				fields := strings.Fields(r.Stdout)
+				release = strings.Join(fields[3:], " ")
+			} else if strings.HasPrefix(r.Stdout, "Amazon Linux 2022") {
+				fields := strings.Fields(r.Stdout)
+				release = strings.Join(fields[2:], " ")
+			} else if strings.HasPrefix(r.Stdout, "Amazon Linux release 2") {
 				fields := strings.Fields(r.Stdout)
 				release = fmt.Sprintf("%s %s", fields[3], fields[4])
 			} else if strings.HasPrefix(r.Stdout, "Amazon Linux 2") {
--- a/scanner/rhel.go
+++ b/scanner/rhel.go
@@ -86,7 +86,7 @@ func (o *rhel) sudoNoPasswdCmdsFastRoot() []cmd {
 			{"stat /proc/1/exe", exitStatusZero},
 			{"ls -l /proc/1/exe", exitStatusZero},
 			{"cat /proc/1/maps", exitStatusZero},
-			{"lsof -i -P", exitStatusZero},
+			{"lsof -i -P -n", exitStatusZero},
 		}
 	}
 	return []cmd{
--- a/scanner/rocky.go
+++ b/scanner/rocky.go
@@ -90,7 +90,7 @@ func (o *rocky) sudoNoPasswdCmdsFastRoot() []cmd {
 			{"stat /proc/1/exe", exitStatusZero},
 			{"ls -l /proc/1/exe", exitStatusZero},
 			{"cat /proc/1/maps", exitStatusZero},
-			{"lsof -i -P", exitStatusZero},
+			{"lsof -i -P -n", exitStatusZero},
 		}
 	}
 	return []cmd{
--- a/server/server.go
+++ b/server/server.go
@@ -94,6 +94,11 @@ func (h VulsHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 	logging.Log.Infof("%s: %d exploits are detected", r.FormatServerName(), nMetasploitCve)

+	if err := detector.FillWithKEVuln(&r, config.Conf.KEVuln); err != nil {
+		logging.Log.Errorf("Failed to fill with Known Exploited Vulnerabilities: %+v", err)
+		http.Error(w, err.Error(), http.StatusServiceUnavailable)
+	}
+
 	detector.FillCweDict(&r)

 	// set ReportedAt to current time when it's set to the epoch, ensures that ReportedAt will be set
--- a/subcmds/discover.go
+++ b/subcmds/discover.go
@@ -103,6 +103,11 @@ func printConfigToml(ips []string) (err error) {
 #sqlite3Path = "/path/to/go-msfdb.sqlite3"
 #url        = ""

+[kevuln]
+#type = ["sqlite3", "mysql", "postgres", "redis", "http" ]
+#sqlite3Path = "/path/to/go-kev.sqlite3"
+#url        = ""
+
 # https://vuls.io/docs/en/config.toml.html#slack-section
 #[slack]
 #hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
--- a/tui/tui.go
+++ b/tui/tui.go
@@ -636,7 +636,7 @@ func summaryLines(r models.ScanResult) string {
 			cvssScore + " |",
 			fmt.Sprintf("%-6s |", av),
 			fmt.Sprintf("%3s |", exploits),
-			fmt.Sprintf("%6s |", vinfo.AlertDict.FormatSource()),
+			fmt.Sprintf("%9s |", vinfo.AlertDict.FormatSource()),
 			fmt.Sprintf("%7s |", vinfo.PatchStatus(r.Packages)),
 			strings.Join(pkgNames, ", "),
 		}
@@ -808,22 +808,32 @@ func setChangelogLayout(g *gocui.Gui) error {
 			}
 		}

-		if len(vinfo.AlertDict.En) > 0 {
+		if len(vinfo.AlertDict.CISA) > 0 {
 			lines = append(lines, "\n",
-				"USCERT Alert",
-				"=============",
+				"CISA Alert",
+				"===========",
 			)
-			for _, alert := range vinfo.AlertDict.En {
+			for _, alert := range vinfo.AlertDict.CISA {
 				lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
 			}
 		}

