v0.5.0 (no backwards compatibility) (#478)

* Change config.toml, Auto-generate UUIDs, change structure of optional field

* Detect processes affected by update using yum-ps (#482)

Detect processes affected by update using yum-ps

* Detect processes needs restart using checkrestart on Debian and Ubuntu.

* pass cpename by args when calling FillCveInfo (#513)

* fix new db (#502)

* Include Version,Revision in JSON

* Include hostname in JSON

* Update goval-dictionary's commit hash in Gopkg.lock

* Remove README.ja.md

* update packages (#596)

* fix: change ControlPath to .vuls of SSH option (#618)

* feat: checkrestart for Ubuntu and Debian (#622)

* feat: checkrestart for Ubuntu and Debian

* fix: dependencies check logic of configtest

* feat: need-restarting on RedHat

* refactor: Process.ProcName to Process.Name

* feat: detect a systemd service name of need-restarting-process

* feat: detect a systemd service name of need-restarting-process on Ubuntu

* feat: fill a service name of need-restarting-process, init-system

* Support NVD JSON and CVSS3 of JVN (#605)

* fix: compile errors

* fix: Show CVSS3 on TUI

* fix: test cases

* fix: Avoid null in JSON

* Fix maxCvssScore (#621)

* Fix maxCvssScore

* Update vulninfos.go

* fix(init): remove unnecessary log initialization

* refactor(nvd): use only json feed if exists json data. if not, use xml feed

* fix(scan): make Confidence slice

* feat(CWE): Display CWE name to TUI

* feat(cwe): import CWE defs in Japanese

* feat(cwe): add OWASP Top 10 ranking to CWE if applicable

* feat(scan): add -fast-root mode, implement scan/amazon.go

* refactor(const): change const name JVN to Jvn

* feat(scan): add -fast-root mode, implement scan/centos.go

* refactor(dep): update deps

* fix(amazon): deps check

* feat(scan): add -fast-root mode, implement scan/rhel.go

* feat(scan): add -fast-root mode, implement scan/oracle.go

* fix complile err

* feat(scan): add -fast-root mode, implement scan/debian.go

* fix testcase

* fix(amazon): scan using yum

* fix(configtest): change error message, status when no scannnable servers

* Fix(scan): detect init process logic

* fix(tui): display cvss as table format

* fix(scan): parse a output of reboot-notifier on CentOS6.9

* fix(tui): don't display score, vector when score is zero

* fix(scan): add -offline mode to suse scanner

* fix(scan): fix help message

* feat(scan): enable to define scan mode for each servers in config.toml #510

* refactor(config): chagne cpeNames to cpeURIs

* refactor(config): change dependencyCheckXMLPath to owaspDCXMLPath

* fix(config): containers -> containersIncluded, Excluded, containerType

* feature(report): enable to define cpeURIs for each contaner

* feature(report): enable to specify owasp dc xml path for each container

* fix(discover): fix a template displayed at the end of discover

* feature(report): add ignorePkgsRegexp #665

* feature(report): enable to define ignoreCves for each container #666

* fix(report): Displayed nothing in TUI detail area when CweID is nil

* Gopkg.toml diet

* feat(server): support server mode (#678)

* feat(server): support server mode

* Lock go version

* Use the latest kernel release among the installed release when the running kernel release is unknown

* Add TestViaHTTP

* Set logger to go-cve-dictionary client

* Add -to-localfile

* Add -to-http option to report

* Load -to-http conf from config.toml

* Support gost (#676)

* feat(gost): Support RedHat API

* feat(gost): Support Debian Security Tracker

* feat(db): display error msg when SQLite3 is locked at the beginning of reporting.

* feat(gost): TUI

* Only use RedHat information of installed packages

* feat(tui): show mitigation on TUI

* feat(gost): support redis backend

* fix test case

* fix nil pointer when db is nil

* fix(gost): detect vulns of src packages for Debian

* feat(gost): implement redis backend for gost redhat api

* feat(report): display fixState of unfixed pkgs

* fix(report): display distincted cweIDs

* feat(slack): display gost info

* feat(slack): display mitigation

* feat(report): display available patch state as fixed/total

* fix(tui): display - if source of reference is empty

* update deps

* fix(report): key in ScanResult JSON be lowerCamelcase.

* some keys to lower camel

* fix(configtest): dep check logic of yum-plugin-ps

* fix(tui): format

* feat(report): add -format-list option

* fix(report): -format-full-text

* fix(report): report -format-full-text

* fix(report): display v3 score detected by gost

* fix(scan): scan in fast mode if not defined in config.toml

* fix(gost): fetch RedHat data for fixed CVEs

* feat(report): show number of cves detected in each database

* fix(report): show new version as `Unknown` in offline and fast scan mode

* fix(report): fix num of upadtable and fixed

* fix(report): set `Not fixed yet` if packageStatus is empty

* refact(gost): make convertToModel public

* fix(test): fix test case

* update deps

* fix(report): include gost score in MaxCvssScore

* [WIP] feat(config): enable to set options in config.toml instead of cmd opt (#690)

* feat(config): enable to set options in config.toml instead of cmd opt

* fix(config): change Conf.Report.Slack to Conf.Slack

* fix(discover): change tempalte

* fix(report): fix config.toml auto-generate with -uuid

* Add endpoint for health check and change endpoint

* refact(cmd): refactor flag set

* fix(report): enable to specify opts with cmd arg and env value

* fix(scan): enable to parse the release version of amazon linux 2

* add(report) add -to-saas option (#695)

* add(report) add -to-saas option

* ignore other writer if -to-saas

* fix(saas) fix bug

* fix(scan): need-restarting needs internet connection

* fix(scan,configtest): check scan mode

* refactor(scan): change func name

* fix(suse): support offline mode, bug fix on AWS, zypper --no-color

* fix(tui): fix nil pointer when no vulns in tui

* feat(report): enable to define CPE FS format in config.toml

* fix(vet): fix warnings of go vet

* fix(travis): go version to 1.11

* update deps

.dockerignore

@@ -0,0 +1,7 @@
+.dockerignore
+Dockerfile
+vendor/
+cve.sqlite3*
+oval.sqlite3*
+setup/
+img/

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,38 @@
+
+# What did you do? (required. The issue will be **closed** when not provided.)
+
+
+# What did you expect to happen?
+
+
+# What happened instead?
+
+* Current Output
+
+Please re-run the command using ```-debug``` and provide the output below.
+
+# Steps to reproduce the behaviour
+
+
+# Configuration (**MUST** fill this out):
+
+* Go version (`go version`):
+
+* Go environment (`go env`):
+
+* Vuls environment:
+
+Hash : ____
+
+To check the commit hash of HEAD
+$ vuls -v
+
+or
+
+$ cd $GOPATH/src/github.com/future-architect/vuls 
+$ git rev-parse --short HEAD 
+
+* config.toml:
+
+* command:
+

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,40 @@
+
+If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.
+
+# What did you implement:
+
+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. 
+
+Fixes # (issue)
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+# How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce.
+
+# Checklist:
+You don't have to satisfy all of the following.
+
+- [ ] Write tests
+- [ ] Write documentation
+- [ ] Check that there aren't other open pull requests for the same issue/feature
+- [ ] Format your source code by `make fmt`
+- [ ] Pass the test by `make test`
+- [ ] Provide verification config / commands
+- [ ] Enable "Allow edits from maintainers" for this PR
+- [ ] Update the messages below
+
+***Is this ready for review?:*** NO  
+
+# Reference
+
+* https://blog.github.com/2015-01-21-how-to-write-the-perfect-pull-request/
+

.goreleaser.yml

@@ -0,0 +1,24 @@
+project_name: vuls
+release:
+  github:
+    owner: future-architect
+    name: vuls
+builds:
+- goos:
+  - linux
+  goarch:
+  - amd64
+  main: .
+  ldflags: -s -w -X main.version={{.Version}} -X main.revision={{.Commit}}
+  binary: vuls
+archive:
+  format: tar.gz
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{
+    .Arm }}{{ end }}'
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+snapshot:
+  name_template: SNAPSHOT-{{ .Commit }}

.travis.yml

@@ -0,0 +1,7 @@
+language: go
+
+go:
+  - "1.11"
+
+after_success:
+  - test -n "$TRAVIS_TAG" && curl -sL https://git.io/goreleaser | bash

CHANGELOG.md

@@ -1,5 +1,230 @@
 # Change Log
 
+## v0.4.1 and later, see [GitHub release](https://github.com/future-architect/vuls/releases)
+
+## [v0.4.0](https://github.com/future-architect/vuls/tree/v0.4.0) (2017-08-25)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.3.0...v0.4.0)
+
+**Implemented enhancements:**
+
+- Output changelog in report, TUI and JSON for RHEL [\#367](https://github.com/future-architect/vuls/issues/367)
+- Output changelog in report, TUI and JSON for Amazon Linux [\#366](https://github.com/future-architect/vuls/issues/366)
+- Improve scanning accuracy by checking package versions [\#256](https://github.com/future-architect/vuls/issues/256)
+- Improve SSH [\#415](https://github.com/future-architect/vuls/issues/415)
+- Enable to scan even if target server can not connect to the Internet [\#258](https://github.com/future-architect/vuls/issues/258)
+- SSH Hostkey check [\#417](https://github.com/future-architect/vuls/pull/417) ([kotakanbe](https://github.com/kotakanbe))
+- v0.4.0 [\#449](https://github.com/future-architect/vuls/pull/449) ([kotakanbe](https://github.com/kotakanbe))
+- Change default ssh method from go library to external command [\#416](https://github.com/future-architect/vuls/pull/416) ([kotakanbe](https://github.com/kotakanbe))
+- Add containers-only option to configtest [\#411](https://github.com/future-architect/vuls/pull/411) ([knqyf263](https://github.com/knqyf263))
+
+**Fixed bugs:**
+
+-  Running Vuls tui before vuls report does not show vulnerabilities checked by CPE [\#396](https://github.com/future-architect/vuls/issues/396)
+- With a long package name, Local shell mode \(stty dont' work\) [\#444](https://github.com/future-architect/vuls/issues/444)
+- Improve SSH [\#415](https://github.com/future-architect/vuls/issues/415)
+- Report that a vulnerability exists in the wrong package [\#408](https://github.com/future-architect/vuls/issues/408)
+- With a long package name, a parse error occurs. [\#391](https://github.com/future-architect/vuls/issues/391)
+- Ubuntu failed to scan vulnerable packages [\#205](https://github.com/future-architect/vuls/issues/205)
+- CVE-ID in changelog can't be picked up. [\#154](https://github.com/future-architect/vuls/issues/154)
+- v0.4.0 [\#449](https://github.com/future-architect/vuls/pull/449) ([kotakanbe](https://github.com/kotakanbe))
+- Fix SSH dial error [\#413](https://github.com/future-architect/vuls/pull/413) ([kotakanbe](https://github.com/kotakanbe))
+- Update deps, Change deps tool from glide to dep [\#412](https://github.com/future-architect/vuls/pull/412) ([kotakanbe](https://github.com/kotakanbe))
+- fix report option Loaded error-info [\#406](https://github.com/future-architect/vuls/pull/406) ([hogehogehugahuga](https://github.com/hogehogehugahuga))
+- Add --user root to docker exec command [\#389](https://github.com/future-architect/vuls/pull/389) ([PaulFurtado](https://github.com/PaulFurtado))
+
+**Closed issues:**
+
+- README.md.ja not include "Oracle Linux, FreeBSD"  [\#465](https://github.com/future-architect/vuls/issues/465)
+- Can't scan remote server - \(centos 7 - updated\) [\#451](https://github.com/future-architect/vuls/issues/451)
+- An abnormality in the result of vuls tui [\#439](https://github.com/future-architect/vuls/issues/439)
+- compile faild [\#436](https://github.com/future-architect/vuls/issues/436)
+- Can't install vuls on CentOS 7 [\#432](https://github.com/future-architect/vuls/issues/432)
+- Vuls scan doesn't show severity score in any of the vulnerable packages [\#430](https://github.com/future-architect/vuls/issues/430)
+- Load config failedtoml: cannot load TOML value of type string into a Go slice [\#429](https://github.com/future-architect/vuls/issues/429)
+- vuls scan not running check-update with sudo for Centos 7 [\#428](https://github.com/future-architect/vuls/issues/428)
+- options for configtest not being activated [\#422](https://github.com/future-architect/vuls/issues/422)
+- "could not find project Gopkg.toml, use dep init to initiate a manifest" when installing vuls [\#420](https://github.com/future-architect/vuls/issues/420)
+- go get not get  [\#407](https://github.com/future-architect/vuls/issues/407)
+- Failed to scan via docker. err: Unknown format [\#404](https://github.com/future-architect/vuls/issues/404)
+- Failed to scan - kernel-xxx is an installed security update [\#403](https://github.com/future-architect/vuls/issues/403)
+- 169.254.169.254 port 80: Connection refused [\#402](https://github.com/future-architect/vuls/issues/402)
+- vuls scan --debug cause `invalid memory address` error [\#397](https://github.com/future-architect/vuls/issues/397)
+- Provide a command line flag that will automatically install aptitude on debian? [\#390](https://github.com/future-architect/vuls/issues/390)
+
+**Merged pull requests:**
+
+- export fill cve info [\#467](https://github.com/future-architect/vuls/pull/467) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- add oval docker [\#466](https://github.com/future-architect/vuls/pull/466) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- fix typos in commands. [\#464](https://github.com/future-architect/vuls/pull/464) ([ymomoi](https://github.com/ymomoi))
+- Update README [\#463](https://github.com/future-architect/vuls/pull/463) ([kotakanbe](https://github.com/kotakanbe))
+- export FillWithOval [\#462](https://github.com/future-architect/vuls/pull/462) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- add serveruuid field [\#458](https://github.com/future-architect/vuls/pull/458) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- add s3 dirctory option [\#457](https://github.com/future-architect/vuls/pull/457) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Extract Advisory.Description on RHEL, Amazon, Oracle [\#450](https://github.com/future-architect/vuls/pull/450) ([kotakanbe](https://github.com/kotakanbe))
+- nosudo on CentOS and Fetch Changelogs on Amazon, RHEL [\#448](https://github.com/future-architect/vuls/pull/448) ([kotakanbe](https://github.com/kotakanbe))
+- change logrus package to lowercase and update other packages [\#446](https://github.com/future-architect/vuls/pull/446) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- add db backend redis [\#445](https://github.com/future-architect/vuls/pull/445) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- fast test [\#435](https://github.com/future-architect/vuls/pull/435) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- fix typo [\#433](https://github.com/future-architect/vuls/pull/433) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- Add support for PostgreSQL as a DB storage back-end [\#431](https://github.com/future-architect/vuls/pull/431) ([sadayuki-matsuno](https://github.com/sadayuki-matsuno))
+- typo README.js.md [\#426](https://github.com/future-architect/vuls/pull/426) ([ryurock](https://github.com/ryurock))
+- Add TOC to README [\#425](https://github.com/future-architect/vuls/pull/425) ([kotakanbe](https://github.com/kotakanbe))
+- Fixing \#420 where lock and manifest have moved to TOML [\#421](https://github.com/future-architect/vuls/pull/421) ([elfgoh](https://github.com/elfgoh))
+- Define timeout for vulnerabilities scan and platform detection [\#414](https://github.com/future-architect/vuls/pull/414) ([s7anley](https://github.com/s7anley))
+- Enable -timeout option when detecting OS [\#410](https://github.com/future-architect/vuls/pull/410) ([knqyf263](https://github.com/knqyf263))
+- Remove duplicate command in README [\#401](https://github.com/future-architect/vuls/pull/401) ([knqyf263](https://github.com/knqyf263))
+- Fix to read config.toml at tui [\#441](https://github.com/future-architect/vuls/pull/441) ([usiusi360](https://github.com/usiusi360))
+- Change NVD URL to new one [\#419](https://github.com/future-architect/vuls/pull/419) ([kotakanbe](https://github.com/kotakanbe))
+- Add some testcases [\#418](https://github.com/future-architect/vuls/pull/418) ([kotakanbe](https://github.com/kotakanbe))
+
+## [v0.3.0](https://github.com/future-architect/vuls/tree/v0.3.0) (2017-03-24)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.2.0...v0.3.0)
+
+**Implemented enhancements:**
+
+- Changelog parsing fails when package maintainers aren't consistent regarding versions [\#327](https://github.com/future-architect/vuls/issues/327)
+- Docker scan doesn't report image name [\#325](https://github.com/future-architect/vuls/issues/325)
+- vuls report -to-email only one E-Mail [\#295](https://github.com/future-architect/vuls/issues/295)
+- Support RHEL5 [\#286](https://github.com/future-architect/vuls/issues/286)
+- Continue scanning even when some hosts have tech issues? [\#264](https://github.com/future-architect/vuls/issues/264)
+- Normalization of JSON output [\#259](https://github.com/future-architect/vuls/issues/259)
+- Add report subcommand, change scan subcommand options [\#239](https://github.com/future-architect/vuls/issues/239)
+- scan localhost? [\#210](https://github.com/future-architect/vuls/issues/210)
+- Can Vuls show details about updateable packages [\#341](https://github.com/future-architect/vuls/issues/341)
+- Scan all containers except [\#285](https://github.com/future-architect/vuls/issues/285)
+- Notify the difference from the previous scan result [\#255](https://github.com/future-architect/vuls/issues/255)
+- EC2RoleCreds support? [\#250](https://github.com/future-architect/vuls/issues/250)
+- Output confidence score of detection accuracy and detection method to JSON or Reporting [\#350](https://github.com/future-architect/vuls/pull/350) ([kotakanbe](https://github.com/kotakanbe))
+- Avoid null slice being null in JSON [\#345](https://github.com/future-architect/vuls/pull/345) ([kotakanbe](https://github.com/kotakanbe))
+- Add -format-one-email option [\#331](https://github.com/future-architect/vuls/pull/331) ([knqyf263](https://github.com/knqyf263))
+- Support Raspbian [\#330](https://github.com/future-architect/vuls/pull/330) ([knqyf263](https://github.com/knqyf263))
+- Add leniancy to the version matching for debian to account for versio… [\#328](https://github.com/future-architect/vuls/pull/328) ([jsulinski](https://github.com/jsulinski))
+- Add image information for docker containers [\#326](https://github.com/future-architect/vuls/pull/326) ([jsulinski](https://github.com/jsulinski))
+- Continue scanning even when some hosts have tech issues [\#309](https://github.com/future-architect/vuls/pull/309) ([kotakanbe](https://github.com/kotakanbe))
+- Add -log-dir option [\#301](https://github.com/future-architect/vuls/pull/301) ([knqyf263](https://github.com/knqyf263))
+- Use --assumeno option [\#300](https://github.com/future-architect/vuls/pull/300) ([knqyf263](https://github.com/knqyf263))
+- Add local scan mode\(Scan without SSH when target server is localhost\) [\#291](https://github.com/future-architect/vuls/pull/291) ([kotakanbe](https://github.com/kotakanbe))
+- Support RHEL5 [\#289](https://github.com/future-architect/vuls/pull/289) ([kotakanbe](https://github.com/kotakanbe))
+- Add LXD support [\#288](https://github.com/future-architect/vuls/pull/288) ([jiazio](https://github.com/jiazio))
+- Add timeout option to configtest [\#400](https://github.com/future-architect/vuls/pull/400) ([kotakanbe](https://github.com/kotakanbe))
+- Notify the difference from the previous scan result [\#392](https://github.com/future-architect/vuls/pull/392) ([knqyf263](https://github.com/knqyf263))
+- Add Oracle Linux support [\#386](https://github.com/future-architect/vuls/pull/386) ([Djelibeybi](https://github.com/Djelibeybi))
+- Change container scan format in config.toml [\#381](https://github.com/future-architect/vuls/pull/381) ([kotakanbe](https://github.com/kotakanbe))
+- Obsolete CentOS5 support [\#378](https://github.com/future-architect/vuls/pull/378) ([kotakanbe](https://github.com/kotakanbe))
+- Deprecate prepare subcommand to minimize the root authority defined by /etc/sudoers [\#375](https://github.com/future-architect/vuls/pull/375) ([kotakanbe](https://github.com/kotakanbe))
+- Support IAM role for report to S3. [\#370](https://github.com/future-architect/vuls/pull/370) ([ohsawa0515](https://github.com/ohsawa0515))
+- Add .travis.yml [\#363](https://github.com/future-architect/vuls/pull/363) ([knqyf263](https://github.com/knqyf263))
+- Output changelog in report, TUI and JSON for Ubuntu/Debian/CentOS [\#356](https://github.com/future-architect/vuls/pull/356) ([kotakanbe](https://github.com/kotakanbe))
+
+**Fixed bugs:**
+
+- Debian scans failing in docker [\#323](https://github.com/future-architect/vuls/issues/323)
+- Local CVE DB is still checked, even if a CVE Dictionary URL is defined [\#316](https://github.com/future-architect/vuls/issues/316)
+- vuls needs gmake. [\#313](https://github.com/future-architect/vuls/issues/313)
+- patch request for FreeBSD [\#312](https://github.com/future-architect/vuls/issues/312)
+- Report: failed to read from json \(Docker\) [\#294](https://github.com/future-architect/vuls/issues/294)
+- -report-mail option does not output required mail header [\#282](https://github.com/future-architect/vuls/issues/282)
+- PackInfo not found error when vuls scan. [\#281](https://github.com/future-architect/vuls/issues/281)
+- Normalize character set [\#279](https://github.com/future-architect/vuls/issues/279)
+- The number of Updatable Packages is different from the number of yum check-update [\#373](https://github.com/future-architect/vuls/issues/373)
+- sudo is needed when exec yum check-update on RHEL7 [\#371](https://github.com/future-architect/vuls/issues/371)
+- `123-3ubuntu4` should be marked as ChangelogLenientMatch [\#362](https://github.com/future-architect/vuls/issues/362)
+- CentOS  multi package invalid result [\#360](https://github.com/future-architect/vuls/issues/360)
+- Parse error after check-update. \(Unknown format\) [\#359](https://github.com/future-architect/vuls/issues/359)
+- Fix candidate to confidence. [\#354](https://github.com/future-architect/vuls/pull/354) ([kotakanbe](https://github.com/kotakanbe))
+- Bug fix: not send e-mail to cc address [\#346](https://github.com/future-architect/vuls/pull/346) ([knqyf263](https://github.com/knqyf263))
+- Change the command used for os detection from uname to freebsd-version [\#340](https://github.com/future-architect/vuls/pull/340) ([kotakanbe](https://github.com/kotakanbe))
+- Fix error handling of detectOS [\#337](https://github.com/future-architect/vuls/pull/337) ([kotakanbe](https://github.com/kotakanbe))
+- Fix infinite retry at size overrun error in Slack report [\#329](https://github.com/future-architect/vuls/pull/329) ([kotakanbe](https://github.com/kotakanbe))
+- aptitude changelog defaults to using more, which is not interactive a… [\#324](https://github.com/future-architect/vuls/pull/324) ([jsulinski](https://github.com/jsulinski))
+- Do not use sudo when echo [\#322](https://github.com/future-architect/vuls/pull/322) ([knqyf263](https://github.com/knqyf263))
+- Reduce privilege requirements for commands that don't need sudo on Ubuntu/Debian [\#319](https://github.com/future-architect/vuls/pull/319) ([jsulinski](https://github.com/jsulinski))
+- Don't check for a CVE DB when CVE Dictionary URL is defined [\#317](https://github.com/future-architect/vuls/pull/317) ([jsulinski](https://github.com/jsulinski))
+- Fix typo contianer -\> container [\#314](https://github.com/future-architect/vuls/pull/314) ([justyns](https://github.com/justyns))
+- Fix the changelog cache logic for ubuntu/debian [\#305](https://github.com/future-architect/vuls/pull/305) ([kotakanbe](https://github.com/kotakanbe))
+- Fix yum updateinfo options [\#304](https://github.com/future-architect/vuls/pull/304) ([kotakanbe](https://github.com/kotakanbe))
+- Update glide.lock to fix create-log-dir error. [\#303](https://github.com/future-architect/vuls/pull/303) ([kotakanbe](https://github.com/kotakanbe))
+- Fix a bug in logging \(file output\) at scan command [\#302](https://github.com/future-architect/vuls/pull/302) ([kotakanbe](https://github.com/kotakanbe))
+- Add -pipe flag \#294 [\#299](https://github.com/future-architect/vuls/pull/299) ([kotakanbe](https://github.com/kotakanbe))
+- Fix RHEL5 scan stopped halfway [\#293](https://github.com/future-architect/vuls/pull/293) ([kotakanbe](https://github.com/kotakanbe))
+- Fix amazon linux scan stopped halfway [\#292](https://github.com/future-architect/vuls/pull/292) ([kotakanbe](https://github.com/kotakanbe))
+- Fix nil-ponter in TUI [\#388](https://github.com/future-architect/vuls/pull/388) ([kotakanbe](https://github.com/kotakanbe))
+- Fix Bug of Mysql Backend [\#384](https://github.com/future-architect/vuls/pull/384) ([kotakanbe](https://github.com/kotakanbe))
+- Fix scan confidence on Ubuntu/Debian/Raspbian \#362 [\#379](https://github.com/future-architect/vuls/pull/379) ([kotakanbe](https://github.com/kotakanbe))
+- Fix updatalbe packages count \#373 [\#374](https://github.com/future-architect/vuls/pull/374) ([kotakanbe](https://github.com/kotakanbe))
+- sudo yum check-update on RHEL [\#372](https://github.com/future-architect/vuls/pull/372) ([kotakanbe](https://github.com/kotakanbe))
+- Change ssh option from -t to -tt [\#369](https://github.com/future-architect/vuls/pull/369) ([knqyf263](https://github.com/knqyf263))
+- Increase the width of RequestPty [\#364](https://github.com/future-architect/vuls/pull/364) ([knqyf263](https://github.com/knqyf263))
+
+**Closed issues:**
+
+-  vuls configtest --debugがsudoのチェックで止まってしまう [\#395](https://github.com/future-architect/vuls/issues/395)
+- Add support for Oracle Linux [\#385](https://github.com/future-architect/vuls/issues/385)
+- error on install - Ubuntu 16.04 [\#376](https://github.com/future-architect/vuls/issues/376)
+- Unknown OS Type [\#335](https://github.com/future-architect/vuls/issues/335)
+- mac os 10.12.3 make install error [\#334](https://github.com/future-architect/vuls/issues/334)
+- assumeYes doesn't work because there is no else condition [\#320](https://github.com/future-architect/vuls/issues/320)
+- Debian scan uses sudo where unnecessary [\#318](https://github.com/future-architect/vuls/issues/318)
+- Add FreeBSD 11 to supported OS on documents. [\#311](https://github.com/future-architect/vuls/issues/311)
+- docker fetchnvd failing [\#274](https://github.com/future-architect/vuls/issues/274)
+- Latest version of labstack echo breaks installation [\#268](https://github.com/future-architect/vuls/issues/268)
+- fetchnvd Fails using example loop [\#267](https://github.com/future-architect/vuls/issues/267)
+
+**Merged pull requests:**
+
+- fix typo in README.ja.md [\#394](https://github.com/future-architect/vuls/pull/394) ([lv7777](https://github.com/lv7777))
+- Update Tutorial in README [\#387](https://github.com/future-architect/vuls/pull/387) ([kotakanbe](https://github.com/kotakanbe))
+- Fix README [\#383](https://github.com/future-architect/vuls/pull/383) ([usiusi360](https://github.com/usiusi360))
+- s/dictinary/dictionary typo [\#382](https://github.com/future-architect/vuls/pull/382) ([beuno](https://github.com/beuno))
+- Fix Japanese typo [\#377](https://github.com/future-architect/vuls/pull/377) ([IMAI-Yuji](https://github.com/IMAI-Yuji))
+- Improve kanji character [\#351](https://github.com/future-architect/vuls/pull/351) ([hasegawa-tomoki](https://github.com/hasegawa-tomoki))
+- Add PULL\_REQUEST\_TEMPLATE.md [\#348](https://github.com/future-architect/vuls/pull/348) ([knqyf263](https://github.com/knqyf263))
+- Update README [\#347](https://github.com/future-architect/vuls/pull/347) ([knqyf263](https://github.com/knqyf263))
+- Fix test case [\#344](https://github.com/future-architect/vuls/pull/344) ([kotakanbe](https://github.com/kotakanbe))
+- Fix typo [\#343](https://github.com/future-architect/vuls/pull/343) ([knqyf263](https://github.com/knqyf263))
+- Rename Makefile to GNUmakefile \#313 [\#339](https://github.com/future-architect/vuls/pull/339) ([kotakanbe](https://github.com/kotakanbe))
+- Update README [\#338](https://github.com/future-architect/vuls/pull/338) ([kotakanbe](https://github.com/kotakanbe))
+- add error handling [\#332](https://github.com/future-architect/vuls/pull/332) ([kazuminn](https://github.com/kazuminn))
+- Update readme [\#308](https://github.com/future-architect/vuls/pull/308) ([lapthorn](https://github.com/lapthorn))
+- Update glide.lock to fix import error [\#306](https://github.com/future-architect/vuls/pull/306) ([knqyf263](https://github.com/knqyf263))
+- Check whether echo is executable with nopasswd [\#298](https://github.com/future-architect/vuls/pull/298) ([knqyf263](https://github.com/knqyf263))
+- Update docker README [\#297](https://github.com/future-architect/vuls/pull/297) ([knqyf263](https://github.com/knqyf263))
+- update readme [\#296](https://github.com/future-architect/vuls/pull/296) ([galigalikun](https://github.com/galigalikun))
+- remove unused import line. [\#358](https://github.com/future-architect/vuls/pull/358) ([ymomoi](https://github.com/ymomoi))
+
+## [v0.2.0](https://github.com/future-architect/vuls/tree/v0.2.0) (2017-01-10)
+[Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.7...v0.2.0)
+
+**Implemented enhancements:**
+
+- Add report subcommand, change scan options. \#239 [\#270](https://github.com/future-architect/vuls/pull/270) ([kotakanbe](https://github.com/kotakanbe))
+- Add --assume-yes to prepare \#260 [\#266](https://github.com/future-architect/vuls/pull/266) ([Code0x58](https://github.com/Code0x58))
+- Use RFC3339 timestamps in the results [\#265](https://github.com/future-architect/vuls/pull/265) ([Code0x58](https://github.com/Code0x58))
+
+**Fixed bugs:**
+
+- vuls prepare failed to centos7 [\#275](https://github.com/future-architect/vuls/issues/275)
+- Failed to scan on RHEL5 [\#94](https://github.com/future-architect/vuls/issues/94)
+- Fix container os detection [\#287](https://github.com/future-architect/vuls/pull/287) ([jiazio](https://github.com/jiazio))
+- Add date header to report mail. [\#283](https://github.com/future-architect/vuls/pull/283) ([ymomoi](https://github.com/ymomoi))
+- Add Content-Type header to report/mail.go . [\#280](https://github.com/future-architect/vuls/pull/280) ([hogehogehugahuga](https://github.com/hogehogehugahuga))
+- Keep output of "vuls scan -report-\*" to be same every times [\#272](https://github.com/future-architect/vuls/pull/272) ([yoheimuta](https://github.com/yoheimuta))
+- Fix JSON-dir regex pattern \#265 [\#271](https://github.com/future-architect/vuls/pull/271) ([kotakanbe](https://github.com/kotakanbe))
+- Stop quietly ignoring `--ssh-external` on Windows [\#263](https://github.com/future-architect/vuls/pull/263) ([Code0x58](https://github.com/Code0x58))
+- Fix non-interactive `apt-get install` \#251 [\#253](https://github.com/future-architect/vuls/pull/253) ([Code0x58](https://github.com/Code0x58))
+
+**Closed issues:**
+
+- gocui.NewGui now takes a parameter [\#261](https://github.com/future-architect/vuls/issues/261)
+- Add a `--yes` flag to bypass interactive prompt for `vuls prepare` [\#260](https://github.com/future-architect/vuls/issues/260)
+- `vuls prepare` doesn't work on Debian host due to apt-get confirmation prompt [\#251](https://github.com/future-architect/vuls/issues/251)
+
+**Merged pull requests:**
+
+- Fix gocui.NewGui after signature change \#261 [\#262](https://github.com/future-architect/vuls/pull/262) ([Code0x58](https://github.com/Code0x58))
+- Replace inconsistent tabs with spaces [\#254](https://github.com/future-architect/vuls/pull/254) ([Code0x58](https://github.com/Code0x58))
+- Fix README [\#249](https://github.com/future-architect/vuls/pull/249) ([usiusi360](https://github.com/usiusi360))
+
 ## [v0.1.7](https://github.com/future-architect/vuls/tree/v0.1.7) (2016-11-08)
 [Full Changelog](https://github.com/future-architect/vuls/compare/v0.1.6...v0.1.7)
 
@@ -48,6 +273,8 @@
 
 **Closed issues:**
 
+- --enable-repos of yum option [\#246](https://github.com/future-architect/vuls/issues/246)
+- --skip-broken at yum option [\#245](https://github.com/future-architect/vuls/issues/245)
 - Recent changes to gobui cause build failures [\#228](https://github.com/future-architect/vuls/issues/228)
 - https://hub.docker.com/r/vuls/go-cve-dictionary/ is empty [\#208](https://github.com/future-architect/vuls/issues/208)
 - Not able to install gomail fails [\#202](https://github.com/future-architect/vuls/issues/202)
@@ -59,6 +286,7 @@
 - vuls configtest -ssh-external doesnt work [\#178](https://github.com/future-architect/vuls/issues/178)
 - apt-get update: time out [\#175](https://github.com/future-architect/vuls/issues/175)
 - scanning on Centos6, but vuls recognizes debian. [\#174](https://github.com/future-architect/vuls/issues/174)
+- Fix READMEja  \#164  [\#173](https://github.com/future-architect/vuls/issues/173)
 
 **Merged pull requests:**
 
@@ -258,7 +486,7 @@
 - Maximum 6 nodes available to scan [\#12](https://github.com/future-architect/vuls/issues/12)
 - panic: runtime error: index out of range [\#5](https://github.com/future-architect/vuls/issues/5)
 - Fix sudo option on RedHat like Linux and change some messages. [\#20](https://github.com/future-architect/vuls/pull/20) ([kotakanbe](https://github.com/kotakanbe))
-- Typo fix and updated readme [\#19](https://github.com/future-architect/vuls/pull/19) ([Euan-Kerr](https://github.com/Euan-Kerr))
+- Typo fix and updated readme [\#19](https://github.com/future-architect/vuls/pull/19) ([EuanKerr](https://github.com/EuanKerr))
 - remove a period at the end of error messages. [\#18](https://github.com/future-architect/vuls/pull/18) ([kotakanbe](https://github.com/kotakanbe))
 - fix error while yum updateinfo --security update on rhel@aws [\#17](https://github.com/future-architect/vuls/pull/17) ([kotakanbe](https://github.com/kotakanbe))
 - Fixed typos [\#15](https://github.com/future-architect/vuls/pull/15) ([radarhere](https://github.com/radarhere))
@@ -283,4 +511,4 @@
 
 
 
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

Dockerfile

@@ -0,0 +1,33 @@
+FROM golang:alpine as builder
+
+RUN apk add --no-cache \
+        git \
+        make \
+        gcc \
+        musl-dev
+
+ENV REPOSITORY github.com/future-architect/vuls
+COPY . $GOPATH/src/$REPOSITORY
+RUN cd $GOPATH/src/$REPOSITORY && make install
+
+
+FROM alpine:3.7
+
+MAINTAINER hikachan sadayuki-matsuno
+
+ENV LOGDIR /var/log/vuls
+ENV WORKDIR /vuls
+
+RUN apk add --no-cache \
+        openssh-client \
+        ca-certificates \
+    && mkdir -p $WORKDIR $LOGDIR
+
+COPY --from=builder /go/bin/vuls /usr/local/bin/
+
+VOLUME [$WORKDIR, $LOGDIR]
+WORKDIR $WORKDIR
+ENV PWD $WORKDIR
+
+ENTRYPOINT ["vuls"]
+CMD ["--help"]

GNUmakefile

@@ -0,0 +1,73 @@
+.PHONY: \
+	dep \
+	depup \
+	build \
+	install \
+	all \
+	vendor \
+	lint \
+	vet \
+	fmt \
+	fmtcheck \
+	pretest \
+	test \
+	cov \
+	clean
+
+SRCS = $(shell git ls-files '*.go')
+PKGS = $(shell go list ./...)
+VERSION := $(shell git describe --tags --abbrev=0)
+REVISION := $(shell git rev-parse --short HEAD)
+LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' \
+	-X 'github.com/future-architect/vuls/config.Revision=$(REVISION)'
+
+all: dep build
+
+dep:
+	go get -u github.com/golang/dep/...
+	dep ensure -v
+
+depup:
+	go get -u github.com/golang/dep/...
+	dep ensure -update -v
+
+build: main.go dep pretest
+	go build -ldflags "$(LDFLAGS)" -o vuls $<
+
+install: main.go dep pretest
+	go install -ldflags "$(LDFLAGS)"
+
+
+lint:
+	@ go get -v github.com/golang/lint/golint
+	golint $(PKGS)
+
+vet:
+	#  @-go get -v golang.org/x/tools/cmd/vet
+	go vet ./... || exit;
+
+fmt:
+	gofmt -s -w $(SRCS)
+
+mlint:
+	$(foreach file,$(SRCS),gometalinter $(file) || exit;)
+
+fmtcheck:
+	$(foreach file,$(SRCS),gofmt -s -d $(file);)
+
+pretest: lint vet fmtcheck
+
+test: 
+	echo $(PKGS) | xargs go test -cover -v || exit;
+
+unused:
+	$(foreach pkg,$(PKGS),unused $(pkg);)
+
+cov:
+	@ go get -v github.com/axw/gocov/gocov
+	@ go get golang.org/x/tools/cmd/cover
+	gocov test | gocov report
+
+clean:
+	echo $(PKGS) | xargs go clean || exit;
+

Gopkg.lock

@@ -0,0 +1,804 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  digest = "1:46ea9487304f4b3c787f54483ecb13a338d686dcd670db0ab1a112ed0ae2128e"
+  name = "github.com/Azure/azure-sdk-for-go"
+  packages = [
+    "storage",
+    "version",
+  ]
+  pruneopts = "UT"
+  revision = "4e8cbbfb1aeab140cd0fa97fd16b64ee18c3ca6a"
+  version = "v19.1.0"
+
+[[projects]]
+  digest = "1:327b9226c8ea5f1cd9952ba859bb7c335cab40fd8781c4a790ef259b0c5fbc40"
+  name = "github.com/Azure/go-autorest"
+  packages = [
+    "autorest",
+    "autorest/adal",
+    "autorest/azure",
+    "autorest/date",
+    "logger",
+    "version",
+  ]
+  pruneopts = "UT"
+  revision = "39013ecb48eaf6ced3f4e3e1d95515140ce6b3cf"
+  version = "v10.15.2"
+
+[[projects]]
+  digest = "1:b16fbfbcc20645cb419f78325bb2e85ec729b338e996a228124d68931a6f2a37"
+  name = "github.com/BurntSushi/toml"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "b26d9c308763d68093482582cea63d69be07a0f0"
+  version = "v0.3.0"
+
+[[projects]]
+  digest = "1:320e7ead93de9fd2b0e59b50fd92a4d50c1f8ab455d96bc2eb083267453a9709"
+  name = "github.com/asaskevich/govalidator"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ccb8e960c48f04d6935e72476ae4a51028f9e22f"
+  version = "v9"
+
+[[projects]]
+  digest = "1:4f8b94c4cb403af4e7834e2a6455a25a5209dc61771b0d24a820ae9ae30f3f74"
+  name = "github.com/aws/aws-sdk-go"
+  packages = [
+    "aws",
+    "aws/awserr",
+    "aws/awsutil",
+    "aws/client",
+    "aws/client/metadata",
+    "aws/corehandlers",
+    "aws/credentials",
+    "aws/credentials/ec2rolecreds",
+    "aws/credentials/endpointcreds",
+    "aws/credentials/stscreds",
+    "aws/csm",
+    "aws/defaults",
+    "aws/ec2metadata",
+    "aws/endpoints",
+    "aws/request",
+    "aws/session",
+    "aws/signer/v4",
+    "internal/sdkio",
+    "internal/sdkrand",
+    "internal/sdkuri",
+    "internal/shareddefaults",
+    "private/protocol",
+    "private/protocol/eventstream",
+    "private/protocol/eventstream/eventstreamapi",
+    "private/protocol/query",
+    "private/protocol/query/queryutil",
+    "private/protocol/rest",
+    "private/protocol/restxml",
+    "private/protocol/xml/xmlutil",
+    "service/s3",
+    "service/sts",
+  ]
+  pruneopts = "UT"
+  revision = "4324bc9d8865bdb3e6aa86ec7772ca1272d2750e"
+  version = "v1.15.21"
+
+[[projects]]
+  digest = "1:0f98f59e9a2f4070d66f0c9c39561f68fcd1dc837b22a852d28d0003aebd1b1e"
+  name = "github.com/boltdb/bolt"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "2f1ce7a837dcb8da3ec595b1dac9d0632f0f99e8"
+  version = "v1.3.1"
+
+[[projects]]
+  digest = "1:2209584c0f7c9b68c23374e659357ab546e1b70eec2761f03280f69a8fd23d77"
+  name = "github.com/cenkalti/backoff"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e"
+  version = "v2.0.0"
+
+[[projects]]
+  digest = "1:e04c00d619875ce5fa67180891984a9b1fadcc031af36bcd7a3509cbdad1df15"
+  name = "github.com/cheggaaa/pb"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c112833d014c77e8bde723fd0158e3156951639f"
+  version = "v2.0.6"
+
+[[projects]]
+  digest = "1:76dc72490af7174349349838f2fe118996381b31ea83243812a97e5a0fd5ed55"
+  name = "github.com/dgrijalva/jwt-go"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e"
+  version = "v3.2.0"
+
+[[projects]]
+  digest = "1:865079840386857c809b72ce300be7580cb50d3d3129ce11bf9aa6ca2bc1934a"
+  name = "github.com/fatih/color"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"
+  version = "v1.7.0"
+
+[[projects]]
+  digest = "1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd"
+  name = "github.com/fsnotify/fsnotify"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9"
+  version = "v1.4.7"
+
+[[projects]]
+  digest = "1:5abd6a22805b1919f6a6bca0ae58b13cef1f3412812f38569978f43ef02743d4"
+  name = "github.com/go-ini/ini"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5cf292cae48347c2490ac1a58fe36735fb78df7e"
+  version = "v1.38.2"
+
+[[projects]]
+  digest = "1:ad9585b1b4361cbe8e7d8cc31af82ef5f597b9243909daa16f2c225b8af68c46"
+  name = "github.com/go-redis/redis"
+  packages = [
+    ".",
+    "internal",
+    "internal/consistenthash",
+    "internal/hashtag",
+    "internal/pool",
+    "internal/proto",
+    "internal/singleflight",
+    "internal/util",
+  ]
+  pruneopts = "UT"
+  revision = "1614e579ed966441b8e0c3ccea1dd0fbbd93a6ae"
+  version = "v6.14.0"
+
+[[projects]]
+  digest = "1:adea5a94903eb4384abef30f3d878dc9ff6b6b5b0722da25b82e5169216dfb61"
+  name = "github.com/go-sql-driver/mysql"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "d523deb1b23d913de5bdada721a6071e71283618"
+  version = "v1.4.0"
+
+[[projects]]
+  digest = "1:586ea76dbd0374d6fb649a91d70d652b7fe0ccffb8910a77468e7702e7901f3d"
+  name = "github.com/go-stack/stack"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "2fee6af1a9795aafbe0253a0cfbdf668e1fb8a9a"
+  version = "v1.8.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:b264547c40314ec7619d2cf264e2621953843be7242c140efe1e3119f93877f4"
+  name = "github.com/google/subcommands"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5bae204cdfb2d92dcc333d56014bae6a2f6c58b1"
+
+[[projects]]
+  digest = "1:cee8e8ac80df6373e7daa11baf1f98c1b6f7242c49ccae7e1ec34a971dc408d9"
+  name = "github.com/gorilla/websocket"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "3ff3320c2a1756a3691521efc290b4701575147c"
+  version = "v1.3.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:4e08dc2383a46b3107f0b34ca338c4459e8fc8ee90e46a60e728aa8a2b21d558"
+  name = "github.com/gosuri/uitable"
+  packages = [
+    ".",
+    "util/strutil",
+    "util/wordwrap",
+  ]
+  pruneopts = "UT"
+  revision = "36ee7e946282a3fb1cfecd476ddc9b35d8847e42"
+
+[[projects]]
+  digest = "1:77395dd3847dac9c45118c668f5dab85aedf0163dc3b38aea6578c5cf0d502f9"
+  name = "github.com/hashicorp/go-version"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "b5a281d3160aa11950a6182bd9a9dc2cb1e02d50"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10"
+  name = "github.com/hashicorp/hcl"
+  packages = [
+    ".",
+    "hcl/ast",
+    "hcl/parser",
+    "hcl/printer",
+    "hcl/scanner",
+    "hcl/strconv",
+    "hcl/token",
+    "json/parser",
+    "json/scanner",
+    "json/token",
+  ]
+  pruneopts = "UT"
+  revision = "8cb6e5b959231cc1119e43259c4a608f9c51a241"
+  version = "v1.0.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0f8b63af5601a93b6b6a63a420c857819e98a252369262d8faf66f3566ba294e"
+  name = "github.com/hashicorp/uuid"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ebb0a03e909c9c642a36d2527729104324c44fdb"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0778dc7fce1b4669a8bfa7ae506ec1f595b6ab0f8989c1c0d22a8ca1144e9972"
+  name = "github.com/howeyc/gopass"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
+
+[[projects]]
+  digest = "1:e96640e5b9ce93e2d7ee18f48048483080fd23e72e3c38bc17e9c8b77062031a"
+  name = "github.com/inconshreveable/log15"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "67afb5ed74ec82fd7ac8f49d27c509ac6f991970"
+  version = "v2.14"
+
+[[projects]]
+  digest = "1:8fe19266ce82209076d4a81007ff93f40dd349faca4a917aea59d33956bbd4fd"
+  name = "github.com/jinzhu/gorm"
+  packages = [
+    ".",
+    "dialects/mysql",
+    "dialects/postgres",
+    "dialects/sqlite",
+  ]
+  pruneopts = "UT"
+  revision = "6ed508ec6a4ecb3531899a69cbc746ccf65a4166"
+  version = "v1.9.1"
+
+[[projects]]
+  branch = "master"
+  digest = "1:fd97437fbb6b7dce04132cf06775bd258cce305c44add58eb55ca86c6c325160"
+  name = "github.com/jinzhu/inflection"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "04140366298a54a039076d798123ffa108fff46c"
+
+[[projects]]
+  digest = "1:e22af8c7518e1eab6f2eab2b7d7558927f816262586cd6ed9f349c97a6c285c4"
+  name = "github.com/jmespath/go-jmespath"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "0b12d6b5"
+
+[[projects]]
+  digest = "1:8e791db9ac7ec7eddd1f643be51d2dd66bb7093a92e86e3cbd22ddbeaad4d95b"
+  name = "github.com/jroimartin/gocui"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "4e9ce9a8e26f2ef33dfe297dbdfca148733b6b9b"
+  version = "v0.3.0"
+
+[[projects]]
+  digest = "1:16dd6b893b78a50564cdde1d9f7ea67224dece11bb0886bd882f1dc3dc1d440d"
+  name = "github.com/k0kubun/pp"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "027a6d1765d673d337e687394dbe780dd64e2a1e"
+  version = "v2.3.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:bdf08c9b41c029c60ba5dc99443a3ce74eedad842cf2adf9c255513f432422e2"
+  name = "github.com/knqyf263/go-cpe"
+  packages = [
+    "common",
+    "matching",
+    "naming",
+  ]
+  pruneopts = "UT"
+  revision = "659663f6eca2ff32258e282557e7808115ea498a"
+
+[[projects]]
+  branch = "master"
+  digest = "1:a9955a589c7f6f28bd5a5f69da3f1e2cc857c23c7605c5fa7b605f065ba8f3fe"
+  name = "github.com/knqyf263/go-deb-version"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "9865fe14d09b1c729188ac810466dde90f897ee3"
+
+[[projects]]
+  branch = "master"
+  digest = "1:5734c5362ef66c39ddf1b4a11dfe75fa3c1adb70e78059543c83c0c6e89f2bc0"
+  name = "github.com/knqyf263/go-rpm-version"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "74609b86c936dff800c69ec89fcf4bc52d5f13a4"
+
+[[projects]]
+  digest = "1:7f4a6b4726da539e615256d19381f7c7326255f80ec19cdbeedcc4d9d57e1831"
+  name = "github.com/knqyf263/gost"
+  packages = [
+    "config",
+    "db",
+    "models",
+    "util",
+  ]
+  pruneopts = "UT"
+  revision = "e926a00c01bead2152ea43026159ec5cee7ca998"
+  version = "v0.1.0"
+
+[[projects]]
+  digest = "1:a0936d2be9f1dfa483fb8c2251453a9202dca2a374b1e42c7d75036a87d1c69d"
+  name = "github.com/kotakanbe/go-cve-dictionary"
+  packages = [
+    "config",
+    "db",
+    "log",
+    "models",
+  ]
+  pruneopts = "UT"
+  revision = "01c566055f7231f55f8551a2ae69569e0a4b9641"
+  version = "v0.2.0"
+
+[[projects]]
+  digest = "1:54d3c90db1164399906830313a6fce7770917d7e4a12da8f2d8693d18ff5ef27"
+  name = "github.com/kotakanbe/go-pingscanner"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "641dc2cc2d3cbf295dad356667b74c69bcbd6f70"
+  version = "v0.1.0"
+
+[[projects]]
+  digest = "1:564a03e039dfed4121709e3d76c05c08a9d4291335ca682b5065ae46285a688a"
+  name = "github.com/kotakanbe/goval-dictionary"
+  packages = [
+    "config",
+    "db",
+    "db/rdb",
+    "models",
+  ]
+  pruneopts = "UT"
+  revision = "818624daf2658cc177ea93100ff20c5caed064b6"
+  version = "v0.1.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0daead102d7ca3af110dfb832e8c14393f197d94e5ffe3f0639f10ea2cc55530"
+  name = "github.com/kotakanbe/logrus-prefixed-formatter"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "928f7356cb964637e2489a6ef37eee55181676c5"
+
+[[projects]]
+  digest = "1:faee5b9f53eb1ae4eb04708c040c8c4dd685ce46509671e57a08520a15c54368"
+  name = "github.com/labstack/gommon"
+  packages = [
+    "color",
+    "log",
+  ]
+  pruneopts = "UT"
+  revision = "d6898124de917583f5ff5592ef931d1dfe0ddc05"
+  version = "0.2.6"
+
+[[projects]]
+  digest = "1:b18ffc558326ebaed3b4a175617f1e12ed4e3f53d6ebfe5ba372a3de16d22278"
+  name = "github.com/lib/pq"
+  packages = [
+    ".",
+    "hstore",
+    "oid",
+  ]
+  pruneopts = "UT"
+  revision = "4ded0e9383f75c197b3a2aaa6d590ac52df6fd79"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:c568d7727aa262c32bdf8a3f7db83614f7af0ed661474b24588de635c20024c7"
+  name = "github.com/magiconair/properties"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c2353362d570a7bfa228149c62842019201cfb71"
+  version = "v1.8.0"
+
+[[projects]]
+  digest = "1:4e878df5f4e9fd625bf9c9aac77ef7cbfa4a74c01265505527c23470c0e40300"
+  name = "github.com/marstr/guid"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "8bd9a64bf37eb297b492a4101fb28e80ac0b290f"
+  version = "v1.1.0"
+
+[[projects]]
+  digest = "1:c658e84ad3916da105a761660dcaeb01e63416c8ec7bc62256a9b411a05fcd67"
+  name = "github.com/mattn/go-colorable"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
+  version = "v0.0.9"
+
+[[projects]]
+  digest = "1:d4d17353dbd05cb52a2a52b7fe1771883b682806f68db442b436294926bbfafb"
+  name = "github.com/mattn/go-isatty"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"
+  version = "v0.0.3"
+
+[[projects]]
+  digest = "1:cdb899c199f907ac9fb50495ec71212c95cb5b0e0a8ee0800da0238036091033"
+  name = "github.com/mattn/go-runewidth"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ce7b0b5c7b45a81508558cd1dba6bb1e4ddb51bb"
+  version = "v0.0.3"
+
+[[projects]]
+  digest = "1:3cafc6a5a1b8269605d9df4c6956d43d8011fc57f266ca6b9d04da6c09dee548"
+  name = "github.com/mattn/go-sqlite3"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "25ecb14adfc7543176f7d85291ec7dba82c6f7e4"
+  version = "v1.9.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:2b32af4d2a529083275afc192d1067d8126b578c7a9613b26600e4df9c735155"
+  name = "github.com/mgutz/ansi"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "9520e82c474b0a04dd04f8a40959027271bab992"
+
+[[projects]]
+  digest = "1:78bbb1ba5b7c3f2ed0ea1eab57bdd3859aec7e177811563edc41198a760b06af"
+  name = "github.com/mitchellh/go-homedir"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ae18d6b8b3205b561c79e8e5f69bff09736185f4"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:645110e089152bd0f4a011a2648fbb0e4df5977be73ca605781157ac297f50c4"
+  name = "github.com/mitchellh/mapstructure"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "fa473d140ef3c6adf42d6b391fe76707f1f243c8"
+  version = "v1.0.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:7aefb397a53fc437c90f0fdb3e1419c751c5a3a165ced52325d5d797edf1aca6"
+  name = "github.com/moul/http2curl"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "9ac6cf4d929b2fa8fd2d2e6dec5bb0feb4f4911d"
+
+[[projects]]
+  digest = "1:ace662a36243b5cdc2f71e654175dc192f903fafbf3411a95bc910c1cad53ce7"
+  name = "github.com/nlopes/slack"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "0db1d5eae1116bf7c8ed96c6749acfbf4daaec3e"
+  version = "v0.3.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:f335d800550786b6f51ddaedb9d1107a7a72f4a2195e5b039dd7c0e103e119bc"
+  name = "github.com/nsf/termbox-go"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "b66b20ab708e289ff1eb3e218478302e6aec28ce"
+
+[[projects]]
+  branch = "master"
+  digest = "1:4daa045e1e1f3e23f4b07db6880cdf9f259dab65312dfe244a878e6070faaf77"
+  name = "github.com/olekukonko/tablewriter"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "d4647c9c7a84d847478d890b816b7d8b62b0b279"
+
+[[projects]]
+  digest = "1:d776f3e95774a8719f2e57fabbbb33103035fe072dcf6f1864f33abd17b753e5"
+  name = "github.com/parnurzeal/gorequest"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "a578a48e8d6ca8b01a3b18314c43c6716bb5f5a3"
+  version = "v0.2.15"
+
+[[projects]]
+  digest = "1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e"
+  name = "github.com/pelletier/go-toml"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "c01d1270ff3e442a8a57cddc1c92dc1138598194"
+  version = "v1.2.0"
+
+[[projects]]
+  digest = "1:40e195917a951a8bf867cd05de2a46aaf1806c50cf92eebf4c16f78cd196f747"
+  name = "github.com/pkg/errors"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
+  version = "v0.8.0"
+
+[[projects]]
+  digest = "1:9a6f766efd8d5752adb7052aebb6e3d85255b31a8dff5e58ab4efa740ba9efa0"
+  name = "github.com/rifflock/lfshook"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "bf539943797a1f34c1f502d07de419b5238ae6c6"
+  version = "v2.3"
+
+[[projects]]
+  digest = "1:274f67cb6fed9588ea2521ecdac05a6d62a8c51c074c1fccc6a49a40ba80e925"
+  name = "github.com/satori/go.uuid"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3"
+  version = "v1.2.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:61ada1b10eccab5329199eaad8fc94048ed689969130010f592a6cc15f9afe39"
+  name = "github.com/sirupsen/logrus"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "49fbef4694fb220643e975c02c9547a1cda57c26"
+
+[[projects]]
+  digest = "1:bd1ae00087d17c5a748660b8e89e1043e1e5479d0fea743352cda2f8dd8c4f84"
+  name = "github.com/spf13/afero"
+  packages = [
+    ".",
+    "mem",
+  ]
+  pruneopts = "UT"
+  revision = "787d034dfe70e44075ccc060d346146ef53270ad"
+  version = "v1.1.1"
+
+[[projects]]
+  digest = "1:516e71bed754268937f57d4ecb190e01958452336fa73dbac880894164e91c1f"
+  name = "github.com/spf13/cast"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "8965335b8c7107321228e3e3702cab9832751bac"
+  version = "v1.2.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:8a020f916b23ff574845789daee6818daf8d25a4852419aae3f0b12378ba432a"
+  name = "github.com/spf13/jwalterweatherman"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "14d3d4c518341bea657dd8a226f5121c0ff8c9f2"
+
+[[projects]]
+  digest = "1:dab83a1bbc7ad3d7a6ba1a1cc1760f25ac38cdf7d96a5cdd55cd915a4f5ceaf9"
+  name = "github.com/spf13/pflag"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "9a97c102cda95a86cec2345a6f09f55a939babf5"
+  version = "v1.0.2"
+
+[[projects]]
+  digest = "1:4fc8a61287ccfb4286e1ca5ad2ce3b0b301d746053bf44ac38cf34e40ae10372"
+  name = "github.com/spf13/viper"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "907c19d40d9a6c9bb55f040ff4ae45271a4754b9"
+  version = "v1.1.0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:c468422f334a6b46a19448ad59aaffdfc0a36b08fdcc1c749a0b29b6453d7e59"
+  name = "github.com/valyala/bytebufferpool"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "e746df99fe4a3986f4d4f79e13c1e0117ce9c2f7"
+
+[[projects]]
+  branch = "master"
+  digest = "1:268b8bce0064e8c057d7b913605459f9a26dcab864c0886a56d196540fbf003f"
+  name = "github.com/valyala/fasttemplate"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "dcecefd839c4193db0d35b88ec65b4c12d360ab0"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0792df7c7ff49b81c7a8c5a2a47aee897c5bab31fb348c8e2f80a560d675f941"
+  name = "github.com/ymomoi/goval-parser"
+  packages = ["oval"]
+  pruneopts = "UT"
+  revision = "0a0be1dd9d0855b50be0be5a10ad3085382b6d59"
+
+[[projects]]
+  branch = "master"
+  digest = "1:6019f7d49498f02cd589d41db388e11470de1f218a0a534c52353788684d8cd9"
+  name = "golang.org/x/crypto"
+  packages = [
+    "curve25519",
+    "ed25519",
+    "ed25519/internal/edwards25519",
+    "internal/chacha20",
+    "internal/subtle",
+    "poly1305",
+    "ssh",
+    "ssh/agent",
+    "ssh/terminal",
+  ]
+  pruneopts = "UT"
+  revision = "614d502a4dac94afa3a6ce146bd1736da82514c6"
+
+[[projects]]
+  branch = "master"
+  digest = "1:357e8a9010dc590929a02bc5602c058acea216e4c46089755e618a5a59789604"
+  name = "golang.org/x/net"
+  packages = [
+    "context",
+    "idna",
+    "publicsuffix",
+  ]
+  pruneopts = "UT"
+  revision = "8a410e7b638dca158bf9e766925842f6651ff828"
+
+[[projects]]
+  branch = "master"
+  digest = "1:0dafafed83f125cdc945a014b2dec15e5b5d8cd2d77a2d1e3763120b08ab381b"
+  name = "golang.org/x/sys"
+  packages = [
+    "unix",
+    "windows",
+  ]
+  pruneopts = "UT"
+  revision = "4910a1d54f876d7b22162a85f4d066d3ee649450"
+
+[[projects]]
+  digest = "1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18"
+  name = "golang.org/x/text"
+  packages = [
+    "collate",
+    "collate/build",
+    "internal/colltab",
+    "internal/gen",
+    "internal/tag",
+    "internal/triegen",
+    "internal/ucd",
+    "language",
+    "secure/bidirule",
+    "transform",
+    "unicode/bidi",
+    "unicode/cldr",
+    "unicode/norm",
+    "unicode/rangetable",
+  ]
+  pruneopts = "UT"
+  revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
+  version = "v0.3.0"
+
+[[projects]]
+  digest = "1:c25289f43ac4a68d88b02245742347c94f1e108c534dda442188015ff80669b3"
+  name = "google.golang.org/appengine"
+  packages = ["cloudsql"]
+  pruneopts = "UT"
+  revision = "b1f26356af11148e710935ed1ac8a7f5702c7612"
+  version = "v1.1.0"
+
+[[projects]]
+  digest = "1:e626376fab8608a972d47e91b3c1bbbddaecaf1d42b82be6dcc52d10a7557893"
+  name = "gopkg.in/VividCortex/ewma.v1"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "b24eb346a94c3ba12c1da1e564dbac1b498a77ce"
+  version = "v1.1.1"
+
+[[projects]]
+  digest = "1:d8cd4f14785b5ae65100524a29ebba8b9dfc5401020fe7504f80b438bb8e8e0d"
+  name = "gopkg.in/cheggaaa/pb.v1"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "2af8bbdea9e99e83b3ac400d8f6b6d1b8cbbf338"
+  version = "v1.0.25"
+
+[[projects]]
+  digest = "1:256938e7d43c73bd5e7bb97dd281d1ebe294b2928403ee1fbec96249915d1150"
+  name = "gopkg.in/cheggaaa/pb.v2"
+  packages = ["termutil"]
+  pruneopts = "UT"
+  revision = "c112833d014c77e8bde723fd0158e3156951639f"
+  version = "v2.0.6"
+
+[[projects]]
+  digest = "1:865079840386857c809b72ce300be7580cb50d3d3129ce11bf9aa6ca2bc1934a"
+  name = "gopkg.in/fatih/color.v1"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"
+  version = "v1.7.0"
+
+[[projects]]
+  digest = "1:c658e84ad3916da105a761660dcaeb01e63416c8ec7bc62256a9b411a05fcd67"
+  name = "gopkg.in/mattn/go-colorable.v0"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
+  version = "v0.0.9"
+
+[[projects]]
+  digest = "1:d4d17353dbd05cb52a2a52b7fe1771883b682806f68db442b436294926bbfafb"
+  name = "gopkg.in/mattn/go-isatty.v0"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"
+  version = "v0.0.3"
+
+[[projects]]
+  digest = "1:cdb899c199f907ac9fb50495ec71212c95cb5b0e0a8ee0800da0238036091033"
+  name = "gopkg.in/mattn/go-runewidth.v0"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "ce7b0b5c7b45a81508558cd1dba6bb1e4ddb51bb"
+  version = "v0.0.3"
+
+[[projects]]
+  digest = "1:342378ac4dcb378a5448dd723f0784ae519383532f5e70ade24132c4c8693202"
+  name = "gopkg.in/yaml.v2"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183"
+  version = "v2.2.1"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  input-imports = [
+    "github.com/Azure/azure-sdk-for-go/storage",
+    "github.com/BurntSushi/toml",
+    "github.com/asaskevich/govalidator",
+    "github.com/aws/aws-sdk-go/aws",
+    "github.com/aws/aws-sdk-go/aws/credentials",
+    "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds",
+    "github.com/aws/aws-sdk-go/aws/ec2metadata",
+    "github.com/aws/aws-sdk-go/aws/session",
+    "github.com/aws/aws-sdk-go/service/s3",
+    "github.com/aws/aws-sdk-go/service/sts",
+    "github.com/boltdb/bolt",
+    "github.com/cenkalti/backoff",
+    "github.com/google/subcommands",
+    "github.com/gosuri/uitable",
+    "github.com/hashicorp/uuid",
+    "github.com/howeyc/gopass",
+    "github.com/jroimartin/gocui",
+    "github.com/k0kubun/pp",
+    "github.com/knqyf263/go-cpe/naming",
+    "github.com/knqyf263/go-deb-version",
+    "github.com/knqyf263/go-rpm-version",
+    "github.com/knqyf263/gost/db",
+    "github.com/knqyf263/gost/models",
+    "github.com/kotakanbe/go-cve-dictionary/db",
+    "github.com/kotakanbe/go-cve-dictionary/log",
+    "github.com/kotakanbe/go-cve-dictionary/models",
+    "github.com/kotakanbe/go-pingscanner",
+    "github.com/kotakanbe/goval-dictionary/db",
+    "github.com/kotakanbe/goval-dictionary/models",
+    "github.com/kotakanbe/logrus-prefixed-formatter",
+    "github.com/mitchellh/go-homedir",
+    "github.com/nlopes/slack",
+    "github.com/olekukonko/tablewriter",
+    "github.com/parnurzeal/gorequest",
+    "github.com/pkg/errors",
+    "github.com/rifflock/lfshook",
+    "github.com/sirupsen/logrus",
+    "golang.org/x/crypto/ssh",
+    "golang.org/x/crypto/ssh/agent",
+  ]
+  solver-name = "gps-cdcl"
+  solver-version = 1

Gopkg.toml

@@ -0,0 +1,29 @@
+# Gopkg.toml example
+#
+# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#   name = "github.com/x/y"
+#   version = "2.4.0"
+#
+# [prune]
+#   non-go = false
+#   go-tests = true
+#   unused-packages = true
+
+[prune]
+  go-tests = true
+  unused-packages = true

ISSUE_TEMPLATE

@@ -1,36 +0,0 @@
-
-# Environment
-
-## Vuls
-
-Hash : ____
-
-To check the commit hash of HEAD
-$ vuls -v
-
-or
-$ cd $GOPATH/src/github.com/future-architect/vuls 
-$ git rev-parse --short HEAD 
-
-## OS
-- Target Server: Write here
-- Vuls Server: Write here
-
-## Go
-- Go version: here
-
-# Current Output
-
-Please re-run the command using ```-debug``` and provide the output below.
-
-# Addition Details
-
-Can you also please fill in each of the remaining sections.
-
-## Expected Behavior
-
-## Actual Behavior
-
-## Steps to reproduce the behaviour
-
-

LICENSE

@@ -632,7 +632,7 @@ state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
     Vuls - Vulnerability Scanner
-    Copyright (C) 2016  Future Architect, Inc. Japan.
+    Copyright (C) 2016  Future Corporation , Japan.
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
-    Vuls  Copyright (C) 2016  Future Architect, Inc. Japan.
+    Vuls  Copyright (C) 2016  Future Corporation , Japan.
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.

Makefile

@@ -1,71 +0,0 @@
-.PHONY: \
-	glide \
-	deps \
-	update \
-	build \
-	install \
-	all \
-	vendor \
-	lint \
-	vet \
-	fmt \
-	fmtcheck \
-	pretest \
-	test \
-	cov \
-	clean
-
-SRCS = $(shell git ls-files '*.go')
-PKGS = ./. ./config ./models ./report ./cveapi ./scan ./util ./commands ./cache
-VERSION := $(shell git describe --tags --abbrev=0)
-REVISION := $(shell git rev-parse --short HEAD)
-LDFLAGS := -X 'main.version=$(VERSION)' \
-	-X 'main.revision=$(REVISION)'
-
-glide:
-	go get github.com/Masterminds/glide
-
-deps: glide
-	glide install
-
-update: glide
-	glide update
-
-build: main.go deps
-	go build -ldflags "$(LDFLAGS)" -o vuls $<
-
-install: main.go deps
-	go install -ldflags "$(LDFLAGS)"
-
-all: test
-
-lint:
-	@ go get -v github.com/golang/lint/golint
-	$(foreach file,$(SRCS),golint $(file) || exit;)
-
-vet:
-	#  @-go get -v golang.org/x/tools/cmd/vet
-	$(foreach pkg,$(PKGS),go vet $(pkg);)
-
-fmt:
-	gofmt -w $(SRCS)
-
-fmtcheck:
-	$(foreach file,$(SRCS),gofmt -d $(file);)
-
-pretest: lint vet fmtcheck
-
-test: pretest
-	$(foreach pkg,$(PKGS),go test -cover -v $(pkg) || exit;)
-
-unused :
-	$(foreach pkg,$(PKGS),unused $(pkg);)
-
-cov:
-	@ go get -v github.com/axw/gocov/gocov
-	@ go get golang.org/x/tools/cmd/cover
-	gocov test | gocov report
-
-clean:
-	$(foreach pkg,$(PKGS),go clean $(pkg) || exit;)
-

NOTICE

@@ -1,2 +1,2 @@
-Vuls Copyright (C) 2016  Future Architect, Inc. Japan.
+Vuls Copyright (C) 2016  Future Corporation , Japan.
 

README.fr.md

@@ -1,224 +0,0 @@
-
-# Vuls: VULnerability Scanner
-
-[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](http://goo.gl/forms/xm5KFo35tu)
-
-Scanneur de vulnérabilité Linux, sans agent, écrit en golang
-
-Nous avons une équipe Slack. [Rejoignez notre Slack Team](http://goo.gl/forms/xm5KFo35tu)  
-
-[README en English](https://github.com/future-architect/vuls/blob/master/README.md)  
-[README en Japonais](https://github.com/future-architect/vuls/blob/master/README.ja.md)  
-
-[![asciicast](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck.png)](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck)
-
-![Vuls-slack](img/vuls-slack-en.png)
-
-
-
-----
-
-# Résumé
-
-Effectuer des recherches de vulnérabilités et des mises à jour quotidiennes peut etre un fardeau pour un administrateur système.
-Afin d'éviter des interruptions systèmes dans un environnement de production, il est fréquent pour un administrateur système de choisir de ne pas utiliser la fonction de mise à jour automatique proposée par le gestionnaire de paquets et d'effecter ces mises à jour manuellement.
-Ce qui implique les problèmes suivants :
-- L'administrateur système devra surveiller constamment toutes les nouvelles vulnérabilités dans NVD (National Vulnerability Database) etc.
-- Il pourrait être impossible pour un administrateur système de surveiller tous les logiciels installés sur un serveur.
-- Il est coûteux d'effectuer une analyse pour déterminer quels sont les serveurs affectés par de nouvelles vulnérabilités. La possibilité de négliger un serveur ou deux est bien présente.
-
-Vuls est un outil crée pour palier aux problèmes listés ci-dessus. Voici ses caractéristiques.
-- Informer les utilisateurs des vulnérabilités système.
-- Informer les utilisateurs des systèmes concernés. 
-- La détection de vulnérabilités est effectuée automatiquement pour éviter toute négligence.
-- Les rapports sont générés régulièrement via CRON pour mieux gérer ces vulnérabilités.
-
-![Vuls-Motivation](img/vuls-motivation.png)
-
-----
-
-# Caractéristiques principales
-
-- Recherche de vulnérabilités sur des serveurs Linux
-    - Supporte Ubuntu, Debian, CentOS, Amazon Linux, RHEL
-    - Cloud, auto-hébergement, Docker
-- Scan d'intergiciels non inclus dans le gestionnaire de paquets de l'OS
-    - Scan d'intergiciels, de libraries de language de programmation et framework pour des vulnérabilités
-    - Supporte les logiciels inscrits au CPE
-- Architecture sans agent
-    - L'utilisateur doit seulement mettre en place VULS sur une seule machine qui se connectera aux autres via SSH
-- Génération automatique des fichiers de configuration
-    - Auto detection de serveurs via CIDR et génération de configuration
-- Email et notification Slack possibles (supporte le Japonais) 
-- Les résultats d'un scan sont accessibles dans un shell via TUI Viewer terminal.
-
-----
-
-# Ce que Vuls ne fait pas
-
-- Vuls ne met pas à jour les programmes affectés par les vulnérabilités découvertes.
-
-----
-
-# Hello Vuls 
-
-Ce tutoriel décrit la recherche de vulnérabilités sur une machine locale avec Vuls.
-Voici les étapes à suivre. 
-
-1. Démrarrage d'Amazon Linux
-1. Autoriser les connexions SSH depuis localhost
-1. Installation des prérequis
-1. Déploiement de go-cve-dictionary
-1. Deploiement de Vuls
-1. Configuration
-1. Préparation
-1. Scan
-1. TUI(Terminal-Based User Interface)
-
-## Step1. Démrarrage d'Amazon Linux
-
-- Nous utilisons dans cette exemple une vieille AMI (amzn-ami-hvm-2015.09.1.x86_64-gp2 - ami-383c1956)
-- Taille de l'instance : t2.medium
-    - La première fois, t2.medium et plus sont requis pour la récupération des CVE depuis NVD (2.3GB de mémoire utilisé)
-    - Une fois la récupération initiale des données NVD terminée vous pouvez passer sur une instance t2.nano.
-- Ajoutez la configuration suivante au cloud-init, afin d'éviter une mise à jour automatique lors du premier démarrage.
-
-    - [Q: How do I disable the automatic installation of critical and important security updates on initial launch?](https://aws.amazon.com/amazon-linux-ami/faqs/?nc1=h_ls)
-    ```
-    #cloud-config
-    repo_upgrade: none
-    ```
-
-## Step2. Paramètres SSH
-
-Il est obligatoire que le serveur puisse se connecter à son propre serveur SSH
-
-Générez une paire de clés SSH et ajoutez la clé publique dans le fichier authorized_keys
-```bash
-$ ssh-keygen -t rsa
-$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
-$ chmod 600 ~/.ssh/authorized_keys
-```
-
-## Step3. Installation des prérequis
-
-Vuls requiert l'installation des paquets suivants : 
-
-- sqlite
-- git
-- gcc
-- go v1.7.1 or later
-    - https://golang.org/doc/install
-
-```bash
-$ ssh ec2-user@52.100.100.100  -i ~/.ssh/private.pem
-$ sudo yum -y install sqlite git gcc
-$ wget https://storage.googleapis.com/golang/go1.7.1.linux-amd64.tar.gz
-$ sudo tar -C /usr/local -xzf go1.7.1.linux-amd64.tar.gz
-$ mkdir $HOME/go
-```
-Ajoutez les lignes suivantes dans /etc/profile.d/goenv.sh
-
-```bash
-export GOROOT=/usr/local/go
-export GOPATH=$HOME/go
-export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
-```
-
-Ajoutons ces nouvelles variables d’environnement au shell
-```bash
-$ source /etc/profile.d/goenv.sh
-```
-
-## Step4. Déploiement de [go-cve-dictionary](https://github.com/kotakanbe/go-cve-dictionary)
-
-go get
-
-```bash
-$ sudo mkdir /var/log/vuls
-$ sudo chown ec2-user /var/log/vuls
-$ sudo chmod 700 /var/log/vuls
-$ go get github.com/kotakanbe/go-cve-dictionary
-```
-
-Démarrez go-cve-dictionary en mode serveur.
-Lors de son premier démarrage go-cve-dictionary récupère la liste des vulnérabilités depuis NVD
-Cette opération prend environ 10 minutes (sur AWS).  
-
-## Step5. Déploiement de Vuls
-
-Ouvrez un second terminal, connectez vous à l'instance ec2 via SSH
-
-go get
-```
-$ go get github.com/future-architect/vuls
-```
-
-## Step6. Configuration
-
-Créez un fichier de configuration (TOML format).
-
-```
-$ cat config.toml
-[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-port        = "22"
-user        = "ec2-user"
-keyPath     = "/home/ec2-user/.ssh/id_rsa"
-```
-
-## Step7. Configuration des serveurs cibles vuls  
-
-```
-$ vuls prepare
-```
-
-## Step8. Scan
-
-```
-$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3
-INFO[0000] Begin scanning (config: /home/ec2-user/config.toml)
-
-... snip ...
-
-172-31-4-82 (amazon 2015.09)
-============================
-CVE-2016-0494   10.0    Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle
-                        Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to
-                        affect confidentiality, integrity, and availability via unknown vectors related to
-                        2D.
-... snip ...
-
-CVE-2016-0494
--------------
-Score           10.0 (High)
-Vector          (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-Summary         Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105,
-                7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality,
-                integrity, and availability via unknown vectors related to 2D.
-NVD             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0494
-MITRE           https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
-CVE Details     http://www.cvedetails.com/cve/CVE-2016-0494
-CVSS Calculator https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2016-0494&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)
-RHEL-CVE        https://access.redhat.com/security/cve/CVE-2016-0494
-ALAS-2016-643   https://alas.aws.amazon.com/ALAS-2016-643.html
-Package/CPE     java-1.7.0-openjdk-1.7.0.91-2.6.2.2.63.amzn1 -> java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.65.amzn1
-
-```
-
-## Step9. TUI
-
-Les résultats de Vuls peuvent etre affichés dans un Shell via TUI (Terminal-Based User Interface).
-
-```
-$ vuls tui
-```
-
-![Vuls-TUI](img/hello-vuls-tui.png)
-
-
-----
-
-For more information see [README in English](https://github.com/future-architect/vuls/blob/master/README.md)  

cache/bolt.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -20,10 +20,11 @@ package cache
 import (
 	"encoding/json"
 	"fmt"
+	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/boltdb/bolt"
 	"github.com/future-architect/vuls/util"
+	"github.com/sirupsen/logrus"
 )
 
 // Bolt holds a pointer of bolt.DB
@@ -92,6 +93,23 @@ func (b Bolt) GetMeta(serverName string) (meta Meta, found bool, err error) {
 	return
 }
 
+// RefreshMeta gets a Meta Information os the servername to boltdb.
+func (b Bolt) RefreshMeta(meta Meta) error {
+	meta.CreatedAt = time.Now()
+	jsonBytes, err := json.Marshal(meta)
+	if err != nil {
+		return fmt.Errorf("Failed to marshal to JSON: %s", err)
+	}
+	return b.db.Update(func(tx *bolt.Tx) error {
+		bkt := tx.Bucket([]byte(metabucket))
+		if err := bkt.Put([]byte(meta.Name), jsonBytes); err != nil {
+			return err
+		}
+		b.Log.Debugf("Refreshed Meta: %s", meta.Name)
+		return nil
+	})
+}
+
 // EnsureBuckets puts a Meta information and create a buket that holds changelogs.
 func (b Bolt) EnsureBuckets(meta Meta) error {
 	jsonBytes, err := json.Marshal(meta)
@@ -123,12 +141,12 @@ func (b Bolt) EnsureBuckets(meta Meta) error {
 	})
 }
 
-// PrettyPrint is for debuging
+// PrettyPrint is for debug
 func (b Bolt) PrettyPrint(meta Meta) error {
 	return b.db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(metabucket))
 		v := bkt.Get([]byte(meta.Name))
-		b.Log.Debugf("key:%s, value:%s", meta.Name, v)
+		b.Log.Debugf("Meta: key:%s, value:%s", meta.Name, v)
 
 		bkt = tx.Bucket([]byte(meta.Name))
 		c := bkt.Cursor()
@@ -145,7 +163,7 @@ func (b Bolt) GetChangelog(servername, packName string) (changelog string, err e
 	err = b.db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
 		if bkt == nil {
-			return fmt.Errorf("Faild to get Bucket: %s", servername)
+			return fmt.Errorf("Failed to get Bucket: %s", servername)
 		}
 		v := bkt.Get([]byte(packName))
 		if v == nil {
@@ -163,11 +181,8 @@ func (b Bolt) PutChangelog(servername, packName, changelog string) error {
 	return b.db.Update(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
 		if bkt == nil {
-			return fmt.Errorf("Faild to get Bucket: %s", servername)
+			return fmt.Errorf("Failed to get Bucket: %s", servername)
 		}
-		if err := bkt.Put([]byte(packName), []byte(changelog)); err != nil {
-			return err
-		}
-		return nil
+		return bkt.Put([]byte(packName), []byte(changelog))
 	})
 }

cache/bolt_test.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -22,10 +22,10 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/boltdb/bolt"
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
+	"github.com/sirupsen/logrus"
 )
 
 const path = "/tmp/vuls-test-cache-11111111.db"
@@ -37,8 +37,8 @@ var meta = Meta{
 		Family:  "ubuntu",
 		Release: "16.04",
 	},
-	Packs: []models.PackageInfo{
-		{
+	Packs: models.Packages{
+		"apt": {
 			Name:    "apt",
 			Version: "1",
 		},
@@ -90,9 +90,12 @@ func TestEnsureBuckets(t *testing.T) {
 	if !found {
 		t.Errorf("Not Found in meta")
 	}
-	if !reflect.DeepEqual(meta, m) {
+	if meta.Name != m.Name || meta.Distro != m.Distro {
 		t.Errorf("expected %v, actual %v", meta, m)
 	}
+	if !reflect.DeepEqual(meta.Packs, m.Packs) {
+		t.Errorf("expected %v, actual %v", meta.Packs, m.Packs)
+	}
 	if err := DB.Close(); err != nil {
 		t.Errorf("Failed to close bolt: %s", err)
 	}

cache/db.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -18,6 +18,8 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package cache
 
 import (
+	"time"
+
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 )
@@ -31,6 +33,7 @@ const metabucket = "changelog-meta"
 type Cache interface {
 	Close() error
 	GetMeta(string) (Meta, bool, error)
+	RefreshMeta(Meta) error
 	EnsureBuckets(Meta) error
 	PrettyPrint(Meta) error
 	GetChangelog(string, string) (string, error)
@@ -40,17 +43,8 @@ type Cache interface {
 // Meta holds a server name, distro information of the scanned server and
 // package information that was collected at the last scan.
 type Meta struct {
-	Name   string
-	Distro config.Distro
-	Packs  []models.PackageInfo
-}
-
-// FindPack search a PackageInfo
-func (m Meta) FindPack(name string) (pack models.PackageInfo, found bool) {
-	for _, p := range m.Packs {
-		if name == p.Name {
-			return p, true
-		}
-	}
-	return pack, false
+	Name      string
+	Distro    config.Distro
+	Packs     models.Packages
+	CreatedAt time.Time
 }

commands/cmdutil.go

@@ -1,21 +0,0 @@
-package commands
-
-import (
-	"fmt"
-
-	"github.com/howeyc/gopass"
-)
-
-func getPasswd(prompt string) (string, error) {
-	for {
-		fmt.Print(prompt)
-		pass, err := gopass.GetPasswdMasked()
-		if err != nil {
-			return "", fmt.Errorf("Failed to read password")
-		}
-		if 0 < len(pass) {
-			return string(pass[:]), nil
-		}
-	}
-
-}

commands/configtest.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -20,12 +20,9 @@ package commands
 import (
 	"context"
 	"flag"
-	"io/ioutil"
 	"os"
 	"path/filepath"
-	"strings"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/google/subcommands"
 
 	c "github.com/future-architect/vuls/config"
@@ -37,9 +34,7 @@ import (
 type ConfigtestCmd struct {
 	configPath     string
 	askKeyPassword bool
-	sshExternal    bool
-
-	debug bool
+	timeoutSec     int
 }
 
 // Name return subcommand name
@@ -52,12 +47,17 @@ func (*ConfigtestCmd) Synopsis() string { return "Test configuration" }
 func (*ConfigtestCmd) Usage() string {
 	return `configtest:
 	configtest
-		        [-config=/path/to/config.toml]
-	        	[-ask-key-password]
-	        	[-ssh-external]
-		        [-debug]
+			[-config=/path/to/config.toml]
+			[-log-dir=/path/to/log]
+			[-ask-key-password]
+			[-timeout=300]
+			[-ssh-external]
+			[-containers-only]
+			[-http-proxy=http://192.168.0.1:8080]
+			[-debug]
+			[-vvv]
 
-		        [SERVER]...
+			[SERVER]...
 `
 }
 
@@ -67,60 +67,62 @@ func (p *ConfigtestCmd) SetFlags(f *flag.FlagSet) {
 	defaultConfPath := filepath.Join(wd, "config.toml")
 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
 
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
 
-	f.BoolVar(
-		&p.askKeyPassword,
-		"ask-key-password",
-		false,
+	f.IntVar(&p.timeoutSec, "timeout", 5*60, "Timeout(Sec)")
+
+	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
 		"Ask ssh privatekey password before scanning",
 	)
 
-	f.BoolVar(
-		&p.sshExternal,
-		"ssh-external",
-		false,
-		"Use external ssh command. Default: Use the Go native implementation")
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")
+
+	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
+		"Use Native Go implementation of SSH. Default: Use the external command")
+
+	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
+		"Use SSH options specified in ssh_config preferentially")
+
+	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
+		"Test containers only. Default: Test both of hosts and containers")
+
+	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")
 }
 
 // Execute execute
 func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	// Setup Logger
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+
+	if err := mkdirDotVuls(); err != nil {
+		util.Log.Errorf("Failed to create .vuls: %s", err)
+		return subcommands.ExitUsageError
+	}
 
 	var keyPass string
 	var err error
 	if p.askKeyPassword {
 		prompt := "SSH key password: "
 		if keyPass, err = getPasswd(prompt); err != nil {
-			logrus.Error(err)
+			util.Log.Error(err)
 			return subcommands.ExitFailure
 		}
 	}
 
-	c.Conf.Debug = p.debug
-	c.Conf.SSHExternal = p.sshExternal
-
 	err = c.Load(p.configPath, keyPass)
 	if err != nil {
-		logrus.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("If you update Vuls and get this error, there may be incompatible changes in config.toml")
+		util.Log.Errorf("Please check README: https://github.com/future-architect/vuls#configuration")
 		return subcommands.ExitUsageError
 	}
 
 	var servernames []string
 	if 0 < len(f.Args()) {
 		servernames = f.Args()
-	} else {
-		stat, _ := os.Stdin.Stat()
-		if (stat.Mode() & os.ModeCharDevice) == 0 {
-			bytes, err := ioutil.ReadAll(os.Stdin)
-			if err != nil {
-				logrus.Errorf("Failed to read stdin: %s", err)
-				return subcommands.ExitFailure
-			}
-			fields := strings.Fields(string(bytes))
-			if 0 < len(fields) {
-				servernames = fields
-			}
-		}
 	}
 
 	target := make(map[string]c.ServerInfo)
@@ -134,7 +136,7 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa
 			}
 		}
 		if !found {
-			logrus.Errorf("%s is not in config", arg)
+			util.Log.Errorf("%s is not in config", arg)
 			return subcommands.ExitUsageError
 		}
 	}
@@ -142,25 +144,33 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa
 		c.Conf.Servers = target
 	}
 
-	// logger
-	Log := util.NewCustomLogger(c.ServerInfo{})
-
-	Log.Info("Validating Config...")
+	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnConfigtest() {
 		return subcommands.ExitUsageError
 	}
 
-	Log.Info("Detecting Server/Contianer OS... ")
-	if err := scan.InitServers(Log); err != nil {
-		Log.Errorf("Failed to init servers: %s", err)
+	util.Log.Info("Detecting Server/Container OS... ")
+	if err := scan.InitServers(p.timeoutSec); err != nil {
+		util.Log.Errorf("Failed to init servers: %s", err)
 		return subcommands.ExitFailure
 	}
 
-	Log.Info("Checking sudo configuration... ")
-	if err := scan.CheckIfSudoNoPasswd(Log); err != nil {
-		Log.Errorf("Failed to sudo with nopassword via SSH. Define NOPASSWD in /etc/sudoers on target servers. err: %s", err)
+	util.Log.Info("Checking Scan Modes...")
+	if err := scan.CheckScanModes(); err != nil {
+		util.Log.Errorf("Fix config.toml: %s", err)
 		return subcommands.ExitFailure
 	}
-	scan.PrintSSHableServerNames()
-	return subcommands.ExitSuccess
+
+	util.Log.Info("Checking dependencies...")
+	scan.CheckDependencies(p.timeoutSec)
+
+	util.Log.Info("Checking sudo settings...")
+	scan.CheckIfSudoNoPasswd(p.timeoutSec)
+
+	util.Log.Info("It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode")
+
+	if scan.PrintSSHableServerNames() {
+		return subcommands.ExitSuccess
+	}
+	return subcommands.ExitFailure
 }

commands/discover.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -27,8 +27,8 @@ import (
 
 	"github.com/google/subcommands"
 
-	"github.com/Sirupsen/logrus"
 	ps "github.com/kotakanbe/go-pingscanner"
+	"github.com/sirupsen/logrus"
 )
 
 // DiscoverCmd is Subcommand of host discovery mode
@@ -57,6 +57,7 @@ func (p *DiscoverCmd) SetFlags(f *flag.FlagSet) {
 func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
 	// validate
 	if len(f.Args()) == 0 {
+		logrus.Errorf("Usage: " + p.Usage())
 		return subcommands.ExitUsageError
 	}
 
@@ -65,7 +66,6 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
 			CIDR: cidr,
 			PingOptions: []string{
 				"-c1",
-				"-t1",
 			},
 			NumOfConcurrency: 100,
 		}
@@ -87,63 +87,140 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
 	return subcommands.ExitSuccess
 }
 
-// Output the tmeplate of config.toml
+// Output the template of config.toml
 func printConfigToml(ips []string) (err error) {
-	const tomlTempale = `
-[slack]
-hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-channel      = "#channel-name"
-#channel      = "${servername}"
-iconEmoji    = ":ghost:"
-authUser     = "username"
-notifyUsers  = ["@username"]
+	const tomlTemplate = `
 
-[email]
-smtpAddr      = "smtp.gmail.com"
-smtpPort      = "587"
-user          = "username"
-password      = "password"
-from          = "from@address.com"
-to            = ["to@address.com"]
-cc            = ["cc@address.com"]
-subjectPrefix = "[vuls]"
+# TODO Doc Link
+[cveDict]
+type        = "sqlite3"
+sqlite3Path = "/path/to/cve.sqlite3"
+#url        = ""
 
+# TODO Doc Link
+[ovalDict]
+type        = "sqlite3"
+sqlite3Path = "/path/to/oval.sqlite3"
+#url        = ""
+
+# TODO Doc Link
+[gost]
+type        = "sqlite3"
+sqlite3Path = "/path/to/gost.sqlite3"
+#url        = ""
+
+# https://vuls.io/docs/en/usage-settings.html#slack-section
+#[slack]
+#hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
+##legacyToken = "xoxp-11111111111-222222222222-3333333333"
+#channel      = "#channel-name"
+##channel     = "${servername}"
+#iconEmoji    = ":ghost:"
+#authUser     = "username"
+#notifyUsers  = ["@username"]
+
+# https://vuls.io/docs/en/usage-settings.html#email-section
+#[email]
+#smtpAddr      = "smtp.example.com"
+#smtpPort      = "587"
+#user          = "username"
+#password      = "password"
+#from          = "from@example.com"
+#to            = ["to@example.com"]
+#cc            = ["cc@example.com"]
+#subjectPrefix = "[vuls]"
+
+# https://vuls.io/docs/en/usage-settings.html#http-section
+#[http]
+#url = "http://localhost:11234"
+
+# https://vuls.io/docs/en/usage-settings.html#syslog-section
+#[syslog]
+#protocol    = "tcp"
+#host        = "localhost"
+#port        = "514"
+#tag         = "vuls"
+#facility    = "local0"
+#severity    = "alert"
+#verbose     = false
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
+#[aws]
+#profile                = "default"
+#region                 = "ap-northeast-1"
+#s3Bucket               = "vuls"
+#s3ResultsDir           = "/path/to/result"
+#s3ServerSideEncryption = "AES256"
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
+#[azure]
+#accountName   = "default"
+#accountKey    = "xxxxxxxxxxxxxx"
+#containerName = "vuls"
+
+# https://vuls.io/docs/en/usage-settings.html#stride-section
+#[stride]
+#hookURL   = "xxxxxxxxxxxxxxx"
+#authToken = "xxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#hipchat-section
+#[hipchat]
+#room      = "vuls"
+#authToken = "xxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#chatwork-section
+#[chatwork]
+#room     = "xxxxxxxxxxx"
+#apiToken = "xxxxxxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#default-section
 [default]
-#port        = "22"
-#user        = "username"
-#keyPath     = "/home/username/.ssh/id_rsa"
+#port               = "22"
+#user               = "username"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
 #cpeNames = [
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
-#dependencyCheckXMLPath = "/tmp/dependency-check-report.xml"
-#containers = ["${running}"]
-#ignoreCves = ["CVE-2014-6271"]
-#optional = [
-#    ["key", "value"],
-#]
+#owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-6271"]
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]
 
+# https://vuls.io/docs/en/usage-settings.html#servers-section
 [servers]
 {{- $names:=  .Names}}
 {{range $i, $ip := .IPs}}
 [servers.{{index $names $i}}]
-host         = "{{$ip}}"
-#port        = "22"
-#user        = "root"
-#keyPath     = "/home/username/.ssh/id_rsa"
-#cpeNames = [
-#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-#]
-#dependencyCheckXMLPath = "/tmp/dependency-check-report.xml"
-#containers = ["${running}"]
-#ignoreCves = ["CVE-2014-0160"]
-#optional = [
-#    ["key", "value"],
-#]
+host                = "{{$ip}}"
+#port               = "22"
+#user               = "root"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
+#type               = "pseudo"
+#memo               = "DB Server"
+#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-0160"]
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]
+
+#[servers.{{index $names $i}}.containers.container_name_a]
+#cpeNames       = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath = "/path/to/dependency-check-report.xml"
+#ignoreCves     = ["CVE-2014-0160"]
+
+#[servers.{{index $names $i}}.optional]
+#key = "value1"
+
+
 {{end}}
 
 `
 	var tpl *template.Template
-	if tpl, err = template.New("tempalte").Parse(tomlTempale); err != nil {
+	if tpl, err = template.New("template").Parse(tomlTemplate); err != nil {
 		return
 	}
 
@@ -161,7 +238,7 @@ host         = "{{$ip}}"
 	}
 	a.Names = names
 
-	fmt.Println("# Create config.toml using below and then ./vuls --config=/path/to/config.toml")
+	fmt.Println("# Create config.toml using below and then ./vuls -config=/path/to/config.toml")
 	if err = tpl.Execute(os.Stdout, a); err != nil {
 		return
 	}

commands/history.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -27,15 +27,12 @@ import (
 	"strings"
 
 	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/report"
 	"github.com/google/subcommands"
 )
 
 // HistoryCmd is Subcommand of list scanned results
-type HistoryCmd struct {
-	debug      bool
-	debugSQL   bool
-	resultsDir string
-}
+type HistoryCmd struct{}
 
 // Name return subcommand name
 func (*HistoryCmd) Name() string { return "history" }
@@ -55,22 +52,18 @@ func (*HistoryCmd) Usage() string {
 
 // SetFlags set flag
 func (p *HistoryCmd) SetFlags(f *flag.FlagSet) {
-	f.BoolVar(&p.debugSQL, "debug-sql", false, "SQL debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
 
 	wd, _ := os.Getwd()
 	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&p.resultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
 }
 
 // Execute execute
 func (p *HistoryCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
 
-	c.Conf.DebugSQL = p.debugSQL
-	c.Conf.ResultsDir = p.resultsDir
-
-	var err error
-	var dirs jsonDirs
-	if dirs, err = lsValidJSONDirs(); err != nil {
+	dirs, err := report.ListValidJSONDirs()
+	if err != nil {
 		return subcommands.ExitFailure
 	}
 	for _, d := range dirs {

commands/prepare.go

@@ -1,185 +0,0 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package commands
-
-import (
-	"context"
-	"flag"
-	"os"
-	"path/filepath"
-
-	"github.com/Sirupsen/logrus"
-	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/scan"
-	"github.com/future-architect/vuls/util"
-	"github.com/google/subcommands"
-)
-
-// PrepareCmd is Subcommand of host discovery mode
-type PrepareCmd struct {
-	debug      bool
-	configPath string
-
-	askSudoPassword bool
-	askKeyPassword  bool
-
-	sshExternal bool
-	assumeYes   bool
-}
-
-// Name return subcommand name
-func (*PrepareCmd) Name() string { return "prepare" }
-
-// Synopsis return synopsis
-func (*PrepareCmd) Synopsis() string {
-	return `Install required packages to scan.
-				CentOS: yum-plugin-security, yum-plugin-changelog
-				Amazon: None
-				RHEL:   None
-				Ubuntu: None
-				Debian: aptitude
-
-	`
-}
-
-// Usage return usage
-func (*PrepareCmd) Usage() string {
-	return `prepare:
-	prepare
-			[-config=/path/to/config.toml]
-			[-ask-key-password]
-			[-assume-yes]
-			[-debug]
-			[-ssh-external]
-
-			[SERVER]...
-`
-}
-
-// SetFlags set flag
-func (p *PrepareCmd) SetFlags(f *flag.FlagSet) {
-
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
-
-	wd, _ := os.Getwd()
-
-	defaultConfPath := filepath.Join(wd, "config.toml")
-	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
-
-	f.BoolVar(
-		&p.askKeyPassword,
-		"ask-key-password",
-		false,
-		"Ask ssh privatekey password before scanning",
-	)
-
-	f.BoolVar(
-		&p.askSudoPassword,
-		"ask-sudo-password",
-		false,
-		"[Deprecated] THIS OPTION WAS REMOVED FOR SECURITY REASONS. Define NOPASSWD in /etc/sudoers on target servers and use SSH key-based authentication",
-	)
-
-	f.BoolVar(
-		&p.sshExternal,
-		"ssh-external",
-		false,
-		"Use external ssh command. Default: Use the Go native implementation")
-
-	f.BoolVar(
-		&p.assumeYes,
-		"assume-yes",
-		false,
-		"Assume any dependencies should be installed")
-
-}
-
-// Execute execute
-func (p *PrepareCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	var keyPass string
-	var err error
-	if p.askKeyPassword {
-		prompt := "SSH key password: "
-		if keyPass, err = getPasswd(prompt); err != nil {
-			logrus.Error(err)
-			return subcommands.ExitFailure
-		}
-	}
-	if p.askSudoPassword {
-		logrus.Errorf("[Deprecated] -ask-sudo-password WAS REMOVED FOR SECURITY REASONS. Define NOPASSWD in /etc/sudoers on target servers and use SSH key-based authentication")
-		return subcommands.ExitFailure
-	}
-
-	err = c.Load(p.configPath, keyPass)
-	if err != nil {
-		logrus.Errorf("Error loading %s, %s", p.configPath, err)
-		return subcommands.ExitUsageError
-	}
-
-	logrus.Infof("Start Preparing (config: %s)", p.configPath)
-	target := make(map[string]c.ServerInfo)
-	for _, arg := range f.Args() {
-		found := false
-		for servername, info := range c.Conf.Servers {
-			if servername == arg {
-				target[servername] = info
-				found = true
-				break
-			}
-		}
-		if !found {
-			logrus.Errorf("%s is not in config", arg)
-			return subcommands.ExitUsageError
-		}
-	}
-	if 0 < len(f.Args()) {
-		c.Conf.Servers = target
-	}
-
-	c.Conf.Debug = p.debug
-	c.Conf.SSHExternal = p.sshExternal
-	c.Conf.AssumeYes = p.assumeYes
-
-	logrus.Info("Validating Config...")
-	if !c.Conf.ValidateOnPrepare() {
-		return subcommands.ExitUsageError
-	}
-	// Set up custom logger
-	logger := util.NewCustomLogger(c.ServerInfo{})
-
-	logger.Info("Detecting OS... ")
-	if err := scan.InitServers(logger); err != nil {
-		logger.Errorf("Failed to init servers: %s", err)
-		return subcommands.ExitFailure
-	}
-
-	logger.Info("Checking sudo configuration... ")
-	if err := scan.CheckIfSudoNoPasswd(logger); err != nil {
-		logger.Errorf("Failed to sudo with nopassword via SSH. Define NOPASSWD in /etc/sudoers on target servers")
-		return subcommands.ExitFailure
-	}
-
-	if errs := scan.Prepare(); 0 < len(errs) {
-		for _, e := range errs {
-			logger.Errorf("Failed to prepare: %s", e)
-		}
-		return subcommands.ExitFailure
-	}
-
-	return subcommands.ExitSuccess
-}

commands/report.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -20,57 +20,27 @@ package commands
 import (
 	"context"
 	"flag"
-	"fmt"
 	"os"
 	"path/filepath"
 
 	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/cveapi"
+	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
-	"github.com/kotakanbe/go-cve-dictionary/log"
+	"github.com/k0kubun/pp"
+	cvelog "github.com/kotakanbe/go-cve-dictionary/log"
 )
 
 // ReportCmd is subcommand for reporting
 type ReportCmd struct {
-	lang       string
-	debug      bool
-	debugSQL   bool
 	configPath string
-	resultsDir string
-	refreshCve bool
-
-	cvssScoreOver      float64
-	ignoreUnscoredCves bool
-	httpProxy          string
-
-	cvedbtype        string
-	cvedbpath        string
-	cveDictionaryURL string
-
-	toSlack     bool
-	toEMail     bool
-	toLocalFile bool
-	toS3        bool
-	toAzureBlob bool
-
-	formatJSON        bool
-	formatXML         bool
-	formatOneLineText bool
-	formatShortText   bool
-	formatFullText    bool
-
-	gzip bool
-
-	awsProfile  string
-	awsS3Bucket string
-	awsRegion   string
-
-	azureAccount   string
-	azureKey       string
-	azureContainer string
+	cvelDict   c.GoCveDictConf
+	ovalDict   c.GovalDictConf
+	gostConf   c.GostConf
+	httpConf   c.HTTPConf
 }
 
 // Name return subcommand name
@@ -86,301 +56,356 @@ func (*ReportCmd) Usage() string {
 		[-lang=en|ja]
 		[-config=/path/to/config.toml]
 		[-results-dir=/path/to/results]
+		[-log-dir=/path/to/log]
 		[-refresh-cve]
-		[-cvedb-type=sqlite3|mysql]
-		[-cvedb-path=/path/to/cve.sqlite3]
-		[-cvedb-url=http://127.0.0.1:1323 or mysql connection string]
 		[-cvss-over=7]
+		[-diff]
 		[-ignore-unscored-cves]
+		[-ignore-unfixed]
 		[-to-email]
+		[-to-http]
 		[-to-slack]
+		[-to-stride]
+		[-to-hipchat]
+		[-to-chatwork]
 		[-to-localfile]
 		[-to-s3]
 		[-to-azure-blob]
+		[-to-saas]
 		[-format-json]
 		[-format-xml]
+		[-format-one-email]
 		[-format-one-line-text]
-		[-format-short-text]
+		[-format-list]
 		[-format-full-text]
 		[-gzip]
-		[-aws-profile=default]
-		[-aws-region=us-west-2]
-		[-aws-s3-bucket=bucket_name]
-		[-azure-account=accout]
-		[-azure-key=key]
-		[-azure-container=container]
+		[-uuid]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-debug]
 		[-debug-sql]
+		[-pipe]
+		[-cvedb-type=sqlite3|mysql|postgres|redis]
+		[-cvedb-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis]
+		[-ovaldb-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis]
+		[-gostdb-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-http="http://vuls-report-server"]
 
-		[SERVER]...
+		[RFC3339 datetime format under results dir]
 `
 }
 
 // SetFlags set flag
 func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
-	f.StringVar(&p.lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
-	f.BoolVar(&p.debugSQL, "debug-sql", false, "SQL debug mode")
+	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
 
 	wd, _ := os.Getwd()
-
 	defaultConfPath := filepath.Join(wd, "config.toml")
 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
 
 	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&p.resultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
 
-	f.BoolVar(
-		&p.refreshCve,
-		"refresh-cve",
-		false,
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+
+	f.BoolVar(&c.Conf.RefreshCve, "refresh-cve", false,
 		"Refresh CVE information in JSON file under results dir")
 
-	f.StringVar(
-		&p.cvedbtype,
-		"cvedb-type",
-		"sqlite3",
-		"DB type for fetching CVE dictionary (sqlite3 or mysql)")
-
-	defaultCveDBPath := filepath.Join(wd, "cve.sqlite3")
-	f.StringVar(
-		&p.cvedbpath,
-		"cvedb-path",
-		defaultCveDBPath,
-		"/path/to/sqlite3 (For get cve detail from cve.sqlite3)")
-
-	f.StringVar(
-		&p.cveDictionaryURL,
-		"cvedb-url",
-		"",
-		"http://cve-dictionary.com:8080 or mysql connection string")
-
-	f.Float64Var(
-		&p.cvssScoreOver,
-		"cvss-over",
-		0,
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
 		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")
 
-	f.BoolVar(
-		&p.ignoreUnscoredCves,
-		"ignore-unscored-cves",
-		false,
+	f.BoolVar(&c.Conf.Diff, "diff", false,
+		"Difference between previous result and current result ")
+
+	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
 		"Don't report the unscored CVEs")
 
+	f.BoolVar(
+		&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't report the unfixed CVEs")
+
 	f.StringVar(
-		&p.httpProxy,
-		"http-proxy",
-		"",
+		&c.Conf.HTTPProxy, "http-proxy", "",
 		"http://proxy-url:port (default: empty)")
 