-		if len(vinfo.AlertDict.Ja) > 0 {
+		if len(vinfo.AlertDict.USCERT) > 0 {
+			lines = append(lines, "\n",
+				"USCERT Alert",
+				"=============",
+			)
+			for _, alert := range vinfo.AlertDict.USCERT {
+				lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
+			}
+		}
+
+		if len(vinfo.AlertDict.JPCERT) > 0 {
 			lines = append(lines, "\n",
 				"JPCERT Alert",
 				"=============",
 			)
-			for _, alert := range vinfo.AlertDict.Ja {
+			for _, alert := range vinfo.AlertDict.JPCERT {
 				if r.Lang == "ja" {
 					lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
 				} else {
Author	SHA1	Message	Date
Kota Kanbe	a3f7d1d7e7	feat(go-kev): update go-kev deps (#1352 )	2022-01-07 08:21:48 +09:00
Kota Kanbe	bb4a1ca6c2	GPLv3 (#1351 )	2021-12-26 09:08:38 +09:00
Kota Kanbe	57cce640e1	Create SECURITY.md	2021-12-26 08:51:44 +09:00
kurita0	1eb5d36668	fix configtest stalled with scanMode=fast-root (#1339 ) * fix configtest stalled with scanMode=fast-root * repoquery does not require sudo privileges on centos	2021-12-26 08:31:11 +09:00
MaineK00n	6bc4850596	fix(detector/ospkg): Skip OVAL/gost search when the number of packages is 0 (#1343 ) * fix(detector/ospkg): Skip OVAL/gost search when the number of packages is 0 * chore: easy refactoring	2021-12-26 07:53:18 +09:00
MaineK00n	24005ae7ae	chore(GHActions): replace with dependabot (#1348 ) * chore(GHActions): replace with dependabot * chore(GHActions): remove tidy.yml due to deprecation	2021-12-26 07:48:11 +09:00
MaineK00n	7aa296bb57	fix(oval): fix RDB query (#1347 )	2021-12-26 07:47:52 +09:00
Kota Kanbe	3829ed2f8e	Fix the parsing logic of FreeBSD pkg-audit (#1334 ) * fix scanUnsecurePackages for FreeBSD pkg audit output change * Add test case TestParseBlock for FreeBSD pkg audit output change * Fix for no CVE in a block * fix(scan): parse logic of pkg-audit * fix `ca761fb218` Co-authored-by: User Kurita <kurita@vuls0.digitiminimi.com>	2021-12-24 10:27:38 +09:00
MaineK00n	2b7294a504	feat(amazon): support amazon linux 2022 (#1338 )	2021-12-09 11:06:44 +09:00
MaineK00n	0c6a892893	style: fix lint (#1335 )	2021-11-19 15:46:51 +09:00
MaineK00n	89d94ad85a	feat(detector): add known exploited vulnerabilities (#1331 ) * feat(kevuln): add known exploited vulnerabilities * chore: transfer repository owner * feat: show CISA on top of CERT * chore: rename var * chore: rename var * chore: fix review * chore: fix message	2021-11-19 15:06:17 +09:00
sadayuki-matsuno	ffdb78962f	update dictionaries (#1326 )	2021-10-29 11:24:49 +09:00
Kota Kanbe	321dae37ce	chore: update readme	2021-10-24 17:38:57 +09:00
Kota Kanbe	a31797af0b	Merge branch 'sakura'	2021-10-24 17:33:48 +09:00
Kota Kanbe	32999cf432	chore: udpate readme	2021-10-24 17:32:35 +09:00
Kota Kanbe	88218f5d92	chore: update sponsor (#1325 )	2021-10-24 17:25:03 +09:00
Kota Kanbe	15761933ac	chore: update sponsor	2021-10-24 17:01:35 +09:00
Kota Kanbe	0b62842f0e	chore: fix go-sqlite3 deps (#1324 )	2021-10-20 12:33:59 +09:00
Kota Kanbe	6bceddeeda	chore: update goval-dictionary (#1323 ) * chore: update goval-dictionary * fix errs	2021-10-20 11:10:33 +09:00
Kota Kanbe	2dcbff8cd5	chore: sponsor (#1321 ) * fix readme * chore: fix lint	2021-10-17 16:41:51 +09:00
Kota Kanbe	8659668177	fix(cpescan): bug in NvdVendorProductMatch (#1320 ) * fix(cpescan): bug in NvdVendorProductMatch * update go mod	2021-10-13 12:55:01 +09:00
Kota Kanbe	e07b6a9160	feat(report): show Amazon ALAS link to report (#1318 )	2021-10-12 09:09:58 +09:00
Kota Kanbe	aac5ef1438	feat: update-trivy (#1316 ) * feat: update-trivy * add v2 parser * implement v2 * refactor * feat: add show version to future-vuls * add test case for v2 * trivy v0.20.0 * support --list-all-pkgs * fix lint err * add test case for jar * add a test case for gemspec in container * remove v1 parser and change Library struct * Changed the field name in the model struct LibraryScanner * add comment * fix comment * fix comment * chore * add struct tag	2021-10-08 17:22:06 +09:00
sadayuki-matsuno	d780a73297	add log json option (#1317 )	2021-10-07 16:00:01 +09:00
Kota Kanbe	9ef8cee36e	refactor(exploitdb): use pipeline effectively (#1314 ) https://github.com/vulsio/go-exploitdb/pull/64	2021-10-01 09:10:49 +09:00
Kota Kanbe	77808a2c05	feat(go-cve): add error handling (#1313 )	2021-09-30 12:42:43 +09:00
MaineK00n	177e553d12	feat(go-exploitdb): add error handling (#1310 ) * feat(go-exploitdb): add error handling * chore: rename * go get -u go-exploitdb Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>	2021-09-30 11:33:18 +09:00
MaineK00n	40f8272a28	feat(go-msfdb): add error handling and support http mode (#1308 ) * feat(go-msfdb): add error handling * feat(go-msfdb): support http mode * go get -u go-msfdb Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>	2021-09-30 11:16:41 +09:00
MaineK00n	a7eb1141ae	feat(gost): add error handling (#1311 ) * feat(gost): add error handling * go get -u gost Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>	2021-09-30 10:51:41 +09:00
Kota Kanbe	c73ed7f32f	chore: update find-lock file type (#1309 )	2021-09-24 16:23:23 +09:00