-	f.BoolVar(&p.formatJSON,
-		"format-json",
-		false,
-		fmt.Sprintf("JSON format"))
+	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
+	f.BoolVar(&c.Conf.FormatXML, "format-xml", false, "XML format")
+	f.BoolVar(&c.Conf.FormatOneEMail, "format-one-email", false,
+		"Send all the host report via only one EMail (Specify with -to-email)")
+	f.BoolVar(&c.Conf.FormatOneLineText, "format-one-line-text", false,
+		"One line summary in plain text")
+	f.BoolVar(&c.Conf.FormatList, "format-list", false, "Display as list format")
+	f.BoolVar(&c.Conf.FormatFullText, "format-full-text", false,
+		"Detail report in plain text")
 
-	f.BoolVar(&p.formatXML,
-		"format-xml",
-		false,
-		fmt.Sprintf("XML format"))
-
-	f.BoolVar(&p.formatOneLineText,
-		"format-one-line-text",
-		false,
-		fmt.Sprintf("One line summary in plain text"))
-
-	f.BoolVar(&p.formatShortText,
-		"format-short-text",
-		false,
-		fmt.Sprintf("Summary in plain text"))
-
-	f.BoolVar(&p.formatFullText,
-		"format-full-text",
-		false,
-		fmt.Sprintf("Detail report in plain text"))
-
-	f.BoolVar(&p.gzip, "gzip", false, "gzip compression")
-
-	f.BoolVar(&p.toSlack, "to-slack", false, "Send report via Slack")
-	f.BoolVar(&p.toEMail, "to-email", false, "Send report via Email")
-	f.BoolVar(&p.toLocalFile,
-		"to-localfile",
-		false,
-		fmt.Sprintf("Write report to localfile"))
-
-	f.BoolVar(&p.toS3,
-		"to-s3",
-		false,
+	f.BoolVar(&c.Conf.ToSlack, "to-slack", false, "Send report via Slack")
+	f.BoolVar(&c.Conf.ToStride, "to-stride", false, "Send report via Stride")
+	f.BoolVar(&c.Conf.ToHipChat, "to-hipchat", false, "Send report via hipchat")
+	f.BoolVar(&c.Conf.ToChatWork, "to-chatwork", false, "Send report via chatwork")
+	f.BoolVar(&c.Conf.ToEmail, "to-email", false, "Send report via Email")
+	f.BoolVar(&c.Conf.ToSyslog, "to-syslog", false, "Send report via Syslog")
+	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
+	f.BoolVar(&c.Conf.ToS3, "to-s3", false,
 		"Write report to S3 (bucket/yyyyMMdd_HHmm/servername.json/xml/txt)")
-	f.StringVar(&p.awsProfile, "aws-profile", "default", "AWS profile to use")
-	f.StringVar(&p.awsRegion, "aws-region", "us-east-1", "AWS region to use")
-	f.StringVar(&p.awsS3Bucket, "aws-s3-bucket", "", "S3 bucket name")
-
-	f.BoolVar(&p.toAzureBlob,
-		"to-azure-blob",
-		false,
+	f.BoolVar(&c.Conf.ToHTTP, "to-http", false, "Send report via HTTP POST")
+	f.BoolVar(&c.Conf.ToAzureBlob, "to-azure-blob", false,
 		"Write report to Azure Storage blob (container/yyyyMMdd_HHmm/servername.json/xml/txt)")
-	f.StringVar(&p.azureAccount,
-		"azure-account",
-		"",
-		"Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified")
-	f.StringVar(&p.azureKey,
-		"azure-key",
-		"",
-		"Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified")
-	f.StringVar(&p.azureContainer, "azure-container", "", "Azure storage container name")
+	f.BoolVar(&c.Conf.ToSaas, "to-saas", false,
+		"Upload report to Future Vuls(https://vuls.biz/) before report")
+
+	f.BoolVar(&c.Conf.GZIP, "gzip", false, "gzip compression")
+	f.BoolVar(&c.Conf.UUID, "uuid", false,
+		"Auto generate of scan target servers and then write to config.toml and scan result")
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE")
+
+	f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.httpConf.URL, "http", "", "-to-http http://vuls-report")
+
 }
 
 // Execute execute
 func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	c.Conf.Debug = p.debug
-	c.Conf.DebugSQL = p.debugSQL
-	Log := util.NewCustomLogger(c.ServerInfo{})
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
 
 	if err := c.Load(p.configPath, ""); err != nil {
-		Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
 		return subcommands.ExitUsageError
 	}
 
-	c.Conf.Lang = p.lang
-	c.Conf.ResultsDir = p.resultsDir
-	c.Conf.CveDBType = p.cvedbtype
-	c.Conf.CveDBPath = p.cvedbpath
-	c.Conf.CveDictionaryURL = p.cveDictionaryURL
-	c.Conf.CvssScoreOver = p.cvssScoreOver
-	c.Conf.IgnoreUnscoredCves = p.ignoreUnscoredCves
-	c.Conf.HTTPProxy = p.httpProxy
+	c.Conf.CveDict.Overwrite(p.cvelDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.HTTP.Overwrite(p.httpConf)
 
-	jsonDir, err := jsonDir(f.Args())
+	var dir string
+	var err error
+	if c.Conf.Diff {
+		dir, err = report.JSONDir([]string{})
+	} else {
+		dir, err = report.JSONDir(f.Args())
+	}
 	if err != nil {
-		log.Errorf("Failed to read from JSON: %s", err)
+		util.Log.Errorf("Failed to read from JSON: %s", err)
 		return subcommands.ExitFailure
 	}
 
-	c.Conf.FormatXML = p.formatXML
-	c.Conf.FormatJSON = p.formatJSON
-	c.Conf.FormatOneLineText = p.formatOneLineText
-	c.Conf.FormatShortText = p.formatShortText
-	c.Conf.FormatFullText = p.formatFullText
-
-	c.Conf.GZIP = p.gzip
-
 	// report
 	reports := []report.ResultWriter{
 		report.StdoutWriter{},
 	}
 
-	if p.toSlack {
+	if c.Conf.ToSlack {
 		reports = append(reports, report.SlackWriter{})
 	}
 
-	if p.toEMail {
+	if c.Conf.ToStride {
+		reports = append(reports, report.StrideWriter{})
+	}
+
+	if c.Conf.ToHipChat {
+		reports = append(reports, report.HipChatWriter{})
+	}
+
+	if c.Conf.ToChatWork {
+		reports = append(reports, report.ChatWorkWriter{})
+	}
+
+	if c.Conf.ToEmail {
 		reports = append(reports, report.EMailWriter{})
 	}
 
-	if p.toLocalFile {
+	if c.Conf.ToSyslog {
+		reports = append(reports, report.SyslogWriter{})
+	}
+
+	if c.Conf.ToHTTP {
+		reports = append(reports, report.HTTPRequestWriter{})
+	}
+
+	if c.Conf.ToLocalFile {
 		reports = append(reports, report.LocalFileWriter{
-			CurrentDir: jsonDir,
+			CurrentDir: dir,
 		})
 	}
 
-	if p.toS3 {
-		c.Conf.AwsRegion = p.awsRegion
-		c.Conf.AwsProfile = p.awsProfile
-		c.Conf.S3Bucket = p.awsS3Bucket
+	if c.Conf.ToS3 {
 		if err := report.CheckIfBucketExists(); err != nil {
-			Log.Errorf("Check if there is a bucket beforehand: %s, err: %s", c.Conf.S3Bucket, err)
+			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %s",
+				c.Conf.AWS.S3Bucket, err)
 			return subcommands.ExitUsageError
 		}
 		reports = append(reports, report.S3Writer{})
 	}
 
-	if p.toAzureBlob {
-		c.Conf.AzureAccount = p.azureAccount
-		if len(c.Conf.AzureAccount) == 0 {
-			c.Conf.AzureAccount = os.Getenv("AZURE_STORAGE_ACCOUNT")
+	if c.Conf.ToAzureBlob {
+		if len(c.Conf.Azure.AccountName) == 0 {
+			c.Conf.Azure.AccountName = os.Getenv("AZURE_STORAGE_ACCOUNT")
 		}
 
-		c.Conf.AzureKey = p.azureKey
-		if len(c.Conf.AzureKey) == 0 {
-			c.Conf.AzureKey = os.Getenv("AZURE_STORAGE_ACCESS_KEY")
+		if len(c.Conf.Azure.AccountKey) == 0 {
+			c.Conf.Azure.AccountKey = os.Getenv("AZURE_STORAGE_ACCESS_KEY")
 		}
 
-		c.Conf.AzureContainer = p.azureContainer
-		if len(c.Conf.AzureContainer) == 0 {
-			Log.Error("Azure storage container name is requied with --azure-container option")
+		if len(c.Conf.Azure.ContainerName) == 0 {
+			util.Log.Error("Azure storage container name is required with -azure-container option")
 			return subcommands.ExitUsageError
 		}
 		if err := report.CheckIfAzureContainerExists(); err != nil {
-			Log.Errorf("Check if there is a container beforehand: %s, err: %s", c.Conf.AzureContainer, err)
+			util.Log.Errorf("Check if there is a container beforehand: %s, err: %s",
+				c.Conf.Azure.ContainerName, err)
 			return subcommands.ExitUsageError
 		}
 		reports = append(reports, report.AzureBlobWriter{})
 	}
 
-	if !(p.formatJSON || p.formatOneLineText ||
-		p.formatShortText || p.formatFullText || p.formatXML) {
-		c.Conf.FormatShortText = true
+	if c.Conf.ToSaas {
+		if !c.Conf.UUID {
+			util.Log.Errorf("If you use the -to-saas option, you need to enable the uuid option")
+			return subcommands.ExitUsageError
+		}
+		reports = append(reports, report.SaasWriter{})
 	}
 
-	Log.Info("Validating Config...")
+	if !(c.Conf.FormatJSON || c.Conf.FormatOneLineText ||
+		c.Conf.FormatList || c.Conf.FormatFullText || c.Conf.FormatXML) {
+		c.Conf.FormatList = true
+	}
+
+	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnReport() {
 		return subcommands.ExitUsageError
 	}
-	if ok, err := cveapi.CveClient.CheckHealth(); !ok {
-		Log.Errorf("CVE HTTP server is not running. err: %s", err)
-		Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with --cvedb-path option")
+
+	var loaded models.ScanResults
+	if loaded, err = report.LoadScanResults(dir); err != nil {
+		util.Log.Error(err)
 		return subcommands.ExitFailure
 	}
-	if c.Conf.CveDictionaryURL != "" {
-		Log.Infof("cve-dictionary: %s", c.Conf.CveDictionaryURL)
-	} else {
-		if c.Conf.CveDBType == "sqlite3" {
-			Log.Infof("cve-dictionary: %s", c.Conf.CveDBPath)
-		}
-	}
-
-	history, err := loadOneScanHistory(jsonDir)
-
-	var results []models.ScanResult
-	for _, r := range history.ScanResults {
-		if p.refreshCve || needToRefreshCve(r) {
-			Log.Debugf("need to refresh")
-			if c.Conf.CveDBType == "sqlite3" {
-				if _, err := os.Stat(c.Conf.CveDBPath); os.IsNotExist(err) {
-					log.Errorf("SQLite3 DB(CVE-Dictionary) is not exist: %s",
-						c.Conf.CveDBPath)
-					return subcommands.ExitFailure
-				}
-			}
-
-			filled, err := fillCveInfoFromCveDB(r)
-			if err != nil {
-				Log.Errorf("Failed to fill CVE information: %s", err)
-				return subcommands.ExitFailure
-			}
-			filled.Lang = c.Conf.Lang
-
-			if err := overwriteJSONFile(jsonDir, filled); err != nil {
-				Log.Errorf("Failed to write JSON: %s", err)
-				return subcommands.ExitFailure
-			}
-			results = append(results, filled)
-		} else {
-			Log.Debugf("no need to refresh")
-			results = append(results, r)
-		}
-	}
+	util.Log.Infof("Loaded: %s", dir)
 
 	var res models.ScanResults
-	for _, r := range results {
-		res = append(res, r.FilterByCvssOver())
+	for _, r := range loaded {
+		if len(r.Errors) == 0 {
+			res = append(res, r)
+		} else {
+			util.Log.Warnf("Ignored since errors occurred during scanning: %s",
+				r.ServerName)
+		}
 	}
-	for _, w := range reports {
-		if err := w.Write(res...); err != nil {
-			Log.Errorf("Failed to report: %s", err)
+
+	for _, r := range res {
+		util.Log.Debugf("%s: %s",
+			r.ServerInfo(),
+			pp.Sprintf("%s", c.Conf.Servers[r.ServerName]))
+	}
+
+	if c.Conf.UUID {
+		// Ensure UUIDs of scan target servers in config.toml
+		if err := report.EnsureUUIDs(p.configPath, res); err != nil {
+			util.Log.Errorf("Failed to ensure UUIDs: %s", err)
 			return subcommands.ExitFailure
 		}
 	}
+
+	if !c.Conf.ToSaas {
+		util.Log.Info("Validating db config...")
+		if !c.Conf.ValidateOnReportDB() {
+			return subcommands.ExitUsageError
+		}
+
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-path option instead of -cvedb-url")
+			return subcommands.ExitFailure
+		}
+		if c.Conf.CveDict.URL != "" {
+			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
+		} else {
+			if c.Conf.CveDict.Type == "sqlite3" {
+				util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
+			}
+		}
+
+		if c.Conf.OvalDict.URL != "" {
+			util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
+			err := oval.Base{}.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
+				util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-path option instead of -ovaldb-url")
+				return subcommands.ExitFailure
+			}
+		} else {
+			if c.Conf.OvalDict.Type == "sqlite3" {
+				util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
+			}
+		}
+
+		if c.Conf.Gost.URL != "" {
+			util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+			err := gost.Base{}.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("gost HTTP server is not running. err: %s", err)
+				util.Log.Errorf("Run gost as server mode before reporting or run with -gostdb-path option instead of -gostdb-url")
+				return subcommands.ExitFailure
+			}
+		} else {
+			if c.Conf.Gost.Type == "sqlite3" {
+				util.Log.Infof("gost: %s", c.Conf.Gost.SQLite3Path)
+			}
+		}
+		dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+			CveDictCnf:  c.Conf.CveDict,
+			OvalDictCnf: c.Conf.OvalDict,
+			GostCnf:     c.Conf.Gost,
+			DebugSQL:    c.Conf.DebugSQL,
+		})
+		if locked {
+			util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
+			return subcommands.ExitFailure
+		}
+		if err != nil {
+			util.Log.Errorf("Failed to init DB Clients: %s", err)
+			return subcommands.ExitFailure
+		}
+		defer dbclient.CloseDB()
+
+		if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
+			util.Log.Error(err)
+			return subcommands.ExitFailure
+		}
+	}
+
+	for _, w := range reports {
+		if err := w.Write(res...); err != nil {
+			util.Log.Errorf("Failed to report: %s", err)
+			return subcommands.ExitFailure
+		}
+	}
+
 	return subcommands.ExitSuccess
 }

commands/scan.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -26,7 +26,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/Sirupsen/logrus"
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/scan"
 	"github.com/future-architect/vuls/util"
@@ -36,15 +35,10 @@ import (
 
 // ScanCmd is Subcommand of host discovery mode
 type ScanCmd struct {
-	debug          bool
 	configPath     string
-	resultsDir     string
-	cacheDBPath    string
-	httpProxy      string
 	askKeyPassword bool
-	containersOnly bool
-	skipBroken     bool
-	sshExternal    bool
+	timeoutSec     int
+	scanTimeoutSec int
 }
 
 // Name return subcommand name
@@ -59,13 +53,19 @@ func (*ScanCmd) Usage() string {
 	scan
 		[-config=/path/to/config.toml]
 		[-results-dir=/path/to/results]
+		[-log-dir=/path/to/log]
 		[-cachedb-path=/path/to/cache.db]
-		[-ssh-external]
+		[-ssh-native-insecure]
+		[-ssh-config]
 		[-containers-only]
 		[-skip-broken]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-ask-key-password]
+		[-timeout=300]
+		[-timeout-scan=7200]
 		[-debug]
+		[-pipe]
+		[-vvv]
 
 		[SERVER]...
 `
@@ -73,93 +73,96 @@ func (*ScanCmd) Usage() string {
 
 // SetFlags set flag
 func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
 
 	wd, _ := os.Getwd()
-
 	defaultConfPath := filepath.Join(wd, "config.toml")
 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
 
 	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&p.resultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
 
 	defaultCacheDBPath := filepath.Join(wd, "cache.db")
-	f.StringVar(
-		&p.cacheDBPath,
-		"cachedb-path",
-		defaultCacheDBPath,
+	f.StringVar(&c.Conf.CacheDBPath, "cachedb-path", defaultCacheDBPath,
 		"/path/to/cache.db (local cache of changelog for Ubuntu/Debian)")
 
-	f.BoolVar(
-		&p.sshExternal,
-		"ssh-external",
-		false,
-		"Use external ssh command. Default: Use the Go native implementation")
+	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
+		"Use Native Go implementation of SSH. Default: Use the external command")
 
-	f.BoolVar(
-		&p.containersOnly,
-		"containers-only",
-		false,
+	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
+		"Use SSH options specified in ssh_config preferentially")
+
+	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
 		"Scan containers only. Default: Scan both of hosts and containers")
 
-	f.BoolVar(
-		&p.skipBroken,
-		"skip-broken",
-		false,
+	f.BoolVar(&c.Conf.SkipBroken, "skip-broken", false,
 		"[For CentOS] yum update changelog with --skip-broken option")
 
-	f.StringVar(
-		&p.httpProxy,
-		"http-proxy",
-		"",
-		"http://proxy-url:port (default: empty)",
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")
+
+	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
+		"Ask ssh privatekey password before scanning",
 	)
 
-	f.BoolVar(
-		&p.askKeyPassword,
-		"ask-key-password",
-		false,
-		"Ask ssh privatekey password before scanning",
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
+	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")
+
+	f.IntVar(&p.timeoutSec, "timeout", 5*60,
+		"Number of seconds for processing other than scan",
+	)
+
+	f.IntVar(&p.scanTimeoutSec, "timeout-scan", 120*60,
+		"Number of seconds for scanning vulnerabilities for all servers",
 	)
 }
 
 // Execute execute
 func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	// Setup Logger
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+
+	if err := mkdirDotVuls(); err != nil {
+		util.Log.Errorf("Failed to create .vuls: %s", err)
+		return subcommands.ExitUsageError
+	}
+
 	var keyPass string
 	var err error
 	if p.askKeyPassword {
 		prompt := "SSH key password: "
 		if keyPass, err = getPasswd(prompt); err != nil {
-			logrus.Error(err)
+			util.Log.Error(err)
 			return subcommands.ExitFailure
 		}
 	}
 
-	c.Conf.Debug = p.debug
 	err = c.Load(p.configPath, keyPass)
 	if err != nil {
-		logrus.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("If you update Vuls and get this error, there may be incompatible changes in config.toml")
+		util.Log.Errorf("Please check README: https://github.com/future-architect/vuls#configuration")
 		return subcommands.ExitUsageError
 	}
 
-	logrus.Info("Start scanning")
-	logrus.Infof("config: %s", p.configPath)
+	util.Log.Info("Start scanning")
+	util.Log.Infof("config: %s", p.configPath)
 
 	var servernames []string
 	if 0 < len(f.Args()) {
 		servernames = f.Args()
-	} else {
-		stat, _ := os.Stdin.Stat()
-		if (stat.Mode() & os.ModeCharDevice) == 0 {
-			bytes, err := ioutil.ReadAll(os.Stdin)
-			if err != nil {
-				logrus.Errorf("Failed to read stdin: %s", err)
-				return subcommands.ExitFailure
-			}
-			fields := strings.Fields(string(bytes))
-			if 0 < len(fields) {
-				servernames = fields
-			}
+	} else if c.Conf.Pipe {
+		bytes, err := ioutil.ReadAll(os.Stdin)
+		if err != nil {
+			util.Log.Errorf("Failed to read stdin: %s", err)
+			return subcommands.ExitFailure
+		}
+		fields := strings.Fields(string(bytes))
+		if 0 < len(fields) {
+			servernames = fields
 		}
 	}
 
@@ -174,50 +177,38 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 			}
 		}
 		if !found {
-			logrus.Errorf("%s is not in config", arg)
+			util.Log.Errorf("%s is not in config", arg)
 			return subcommands.ExitUsageError
 		}
 	}
 	if 0 < len(servernames) {
 		c.Conf.Servers = target
 	}
-	logrus.Debugf("%s", pp.Sprintf("%v", target))
+	util.Log.Debugf("%s", pp.Sprintf("%v", target))
 
-	// logger
-	Log := util.NewCustomLogger(c.ServerInfo{})
-
-	c.Conf.ResultsDir = p.resultsDir
-	c.Conf.CacheDBPath = p.cacheDBPath
-	c.Conf.SSHExternal = p.sshExternal
-	c.Conf.HTTPProxy = p.httpProxy
-	c.Conf.ContainersOnly = p.containersOnly
-	c.Conf.SkipBroken = p.skipBroken
-
-	Log.Info("Validating Config...")
+	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnScan() {
 		return subcommands.ExitUsageError
 	}
 
-	Log.Info("Detecting Server/Contianer OS... ")
-	if err := scan.InitServers(Log); err != nil {
-		Log.Errorf("Failed to init servers: %s", err)
+	util.Log.Info("Detecting Server/Container OS... ")
+	if err := scan.InitServers(p.timeoutSec); err != nil {
+		util.Log.Errorf("Failed to init servers: %s", err)
 		return subcommands.ExitFailure
 	}
 
-	Log.Info("Checking sudo configuration... ")
-	if err := scan.CheckIfSudoNoPasswd(Log); err != nil {
-		Log.Errorf("Failed to sudo with nopassword via SSH. Define NOPASSWD in /etc/sudoers on target servers")
+	util.Log.Info("Checking Scan Modes... ")
+	if err := scan.CheckScanModes(); err != nil {
+		util.Log.Errorf("Fix config.toml: %s", err)
 		return subcommands.ExitFailure
 	}
 
-	Log.Info("Detecting Platforms... ")
-	scan.DetectPlatforms(Log)
+	util.Log.Info("Detecting Platforms... ")
+	scan.DetectPlatforms(p.timeoutSec)
 
-	Log.Info("Scanning vulnerabilities... ")
-	if errs := scan.Scan(); 0 < len(errs) {
-		for _, e := range errs {
-			Log.Errorf("Failed to scan. err: %s", e)
-		}
+	util.Log.Info("Scanning vulnerabilities... ")
+	if err := scan.Scan(p.scanTimeoutSec); err != nil {
+		util.Log.Errorf("Failed to scan. err: %s", err)
 		return subcommands.ExitFailure
 	}
 	fmt.Printf("\n\n\n")

commands/server.go

@@ -0,0 +1,219 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package commands
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	// "github.com/future-architect/vuls/Server"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/oval"
+	"github.com/future-architect/vuls/report"
+	"github.com/future-architect/vuls/server"
+	"github.com/future-architect/vuls/util"
+	"github.com/google/subcommands"
+	cvelog "github.com/kotakanbe/go-cve-dictionary/log"
+)
+
+// ServerCmd is subcommand for server
+type ServerCmd struct {
+	configPath string
+	listen     string
+	cvelDict   c.GoCveDictConf
+	ovalDict   c.GovalDictConf
+	gostConf   c.GostConf
+}
+
+// Name return subcommand name
+func (*ServerCmd) Name() string { return "server" }
+
+// Synopsis return synopsis
+func (*ServerCmd) Synopsis() string { return "Server" }
+
+// Usage return usage
+func (*ServerCmd) Usage() string {
+	return `Server:
+	Server
+		[-lang=en|ja]
+		[-config=/path/to/config.toml]
+		[-log-dir=/path/to/log]
+		[-cvss-over=7]
+		[-diff]
+		[-ignore-unscored-cves]
+		[-ignore-unfixed]
+		[-to-email]
+		[-to-slack]
+		[-to-stride]
+		[-to-hipchat]
+		[-to-chatwork]
+		[-to-localfile]
+		[-to-s3]
+		[-to-azure-blob]
+		[-format-json]
+		[-format-xml]
+		[-format-one-email]
+		[-format-one-line-text]
+		[-format-list]
+		[-format-full-text]
+		[-http-proxy=http://192.168.0.1:8080]
+		[-debug]
+		[-debug-sql]
+		[-listen=localhost:5515]
+		[-cvedb-type=sqlite3|mysql|postgres|redis]
+		[-cvedb-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis]
+		[-ovaldb-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis]
+		[-gostdb-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+
+		[RFC3339 datetime format under results dir]
+`
+}
+
+// SetFlags set flag
+func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
+	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
+
+	wd, _ := os.Getwd()
+	defaultConfPath := filepath.Join(wd, "config.toml")
+	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+
+	defaultResultsDir := filepath.Join(wd, "results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
+		"-cvss-over=6.5 means Servering CVSS Score 6.5 and over (default: 0 (means Server all))")
+
+	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
+		"Don't Server the unscored CVEs")
+
+	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't Server the unfixed CVEs")
+
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")
+
+	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
+
+	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
+	f.StringVar(&p.listen, "listen", "localhost:5515",
+		"host:port (default: localhost:5515)")
+
+	f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
+}
+
+// Execute execute
+func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
+
+	c.Conf.CveDict.Overwrite(p.cvelDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+
+	util.Log.Info("Validating config...")
+	if !c.Conf.ValidateOnReport() {
+		return subcommands.ExitUsageError
+	}
+
+	if err := report.CveClient.CheckHealth(); err != nil {
+		util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
+		util.Log.Errorf("Run go-cve-dictionary as server mode before Servering or run with -cvedb-path option")
+		return subcommands.ExitFailure
+	}
+	if c.Conf.CveDict.URL != "" {
+		util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
+	} else {
+		if c.Conf.CveDict.Type == "sqlite3" {
+			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
+		}
+	}
+
+	if c.Conf.OvalDict.URL != "" {
+		util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
+		err := oval.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run goval-dictionary as server mode before Servering or run with -ovaldb-path option")
+			return subcommands.ExitFailure
+		}
+	} else {
+		if c.Conf.OvalDict.Type == "sqlite3" {
+			util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
+		}
+	}
+
+	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+		CveDictCnf:  c.Conf.CveDict,
+		OvalDictCnf: c.Conf.OvalDict,
+		GostCnf:     c.Conf.Gost,
+		DebugSQL:    c.Conf.DebugSQL,
+	})
+	if locked {
+		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	if err != nil {
+		util.Log.Errorf("Failed to init DB Clients: %s", err)
+		return subcommands.ExitFailure
+	}
+
+	defer dbclient.CloseDB()
+
+	http.Handle("/vuls", server.VulsHandler{DBclient: *dbclient})
+	http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, "ok")
+	})
+	util.Log.Infof("Listening on %s", p.listen)
+	if err := http.ListenAndServe(p.listen, nil); err != nil {
+		util.Log.Errorf("Failed to start server: %s", err)
+		return subcommands.ExitFailure
+	}
+	return subcommands.ExitSuccess
+}

commands/tui.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -23,41 +23,52 @@ import (
 	"os"
 	"path/filepath"
 
-	log "github.com/Sirupsen/logrus"
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/report"
+	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
+	cvelog "github.com/kotakanbe/go-cve-dictionary/log"
 )
 
 // TuiCmd is Subcommand of host discovery mode
 type TuiCmd struct {
-	lang       string
-	debugSQL   bool
-	resultsDir string
-
-	refreshCve       bool
-	cvedbtype        string
-	cvedbpath        string
-	cveDictionaryURL string
+	configPath string
+	cvelDict   c.GoCveDictConf
+	ovalDict   c.GovalDictConf
+	gostConf   c.GostConf
 }
 
 // Name return subcommand name
 func (*TuiCmd) Name() string { return "tui" }
 
 // Synopsis return synopsis
-func (*TuiCmd) Synopsis() string { return "Run Tui view to anayze vulnerabilites" }
+func (*TuiCmd) Synopsis() string { return "Run Tui view to analyze vulnerabilities" }
 
 // Usage return usage
 func (*TuiCmd) Usage() string {
 	return `tui:
 	tui
-		[-cvedb-type=sqlite3|mysql]
-		[-cvedb-path=/path/to/cve.sqlite3]
-		[-cvedb-url=http://127.0.0.1:1323 or mysql connection string]
-		[-results-dir=/path/to/results]
 		[-refresh-cve]
+		[-config=/path/to/config.toml]
+		[-cvss-over=7]
+		[-diff]
+		[-ignore-unscored-cves]
+		[-ignore-unfixed]
+		[-results-dir=/path/to/results]
+		[-log-dir=/path/to/log]
+		[-debug]
 		[-debug-sql]
+		[-pipe]
+		[-cvedb-type=sqlite3|mysql|postgres|redis]
+		[-cvedb-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis]
+		[-ovaldb-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis]
+		[-gostdb-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
 
 `
 }
@@ -65,90 +76,117 @@ func (*TuiCmd) Usage() string {
 // SetFlags set flag
 func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
 	//  f.StringVar(&p.lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&p.debugSQL, "debug-sql", false, "debug SQL")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "debug SQL")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
 
 	wd, _ := os.Getwd()
 	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&p.resultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
 
-	f.BoolVar(
-		&p.refreshCve,
-		"refresh-cve",
-		false,
+	defaultConfPath := filepath.Join(wd, "config.toml")
+	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+
+	f.BoolVar(&c.Conf.RefreshCve, "refresh-cve", false,
 		"Refresh CVE information in JSON file under results dir")
 
-	f.StringVar(
-		&p.cvedbtype,
-		"cvedb-type",
-		"sqlite3",
-		"DB type for fetching CVE dictionary (sqlite3 or mysql)")
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
+		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")
 
-	defaultCveDBPath := filepath.Join(wd, "cve.sqlite3")
-	f.StringVar(
-		&p.cvedbpath,
-		"cvedb-path",
-		defaultCveDBPath,
-		"/path/to/sqlite3 (For get cve detail from cve.sqlite3)")
+	f.BoolVar(&c.Conf.Diff, "diff", false,
+		"Difference between previous result and current result ")
 
-	f.StringVar(
-		&p.cveDictionaryURL,
-		"cvedb-url",
-		"",
-		"http://cve-dictionary.com:8080 or mysql connection string")
+	f.BoolVar(
+		&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
+		"Don't report the unscored CVEs")
+
+	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't report the unfixed CVEs")
+
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
+
+	f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
 }
 
 // Execute execute
 func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
 	c.Conf.Lang = "en"
-	c.Conf.DebugSQL = p.debugSQL
-	c.Conf.ResultsDir = p.resultsDir
-	c.Conf.CveDBType = p.cvedbtype
-	c.Conf.CveDBPath = p.cvedbpath
-	c.Conf.CveDictionaryURL = p.cveDictionaryURL
 
-	log.Info("Validating Config...")
+	// Setup Logger
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
+
+	if err := c.Load(p.configPath, ""); err != nil {
+		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		return subcommands.ExitUsageError
+	}
+
+	c.Conf.CveDict.Overwrite(p.cvelDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+
+	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnTui() {
 		return subcommands.ExitUsageError
 	}
 
-	jsonDir, err := jsonDir(f.Args())
+	var dir string
+	var err error
+	if c.Conf.Diff {
+		dir, err = report.JSONDir([]string{})
+	} else {
+		dir, err = report.JSONDir(f.Args())
+	}
 	if err != nil {
-		log.Errorf("Failed to read json dir under results: %s", err)
+		util.Log.Errorf("Failed to read from JSON: %s", err)
+		return subcommands.ExitFailure
+	}
+	var res models.ScanResults
+	if res, err = report.LoadScanResults(dir); err != nil {
+		util.Log.Error(err)
+		return subcommands.ExitFailure
+	}
+	util.Log.Infof("Loaded: %s", dir)
+
+	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+		CveDictCnf:  c.Conf.CveDict,
+		OvalDictCnf: c.Conf.OvalDict,
+		GostCnf:     c.Conf.Gost,
+		DebugSQL:    c.Conf.DebugSQL,
+	})
+	if locked {
+		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
 		return subcommands.ExitFailure
 	}
 
-	history, err := loadOneScanHistory(jsonDir)
 	if err != nil {
-		log.Errorf("Failed to read from JSON: %s", err)
+		util.Log.Errorf("Failed to init DB Clients: %s", err)
 		return subcommands.ExitFailure
 	}
 
-	var results []models.ScanResult
-	for _, r := range history.ScanResults {
-		if p.refreshCve || needToRefreshCve(r) {
-			if c.Conf.CveDBType == "sqlite3" {
-				if _, err := os.Stat(c.Conf.CveDBPath); os.IsNotExist(err) {
-					log.Errorf("SQLite3 DB(CVE-Dictionary) is not exist: %s",
-						c.Conf.CveDBPath)
-					return subcommands.ExitFailure
-				}
-			}
+	defer dbclient.CloseDB()
 
-			filled, err := fillCveInfoFromCveDB(r)
-			if err != nil {
-				log.Errorf("Failed to fill CVE information: %s", err)
-				return subcommands.ExitFailure
-			}
-
-			if err := overwriteJSONFile(jsonDir, filled); err != nil {
-				log.Errorf("Failed to write JSON: %s", err)
-				return subcommands.ExitFailure
-			}
-			results = append(results, filled)
-		} else {
-			results = append(results, r)
-		}
+	if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
+		util.Log.Error(err)
+		return subcommands.ExitFailure
 	}
-	history.ScanResults = results
-	return report.RunTui(history)
+	return report.RunTui(res)
 }

commands/util.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -18,208 +18,38 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package commands
 
 import (
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
-	"regexp"
-	"sort"
-	"strings"
 
-	c "github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/cveapi"
-	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/report"
-	"github.com/future-architect/vuls/util"
+	"github.com/howeyc/gopass"
+	homedir "github.com/mitchellh/go-homedir"
 )
 
-// jsonDirPattern is file name pattern of JSON directory
-// 2016-11-16T10:43:28+09:00
-// 2016-11-16T10:43:28Z
-var jsonDirPattern = regexp.MustCompile(
-	`^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:Z|[+-]\d{2}:\d{2})$`)
-
-// JSONDirs is array of json files path.
-type jsonDirs []string
-
-// sort as recent directories are at the head
-func (d jsonDirs) Len() int {
-	return len(d)
-}
-func (d jsonDirs) Swap(i, j int) {
-	d[i], d[j] = d[j], d[i]
-}
-func (d jsonDirs) Less(i, j int) bool {
-	return d[j] < d[i]
-}
-
-// getValidJSONDirs return valid json directory as array
-// Returned array is sorted so that recent directories are at the head
-func lsValidJSONDirs() (dirs jsonDirs, err error) {
-	var dirInfo []os.FileInfo
-	if dirInfo, err = ioutil.ReadDir(c.Conf.ResultsDir); err != nil {
-		err = fmt.Errorf("Failed to read %s: %s", c.Conf.ResultsDir, err)
-		return
-	}
-	for _, d := range dirInfo {
-		if d.IsDir() && jsonDirPattern.MatchString(d.Name()) {
-			jsonDir := filepath.Join(c.Conf.ResultsDir, d.Name())
-			dirs = append(dirs, jsonDir)
-		}
-	}
-	sort.Sort(dirs)
-	return
-}
-
-// jsonDir returns
-// If there is an arg, check if it is a valid format and return the corresponding path under results.
-// If passed via PIPE (such as history subcommand), return that path.
-// Otherwise, returns the path of the latest directory
-func jsonDir(args []string) (string, error) {
-	var err error
-	var dirs jsonDirs
-
-	if 0 < len(args) {
-		if dirs, err = lsValidJSONDirs(); err != nil {
-			return "", err
-		}
-
-		path := filepath.Join(c.Conf.ResultsDir, args[0])
-		for _, d := range dirs {
-			ss := strings.Split(d, string(os.PathSeparator))
-			timedir := ss[len(ss)-1]
-			if timedir == args[0] {
-				return path, nil
-			}
-		}
-
-		return "", fmt.Errorf("Invalid path: %s", path)
-	}
-
-	// PIPE
-	stat, _ := os.Stdin.Stat()
-	if (stat.Mode() & os.ModeCharDevice) == 0 {
-		bytes, err := ioutil.ReadAll(os.Stdin)
+func getPasswd(prompt string) (string, error) {
+	for {
+		fmt.Print(prompt)
+		pass, err := gopass.GetPasswdMasked()
 		if err != nil {
-			return "", fmt.Errorf("Failed to read stdin: %s", err)
+			return "", fmt.Errorf("Failed to read password")
 		}
-		fields := strings.Fields(string(bytes))
-		if 0 < len(fields) {
-			return filepath.Join(c.Conf.ResultsDir, fields[0]), nil
+		if 0 < len(pass) {
+			return string(pass[:]), nil
 		}
-		return "", fmt.Errorf("Stdin is invalid: %s", string(bytes))
 	}
 
-	// returns latest dir when no args or no PIPE
-	if dirs, err = lsValidJSONDirs(); err != nil {
-		return "", err
-	}
-	if len(dirs) == 0 {
-		return "", fmt.Errorf("No results under %s",
-			c.Conf.ResultsDir)
-	}
-	return dirs[0], nil
 }
 
-// loadOneScanHistory read JSON data
-func loadOneScanHistory(jsonDir string) (scanHistory models.ScanHistory, err error) {
-	var results []models.ScanResult
-	var files []os.FileInfo
-	if files, err = ioutil.ReadDir(jsonDir); err != nil {
-		err = fmt.Errorf("Failed to read %s: %s", jsonDir, err)
-		return
-	}
-	for _, f := range files {
-		if filepath.Ext(f.Name()) != ".json" {
-			continue
-		}
-		var r models.ScanResult
-		var data []byte
-		path := filepath.Join(jsonDir, f.Name())
-		if data, err = ioutil.ReadFile(path); err != nil {
-			err = fmt.Errorf("Failed to read %s: %s", path, err)
-			return
-		}
-		if json.Unmarshal(data, &r) != nil {
-			err = fmt.Errorf("Failed to parse %s: %s", path, err)
-			return
-		}
-		results = append(results, r)
-	}
-	if len(results) == 0 {
-		err = fmt.Errorf("There is no json file under %s", jsonDir)
-		return
-	}
-
-	scanHistory = models.ScanHistory{
-		ScanResults: results,
-	}
-	return
-}
-
-func fillCveInfoFromCveDB(r models.ScanResult) (filled models.ScanResult, err error) {
-	sInfo := c.Conf.Servers[r.ServerName]
-	vs, err := scanVulnByCpeNames(sInfo.CpeNames, r.ScannedCves)
+func mkdirDotVuls() error {
+	home, err := homedir.Dir()
 	if err != nil {
-		return
+		return err
 	}
-	r.ScannedCves = vs
-	filled, err = r.FillCveDetail()
-	if err != nil {
-		return
+	dotVuls := filepath.Join(home, ".vuls")
+	if _, err := os.Stat(dotVuls); os.IsNotExist(err) {
+		if err := os.Mkdir(dotVuls, 0700); err != nil {
+			return err
+		}
 	}
-	return
-}
-
-func overwriteJSONFile(dir string, r models.ScanResult) error {
-	before := c.Conf.FormatJSON
-	c.Conf.FormatJSON = true
-	w := report.LocalFileWriter{CurrentDir: dir}
-	if err := w.Write(r); err != nil {
-		return fmt.Errorf("Failed to write summary report: %s", err)
-	}
-	c.Conf.FormatJSON = before
 	return nil
 }
-
-func scanVulnByCpeNames(cpeNames []string, scannedVulns []models.VulnInfo) ([]models.VulnInfo,
-	error) {
-	// To remove duplicate
-	set := map[string]models.VulnInfo{}
-	for _, v := range scannedVulns {
-		set[v.CveID] = v
-	}
-
-	for _, name := range cpeNames {
-		details, err := cveapi.CveClient.FetchCveDetailsByCpeName(name)
-		if err != nil {
-			return nil, err
-		}
-		for _, detail := range details {
-			if val, ok := set[detail.CveID]; ok {
-				names := val.CpeNames
-				names = util.AppendIfMissing(names, name)
-				val.CpeNames = names
-				set[detail.CveID] = val
-			} else {
-				set[detail.CveID] = models.VulnInfo{
-					CveID:    detail.CveID,
-					CpeNames: []string{name},
-				}
-			}
-		}
-	}
-
-	vinfos := []models.VulnInfo{}
-	for key := range set {
-		vinfos = append(vinfos, set[key])
-	}
-	return vinfos, nil
-}
-
-func needToRefreshCve(r models.ScanResult) bool {
-	return r.Lang != c.Conf.Lang || len(r.KnownCves) == 0 &&
-		len(r.UnknownCves) == 0 &&
-		len(r.IgnoredCves) == 0
-}

commands/util_test.go

@@ -0,0 +1,18 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package commands

config/color.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

config/config_test.go

@@ -0,0 +1,103 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestSyslogConfValidate(t *testing.T) {
+	var tests = []struct {
+		conf              SyslogConf
+		expectedErrLength int
+	}{
+		{
+			conf:              SyslogConf{},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "tcp",
+				Port:     "5140",
+			},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "udp",
+				Port:     "12345",
+				Severity: "emerg",
+				Facility: "user",
+			},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "foo",
+				Port:     "514",
+			},
+			expectedErrLength: 1,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "invalid",
+				Port:     "-1",
+			},
+			expectedErrLength: 2,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "invalid",
+				Port:     "invalid",
+				Severity: "invalid",
+				Facility: "invalid",
+			},
+			expectedErrLength: 4,
+		},
+	}
+
+	for i, tt := range tests {
+		Conf.ToSyslog = true
+		errs := tt.conf.Validate()
+		if len(errs) != tt.expectedErrLength {
+			t.Errorf("test: %d, expected %d, actual %d", i, tt.expectedErrLength, len(errs))
+		}
+	}
+}
+
+func TestMajorVersion(t *testing.T) {
+	var tests = []struct {
+		in  Distro
+		out int
+	}{
+		{
+			in: Distro{
+				Family:  Amazon,
+				Release: "2 (2017.12)",
+			},
+			out: 2,
+		},
+		{
+			in: Distro{
+				Family:  Amazon,
+				Release: "2017.12",
+			},
+			out: 1,
+		},
+		{
+			in: Distro{
+				Family:  CentOS,
+				Release: "7.10",
+			},
+			out: 7,
+		},
+	}
+
+	for i, tt := range tests {
+		ver, err := tt.in.MajorVersion()
+		if err != nil {
+			t.Errorf("[%d] err occurred: %s", i, err)
+		}
+		if tt.out != ver {
+			t.Errorf("[%d] expected %d, actual %d", i, tt.out, ver)
+		}
+	}
+}

config/jsonloader.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -23,7 +23,7 @@ import "fmt"
 type JSONLoader struct {
 }
 
-// Load load the configuraiton JSON file specified by path arg.
+// Load load the configuration JSON file specified by path arg.
 func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error) {
 	return fmt.Errorf("Not implement yet")
 }

config/loader.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

config/tomlloader.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -20,31 +20,37 @@ package config
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 
 	"github.com/BurntSushi/toml"
-	log "github.com/Sirupsen/logrus"
-	"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
+	"github.com/knqyf263/go-cpe/naming"
 )
 
 // TOMLLoader loads config
 type TOMLLoader struct {
 }
 
-// Load load the configuraiton TOML file specified by path arg.
+// Load load the configuration TOML file specified by path arg.
 func (c TOMLLoader) Load(pathToToml, keyPass string) error {
-	if Conf.Debug {
-		log.SetLevel(log.DebugLevel)
-	}
-
 	var conf Config
 	if _, err := toml.DecodeFile(pathToToml, &conf); err != nil {
-		log.Error("Load config failed", err)
 		return err
 	}
-
 	Conf.EMail = conf.EMail
 	Conf.Slack = conf.Slack
+	Conf.Stride = conf.Stride
+	Conf.HipChat = conf.HipChat
+	Conf.ChatWork = conf.ChatWork
+	Conf.Saas = conf.Saas
+	Conf.Syslog = conf.Syslog
+	Conf.HTTP = conf.HTTP
+	Conf.AWS = conf.AWS
+	Conf.Azure = conf.Azure
+
+	Conf.CveDict = conf.CveDict
+	Conf.OvalDict = conf.OvalDict
+	Conf.Gost = conf.Gost
 
 	d := conf.Default
 	Conf.Default = d
@@ -55,51 +61,79 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 	}
 
 	i := 0
-	for name, v := range conf.Servers {
+	for serverName, v := range conf.Servers {
 		if 0 < len(v.KeyPassword) {
-			log.Warn("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE.")
+			return fmt.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", serverName)
 		}
 
-		s := ServerInfo{ServerName: name}
+		s := ServerInfo{ServerName: serverName}
+		if v.Type != ServerTypePseudo {
+			s.Host = v.Host
+			if len(s.Host) == 0 {
+				return fmt.Errorf("%s is invalid. host is empty", serverName)
+			}
 
-		switch {
-		case v.User != "":
-			s.User = v.User
-		case d.User != "":
-			s.User = d.User
-		default:
-			return fmt.Errorf("%s is invalid. User is empty", name)
-		}
+			switch {
+			case v.Port != "":
+				s.Port = v.Port
+			case d.Port != "":
+				s.Port = d.Port
+			default:
+				s.Port = "22"
+			}
 
-		s.Host = v.Host
-		if len(s.Host) == 0 {
-			return fmt.Errorf("%s is invalid. host is empty", name)
-		}
+			switch {
+			case v.User != "":
+				s.User = v.User
+			case d.User != "":
+				s.User = d.User
+			default:
+				if s.Port != "local" {
+					return fmt.Errorf("%s is invalid. User is empty", serverName)
+				}
+			}
 
-		switch {
-		case v.Port != "":
-			s.Port = v.Port
-		case d.Port != "":
-			s.Port = d.Port
-		default:
-			s.Port = "22"
-		}
+			s.KeyPath = v.KeyPath
+			if len(s.KeyPath) == 0 {
+				s.KeyPath = d.KeyPath
+			}
+			if s.KeyPath != "" {
+				if _, err := os.Stat(s.KeyPath); err != nil {
+					return fmt.Errorf(
+						"%s is invalid. keypath: %s not exists", serverName, s.KeyPath)
+				}
+			}
 
-		s.KeyPath = v.KeyPath
-		if len(s.KeyPath) == 0 {
-			s.KeyPath = d.KeyPath
-		}
-		if s.KeyPath != "" {
-			if _, err := os.Stat(s.KeyPath); err != nil {
-				return fmt.Errorf(
-					"%s is invalid. keypath: %s not exists", name, s.KeyPath)
+			//  s.KeyPassword = keyPass
+			s.KeyPassword = v.KeyPassword
+			if len(s.KeyPassword) == 0 {
+				s.KeyPassword = d.KeyPassword
 			}
 		}
 
-		//  s.KeyPassword = keyPass
-		s.KeyPassword = v.KeyPassword
-		if len(s.KeyPassword) == 0 {
-			s.KeyPassword = d.KeyPassword
+		s.ScanMode = v.ScanMode
+		if len(s.ScanMode) == 0 {
+			s.ScanMode = d.ScanMode
+			if len(s.ScanMode) == 0 {
+				s.ScanMode = []string{"fast"}
+			}
+		}
+		for _, m := range s.ScanMode {
+			switch m {
+			case "fast":
+				s.Mode.Set(Fast)
+			case "fast-root":
+				s.Mode.Set(FastRoot)
+			case "deep":
+				s.Mode.Set(Deep)
+			case "offline":
+				s.Mode.Set(Offline)
+			default:
+				return fmt.Errorf("scanMode: %s of %s is invalie. Specify -fast, -fast-root, -deep or offline", m, serverName)
+			}
+		}
+		if err := s.Mode.validate(); err != nil {
+			return fmt.Errorf("%s in %s", err, serverName)
 		}
 
 		s.CpeNames = v.CpeNames
@@ -107,26 +141,47 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			s.CpeNames = d.CpeNames
 		}
 
-		s.DependencyCheckXMLPath = v.DependencyCheckXMLPath
-		if len(s.DependencyCheckXMLPath) == 0 {
-			s.DependencyCheckXMLPath = d.DependencyCheckXMLPath
+		for i, n := range s.CpeNames {
+			uri, err := toCpeURI(n)
+			if err != nil {
+				return fmt.Errorf("Failed to parse CPENames %s in %s: %s", n, serverName, err)
+			}
+			s.CpeNames[i] = uri
 		}
 
-		// Load CPEs from OWASP Dependency Check XML
-		if len(s.DependencyCheckXMLPath) != 0 {
-			cpes, err := parser.Parse(s.DependencyCheckXMLPath)
-			if err != nil {
-				return fmt.Errorf(
-					"Failed to read OWASP Dependency Check XML: %s", err)
-			}
-			log.Debugf("Loaded from OWASP Dependency Check XML: %s",
-				s.ServerName)
-			s.CpeNames = append(s.CpeNames, cpes...)
+		s.ContainersIncluded = v.ContainersIncluded
+		if len(s.ContainersIncluded) == 0 {
+			s.ContainersIncluded = d.ContainersIncluded
+		}
+
+		s.ContainersExcluded = v.ContainersExcluded
+		if len(s.ContainersExcluded) == 0 {
+			s.ContainersExcluded = d.ContainersExcluded
+		}
+
+		s.ContainerType = v.ContainerType
+		if len(s.ContainerType) == 0 {
+			s.ContainerType = d.ContainerType
 		}
 
 		s.Containers = v.Containers
-		if len(s.Containers) == 0 {
-			s.Containers = d.Containers
+		for contName, cont := range s.Containers {
+			cont.IgnoreCves = append(cont.IgnoreCves, d.IgnoreCves...)
+			s.Containers[contName] = cont
+		}
+
+		if len(v.DependencyCheckXMLPath) != 0 || len(d.DependencyCheckXMLPath) != 0 {
+			return fmt.Errorf("[DEPRECATED] dependencyCheckXMLPath IS DEPRECATED. USE owaspDCXMLPath INSTEAD: %s", serverName)
+		}
+
+		s.OwaspDCXMLPath = v.OwaspDCXMLPath
+		if len(s.OwaspDCXMLPath) == 0 {
+			s.OwaspDCXMLPath = d.OwaspDCXMLPath
+		}
+
+		s.Memo = v.Memo
+		if s.Memo == "" {
+			s.Memo = d.Memo
 		}
 
 		s.IgnoreCves = v.IgnoreCves
@@ -143,42 +198,86 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			}
 		}
 
-		s.Optional = v.Optional
-		for _, dkv := range d.Optional {
+		s.IgnorePkgsRegexp = v.IgnorePkgsRegexp
+		for _, pkg := range d.IgnorePkgsRegexp {
 			found := false
-			for _, kv := range s.Optional {
-				if dkv[0] == kv[0] {
+			for _, p := range s.IgnorePkgsRegexp {
+				if pkg == p {
 					found = true
 					break
 				}
 			}
 			if !found {
-				s.Optional = append(s.Optional, dkv)
+				s.IgnorePkgsRegexp = append(s.IgnorePkgsRegexp, pkg)
 			}
 		}
+		for _, reg := range s.IgnorePkgsRegexp {
+			_, err := regexp.Compile(reg)
+			if err != nil {
+				return fmt.Errorf("Faild to parse %s in %s. err: %s", reg, serverName, err)
+			}
+		}
+		for contName, cont := range s.Containers {
+			for _, reg := range cont.IgnorePkgsRegexp {
+				_, err := regexp.Compile(reg)
+				if err != nil {
+					return fmt.Errorf("Faild to parse %s in %s@%s. err: %s",
+						reg, contName, serverName, err)
+				}
+			}
+		}
+
+		opt := map[string]interface{}{}
+		for k, v := range d.Optional {
+			opt[k] = v
+		}
+		for k, v := range v.Optional {
+			opt[k] = v
+		}
+		s.Optional = opt
 
 		s.Enablerepo = v.Enablerepo
 		if len(s.Enablerepo) == 0 {
 			s.Enablerepo = d.Enablerepo
 		}
 		if len(s.Enablerepo) != 0 {
-			for _, repo := range strings.Split(s.Enablerepo, ",") {
+			for _, repo := range s.Enablerepo {
 				switch repo {
 				case "base", "updates":
 					// nop
 				default:
 					return fmt.Errorf(
 						"For now, enablerepo have to be base or updates: %s, servername: %s",
-						s.Enablerepo, name)
+						s.Enablerepo, serverName)
 				}
 			}
 		}
 
+		s.UUIDs = v.UUIDs
+		s.Type = v.Type
+
 		s.LogMsgAnsiColor = Colors[i%len(Colors)]
 		i++
 
-		servers[name] = s
+		servers[serverName] = s
 	}
 	Conf.Servers = servers
 	return nil
 }
+
+func toCpeURI(cpename string) (string, error) {
+	if strings.HasPrefix(cpename, "cpe:2.3:") {
+		wfn, err := naming.UnbindFS(cpename)
+		if err != nil {
+			return "", err
+		}
+		return naming.BindToURI(wfn), nil
+	} else if strings.HasPrefix(cpename, "cpe:/") {
+		wfn, err := naming.UnbindURI(cpename)
+		if err != nil {
+			return "", err
+		}
+		return naming.BindToURI(wfn), nil
+	}
+	return "", fmt.Errorf("Unknow CPE format: %s", cpename)
+}

config/tomlloader_test.go

@@ -0,0 +1,44 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestToCpeURI(t *testing.T) {
+	var tests = []struct {
+		in       string
+		expected string
+		err      bool
+	}{
+		{
+			in:       "",
+			expected: "",
+			err:      true,
+		},
+		{
+			in:       "cpe:/a:microsoft:internet_explorer:10",
+			expected: "cpe:/a:microsoft:internet_explorer:10",
+			err:      false,
+		},
+		{
+			in:       "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
+			expected: "cpe:/a:microsoft:internet_explorer:10",
+			err:      false,
+		},
+	}
+
+	for i, tt := range tests {
+		actual, err := toCpeURI(tt.in)
+		if err != nil && !tt.err {
+			t.Errorf("[%d] unexpected error occurred, in: %s act: %s, exp: %s",
+				i, tt.in, actual, tt.expected)
+		} else if err == nil && tt.err {
+			t.Errorf("[%d] expected error is not occurred, in: %s act: %s, exp: %s",
+				i, tt.in, actual, tt.expected)
+		}
+		if actual != tt.expected {
+			t.Errorf("[%d] in: %s, actual: %s, expected: %s",
+				i, tt.in, actual, tt.expected)
+		}
+	}
+}

contrib/owasp-dependency-check/parser/parser.go

@@ -5,8 +5,9 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"sort"
 	"strings"
+
+	log "github.com/sirupsen/logrus"
 )
 
 type analysis struct {
@@ -31,22 +32,24 @@ func appendIfMissing(slice []string, str string) []string {
 	return append(slice, str)
 }
 
-// Parse parses XML and collect list of cpe
+// Parse parses OWASP dependency check XML and collect list of cpe
 func Parse(path string) ([]string, error) {
 	file, err := os.Open(path)
 	if err != nil {
-		return []string{}, fmt.Errorf("Failed to open: %s", err)
+		log.Warnf("OWASP Dependency Check XML is not found: %s", path)
+		return []string{}, nil
 	}
 	defer file.Close()
 
 	b, err := ioutil.ReadAll(file)
 	if err != nil {
-		return []string{}, fmt.Errorf("Failed to read: %s", err)
+		log.Warnf("Failed to read OWASP Dependency Check XML: %s", path)
+		return []string{}, nil
 	}
 
 	var anal analysis
 	if err := xml.Unmarshal(b, &anal); err != nil {
-		fmt.Errorf("Failed to unmarshal: %s", err)
+		return nil, fmt.Errorf("Failed to unmarshal: %s", err)
 	}
 
 	cpes := []string{}
@@ -59,6 +62,5 @@ func Parse(path string) ([]string, error) {
 			}
 		}
 	}
-	sort.Strings(cpes)
 	return cpes, nil
 }

cwe/owasp.go

@@ -0,0 +1,65 @@
+package cwe
+
+// OwaspTopTen2017 has CWE-ID in OWSP Top 10
+var OwaspTopTen2017 = map[string]string{
+	"77":  "1",
+	"89":  "1",
+	"564": "1",
+	"917": "1",
+
+	"287": "2",
+	"384": "2",
+
+	"220": "3",
+	"310": "3",
+	"312": "3",
+	"319": "3",
+	"326": "3",
+	"359": "3",
+
+	"611": "4",
+
+	"22":  "5",
+	"284": "5",
+	"285": "5",
+	"639": "5",
+
+	"2":   "6",
+	"16":  "6",
+	"388": "6",
+
+	"79": "7",
+
+	"502": "8",
+
+	"223": "10",
+	"778": "10",
+}
+
+// OwaspTopTen2017GitHubURLEn has GitHub links
+var OwaspTopTen2017GitHubURLEn = map[string]string{
+	"1":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa1-injection.md",
+	"2":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa2-broken-authentication.md",
+	"3":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa3-sensitive-data-disclosure.md",
+	"4":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa4-xxe.md",
+	"5":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa5-broken-access-control.md",
+	"6":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa6-security-misconfiguration.md",
+	"7":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa7-xss.md",
+	"8":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa8-insecure-deserialization.md",
+	"9":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa9-known-vulns.md<Paste>",
+	"10": "https://github.com/OWASP/Top10/blob/master/2017/en/0xaa-logging-detection-response.md",
+}
+
+// OwaspTopTen2017GitHubURLJa has GitHub links
+var OwaspTopTen2017GitHubURLJa = map[string]string{
+	"1":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa1-injection.md",
+	"2":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa2-broken-authentication.md",
+	"3":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa3-sensitive-data-disclosure.md",
+	"4":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa4-xxe.md",
+	"5":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa5-broken-access-control.md",
+	"6":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa6-security-misconfiguration.md",
+	"7":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa7-xss.md",
+	"8":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa8-insecure-deserialization.md",
+	"9":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa9-known-vulns.md<Paste>",
+	"10": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xaa-logging-detection-response.md",
+}

glide.lock

@@ -1,123 +0,0 @@
-hash: c3167d83e68562cd7ef73f138ce60cb9e60b72b50394e8615388d1f3ba9fbef2
-updated: 2017-01-02T09:37:09.437363123+09:00
-imports:
-- name: github.com/asaskevich/govalidator
-  version: 7b3beb6df3c42abd3509abfc3bcacc0fbfb7c877
-- name: github.com/aws/aws-sdk-go
-  version: 5b341290c488aa6bd76b335d819b4a68516ec3ab
-  subpackages:
-  - aws
-  - aws/awserr
-  - aws/awsutil
-  - aws/client
-  - aws/client/metadata
-  - aws/corehandlers
-  - aws/credentials
-  - aws/credentials/ec2rolecreds
-  - aws/credentials/endpointcreds
-  - aws/credentials/stscreds
-  - aws/defaults
-  - aws/ec2metadata
-  - aws/request
-  - aws/session
-  - aws/signer/v4
-  - private/endpoints
-  - private/protocol
-  - private/protocol/query
-  - private/protocol/query/queryutil
-  - private/protocol/rest
-  - private/protocol/restxml
-  - private/protocol/xml/xmlutil
-  - private/waiter
-  - service/s3
-  - service/sts
-- name: github.com/Azure/azure-sdk-for-go
-  version: 27ae5c8b5bc5d90ab0540b4c5d0f2632c8db8b57
-  subpackages:
-  - storage
-- name: github.com/boltdb/bolt
-  version: 315c65d4cf4f5278c73477a35fb1f9b08365d340
-- name: github.com/BurntSushi/toml
-  version: 99064174e013895bbd9b025c31100bd1d9b590ca
-- name: github.com/cenkalti/backoff
-  version: 8edc80b07f38c27352fb186d971c628a6c32552b
-- name: github.com/cheggaaa/pb
-  version: ad4efe000aa550bb54918c06ebbadc0ff17687b9
-- name: github.com/go-ini/ini
-  version: 6e4869b434bd001f6983749881c7ead3545887d8
-- name: github.com/go-sql-driver/mysql
-  version: d512f204a577a4ab037a1816604c48c9c13210be
-- name: github.com/google/subcommands
-  version: a71b91e238406bd68766ee52db63bebedce0e9f6
-- name: github.com/gosuri/uitable
-  version: 36ee7e946282a3fb1cfecd476ddc9b35d8847e42
-  subpackages:
-  - util/strutil
-  - util/wordwrap
-- name: github.com/howeyc/gopass
-  version: f5387c492211eb133053880d23dfae62aa14123d
-- name: github.com/jinzhu/gorm
-  version: 39165d498058a823126af3cbf4d2a3b0e1acf11e
-  subpackages:
-  - dialects/mysql
-  - dialects/sqlite
-- name: github.com/jinzhu/inflection
-  version: 74387dc39a75e970e7a3ae6a3386b5bd2e5c5cff
-- name: github.com/jmespath/go-jmespath
-  version: bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d
-- name: github.com/jroimartin/gocui
-  version: ba396278de0a3c63658bbaba13d2d2fa392edb11
-- name: github.com/k0kubun/pp
-  version: f5dce6ed0ccf6c350f1679964ff6b61f3d6d2033
-- name: github.com/kotakanbe/go-cve-dictionary
-  version: 7eb1f1a2e7e436177570bf234e21c2ed9489d3fb
-  subpackages:
-  - config
-  - db
-  - jvn
-  - log
-  - models
-  - nvd
-  - util
-- name: github.com/kotakanbe/go-pingscanner
-  version: 58e188a3e4f6ab1a6371e33421e4502e26fa1e80
-- name: github.com/kotakanbe/logrus-prefixed-formatter
-  version: f4f7d41649cf1e75e736884da8d05324aa76ea25
-- name: github.com/mattn/go-colorable
-  version: 6c903ff4aa50920ca86087a280590b36b3152b9c
-- name: github.com/mattn/go-isatty
-  version: 66b8e73f3f5cda9f96b69efd03dd3d7fc4a5cdb8
-- name: github.com/mattn/go-runewidth
-  version: 737072b4e32b7a5018b4a7125da8d12de90e8045
-- name: github.com/mattn/go-sqlite3
-  version: 5510da399572b4962c020184bb291120c0a412e2
-- name: github.com/mgutz/ansi
-  version: c286dcecd19ff979eeb73ea444e479b903f2cfcb
-- name: github.com/moul/http2curl
-  version: b1479103caacaa39319f75e7f57fc545287fca0d
-- name: github.com/nsf/termbox-go
-  version: b6acae516ace002cb8105a89024544a1480655a5
-- name: github.com/parnurzeal/gorequest
-  version: e37b9d1efacf7c94820b29b75dd7d0c2996b3fb1
-- name: github.com/rifflock/lfshook
-  version: 3f9d976bd7402de39b46357069fb6325a974572e
-- name: github.com/Sirupsen/logrus
-  version: 3ec0642a7fb6488f65b06f9040adc67e3990296a
-- name: golang.org/x/crypto
-  version: 9477e0b78b9ac3d0b03822fd95422e2fe07627cd
-  subpackages:
-  - curve25519
-  - ed25519
-  - ed25519/internal/edwards25519
-  - ssh
-  - ssh/agent
-  - ssh/terminal
-- name: golang.org/x/net
-  version: 1d7a0b2100da090d8b02afcfb42f97e2c77e71a4
-  subpackages:
-  - publicsuffix
-- name: golang.org/x/sys
-  version: 9bb9f0998d48b31547d975974935ae9b48c7a03c
-  subpackages:
-  - unix
-testImports: []

glide.yaml

@@ -1,36 +0,0 @@
-package: github.com/future-architect/vuls
-import:
-- package: github.com/Azure/azure-sdk-for-go
-  subpackages:
-  - storage
-- package: github.com/BurntSushi/toml
-- package: github.com/Sirupsen/logrus
-- package: github.com/asaskevich/govalidator
-- package: github.com/aws/aws-sdk-go
-  subpackages:
-  - aws
-  - aws/credentials
-  - aws/session
-  - service/s3
-- package: github.com/boltdb/bolt
-- package: github.com/cenkalti/backoff
-- package: github.com/google/subcommands
-- package: github.com/gosuri/uitable
-- package: github.com/howeyc/gopass
-- package: github.com/jroimartin/gocui
-- package: github.com/k0kubun/pp
-- package: github.com/kotakanbe/go-cve-dictionary
-  subpackages:
-  - config
-  - db
-  - log
-  - models
-- package: github.com/kotakanbe/go-pingscanner
-- package: github.com/kotakanbe/logrus-prefixed-formatter
-- package: github.com/mattn/go-sqlite3
-- package: github.com/parnurzeal/gorequest
-- package: github.com/rifflock/lfshook
-- package: golang.org/x/crypto
-  subpackages:
-  - ssh
-  - ssh/agent

gost/debian.go

@@ -0,0 +1,178 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"encoding/json"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/knqyf263/gost/db"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+// Debian is Gost client for Debian GNU/Linux
+type Debian struct {
+	Base
+}
+
+type packCves struct {
+	packName  string
+	isSrcPack bool
+	cves      []models.CveContent
+}
+
+// FillWithGost fills cve information that has in Gost
+func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+	// Add linux and set the version of running kernel to search OVAL.
+	if r.Container.ContainerID == "" {
+		newVer := ""
+		if p, ok := r.Packages[linuxImage]; ok {
+			newVer = p.NewVersion
+		}
+		r.Packages["linux"] = models.Package{
+			Name:       "linux",
+			Version:    r.RunningKernel.Version,
+			NewVersion: newVer,
+		}
+	}
+
+	packCvesList := []packCves{}
+	if deb.isFetchViaHTTP() {
+		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
+		responses, err := getAllUnfixedCvesViaHTTP(r, url)
+		if err != nil {
+			return 0, err
+		}
+
+		for _, res := range responses {
+			debCves := map[string]gostmodels.DebianCVE{}
+			if err := json.Unmarshal([]byte(res.json), &debCves); err != nil {
+				return 0, err
+			}
+			cves := []models.CveContent{}
+			for _, debcve := range debCves {
+				cves = append(cves, *deb.ConvertToModel(&debcve))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  res.request.packName,
+				isSrcPack: res.request.isSrcPack,
+				cves:      cves,
+			})
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for _, pack := range r.Packages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+			cves := []models.CveContent{}
+			for _, cveDeb := range cveDebs {
+				cves = append(cves, *deb.ConvertToModel(&cveDeb))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  pack.Name,
+				isSrcPack: false,
+				cves:      cves,
+			})
+		}
+
+		// SrcPack
+		for _, pack := range r.SrcPackages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+			cves := []models.CveContent{}
+			for _, cveDeb := range cveDebs {
+				cves = append(cves, *deb.ConvertToModel(&cveDeb))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  pack.Name,
+				isSrcPack: true,
+				cves:      cves,
+			})
+		}
+	}
+
+	delete(r.Packages, "linux")
+
+	for _, p := range packCvesList {
+		for _, cve := range p.cves {
+			v, ok := r.ScannedCves[cve.CveID]
+			if ok {
+				v.CveContents[models.DebianSecurityTracker] = cve
+			} else {
+				v = models.VulnInfo{
+					CveID:       cve.CveID,
+					CveContents: models.NewCveContents(cve),
+					Confidences: models.Confidences{models.DebianSecurityTrackerMatch},
+				}
+				nCVEs++
+			}
+
+			names := []string{}
+			if p.isSrcPack {
+				if srcPack, ok := r.SrcPackages[p.packName]; ok {
+					for _, binName := range srcPack.BinaryNames {
+						if _, ok := r.Packages[binName]; ok {
+							names = append(names, binName)
+						}
+					}
+				}
+			} else {
+				if p.packName == "linux" {
+					names = append(names, linuxImage)
+				} else {
+					names = append(names, p.packName)
+				}
+			}
+
+			for _, name := range names {
+				v.AffectedPackages = v.AffectedPackages.Store(models.PackageStatus{
+					Name:        name,
+					FixState:    "open",
+					NotFixedYet: true,
+				})
+			}
+			r.ScannedCves[cve.CveID] = v
+		}
+	}
+	return nCVEs, nil
+}
+
+// ConvertToModel converts gost model to vuls model
+func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
+	severity := ""
+	for _, p := range cve.Package {
+		for _, r := range p.Release {
+			severity = r.Urgency
+			break
+		}
+	}
+	return &models.CveContent{
+		Type:          models.DebianSecurityTracker,
+		CveID:         cve.CveID,
+		Summary:       cve.Description,
+		Cvss2Severity: severity,
+		Cvss3Severity: severity,
+		SourceLink:    "https://security-tracker.debian.org/tracker/" + cve.CveID,
+		Optional: map[string]string{
+			"attack range": cve.Scope,
+		},
+	}
+}

gost/gost.go

@@ -0,0 +1,107 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+	"github.com/parnurzeal/gorequest"
+)
+
+// Client is the interface of OVAL client.
+type Client interface {
+	FillWithGost(db.DB, *models.ScanResult) (int, error)
+
+	//TODO implement
+	// CheckHTTPHealth() error
+	// CheckIfGostFetched checks if Gost entries are fetched
+	// CheckIfGostFetched(db.DB, string, string) (bool, error)
+	// CheckIfGostFresh(db.DB, string, string) (bool, error)
+}
+
+// NewClient make Client by family
+func NewClient(family string) Client {
+	switch family {
+	case cnf.RedHat, cnf.CentOS:
+		return RedHat{}
+	case cnf.Debian:
+		return Debian{}
+	default:
+		return Pseudo{}
+	}
+}
+
+// Base is a base struct
+type Base struct {
+	family string
+}
+
+// CheckHTTPHealth do health check
+func (b Base) CheckHTTPHealth() error {
+	if !b.isFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return fmt.Errorf("Failed to connect to gost server. url: %s, errs: %v",
+			url, errs)
+	}
+	return nil
+}
+
+// CheckIfGostFetched checks if oval entries are in DB by family, release.
+func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
+	//TODO
+	return true, nil
+}
+
+// CheckIfGostFresh checks if oval entries are fresh enough
+func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
+	//TODO
+	return true, nil
+}
+
+func (b Base) isFetchViaHTTP() bool {
+	// Default value of OvalDBType is sqlite3
+	return cnf.Conf.Gost.URL != "" && cnf.Conf.Gost.Type == "sqlite3"
+}
+
+// Pseudo is Gost client except for RedHat family and Debian
+type Pseudo struct {
+	Base
+}
+
+// FillWithGost fills cve information that has in Gost
+func (pse Pseudo) FillWithGost(driver db.DB, r *models.ScanResult) (int, error) {
+	return 0, nil
+}
+
+func major(osVer string) (majorVersion string) {
+	return strings.Split(osVer, ".")[0]
+}

gost/gost_test.go

@@ -0,0 +1,129 @@
+package gost
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/future-architect/vuls/models"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+func TestSetPackageStates(t *testing.T) {
+	var tests = []struct {
+		pkgstats  []gostmodels.RedhatPackageState
+		installed models.Packages
+		release   string
+		in        models.VulnInfo
+		out       models.PackageStatuses
+	}{
+
+		//0 one
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in:      models.VulnInfo{},
+			out: []models.PackageStatus{
+				{
+					Name:        "bouncycastle",
+					FixState:    "Will not fix",
+					NotFixedYet: true,
+				},
+			},
+		},
+
+		//1 two
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+				{
+					FixState:    "Fix deferred",
+					PackageName: "pack_a",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+				// ignore not-installed-package
+				{
+					FixState:    "Fix deferred",
+					PackageName: "pack_b",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+				"pack_a":       models.Package{},
+			},
+			release: "7",
+			in:      models.VulnInfo{},
+			out: []models.PackageStatus{
+				{
+					Name:        "bouncycastle",
+					FixState:    "Will not fix",
+					NotFixedYet: true,
+				},
+				{
+					Name:        "pack_a",
+					FixState:    "Fix deferred",
+					NotFixedYet: true,
+				},
+			},
+		},
+
+		//2 ignore affected
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "affected",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in: models.VulnInfo{
+				AffectedPackages: models.PackageStatuses{},
+			},
+			out: models.PackageStatuses{},
+		},
+
+		//3 look only the same os release.
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:6",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in: models.VulnInfo{
+				AffectedPackages: models.PackageStatuses{},
+			},
+			out: models.PackageStatuses{},
+		},
+	}
+
+	r := RedHat{}
+	for i, tt := range tests {
+		out := r.mergePackageStates(tt.in, tt.pkgstats, tt.installed, tt.release)
+		if ok := reflect.DeepEqual(tt.out, out); !ok {
+			t.Errorf("[%d]\nexpected: %v:%T\n  actual: %v:%T\n", i, tt.out, tt.out, out, out)
+		}
+	}
+}

gost/redhat.go

@@ -0,0 +1,253 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"encoding/json"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/knqyf263/gost/db"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+// RedHat is Gost client for RedHat family linux
+type RedHat struct {
+	Base
+}
+
+// FillWithGost fills cve information that has in Gost
+func (red RedHat) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	if nCVEs, err = red.fillUnfixed(driver, r); err != nil {
+		return 0, err
+	}
+	return nCVEs, red.fillFixed(driver, r)
+}
+
+func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
+	var cveIDs []string
+	for cveID, vuln := range r.ScannedCves {
+		if _, ok := vuln.CveContents[models.RedHatAPI]; ok {
+			continue
+		}
+		cveIDs = append(cveIDs, cveID)
+	}
+
+	if red.isFetchViaHTTP() {
+		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
+			"redhat", "cves")
+		responses, err := getCvesViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return err
+		}
+		for _, res := range responses {
+			redCve := gostmodels.RedhatCVE{}
+			if err := json.Unmarshal([]byte(res.json), &redCve); err != nil {
+				return err
+			}
+			if redCve.ID == 0 {
+				continue
+			}
+			cveCont := red.ConvertToModel(&redCve)
+			v, _ := r.ScannedCves[res.request.cveID]
+			v.CveContents[models.RedHatAPI] = *cveCont
+			r.ScannedCves[res.request.cveID] = v
+		}
+	} else {
+		if driver == nil {
+			return nil
+		}
+		for cveID, redCve := range driver.GetRedhatMulti(cveIDs) {
+			if redCve.ID == 0 {
+				continue
+			}
+			cveCont := red.ConvertToModel(&redCve)
+			v, _ := r.ScannedCves[cveID]
+			v.CveContents[models.RedHatAPI] = *cveCont
+			r.ScannedCves[cveID] = v
+		}
+	}
+
+	return nil
+}
+
+func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	if red.isFetchViaHTTP() {
+		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
+			"redhat", major(r.Release), "pkgs")
+		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			// CVE-ID: RedhatCVE
+			cves := map[string]gostmodels.RedhatCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cves); err != nil {
+				return 0, err
+			}
+
+			for _, cve := range cves {
+				cveCont := red.ConvertToModel(&cve)
+				v, ok := r.ScannedCves[cve.Name]
+				if ok {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				} else {
+					v = models.VulnInfo{
+						CveID:       cveCont.CveID,
+						CveContents: models.NewCveContents(*cveCont),
+						Confidences: models.Confidences{models.RedHatAPIMatch},
+					}
+					nCVEs++
+				}
+
+				pkgStats := red.mergePackageStates(v,
+					cve.PackageState, r.Packages, r.Release)
+				if 0 < len(pkgStats) {
+					v.AffectedPackages = pkgStats
+					r.ScannedCves[cve.Name] = v
+				}
+			}
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for _, pack := range r.Packages {
+			// CVE-ID: RedhatCVE
+			cves := map[string]gostmodels.RedhatCVE{}
+			cves = driver.GetUnfixedCvesRedhat(major(r.Release), pack.Name)
+			for _, cve := range cves {
+				cveCont := red.ConvertToModel(&cve)
+				v, ok := r.ScannedCves[cve.Name]
+				if ok {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				} else {
+					v = models.VulnInfo{
+						CveID:       cveCont.CveID,
+						CveContents: models.NewCveContents(*cveCont),
+						Confidences: models.Confidences{models.RedHatAPIMatch},
+					}
+					nCVEs++
+				}
+
+				pkgStats := red.mergePackageStates(v,
+					cve.PackageState, r.Packages, r.Release)
+				if 0 < len(pkgStats) {
+					v.AffectedPackages = pkgStats
+					r.ScannedCves[cve.Name] = v
+				}
+			}
+		}
+	}
+	return nCVEs, nil
+}
+
+func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPackageState, installed models.Packages, release string) (pkgStats models.PackageStatuses) {
+	pkgStats = v.AffectedPackages
+	for _, pstate := range ps {
+		if pstate.Cpe !=
+			"cpe:/o:redhat:enterprise_linux:"+major(release) {
+			return
+		}
+
+		if !(pstate.FixState == "Will not fix" ||
+			pstate.FixState == "Fix deferred") {
+			return
+		}
+
+		if _, ok := installed[pstate.PackageName]; !ok {
+			return
+		}
+
+		notFixedYet := false
+		switch pstate.FixState {
+		case "Will not fix", "Fix deferred":
+			notFixedYet = true
+		}
+
+		pkgStats = pkgStats.Store(models.PackageStatus{
+			Name:        pstate.PackageName,
+			FixState:    pstate.FixState,
+			NotFixedYet: notFixedYet,
+		})
+	}
+	return
+}
+
+// ConvertToModel converts gost model to vuls model
+func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
+	cwes := []string{}
+	if cve.Cwe != "" {
+		s := strings.TrimPrefix(cve.Cwe, "(")
+		s = strings.TrimSuffix(s, ")")
+		if strings.Contains(cve.Cwe, "|") {
+			cwes = strings.Split(cve.Cwe, "|")
+		} else {
+			cwes = strings.Split(s, "->")
+		}
+	}
+
+	details := []string{}
+	for _, detail := range cve.Details {
+		details = append(details, detail.Detail)
+	}
+
+	v2score := 0.0
+	if cve.Cvss.CvssBaseScore != "" {
+		v2score, _ = strconv.ParseFloat(cve.Cvss.CvssBaseScore, 64)
+	}
+	v2severity := ""
+	if v2score != 0 {
+		v2severity = cve.ThreatSeverity
+	}
+
+	v3score := 0.0
+	if cve.Cvss3.Cvss3BaseScore != "" {
+		v3score, _ = strconv.ParseFloat(cve.Cvss3.Cvss3BaseScore, 64)
+	}
+	v3severity := ""
+	if v3score != 0 {
+		v3severity = cve.ThreatSeverity
+	}
+
+	var refs []models.Reference
+	for _, r := range cve.References {
+		refs = append(refs, models.Reference{Link: r.Reference})
+	}
+
+	return &models.CveContent{
+		Type:          models.RedHatAPI,
+		CveID:         cve.Name,
+		Title:         cve.Bugzilla.Description,
+		Summary:       strings.Join(details, "\n"),
+		Cvss2Score:    v2score,
+		Cvss2Vector:   cve.Cvss.CvssScoringVector,
+		Cvss2Severity: v2severity,
+		Cvss3Score:    v3score,
+		Cvss3Vector:   cve.Cvss3.Cvss3ScoringVector,
+		Cvss3Severity: v3severity,
+		References:    refs,
+		CweIDs:        cwes,
+		Mitigation:    cve.Mitigation,
+		Published:     cve.PublicDate,
+		SourceLink:    "https://access.redhat.com/security/cve/" + cve.Name,
+	}
+}

gost/util.go

@@ -0,0 +1,201 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package gost
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/parnurzeal/gorequest"
+)
+
+type response struct {
+	request request
+	json    string
+}
+
+func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []response, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- request{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					urlPrefix,
+					req.cveID,
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, fmt.Errorf("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+	}
+	return
+}
+
+type request struct {
+	osMajorVersion string
+	packName       string
+	isSrcPack      bool
+	cveID          string
+}
+
+func getAllUnfixedCvesViaHTTP(r *models.ScanResult, urlPrefix string) (
+	responses []response, err error) {
+
+	nReq := len(r.Packages) + len(r.SrcPackages)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, pack := range r.Packages {
+			reqChan <- request{
+				osMajorVersion: major(r.Release),
+				packName:       pack.Name,
+				isSrcPack:      false,
+			}
+		}
+		for _, pack := range r.SrcPackages {
+			reqChan <- request{
+				osMajorVersion: major(r.Release),
+				packName:       pack.Name,
+				isSrcPack:      true,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					urlPrefix,
+					req.packName,
+					"unfixed-cves",
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, fmt.Errorf("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+	}
+	return
+}
+
+func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- fmt.Errorf("HTTP Error %s", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- fmt.Errorf("HRetry count exceeded")
+		return
+	}
+
+	resChan <- response{
+		request: req,
+		json:    body,
+	}
+}

img/vuls-architecture.graphml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
-  <!--Created by yEd 3.14.2-->
+  <!--Created by yEd 3.17-->
   <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
   <key for="port" id="d1" yfiles.type="portgraphics"/>
   <key for="port" id="d2" yfiles.type="portgeometry"/>
@@ -20,7 +20,7 @@
           <y:Geometry height="50.0" width="80.0" x="1046.0141170024865" y="70.63541666666657"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" modelName="custom" textColor="#000000" visible="true" width="4.0" x="38.0" y="23.0">
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="38.0" y="23.0">
             <y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
@@ -37,20 +37,20 @@
         <y:ProxyAutoBoundsNode>
           <y:Realizers active="0">
             <y:GroupNode>
-              <y:Geometry height="289.5891316731771" width="171.0" x="1230.5282340049735" y="-28.09765625"/>
+              <y:Geometry height="292.34706624348956" width="171.0" x="1230.5282340049735" y="-30.855590820312443"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="171.0" x="0.0" y="0.0">Vulnerbility Database</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="171.0" x="0.0" y="0.0">Vulnerbility Database</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
-              <y:BorderInsets bottom="29" bottomF="28.96858723958337" left="29" leftF="29.35411262512207" right="27" rightF="26.64588737487793" top="27" topF="27.242065429687557"/>
+              <y:BorderInsets bottom="11" bottomF="11.256123860677178" left="29" leftF="29.35411262512207" right="27" rightF="26.64588737487793" top="0" topF="0.0"/>
             </y:GroupNode>
             <y:GroupNode>
               <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 1</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 1</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
@@ -63,10 +63,10 @@
         <node id="n1::n0">
           <data key="d6">
             <y:ShapeNode>
-              <y:Geometry height="70.0" width="85.0" x="1274.8823466300955" y="147.52288818359375"/>
+              <y:Geometry height="70.0" width="85.0" x="1274.8823466300955" y="85.52288818359375"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="63.279296875" x="10.8603515625" y="18.8671875">JVN
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.279296875" x="10.8603515625" y="18.8671875">JVN
 (Japanese)<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
@@ -81,10 +81,27 @@
         <node id="n1::n1">
           <data key="d6">
             <y:ShapeNode>
-              <y:Geometry height="70.0" width="85.0" x="1274.8823466300955" y="35.81042480468756"/>
+              <y:Geometry height="70.0" width="85.0" x="1274.8823466300955" y="5.810424804687557"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="29.69921875" x="27.650390625" y="25.93359375">NVD<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="29.69921875" x="27.650390625" y="25.93359375">NVD<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+            </y:ShapeNode>
+          </data>
+        </node>
+        <node id="n1::n2">
+          <data key="d6">
+            <y:ShapeNode>
+              <y:Geometry height="70.0" width="85.0" x="1274.8823466300955" y="165.23535156249994"/>
+              <y:Fill color="#C0C0C0" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="35.845703125" x="24.5771484375" y="25.93359375">OVAL<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -103,20 +120,20 @@
         <y:ProxyAutoBoundsNode>
           <y:Realizers active="0">
             <y:GroupNode>
-              <y:Geometry height="336.1141560872396" width="171.61765336990447" x="1227.3823466300955" y="315.76495361328136"/>
+              <y:Geometry height="336.82033284505223" width="171.61765336990447" x="1227.3823466300955" y="315.76495361328136"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="171.61765336990447" x="0.0" y="0.0">Distribution Support</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="171.61765336990447" x="0.0" y="0.0">Distribution Support</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
-              <y:BorderInsets bottom="12" bottomF="11.879109700520985" left="27" leftF="26.617653369904474" right="13" rightF="13.0" top="13" topF="12.569030761718636"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="27" leftF="26.617653369904474" right="13" rightF="13.292458057404474" top="13" topF="12.569030761718636"/>
             </y:GroupNode>
             <y:GroupNode>
               <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 2</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 2</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
@@ -132,7 +149,7 @@
               <y:Geometry height="50.0" width="100.0" x="1269.0" y="435.46048990885413"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="64.158203125" x="17.9208984375" y="8.8671875">apptitude
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="64.158203125" x="17.9208984375" y="8.8671875">apptitude
 changelog<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
@@ -150,7 +167,7 @@ changelog<y:LabelModel>
               <y:Geometry height="50.0" width="100.0" x="1270.0" y="365.0"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="64.158203125" x="17.9208984375" y="8.8671875">yum
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="64.158203125" x="17.9208984375" y="8.8671875">yum
 changelog<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
@@ -165,11 +182,12 @@ changelog<y:LabelModel>
         <node id="n2::n2">
           <data key="d6">
             <y:ShapeNode>
-              <y:Geometry height="50.0" width="100.0" x="1271.0" y="504.03875732421886"/>
+              <y:Geometry height="64.96826171875" width="100.0" x="1269.0" y="504.03875732421886"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="92.828125" x="3.5859375" y="8.8671875">RHSA (RedHat)
-ALAS (Amazon)<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="92.828125" x="3.5859375" y="9.284912109375">RHSA (RedHat)
+ALAS (Amazon)
+ELSA (Oracle)<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -183,10 +201,10 @@ ALAS (Amazon)<y:LabelModel>
         <node id="n2::n3">
           <data key="d6">
             <y:ShapeNode>
-              <y:Geometry height="50.0" width="100.0" x="1270.3823466300955" y="575.0"/>
+              <y:Geometry height="50.0" width="100.0" x="1270.3823466300955" y="587.5852864583336"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="100.650390625" x="-0.3251953125" y="15.93359375">FreeBSD Support<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="100.650390625" x="-0.3251953125" y="15.93359375">FreeBSD Support<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -205,7 +223,7 @@ ALAS (Amazon)<y:LabelModel>
           <y:Geometry height="50.0" width="56.554100036621094" x="1141.7229499816895" y="425.0"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" modelName="custom" textColor="#000000" visible="true" width="4.0" x="26.277050018310547" y="23.0">
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="26.277050018310547" y="23.0">
             <y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
@@ -225,7 +243,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="371.666015625" width="341.1769911504424" x="575.0" y="298.333984375"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="341.1769911504424" x="0.0" y="0.0">Vuls</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="341.1769911504424" x="0.0" y="0.0">Vuls</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
@@ -235,7 +253,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 3</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 3</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
@@ -251,7 +269,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="90.96302149178246" x="749.634165613148" y="349.1798612773512"/>
               <y:Fill color="#FFCC00" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="30.68359375" x="30.139713870891228" y="15.93359375">Scan<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="30.68359375" x="30.139713870891228" y="15.93359375">Scan<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -268,7 +286,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="90.96302149178268" x="598.6954804045512" y="455.0"/>
               <y:Fill color="#FFCC00" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="42.595703125" x="24.18365918339134" y="15.93359375">Report<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="42.595703125" x="24.18365918339134" y="15.93359375">Report<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -285,7 +303,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="90.96302149178268" x="715.9609671302148" y="575.0"/>
               <y:Fill color="#FFCC00" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="58.076171875" x="16.44342480839134" y="8.8671875">VulsRepo
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="58.076171875" x="16.44342480839134" y="8.8671875">VulsRepo
 (WebUI)<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
@@ -303,7 +321,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="90.96302149178268" x="810.2139696586597" y="575.0"/>
               <y:Fill color="#FFCC00" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="23.359375" x="33.80182324589134" y="15.93359375">TUI<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="23.359375" x="33.80182324589134" y="15.93359375">TUI<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -322,7 +340,7 @@ ALAS (Amazon)<y:LabelModel>
           <y:Geometry height="64.96826171875" width="56.554100036621094" x="691.7229499816895" y="717.515869140625"/>
           <y:Fill color="#CCCCFF" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="100.890625" x="-22.168262481689453" y="68.96826171875">System Operator<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="100.890625" x="-22.168262481689453" y="68.96826171875">System Operator<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -342,7 +360,7 @@ ALAS (Amazon)<y:LabelModel>
           <y:Geometry height="37.0" width="109.57881927490234" x="575.2105903625488" y="701.5"/>
           <y:Fill color="#CCCCFF" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" modelName="sandwich" modelPosition="s" textColor="#000000" visible="true" width="4.0" x="52.78940963745117" y="41.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="sandwich" modelPosition="s" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="52.78940963745117" y="41.0"/>
           <y:SVGNodeProperties usingVisualBounds="true"/>
           <y:SVGModel svgBoundsPolicy="0">
             <y:SVGContent refid="2"/>
@@ -356,7 +374,7 @@ ALAS (Amazon)<y:LabelModel>
           <y:Geometry height="24.0" width="35.0" x="689.5518331226297" y="663.3072060682681"/>
           <y:Fill color="#FFFFFFE6" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" modelName="custom" textColor="#000000" visible="true" width="4.0" x="15.5" y="28.0">
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="15.5" y="28.0">
             <y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
@@ -382,7 +400,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="293.63460286458337" width="322.9999999999998" x="574.4999999999998" y="-51.181884765625114"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="322.9999999999998" x="0.0" y="0.0">go-cve-dictionary</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="322.9999999999998" x="0.0" y="0.0">go-cve-dictionary / goval-dictionary</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
@@ -392,7 +410,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 4</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 4</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
@@ -408,7 +426,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="70.0" width="60.5" x="779.75" y="130.31282871019664"/>
               <y:Fill color="#99CCFF" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" modelName="custom" textColor="#000000" visible="true" width="4.0" x="28.25" y="33.0">
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="28.25" y="33.0">
                 <y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
@@ -416,7 +434,7 @@ ALAS (Amazon)<y:LabelModel>
                   <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
                 </y:ModelParameter>
               </y:NodeLabel>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="48.4140625" x="6.04296875" y="25.93359375">SQLite3<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="48.4140625" x="6.04296875" y="25.93359375">SQLite3<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -432,7 +450,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="101.0" x="626.7499999999997" y="142.23413085937491"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="73.943359375" x="13.5283203125" y="15.93359375">HTTP server<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="73.943359375" x="13.5283203125" y="15.93359375">HTTP server<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -449,7 +467,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="80.0" x="800.0" y="35.0"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="46.796875" x="16.6015625" y="15.93359375">Fetcher<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="46.796875" x="16.6015625" y="15.93359375">Fetcher<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -471,7 +489,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="201.49428304036473" width="161.48764324188164" x="964.6223485469814" y="296.7320760091144"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="161.48764324188164" x="0.0" y="0.0">Docker Containers</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="161.48764324188164" x="0.0" y="0.0">Docker/LXD</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
@@ -481,7 +499,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 5</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 5</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
@@ -497,7 +515,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="85.0" x="1011.6223485469814" y="433.22635904947913"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="71.91015625" x="6.544921875" y="15.93359375">DockerHost<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="30.794921875" x="27.1025390625" y="15.93359375">Host<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -514,8 +532,7 @@ ALAS (Amazon)<y:LabelModel>
               <y:Geometry height="50.0" width="85.0" x="1011.6223485469814" y="333.3980916341144"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="60.748046875" x="12.1259765625" y="8.8671875">Docker
-Container<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="60.748046875" x="12.1259765625" y="15.93359375">Container<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -537,7 +554,7 @@ Container<y:LabelModel>
               <y:Geometry height="131.666015625" width="168.0" x="964.6223485469814" y="516.3727416992189"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="168.0" x="0.0" y="0.0">Linux/FreeBSD</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="168.0" x="0.0" y="0.0">Linux/FreeBSD</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
@@ -547,7 +564,7 @@ Container<y:LabelModel>
               <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 6</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 6</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
@@ -563,7 +580,7 @@ Container<y:LabelModel>
               <y:Geometry height="50.0" width="85.0" x="1011.6223485469814" y="553.0387573242189"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="39.865234375" x="22.5673828125" y="15.93359375">Server<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="39.865234375" x="22.5673828125" y="15.93359375">Server<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -580,7 +597,7 @@ Container<y:LabelModel>
               <y:Geometry height="50.0" width="85.0" x="1032.6223485469814" y="566.4311319986981"/>
               <y:Fill color="#C0C0C0" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="39.865234375" x="22.5673828125" y="15.93359375">Server<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="39.865234375" x="22.5673828125" y="15.93359375">Server<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -602,7 +619,7 @@ Container<y:LabelModel>
               <y:Geometry height="108.94242662355293" width="124.0" x="739.0" y="434.05757337644707"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="124.0" x="0.0" y="0.0">results dir</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="124.0" x="0.0" y="0.0">results dir</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
@@ -612,7 +629,7 @@ Container<y:LabelModel>
               <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
               <y:Fill color="#F5F5F5" transparent="false"/>
               <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 7</y:NodeLabel>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 7</y:NodeLabel>
               <y:Shape type="roundrectangle"/>
               <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
               <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
@@ -628,7 +645,7 @@ Container<y:LabelModel>
               <y:Geometry height="36.0" width="76.0" x="754.0" y="470.72358900144707"/>
               <y:Fill color="#99CCFF" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="32.3828125" x="21.80859375" y="8.93359375">JSON<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="32.3828125" x="21.80859375" y="8.93359375">JSON<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -645,7 +662,7 @@ Container<y:LabelModel>
               <y:Geometry height="36.0" width="76.0" x="761.0" y="480.2981186685961"/>
               <y:Fill color="#99CCFF" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="32.3828125" x="21.80859375" y="8.93359375">JSON<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="32.3828125" x="21.80859375" y="8.93359375">JSON<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -662,7 +679,7 @@ Container<y:LabelModel>
               <y:Geometry height="36.0" width="76.0" x="772.0" y="492.0"/>
               <y:Fill color="#99CCFF" transparent="false"/>
               <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="32.3828125" x="21.80859375" y="8.93359375">JSON<y:LabelModel>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="32.3828125" x="21.80859375" y="8.93359375">JSON<y:LabelModel>
                   <y:SmartNodeLabelModel distance="4.0"/>
                 </y:LabelModel>
                 <y:ModelParameter>
@@ -676,13 +693,12 @@ Container<y:LabelModel>
       </graph>
     </node>
     <node id="n12">
-      <data key="d5"/>
       <data key="d6">
         <y:ImageNode>
           <y:Geometry height="116.06321112515802" width="97.39570164348925" x="445.4298356510746" y="571.968394437421"/>
           <y:Fill color="#CCCCFF" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" modelName="sandwich" modelPosition="s" textColor="#000000" visible="true" width="4.0" x="46.69785082174462" y="120.06321112515798"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="sandwich" modelPosition="s" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="46.69785082174462" y="120.06321112515798"/>
           <y:Image alphaImage="true" refid="3"/>
         </y:ImageNode>
       </data>
@@ -693,7 +709,7 @@ Container<y:LabelModel>
           <y:Geometry height="50.0" width="85.0" x="451.6276864728192" y="485.0"/>
           <y:Fill color="#C0C0C0" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="38.201171875" x="23.3994140625" y="8.8671875">Azure
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="38.201171875" x="23.3994140625" y="8.8671875">Azure
 BLOB<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
@@ -706,13 +722,12 @@ BLOB<y:LabelModel>
       </data>
     </node>
     <node id="n14">
-      <data key="d5"/>
       <data key="d6">
         <y:GenericNode configuration="com.yworks.flowchart.card">
           <y:Geometry height="40.0" width="39.02970922882429" x="390.97029077117577" y="490.0"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="29.828125" x="4.600792114412172" y="10.93359375">.xml<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="29.828125" x="4.6007921144121156" y="10.93359375">.xml<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -723,13 +738,12 @@ BLOB<y:LabelModel>
       </data>
     </node>
     <node id="n15">
-      <data key="d5"/>
       <data key="d6">
         <y:GenericNode configuration="com.yworks.flowchart.card">
           <y:Geometry height="40.0" width="39.02970922882429" x="389.4630622503162" y="587.4087217193426"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="24.1328125" x="7.4484483644121156" y="10.93359375">.txt<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="24.1328125" x="7.448448364412172" y="10.93359375">.txt<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -740,13 +754,12 @@ BLOB<y:LabelModel>
       </data>
     </node>
     <node id="n16">
-      <data key="d5"/>
       <data key="d6">
         <y:GenericNode configuration="com.yworks.flowchart.card">
           <y:Geometry height="40.0" width="39.02970922882429" x="389.9353177243998" y="538.8895352718077"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="32.3828125" x="3.3234483644121156" y="10.93359375">.json<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="32.3828125" x="3.3234483644121724" y="10.93359375">.json<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -757,13 +770,12 @@ BLOB<y:LabelModel>
       </data>
     </node>
     <node id="n17">
-      <data key="d5"/>
       <data key="d6">
         <y:GenericNode configuration="com.yworks.flowchart.card">
           <y:Geometry height="40.0" width="39.02970922882429" x="389.7450294816688" y="640.0"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="22.158203125" x="8.435753051912116" y="10.93359375">.gz<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="22.158203125" x="8.435753051912116" y="10.93359375">.gz<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -779,7 +791,7 @@ BLOB<y:LabelModel>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="none"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="106.240234375" x="28.568307252002455" y="48.099340559462576">Fetch 
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="106.240234375" x="28.568307252002455" y="48.099340559462576">Fetch 
 Vulnerability data<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
@@ -798,7 +810,7 @@ Vulnerability data<y:LabelModel>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="34.626953125" x="-4.560574684247513" y="24.771374369551154">HTTP<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="34.626953125" x="-4.628977826813298" y="24.803594807609784">HTTP<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -816,7 +828,7 @@ Vulnerability data<y:LabelModel>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="34.626953125" x="42.345150113104864" y="26.521800272057305">HTTP<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="34.626953125" x="42.457454800604864" y="26.157886474797976">HTTP<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -834,14 +846,6 @@ Vulnerability data<y:LabelModel>
           <y:Path sx="0.0" sy="0.0" tx="2.1630847029074403" ty="11.890644753476522"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="40.275390625" x="-14.861825373422448" y="-25.77642822265625">WebUI<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="124.43524707167697" distanceToCenter="true" position="center" ratio="0.0" segment="0"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
           <y:BendStyle smoothed="false"/>
         </y:PolyLineEdge>
       </data>
@@ -852,7 +856,7 @@ Vulnerability data<y:LabelModel>
           <y:Path sx="44.363642405794096" sy="24.54915453361525" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="bold" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#0000FF" visible="true" width="27.07421875" x="76.88603771593068" y="105.56250755816848">SSH<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="bold" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#0000FF" verticalTextPosition="bottom" visible="true" width="27.07421875" x="76.88603771593068" y="105.56250755816848">SSH<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -870,7 +874,7 @@ Vulnerability data<y:LabelModel>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="bold" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#0000FF" visible="true" width="27.07421875" x="71.96010962283094" y="-0.07972829529296632">SSH<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="bold" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#0000FF" verticalTextPosition="bottom" visible="true" width="27.07421875" x="71.96010962283094" y="-0.07972829529296632">SSH<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -888,11 +892,12 @@ Vulnerability data<y:LabelModel>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="bold" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#0000FF" visible="true" width="77.576171875" x="-68.78805184364364" y="-33.974731445312614">docker exec<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="bold" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#0000FF" verticalTextPosition="bottom" visible="true" width="77.576171875" x="-86.46309207519198" y="-41.560991819769924">docker exec
+lxc exec<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="left" ratio="0.5" segment="0"/>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="47.67504023154834" distanceToCenter="true" position="left" ratio="0.5687397467585064" segment="-1"/>
             </y:ModelParameter>
             <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
           </y:EdgeLabel>
@@ -926,7 +931,7 @@ Vulnerability data<y:LabelModel>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="37.10546875" x="-56.200249246840485" y="13.59000810509832">Insert<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="37.10546875" x="-56.200249246840485" y="13.59000810509832">Insert<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -938,31 +943,13 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e8" source="n6" target="n5">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="38.875" x="3.063580934131096" y="-107.12398849561202">Notify<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="100.14105708039112" distanceToCenter="true" position="left" ratio="-56.992693208601096" segment="-1"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
     <edge id="n8::e1" source="n8::n1" target="n8::n0">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="37.9375" x="7.031249999999773" y="20.56044056577005">Select<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="37.9375" x="7.031249999999773" y="20.56044056577005">Select<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -974,7 +961,7 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e9" source="n4::n0" target="n11">
+    <edge id="e8" source="n4::n0" target="n11">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -984,8 +971,7 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e10" source="n4::n1" target="n11">
-      <data key="d9"/>
+    <edge id="e9" source="n4::n1" target="n11">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -995,8 +981,7 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e11" source="n4::n1" target="n5">
-      <data key="d9"/>
+    <edge id="e10" source="n4::n1" target="n5">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -1006,8 +991,7 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e12" source="n4::n1" target="n6">
-      <data key="d9"/>
+    <edge id="e11" source="n4::n1" target="n6">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -1017,8 +1001,7 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e13" source="n4::n1" target="n8">
-      <data key="d9"/>
+    <edge id="e12" source="n4::n1" target="n8">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -1028,8 +1011,7 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e14" source="n4::n2" target="n11">
-      <data key="d9"/>
+    <edge id="e13" source="n4::n2" target="n11">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -1039,14 +1021,13 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e15" source="n4::n1" target="n12">
-      <data key="d9"/>
+    <edge id="e14" source="n4::n1" target="n12">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="22.568359375" x="-77.34538676739476" y="14.553670286396482">Put<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="22.568359375" x="-77.34538676739476" y="14.553670286396482">Put<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -1058,8 +1039,7 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e16" source="n4::n1" target="n13">
-      <data key="d9"/>
+    <edge id="e15" source="n4::n1" target="n13">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -1069,8 +1049,7 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e17" source="n4::n3" target="n11">
-      <data key="d9"/>
+    <edge id="e16" source="n4::n3" target="n11">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -1080,14 +1059,13 @@ Vulnerability data<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e18" source="n5" target="n4::n3">
-      <data key="d9"/>
+    <edge id="e17" source="n5" target="n4::n3">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="95.939453125" x="30.74393308155709" y="-58.42560122139275">     View Results
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="95.939453125" x="30.74393308155709" y="-58.42560122139275">     View Results
  on Terminal<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>

img/vuls-scan-flow-fast.graphml

@@ -0,0 +1,414 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
+  <!--Created by yEd 3.17-->
+  <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
+  <key for="port" id="d1" yfiles.type="portgraphics"/>
+  <key for="port" id="d2" yfiles.type="portgeometry"/>
+  <key for="port" id="d3" yfiles.type="portuserdata"/>
+  <key attr.name="url" attr.type="string" for="node" id="d4"/>
+  <key attr.name="description" attr.type="string" for="node" id="d5"/>
+  <key for="node" id="d6" yfiles.type="nodegraphics"/>
+  <key for="graphml" id="d7" yfiles.type="resources"/>
+  <key attr.name="url" attr.type="string" for="edge" id="d8"/>
+  <key attr.name="description" attr.type="string" for="edge" id="d9"/>
+  <key for="edge" id="d10" yfiles.type="edgegraphics"/>
+  <graph edgedefault="directed" id="G">
+    <data key="d0"/>
+    <node id="n0">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="0.0"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="83.482421875" x="92.2587890625" y="18.93359375">Detect the OS<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n1">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.decision">
+          <y:Geometry height="40.0" width="80.0" x="403.6849206349206" y="206.44247787610618"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="38.0" y="18.0">
+            <y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n2">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="90.44247787610618" width="268.0" x="309.6849206349206" y="86.0"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="right" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="88.796875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="0.8228014380530908">Get installed packages
+Alpine: apk
+Debian/Ubuntu: dpkg-query
+Amazon/RHEL/CentOS: rpm
+SUSE: zypper
+FreeBSD: pkg<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n3">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="630.0546766682629"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="152.634765625" x="57.6826171875" y="18.93359375">Write results to JSON files<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n4">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="287.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="232.744140625" x="17.6279296875" y="4.80078125">Get CVE IDs by using package manager
+Amazon: yum plugin security
+FreeBSD: pkg audit<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n5">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="750.4705298628534"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="42.595703125" x="112.7021484375" y="18.93359375">Report<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n6" yfiles.foldertype="group">
+      <data key="d4"/>
+      <data key="d6">
+        <y:ProxyAutoBoundsNode>
+          <y:Realizers active="0">
+            <y:GroupNode>
+              <y:Geometry height="116.89483989807195" width="333.6788874841973" x="234.29467728596296" y="709.1901021013174"/>
+              <y:Fill color="#F5F5F5" transparent="false"/>
+              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="333.6788874841973" x="0.0" y="0.0">Vulnerability Database</y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+              <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+              <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+            </y:GroupNode>
+            <y:GroupNode>
+              <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
+              <y:Fill color="#F5F5F5" transparent="false"/>
+              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 1</y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+              <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+              <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+            </y:GroupNode>
+          </y:Realizers>
+        </y:ProxyAutoBoundsNode>
+      </data>
+      <graph edgedefault="directed" id="n6:">
+        <node id="n6::n0">
+          <data key="d6">
+            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
+              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="416.1341210280616" y="745.8561177263174"/>
+              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="117.970703125" x="9.434370308549205" y="23.548005886535975">CVE DB (NVD / JVN)<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+            </y:GenericNode>
+          </data>
+        </node>
+        <node id="n6::n1">
+          <data key="d6">
+            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
+              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="249.29467728596296" y="745.8561177263174"/>
+              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.533203125" x="40.653120308549205" y="23.548005886535975">OVAL DB<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+            </y:GenericNode>
+          </data>
+        </node>
+      </graph>
+    </node>
+    <node id="n7">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="27.144753476611868" y="287.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="260.83984375" x="3.580078125" y="11.8671875">Check upgradable packages
+Debian/Ubuntu: apt-get upgrade --dry-run<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n8">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.loopLimit">
+          <y:Geometry height="51.10998735777497" width="137.19216182048035" x="92.54867256637169" y="376.28592169721867"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="131.751953125" x="2.7201043477401754" y="9.422181178887513">foreach 
+upgradable  packages<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="5.551115123125783E-16" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n9">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="27.144753476611868" y="459.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="213.619140625" x="27.1904296875" y="11.8671875">Parse changelog and get  CVE IDs
+Debian/Ubuntu: aptitude changelog<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n10">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.loopLimitEnd">
+          <y:Geometry height="50.0" width="137.0" x="92.64475347661187" y="545.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.24609375" x="40.876953125" y="15.93359375">end loop<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <edge id="e0" source="n2" target="n1">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="45.22123893805309" tx="0.0" ty="-20.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e1" source="n1" target="n4">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="40.0" sy="0.0" tx="0.0" ty="-28.0">
+            <y:Point x="743.3698412698412" y="226.44247787610618"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="183.35883739927397" y="2.000003510871693">Amazon
+FreeBSD<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="right" ratio="0.7796030035582084" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e2" source="n0" target="n2">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-45.22123893805309"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e3" source="n5" target="n6">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="10.8330078125"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e4" source="n1" target="n3">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="-123.36984126984123" ty="0.0">
+            <y:Point x="443.6849206349206" y="658.0546766682629"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="102.9296875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="77.078125" x="-97.68364242524859" y="5.005267793098369">Alpine Linux
+CentOS
+RHEL
+Ubuntu
+Debian
+Oracle Linux
+Suse<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="59.14459455430983" distanceToCenter="true" position="right" ratio="0.0" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e5" source="n4" target="n3">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e6" source="n7" target="n8">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.554993678887485"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e7" source="n8" target="n9">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="25.554993678887485" tx="0.0" ty="-28.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e8" source="n9" target="n10">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e9" source="n3" target="n5">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e10" source="n1" target="n7">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
+            <y:Point x="161.14475347661187" y="226.44247787610618"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="56.98046875" x="-196.80057112212188" y="20.933597260871807">Raspbian<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="left" ratio="0.6447921222409765" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e11" source="n10" target="n3">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="-125.78842258255952" ty="0.0">
+            <y:Point x="161.14475347661187" y="658.0546766682629"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+  </graph>
+  <data key="d7">
+    <y:Resources/>
+  </data>
+</graphml>

img/vuls-scan-flow.graphml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
-  <!--Created by yEd 3.14.2-->
+  <!--Created by yEd 3.17-->
   <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
   <key for="port" id="d1" yfiles.type="portgraphics"/>
   <key for="port" id="d2" yfiles.type="portgeometry"/>
@@ -20,7 +20,7 @@
           <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="0.0"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="83.482421875" x="92.2587890625" y="18.93359375">Detect the OS<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="83.482421875" x="92.2587890625" y="18.93359375">Detect the OS<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -36,7 +36,7 @@
           <y:Geometry height="40.0" width="80.0" x="403.6849206349206" y="206.44247787610618"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" modelName="custom" textColor="#000000" visible="true" width="4.0" x="38.0" y="18.0">
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="38.0" y="18.0">
             <y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
@@ -53,10 +53,12 @@
           <y:Geometry height="90.44247787610618" width="268.0" x="309.6849206349206" y="86.0"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="60.53125" modelName="custom" textColor="#000000" visible="true" width="170.763671875" x="48.61816406250006" y="14.95561393805309">Get installed packages
+          <y:NodeLabel alignment="right" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="88.796875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="0.8228014380530908">Get installed packages
+Alpine Linux: apk
 Debian/Ubuntu: dpkg-query
 Amazon/RHEL/CentOS: rpm
-FreeBSD: pkg<y:LabelModel>
+FreeBSD: pkg
+SUSE: zypper<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -72,7 +74,7 @@ FreeBSD: pkg<y:LabelModel>
           <y:Geometry height="56.0" width="268.0" x="10.0" y="287.8409153761062"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="260.83984375" x="3.580078125" y="11.8671875">Check upgradable packages
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="260.83984375" x="3.580078125" y="11.8671875">Check upgradable packages
 Debian/Ubuntu: apt-get upgrade --dry-run<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
@@ -89,7 +91,7 @@ Debian/Ubuntu: apt-get upgrade --dry-run<y:LabelModel>
           <y:Geometry height="51.10998735777497" width="137.19216182048035" x="75.40391908975982" y="376.28592169721867"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="131.751953125" x="2.7201043477401754" y="9.422181178887513">foreach 
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="131.751953125" x="2.7201043477401754" y="9.422181178887513">foreach 
 upgradable  packages<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
@@ -106,7 +108,7 @@ upgradable  packages<y:LabelModel>
           <y:Geometry height="56.0" width="268.0" x="10.0" y="459.8409153761062"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="213.619140625" x="27.1904296875" y="11.8671875">Parse changelog and get  CVE IDs
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="213.619140625" x="27.1904296875" y="11.8671875">Parse changelog and get  CVE IDs
 Debian/Ubuntu: aptitude changelog<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
@@ -123,7 +125,7 @@ Debian/Ubuntu: aptitude changelog<y:LabelModel>
           <y:Geometry height="50.0" width="137.0" x="75.5" y="545.8409153761062"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="55.24609375" x="40.876953125" y="15.93359375">end loop<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.24609375" x="40.876953125" y="15.93359375">end loop<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -139,7 +141,7 @@ Debian/Ubuntu: aptitude changelog<y:LabelModel>
           <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="625.8409153761062"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="194.904296875" x="36.5478515625" y="18.93359375">Select the CVE detail information<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="152.634765625" x="57.6826171875" y="18.93359375">Write results to JSON files<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -155,7 +157,7 @@ Debian/Ubuntu: aptitude changelog<y:LabelModel>
           <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="287.8409153761062"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" modelName="custom" textColor="#000000" visible="true" width="232.744140625" x="17.6279296875" y="4.80078125">Get CVE IDs by using package manager
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="232.744140625" x="17.6279296875" y="4.80078125">Get CVE IDs by using package manager
 Amazon/RHEL: yum plugin security
 FreeBSD: pkg audit<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
@@ -168,29 +170,12 @@ FreeBSD: pkg audit<y:LabelModel>
       </data>
     </node>
     <node id="n9">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.dataBase">
-          <y:Geometry height="65.22882427307195" width="136.83944374209864" x="411.5802781289507" y="687.385587863464"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="117.970703125" x="9.434370308549205" y="23.548005886535975">CVE DB (NVD / JVN)<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n10">
       <data key="d6">
         <y:GenericNode configuration="com.yworks.flowchart.process">
           <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="716.4553275126422"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="152.634765625" x="57.6826171875" y="11.8671875">Write results to JSON files
-Reporting<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="42.595703125" x="112.7021484375" y="18.93359375">Report<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -200,14 +185,14 @@ Reporting<y:LabelModel>
         </y:GenericNode>
       </data>
     </node>
-    <node id="n11">
+    <node id="n10">
       <data key="d6">
         <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="287.8409153761062"/>
+          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="371.39590905499364"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" textColor="#000000" visible="true" width="293.06640625" x="-12.533203124999943" y="11.8671875">Get all changelogs of updatable packages at once
-CentOS: yum update --changelog<y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="293.06640625" x="-12.533203124999943" y="11.8671875">Get all changelogs of updatable packages at once
+yum changelog<y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -217,13 +202,13 @@ CentOS: yum update --changelog<y:LabelModel>
         </y:GenericNode>
       </data>
     </node>
-    <node id="n12">
+    <node id="n11">
       <data key="d6">
         <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="373.8409153761062"/>
+          <y:Geometry height="56.0" width="268.0" x="309.68492063492056" y="459.8409153761062"/>
           <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
           <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="205.52734375" x="31.236328125000057" y="18.93359375">Parse changelogs and get CVE IDs <y:LabelModel>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="205.52734375" x="31.236328125000057" y="18.93359375">Parse changelogs and get CVE IDs <y:LabelModel>
               <y:SmartNodeLabelModel distance="4.0"/>
             </y:LabelModel>
             <y:ModelParameter>
@@ -233,6 +218,86 @@ CentOS: yum update --changelog<y:LabelModel>
         </y:GenericNode>
       </data>
     </node>
+    <node id="n12">
+      <data key="d6">
+        <y:GenericNode configuration="com.yworks.flowchart.process">
+          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="373.8409153761062"/>
+          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+          <y:BorderStyle color="#000000" type="line" width="1.0"/>
+          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="293.06640625" x="-12.533203124999886" y="11.8671875">Get all changelogs of updatable packages at once
+Amazon / RHEL: yum changelog<y:LabelModel>
+              <y:SmartNodeLabelModel distance="4.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+            </y:ModelParameter>
+          </y:NodeLabel>
+        </y:GenericNode>
+      </data>
+    </node>
+    <node id="n13" yfiles.foldertype="group">
+      <data key="d4"/>
+      <data key="d6">
+        <y:ProxyAutoBoundsNode>
+          <y:Realizers active="0">
+            <y:GroupNode>
+              <y:Geometry height="116.89483989807195" width="333.6788874841973" x="229.74083438685204" y="675.1748997511062"/>
+              <y:Fill color="#F5F5F5" transparent="false"/>
+              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="333.6788874841973" x="0.0" y="0.0">Vulnerability Database</y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+              <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+              <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+            </y:GroupNode>
+            <y:GroupNode>
+              <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
+              <y:Fill color="#F5F5F5" transparent="false"/>
+              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 1</y:NodeLabel>
+              <y:Shape type="roundrectangle"/>
+              <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+              <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
+              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+            </y:GroupNode>
+          </y:Realizers>
+        </y:ProxyAutoBoundsNode>
+      </data>
+      <graph edgedefault="directed" id="n13:">
+        <node id="n13::n0">
+          <data key="d6">
+            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
+              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="411.5802781289507" y="711.8409153761062"/>
+              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="117.970703125" x="9.434370308549205" y="23.548005886535975">CVE DB (NVD / JVN)<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+            </y:GenericNode>
+          </data>
+        </node>
+        <node id="n13::n1">
+          <data key="d6">
+            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
+              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="244.74083438685204" y="711.8409153761062"/>
+              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
+              <y:BorderStyle color="#000000" type="line" width="1.0"/>
+              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.533203125" x="40.653120308549205" y="23.548005886535975">OVAL DB<y:LabelModel>
+                  <y:SmartNodeLabelModel distance="4.0"/>
+                </y:LabelModel>
+                <y:ModelParameter>
+                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+                </y:ModelParameter>
+              </y:NodeLabel>
+            </y:GenericNode>
+          </data>
+        </node>
+      </graph>
+    </node>
     <edge id="e0" source="n2" target="n1">
       <data key="d10">
         <y:PolyLineEdge>
@@ -251,12 +316,13 @@ CentOS: yum update --changelog<y:LabelModel>
           </y:Path>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="46.697265625" x="-56.79057374984495" y="-34.26562148912808">Debian
-Ubuntu<y:LabelModel>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="56.98046875" x="-257.65322875976574" y="2.0000035108718635">Debian
+Ubuntu
+Raspbian<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="right" ratio="0.02215389573439544" segment="0"/>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="left" ratio="0.8652035780364729" segment="0"/>
             </y:ModelParameter>
             <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
           </y:EdgeLabel>
@@ -314,13 +380,13 @@ Ubuntu<y:LabelModel>
           </y:Path>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="51.806640625" x="10.125014629061297" y="-48.39843398912805">Amazon
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="200.87829463898197" y="4.000003510871693">Amazon
 RHEL
 FreeBSD<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="left" ratio="0.022401276994204813" segment="0"/>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="6.999999999999886" distanceToCenter="false" position="right" ratio="0.8192728556300707" segment="-1"/>
             </y:ModelParameter>
             <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
           </y:EdgeLabel>
@@ -328,17 +394,7 @@ FreeBSD<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e7" source="n8" target="n7">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-28.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e8" source="n0" target="n2">
+    <edge id="e7" source="n0" target="n2">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-45.22123893805309"/>
@@ -348,7 +404,7 @@ FreeBSD<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e9" source="n7" target="n10">
+    <edge id="e8" source="n7" target="n9">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-28.0"/>
@@ -358,29 +414,17 @@ FreeBSD<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e10" source="n7" target="n9">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="-134.01566143419018" sy="6.159084623893818" tx="0.0" ty="-29.333162136535975">
-            <y:Point x="480.0" y="660.0"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e11" source="n1" target="n11">
+    <edge id="e9" source="n1" target="n10">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="20.0" tx="0.0" ty="-28.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" visible="true" width="46.708984375" x="-53.35447755843876" y="11.632816010871807">CentOS<y:LabelModel>
+          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="46.708984375" x="-53.35447755843876" y="5.000003510871807">CentOS<y:LabelModel>
               <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
             </y:LabelModel>
             <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="right" ratio="0.5" segment="0"/>
+              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="right" ratio="0.0" segment="0"/>
             </y:ModelParameter>
             <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
           </y:EdgeLabel>
@@ -388,7 +432,7 @@ FreeBSD<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
-    <edge id="e12" source="n11" target="n12">
+    <edge id="e10" source="n10" target="n11">
       <data key="d10">
         <y:PolyLineEdge>
           <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-28.0"/>
@@ -398,18 +442,72 @@ FreeBSD<y:LabelModel>
         </y:PolyLineEdge>
       </data>
     </edge>
+    <edge id="e11" source="n11" target="n7">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="-24.34091537610618">
+            <y:Point x="743.3698412698412" y="487.8409153761062"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e12" source="n8" target="n12">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="standard"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
     <edge id="e13" source="n12" target="n7">
       <data key="d10">
         <y:PolyLineEdge>
-          <y:Path sx="134.00000000000006" sy="0.0" tx="0.0" ty="-28.0">
-            <y:Point x="743.3698412698412" y="401.8409153761062"/>
-          </y:Path>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
           <y:LineStyle color="#000000" type="line" width="1.0"/>
           <y:Arrows source="none" target="standard"/>
           <y:BendStyle smoothed="false"/>
         </y:PolyLineEdge>
       </data>
     </edge>
+    <edge id="e14" source="n9" target="n13">
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="10.8330078125"/>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
+    <edge id="e15" source="n1" target="n7">
+      <data key="d9"/>
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
+            <y:Point x="999.0" y="226.44247787610618"/>
+            <y:Point x="999.0" y="570.8409153761062"/>
+            <y:Point x="743.3698412698412" y="570.8409153761062"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="76.8203125" x="422.923942251054" y="13.867191010871807">Alpine Linux
+SUSE<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="right" ratio="0.8856709076027529" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
   </graph>
   <data key="d7">
     <y:Resources/>

main.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -25,17 +25,10 @@ import (
 	"context"
 
 	"github.com/future-architect/vuls/commands"
+	"github.com/future-architect/vuls/config"
 	"github.com/google/subcommands"
-
-	_ "github.com/mattn/go-sqlite3"
 )
 
-// Version of Vuls
-var version = "0.2.0"
-
-// Revision of Git
-var revision string
-
 func main() {
 	subcommands.Register(subcommands.HelpCommand(), "")
 	subcommands.Register(subcommands.FlagsCommand(), "")
@@ -43,17 +36,17 @@ func main() {
 	subcommands.Register(&commands.DiscoverCmd{}, "discover")
 	subcommands.Register(&commands.TuiCmd{}, "tui")
 	subcommands.Register(&commands.ScanCmd{}, "scan")
-	subcommands.Register(&commands.PrepareCmd{}, "prepare")
 	subcommands.Register(&commands.HistoryCmd{}, "history")
 	subcommands.Register(&commands.ReportCmd{}, "report")
 	subcommands.Register(&commands.ConfigtestCmd{}, "configtest")
+	subcommands.Register(&commands.ServerCmd{}, "server")
 
 	var v = flag.Bool("v", false, "Show version")
 
 	flag.Parse()
 
 	if *v {
-		fmt.Printf("vuls %s %s\n", version, revision)
+		fmt.Printf("vuls %s %s\n", config.Version, config.Revision)
 		os.Exit(int(subcommands.ExitSuccess))
 	}
 

models/cvecontents.go

@@ -0,0 +1,317 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"time"
+)
+
+// CveContents has CveContent
+type CveContents map[CveContentType]CveContent
+
+// NewCveContents create CveContents
+func NewCveContents(conts ...CveContent) CveContents {
+	m := CveContents{}
+	for _, cont := range conts {
+		m[cont.Type] = cont
+	}
+	return m
+}
+
+// CveContentStr has CveContentType and Value
+type CveContentStr struct {
+	Type  CveContentType
+	Value string
+}
+
+// Except returns CveContents except given keys for enumeration
+func (v CveContents) Except(exceptCtypes ...CveContentType) (values CveContents) {
+	values = CveContents{}
+	for ctype, content := range v {
+		found := false
+		for _, exceptCtype := range exceptCtypes {
+			if ctype == exceptCtype {
+				found = true
+				break
+			}
+		}
+		if !found {
+			values[ctype] = content
+		}
+	}
+	return
+}
+
+// SourceLinks returns link of source
+func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveContentStr) {
+	if lang == "ja" {
+		if cont, found := v[Jvn]; found && 0 < len(cont.SourceLink) {
+			values = append(values, CveContentStr{Jvn, cont.SourceLink})
+		}
+	}
+
+	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found {
+			values = append(values, CveContentStr{ctype, cont.SourceLink})
+		}
+	}
+
+	if len(values) == 0 {
+		return []CveContentStr{{
+			Type:  Nvd,
+			Value: "https://nvd.nist.gov/vuln/detail/" + cveID,
+		}}
+	}
+	return values
+}
+
+/*
+// Severities returns Severities
+func (v CveContents) Severities(myFamily string) (values []CveContentStr) {
+	order := CveContentTypes{NVD, NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found && 0 < len(cont.Severity) {
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: cont.Severity,
+			})
+		}
+	}
+	return
+}
+*/
+
+// CveContentCpes has CveContentType and Value
+type CveContentCpes struct {
+	Type  CveContentType
+	Value []Cpe
+}
+
+// Cpes returns affected CPEs of this Vulnerability
+func (v CveContents) Cpes(myFamily string) (values []CveContentCpes) {
+	order := CveContentTypes{NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found && 0 < len(cont.Cpes) {
+			values = append(values, CveContentCpes{
+				Type:  ctype,
+				Value: cont.Cpes,
+			})
+		}
+	}
+	return
+}
+
+// CveContentRefs has CveContentType and Cpes
+type CveContentRefs struct {
+	Type  CveContentType
+	Value []Reference
+}
+
+// References returns References
+func (v CveContents) References(myFamily string) (values []CveContentRefs) {
+	order := CveContentTypes{NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found && 0 < len(cont.References) {
+			values = append(values, CveContentRefs{
+				Type:  ctype,
+				Value: cont.References,
+			})
+		}
+	}
+	return
+}
+
+// CweIDs returns related CweIDs of the vulnerability
+func (v CveContents) CweIDs(myFamily string) (values []CveContentStr) {
+	order := CveContentTypes{NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+	for _, ctype := range order {
+		if cont, found := v[ctype]; found && 0 < len(cont.CweIDs) {
+			for _, cweID := range cont.CweIDs {
+				for _, val := range values {
+					if val.Value == cweID {
+						continue
+					}
+				}
+				values = append(values, CveContentStr{
+					Type:  ctype,
+					Value: cweID,
+				})
+			}
+		}
+	}
+	return
+}
+
+// UniqCweIDs returns Uniq CweIDs
+func (v CveContents) UniqCweIDs(myFamily string) (values []CveContentStr) {
+	uniq := map[string]CveContentStr{}
+	for _, cwes := range v.CweIDs(myFamily) {
+		uniq[cwes.Value] = cwes
+	}
+	for _, cwe := range uniq {
+		values = append(values, cwe)
+	}
+	return values
+}
+
+// CveContent has abstraction of various vulnerability information
+type CveContent struct {
+	Type          CveContentType    `json:"type"`
+	CveID         string            `json:"cveID"`
+	Title         string            `json:"title"`
+	Summary       string            `json:"summary"`
+	Cvss2Score    float64           `json:"cvss2Score"`
+	Cvss2Vector   string            `json:"cvss2Vector"`
+	Cvss2Severity string            `json:"cvss2Severity"`
+	Cvss3Score    float64           `json:"cvss3Score"`
+	Cvss3Vector   string            `json:"cvss3Vector"`
+	Cvss3Severity string            `json:"cvss3Severity"`
+	SourceLink    string            `json:"sourceLink"`
+	Cpes          []Cpe             `json:"cpes,omitempty"`
+	References    References        `json:"references,omitempty"`
+	CweIDs        []string          `json:"cweIDs,omitempty"`
+	Published     time.Time         `json:"published"`
+	LastModified  time.Time         `json:"lastModified"`
+	Mitigation    string            `json:"mitigation"` // RedHat API
+	Optional      map[string]string `json:"optional,omitempty"`
+}
+
+// Empty checks the content is empty
+func (c CveContent) Empty() bool {
+	return c.Summary == ""
+}
+
+// CveContentType is a source of CVE information
+type CveContentType string
+
+// NewCveContentType create CveContentType
+func NewCveContentType(name string) CveContentType {
+	switch name {
+	case "nvdxml":
+		return NvdXML
+	case "nvd":
+		return Nvd
+	case "jvn":
+		return Jvn
+	case "redhat", "centos":
+		return RedHat
+	case "oracle":
+		return Oracle
+	case "ubuntu":
+		return Ubuntu
+	case "debian":
+		return Debian
+	case "redhat_api":
+		return RedHatAPI
+	case "debian_security_tracker":
+		return DebianSecurityTracker
+	default:
+		return Unknown
+	}
+}
+
+const (
+	// NvdXML is NvdXML
+	NvdXML CveContentType = "nvdxml"
+
+	// Nvd is Nvd
+	Nvd CveContentType = "nvd"
+
+	// Jvn is Jvn
+	Jvn CveContentType = "jvn"
+
+	// RedHat is RedHat
+	RedHat CveContentType = "redhat"
+
+	// RedHatAPI is RedHat
+	RedHatAPI CveContentType = "redhat_api"
+
+	// DebianSecurityTracker is Debian Secury tracker
+	DebianSecurityTracker CveContentType = "debian_security_tracker"
+
+	// Debian is Debian
+	Debian CveContentType = "debian"
+
+	// Ubuntu is Ubuntu
+	Ubuntu CveContentType = "ubuntu"
+
+	// Oracle is Oracle Linux
+	Oracle CveContentType = "oracle"
+
+	// SUSE is SUSE Linux
+	SUSE CveContentType = "suse"
+
+	// Unknown is Unknown
+	Unknown CveContentType = "unknown"
+)
+
+// CveContentTypes has slide of CveContentType
+type CveContentTypes []CveContentType
+
+// AllCveContetTypes has all of CveContentTypes
+var AllCveContetTypes = CveContentTypes{
+	Nvd,
+	NvdXML,
+	Jvn,
+	RedHat,
+	Debian,
+	Ubuntu,
+	RedHatAPI,
+	DebianSecurityTracker,
+}
+
+// Except returns CveContentTypes except for given args
+func (c CveContentTypes) Except(excepts ...CveContentType) (excepted CveContentTypes) {
+	for _, ctype := range c {
+		found := false
+		for _, except := range excepts {
+			if ctype == except {
+				found = true
+				break
+			}
+		}
+		if !found {
+			excepted = append(excepted, ctype)
+		}
+	}
+	return
+}
+
+// Cpe is Common Platform Enumeration
+type Cpe struct {
+	URI             string `json:"uri"`
+	FormattedString string `json:"formattedString"`
+}
+
+// References is a slice of Reference
+type References []Reference
+
+// Reference has a related link of the CVE
+type Reference struct {
+	Source string `json:"source"`
+	Link   string `json:"link"`
+	RefID  string `json:"refID"`
+}

models/cvecontents_test.go

@@ -0,0 +1,206 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package models
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestExcept(t *testing.T) {
+	var tests = []struct {
+		in  CveContents
+		out CveContents
+	}{{
+		in: CveContents{
+			RedHat: {Type: RedHat},
+			Ubuntu: {Type: Ubuntu},
+			Debian: {Type: Debian},
+		},
+		out: CveContents{
+			RedHat: {Type: RedHat},
+		},
+	},
+	}
+	for _, tt := range tests {
+		actual := tt.in.Except(Ubuntu, Debian)
+		if !reflect.DeepEqual(tt.out, actual) {
+			t.Errorf("\nexpected: %v\n  actual: %v\n", tt.out, actual)
+		}
+	}
+}
+
+func TestSourceLinks(t *testing.T) {
+	type in struct {
+		lang  string
+		cveID string
+		cont  CveContents
+	}
+	var tests = []struct {
+		in  in
+		out []CveContentStr
+	}{
+		// lang: ja
+		{
+			in: in{
+				lang:  "ja",
+				cveID: "CVE-2017-6074",
+				cont: CveContents{
+					Jvn: {
+						Type:       Jvn,
+						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
+					},
+					RedHat: {
+						Type:       RedHat,
+						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
+					},
+					NvdXML: {
+						Type:       NvdXML,
+						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+					},
+				},
+			},
+			out: []CveContentStr{
+				{
+					Type:  Jvn,
+					Value: "https://jvn.jp/vu/JVNVU93610402/",
+				},
+				{
+					Type:  NvdXML,
+					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+				},
+				{
+					Type:  RedHat,
+					Value: "https://access.redhat.com/security/cve/CVE-2017-6074",
+				},
+			},
+		},
+		// lang: en
+		{
+			in: in{
+				lang:  "en",
+				cveID: "CVE-2017-6074",
+				cont: CveContents{
+					Jvn: {
+						Type:       Jvn,
+						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
+					},
+					RedHat: {
+						Type:       RedHat,
+						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
+					},
+					NvdXML: {
+						Type:       NvdXML,
+						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+					},
+				},
+			},
+			out: []CveContentStr{
+				{
+					Type:  NvdXML,
+					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+				},
+				{
+					Type:  RedHat,
+					Value: "https://access.redhat.com/security/cve/CVE-2017-6074",
+				},
+			},
+		},
+		// lang: empty
+		{
+			in: in{
+				lang:  "en",
+				cveID: "CVE-2017-6074",
+				cont:  CveContents{},
+			},
+			out: []CveContentStr{
+				{
+					Type:  Nvd,
+					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+				},
+			},
+		},
+	}
+	for i, tt := range tests {
+		actual := tt.in.cont.SourceLinks(tt.in.lang, "redhat", tt.in.cveID)
+		if !reflect.DeepEqual(tt.out, actual) {
+			t.Errorf("\n[%d] expected: %v\n  actual: %v\n", i, tt.out, actual)
+		}
+	}
+}
+
+func TestVendorLink(t *testing.T) {
+	type in struct {
+		family string
+		vinfo  VulnInfo
+	}
+	var tests = []struct {
+		in  in
+		out map[string]string
+	}{
+		{
+			in: in{
+				family: "redhat",
+				vinfo: VulnInfo{
+					CveID: "CVE-2017-6074",
+					CveContents: CveContents{
+						Jvn: {
+							Type:       Jvn,
+							SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
+						},
+						RedHat: {
+							Type:       RedHat,
+							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
+						},
+						NvdXML: {
+							Type:       NvdXML,
+							SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
+						},
+					},
+				},
+			},
+			out: map[string]string{
+				"RHEL-CVE": "https://access.redhat.com/security/cve/CVE-2017-6074",
+			},
+		},
+		{
+			in: in{
+				family: "ubuntu",
+				vinfo: VulnInfo{
+					CveID: "CVE-2017-6074",
+					CveContents: CveContents{
+						RedHat: {
+							Type:       Ubuntu,
+							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
+						},
+					},
+				},
+			},
+			out: map[string]string{
+				"Ubuntu-CVE": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074",
+			},
+		},
+	}
+	for _, tt := range tests {
+		actual := tt.in.vinfo.VendorLinks(tt.in.family)
+		for k := range tt.out {
+			if tt.out[k] != actual[k] {
+				t.Errorf("\nexpected: %s\n  actual: %s\n", tt.out[k], actual[k])
+			}
+		}
+	}
+}

models/models.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -17,449 +17,5 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 package models
 
-import (
-	"fmt"
-	"sort"
-	"time"
-
-	"github.com/future-architect/vuls/config"
-	"github.com/future-architect/vuls/cveapi"
-	cve "github.com/kotakanbe/go-cve-dictionary/models"
-)
-
-// ScanHistory is the history of Scanning.
-type ScanHistory struct {
-	ScanResults ScanResults
-}
-
-// ScanResults is slice of ScanResult.
-type ScanResults []ScanResult
-
-// Len implement Sort Interface
-func (s ScanResults) Len() int {
-	return len(s)
-}
-
-// Swap implement Sort Interface
-func (s ScanResults) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-// Less implement Sort Interface
-func (s ScanResults) Less(i, j int) bool {
-	if s[i].ServerName == s[j].ServerName {
-		return s[i].Container.ContainerID < s[i].Container.ContainerID
-	}
-	return s[i].ServerName < s[j].ServerName
-}
-
-// ScanResult has the result of scanned CVE information.
-type ScanResult struct {
-	ScannedAt time.Time
-
-	Lang       string
-	ServerName string // TOML Section key
-	Family     string
-	Release    string
-	Container  Container
-	Platform   Platform
-
-	// Scanned Vulns via SSH + CPE Vulns
-	ScannedCves []VulnInfo
-
-	KnownCves   []CveInfo
-	UnknownCves []CveInfo
-	IgnoredCves []CveInfo
-
-	Packages PackageInfoList
-
-	Optional [][]interface{}
-}
-
-// FillCveDetail fetches CVE detailed information from
-// CVE Database, and then set to fields.
-func (r ScanResult) FillCveDetail() (ScanResult, error) {
-	set := map[string]VulnInfo{}
-	var cveIDs []string
-	for _, v := range r.ScannedCves {
-		set[v.CveID] = v
-		cveIDs = append(cveIDs, v.CveID)
-	}
-
-	ds, err := cveapi.CveClient.FetchCveDetails(cveIDs)
-	if err != nil {
-		return r, err
-	}
-
-	icves := config.Conf.Servers[r.ServerName].IgnoreCves
-
-	var known, unknown, ignored CveInfos
-	for _, d := range ds {
-		cinfo := CveInfo{
-			CveDetail: d,
-			VulnInfo:  set[d.CveID],
-		}
-
-		// ignored
-		found := false
-		for _, icve := range icves {
-			if icve == d.CveID {
-				ignored = append(ignored, cinfo)
-				found = true
-				break
-			}
-		}
-		if found {
-			continue
-		}
-
-		// unknown
-		if d.CvssScore(config.Conf.Lang) <= 0 {
-			unknown = append(unknown, cinfo)
-			continue
-		}
-
-		// known
-		known = append(known, cinfo)
-	}
-	sort.Sort(known)
-	sort.Sort(unknown)
-	sort.Sort(ignored)
-	r.KnownCves = known
-	r.UnknownCves = unknown
-	r.IgnoredCves = ignored
-	return r, nil
-}
-
-// FilterByCvssOver is filter function.
-func (r ScanResult) FilterByCvssOver() ScanResult {
-	cveInfos := []CveInfo{}
-	for _, cveInfo := range r.KnownCves {
-		if config.Conf.CvssScoreOver < cveInfo.CveDetail.CvssScore(config.Conf.Lang) {
-			cveInfos = append(cveInfos, cveInfo)
-		}
-	}
-	r.KnownCves = cveInfos
-	return r
-}
-
-// ReportFileName returns the filename on localhost without extention
-func (r ScanResult) ReportFileName() (name string) {
-	if len(r.Container.ContainerID) == 0 {
-		return fmt.Sprintf("%s", r.ServerName)
-	}
-	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
-}
-
-// ReportKeyName returns the name of key on S3, Azure-Blob without extention
-func (r ScanResult) ReportKeyName() (name string) {
-	timestr := r.ScannedAt.Format(time.RFC3339)
-	if len(r.Container.ContainerID) == 0 {
-		return fmt.Sprintf("%s/%s", timestr, r.ServerName)
-	}
-	return fmt.Sprintf("%s/%s@%s", timestr, r.Container.Name, r.ServerName)
-}
-
-// ServerInfo returns server name one line
-func (r ScanResult) ServerInfo() string {
-	hostinfo := ""
-	if len(r.Container.ContainerID) == 0 {
-		hostinfo = fmt.Sprintf(
-			"%s (%s%s)",
-			r.ServerName,
-			r.Family,
-			r.Release,
-		)
-	} else {
-		hostinfo = fmt.Sprintf(
-			"%s / %s (%s%s) on %s",
-			r.Container.Name,
-			r.Container.ContainerID,
-			r.Family,
-			r.Release,
-			r.ServerName,
-		)
-	}
-	return hostinfo
-}
-
-// ServerInfoTui returns server infromation for TUI sidebar
-func (r ScanResult) ServerInfoTui() string {
-	hostinfo := ""
-	if len(r.Container.ContainerID) == 0 {
-		hostinfo = fmt.Sprintf(
-			"%s (%s%s)",
-			r.ServerName,
-			r.Family,
-			r.Release,
-		)
-	} else {
-		hostinfo = fmt.Sprintf(
-			"|-- %s (%s%s)",
-			r.Container.Name,
-			r.Family,
-			r.Release,
-			//  r.Container.ContainerID,
-		)
-	}
-	return hostinfo
-}
-
-// CveSummary summarize the number of CVEs group by CVSSv2 Severity
-func (r ScanResult) CveSummary() string {
-	var high, medium, low, unknown int
-	cves := append(r.KnownCves, r.UnknownCves...)
-	for _, cveInfo := range cves {
-		score := cveInfo.CveDetail.CvssScore(config.Conf.Lang)
-		switch {
-		case 7.0 <= score:
-			high++
-		case 4.0 <= score:
-			medium++
-		case 0 < score:
-			low++
-		default:
-			unknown++
-		}
-	}
-
-	if config.Conf.IgnoreUnscoredCves {
-		return fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d)",
-			high+medium+low, high, medium, low)
-	}
-	return fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d ?:%d)",
-		high+medium+low+unknown, high, medium, low, unknown)
-}
-
-// AllCves returns Known and Unknown CVEs
-func (r ScanResult) AllCves() []CveInfo {
-	return append(r.KnownCves, r.UnknownCves...)
-}
-
-// NWLink has network link information.
-type NWLink struct {
-	IPAddress string
-	Netmask   string
-	DevName   string
-	LinkState string
-}
-
-// VulnInfos is VulnInfo list, getter/setter, sortable methods.
-type VulnInfos []VulnInfo
-
-// VulnInfo holds a vulnerability information and unsecure packages
-type VulnInfo struct {
-	CveID            string
-	Packages         PackageInfoList
-	DistroAdvisories []DistroAdvisory // for Aamazon, RHEL, FreeBSD
-	CpeNames         []string
-}
-
-// FindByCveID find by CVEID
-func (s VulnInfos) FindByCveID(cveID string) (VulnInfo, bool) {
-	for _, p := range s {
-		if cveID == p.CveID {
-			return p, true
-		}
-	}
-	return VulnInfo{CveID: cveID}, false
-}
-
-// immutable
-func (s VulnInfos) set(cveID string, v VulnInfo) VulnInfos {
-	for i, p := range s {
-		if cveID == p.CveID {
-			s[i] = v
-			return s
-		}
-	}
-	return append(s, v)
-}
-
-// Len implement Sort Interface
-func (s VulnInfos) Len() int {
-	return len(s)
-}
-
-// Swap implement Sort Interface
-func (s VulnInfos) Swap(i, j int) {
-	s[i], s[j] = s[j], s[i]
-}
-
-// Less implement Sort Interface
-func (s VulnInfos) Less(i, j int) bool {
-	return s[i].CveID < s[j].CveID
-}
-
-// CveInfos is for sorting
-type CveInfos []CveInfo
-
-func (c CveInfos) Len() int {
-	return len(c)
-}
-
-func (c CveInfos) Swap(i, j int) {
-	c[i], c[j] = c[j], c[i]
-}
-
-func (c CveInfos) Less(i, j int) bool {
-	lang := config.Conf.Lang
-	if c[i].CveDetail.CvssScore(lang) == c[j].CveDetail.CvssScore(lang) {
-		return c[i].CveDetail.CveID < c[j].CveDetail.CveID
-	}
-	return c[j].CveDetail.CvssScore(lang) < c[i].CveDetail.CvssScore(lang)
-}
-
-// CveInfo has Cve Information.
-type CveInfo struct {
-	CveDetail cve.CveDetail
-	VulnInfo
-}
-
-// PackageInfoList is slice of PackageInfo
-type PackageInfoList []PackageInfo
-
-// Exists returns true if exists the name
-func (ps PackageInfoList) Exists(name string) bool {
-	for _, p := range ps {
-		if p.Name == name {
-			return true
-		}
-	}
-	return false
-}
-
-// UniqByName be uniq by name.
-func (ps PackageInfoList) UniqByName() (distincted PackageInfoList) {
-	set := make(map[string]PackageInfo)
-	for _, p := range ps {
-		set[p.Name] = p
-	}
-	//sort by key
-	keys := []string{}
-	for key := range set {
-		keys = append(keys, key)
-	}
-	sort.Strings(keys)
-	for _, key := range keys {
-		distincted = append(distincted, set[key])
-	}
-	return
-}
-
-// FindByName search PackageInfo by name
-func (ps PackageInfoList) FindByName(name string) (result PackageInfo, found bool) {
-	for _, p := range ps {
-		if p.Name == name {
-			return p, true
-		}
-	}
-	return PackageInfo{}, false
-}
-
-// MergeNewVersion merges candidate version information to the receiver struct
-func (ps PackageInfoList) MergeNewVersion(as PackageInfoList) {
-	for _, a := range as {
-		for i, p := range ps {
-			if p.Name == a.Name {
-				ps[i].NewVersion = a.NewVersion
-				ps[i].NewRelease = a.NewRelease
-			}
-		}
-	}
-}
-
-func (ps PackageInfoList) countUpdatablePacks() int {
-	count := 0
-	for _, p := range ps {
-		if len(p.NewVersion) != 0 {
-			count++
-		}
-	}
-	return count
-}
-
-// ToUpdatablePacksSummary returns a summary of updatable packages
-func (ps PackageInfoList) ToUpdatablePacksSummary() string {
-	return fmt.Sprintf("%d updatable packages",
-		ps.countUpdatablePacks())
-}
-
-// Find search PackageInfo by name-version-release
-//  func (ps PackageInfoList) find(nameVersionRelease string) (PackageInfo, bool) {
-//      for _, p := range ps {
-//          joined := p.Name
-//          if 0 < len(p.Version) {
-//              joined = fmt.Sprintf("%s-%s", joined, p.Version)
-//          }
-//          if 0 < len(p.Release) {
-//              joined = fmt.Sprintf("%s-%s", joined, p.Release)
-//          }
-//          if joined == nameVersionRelease {
-//              return p, true
-//          }
-//      }
-//      return PackageInfo{}, false
-//  }
-
-// PackageInfosByName implements sort.Interface for []PackageInfo based on
-// the Name field.
-type PackageInfosByName []PackageInfo
-
-func (a PackageInfosByName) Len() int           { return len(a) }
-func (a PackageInfosByName) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a PackageInfosByName) Less(i, j int) bool { return a[i].Name < a[j].Name }
-
-// PackageInfo has installed packages.
-type PackageInfo struct {
-	Name       string
-	Version    string
-	Release    string
-	NewVersion string
-	NewRelease string
-	Repository string
-}
-
-// ToStringCurrentVersion returns package name-version-release
-func (p PackageInfo) ToStringCurrentVersion() string {
-	str := p.Name
-	if 0 < len(p.Version) {
-		str = fmt.Sprintf("%s-%s", str, p.Version)
-	}
-	if 0 < len(p.Release) {
-		str = fmt.Sprintf("%s-%s", str, p.Release)
-	}
-	return str
-}
-
-// ToStringNewVersion returns package name-version-release
-func (p PackageInfo) ToStringNewVersion() string {
-	str := p.Name
-	if 0 < len(p.NewVersion) {
-		str = fmt.Sprintf("%s-%s", str, p.NewVersion)
-	}
-	if 0 < len(p.NewRelease) {
-		str = fmt.Sprintf("%s-%s", str, p.NewRelease)
-	}
-	return str
-}
-
-// DistroAdvisory has Amazon Linux, RHEL, FreeBSD Security Advisory information.
-type DistroAdvisory struct {
-	AdvisoryID string
-	Severity   string
-	Issued     time.Time
-	Updated    time.Time
-}
-
-// Container has Container information
-type Container struct {
-	ContainerID string
-	Name        string
-}
-
-// Platform has platform information
-type Platform struct {
-	Name       string // aws or azure or gcp or other...
-	InstanceID string
-}
+// JSONVersion is JSON Version
+const JSONVersion = 4

models/models_test.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -16,122 +16,3 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 package models
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/k0kubun/pp"
-)
-
-func TestPackageInfoListUniqByName(t *testing.T) {
-	var test = struct {
-		in  PackageInfoList
-		out PackageInfoList
-	}{
-		PackageInfoList{
-			{
-				Name: "hoge",
-			},
-			{
-				Name: "fuga",
-			},
-			{
-				Name: "hoge",
-			},
-		},
-		PackageInfoList{
-			{
-				Name: "hoge",
-			},
-			{
-				Name: "fuga",
-			},
-		},
-	}
-
-	actual := test.in.UniqByName()
-	for i, ePack := range test.out {
-		if actual[i].Name == ePack.Name {
-			t.Errorf("expected %#v, actual %#v", ePack.Name, actual[i].Name)
-		}
-	}
-}
-
-func TestMergeNewVersion(t *testing.T) {
-	var test = struct {
-		a        PackageInfoList
-		b        PackageInfoList
-		expected PackageInfoList
-	}{
-		PackageInfoList{
-			{
-				Name: "hoge",
-			},
-		},
-		PackageInfoList{
-			{
-				Name:       "hoge",
-				NewVersion: "1.0.0",
-				NewRelease: "release1",
-			},
-		},
-		PackageInfoList{
-			{
-				Name:       "hoge",
-				NewVersion: "1.0.0",
-				NewRelease: "release1",
-			},
-		},
-	}
-
-	test.a.MergeNewVersion(test.b)
-	if !reflect.DeepEqual(test.a, test.expected) {
-		e := pp.Sprintf("%v", test.a)
-		a := pp.Sprintf("%v", test.expected)
-		t.Errorf("expected %s, actual %s", e, a)
-	}
-}
-func TestVulnInfosSetGet(t *testing.T) {
-	var test = struct {
-		in  []string
-		out []string
-	}{
-		[]string{
-			"CVE1",
-			"CVE2",
-			"CVE3",
-			"CVE1",
-			"CVE1",
-			"CVE2",
-			"CVE3",
-		},
-		[]string{
-			"CVE1",
-			"CVE2",
-			"CVE3",
-		},
-	}
-
-	//  var ps packageCveInfos
-	var ps VulnInfos
-	for _, cid := range test.in {
-		ps = ps.set(cid, VulnInfo{CveID: cid})
-	}
-
-	if len(test.out) != len(ps) {
-		t.Errorf("length: expected %d, actual %d", len(test.out), len(ps))
-	}
-
-	for i, expectedCid := range test.out {
-		if expectedCid != ps[i].CveID {
-			t.Errorf("expected %s, actual %s", expectedCid, ps[i].CveID)
-		}
-	}
-	for _, cid := range test.in {
-		p, _ := ps.FindByCveID(cid)
-		if p.CveID != cid {
-			t.Errorf("expected %s, actual %s", cid, p.CveID)
-		}
-	}
-}

models/packages.go

@@ -0,0 +1,237 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+)
+
+// Packages is Map of Package
+// { "package-name": Package }
+type Packages map[string]Package
+
+// NewPackages create Packages
+func NewPackages(packs ...Package) Packages {
+	m := Packages{}
+	for _, pack := range packs {
+		m[pack.Name] = pack
+	}
+	return m
+}
+
+// MergeNewVersion merges candidate version information to the receiver struct
+func (ps Packages) MergeNewVersion(as Packages) {
+	for name, pack := range ps {
+		pack.NewVersion = pack.Version
+		pack.NewRelease = pack.Release
+		ps[name] = pack
+	}
+
+	for _, a := range as {
+		if pack, ok := ps[a.Name]; ok {
+			pack.NewVersion = a.NewVersion
+			pack.NewRelease = a.NewRelease
+			pack.Repository = a.Repository
+			ps[a.Name] = pack
+		}
+	}
+}
+
+// Merge returns merged map (immutable)
+func (ps Packages) Merge(other Packages) Packages {
+	merged := Packages{}
+	for k, v := range ps {
+		merged[k] = v
+	}
+	for k, v := range other {
+		merged[k] = v
+	}
+	return merged
+}
+
+// FindOne search a element
+func (ps Packages) FindOne(f func(Package) bool) (string, Package, bool) {
+	for key, p := range ps {
+		if f(p) {
+			return key, p, true
+		}
+	}
+	return "", Package{}, false
+}
+
+// FindByFQPN search a package by Fully-Qualified-Package-Name
+func (ps Packages) FindByFQPN(nameVerRelArc string) (*Package, error) {
+	for _, p := range ps {
+		if nameVerRelArc == p.FQPN() {
+			return &p, nil
+		}
+	}
+	return nil, fmt.Errorf("Failed to find the package: %s", nameVerRelArc)
+}
+
+// Package has installed binary packages.
+type Package struct {
+	Name             string               `json:"name"`
+	Version          string               `json:"version"`
+	Release          string               `json:"release"`
+	NewVersion       string               `json:"newVersion"`
+	NewRelease       string               `json:"newRelease"`
+	Arch             string               `json:"arch"`
+	Repository       string               `json:"repository"`
+	Changelog        Changelog            `json:"changelog"`
+	AffectedProcs    []AffectedProcess    `json:",omitempty"`
+	NeedRestartProcs []NeedRestartProcess `json:",omitempty"`
+}
+
+// FQPN returns Fully-Qualified-Package-Name
+// name-version-release.arch
+func (p Package) FQPN() string {
+	fqpn := p.Name
+	if p.Version != "" {
+		fqpn += fmt.Sprintf("-%s", p.Version)
+	}
+	if p.Release != "" {
+		fqpn += fmt.Sprintf("-%s", p.Release)
+	}
+	if p.Arch != "" {
+		fqpn += fmt.Sprintf(".%s", p.Arch)
+	}
+	return fqpn
+}
+
+// FormatVer returns package version-release
+func (p Package) FormatVer() string {
+	ver := p.Version
+	if 0 < len(p.Release) {
+		ver = fmt.Sprintf("%s-%s", ver, p.Release)
+	}
+	return ver
+}
+
+// FormatNewVer returns package version-release
+func (p Package) FormatNewVer() string {
+	ver := p.NewVersion
+	if 0 < len(p.NewRelease) {
+		ver = fmt.Sprintf("%s-%s", ver, p.NewRelease)
+	}
+	return ver
+}
+
+// FormatVersionFromTo formats installed and new package version
+func (p Package) FormatVersionFromTo(notFixedYet bool, status string) string {
+	to := p.FormatNewVer()
+	if notFixedYet {
+		if status != "" {
+			to = status
+		} else {
+			to = "Not Fixed Yet"
+		}
+	} else if p.NewVersion == "" {
+		to = "Unknown"
+	}
+	return fmt.Sprintf("%s-%s -> %s", p.Name, p.FormatVer(), to)
+}
+
+// FormatChangelog formats the changelog
+func (p Package) FormatChangelog() string {
+	buf := []string{}
+	packVer := fmt.Sprintf("%s-%s -> %s",
+		p.Name, p.FormatVer(), p.FormatNewVer())
+	var delim bytes.Buffer
+	for i := 0; i < len(packVer); i++ {
+		delim.WriteString("-")
+	}
+
+	clog := p.Changelog.Contents
+	if lines := strings.Split(clog, "\n"); len(lines) != 0 {
+		clog = strings.Join(lines[0:len(lines)-1], "\n")
+	}
+
+	switch p.Changelog.Method {
+	case FailedToGetChangelog:
+		clog = "No changelogs"
+	case FailedToFindVersionInChangelog:
+		clog = "Failed to parse changelogs. For details, check yourself"
+	}
+	buf = append(buf, packVer, delim.String(), clog)
+	return strings.Join(buf, "\n")
+}
+
+// Changelog has contents of changelog and how to get it.
+// Method: models.detectionMethodStr
+type Changelog struct {
+	Contents string          `json:"contents"`
+	Method   DetectionMethod `json:"method"`
+}
+
+// AffectedProcess keep a processes information affected by software update
+type AffectedProcess struct {
+	PID  string `json:"pid"`
+	Name string `json:"name"`
+}
+
+// NeedRestartProcess keep a processes information affected by software update
+type NeedRestartProcess struct {
+	PID         string `json:"pid"`
+	Path        string `json:"path"`
+	ServiceName string `json:"serviceName"`
+	InitSystem  string `json:"initSystem"`
+	HasInit     bool   `json:"-"`
+}
+
+// SrcPackage has installed source package information.
+// Debian based Linux has both of package and source information in dpkg.
+// OVAL database often includes a source version (Not a binary version),
+// so it is also needed to capture source version for OVAL version comparison.
+// https://github.com/future-architect/vuls/issues/504
+type SrcPackage struct {
+	Name        string   `json:"name"`
+	Version     string   `json:"version"`
+	BinaryNames []string `json:"binaryNames"`
+}
+
+// AddBinaryName add the name if not exists
+func (s *SrcPackage) AddBinaryName(name string) {
+	found := false
+	for _, n := range s.BinaryNames {
+		if n == name {
+			return
+		}
+	}
+	if !found {
+		s.BinaryNames = append(s.BinaryNames, name)
+	}
+}
+
+// SrcPackages is Map of SrcPackage
+// { "package-name": SrcPackage }
+type SrcPackages map[string]SrcPackage
+
+// FindByBinName finds by bin-package-name
+func (s SrcPackages) FindByBinName(name string) (*SrcPackage, bool) {
+	for _, p := range s {
+		for _, binName := range p.BinaryNames {
+			if binName == name {
+				return &p, true
+			}
+		}
+	}
+	return nil, false
+}

models/packages_test.go

@@ -0,0 +1,193 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package models
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/k0kubun/pp"
+)
+
+func TestMergeNewVersion(t *testing.T) {
+	var test = struct {
+		a        Packages
+		b        Packages
+		expected Packages
+	}{
+		Packages{
+			"hoge": {
+				Name: "hoge",
+			},
+		},
+		Packages{
+			"hoge": {
+				Name:       "hoge",
+				NewVersion: "1.0.0",
+				NewRelease: "release1",
+			},
+		},
+		Packages{
+			"hoge": {
+				Name:       "hoge",
+				NewVersion: "1.0.0",
+				NewRelease: "release1",
+			},
+		},
+	}
+
+	test.a.MergeNewVersion(test.b)
+	if !reflect.DeepEqual(test.a, test.expected) {
+		e := pp.Sprintf("%v", test.a)
+		a := pp.Sprintf("%v", test.expected)
+		t.Errorf("expected %s, actual %s", e, a)
+	}
+}
+
+func TestMerge(t *testing.T) {
+	var test = struct {
+		a        Packages
+		b        Packages
+		expected Packages
+	}{
+		Packages{
+			"hoge": {Name: "hoge"},
+			"fuga": {Name: "fuga"},
+		},
+		Packages{
+			"hega": {Name: "hega"},
+			"hage": {Name: "hage"},
+		},
+		Packages{
+			"hoge": {Name: "hoge"},
+			"fuga": {Name: "fuga"},
+			"hega": {Name: "hega"},
+			"hage": {Name: "hage"},
+		},
+	}
+
+	actual := test.a.Merge(test.b)
+	if !reflect.DeepEqual(actual, test.expected) {
+		e := pp.Sprintf("%v", test.expected)
+		a := pp.Sprintf("%v", actual)
+		t.Errorf("expected %s, actual %s", e, a)
+	}
+}
+
+func TestAddBinaryName(t *testing.T) {
+	var tests = []struct {
+		in       SrcPackage
+		name     string
+		expected SrcPackage
+	}{
+		{
+			SrcPackage{Name: "hoge"},
+			"curl",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+		},
+		{
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+			"curl",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+		},
+		{
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+			"openssh",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl", "openssh"},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		tt.in.AddBinaryName(tt.name)
+		if !reflect.DeepEqual(tt.in, tt.expected) {
+			t.Errorf("expected %#v, actual %#v", tt.in, tt.expected)
+		}
+	}
+}
+
+func TestFindByBinName(t *testing.T) {
+	var tests = []struct {
+		in       SrcPackages
+		name     string
+		expected *SrcPackage
+		ok       bool
+	}{
+		{
+			in: map[string]SrcPackage{
+				"packA": {
+					Name:        "srcA",
+					BinaryNames: []string{"binA"},
+					Version:     "1.0.0",
+				},
+				"packB": {
+					Name:        "srcB",
+					BinaryNames: []string{"binB"},
+					Version:     "2.0.0",
+				},
+			},
+			name: "binA",
+			expected: &SrcPackage{
+				Name:        "srcA",
+				BinaryNames: []string{"binA"},
+				Version:     "1.0.0",
+			},
+			ok: true,
+		},
+		{
+			in: map[string]SrcPackage{
+				"packA": {
+					Name:        "srcA",
+					BinaryNames: []string{"binA"},
+					Version:     "1.0.0",
+				},
+				"packB": {
+					Name:        "srcB",
+					BinaryNames: []string{"binB"},
+					Version:     "2.0.0",
+				},
+			},
+			name:     "nobin",
+			expected: nil,
+			ok:       false,
+		},
+	}
+
+	for i, tt := range tests {
+		act, ok := tt.in.FindByBinName(tt.name)
+		if ok != tt.ok {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.in, tt.expected)
+		}
+		if act != nil && !reflect.DeepEqual(*tt.expected, *act) {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.in, tt.expected)
+		}
+	}
+}

models/scanresults.go

@@ -0,0 +1,397 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"bytes"
+	"fmt"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/cwe"
+	"github.com/future-architect/vuls/util"
+)
+
+// ScanResults is a slide of ScanResult
+type ScanResults []ScanResult
+
+// ScanResult has the result of scanned CVE information.
+type ScanResult struct {
+	JSONVersion      int                    `json:"jsonVersion"`
+	Lang             string                 `json:"lang"`
+	ServerUUID       string                 `json:"serverUUID"`
+	ServerName       string                 `json:"serverName"` // TOML Section key
+	Family           string                 `json:"family"`
+	Release          string                 `json:"release"`
+	Container        Container              `json:"container"`
+	Platform         Platform               `json:"platform"`
+	IPv4Addrs        []string               `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPv6Addrs        []string               `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	ScannedAt        time.Time              `json:"scannedAt"`
+	ScannedVersion   string                 `json:"scannedVersion"`
+	ScannedRevision  string                 `json:"scannedRevision"`
+	ScannedBy        string                 `json:"scannedBy"`
+	ReportedAt       time.Time              `json:"reportedAt"`
+	ReportedVersion  string                 `json:"reportedVersion"`
+	ReportedRevision string                 `json:"reportedRevision"`
+	ReportedBy       string                 `json:"reportedBy"`
+	ScannedCves      VulnInfos              `json:"scannedCves"`
+	RunningKernel    Kernel                 `json:"runningKernel"`
+	Packages         Packages               `json:"packages"`
+	CweDict          CweDict                `json:"cweDict"`
+	Optional         map[string]interface{} `json:",omitempty"`
+	SrcPackages      SrcPackages            `json:",omitempty"`
+	Errors           []string               `json:"errors"`
+	Config           struct {
+		Scan   config.Config `json:"scan"`
+		Report config.Config `json:"report"`
+	} `json:"config"`
+}
+
+// CweDict is a dictionary for CWE
+type CweDict map[string]CweDictEntry
+
+// Get the name, url, top10URL for the specified cweID, lang
+func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string) {
+	cweNum := strings.TrimPrefix(cweID, "CWE-")
+	switch config.Conf.Lang {
+	case "ja":
+		if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" {
+			top10Rank = dict.OwaspTopTen2017
+			top10URL = cwe.OwaspTopTen2017GitHubURLJa[dict.OwaspTopTen2017]
+		}
+		if dict, ok := cwe.CweDictJa[cweNum]; ok {
+			name = dict.Name
+			url = fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID)
+		} else {
+			if dict, ok := cwe.CweDictEn[cweNum]; ok {
+				name = dict.Name
+			}
+			url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID)
+		}
+	default:
+		if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" {
+			top10Rank = dict.OwaspTopTen2017
+			top10URL = cwe.OwaspTopTen2017GitHubURLEn[dict.OwaspTopTen2017]
+		}
+		url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID)
+		if dict, ok := cwe.CweDictEn[cweNum]; ok {
+			name = dict.Name
+		}
+	}
+	return
+}
+
+// CweDictEntry is a entry of CWE
+type CweDictEntry struct {
+	En              *cwe.Cwe `json:"en,omitempty"`
+	Ja              *cwe.Cwe `json:"ja,omitempty"`
+	OwaspTopTen2017 string   `json:"owaspTopTen2017"`
+}
+
+// Kernel has the Release, version and whether need restart
+type Kernel struct {
+	Release        string `json:"release"`
+	Version        string `json:"version"`
+	RebootRequired bool   `json:"rebootRequired"`
+}
+
+// FilterByCvssOver is filter function.
+func (r ScanResult) FilterByCvssOver(over float64) ScanResult {
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		v2Max := v.MaxCvss2Score()
+		v3Max := v.MaxCvss3Score()
+		max := v2Max.Value.Score
+		if max < v3Max.Value.Score {
+			max = v3Max.Value.Score
+		}
+		if over <= max {
+			return true
+		}
+		return false
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// FilterIgnoreCves is filter function.
+func (r ScanResult) FilterIgnoreCves() ScanResult {
+
+	ignoreCves := []string{}
+	if len(r.Container.Name) == 0 {
+		ignoreCves = config.Conf.Servers[r.ServerName].IgnoreCves
+	} else {
+		if s, ok := config.Conf.Servers[r.ServerName]; ok {
+			if con, ok := s.Containers[r.Container.Name]; ok {
+				ignoreCves = con.IgnoreCves
+			} else {
+				util.Log.Errorf("%s is not found in config.toml",
+					r.Container.Name)
+				return r
+			}
+		} else {
+			util.Log.Errorf("%s is not found in config.toml",
+				r.ServerName)
+			return r
+		}
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		for _, c := range ignoreCves {
+			if v.CveID == c {
+				return false
+			}
+		}
+		return true
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// FilterUnfixed is filter function.
+func (r ScanResult) FilterUnfixed() ScanResult {
+	if !config.Conf.IgnoreUnfixed {
+		return r
+	}
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		NotFixedAll := true
+		for _, p := range v.AffectedPackages {
+			NotFixedAll = NotFixedAll && p.NotFixedYet
+		}
+		return !NotFixedAll
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// FilterIgnorePkgs is filter function.
+func (r ScanResult) FilterIgnorePkgs() ScanResult {
+	ignorePkgsRegexps := []string{}
+	if len(r.Container.Name) == 0 {
+		ignorePkgsRegexps = config.Conf.Servers[r.ServerName].IgnorePkgsRegexp
+	} else {
+		if s, ok := config.Conf.Servers[r.ServerName]; ok {
+			if con, ok := s.Containers[r.Container.Name]; ok {
+				ignorePkgsRegexps = con.IgnorePkgsRegexp
+			} else {
+				util.Log.Errorf("%s is not found in config.toml",
+					r.Container.Name)
+				return r
+			}
+		} else {
+			util.Log.Errorf("%s is not found in config.toml",
+				r.ServerName)
+			return r
+		}
+	}
+
+	regexps := []*regexp.Regexp{}
+	for _, pkgRegexp := range ignorePkgsRegexps {
+		re, err := regexp.Compile(pkgRegexp)
+		if err != nil {
+			util.Log.Errorf("Faild to parse %s, %s", pkgRegexp, err)
+			continue
+		} else {
+			regexps = append(regexps, re)
+		}
+	}
+	if len(regexps) == 0 {
+		return r
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		if len(v.AffectedPackages) == 0 {
+			return true
+		}
+		for _, p := range v.AffectedPackages {
+			match := false
+			for _, re := range regexps {
+				if re.MatchString(p.Name) {
+					match = true
+				}
+			}
+			if !match {
+				return true
+			}
+		}
+		return false
+	})
+
+	r.ScannedCves = filtered
+	return r
+}
+
+// ReportFileName returns the filename on localhost without extention
+func (r ScanResult) ReportFileName() (name string) {
+	if len(r.Container.ContainerID) == 0 {
+		return fmt.Sprintf("%s", r.ServerName)
+	}
+	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
+}
+
+// ReportKeyName returns the name of key on S3, Azure-Blob without extention
+func (r ScanResult) ReportKeyName() (name string) {
+	timestr := r.ScannedAt.Format(time.RFC3339)
+	if len(r.Container.ContainerID) == 0 {
+		return fmt.Sprintf("%s/%s", timestr, r.ServerName)
+	}
+	return fmt.Sprintf("%s/%s@%s", timestr, r.Container.Name, r.ServerName)
+}
+
+// ServerInfo returns server name one line
+func (r ScanResult) ServerInfo() string {
+	if len(r.Container.ContainerID) == 0 {
+		return fmt.Sprintf("%s (%s%s)",
+			r.FormatServerName(), r.Family, r.Release)
+	}
+	return fmt.Sprintf(
+		"%s (%s%s) on %s",
+		r.FormatServerName(),
+		r.Family,
+		r.Release,
+		r.ServerName,
+	)
+}
+
+// ServerInfoTui returns server information for TUI sidebar
+func (r ScanResult) ServerInfoTui() string {
+	if len(r.Container.ContainerID) == 0 {
+		line := fmt.Sprintf("%s (%s%s)",
+			r.ServerName, r.Family, r.Release)
+		if r.RunningKernel.RebootRequired {
+			return "[Reboot] " + line
+		}
+		return line
+	}
+
+	fmtstr := "|-- %s (%s%s)"
+	if r.RunningKernel.RebootRequired {
+		fmtstr = "|-- [Reboot] %s (%s%s)"
+	}
+	return fmt.Sprintf(fmtstr, r.Container.Name, r.Family, r.Release)
+}
+
+// FormatServerName returns server and container name
+func (r ScanResult) FormatServerName() (name string) {
+	if len(r.Container.ContainerID) == 0 {
+		name = r.ServerName
+	} else {
+		name = fmt.Sprintf("%s@%s",
+			r.Container.Name, r.ServerName)
+	}
+	if r.RunningKernel.RebootRequired {
+		name = "[Reboot Required] " + name
+	}
+	return
+}
+
+// FormatTextReportHeadedr returns header of text report
+func (r ScanResult) FormatTextReportHeadedr() string {
+	var buf bytes.Buffer
+	for i := 0; i < len(r.ServerInfo()); i++ {
+		buf.WriteString("=")
+	}
+
+	return fmt.Sprintf("%s\n%s\n%s, %s, %s\n",
+		r.ServerInfo(),
+		buf.String(),
+		r.ScannedCves.FormatCveSummary(),
+		r.ScannedCves.FormatFixedStatus(r.Packages),
+		r.FormatUpdatablePacksSummary(),
+	)
+}
+
+// FormatUpdatablePacksSummary returns a summary of updatable packages
+func (r ScanResult) FormatUpdatablePacksSummary() string {
+	if !r.isDisplayUpdatableNum() {
+		return fmt.Sprintf("%d installed", len(r.Packages))
+	}
+
+	nUpdatable := 0
+	for _, p := range r.Packages {
+		if p.NewVersion == "" {
+			continue
+		}
+		if p.Version != p.NewVersion || p.Release != p.NewRelease {
+			nUpdatable++
+		}
+	}
+	return fmt.Sprintf("%d installed, %d updatable",
+		len(r.Packages),
+		nUpdatable)
+}
+
+func (r ScanResult) isDisplayUpdatableNum() bool {
+	var mode config.ScanMode
+	s, _ := config.Conf.Servers[r.ServerName]
+	mode = s.Mode
+
+	if mode.IsOffline() {
+		return false
+	}
+	if mode.IsFastRoot() || mode.IsDeep() {
+		return true
+	}
+	if mode.IsFast() {
+		switch r.Family {
+		case config.RedHat,
+			config.Oracle,
+			config.Debian,
+			config.Ubuntu,
+			config.Raspbian:
+			return false
+		default:
+			return true
+		}
+	}
+	return false
+}
+
+// IsContainer returns whether this ServerInfo is about container
+func (r ScanResult) IsContainer() bool {
+	return 0 < len(r.Container.ContainerID)
+}
+
+// IsDeepScanMode checks if the scan mode is deep scan mode.
+func (r ScanResult) IsDeepScanMode() bool {
+	for _, s := range r.Config.Scan.Servers {
+		for _, m := range s.ScanMode {
+			if m == "deep" {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// Container has Container information
+type Container struct {
+	ContainerID string `json:"containerID"`
+	Name        string `json:"name"`
+	Image       string `json:"image"`
+	Type        string `json:"type"`
+	UUID        string `json:"uuid"`
+}
+
+// Platform has platform information
+type Platform struct {
+	Name       string `json:"name"` // aws or azure or gcp or other...
+	InstanceID string `json:"instanceID"`
+}

models/scanresults_test.go

@@ -0,0 +1,738 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package models
+
+import (
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/k0kubun/pp"
+)
+
+func TestFilterByCvssOver(t *testing.T) {
+	type in struct {
+		over float64
+		rs   ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				over: 7.0,
+				rs: ScanResult{
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:         NvdXML,
+									CveID:        "CVE-2017-0001",
+									Cvss2Score:   7.1,
+									LastModified: time.Time{},
+								},
+							),
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:         NvdXML,
+									CveID:        "CVE-2017-0002",
+									Cvss2Score:   6.9,
+									LastModified: time.Time{},
+								},
+							),
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:         NvdXML,
+									CveID:        "CVE-2017-0003",
+									Cvss2Score:   6.9,
+									LastModified: time.Time{},
+								},
+								CveContent{
+									Type:         Jvn,
+									CveID:        "CVE-2017-0003",
+									Cvss2Score:   7.2,
+									LastModified: time.Time{},
+								},
+							),
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:         NvdXML,
+								CveID:        "CVE-2017-0001",
+								Cvss2Score:   7.1,
+								LastModified: time.Time{},
+							},
+						),
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:         NvdXML,
+								CveID:        "CVE-2017-0003",
+								Cvss2Score:   6.9,
+								LastModified: time.Time{},
+							},
+							CveContent{
+								Type:         Jvn,
+								CveID:        "CVE-2017-0003",
+								Cvss2Score:   7.2,
+								LastModified: time.Time{},
+							},
+						),
+					},
+				},
+			},
+		},
+		// OVAL Severity
+		{
+			in: in{
+				over: 7.0,
+				rs: ScanResult{
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:          Ubuntu,
+									CveID:         "CVE-2017-0001",
+									Cvss2Severity: "HIGH",
+									LastModified:  time.Time{},
+								},
+							),
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:          RedHat,
+									CveID:         "CVE-2017-0002",
+									Cvss2Severity: "CRITICAL",
+									LastModified:  time.Time{},
+								},
+							),
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+							CveContents: NewCveContents(
+								CveContent{
+									Type:          Oracle,
+									CveID:         "CVE-2017-0003",
+									Cvss2Severity: "IMPORTANT",
+									LastModified:  time.Time{},
+								},
+							),
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:          Ubuntu,
+								CveID:         "CVE-2017-0001",
+								Cvss2Severity: "HIGH",
+								LastModified:  time.Time{},
+							},
+						),
+					},
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:          RedHat,
+								CveID:         "CVE-2017-0002",
+								Cvss2Severity: "CRITICAL",
+								LastModified:  time.Time{},
+							},
+						),
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						CveContents: NewCveContents(
+							CveContent{
+								Type:          Oracle,
+								CveID:         "CVE-2017-0003",
+								Cvss2Severity: "IMPORTANT",
+								LastModified:  time.Time{},
+							},
+						),
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		actual := tt.in.rs.FilterByCvssOver(tt.in.over)
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+func TestFilterIgnoreCveIDs(t *testing.T) {
+	type in struct {
+		cves []string
+		rs   ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				cves: []string{"CVE-2017-0002"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {IgnoreCves: tt.in.cves},
+		}
+		actual := tt.in.rs.FilterIgnoreCves()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterIgnoreCveIDsContainer(t *testing.T) {
+	type in struct {
+		cves []string
+		rs   ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				cves: []string{"CVE-2017-0002"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {
+				Containers: map[string]config.ContainerSetting{
+					"dockerA": {
+						IgnoreCves: tt.in.cves,
+					},
+				},
+			},
+		}
+		actual := tt.in.rs.FilterIgnoreCves()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterUnfixed(t *testing.T) {
+	var tests = []struct {
+		in  ScanResult
+		out ScanResult
+	}{
+		{
+			in: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "a",
+								NotFixedYet: true,
+							},
+						},
+					},
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "b",
+								NotFixedYet: false,
+							},
+						},
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "c",
+								NotFixedYet: true,
+							},
+							{
+								Name:        "d",
+								NotFixedYet: false,
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "b",
+								NotFixedYet: false,
+							},
+						},
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						AffectedPackages: PackageStatuses{
+							{
+								Name:        "c",
+								NotFixedYet: true,
+							},
+							{
+								Name:        "d",
+								NotFixedYet: false,
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	for i, tt := range tests {
+		config.Conf.IgnoreUnfixed = true
+		actual := tt.in.FilterUnfixed()
+		if !reflect.DeepEqual(tt.out.ScannedCves, actual.ScannedCves) {
+			o := pp.Sprintf("%v", tt.out.ScannedCves)
+			a := pp.Sprintf("%v", actual.ScannedCves)
+			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, o, a)
+		}
+	}
+}
+
+func TestFilterIgnorePkgs(t *testing.T) {
+	type in struct {
+		ignorePkgsRegexp []string
+		rs               ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+							},
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageStatuses{
+							{Name: "kernel"},
+							{Name: "vim"},
+						},
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel", "^vim", "^bind"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName:  "name",
+				ScannedCves: VulnInfos{},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {IgnorePkgsRegexp: tt.in.ignorePkgsRegexp},
+		}
+		actual := tt.in.rs.FilterIgnorePkgs()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterIgnorePkgsContainer(t *testing.T) {
+	type in struct {
+		ignorePkgsRegexp []string
+		rs               ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+							},
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageStatuses{
+							{Name: "kernel"},
+							{Name: "vim"},
+						},
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel", "^vim", "^bind"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName:  "name",
+				Container:   Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {
+				Containers: map[string]config.ContainerSetting{
+					"dockerA": {
+						IgnorePkgsRegexp: tt.in.ignorePkgsRegexp,
+					},
+				},
+			},
+		}
+		actual := tt.in.rs.FilterIgnorePkgs()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestIsDisplayUpdatableNum(t *testing.T) {
+	var tests = []struct {
+		mode     []byte
+		family   string
+		expected bool
+	}{
+		{
+			mode:     []byte{config.Offline},
+			expected: false,
+		},
+		{
+			mode:     []byte{config.FastRoot},
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Deep},
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.RedHat,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Oracle,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Debian,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Ubuntu,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Raspbian,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.CentOS,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Amazon,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.FreeBSD,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.OpenSUSE,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Alpine,
+			expected: true,
+		},
+	}
+
+	for i, tt := range tests {
+		mode := config.ScanMode{}
+		for _, m := range tt.mode {
+			mode.Set(m)
+		}
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {Mode: mode},
+		}
+		r := ScanResult{
+			ServerName: "name",
+			Family:     tt.family,
+		}
+		act := r.isDisplayUpdatableNum()
+		if tt.expected != act {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.expected, act)
+		}
+	}
+}

models/utils.go

@@ -0,0 +1,156 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"strings"
+
+	cvedict "github.com/kotakanbe/go-cve-dictionary/models"
+)
+
+// ConvertNvdXMLToModel convert NVD to CveContent
+func ConvertNvdXMLToModel(cveID string, nvd *cvedict.NvdXML) *CveContent {
+	if nvd == nil {
+		return nil
+	}
+	var cpes []Cpe
+	for _, c := range nvd.Cpes {
+		cpes = append(cpes, Cpe{
+			FormattedString: c.FormattedString,
+			URI:             c.URI,
+		})
+	}
+
+	var refs []Reference
+	for _, r := range nvd.References {
+		refs = append(refs, Reference{
+			Link:   r.Link,
+			Source: r.Source,
+		})
+	}
+
+	cweIDs := []string{}
+	for _, cid := range nvd.Cwes {
+		cweIDs = append(cweIDs, cid.CweID)
+	}
+
+	return &CveContent{
+		Type:          Nvd,
+		CveID:         cveID,
+		Summary:       nvd.Summary,
+		Cvss2Score:    nvd.Cvss2.BaseScore,
+		Cvss2Vector:   nvd.Cvss2.VectorString,
+		Cvss2Severity: nvd.Cvss2.Severity,
+		SourceLink:    "https://nvd.nist.gov/vuln/detail/" + cveID,
+		// Cpes:          cpes,
+		CweIDs:       cweIDs,
+		References:   refs,
+		Published:    nvd.PublishedDate,
+		LastModified: nvd.LastModifiedDate,
+	}
+}
+
+// ConvertJvnToModel convert JVN to CveContent
+func ConvertJvnToModel(cveID string, jvn *cvedict.Jvn) *CveContent {
+	if jvn == nil {
+		return nil
+	}
+	var cpes []Cpe
+	for _, c := range jvn.Cpes {
+		cpes = append(cpes, Cpe{
+			FormattedString: c.FormattedString,
+			URI:             c.URI,
+		})
+	}
+
+	refs := []Reference{}
+	for _, r := range jvn.References {
+		refs = append(refs, Reference{
+			Link:   r.Link,
+			Source: r.Source,
+		})
+	}
+
+	return &CveContent{
+		Type:          Jvn,
+		CveID:         cveID,
+		Title:         jvn.Title,
+		Summary:       jvn.Summary,
+		Cvss2Score:    jvn.Cvss2.BaseScore,
+		Cvss2Vector:   jvn.Cvss2.VectorString,
+		Cvss2Severity: jvn.Cvss2.Severity,
+		Cvss3Score:    jvn.Cvss3.BaseScore,
+		Cvss3Vector:   jvn.Cvss3.VectorString,
+		Cvss3Severity: jvn.Cvss3.BaseSeverity,
+		SourceLink:    jvn.JvnLink,
+		// Cpes:          cpes,
+		References:   refs,
+		Published:    jvn.PublishedDate,
+		LastModified: jvn.LastModifiedDate,
+	}
+}
+
+// ConvertNvdJSONToModel convert NVD to CveContent
+func ConvertNvdJSONToModel(cveID string, nvd *cvedict.NvdJSON) *CveContent {
+	if nvd == nil {
+		return nil
+	}
+	var cpes []Cpe
+	for _, c := range nvd.Cpes {
+		cpes = append(cpes, Cpe{
+			FormattedString: c.FormattedString,
+			URI:             c.URI,
+		})
+	}
+
+	var refs []Reference
+	for _, r := range nvd.References {
+		refs = append(refs, Reference{
+			Link:   r.Link,
+			Source: r.Source,
+		})
+	}
+
+	cweIDs := []string{}
+	for _, cid := range nvd.Cwes {
+		cweIDs = append(cweIDs, cid.CweID)
+	}
+
+	desc := []string{}
+	for _, d := range nvd.Descriptions {
+		desc = append(desc, d.Value)
+	}
+
+	return &CveContent{
+		Type:          Nvd,
+		CveID:         cveID,
+		Summary:       strings.Join(desc, "\n"),
+		Cvss2Score:    nvd.Cvss2.BaseScore,
+		Cvss2Vector:   nvd.Cvss2.VectorString,
+		Cvss2Severity: nvd.Cvss2.Severity,
+		Cvss3Score:    nvd.Cvss3.BaseScore,
+		Cvss3Vector:   nvd.Cvss3.VectorString,
+		Cvss3Severity: nvd.Cvss3.BaseSeverity,
+		SourceLink:    "https://nvd.nist.gov/vuln/detail/" + cveID,
+		// Cpes:          cpes,
+		CweIDs:       cweIDs,
+		References:   refs,
+		Published:    nvd.PublishedDate,
+		LastModified: nvd.LastModifiedDate,
+	}
+}

models/vulninfos.go

@@ -0,0 +1,810 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package models
+
+import (
+	"bytes"
+	"fmt"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+)
+
+// VulnInfos has a map of VulnInfo
+// Key: CveID
+type VulnInfos map[string]VulnInfo
+
+// Find elements that matches the function passed in argument
+func (v VulnInfos) Find(f func(VulnInfo) bool) VulnInfos {
+	filtered := VulnInfos{}
+	for _, vv := range v {
+		if f(vv) {
+			filtered[vv.CveID] = vv
+		}
+	}
+	return filtered
+}
+
+// FindScoredVulns return scored vulnerabilities
+func (v VulnInfos) FindScoredVulns() VulnInfos {
+	return v.Find(func(vv VulnInfo) bool {
+		if 0 < vv.MaxCvss2Score().Value.Score ||
+			0 < vv.MaxCvss3Score().Value.Score {
+			return true
+		}
+		return false
+	})
+}
+
+// ToSortedSlice returns slice of VulnInfos that is sorted by Score, CVE-ID
+func (v VulnInfos) ToSortedSlice() (sorted []VulnInfo) {
+	for k := range v {
+		sorted = append(sorted, v[k])
+	}
+	sort.Slice(sorted, func(i, j int) bool {
+		maxI := sorted[i].MaxCvssScore()
+		maxJ := sorted[j].MaxCvssScore()
+		if maxI.Value.Score != maxJ.Value.Score {
+			return maxJ.Value.Score < maxI.Value.Score
+		}
+		return sorted[i].CveID < sorted[j].CveID
+	})
+	return
+}
+
+// CountGroupBySeverity summarize the number of CVEs group by CVSSv2 Severity
+func (v VulnInfos) CountGroupBySeverity() map[string]int {
+	m := map[string]int{}
+	for _, vInfo := range v {
+		score := vInfo.MaxCvss2Score().Value.Score
+		if score < 0.1 {
+			score = vInfo.MaxCvss3Score().Value.Score
+		}
+		switch {
+		case 7.0 <= score:
+			m["High"]++
+		case 4.0 <= score:
+			m["Medium"]++
+		case 0 < score:
+			m["Low"]++
+		default:
+			m["Unknown"]++
+		}
+	}
+	return m
+}
+
+// FormatCveSummary summarize the number of CVEs group by CVSSv2 Severity
+func (v VulnInfos) FormatCveSummary() string {
+	m := v.CountGroupBySeverity()
+
+	if config.Conf.IgnoreUnscoredCves {
+		return fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d)",
+			m["High"]+m["Medium"]+m["Low"], m["High"], m["Medium"], m["Low"])
+	}
+	return fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d ?:%d)",
+		m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
+		m["High"], m["Medium"], m["Low"], m["Unknown"])
+}
+
+// FormatFixedStatus summarize the number of cves are fixed.
+func (v VulnInfos) FormatFixedStatus(packs Packages) string {
+	total, fixed := 0, 0
+	for _, vInfo := range v {
+		if len(vInfo.CpeURIs) != 0 {
+			continue
+		}
+		total++
+		if vInfo.PatchStatus(packs) == "Fixed" {
+			fixed++
+		}
+	}
+	return fmt.Sprintf("%d/%d Fixed", fixed, total)
+}
+
+// PackageStatuses is a list of PackageStatus
+type PackageStatuses []PackageStatus
+
+// FormatTuiSummary format packname to show TUI summary
+func (ps PackageStatuses) FormatTuiSummary() string {
+	names := []string{}
+	for _, p := range ps {
+		names = append(names, p.Name)
+	}
+	return strings.Join(names, ", ")
+}
+
+// Store insert given pkg if missing, update pkg if exists
+func (ps PackageStatuses) Store(pkg PackageStatus) PackageStatuses {
+	for i, p := range ps {
+		if p.Name == pkg.Name {
+			ps[i] = pkg
+			return ps
+		}
+	}
+	ps = append(ps, pkg)
+	return ps
+}
+
+// Sort by Name
+func (ps PackageStatuses) Sort() {
+	sort.Slice(ps, func(i, j int) bool {
+		return ps[i].Name < ps[j].Name
+	})
+	return
+}
+
+// PackageStatus has name and other status abount the package
+type PackageStatus struct {
+	Name        string `json:"name"`
+	NotFixedYet bool   `json:"notFixedYet"`
+	FixState    string `json:"fixState"`
+}
+
+// VulnInfo has a vulnerability information and unsecure packages
+type VulnInfo struct {
+	CveID            string           `json:"cveID"`
+	Confidences      Confidences      `json:"confidences"`
+	AffectedPackages PackageStatuses  `json:"affectedPackages"`
+	DistroAdvisories []DistroAdvisory `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
+	CpeURIs          []string         `json:"cpeURIs,omitempty"`          // CpeURIs related to this CVE defined in config.toml
+	CveContents      CveContents      `json:"cveContents"`
+}
+
+// Titles returns tilte (TUI)
+func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) {
+	if lang == "ja" {
+		if cont, found := v.CveContents[Jvn]; found && 0 < len(cont.Title) {
+			values = append(values, CveContentStr{Jvn, cont.Title})
+		}
+	}
+
+	// RedHat API has one line title.
+	if cont, found := v.CveContents[RedHatAPI]; found && 0 < len(cont.Title) {
+		values = append(values, CveContentStr{RedHatAPI, cont.Title})
+	}
+
+	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
+	for _, ctype := range order {
+		// Only JVN has meaningful title. so return first 100 char of summary
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) {
+			summary := strings.Replace(cont.Summary, "\n", " ", -1)
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: summary,
+			})
+		}
+	}
+
+	for _, adv := range v.DistroAdvisories {
+		values = append(values, CveContentStr{
+			Type:  "Vendor",
+			Value: strings.Replace(adv.Description, "\n", " ", -1),
+		})
+	}
+
+	if len(values) == 0 {
+		values = []CveContentStr{{
+			Type:  Unknown,
+			Value: "-",
+		}}
+	}
+	return
+}
+
+// Summaries returns summaries
+func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
+	if lang == "ja" {
+		if cont, found := v.CveContents[Jvn]; found && 0 < len(cont.Summary) {
+			summary := cont.Title
+			summary += "\n" + strings.Replace(
+				strings.Replace(cont.Summary, "\n", " ", -1), "\r", " ", -1)
+			values = append(values, CveContentStr{Jvn, summary})
+		}
+	}
+
+	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) {
+			summary := strings.Replace(cont.Summary, "\n", " ", -1)
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: summary,
+			})
+		}
+	}
+
+	for _, adv := range v.DistroAdvisories {
+		values = append(values, CveContentStr{
+			Type:  "Vendor",
+			Value: adv.Description,
+		})
+	}
+
+	if len(values) == 0 {
+		return []CveContentStr{{
+			Type:  Unknown,
+			Value: "-",
+		}}
+	}
+
+	return
+}
+
+// Mitigations returns mitigations
+func (v VulnInfo) Mitigations(myFamily string) (values []CveContentStr) {
+	order := CveContentTypes{RedHatAPI}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Mitigation) {
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: cont.Mitigation,
+			})
+		}
+	}
+
+	if len(values) == 0 {
+		return []CveContentStr{{
+			Type:  Unknown,
+			Value: "-",
+		}}
+	}
+	return
+}
+
+// Cvss2Scores returns CVSS V2 Scores
+func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
+	order := []CveContentType{Nvd, NvdXML, RedHat, Jvn}
+	if myFamily != config.RedHat && myFamily != config.CentOS {
+		order = append(order, NewCveContentType(myFamily))
+	}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found {
+			if cont.Cvss2Score == 0 && cont.Cvss2Severity == "" {
+				continue
+			}
+			// https://nvd.nist.gov/vuln-metrics/cvss
+			values = append(values, CveContentCvss{
+				Type: ctype,
+				Value: Cvss{
+					Type:     CVSS2,
+					Score:    cont.Cvss2Score,
+					Vector:   cont.Cvss2Vector,
+					Severity: strings.ToUpper(cont.Cvss2Severity),
+				},
+			})
+		}
+	}
+
+	for _, v := range values {
+		if v.Type == RedHat {
+			return
+		}
+	}
+	// Set the CVSS v2 score of vuln that exists only in gost.
+	// Unfixed vulnerabilities detected by gost are not in OVAL, because
+	// OVAL data has only vulnerabilities for already fixed.
+	if cont, found := v.CveContents[RedHatAPI]; found {
+		values = append(values, CveContentCvss{
+			Type: RedHatAPI,
+			Value: Cvss{
+				Type:     CVSS2,
+				Score:    cont.Cvss2Score,
+				Vector:   cont.Cvss2Vector,
+				Severity: strings.ToUpper(cont.Cvss2Severity),
+			},
+		})
+	}
+
+	for _, adv := range v.DistroAdvisories {
+		if adv.Severity != "" {
+			values = append(values, CveContentCvss{
+				Type: "Advisory",
+				Value: Cvss{
+					Type:                 CVSS2,
+					Score:                severityToV2ScoreRoughly(adv.Severity),
+					CalculatedBySeverity: true,
+					Vector:               "-",
+					Severity:             strings.ToUpper(adv.Severity),
+				},
+			})
+		}
+	}
+
+	// An OVAL entry in Ubuntu and Debian has only severity (CVSS score isn't included).
+	// Show severity and dummy score calculated roughly.
+	order = append(order, AllCveContetTypes.Except(order...)...)
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found &&
+			cont.Cvss2Score == 0 &&
+			cont.Cvss3Score == 0 &&
+			cont.Cvss2Severity != "" {
+
+			values = append(values, CveContentCvss{
+				Type: cont.Type,
+				Value: Cvss{
+					Type:                 CVSS2,
+					Score:                severityToV2ScoreRoughly(cont.Cvss2Severity),
+					CalculatedBySeverity: true,
+					Vector:               "-",
+					Severity:             strings.ToUpper(cont.Cvss2Severity),
+				},
+			})
+		}
+	}
+
+	return
+}
+
+// Cvss3Scores returns CVSS V3 Score
+func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
+	order := []CveContentType{Nvd, RedHat, Jvn}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found {
+			// https://nvd.nist.gov/vuln-metrics/cvss
+			values = append(values, CveContentCvss{
+				Type: ctype,
+				Value: Cvss{
+					Type:     CVSS3,
+					Score:    cont.Cvss3Score,
+					Vector:   cont.Cvss3Vector,
+					Severity: strings.ToUpper(cont.Cvss3Severity),
+				},
+			})
+		}
+	}
+
+	for _, v := range values {
+		if v.Type == RedHat {
+			return
+		}
+	}
+
+	// Set the CVSS v3 score of vuln that exists only in gost.
+	// Unfixed vulnerabilities detected by gost are not in OVAL, because
+	// OVAL data has only vulnerabilities for already fixed.
+	if cont, found := v.CveContents[RedHatAPI]; found {
+		values = append(values, CveContentCvss{
+			Type: RedHatAPI,
+			Value: Cvss{
+				Type:     CVSS3,
+				Score:    cont.Cvss3Score,
+				Vector:   cont.Cvss3Vector,
+				Severity: strings.ToUpper(cont.Cvss3Severity),
+			},
+		})
+	}
+	return
+}
+
+// MaxCvss3Score returns Max CVSS V3 Score
+func (v VulnInfo) MaxCvss3Score() CveContentCvss {
+	order := []CveContentType{Nvd, RedHat, RedHatAPI, Jvn}
+	max := 0.0
+	value := CveContentCvss{
+		Type:  Unknown,
+		Value: Cvss{Type: CVSS3},
+	}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && max < cont.Cvss3Score {
+			// https://nvd.nist.gov/vuln-metrics/cvss
+			value = CveContentCvss{
+				Type: ctype,
+				Value: Cvss{
+					Type:     CVSS3,
+					Score:    cont.Cvss3Score,
+					Vector:   cont.Cvss3Vector,
+					Severity: strings.ToUpper(cont.Cvss3Severity),
+				},
+			}
+			max = cont.Cvss3Score
+		}
+	}
+	return value
+}
+
+// MaxCvssScore returns max CVSS Score
+// If there is no CVSS Score, return Severity as a numerical value.
+func (v VulnInfo) MaxCvssScore() CveContentCvss {
+	v3Max := v.MaxCvss3Score()
+	v2Max := v.MaxCvss2Score()
+	max := v3Max
+	if max.Type == Unknown {
+		return v2Max
+	}
+
+	if max.Value.Score < v2Max.Value.Score && !v2Max.Value.CalculatedBySeverity {
+		max = v2Max
+	}
+	return max
+}
+
+// MaxCvss2Score returns Max CVSS V2 Score
+func (v VulnInfo) MaxCvss2Score() CveContentCvss {
+	order := []CveContentType{Nvd, NvdXML, RedHat, RedHatAPI, Jvn}
+	max := 0.0
+	value := CveContentCvss{
+		Type:  Unknown,
+		Value: Cvss{Type: CVSS2},
+	}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && max < cont.Cvss2Score {
+			// https://nvd.nist.gov/vuln-metrics/cvss
+			value = CveContentCvss{
+				Type: ctype,
+				Value: Cvss{
+					Type:     CVSS2,
+					Score:    cont.Cvss2Score,
+					Vector:   cont.Cvss2Vector,
+					Severity: strings.ToUpper(cont.Cvss2Severity),
+				},
+			}
+			max = cont.Cvss2Score
+		}
+	}
+	if 0 < max {
+		return value
+	}
+
+	// If CVSS score isn't on NVD, RedHat and JVN, use OVAL and advisory Severity.
+	// Convert severity to cvss srore roughly, then returns max severity.
+	// Only Ubuntu, RedHat and Oracle have severity data in OVAL.
+	order = []CveContentType{Ubuntu, RedHat, Oracle}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Cvss2Severity) {
+			score := severityToV2ScoreRoughly(cont.Cvss2Severity)
+			if max < score {
+				value = CveContentCvss{
+					Type: ctype,
+					Value: Cvss{
+						Type:                 CVSS2,
+						Score:                score,
+						CalculatedBySeverity: true,
+						Vector:               cont.Cvss2Vector,
+						Severity:             strings.ToUpper(cont.Cvss2Severity),
+					},
+				}
+			}
+			max = score
+		}
+	}
+
+	// Only RedHat, Oracle and Amazon has severity data in advisory.
+	for _, adv := range v.DistroAdvisories {
+		if adv.Severity != "" {
+			score := severityToV2ScoreRoughly(adv.Severity)
+			if max < score {
+				value = CveContentCvss{
+					Type: "Vendor",
+					Value: Cvss{
+						Type:                 CVSS2,
+						Score:                score,
+						CalculatedBySeverity: true,
+						Vector:               "-",
+						Severity:             adv.Severity,
+					},
+				}
+			}
+		}
+	}
+	return value
+}
+
+// AttackVector returns attack vector string
+func (v VulnInfo) AttackVector() string {
+	for _, cnt := range v.CveContents {
+		if strings.HasPrefix(cnt.Cvss2Vector, "AV:N") ||
+			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:N") {
+			return "Network"
+		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:A") ||
+			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:A") {
+			return "Adjacent"
+		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:L") ||
+			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:L") {
+			return "Local"
+		} else if strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:P") {
+			return "Physical"
+		}
+	}
+	if cont, found := v.CveContents[DebianSecurityTracker]; found {
+		if attackRange, found := cont.Optional["attack range"]; found {
+			return attackRange
+		}
+	}
+	return ""
+}
+
+// PatchStatus returns attack vector string
+func (v VulnInfo) PatchStatus(packs Packages) string {
+	// Vuls don't know patch status of the CPE
+	if len(v.CpeURIs) != 0 {
+		return ""
+	}
+	for _, p := range v.AffectedPackages {
+		if p.NotFixedYet {
+			return "Unfixed"
+		}
+
+		// fast, offline mode doesn't have new version
+		if pack, ok := packs[p.Name]; ok {
+			if pack.NewVersion == "" {
+				return "Unknown"
+			}
+		}
+	}
+	return "Fixed"
+}
+
+// CveContentCvss has CVSS information
+type CveContentCvss struct {
+	Type  CveContentType `json:"type"`
+	Value Cvss           `json:"value"`
+}
+
+// CvssType Represent the type of CVSS
+type CvssType string
+
+const (
+	// CVSS2 means CVSS vesion2
+	CVSS2 CvssType = "2"
+
+	// CVSS3 means CVSS vesion3
+	CVSS3 CvssType = "3"
+)
+
+// Cvss has CVSS Score
+type Cvss struct {
+	Type                 CvssType `json:"type"`
+	Score                float64  `json:"score"`
+	CalculatedBySeverity bool     `json:"calculatedBySeverity"`
+	Vector               string   `json:"vector"`
+	Severity             string   `json:"severity"`
+}
+
+// Format CVSS Score and Vector
+func (c Cvss) Format() string {
+	if c.Score == 0 || c.Vector == "" {
+		return c.Severity
+	}
+	switch c.Type {
+	case CVSS2:
+		return fmt.Sprintf("%3.1f/%s %s", c.Score, c.Vector, c.Severity)
+	case CVSS3:
+		return fmt.Sprintf("%3.1f/%s %s", c.Score, c.Vector, c.Severity)
+	}
+	return ""
+}
+
+func cvss2ScoreToSeverity(score float64) string {
+	if 7.0 <= score {
+		return "HIGH"
+	} else if 4.0 <= score {
+		return "MEDIUM"
+	}
+	return "LOW"
+}
+
+// Amazon Linux Security Advisory
+// Critical, Important, Medium, Low
+// https://alas.aws.amazon.com/
+//
+// RedHat, Oracle OVAL
+// Critical, Important, Moderate, Low
+// https://access.redhat.com/security/updates/classification
+//
+// Ubuntu OVAL
+// Critical, High, Medium, Low
+// https://wiki.ubuntu.com/Bugs/Importance
+// https://people.canonical.com/~ubuntu-security/cve/priority.html
+func severityToV2ScoreRoughly(severity string) float64 {
+	switch strings.ToUpper(severity) {
+	case "CRITICAL":
+		return 10.0
+	case "IMPORTANT", "HIGH":
+		return 8.9
+	case "MODERATE", "MEDIUM":
+		return 6.9
+	case "LOW":
+		return 3.9
+	}
+	return 0
+}
+
+// FormatMaxCvssScore returns Max CVSS Score
+func (v VulnInfo) FormatMaxCvssScore() string {
+	max := v.MaxCvssScore()
+	return fmt.Sprintf("%3.1f %s (%s)",
+		max.Value.Score,
+		strings.ToUpper(max.Value.Severity),
+		max.Type)
+}
+
+// Cvss2CalcURL returns CVSS v2 caluclator's URL
+func (v VulnInfo) Cvss2CalcURL() string {
+	return "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=" + v.CveID
+}
+
+// Cvss3CalcURL returns CVSS v3 caluclator's URL
+func (v VulnInfo) Cvss3CalcURL() string {
+	return "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=" + v.CveID
+}
+
+// VendorLinks returns links of vendor support's URL
+func (v VulnInfo) VendorLinks(family string) map[string]string {
+	links := map[string]string{}
+	switch family {
+	case config.RedHat, config.CentOS:
+		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
+		for _, advisory := range v.DistroAdvisories {
+			aidURL := strings.Replace(advisory.AdvisoryID, ":", "-", -1)
+			links[advisory.AdvisoryID] = fmt.Sprintf("https://rhn.redhat.com/errata/%s.html", aidURL)
+		}
+		return links
+	case config.Oracle:
+		links["Oracle-CVE"] = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", v.CveID)
+		for _, advisory := range v.DistroAdvisories {
+			links[advisory.AdvisoryID] =
+				fmt.Sprintf("https://linux.oracle.com/errata/%s.html", advisory.AdvisoryID)
+		}
+		return links
+	case config.Amazon:
+		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
+		for _, advisory := range v.DistroAdvisories {
+			links[advisory.AdvisoryID] =
+				fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
+		}
+		return links
+	case config.Ubuntu:
+		links["Ubuntu-CVE"] = "http://people.ubuntu.com/~ubuntu-security/cve/" + v.CveID
+		return links
+	case config.Debian:
+		links["Debian-CVE"] = "https://security-tracker.debian.org/tracker/" + v.CveID
+	case config.SUSEEnterpriseServer:
+		links["SUSE-CVE"] = "https://www.suse.com/security/cve/" + v.CveID
+	case config.FreeBSD:
+		for _, advisory := range v.DistroAdvisories {
+			links["FreeBSD-VuXML"] = fmt.Sprintf("https://vuxml.freebsd.org/freebsd/%s.html", advisory.AdvisoryID)
+
+		}
+		return links
+	}
+	return links
+}
+
+// DistroAdvisory has Amazon Linux, RHEL, FreeBSD Security Advisory information.
+type DistroAdvisory struct {
+	AdvisoryID  string    `json:"advisoryID"`
+	Severity    string    `json:"severity"`
+	Issued      time.Time `json:"issued"`
+	Updated     time.Time `json:"updated"`
+	Description string    `json:"description"`
+}
+
+// Format the distro advisory information
+func (p DistroAdvisory) Format() string {
+	if p.AdvisoryID == "" {
+		return ""
+	}
+
+	var delim bytes.Buffer
+	for i := 0; i < len(p.AdvisoryID); i++ {
+		delim.WriteString("-")
+	}
+	buf := []string{p.AdvisoryID, delim.String(), p.Description}
+	return strings.Join(buf, "\n")
+}
+
+// Confidences is a list of Confidence
+type Confidences []Confidence
+
+// AppendIfMissing appends confidence to the list if missiong
+func (cs *Confidences) AppendIfMissing(confidence Confidence) {
+	for _, c := range *cs {
+		if c.DetectionMethod == confidence.DetectionMethod {
+			return
+		}
+	}
+	*cs = append(*cs, confidence)
+}
+
+// SortByConfident sorts Confidences
+func (cs Confidences) SortByConfident() Confidences {
+	sort.Slice(cs, func(i, j int) bool {
+		return cs[i].SortOrder < cs[j].SortOrder
+	})
+	return cs
+}
+
+// Confidence is a ranking how confident the CVE-ID was deteted correctly
+// Score: 0 - 100
+type Confidence struct {
+	Score           int             `json:"score"`
+	DetectionMethod DetectionMethod `json:"detectionMethod"`
+	SortOrder       int             `json:"-"`
+}
+
+func (c Confidence) String() string {
+	return fmt.Sprintf("%d / %s", c.Score, c.DetectionMethod)
+}
+
+// DetectionMethod indicates
+// - How to detect the CveID
+// - How to get the changelog difference between installed and candidate version
+type DetectionMethod string
+
+const (
+	// CpeNameMatchStr is a String representation of CpeNameMatch
+	CpeNameMatchStr = "CpeNameMatch"
+
+	// YumUpdateSecurityMatchStr is a String representation of YumUpdateSecurityMatch
+	YumUpdateSecurityMatchStr = "YumUpdateSecurityMatch"
+
+	// PkgAuditMatchStr is a String representation of PkgAuditMatch
+	PkgAuditMatchStr = "PkgAuditMatch"
+
+	// OvalMatchStr is a String representation of OvalMatch
+	OvalMatchStr = "OvalMatch"
+
+	// RedHatAPIStr is a String representation of RedHatAPIMatch
+	RedHatAPIStr = "RedHatAPIMatch"
+
+	// DebianSecurityTrackerMatchStr is a String representation of DebianSecurityTrackerMatch
+	DebianSecurityTrackerMatchStr = "DebianSecurityTrackerMatch"
+
+	// ChangelogExactMatchStr is a String representation of ChangelogExactMatch
+	ChangelogExactMatchStr = "ChangelogExactMatch"
+
+	// ChangelogLenientMatchStr is a String representation of ChangelogLenientMatch
+	ChangelogLenientMatchStr = "ChangelogLenientMatch"
+
+	// FailedToGetChangelog is a String representation of FailedToGetChangelog
+	FailedToGetChangelog = "FailedToGetChangelog"
+
+	// FailedToFindVersionInChangelog is a String representation of FailedToFindVersionInChangelog
+	FailedToFindVersionInChangelog = "FailedToFindVersionInChangelog"
+)
+
+var (
+	// CpeNameMatch is a ranking how confident the CVE-ID was deteted correctly
+	CpeNameMatch = Confidence{100, CpeNameMatchStr, 1}
+
+	// YumUpdateSecurityMatch is a ranking how confident the CVE-ID was deteted correctly
+	YumUpdateSecurityMatch = Confidence{100, YumUpdateSecurityMatchStr, 2}
+
+	// PkgAuditMatch is a ranking how confident the CVE-ID was deteted correctly
+	PkgAuditMatch = Confidence{100, PkgAuditMatchStr, 2}
+
+	// OvalMatch is a ranking how confident the CVE-ID was deteted correctly
+	OvalMatch = Confidence{100, OvalMatchStr, 0}
+
+	// RedHatAPIMatch ranking how confident the CVE-ID was deteted correctly
+	RedHatAPIMatch = Confidence{100, RedHatAPIStr, 0}
+
+	// DebianSecurityTrackerMatch ranking how confident the CVE-ID was deteted correctly
+	DebianSecurityTrackerMatch = Confidence{100, DebianSecurityTrackerMatchStr, 0}
+
+	// ChangelogExactMatch is a ranking how confident the CVE-ID was deteted correctly
+	ChangelogExactMatch = Confidence{95, ChangelogExactMatchStr, 3}
+
+	// ChangelogLenientMatch is a ranking how confident the CVE-ID was deteted correctly
+	ChangelogLenientMatch = Confidence{50, ChangelogLenientMatchStr, 4}
+)

oval/alpine.go

@@ -0,0 +1,74 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+)
+
+// Alpine is the struct of Alpine Linux
+type Alpine struct {
+	Base
+}
+
+// NewAlpine creates OVAL client for SUSE
+func NewAlpine() Alpine {
+	return Alpine{
+		Base{
+			family: config.Alpine,
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o Alpine) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var relatedDefs ovalResult
+	if o.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+	for _, defPacks := range relatedDefs.entries {
+		o.update(r, defPacks)
+	}
+
+	return len(relatedDefs.entries), nil
+}
+
+func (o Alpine) update(r *models.ScanResult, defPacks defPacks) {
+	cveID := defPacks.def.Advisory.Cves[0].CveID
+	vinfo, ok := r.ScannedCves[cveID]
+	if !ok {
+		util.Log.Debugf("%s is newly detected by OVAL", cveID)
+		vinfo = models.VulnInfo{
+			CveID:       cveID,
+			Confidences: []models.Confidence{models.OvalMatch},
+		}
+	}
+
+	vinfo.AffectedPackages = defPacks.toPackStatuses()
+	vinfo.AffectedPackages.Sort()
+	r.ScannedCves[cveID] = vinfo
+}

oval/debian.go

@@ -0,0 +1,284 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+// DebianBase is the base struct of Debian and Ubuntu
+type DebianBase struct {
+	Base
+}
+
+func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
+	ovalContent := *o.convertToModel(&defPacks.def)
+	ovalContent.Type = models.NewCveContentType(o.family)
+	vinfo, ok := r.ScannedCves[defPacks.def.Debian.CveID]
+	if !ok {
+		util.Log.Debugf("%s is newly detected by OVAL", defPacks.def.Debian.CveID)
+		vinfo = models.VulnInfo{
+			CveID:       defPacks.def.Debian.CveID,
+			Confidences: []models.Confidence{models.OvalMatch},
+			CveContents: models.NewCveContents(ovalContent),
+		}
+	} else {
+		cveContents := vinfo.CveContents
+		ctype := models.NewCveContentType(o.family)
+		if _, ok := vinfo.CveContents[ctype]; ok {
+			util.Log.Debugf("%s OVAL will be overwritten",
+				defPacks.def.Debian.CveID)
+		} else {
+			util.Log.Debugf("%s is also detected by OVAL",
+				defPacks.def.Debian.CveID)
+			cveContents = models.CveContents{}
+		}
+		vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+		cveContents[ctype] = ovalContent
+		vinfo.CveContents = cveContents
+	}
+
+	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+	for _, pack := range vinfo.AffectedPackages {
+		defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+	}
+
+	// update notFixedYet of SrcPackage
+	for binName := range defPacks.actuallyAffectedPackNames {
+		if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok {
+			for _, p := range defPacks.def.AffectedPacks {
+				if p.Name == srcPack.Name {
+					defPacks.actuallyAffectedPackNames[binName] = p.NotFixedYet
+				}
+			}
+		}
+	}
+
+	vinfo.AffectedPackages = defPacks.toPackStatuses()
+	vinfo.AffectedPackages.Sort()
+	r.ScannedCves[defPacks.def.Debian.CveID] = vinfo
+}
+
+func (o DebianBase) convertToModel(def *ovalmodels.Definition) *models.CveContent {
+	var refs []models.Reference
+	for _, r := range def.References {
+		refs = append(refs, models.Reference{
+			Link:   r.RefURL,
+			Source: r.Source,
+			RefID:  r.RefID,
+		})
+	}
+
+	return &models.CveContent{
+		CveID:         def.Debian.CveID,
+		Title:         def.Title,
+		Summary:       def.Description,
+		Cvss2Severity: def.Advisory.Severity,
+		References:    refs,
+	}
+}
+
+// Debian is the interface for Debian OVAL
+type Debian struct {
+	DebianBase
+}
+
+// NewDebian creates OVAL client for Debian
+func NewDebian() Debian {
+	return Debian{
+		DebianBase{
+			Base{
+				family: config.Debian,
+			},
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+
+	//Debian's uname gives both of kernel release(uname -r), version(kernel-image version)
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+
+	// Add linux and set the version of running kernel to search OVAL.
+	if r.Container.ContainerID == "" {
+		newVer := ""
+		if p, ok := r.Packages[linuxImage]; ok {
+			newVer = p.NewVersion
+		}
+		r.Packages["linux"] = models.Package{
+			Name:       "linux",
+			Version:    r.RunningKernel.Version,
+			NewVersion: newVer,
+		}
+	}
+
+	var relatedDefs ovalResult
+	if o.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+
+	delete(r.Packages, "linux")
+
+	for _, defPacks := range relatedDefs.entries {
+		// Remove "linux" added above for oval search
+		// linux is not a real package name (key of affected packages in OVAL)
+		if notFixedYet, ok := defPacks.actuallyAffectedPackNames["linux"]; ok {
+			defPacks.actuallyAffectedPackNames[linuxImage] = notFixedYet
+			delete(defPacks.actuallyAffectedPackNames, "linux")
+			for i, p := range defPacks.def.AffectedPacks {
+				if p.Name == "linux" {
+					p.Name = linuxImage
+					defPacks.def.AffectedPacks[i] = p
+				}
+			}
+		}
+
+		o.update(r, defPacks)
+	}
+
+	for _, vuln := range r.ScannedCves {
+		if cont, ok := vuln.CveContents[models.Debian]; ok {
+			cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
+			vuln.CveContents[models.Debian] = cont
+		}
+	}
+	return len(relatedDefs.entries), nil
+}
+
+// Ubuntu is the interface for Debian OVAL
+type Ubuntu struct {
+	DebianBase
+}
+
+// NewUbuntu creates OVAL client for Debian
+func NewUbuntu() Ubuntu {
+	return Ubuntu{
+		DebianBase{
+			Base{
+				family: config.Ubuntu,
+			},
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	ovalKernelImageNames := []string{
+		"linux-aws",
+		"linux-azure",
+		"linux-flo",
+		"linux-gcp",
+		"linux-gke",
+		"linux-goldfish",
+		"linux-hwe",
+		"linux-hwe-edge",
+		"linux-kvm",
+		"linux-mako",
+		"linux-raspi2",
+		"linux-snapdragon",
+	}
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+
+	found := false
+	if r.Container.ContainerID == "" {
+		for _, n := range ovalKernelImageNames {
+			if _, ok := r.Packages[n]; ok {
+				v, ok := r.Packages[linuxImage]
+				if ok {
+					// Set running kernel version
+					p := r.Packages[n]
+					p.Version = v.Version
+					p.NewVersion = v.NewVersion
+					r.Packages[n] = p
+				} else {
+					util.Log.Warnf("Running kernel image %s is not found: %s",
+						linuxImage, r.RunningKernel.Version)
+				}
+				found = true
+				break
+			}
+		}
+
+		if !found {
+			// linux-generic is described as "linux" in Ubuntu's oval.
+			// Add "linux" and set the version of running kernel to search OVAL.
+			v, ok := r.Packages[linuxImage]
+			if ok {
+				r.Packages["linux"] = models.Package{
+					Name:       "linux",
+					Version:    v.Version,
+					NewVersion: v.NewVersion,
+				}
+			} else {
+				util.Log.Warnf("%s is not found. Running: %s",
+					linuxImage, r.RunningKernel.Release)
+			}
+		}
+	}
+
+	var relatedDefs ovalResult
+	if o.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+
+	if !found {
+		delete(r.Packages, "linux")
+	}
+
+	for _, defPacks := range relatedDefs.entries {
+		// Remove "linux" added above to search for oval
+		// "linux" is not a real package name (key of affected packages in OVAL)
+		if _, ok := defPacks.actuallyAffectedPackNames["linux"]; !found && ok {
+			defPacks.actuallyAffectedPackNames[linuxImage] = true
+			delete(defPacks.actuallyAffectedPackNames, "linux")
+			for i, p := range defPacks.def.AffectedPacks {
+				if p.Name == "linux" {
+					p.Name = linuxImage
+					defPacks.def.AffectedPacks[i] = p
+				}
+			}
+		}
+
+		o.update(r, defPacks)
+	}
+
+	for _, vuln := range r.ScannedCves {
+		if cont, ok := vuln.CveContents[models.Ubuntu]; ok {
+			cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
+			vuln.CveContents[models.Ubuntu] = cont
+		}
+	}
+	return len(relatedDefs.entries), nil
+}

oval/debian_test.go

@@ -0,0 +1,79 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package oval
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+func TestPackNamesOfUpdateDebian(t *testing.T) {
+	var tests = []struct {
+		in       models.ScanResult
+		defPacks defPacks
+		out      models.ScanResult
+	}{
+		{
+			in: models.ScanResult{
+				ScannedCves: models.VulnInfos{
+					"CVE-2000-1000": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							{Name: "packA"},
+							{Name: "packC"},
+						},
+					},
+				},
+			},
+			defPacks: defPacks{
+				def: ovalmodels.Definition{
+					Debian: ovalmodels.Debian{
+						CveID: "CVE-2000-1000",
+					},
+				},
+				actuallyAffectedPackNames: map[string]bool{
+					"packB": true,
+				},
+			},
+			out: models.ScanResult{
+				ScannedCves: models.VulnInfos{
+					"CVE-2000-1000": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							{Name: "packA"},
+							{Name: "packB", NotFixedYet: true},
+							{Name: "packC"},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	util.Log = util.NewCustomLogger(config.ServerInfo{})
+	for i, tt := range tests {
+		Debian{}.update(&tt.in, tt.defPacks)
+		e := tt.out.ScannedCves["CVE-2000-1000"].AffectedPackages
+		a := tt.in.ScannedCves["CVE-2000-1000"].AffectedPackages
+		if !reflect.DeepEqual(a, e) {
+			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
+		}
+	}
+}

oval/oval.go

@@ -0,0 +1,127 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+	"github.com/parnurzeal/gorequest"
+)
+
+// Client is the interface of OVAL client.
+type Client interface {
+	CheckHTTPHealth() error
+	FillWithOval(db.DB, *models.ScanResult) (int, error)
+
+	// CheckIfOvalFetched checks if oval entries are in DB by family, release.
+	CheckIfOvalFetched(db.DB, string, string) (bool, error)
+	CheckIfOvalFresh(db.DB, string, string) (bool, error)
+	IsFetchViaHTTP() bool
+}
+
+// Base is a base struct
+type Base struct {
+	family string
+}
+
+// CheckHTTPHealth do health check
+func (b Base) CheckHTTPHealth() error {
+	if !b.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.OvalDict.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return fmt.Errorf("Failed to request to OVAL server. url: %s, errs: %v",
+			url, errs)
+	}
+	return nil
+}
+
+// CheckIfOvalFetched checks if oval entries are in DB by family, release.
+func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) {
+	if !b.IsFetchViaHTTP() {
+		count, err := driver.CountDefs(osFamily, release)
+		if err != nil {
+			return false, fmt.Errorf("Failed to count OVAL defs: %s, %s, %v",
+				osFamily, release, err)
+		}
+		return 0 < count, nil
+	}
+
+	url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "count", osFamily, release)
+	resp, body, errs := gorequest.New().Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return false, fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+			errs, url, resp)
+	}
+	count := 0
+	if err := json.Unmarshal([]byte(body), &count); err != nil {
+		return false, fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
+			body, err)
+	}
+	return 0 < count, nil
+}
+
+// CheckIfOvalFresh checks if oval entries are fresh enough
+func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, err error) {
+	var lastModified time.Time
+	if !b.IsFetchViaHTTP() {
+		lastModified = driver.GetLastModified(osFamily, release)
+	} else {
+		url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release)
+		resp, body, errs := gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			return false, fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
+		}
+
+		if err := json.Unmarshal([]byte(body), &lastModified); err != nil {
+			return false, fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
+				body, err)
+		}
+	}
+
+	since := time.Now()
+	since = since.AddDate(0, 0, -3)
+	if lastModified.Before(since) {
+		util.Log.Warnf("OVAL for %s %s is old, last modified is %s. It's recommended to update OVAL to improve scanning accuracy. How to update OVAL database, see https://github.com/kotakanbe/goval-dictionary#usage",
+			osFamily, release, lastModified)
+		return false, nil
+	}
+	util.Log.Infof("OVAL is fresh: %s %s ", osFamily, release)
+	return true, nil
+}
+
+// IsFetchViaHTTP checks whether fetch via HTTP
+func (b Base) IsFetchViaHTTP() bool {
+	// Default value of OvalDBType is sqlite3
+	return cnf.Conf.OvalDict.URL != "" && cnf.Conf.OvalDict.Type == "sqlite3"
+}

oval/redhat.go

@@ -0,0 +1,278 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+// RedHatBase is the base struct for RedHat and CentOS
+type RedHatBase struct {
+	Base
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o RedHatBase) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var relatedDefs ovalResult
+	if o.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+
+	for _, defPacks := range relatedDefs.entries {
+		nCVEs += o.update(r, defPacks)
+	}
+
+	for _, vuln := range r.ScannedCves {
+		switch models.NewCveContentType(o.family) {
+		case models.RedHat:
+			if cont, ok := vuln.CveContents[models.RedHat]; ok {
+				cont.SourceLink = "https://access.redhat.com/security/cve/" + cont.CveID
+				vuln.CveContents[models.RedHat] = cont
+			}
+		case models.Oracle:
+			if cont, ok := vuln.CveContents[models.Oracle]; ok {
+				cont.SourceLink = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", cont.CveID)
+				vuln.CveContents[models.Oracle] = cont
+			}
+		}
+	}
+
+	return nCVEs, nil
+}
+
+var kernelRelatedPackNames = map[string]bool{
+	"kernel":                  true,
+	"kernel-aarch64":          true,
+	"kernel-abi-whitelists":   true,
+	"kernel-bootwrapper":      true,
+	"kernel-debug":            true,
+	"kernel-debug-devel":      true,
+	"kernel-devel":            true,
+	"kernel-doc":              true,
+	"kernel-headers":          true,
+	"kernel-kdump":            true,
+	"kernel-kdump-devel":      true,
+	"kernel-rt":               true,
+	"kernel-rt-debug":         true,
+	"kernel-rt-debug-devel":   true,
+	"kernel-rt-debug-kvm":     true,
+	"kernel-rt-devel":         true,
+	"kernel-rt-doc":           true,
+	"kernel-rt-kvm":           true,
+	"kernel-rt-trace":         true,
+	"kernel-rt-trace-devel":   true,
+	"kernel-rt-trace-kvm":     true,
+	"kernel-rt-virt":          true,
+	"kernel-rt-virt-devel":    true,
+	"kernel-tools":            true,
+	"kernel-tools-libs":       true,
+	"kernel-tools-libs-devel": true,
+	"perf":                    true,
+	"python-perf":             true,
+}
+
+func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int) {
+	ctype := models.NewCveContentType(o.family)
+	for _, cve := range defPacks.def.Advisory.Cves {
+		ovalContent := *o.convertToModel(cve.CveID, &defPacks.def)
+		vinfo, ok := r.ScannedCves[cve.CveID]
+		if !ok {
+			util.Log.Debugf("%s is newly detected by OVAL", cve.CveID)
+			vinfo = models.VulnInfo{
+				CveID:       cve.CveID,
+				Confidences: models.Confidences{models.OvalMatch},
+				CveContents: models.NewCveContents(ovalContent),
+			}
+			nCVEs++
+		} else {
+			cveContents := vinfo.CveContents
+			if v, ok := vinfo.CveContents[ctype]; ok {
+				if v.LastModified.After(ovalContent.LastModified) {
+					util.Log.Debugf("%s, OvalID: %d ignroed: ",
+						cve.CveID, defPacks.def.ID)
+					continue
+				} else {
+					util.Log.Debugf("%s OVAL will be overwritten", cve.CveID)
+				}
+			} else {
+				util.Log.Debugf("%s also detected by OVAL", cve.CveID)
+				cveContents = models.CveContents{}
+			}
+
+			vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+			cveContents[ctype] = ovalContent
+			vinfo.CveContents = cveContents
+		}
+
+		// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+		for _, pack := range vinfo.AffectedPackages {
+			if nfy, ok := defPacks.actuallyAffectedPackNames[pack.Name]; !ok {
+				defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+			} else if nfy {
+				defPacks.actuallyAffectedPackNames[pack.Name] = true
+			}
+		}
+		vinfo.AffectedPackages = defPacks.toPackStatuses()
+		vinfo.AffectedPackages.Sort()
+		r.ScannedCves[cve.CveID] = vinfo
+	}
+	return
+}
+
+func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *models.CveContent {
+	for _, cve := range def.Advisory.Cves {
+		if cve.CveID != cveID {
+			continue
+		}
+		var refs []models.Reference
+		for _, r := range def.References {
+			refs = append(refs, models.Reference{
+				Link:   r.RefURL,
+				Source: r.Source,
+				RefID:  r.RefID,
+			})
+		}
+
+		score2, vec2 := o.parseCvss2(cve.Cvss2)
+		score3, vec3 := o.parseCvss3(cve.Cvss3)
+
+		severity := def.Advisory.Severity
+		if cve.Impact != "" {
+			severity = cve.Impact
+		}
+
+		sev2, sev3 := "", ""
+		if score2 != 0 {
+			sev2 = severity
+		}
+		if score3 != 0 {
+			sev3 = severity
+		}
+
+		// CWE-ID in RedHat OVAL may have multiple cweIDs separated by space
+		cwes := strings.Fields(cve.Cwe)
+
+		return &models.CveContent{
+			Type:          models.NewCveContentType(o.family),
+			CveID:         cve.CveID,
+			Title:         def.Title,
+			Summary:       def.Description,
+			Cvss2Score:    score2,
+			Cvss2Vector:   vec2,
+			Cvss2Severity: sev2,
+			Cvss3Score:    score3,
+			Cvss3Vector:   vec3,
+			Cvss3Severity: sev3,
+			References:    refs,
+			CweIDs:        cwes,
+			Published:     def.Advisory.Issued,
+			LastModified:  def.Advisory.Updated,
+		}
+	}
+	return nil
+}
+
+// ParseCvss2 divide CVSSv2 string into score and vector
+// 5/AV:N/AC:L/Au:N/C:N/I:N/A:P
+func (o RedHatBase) parseCvss2(scoreVector string) (score float64, vector string) {
+	var err error
+	ss := strings.Split(scoreVector, "/")
+	if 1 < len(ss) {
+		if score, err = strconv.ParseFloat(ss[0], 64); err != nil {
+			return 0, ""
+		}
+		return score, strings.Join(ss[1:], "/")
+	}
+	return 0, ""
+}
+
+// ParseCvss3 divide CVSSv3 string into score and vector
+// 5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
+func (o RedHatBase) parseCvss3(scoreVector string) (score float64, vector string) {
+	var err error
+	ss := strings.Split(scoreVector, "/CVSS:3.0/")
+	if 1 < len(ss) {
+		if score, err = strconv.ParseFloat(ss[0], 64); err != nil {
+			return 0, ""
+		}
+		return score, fmt.Sprintf("CVSS:3.0/%s", ss[1])
+	}
+	return 0, ""
+}
+
+// RedHat is the interface for RedhatBase OVAL
+type RedHat struct {
+	RedHatBase
+}
+
+// NewRedhat creates OVAL client for Redhat
+func NewRedhat() RedHat {
+	return RedHat{
+		RedHatBase{
+			Base{
+				family: config.RedHat,
+			},
+		},
+	}
+}
+
+// CentOS is the interface for CentOS OVAL
+type CentOS struct {
+	RedHatBase
+}
+
+// NewCentOS creates OVAL client for CentOS
+func NewCentOS() CentOS {
+	return CentOS{
+		RedHatBase{
+			Base{
+				family: config.CentOS,
+			},
+		},
+	}
+}
+
+// Oracle is the interface for Oracle OVAL
+type Oracle struct {
+	RedHatBase
+}
+
+// NewOracle creates OVAL client for Oracle
+func NewOracle() Oracle {
+	return Oracle{
+		RedHatBase{
+			Base{
+				family: config.Oracle,
+			},
+		},
+	}
+}

oval/redhat_test.go

@@ -0,0 +1,148 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+package oval
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+func TestParseCvss2(t *testing.T) {
+	type out struct {
+		score  float64
+		vector string
+	}
+	var tests = []struct {
+		in  string
+		out out
+	}{
+		{
+			in: "5/AV:N/AC:L/Au:N/C:N/I:N/A:P",
+			out: out{
+				score:  5.0,
+				vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+			},
+		},
+		{
+			in: "",
+			out: out{
+				score:  0,
+				vector: "",
+			},
+		},
+	}
+	for _, tt := range tests {
+		s, v := RedHatBase{}.parseCvss2(tt.in)
+		if s != tt.out.score || v != tt.out.vector {
+			t.Errorf("\nexpected: %f, %s\n  actual: %f, %s",
+				tt.out.score, tt.out.vector, s, v)
+		}
+	}
+}
+
+func TestParseCvss3(t *testing.T) {
+	type out struct {
+		score  float64
+		vector string
+	}
+	var tests = []struct {
+		in  string
+		out out
+	}{
+		{
+			in: "5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+			out: out{
+				score:  5.6,
+				vector: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+			},
+		},
+		{
+			in: "",
+			out: out{
+				score:  0,
+				vector: "",
+			},
+		},
+	}
+	for _, tt := range tests {
+		s, v := RedHatBase{}.parseCvss3(tt.in)
+		if s != tt.out.score || v != tt.out.vector {
+			t.Errorf("\nexpected: %f, %s\n  actual: %f, %s",
+				tt.out.score, tt.out.vector, s, v)
+		}
+	}
+}
+
+func TestPackNamesOfUpdate(t *testing.T) {
+	var tests = []struct {
+		in       models.ScanResult
+		defPacks defPacks
+		out      models.ScanResult
+	}{
+		{
+			in: models.ScanResult{
+				ScannedCves: models.VulnInfos{
+					"CVE-2000-1000": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							{Name: "packA"},
+							{Name: "packB", NotFixedYet: false},
+						},
+					},
+				},
+			},
+			defPacks: defPacks{
+				def: ovalmodels.Definition{
+					Advisory: ovalmodels.Advisory{
+						Cves: []ovalmodels.Cve{
+							{
+								CveID: "CVE-2000-1000",
+							},
+						},
+					},
+				},
+				actuallyAffectedPackNames: map[string]bool{
+					"packB": true,
+				},
+			},
+			out: models.ScanResult{
+				ScannedCves: models.VulnInfos{
+					"CVE-2000-1000": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							{Name: "packA"},
+							{Name: "packB", NotFixedYet: true},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	util.Log = util.NewCustomLogger(config.ServerInfo{})
+	for i, tt := range tests {
+		RedHat{}.update(&tt.in, tt.defPacks)
+		e := tt.out.ScannedCves["CVE-2000-1000"].AffectedPackages
+		a := tt.in.ScannedCves["CVE-2000-1000"].AffectedPackages
+		if !reflect.DeepEqual(a, e) {
+			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
+		}
+	}
+}

oval/suse.go

@@ -0,0 +1,118 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+)
+
+// SUSE is the struct of SUSE Linux
+type SUSE struct {
+	Base
+}
+
+// NewSUSE creates OVAL client for SUSE
+func NewSUSE() SUSE {
+	// TODO implement other family
+	return SUSE{
+		Base{
+			family: config.SUSEEnterpriseServer,
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o SUSE) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var relatedDefs ovalResult
+	if o.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+	for _, defPacks := range relatedDefs.entries {
+		o.update(r, defPacks)
+	}
+
+	for _, vuln := range r.ScannedCves {
+		if cont, ok := vuln.CveContents[models.SUSE]; ok {
+			cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
+			vuln.CveContents[models.SUSE] = cont
+		}
+	}
+	return len(relatedDefs.entries), nil
+}
+
+func (o SUSE) update(r *models.ScanResult, defPacks defPacks) {
+	ovalContent := *o.convertToModel(&defPacks.def)
+	ovalContent.Type = models.NewCveContentType(o.family)
+	vinfo, ok := r.ScannedCves[defPacks.def.Title]
+	if !ok {
+		util.Log.Debugf("%s is newly detected by OVAL", defPacks.def.Title)
+		vinfo = models.VulnInfo{
+			CveID:       defPacks.def.Title,
+			Confidences: models.Confidences{models.OvalMatch},
+			CveContents: models.NewCveContents(ovalContent),
+		}
+	} else {
+		cveContents := vinfo.CveContents
+		ctype := models.NewCveContentType(o.family)
+		if _, ok := vinfo.CveContents[ctype]; ok {
+			util.Log.Debugf("%s OVAL will be overwritten", defPacks.def.Title)
+		} else {
+			util.Log.Debugf("%s is also detected by OVAL", defPacks.def.Title)
+			cveContents = models.CveContents{}
+		}
+		vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+		cveContents[ctype] = ovalContent
+		vinfo.CveContents = cveContents
+	}
+
+	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+	for _, pack := range vinfo.AffectedPackages {
+		defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+	}
+	vinfo.AffectedPackages = defPacks.toPackStatuses()
+	vinfo.AffectedPackages.Sort()
+	r.ScannedCves[defPacks.def.Title] = vinfo
+}
+
+func (o SUSE) convertToModel(def *ovalmodels.Definition) *models.CveContent {
+	var refs []models.Reference
+	for _, r := range def.References {
+		refs = append(refs, models.Reference{
+			Link:   r.RefURL,
+			Source: r.Source,
+			RefID:  r.RefID,
+		})
+	}
+
+	return &models.CveContent{
+		CveID:      def.Title,
+		Title:      def.Title,
+		Summary:    def.Description,
+		References: refs,
+	}
+}

oval/util.go

@@ -0,0 +1,353 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package oval
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	debver "github.com/knqyf263/go-deb-version"
+	rpmver "github.com/knqyf263/go-rpm-version"
+	"github.com/kotakanbe/goval-dictionary/db"
+	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
+	"github.com/parnurzeal/gorequest"
+)
+
+type ovalResult struct {
+	entries []defPacks
+}
+
+type defPacks struct {
+	def ovalmodels.Definition
+
+	// BinaryPackageName : NotFixedYet
+	actuallyAffectedPackNames map[string]bool
+}
+
+func (e defPacks) toPackStatuses() (ps models.PackageStatuses) {
+	for name, notFixedYet := range e.actuallyAffectedPackNames {
+		ps = append(ps, models.PackageStatus{
+			Name:        name,
+			NotFixedYet: notFixedYet,
+		})
+	}
+	return
+}
+
+func (e *ovalResult) upsert(def ovalmodels.Definition, packName string, notFixedYet bool) (upserted bool) {
+	// alpine's entry is empty since Alpine secdb is not OVAL format
+	if def.DefinitionID != "" {
+		for i, entry := range e.entries {
+			if entry.def.DefinitionID == def.DefinitionID {
+				e.entries[i].actuallyAffectedPackNames[packName] = notFixedYet
+				return true
+			}
+		}
+	}
+	e.entries = append(e.entries, defPacks{
+		def:                       def,
+		actuallyAffectedPackNames: map[string]bool{packName: notFixedYet},
+	})
+
+	return false
+}
+
+type request struct {
+	packName          string
+	versionRelease    string
+	NewVersionRelease string
+	binaryPackNames   []string
+	isSrcPack         bool
+}
+
+type response struct {
+	request request
+	defs    []ovalmodels.Definition
+}
+
+// getDefsByPackNameViaHTTP fetches OVAL information via HTTP
+func getDefsByPackNameViaHTTP(r *models.ScanResult) (
+	relatedDefs ovalResult, err error) {
+
+	nReq := len(r.Packages) + len(r.SrcPackages)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, pack := range r.Packages {
+			reqChan <- request{
+				packName:          pack.Name,
+				versionRelease:    pack.FormatVer(),
+				NewVersionRelease: pack.FormatVer(),
+				isSrcPack:         false,
+			}
+		}
+		for _, pack := range r.SrcPackages {
+			reqChan <- request{
+				packName:        pack.Name,
+				binaryPackNames: pack.BinaryNames,
+				versionRelease:  pack.Version,
+				isSrcPack:       true,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					config.Conf.OvalDict.URL,
+					"packs",
+					r.Family,
+					r.Release,
+					req.packName,
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			for _, def := range res.defs {
+				affected, notFixedYet := isOvalDefAffected(def, res.request, r.Family, r.RunningKernel)
+				if !affected {
+					continue
+				}
+
+				if res.request.isSrcPack {
+					for _, n := range res.request.binaryPackNames {
+						relatedDefs.upsert(def, n, false)
+					}
+				} else {
+					relatedDefs.upsert(def, res.request.packName, notFixedYet)
+				}
+			}
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return relatedDefs, fmt.Errorf("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return relatedDefs, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+	}
+	return
+}
+
+func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- fmt.Errorf("HTTP Error %s", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- fmt.Errorf("HRetry count exceeded")
+		return
+	}
+
+	defs := []ovalmodels.Definition{}
+	if err := json.Unmarshal([]byte(body), &defs); err != nil {
+		errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
+			body, err)
+		return
+	}
+	resChan <- response{
+		request: req,
+		defs:    defs,
+	}
+}
+
+func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDefs ovalResult, err error) {
+	requests := []request{}
+	for _, pack := range r.Packages {
+		requests = append(requests, request{
+			packName:          pack.Name,
+			versionRelease:    pack.FormatVer(),
+			NewVersionRelease: pack.FormatNewVer(),
+			isSrcPack:         false,
+		})
+	}
+	for _, pack := range r.SrcPackages {
+		requests = append(requests, request{
+			packName:        pack.Name,
+			binaryPackNames: pack.BinaryNames,
+			versionRelease:  pack.Version,
+			isSrcPack:       true,
+		})
+	}
+
+	for _, req := range requests {
+		definitions, err := driver.GetByPackName(r.Release, req.packName)
+		if err != nil {
+			return relatedDefs, fmt.Errorf("Failed to get %s OVAL info by package: %#v, err: %s", r.Family, req, err)
+		}
+		for _, def := range definitions {
+			affected, notFixedYet := isOvalDefAffected(def, req, r.Family, r.RunningKernel)
+			if !affected {
+				continue
+			}
+
+			if req.isSrcPack {
+				for _, n := range req.binaryPackNames {
+					relatedDefs.upsert(def, n, false)
+				}
+			} else {
+				relatedDefs.upsert(def, req.packName, notFixedYet)
+			}
+		}
+	}
+	return
+}
+
+func major(version string) string {
+	ss := strings.SplitN(version, ":", 2)
+	ver := ""
+	if len(ss) == 1 {
+		ver = ss[0]
+	} else {
+		ver = ss[1]
+	}
+	return ver[0:strings.Index(ver, ".")]
+}
+
+func isOvalDefAffected(def ovalmodels.Definition, req request, family string, running models.Kernel) (affected, notFixedYet bool) {
+	for _, ovalPack := range def.AffectedPacks {
+		if req.packName != ovalPack.Name {
+			continue
+		}
+
+		if running.Release != "" {
+			switch family {
+			case config.RedHat, config.CentOS:
+				// For kernel related packages, ignore OVAL information with different major versions
+				if _, ok := kernelRelatedPackNames[ovalPack.Name]; ok {
+					if major(ovalPack.Version) != major(running.Release) {
+						continue
+					}
+				}
+			}
+		}
+
+		if ovalPack.NotFixedYet {
+			return true, true
+		}
+
+		less, err := lessThan(family, req.versionRelease, ovalPack)
+		if err != nil {
+			util.Log.Debugf("Failed to parse versions: %s, Ver: %#v, OVAL: %#v, DefID: %s",
+				err, req.versionRelease, ovalPack, def.DefinitionID)
+			return false, false
+		}
+
+		if less {
+			if req.isSrcPack {
+				// Unable to judge whether fixed or not fixed of src package(Ubuntu, Debian)
+				return true, false
+			}
+
+			// `offline` or `fast` scan mode can't get a updatable version.
+			// In these mode, the blow field was set empty.
+			// Vuls can not judge fixed or unfixed.
+			if req.NewVersionRelease == "" {
+				return true, false
+			}
+
+			// compare version: newVer vs oval
+			less, err := lessThan(family, req.NewVersionRelease, ovalPack)
+			if err != nil {
+				util.Log.Debugf("Failed to parse versions: %s, NewVer: %#v, OVAL: %#v, DefID: %s",
+					err, req.NewVersionRelease, ovalPack, def.DefinitionID)
+				return false, false
+			}
+			return true, less
+		}
+	}
+	return false, false
+}
+
+func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, error) {
+	switch family {
+	case config.Debian, config.Ubuntu:
+		vera, err := debver.NewVersion(versionRelease)
+		if err != nil {
+			return false, err
+		}
+		verb, err := debver.NewVersion(packB.Version)
+		if err != nil {
+			return false, err
+		}
+		return vera.LessThan(verb), nil
+	case config.Oracle, config.SUSEEnterpriseServer, config.Alpine:
+		vera := rpmver.NewVersion(versionRelease)
+		verb := rpmver.NewVersion(packB.Version)
+		return vera.LessThan(verb), nil
+	case config.RedHat, config.CentOS: // TODO: Suport config.Scientific
+		rea := regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`)
+		reb := regexp.MustCompile(`\.el(\d+)(?:_\d+)?`)
+		vera := rpmver.NewVersion(rea.ReplaceAllString(versionRelease, ".el$1"))
+		verb := rpmver.NewVersion(reb.ReplaceAllString(packB.Version, ".el$1"))
+		return vera.LessThan(verb), nil
+	default:
+		util.Log.Errorf("Not implemented yet: %s", family)
+	}
+	return false, fmt.Errorf("Package version comparison not supported: %s", family)
+}

report/azureblob.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -24,7 +24,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/storage"
+	storage "github.com/Azure/azure-sdk-for-go/storage"
 
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
@@ -47,7 +47,7 @@ func (w AzureBlobWriter) Write(rs ...models.ScanResult) (err error) {
 	if c.Conf.FormatOneLineText {
 		timestr := rs[0].ScannedAt.Format(time.RFC3339)
 		k := fmt.Sprintf(timestr + "/summary.txt")
-		text := toOneLineSummary(rs...)
+		text := formatOneLineSummary(rs...)
 		b := []byte(text)
 		if err := createBlockBlob(cli, k, b); err != nil {
 			return err
@@ -67,9 +67,9 @@ func (w AzureBlobWriter) Write(rs ...models.ScanResult) (err error) {
 			}
 		}
 
-		if c.Conf.FormatShortText {
+		if c.Conf.FormatList {
 			k := key + "_short.txt"
-			b := []byte(toShortPlainText(r))
+			b := []byte(formatList(r))
 			if err := createBlockBlob(cli, k, b); err != nil {
 				return err
 			}
@@ -77,7 +77,7 @@ func (w AzureBlobWriter) Write(rs ...models.ScanResult) (err error) {
 
 		if c.Conf.FormatFullText {
 			k := key + "_full.txt"
-			b := []byte(toFullPlainText(r))
+			b := []byte(formatFullPlainText(r))
 			if err := createBlockBlob(cli, k, b); err != nil {
 				return err
 			}
@@ -104,18 +104,26 @@ func CheckIfAzureContainerExists() error {
 	if err != nil {
 		return err
 	}
-	ok, err := cli.ContainerExists(c.Conf.AzureContainer)
+	r, err := cli.ListContainers(storage.ListContainersParameters{})
 	if err != nil {
 		return err
 	}
-	if !ok {
-		return fmt.Errorf("Container not found. Container: %s", c.Conf.AzureContainer)
+
+	found := false
+	for _, con := range r.Containers {
+		if con.Name == c.Conf.Azure.ContainerName {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return fmt.Errorf("Container not found. Container: %s", c.Conf.Azure.ContainerName)
 	}
 	return nil
 }
 
 func getBlobClient() (storage.BlobStorageClient, error) {
-	api, err := storage.NewBasicClient(c.Conf.AzureAccount, c.Conf.AzureKey)
+	api, err := storage.NewBasicClient(c.Conf.Azure.AccountName, c.Conf.Azure.AccountKey)
 	if err != nil {
 		return storage.BlobStorageClient{}, err
 	}
@@ -131,15 +139,11 @@ func createBlockBlob(cli storage.BlobStorageClient, k string, b []byte) error {
 		k = k + ".gz"
 	}
 
-	if err := cli.CreateBlockBlobFromReader(
-		c.Conf.AzureContainer,
-		k,
-		uint64(len(b)),
-		bytes.NewReader(b),
-		map[string]string{},
-	); err != nil {
+	ref := cli.GetContainerReference(c.Conf.Azure.ContainerName)
+	blob := ref.GetBlobReference(k)
+	if err := blob.CreateBlockBlobFromReader(bytes.NewReader(b), nil); err != nil {
 		return fmt.Errorf("Failed to upload data to %s/%s, %s",
-			c.Conf.AzureContainer, k, err)
+			c.Conf.Azure.ContainerName, k, err)
 	}
 	return nil
 }

report/chatwork.go

@@ -0,0 +1,73 @@
+package report
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// ChatWorkWriter send report to ChatWork
+type ChatWorkWriter struct{}
+
+func (w ChatWorkWriter) Write(rs ...models.ScanResult) (err error) {
+	conf := config.Conf.ChatWork
+
+	for _, r := range rs {
+		serverInfo := fmt.Sprintf("%s", r.ServerInfo())
+		if err = chatWorkpostMessage(conf.Room, conf.APIToken, serverInfo); err != nil {
+			return err
+		}
+
+		for _, vinfo := range r.ScannedCves {
+			maxCvss := vinfo.MaxCvssScore()
+			severity := strings.ToUpper(maxCvss.Value.Severity)
+			if severity == "" {
+				severity = "?"
+			}
+
+			message := fmt.Sprintf(`%s[info][title]"https://nvd.nist.gov/vuln/detail/%s" %s %s[/title]%s[/info]`,
+				serverInfo,
+				vinfo.CveID,
+				strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
+				severity,
+				vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value)
+
+			if err = chatWorkpostMessage(conf.Room, conf.APIToken, message); err != nil {
+				return err
+			}
+		}
+
+	}
+	return nil
+}
+
+func chatWorkpostMessage(room, token, message string) error {
+	uri := fmt.Sprintf("https://api.chatwork.com/v2/rooms/%s/messages=%s", room, token)
+
+	payload := url.Values{
+		"body": {message},
+	}
+
+	reqs, err := http.NewRequest("POST", uri, strings.NewReader(payload.Encode()))
+
+	reqs.Header.Add("X-ChatWorkToken", token)
+	reqs.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+	if err != nil {
+		return err
+	}
+	client := &http.Client{}
+
+	resp, err := client.Do(reqs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}

report/chatwork_test.go

@@ -0,0 +1 @@
+package report

report/cve_client.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -15,22 +15,19 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-package cveapi
+package report
 
 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"sort"
 	"time"
 
 	"github.com/cenkalti/backoff"
 	"github.com/parnurzeal/gorequest"
 
-	log "github.com/Sirupsen/logrus"
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/util"
-	cveconfig "github.com/kotakanbe/go-cve-dictionary/config"
 	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
 	cve "github.com/kotakanbe/go-cve-dictionary/models"
 )
@@ -44,13 +41,13 @@ type cvedictClient struct {
 }
 
 func (api *cvedictClient) initialize() {
-	api.baseURL = config.Conf.CveDictionaryURL
+	api.baseURL = config.Conf.CveDict.URL
 }
 
-func (api cvedictClient) CheckHealth() (ok bool, err error) {
-	if config.Conf.CveDictionaryURL == "" {
-		log.Debugf("get cve-dictionary from %s", config.Conf.CveDBType)
-		return true, nil
+func (api cvedictClient) CheckHealth() error {
+	if !api.isFetchViaHTTP() {
+		util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDict.Type)
+		return nil
 	}
 
 	api.initialize()
@@ -60,9 +57,10 @@ func (api cvedictClient) CheckHealth() (ok bool, err error) {
 	resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
 	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return false, fmt.Errorf("Failed to request to CVE server. url: %s, errs: %v", url, errs)
+		return fmt.Errorf("Failed to request to CVE server. url: %s, errs: %v",
+			url, errs)
 	}
-	return true, nil
+	return nil
 }
 
 type response struct {
@@ -70,12 +68,25 @@ type response struct {
 	CveDetail cve.CveDetail
 }
 
-func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDetails, err error) {
-	if config.Conf.CveDictionaryURL == "" {
-		return api.FetchCveDetailsFromCveDB(cveIDs)
+func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveDetails []cve.CveDetail, err error) {
+	if !api.isFetchViaHTTP() {
+		for _, cveID := range cveIDs {
+			cveDetail, err := driver.Get(cveID)
+			if err != nil {
+				return nil, fmt.Errorf("Failed to fetch CVE. err: %s", err)
+			}
+			if len(cveDetail.CveID) == 0 {
+				cveDetails = append(cveDetails, cve.CveDetail{
+					CveID: cveID,
+				})
+			} else {
+				cveDetails = append(cveDetails, *cveDetail)
+			}
+		}
+		return
 	}
 
-	api.baseURL = config.Conf.CveDictionaryURL
+	api.baseURL = config.Conf.CveDict.URL
 	reqChan := make(chan string, len(cveIDs))
 	resChan := make(chan response, len(cveIDs))
 	errChan := make(chan error, len(cveIDs))
@@ -99,7 +110,7 @@ func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDet
 				if err != nil {
 					errChan <- err
 				} else {
-					log.Debugf("HTTP Request to %s", url)
+					util.Log.Debugf("HTTP Request to %s", url)
 					api.httpGet(cveID, url, resChan, errChan)
 				}
 			}
@@ -121,44 +132,13 @@ func (api cvedictClient) FetchCveDetails(cveIDs []string) (cveDetails cve.CveDet
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return []cve.CveDetail{}, fmt.Errorf("Timeout Fetching CVE")
+			return nil, fmt.Errorf("Timeout Fetching CVE")
 		}
 	}
 	if len(errs) != 0 {
-		return []cve.CveDetail{},
+		return nil,
 			fmt.Errorf("Failed to fetch CVE. err: %v", errs)
 	}
-
-	sort.Sort(cveDetails)
-	return
-}
-
-func (api cvedictClient) FetchCveDetailsFromCveDB(cveIDs []string) (cveDetails cve.CveDetails, err error) {
-	log.Debugf("open cve-dictionary db (%s)", config.Conf.CveDBType)
-	cveconfig.Conf.DBType = config.Conf.CveDBType
-	if config.Conf.CveDBType == "sqlite3" {
-		cveconfig.Conf.DBPath = config.Conf.CveDBPath
-	} else {
-		cveconfig.Conf.DBPath = config.Conf.CveDictionaryURL
-	}
-	cveconfig.Conf.DebugSQL = config.Conf.DebugSQL
-	if err := cvedb.OpenDB(); err != nil {
-		return []cve.CveDetail{},
-			fmt.Errorf("Failed to open DB. err: %s", err)
-	}
-	for _, cveID := range cveIDs {
-		cveDetail := cvedb.Get(cveID)
-		if len(cveDetail.CveID) == 0 {
-			cveDetails = append(cveDetails, cve.CveDetail{
-				CveID: cveID,
-			})
-		} else {
-			cveDetails = append(cveDetails, cveDetail)
-		}
-	}
-
-	// order by CVE ID desc
-	sort.Sort(cveDetails)
 	return
 }
 
@@ -170,20 +150,25 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 		resp, body, errs = gorequest.New().Get(url).End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v", errs, url, resp)
+			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
+				errs, url, resp)
 		}
 		return nil
 	}
 	notify := func(err error, t time.Duration) {
-		log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s",
+			t, err)
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
 		errChan <- fmt.Errorf("HTTP Error %s", err)
+		return
 	}
 	cveDetail := cve.CveDetail{}
 	if err := json.Unmarshal([]byte(body), &cveDetail); err != nil {
-		errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s", body, err)
+		errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
+			body, err)
+		return
 	}
 	resChan <- response{
 		key,
@@ -191,25 +176,27 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 	}
 }
 
-type responseGetCveDetailByCpeName struct {
-	CpeName    string
-	CveDetails []cve.CveDetail
+func (api cvedictClient) isFetchViaHTTP() bool {
+	// Default value of CveDBType is sqlite3
+	if config.Conf.CveDict.URL != "" && config.Conf.CveDict.Type == "sqlite3" {
+		return true
+	}
+	return false
 }
 
-func (api cvedictClient) FetchCveDetailsByCpeName(cpeName string) ([]cve.CveDetail, error) {
-	if config.Conf.CveDictionaryURL == "" {
-		return api.FetchCveDetailsByCpeNameFromDB(cpeName)
-	}
+func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName string) ([]cve.CveDetail, error) {
+	if api.isFetchViaHTTP() {
+		api.baseURL = config.Conf.CveDict.URL
+		url, err := util.URLPathJoin(api.baseURL, "cpes")
+		if err != nil {
+			return nil, err
+		}
 
-	api.baseURL = config.Conf.CveDictionaryURL
-	url, err := util.URLPathJoin(api.baseURL, "cpes")
-	if err != nil {
-		return []cve.CveDetail{}, err
+		query := map[string]string{"name": cpeName}
+		util.Log.Debugf("HTTP Request to %s, query: %#v", url, query)
+		return api.httpPost(cpeName, url, query)
 	}
-
-	query := map[string]string{"name": cpeName}
-	log.Debugf("HTTP Request to %s, query: %#v", url, query)
-	return api.httpPost(cpeName, url, query)
+	return driver.GetByCpeURI(cpeName)
 }
 
 func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]cve.CveDetail, error) {
@@ -217,7 +204,8 @@ func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]c
 	var errs []error
 	var resp *http.Response
 	f := func() (err error) {
-		req := gorequest.New().SetDebug(config.Conf.Debug).Post(url)
+		//  req := gorequest.New().SetDebug(config.Conf.Debug).Post(url)
+		req := gorequest.New().Post(url)
 		for key := range query {
 			req = req.Send(fmt.Sprintf("%s=%s", key, query[key])).Type("json")
 		}
@@ -228,30 +216,17 @@ func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]c
 		return nil
 	}
 	notify := func(err error, t time.Duration) {
-		log.Warnf("Failed to HTTP POST. retrying in %s seconds. err: %s", t, err)
+		util.Log.Warnf("Failed to HTTP POST. retrying in %s seconds. err: %s", t, err)
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
-		return []cve.CveDetail{}, fmt.Errorf("HTTP Error %s", err)
+		return nil, fmt.Errorf("HTTP Error %s", err)
 	}
 
 	cveDetails := []cve.CveDetail{}
 	if err := json.Unmarshal([]byte(body), &cveDetails); err != nil {
-		return []cve.CveDetail{},
+		return nil,
 			fmt.Errorf("Failed to Unmarshall. body: %s, err: %s", body, err)
 	}
 	return cveDetails, nil
 }
-
-func (api cvedictClient) FetchCveDetailsByCpeNameFromDB(cpeName string) ([]cve.CveDetail, error) {
-	log.Debugf("open cve-dictionary db (%s)", config.Conf.CveDBType)
-	cveconfig.Conf.DBType = config.Conf.CveDBType
-	cveconfig.Conf.DBPath = config.Conf.CveDBPath
-	cveconfig.Conf.DebugSQL = config.Conf.DebugSQL
-
-	if err := cvedb.OpenDB(); err != nil {
-		return []cve.CveDetail{},
-			fmt.Errorf("Failed to open DB. err: %s", err)
-	}
-	return cvedb.GetByCpeName(cpeName), nil
-}

report/db_client.go

@@ -0,0 +1,158 @@
+package report
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/util"
+	gostdb "github.com/knqyf263/gost/db"
+	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
+	ovaldb "github.com/kotakanbe/goval-dictionary/db"
+)
+
+// DBClient is a dictionarie's db client for reporting
+type DBClient struct {
+	CveDB  cvedb.DB
+	OvalDB ovaldb.DB
+	GostDB gostdb.DB
+}
+
+// DBClientConf has a configuration of Vulnerability DBs
+type DBClientConf struct {
+	CveDictCnf  config.GoCveDictConf
+	OvalDictCnf config.GovalDictConf
+	GostCnf     config.GostConf
+	DebugSQL    bool
+}
+
+func (c DBClientConf) isCveDBViaHTTP() bool {
+	return c.CveDictCnf.URL != "" && c.CveDictCnf.Type == "sqlite3"
+}
+
+func (c DBClientConf) isOvalViaHTTP() bool {
+	return c.OvalDictCnf.URL != "" && c.OvalDictCnf.Type == "sqlite3"
+}
+
+func (c DBClientConf) isGostViaHTTP() bool {
+	return c.GostCnf.URL != "" && c.GostCnf.Type == "sqlite3"
+}
+
+// NewDBClient returns db clients
+func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error) {
+	cveDriver, locked, err := NewCveDB(cnf)
+	if err != nil {
+		return nil, locked, err
+	}
+
+	ovaldb, locked, err := NewOvalDB(cnf)
+	if locked {
+		return nil, true, fmt.Errorf("OvalDB is locked: %s",
+			cnf.OvalDictCnf.SQLite3Path)
+	} else if err != nil {
+		util.Log.Warnf("Unable to use OvalDB: %s, err: %s",
+			cnf.OvalDictCnf.SQLite3Path, err)
+	}
+
+	gostdb, locked, err := NewGostDB(cnf)
+	if locked {
+		return nil, true, fmt.Errorf("gostDB is locked: %s",
+			cnf.GostCnf.SQLite3Path)
+	} else if err != nil {
+		util.Log.Warnf("Unable to use gostDB: %s, err: %s",
+			cnf.GostCnf.SQLite3Path, err)
+	}
+
+	return &DBClient{
+		CveDB:  cveDriver,
+		OvalDB: ovaldb,
+		GostDB: gostdb,
+	}, false, nil
+}
+
+// NewCveDB returns cve db client
+func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {
+	if cnf.isCveDBViaHTTP() {
+		return nil, false, nil
+	}
+	util.Log.Debugf("open cve-dictionary db (%s)", cnf.CveDictCnf.Type)
+	path := cnf.CveDictCnf.URL
+	if cnf.CveDictCnf.Type == "sqlite3" {
+		path = cnf.CveDictCnf.SQLite3Path
+	}
+
+	util.Log.Debugf("Open cve-dictionary db (%s): %s", cnf.CveDictCnf.Type, path)
+	driver, locked, err = cvedb.NewDB(cnf.CveDictCnf.Type, path, cnf.DebugSQL)
+	if err != nil {
+		err = fmt.Errorf("Failed to init CVE DB. err: %s, path: %s", err, path)
+		return nil, locked, err
+	}
+	return driver, false, nil
+}
+
+// NewOvalDB returns oval db client
+func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
+	if cnf.isOvalViaHTTP() {
+		return nil, false, nil
+	}
+	path := cnf.OvalDictCnf.URL
+	if cnf.OvalDictCnf.Type == "sqlite3" {
+		path = cnf.OvalDictCnf.SQLite3Path
+
+		if _, err := os.Stat(path); os.IsNotExist(err) {
+			util.Log.Warnf("--ovaldb-path=%s is not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage", path)
+			return nil, false, nil
+		}
+	}
+
+	util.Log.Debugf("Open oval-dictionary db (%s): %s", cnf.OvalDictCnf.Type, path)
+	driver, locked, err = ovaldb.NewDB("", cnf.OvalDictCnf.Type, path, cnf.DebugSQL)
+	if err != nil {
+		err = fmt.Errorf("Failed to new OVAL DB. err: %s", err)
+		if locked {
+			return nil, true, err
+		}
+		return nil, false, err
+	}
+	return driver, false, nil
+}
+
+// NewGostDB returns db client for Gost
+func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
+	if cnf.isGostViaHTTP() {
+		return nil, false, nil
+	}
+	path := cnf.GostCnf.URL
+	if cnf.GostCnf.Type == "sqlite3" {
+		path = cnf.GostCnf.SQLite3Path
+
+		if _, err := os.Stat(path); os.IsNotExist(err) {
+			util.Log.Warnf("--gostdb-path=%s is not found. If the scan target server is Debian, RHEL or CentOS, it's recommended to use gost to improve scanning accuracy. To use gost database, see https://github.com/knqyf263/gost#fetch-redhat", path)
+			return nil, false, nil
+		}
+	}
+
+	util.Log.Debugf("Open gost db (%s): %s", cnf.GostCnf.Type, path)
+	if driver, locked, err = gostdb.NewDB(cnf.GostCnf.Type, path, cnf.DebugSQL); err != nil {
+		if locked {
+			util.Log.Errorf("gostDB is locked: %s", err)
+			return nil, true, err
+		}
+		return nil, false, err
+	}
+	return driver, false, nil
+}
+
+// CloseDB close dbs
+func (d DBClient) CloseDB() {
+	if d.CveDB != nil {
+		if err := d.CveDB.CloseDB(); err != nil {
+			util.Log.Errorf("Failed to close DB: %s", err)
+		}
+	}
+	if d.OvalDB != nil {
+		if err := d.OvalDB.CloseDB(); err != nil {
+			util.Log.Errorf("Failed to close DB: %s", err)
+		}
+	}
+}

report/email.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -34,51 +34,117 @@ type EMailWriter struct{}
 
 func (w EMailWriter) Write(rs ...models.ScanResult) (err error) {
 	conf := config.Conf
-	to := strings.Join(conf.EMail.To[:], ", ")
-	cc := strings.Join(conf.EMail.Cc[:], ", ")
-	mailAddresses := append(conf.EMail.To, conf.EMail.Cc...)
+	var message string
+	sender := NewEMailSender()
+
+	m := map[string]int{}
+	for _, r := range rs {
+		if conf.FormatOneEMail {
+			message += formatFullPlainText(r) + "\r\n\r\n"
+
+			mm := r.ScannedCves.CountGroupBySeverity()
+			keys := []string{"High", "Medium", "Low", "Unknown"}
+			for _, k := range keys {
+				m[k] += mm[k]
+			}
+		} else {
+			var subject string
+			if len(r.Errors) != 0 {
+				subject = fmt.Sprintf("%s%s An error occurred while scanning",
+					conf.EMail.SubjectPrefix, r.ServerInfo())
+			} else {
+				subject = fmt.Sprintf("%s%s %s",
+					conf.EMail.SubjectPrefix,
+					r.ServerInfo(),
+					r.ScannedCves.FormatCveSummary())
+			}
+			message = formatFullPlainText(r)
+			if err := sender.Send(subject, message); err != nil {
+				return err
+			}
+		}
+	}
+
+	summary := ""
+	if config.Conf.IgnoreUnscoredCves {
+		summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d)",
+			m["High"]+m["Medium"]+m["Low"], m["High"], m["Medium"], m["Low"])
+	}
+	summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d ?:%d)",
+		m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
+		m["High"], m["Medium"], m["Low"], m["Unknown"])
+
+	if conf.FormatOneEMail {
+		message = fmt.Sprintf(
+			`
+One Line Summary
+================
+%s
+
+
+%s`,
+			formatOneLineSummary(rs...), message)
+
+		subject := fmt.Sprintf("%s %s",
+			conf.EMail.SubjectPrefix, summary)
+		return sender.Send(subject, message)
+	}
+	return nil
+}
+
+// EMailSender is interface of sending e-mail
+type EMailSender interface {
+	Send(subject, body string) error
+}
+
+type emailSender struct {
+	conf config.SMTPConf
+	send func(string, smtp.Auth, string, []string, []byte) error
+}
+
+func (e *emailSender) Send(subject, body string) (err error) {
+	emailConf := e.conf
+	to := strings.Join(emailConf.To[:], ", ")
+	cc := strings.Join(emailConf.Cc[:], ", ")
+	mailAddresses := append(emailConf.To, emailConf.Cc...)
 	if _, err := mail.ParseAddressList(strings.Join(mailAddresses[:], ", ")); err != nil {
 		return fmt.Errorf("Failed to parse email addresses: %s", err)
 	}
 
-	for _, r := range rs {
-		subject := fmt.Sprintf("%s%s %s",
-			conf.EMail.SubjectPrefix,
-			r.ServerInfo(),
-			r.CveSummary(),
-		)
+	headers := make(map[string]string)
+	headers["From"] = emailConf.From
+	headers["To"] = to
+	headers["Cc"] = cc
+	headers["Subject"] = subject
+	headers["Date"] = time.Now().Format(time.RFC1123Z)
+	headers["Content-Type"] = "text/plain; charset=utf-8"
 
-		headers := make(map[string]string)
-		headers["From"] = conf.EMail.From
-		headers["To"] = to
-		headers["Cc"] = cc
-		headers["Subject"] = subject
-		headers["Date"] = time.Now().Format(time.RFC1123Z)
-		headers["Content-Type"] = "text/plain; charset=utf-8"
+	var header string
+	for k, v := range headers {
+		header += fmt.Sprintf("%s: %s\r\n", k, v)
+	}
+	message := fmt.Sprintf("%s\r\n%s", header, body)
 
-		var message string
-		for k, v := range headers {
-			message += fmt.Sprintf("%s: %s\r\n", k, v)
-		}
-		message += "\r\n" + toFullPlainText(r)
-
-		smtpServer := net.JoinHostPort(conf.EMail.SMTPAddr, conf.EMail.SMTPPort)
-		err = smtp.SendMail(
-			smtpServer,
-			smtp.PlainAuth(
-				"",
-				conf.EMail.User,
-				conf.EMail.Password,
-				conf.EMail.SMTPAddr,
-			),
-			conf.EMail.From,
-			conf.EMail.To,
-			[]byte(message),
-		)
-
-		if err != nil {
-			return fmt.Errorf("Failed to send emails: %s", err)
-		}
+	smtpServer := net.JoinHostPort(emailConf.SMTPAddr, emailConf.SMTPPort)
+	err = e.send(
+		smtpServer,
+		smtp.PlainAuth(
+			"",
+			emailConf.User,
+			emailConf.Password,
+			emailConf.SMTPAddr,
+		),
+		emailConf.From,
+		mailAddresses,
+		[]byte(message),
+	)
+	if err != nil {
+		return fmt.Errorf("Failed to send emails: %s", err)
 	}
 	return nil
 }
+
+// NewEMailSender creates emailSender
+func NewEMailSender() EMailSender {
+	return &emailSender{config.Conf.EMail, smtp.SendMail}
+}

report/email_test.go

@@ -0,0 +1,132 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"net/smtp"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/future-architect/vuls/config"
+)
+
+type emailRecorder struct {
+	addr string
+	auth smtp.Auth
+	from string
+	to   []string
+	body string
+}
+
+type mailTest struct {
+	in  config.SMTPConf
+	out emailRecorder
+}
+
+var mailTests = []mailTest{
+	{
+		config.SMTPConf{
+			SMTPAddr: "127.0.0.1",
+			SMTPPort: "25",
+
+			From: "from@address.com",
+			To:   []string{"to@address.com"},
+			Cc:   []string{"cc@address.com"},
+		},
+		emailRecorder{
+			addr: "127.0.0.1:25",
+			auth: smtp.PlainAuth("", "", "", "127.0.0.1"),
+			from: "from@address.com",
+			to:   []string{"to@address.com", "cc@address.com"},
+			body: "body",
+		},
+	},
+	{
+		config.SMTPConf{
+			SMTPAddr: "127.0.0.1",
+			SMTPPort: "25",
+
+			User:     "vuls",
+			Password: "password",
+
+			From: "from@address.com",
+			To:   []string{"to1@address.com", "to2@address.com"},
+			Cc:   []string{"cc1@address.com", "cc2@address.com"},
+		},
+		emailRecorder{
+			addr: "127.0.0.1:25",
+			auth: smtp.PlainAuth(
+				"",
+				"vuls",
+				"password",
+				"127.0.0.1",
+			),
+			from: "from@address.com",
+			to: []string{"to1@address.com", "to2@address.com",
+				"cc1@address.com", "cc2@address.com"},
+			body: "body",
+		},
+	},
+}
+
+func TestSend(t *testing.T) {
+	for i, test := range mailTests {
+		f, r := mockSend(nil)
+		sender := &emailSender{conf: test.in, send: f}
+
+		subject := "subject"
+		body := "body"
+		if err := sender.Send(subject, body); err != nil {
+			t.Errorf("unexpected error: %s", err)
+		}
+
+		if r.addr != test.out.addr {
+			t.Errorf("#%d: wrong 'addr' field.\r\nexpected: %s\n got: %s", i, test.out.addr, r.addr)
+		}
+
+		if !reflect.DeepEqual(r.auth, test.out.auth) {
+			t.Errorf("#%d: wrong 'auth' field.\r\nexpected: %v\n got: %v", i, test.out.auth, r.auth)
+		}
+
+		if r.from != test.out.from {
+			t.Errorf("#%d: wrong 'from' field.\r\nexpected: %v\n got: %v", i, test.out.from, r.from)
+		}
+
+		if !reflect.DeepEqual(r.to, test.out.to) {
+			t.Errorf("#%d: wrong 'to' field.\r\nexpected: %v\n got: %v", i, test.out.to, r.to)
+		}
+
+		if r.body != test.out.body {
+			t.Errorf("#%d: wrong 'body' field.\r\nexpected: %v\n got: %v", i, test.out.body, r.body)
+		}
+
+	}
+
+}
+
+func mockSend(errToReturn error) (func(string, smtp.Auth, string, []string, []byte) error, *emailRecorder) {
+	r := new(emailRecorder)
+	return func(addr string, a smtp.Auth, from string, to []string, msg []byte) error {
+		// Split into header and body
+		messages := strings.Split(string(msg), "\r\n\r\n")
+		body := messages[1]
+		*r = emailRecorder{addr, a, from, to, body}
+		return errToReturn
+	}, r
+}

report/hipchat.go

@@ -0,0 +1,74 @@
+package report
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// HipChatWriter send report to HipChat
+type HipChatWriter struct{}
+
+func (w HipChatWriter) Write(rs ...models.ScanResult) (err error) {
+	conf := config.Conf.HipChat
+
+	for _, r := range rs {
+		serverInfo := fmt.Sprintf("%s", r.ServerInfo())
+		if err = postMessage(conf.Room, conf.AuthToken, serverInfo); err != nil {
+			return err
+		}
+
+		for _, vinfo := range r.ScannedCves {
+			maxCvss := vinfo.MaxCvssScore()
+			severity := strings.ToUpper(maxCvss.Value.Severity)
+			if severity == "" {
+				severity = "?"
+			}
+
+			message := fmt.Sprintf(`<a href="https://nvd.nist.gov/vuln/detail\%s"> %s </a> <br/>%s (%s)<br/>%s`,
+				vinfo.CveID,
+				vinfo.CveID,
+				strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
+				severity,
+				vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value,
+			)
+
+			if err = postMessage(conf.Room, conf.AuthToken, message); err != nil {
+				return err
+			}
+		}
+
+	}
+	return nil
+}
+
+func postMessage(room, token, message string) error {
+	uri := fmt.Sprintf("https://api.hipchat.com/v2/room/%s/notification?auth_token=%s", room, token)
+
+	payload := url.Values{
+		"color":          {"purple"},
+		"message_format": {"html"},
+		"message":        {message},
+	}
+	reqs, err := http.NewRequest("POST", uri, strings.NewReader(payload.Encode()))
+	if err != nil {
+		return err
+	}
+
+	reqs.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+	client := &http.Client{}
+
+	resp, err := client.Do(reqs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}

report/hipchat_test.go

@@ -0,0 +1 @@
+package report

report/http.go

@@ -0,0 +1,62 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Architect, Inc. Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+
+	"github.com/pkg/errors"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// HTTPRequestWriter writes results to HTTP request
+type HTTPRequestWriter struct{}
+
+// Write sends results as HTTP response
+func (w HTTPRequestWriter) Write(rs ...models.ScanResult) (err error) {
+	for _, r := range rs {
+		b := new(bytes.Buffer)
+		json.NewEncoder(b).Encode(r)
+		_, err = http.Post(c.Conf.HTTP.URL, "application/json; charset=utf-8", b)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// HTTPResponseWriter writes results to HTTP response
+type HTTPResponseWriter struct {
+	Writer http.ResponseWriter
+}
+
+// Write sends results as HTTP response
+func (w HTTPResponseWriter) Write(rs ...models.ScanResult) (err error) {
+	res, err := json.Marshal(rs)
+	if err != nil {
+		return errors.Wrap(err, "Failed to marshal scah results")
+	}
+	w.Writer.Header().Set("Content-Type", "application/json")
+	_, err = w.Writer.Write(res)
+
+	return err
+}

report/localfile.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -38,7 +38,7 @@ type LocalFileWriter struct {
 func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 	if c.Conf.FormatOneLineText {
 		path := filepath.Join(w.CurrentDir, "summary.txt")
-		text := toOneLineSummary(rs...)
+		text := formatOneLineSummary(rs...)
 		if err := writeFile(path, []byte(text), 0600); err != nil {
 			return fmt.Errorf(
 				"Failed to write to file. path: %s, err: %s",
@@ -50,36 +50,66 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 		path := filepath.Join(w.CurrentDir, r.ReportFileName())
 
 		if c.Conf.FormatJSON {
-			p := path + ".json"
+			var p string
+			if c.Conf.Diff {
+				p = path + "_diff.json"
+			} else {
+				p = path + ".json"
+			}
+
 			var b []byte
-			if b, err = json.Marshal(r); err != nil {
-				return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+			if c.Conf.Debug {
+				if b, err = json.MarshalIndent(r, "", "    "); err != nil {
+					return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+				}
+			} else {
+				if b, err = json.Marshal(r); err != nil {
+					return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+				}
 			}
 			if err := writeFile(p, b, 0600); err != nil {
 				return fmt.Errorf("Failed to write JSON. path: %s, err: %s", p, err)
 			}
 		}
 
-		if c.Conf.FormatShortText {
-			p := path + "_short.txt"
+		if c.Conf.FormatList {
+			var p string
+			if c.Conf.Diff {
+				p = path + "_short_diff.txt"
+			} else {
+				p = path + "_short.txt"
+			}
+
 			if err := writeFile(
-				p, []byte(toShortPlainText(r)), 0600); err != nil {
+				p, []byte(formatList(r)), 0600); err != nil {
 				return fmt.Errorf(
 					"Failed to write text files. path: %s, err: %s", p, err)
 			}
 		}
 
 		if c.Conf.FormatFullText {
-			p := path + "_full.txt"
+			var p string
+			if c.Conf.Diff {
+				p = path + "_full_diff.txt"
+			} else {
+				p = path + "_full.txt"
+			}
+
 			if err := writeFile(
-				p, []byte(toFullPlainText(r)), 0600); err != nil {
+				p, []byte(formatFullPlainText(r)), 0600); err != nil {
 				return fmt.Errorf(
 					"Failed to write text files. path: %s, err: %s", p, err)
 			}
 		}
 
 		if c.Conf.FormatXML {
-			p := path + ".xml"
+			var p string
+			if c.Conf.Diff {
+				p = path + "_diff.xml"
+			} else {
+				p = path + ".xml"
+			}
+
 			var b []byte
 			if b, err = xml.Marshal(r); err != nil {
 				return fmt.Errorf("Failed to Marshal to XML: %s", err)
@@ -101,11 +131,5 @@ func writeFile(path string, data []byte, perm os.FileMode) error {
 		}
 		path = path + ".gz"
 	}
-
-	if err := ioutil.WriteFile(
-		path, []byte(data), perm); err != nil {
-		return err
-	}
-
-	return nil
+	return ioutil.WriteFile(path, []byte(data), perm)
 }

report/report.go

@@ -0,0 +1,612 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"reflect"
+	"regexp"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/BurntSushi/toml"
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
+	"github.com/future-architect/vuls/cwe"
+	"github.com/future-architect/vuls/gost"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/oval"
+	"github.com/future-architect/vuls/util"
+	"github.com/hashicorp/uuid"
+	gostdb "github.com/knqyf263/gost/db"
+	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
+	ovaldb "github.com/kotakanbe/goval-dictionary/db"
+)
+
+const (
+	vulsOpenTag  = "<vulsreport>"
+	vulsCloseTag = "</vulsreport>"
+)
+
+// FillCveInfos fills CVE Detailed Information
+func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
+	var filledResults []models.ScanResult
+	reportedAt := time.Now()
+	hostname, _ := os.Hostname()
+	for _, r := range rs {
+		if c.Conf.RefreshCve || needToRefreshCve(r) {
+			cpeURIs := []string{}
+			if len(r.Container.ContainerID) == 0 {
+				cpeURIs = c.Conf.Servers[r.ServerName].CpeNames
+				owaspDCXMLPath := c.Conf.Servers[r.ServerName].OwaspDCXMLPath
+				if owaspDCXMLPath != "" {
+					cpes, err := parser.Parse(owaspDCXMLPath)
+					if err != nil {
+						return nil, fmt.Errorf("Failed to read OWASP Dependency Check XML: %s, %s, %s",
+							r.ServerName, owaspDCXMLPath, err)
+					}
+					cpeURIs = append(cpeURIs, cpes...)
+				}
+			} else {
+				if s, ok := c.Conf.Servers[r.ServerName]; ok {
+					if con, ok := s.Containers[r.Container.Name]; ok {
+						cpeURIs = con.Cpes
+						owaspDCXMLPath := con.OwaspDCXMLPath
+						if owaspDCXMLPath != "" {
+							cpes, err := parser.Parse(owaspDCXMLPath)
+							if err != nil {
+								return nil, fmt.Errorf("Failed to read OWASP Dependency Check XML: %s, %s, %s",
+									r.ServerInfo(), owaspDCXMLPath, err)
+							}
+							cpeURIs = append(cpeURIs, cpes...)
+						}
+					}
+				}
+			}
+
+			if err := FillCveInfo(dbclient, &r, cpeURIs); err != nil {
+				return nil, err
+			}
+			r.Lang = c.Conf.Lang
+			r.ReportedAt = reportedAt
+			r.ReportedVersion = c.Version
+			r.ReportedRevision = c.Revision
+			r.ReportedBy = hostname
+			r.Config.Report = c.Conf
+			r.Config.Report.Servers = map[string]c.ServerInfo{
+				r.ServerName: c.Conf.Servers[r.ServerName],
+			}
+			if err := overwriteJSONFile(dir, r); err != nil {
+				return nil, fmt.Errorf("Failed to write JSON: %s", err)
+			}
+			filledResults = append(filledResults, r)
+		} else {
+			util.Log.Debugf("No need to refresh")
+			filledResults = append(filledResults, r)
+		}
+	}
+
+	if c.Conf.Diff {
+		prevs, err := loadPrevious(filledResults)
+		if err != nil {
+			return nil, err
+		}
+
+		diff, err := diff(filledResults, prevs)
+		if err != nil {
+			return nil, err
+		}
+		filledResults = []models.ScanResult{}
+		for _, r := range diff {
+			if err := fillCveDetail(dbclient.CveDB, &r); err != nil {
+				return nil, err
+			}
+			filledResults = append(filledResults, r)
+		}
+	}
+
+	filtered := []models.ScanResult{}
+	for _, r := range filledResults {
+		r = r.FilterByCvssOver(c.Conf.CvssScoreOver)
+		r = r.FilterIgnoreCves()
+		r = r.FilterUnfixed()
+		r = r.FilterIgnorePkgs()
+		if c.Conf.IgnoreUnscoredCves {
+			r.ScannedCves = r.ScannedCves.FindScoredVulns()
+		}
+		filtered = append(filtered, r)
+	}
+	return filtered, nil
+}
+
+// FillCveInfo fill scanResult with cve info.
+func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) error {
+	util.Log.Debugf("need to refresh")
+
+	nCVEs, err := FillWithOval(dbclient.OvalDB, r)
+	if err != nil {
+		return fmt.Errorf("Failed to fill with OVAL: %s", err)
+	}
+	util.Log.Infof("%s: %d CVEs are detected with OVAL",
+		r.FormatServerName(), nCVEs)
+
+	for i, v := range r.ScannedCves {
+		for j, p := range v.AffectedPackages {
+			if p.NotFixedYet && p.FixState == "" {
+				p.FixState = "Not fixed yet"
+				r.ScannedCves[i].AffectedPackages[j] = p
+			}
+		}
+	}
+
+	nCVEs, err = fillVulnByCpeURIs(dbclient.CveDB, r, cpeURIs)
+	if err != nil {
+		return fmt.Errorf("Failed to detect vulns of %s: %s", cpeURIs, err)
+	}
+	util.Log.Infof("%s: %d CVEs are detected with CPE", r.FormatServerName(), nCVEs)
+
+	nCVEs, err = FillWithGost(dbclient.GostDB, r)
+	if err != nil {
+		return fmt.Errorf("Failed to fill with gost: %s", err)
+	}
+	util.Log.Infof("%s: %d unfixed CVEs are detected with gost",
+		r.FormatServerName(), nCVEs)
+
+	util.Log.Infof("Fill CVE detailed information with CVE-DB")
+	if err := fillCveDetail(dbclient.CveDB, r); err != nil {
+		return fmt.Errorf("Failed to fill with CVE: %s", err)
+	}
+
+	fillCweDict(r)
+	return nil
+}
+
+// fillCveDetail fetches NVD, JVN from CVE Database
+func fillCveDetail(driver cvedb.DB, r *models.ScanResult) error {
+	var cveIDs []string
+	for _, v := range r.ScannedCves {
+		cveIDs = append(cveIDs, v.CveID)
+	}
+
+	ds, err := CveClient.FetchCveDetails(driver, cveIDs)
+	if err != nil {
+		return err
+	}
+	for _, d := range ds {
+		nvd := models.ConvertNvdJSONToModel(d.CveID, d.NvdJSON)
+		if nvd == nil {
+			nvd = models.ConvertNvdXMLToModel(d.CveID, d.NvdXML)
+		}
+		jvn := models.ConvertJvnToModel(d.CveID, d.Jvn)
+
+		for cveID, vinfo := range r.ScannedCves {
+			if vinfo.CveID == d.CveID {
+				if vinfo.CveContents == nil {
+					vinfo.CveContents = models.CveContents{}
+				}
+				for _, con := range []*models.CveContent{nvd, jvn} {
+					if con != nil && !con.Empty() {
+						vinfo.CveContents[con.Type] = *con
+					}
+				}
+				r.ScannedCves[cveID] = vinfo
+				break
+			}
+		}
+	}
+	return nil
+}
+
+// FillWithOval fetches OVAL database
+func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var ovalClient oval.Client
+	var ovalFamily string
+
+	switch r.Family {
+	case c.Debian:
+		ovalClient = oval.NewDebian()
+		ovalFamily = c.Debian
+	case c.Ubuntu:
+		ovalClient = oval.NewUbuntu()
+		ovalFamily = c.Ubuntu
+	case c.RedHat:
+		ovalClient = oval.NewRedhat()
+		ovalFamily = c.RedHat
+	case c.CentOS:
+		ovalClient = oval.NewCentOS()
+		//use RedHat's OVAL
+		ovalFamily = c.RedHat
+	case c.Oracle:
+		ovalClient = oval.NewOracle()
+		ovalFamily = c.Oracle
+	case c.SUSEEnterpriseServer:
+		// TODO other suse family
+		ovalClient = oval.NewSUSE()
+		ovalFamily = c.SUSEEnterpriseServer
+	case c.Alpine:
+		ovalClient = oval.NewAlpine()
+		ovalFamily = c.Alpine
+	case c.Amazon, c.Raspbian, c.FreeBSD, c.Windows:
+		return 0, nil
+	case c.ServerTypePseudo:
+		return 0, nil
+	default:
+		if r.Family == "" {
+			return 0, fmt.Errorf("Probably an error occurred during scanning. Check the error message")
+		}
+		return 0, fmt.Errorf("OVAL for %s is not implemented yet", r.Family)
+	}
+
+	if !ovalClient.IsFetchViaHTTP() && driver == nil {
+		return 0, nil
+	}
+
+	if err = driver.NewOvalDB(ovalFamily); err != nil {
+		return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
+	}
+
+	util.Log.Debugf("Check whether oval fetched: %s %s",
+		ovalFamily, r.Release)
+	ok, err := ovalClient.CheckIfOvalFetched(driver, ovalFamily, r.Release)
+	if err != nil {
+		return 0, err
+	}
+	if !ok {
+		util.Log.Warnf("OVAL entries of %s %s are not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage , Then report with --ovaldb-path or --ovaldb-url flag", ovalFamily, r.Release)
+		return 0, nil
+	}
+
+	_, err = ovalClient.CheckIfOvalFresh(driver, ovalFamily, r.Release)
+	if err != nil {
+		return 0, err
+	}
+
+	return ovalClient.FillWithOval(driver, r)
+}
+
+// FillWithGost fills CVEs with gost dataabase
+// https://github.com/knqyf263/gost
+func FillWithGost(driver gostdb.DB, r *models.ScanResult) (nCVEs int, err error) {
+	gostClient := gost.NewClient(r.Family)
+	// TODO chekc if fetched
+	// TODO chekc if fresh enough
+	return gostClient.FillWithGost(driver, r)
+}
+
+func fillVulnByCpeURIs(driver cvedb.DB, r *models.ScanResult, cpeURIs []string) (nCVEs int, err error) {
+	for _, name := range cpeURIs {
+		details, err := CveClient.FetchCveDetailsByCpeName(driver, name)
+		if err != nil {
+			return 0, err
+		}
+		for _, detail := range details {
+			if val, ok := r.ScannedCves[detail.CveID]; ok {
+				names := val.CpeURIs
+				names = util.AppendIfMissing(names, name)
+				val.CpeURIs = names
+				val.Confidences.AppendIfMissing(models.CpeNameMatch)
+				r.ScannedCves[detail.CveID] = val
+			} else {
+				v := models.VulnInfo{
+					CveID:       detail.CveID,
+					CpeURIs:     []string{name},
+					Confidences: models.Confidences{models.CpeNameMatch},
+				}
+				r.ScannedCves[detail.CveID] = v
+				nCVEs++
+			}
+		}
+	}
+	return nCVEs, nil
+}
+
+func fillCweDict(r *models.ScanResult) {
+	uniqCweIDMap := map[string]bool{}
+	for _, vinfo := range r.ScannedCves {
+		for _, cont := range vinfo.CveContents {
+			for _, id := range cont.CweIDs {
+				if strings.HasPrefix(id, "CWE-") {
+					id = strings.TrimPrefix(id, "CWE-")
+					uniqCweIDMap[id] = true
+				}
+			}
+		}
+	}
+
+	// TODO check the format of CWEID, clean CWEID
+	// JVN, NVD XML, JSON, OVALs
+
+	dict := map[string]models.CweDictEntry{}
+	for id := range uniqCweIDMap {
+		entry := models.CweDictEntry{}
+		if e, ok := cwe.CweDictEn[id]; ok {
+			if rank, ok := cwe.OwaspTopTen2017[id]; ok {
+				entry.OwaspTopTen2017 = rank
+			}
+			entry.En = &e
+		} else {
+			util.Log.Debugf("CWE-ID %s is not found in English CWE Dict", id)
+			entry.En = &cwe.Cwe{CweID: id}
+		}
+
+		if c.Conf.Lang == "ja" {
+			if e, ok := cwe.CweDictJa[id]; ok {
+				if rank, ok := cwe.OwaspTopTen2017[id]; ok {
+					entry.OwaspTopTen2017 = rank
+				}
+				entry.Ja = &e
+			} else {
+				util.Log.Debugf("CWE-ID %s is not found in Japanese CWE Dict", id)
+				entry.Ja = &cwe.Cwe{CweID: id}
+			}
+		}
+		dict[id] = entry
+	}
+	r.CweDict = dict
+	return
+}
+
+const reUUID = "[\\da-f]{8}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{12}"
+
+// EnsureUUIDs generate a new UUID of the scan target server if UUID is not assigned yet.
+// And then set the generated UUID to config.toml and scan results.
+func EnsureUUIDs(configPath string, results models.ScanResults) error {
+	// Sort Host->Container
+	sort.Slice(results, func(i, j int) bool {
+		if results[i].ServerName == results[j].ServerName {
+			return results[i].Container.ContainerID < results[j].Container.ContainerID
+		}
+		return results[i].ServerName < results[j].ServerName
+	})
+
+	for i, r := range results {
+		server := c.Conf.Servers[r.ServerName]
+		if server.UUIDs == nil {
+			server.UUIDs = map[string]string{}
+		}
+
+		name := ""
+		if r.IsContainer() {
+			name = fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
+
+			// Scanning with the -containers-only flag at scan time, the UUID of Container Host may not be generated,
+			// so check it. Otherwise create a UUID of the Container Host and set it.
+			serverUUID := ""
+			if id, ok := server.UUIDs[r.ServerName]; !ok {
+				serverUUID = uuid.GenerateUUID()
+			} else {
+				matched, err := regexp.MatchString(reUUID, id)
+				if !matched || err != nil {
+					serverUUID = uuid.GenerateUUID()
+				}
+			}
+			if serverUUID != "" {
+				server.UUIDs[r.ServerName] = serverUUID
+			}
+		} else {
+			name = r.ServerName
+		}
+
+		if id, ok := server.UUIDs[name]; ok {
+			matched, err := regexp.MatchString(reUUID, id)
+			if !matched || err != nil {
+				util.Log.Warnf("UUID is invalid. Re-generate UUID %s: %s", id, err)
+			} else {
+				if r.IsContainer() {
+					results[i].Container.UUID = id
+					results[i].ServerUUID = server.UUIDs[r.ServerName]
+				} else {
+					results[i].ServerUUID = id
+				}
+				// continue if the UUID has already assigned and valid
+				continue
+			}
+		}
+
+		// Generate a new UUID and set to config and scan result
+		id := uuid.GenerateUUID()
+		server.UUIDs[name] = id
+		server = cleanForTOMLEncoding(server, c.Conf.Default)
+		c.Conf.Servers[r.ServerName] = server
+
+		if r.IsContainer() {
+			results[i].Container.UUID = id
+			results[i].ServerUUID = server.UUIDs[r.ServerName]
+		} else {
+			results[i].ServerUUID = id
+		}
+	}
+
+	for name, server := range c.Conf.Servers {
+		server = cleanForTOMLEncoding(server, c.Conf.Default)
+		c.Conf.Servers[name] = server
+	}
+
+	email := &c.Conf.EMail
+	if email.SMTPAddr == "" {
+		email = nil
+	}
+
+	slack := &c.Conf.Slack
+	if slack.HookURL == "" {
+		slack = nil
+	}
+
+	cveDict := &c.Conf.CveDict
+	ovalDict := &c.Conf.OvalDict
+	gost := &c.Conf.Gost
+	http := &c.Conf.HTTP
+	if http.URL == "" {
+		http = nil
+	}
+
+	syslog := &c.Conf.Syslog
+	if syslog.Host == "" {
+		syslog = nil
+	}
+
+	aws := &c.Conf.AWS
+	if aws.S3Bucket == "" {
+		aws = nil
+	}
+
+	azure := &c.Conf.Azure
+	if azure.AccountName == "" {
+		azure = nil
+	}
+
+	stride := &c.Conf.Stride
+	if stride.HookURL == "" {
+		stride = nil
+	}
+
+	hipChat := &c.Conf.HipChat
+	if hipChat.AuthToken == "" {
+		hipChat = nil
+	}
+
+	chatWork := &c.Conf.ChatWork
+	if chatWork.APIToken == "" {
+		chatWork = nil
+	}
+
+	saas := &c.Conf.Saas
+	if saas.GroupID == 0 {
+		saas = nil
+	}
+
+	c := struct {
+		CveDict  *c.GoCveDictConf `toml:"cveDict"`
+		OvalDict *c.GovalDictConf `toml:"ovalDict"`
+		Gost     *c.GostConf      `toml:"gost"`
+		Slack    *c.SlackConf     `toml:"slack"`
+		Email    *c.SMTPConf      `toml:"email"`
+		HTTP     *c.HTTPConf      `toml:"http"`
+		Syslog   *c.SyslogConf    `toml:"syslog"`
+		AWS      *c.AWS           `toml:"aws"`
+		Azure    *c.Azure         `toml:"azure"`
+		Stride   *c.StrideConf    `toml:"stride"`
+		HipChat  *c.HipChatConf   `toml:"hipChat"`
+		ChatWork *c.ChatWorkConf  `toml:"chatWork"`
+		Saas     *c.SaasConf      `toml:"saas"`
+
+		Default c.ServerInfo            `toml:"default"`
+		Servers map[string]c.ServerInfo `toml:"servers"`
+	}{
+		CveDict:  cveDict,
+		OvalDict: ovalDict,
+		Gost:     gost,
+		Slack:    slack,
+		Email:    email,
+		HTTP:     http,
+		Syslog:   syslog,
+		AWS:      aws,
+		Azure:    azure,
+		Stride:   stride,
+		HipChat:  hipChat,
+		ChatWork: chatWork,
+		Saas:     saas,
+
+		Default: c.Conf.Default,
+		Servers: c.Conf.Servers,
+	}
+
+	// rename the current config.toml to config.toml.bak
+	info, err := os.Lstat(configPath)
+	if err != nil {
+		return fmt.Errorf("Failed to lstat %s: %s", configPath, err)
+	}
+	realPath := configPath
+	if info.Mode()&os.ModeSymlink == os.ModeSymlink {
+		if realPath, err = os.Readlink(configPath); err != nil {
+			return fmt.Errorf("Failed to Read link %s: %s", configPath, err)
+		}
+	}
+	if err := os.Rename(realPath, realPath+".bak"); err != nil {
+		return fmt.Errorf("Failed to rename %s: %s", configPath, err)
+	}
+
+	var buf bytes.Buffer
+	if err := toml.NewEncoder(&buf).Encode(c); err != nil {
+		return fmt.Errorf("Failed to encode to toml: %s", err)
+	}
+	str := strings.Replace(buf.String(), "\n  [", "\n\n  [", -1)
+	str = fmt.Sprintf("%s\n\n%s",
+		"# See REAME for details: https://vuls.io/docs/en/usage-settings.html",
+		str)
+
+	return ioutil.WriteFile(realPath, []byte(str), 0600)
+}
+
+func cleanForTOMLEncoding(server c.ServerInfo, def c.ServerInfo) c.ServerInfo {
+	if reflect.DeepEqual(server.Optional, def.Optional) {
+		server.Optional = nil
+	}
+
+	if def.User == server.User {
+		server.User = ""
+	}
+
+	if def.Host == server.Host {
+		server.Host = ""
+	}
+
+	if def.Port == server.Port {
+		server.Port = ""
+	}
+
+	if def.KeyPath == server.KeyPath {
+		server.KeyPath = ""
+	}
+
+	if reflect.DeepEqual(server.ScanMode, def.ScanMode) {
+		server.ScanMode = nil
+	}
+
+	if def.Type == server.Type {
+		server.Type = ""
+	}
+
+	if reflect.DeepEqual(server.CpeNames, def.CpeNames) {
+		server.CpeNames = nil
+	}
+
+	if def.OwaspDCXMLPath == server.OwaspDCXMLPath {
+		server.OwaspDCXMLPath = ""
+	}
+
+	if reflect.DeepEqual(server.IgnoreCves, def.IgnoreCves) {
+		server.IgnoreCves = nil
+	}
+
+	if reflect.DeepEqual(server.Enablerepo, def.Enablerepo) {
+		server.Enablerepo = nil
+	}
+
+	for k, v := range def.Optional {
+		if vv, ok := server.Optional[k]; ok && v == vv {
+			delete(server.Optional, k)
+		}
+	}
+
+	return server
+}

report/report_test.go

@@ -0,0 +1 @@
+package report

report/s3.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -22,10 +22,13 @@ import (
 	"encoding/json"
 	"encoding/xml"
 	"fmt"
+	"path"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
+	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/s3"
 
@@ -37,10 +40,15 @@ import (
 type S3Writer struct{}
 
 func getS3() *s3.S3 {
-	return s3.New(session.New(&aws.Config{
-		Region:      aws.String(c.Conf.AwsRegion),
-		Credentials: credentials.NewSharedCredentials("", c.Conf.AwsProfile),
-	}))
+	Config := &aws.Config{
+		Region: aws.String(c.Conf.AWS.Region),
+		Credentials: credentials.NewChainCredentials([]credentials.Provider{
+			&credentials.EnvProvider{},
+			&credentials.SharedCredentialsProvider{Filename: "", Profile: c.Conf.AWS.Profile},
+			&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(session.New())},
+		}),
+	}
+	return s3.New(session.New(Config))
 }
 
 // Write results to S3
@@ -55,7 +63,7 @@ func (w S3Writer) Write(rs ...models.ScanResult) (err error) {
 	if c.Conf.FormatOneLineText {
 		timestr := rs[0].ScannedAt.Format(time.RFC3339)
 		k := fmt.Sprintf(timestr + "/summary.txt")
-		text := toOneLineSummary(rs...)
+		text := formatOneLineSummary(rs...)
 		if err := putObject(svc, k, []byte(text)); err != nil {
 			return err
 		}
@@ -74,9 +82,9 @@ func (w S3Writer) Write(rs ...models.ScanResult) (err error) {
 			}
 		}
 
-		if c.Conf.FormatShortText {
+		if c.Conf.FormatList {
 			k := key + "_short.txt"
-			text := toShortPlainText(r)
+			text := formatList(r)
 			if err := putObject(svc, k, []byte(text)); err != nil {
 				return err
 			}
@@ -84,7 +92,7 @@ func (w S3Writer) Write(rs ...models.ScanResult) (err error) {
 
 		if c.Conf.FormatFullText {
 			k := key + "_full.txt"
-			text := toFullPlainText(r)
+			text := formatFullPlainText(r)
 			if err := putObject(svc, k, []byte(text)); err != nil {
 				return err
 			}
@@ -112,20 +120,20 @@ func CheckIfBucketExists() error {
 	if err != nil {
 		return fmt.Errorf(
 			"Failed to list buckets. err: %s, profile: %s, region: %s",
-			err, c.Conf.AwsProfile, c.Conf.AwsRegion)
+			err, c.Conf.AWS.Profile, c.Conf.AWS.Region)
 	}
 
 	found := false
 	for _, bucket := range result.Buckets {
-		if *bucket.Name == c.Conf.S3Bucket {
+		if *bucket.Name == c.Conf.AWS.S3Bucket {
 			found = true
 			break
 		}
 	}
 	if !found {
 		return fmt.Errorf(
-			"Failed to find the buckets. profile: %s, region: %s, bukdet: %s",
-			c.Conf.AwsProfile, c.Conf.AwsRegion, c.Conf.S3Bucket)
+			"Failed to find the buckets. profile: %s, region: %s, bucket: %s",
+			c.Conf.AWS.Profile, c.Conf.AWS.Region, c.Conf.AWS.S3Bucket)
 	}
 	return nil
 }
@@ -139,13 +147,19 @@ func putObject(svc *s3.S3, k string, b []byte) error {
 		k = k + ".gz"
 	}
 
-	if _, err := svc.PutObject(&s3.PutObjectInput{
-		Bucket: &c.Conf.S3Bucket,
-		Key:    &k,
+	putObjectInput := &s3.PutObjectInput{
+		Bucket: aws.String(c.Conf.AWS.S3Bucket),
+		Key:    aws.String(path.Join(c.Conf.AWS.S3ResultsDir, k)),
 		Body:   bytes.NewReader(b),
-	}); err != nil {
+	}
+
+	if c.Conf.AWS.S3ServerSideEncryption != "" {
+		putObjectInput.ServerSideEncryption = aws.String(c.Conf.AWS.S3ServerSideEncryption)
+	}
+
+	if _, err := svc.PutObject(putObjectInput); err != nil {
 		return fmt.Errorf("Failed to upload data to %s/%s, %s",
-			c.Conf.S3Bucket, k, err)
+			c.Conf.AWS.S3Bucket, k, err)
 	}
 	return nil
 }

report/saas.go

@@ -0,0 +1,153 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2016  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"path"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/s3"
+	"github.com/aws/aws-sdk-go/service/sts"
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+)
+
+// SaasWriter writes results to SaaS
+type SaasWriter struct{}
+
+// TempCredential : TempCredential
+type TempCredential struct {
+	Credential   *sts.Credentials `json:"Credential"`
+	S3Bucket     string           `json:"S3Bucket"`
+	S3ResultsDir string           `json:"S3ResultsDir"`
+}
+
+type payload struct {
+	GroupID int    `json:"GroupID"`
+	Token   string `json:"Token"`
+}
+
+// UploadSaas : UploadSaas
+func (w SaasWriter) Write(rs ...models.ScanResult) (err error) {
+	// dir string, configPath string, config *c.Config
+	if len(rs) == 0 {
+		return nil
+	}
+
+	payload := payload{
+		GroupID: c.Conf.Saas.GroupID,
+		Token:   c.Conf.Saas.Token,
+	}
+
+	var body []byte
+	if body, err = json.Marshal(payload); err != nil {
+		return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+	}
+
+	var req *http.Request
+	if req, err = http.NewRequest("POST", c.Conf.Saas.URL, bytes.NewBuffer(body)); err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+
+	proxy := c.Conf.HTTPProxy
+	var client http.Client
+	if proxy != "" {
+		proxyURL, _ := url.Parse(proxy)
+		client = http.Client{
+			Transport: &http.Transport{
+				Proxy: http.ProxyURL(proxyURL),
+			},
+		}
+	} else {
+		client = http.Client{}
+	}
+
+	var resp *http.Response
+	if resp, err = client.Do(req); err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != 200 {
+		return fmt.Errorf("Failed to get Credential. Request JSON : %s,", string(body))
+	}
+
+	var t []byte
+	if t, err = ioutil.ReadAll(resp.Body); err != nil {
+		return err
+	}
+
+	var tempCredential TempCredential
+	if err = json.Unmarshal(t, &tempCredential); err != nil {
+		return fmt.Errorf("Failed to unmarshal saas credential file. err : %s", err)
+	}
+
+	credential := credentials.NewStaticCredentialsFromCreds(credentials.Value{
+		AccessKeyID:     *tempCredential.Credential.AccessKeyId,
+		SecretAccessKey: *tempCredential.Credential.SecretAccessKey,
+		SessionToken:    *tempCredential.Credential.SessionToken,
+	})
+
+	var sess *session.Session
+	if sess, err = session.NewSession(&aws.Config{
+		Credentials: credential,
+		Region:      aws.String("ap-northeast-1"),
+	}); err != nil {
+		return fmt.Errorf("Failed to new aws session. err : %s", err)
+	}
+
+	svc := s3.New(sess)
+	for _, r := range rs {
+		s3Key := renameKeyNameUTC(r.ScannedAt, r.ServerUUID, r.Container)
+		var b []byte
+		if b, err = json.Marshal(r); err != nil {
+			return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+		}
+		util.Log.Infof("Uploading...: ServerName: %s, ", r.ServerName)
+		putObjectInput := &s3.PutObjectInput{
+			Bucket: aws.String(tempCredential.S3Bucket),
+			Key:    aws.String(path.Join(tempCredential.S3ResultsDir, s3Key)),
+			Body:   bytes.NewReader(b),
+		}
+
+		if _, err := svc.PutObject(putObjectInput); err != nil {
+			return fmt.Errorf("Failed to upload data to %s/%s, %s",
+				tempCredential.S3Bucket, s3Key, err)
+		}
+	}
+	return nil
+}
+
+func renameKeyNameUTC(scannedAt time.Time, uuid string, container models.Container) string {
+	timestr := scannedAt.UTC().Format(time.RFC3339)
+	if len(container.ContainerID) == 0 {
+		return fmt.Sprintf("%s/%s.json", timestr, uuid)
+	}
+	return fmt.Sprintf("%s/%s@%s.json", timestr, container.UUID, uuid)
+}

report/slack.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -20,14 +20,16 @@ package report
 import (
 	"encoding/json"
 	"fmt"
+	"sort"
 	"strings"
 	"time"
 
-	log "github.com/Sirupsen/logrus"
 	"github.com/cenkalti/backoff"
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
+	"github.com/nlopes/slack"
 	"github.com/parnurzeal/gorequest"
+	log "github.com/sirupsen/logrus"
 )
 
 type field struct {
@@ -35,125 +37,221 @@ type field struct {
 	Value string `json:"value"`
 	Short bool   `json:"short"`
 }
-type attachment struct {
-	Title     string   `json:"title"`
-	TitleLink string   `json:"title_link"`
-	Fallback  string   `json:"fallback"`
-	Text      string   `json:"text"`
-	Pretext   string   `json:"pretext"`
-	Color     string   `json:"color"`
-	Fields    []*field `json:"fields"`
-	MrkdwnIn  []string `json:"mrkdwn_in"`
-}
+
 type message struct {
-	Text        string        `json:"text"`
-	Username    string        `json:"username"`
-	IconEmoji   string        `json:"icon_emoji"`
-	Channel     string        `json:"channel"`
-	Attachments []*attachment `json:"attachments"`
+	Text            string             `json:"text"`
+	Username        string             `json:"username"`
+	IconEmoji       string             `json:"icon_emoji"`
+	Channel         string             `json:"channel"`
+	ThreadTimeStamp string             `json:"thread_ts"`
+	Attachments     []slack.Attachment `json:"attachments"`
 }
 
 // SlackWriter send report to slack
 type SlackWriter struct{}
 
-func (w SlackWriter) Write(rs ...models.ScanResult) error {
+func (w SlackWriter) Write(rs ...models.ScanResult) (err error) {
 	conf := config.Conf.Slack
 	channel := conf.Channel
+	token := conf.LegacyToken
 
 	for _, r := range rs {
 		if channel == "${servername}" {
 			channel = fmt.Sprintf("#%s", r.ServerName)
 		}
 
-		msg := message{
-			Text:        msgText(r),
-			Username:    conf.AuthUser,
-			IconEmoji:   conf.IconEmoji,
-			Channel:     channel,
-			Attachments: toSlackAttachments(r),
+		if 0 < len(r.Errors) {
+			msg := message{
+				Text:      msgText(r),
+				Username:  conf.AuthUser,
+				IconEmoji: conf.IconEmoji,
+				Channel:   channel,
+			}
+			if err = send(msg); err != nil {
+				return err
+			}
+			continue
 		}
 
-		bytes, _ := json.Marshal(msg)
-		jsonBody := string(bytes)
-		f := func() (err error) {
-			resp, body, errs := gorequest.New().Proxy(config.Conf.HTTPProxy).Post(conf.HookURL).Send(string(jsonBody)).End()
-			if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-				return fmt.Errorf(
-					"HTTP POST error: %v, url: %s, resp: %v, body: %s",
-					errs, conf.HookURL, resp, body)
+		// A maximum of 100 attachments are allowed on a message.
+		// Split into chunks with 100 elements
+		// https://api.slack.com/methods/chat.postMessage
+		maxAttachments := 100
+		m := map[int][]slack.Attachment{}
+		for i, a := range toSlackAttachments(r) {
+			m[i/maxAttachments] = append(m[i/maxAttachments], a)
+		}
+		chunkKeys := []int{}
+		for k := range m {
+			chunkKeys = append(chunkKeys, k)
+		}
+		sort.Ints(chunkKeys)
+
+		// Send slack by API
+		if 0 < len(token) {
+			api := slack.New(token)
+			ParentMsg := slack.PostMessageParameters{
+				//			Text:      msgText(r),
+				Username:  conf.AuthUser,
+				IconEmoji: conf.IconEmoji,
+			}
+
+			var ts string
+			if _, ts, err = api.PostMessage(channel, msgText(r), ParentMsg); err != nil {
+				return err
+			}
+
+			for _, k := range chunkKeys {
+				params := slack.PostMessageParameters{
+					//		Text:            msgText(r),
+					Username:        conf.AuthUser,
+					IconEmoji:       conf.IconEmoji,
+					Attachments:     m[k],
+					ThreadTimestamp: ts,
+				}
+				if _, _, err = api.PostMessage(channel, msgText(r), params); err != nil {
+					return err
+				}
+			}
+		} else {
+			for i, k := range chunkKeys {
+				txt := ""
+				if i == 0 {
+					txt = msgText(r)
+				}
+				msg := message{
+					Text:        txt,
+					Username:    conf.AuthUser,
+					IconEmoji:   conf.IconEmoji,
+					Channel:     channel,
+					Attachments: m[k],
+				}
+				if err = send(msg); err != nil {
+					return err
+				}
 			}
-			return nil
 		}
-		notify := func(err error, t time.Duration) {
-			log.Warn("Error %s", err)
-			log.Warn("Retrying in ", t)
-		}
-		if err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify); err != nil {
-			return fmt.Errorf("HTTP Error: %s", err)
+	}
+	return nil
+}
+
+func send(msg message) error {
+	conf := config.Conf.Slack
+	count, retryMax := 0, 10
+
+	bytes, _ := json.Marshal(msg)
+	jsonBody := string(bytes)
+
+	f := func() (err error) {
+		resp, body, errs := gorequest.New().Proxy(config.Conf.HTTPProxy).Post(conf.HookURL).Send(string(jsonBody)).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return fmt.Errorf(
+				"HTTP POST error: %v, url: %s, resp: %v, body: %s",
+				errs, conf.HookURL, resp, body)
 		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		log.Warnf("Error %s", err)
+		log.Warn("Retrying in ", t)
+	}
+	boff := backoff.NewExponentialBackOff()
+	if err := backoff.RetryNotify(f, boff, notify); err != nil {
+		return fmt.Errorf("HTTP error: %s", err)
+	}
+	if count == retryMax {
+		return fmt.Errorf("Retry count exceeded")
 	}
 	return nil
 }
 
 func msgText(r models.ScanResult) string {
 	notifyUsers := ""
-	if 0 < len(r.KnownCves) || 0 < len(r.UnknownCves) {
+	if 0 < len(r.ScannedCves) {
 		notifyUsers = getNotifyUsers(config.Conf.Slack.NotifyUsers)
 	}
-
 	serverInfo := fmt.Sprintf("*%s*", r.ServerInfo())
-	return fmt.Sprintf("%s\n%s\n>%s", notifyUsers, serverInfo, r.CveSummary())
+
+	if 0 < len(r.Errors) {
+		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\nError: %s",
+			notifyUsers,
+			serverInfo,
+			r.ScannedCves.FormatCveSummary(),
+			r.ScannedCves.FormatFixedStatus(r.Packages),
+			r.FormatUpdatablePacksSummary(),
+			r.Errors)
+	}
+	return fmt.Sprintf("%s\n%s\n%s\n%s\n%s",
+		notifyUsers,
+		serverInfo,
+		r.ScannedCves.FormatCveSummary(),
+		r.ScannedCves.FormatFixedStatus(r.Packages),
+		r.FormatUpdatablePacksSummary())
 }
 
-func toSlackAttachments(scanResult models.ScanResult) (attaches []*attachment) {
-	cves := scanResult.KnownCves
-	if !config.Conf.IgnoreUnscoredCves {
-		cves = append(cves, scanResult.UnknownCves...)
-	}
-
-	for _, cveInfo := range cves {
-		cveID := cveInfo.CveDetail.CveID
-
-		curentPackages := []string{}
-		for _, p := range cveInfo.Packages {
-			curentPackages = append(curentPackages, p.ToStringCurrentVersion())
+func toSlackAttachments(r models.ScanResult) (attaches []slack.Attachment) {
+	vinfos := r.ScannedCves.ToSortedSlice()
+	for _, vinfo := range vinfos {
+		curent := []string{}
+		for _, affected := range vinfo.AffectedPackages {
+			if p, ok := r.Packages[affected.Name]; ok {
+				curent = append(curent,
+					fmt.Sprintf("%s-%s", p.Name, p.FormatVer()))
+			} else {
+				curent = append(curent, affected.Name)
+			}
 		}
-		for _, n := range cveInfo.CpeNames {
-			curentPackages = append(curentPackages, n)
+		for _, n := range vinfo.CpeURIs {
+			curent = append(curent, n)
 		}
 
-		newPackages := []string{}
-		for _, p := range cveInfo.Packages {
-			newPackages = append(newPackages, p.ToStringNewVersion())
+		new := []string{}
+		for _, affected := range vinfo.AffectedPackages {
+			if p, ok := r.Packages[affected.Name]; ok {
+				if affected.NotFixedYet {
+					new = append(new, "Not Fixed Yet")
+				} else {
+					new = append(new, p.FormatNewVer())
+				}
+			} else {
+				new = append(new, "?")
+			}
+		}
+		for range vinfo.CpeURIs {
+			new = append(new, "?")
 		}
 
-		a := attachment{
-			Title:     cveID,
-			TitleLink: fmt.Sprintf("%s?vulnId=%s", nvdBaseURL, cveID),
-			Text:      attachmentText(cveInfo, scanResult.Family),
-			MrkdwnIn:  []string{"text", "pretext"},
-			Fields: []*field{
+		a := slack.Attachment{
+			Title:      vinfo.CveID,
+			TitleLink:  "https://nvd.nist.gov/vuln/detail/" + vinfo.CveID,
+			Text:       attachmentText(vinfo, r.Family, r.CweDict, r.Packages),
+			MarkdownIn: []string{"text", "pretext"},
+			Fields: []slack.AttachmentField{
 				{
-					//  Title: "Current Package/CPE",
+					// Title: "Current Package/CPE",
 					Title: "Installed",
-					Value: strings.Join(curentPackages, "\n"),
+					Value: strings.Join(curent, "\n"),
 					Short: true,
 				},
 				{
 					Title: "Candidate",
-					Value: strings.Join(newPackages, "\n"),
+					Value: strings.Join(new, "\n"),
 					Short: true,
 				},
 			},
-			Color: color(cveInfo.CveDetail.CvssScore(config.Conf.Lang)),
+			Color: cvssColor(vinfo.MaxCvssScore().Value.Score),
 		}
-		attaches = append(attaches, &a)
+		attaches = append(attaches, a)
 	}
 	return
 }
 
 // https://api.slack.com/docs/attachments
-func color(cvssScore float64) string {
+func cvssColor(cvssScore float64) string {
 	switch {
 	case 7 <= cvssScore:
 		return "danger"
@@ -166,70 +264,95 @@ func color(cvssScore float64) string {
 	}
 }
 
-func attachmentText(cveInfo models.CveInfo, osFamily string) string {
+func attachmentText(vinfo models.VulnInfo, osFamily string, cweDict map[string]models.CweDictEntry, packs models.Packages) string {
+	maxCvss := vinfo.MaxCvssScore()
+	vectors := []string{}
 
-	linkText := links(cveInfo, osFamily)
+	scores := append(vinfo.Cvss3Scores(), vinfo.Cvss2Scores(osFamily)...)
+	for _, cvss := range scores {
+		if cvss.Value.Severity == "" {
+			continue
+		}
+		calcURL := ""
+		switch cvss.Value.Type {
+		case models.CVSS2:
+			calcURL = fmt.Sprintf(
+				"https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=%s",
+				vinfo.CveID)
+		case models.CVSS3:
+			calcURL = fmt.Sprintf(
+				"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=%s",
+				vinfo.CveID)
+		}
 
-	switch {
-	case config.Conf.Lang == "ja" &&
-		0 < cveInfo.CveDetail.Jvn.CvssScore():
+		if cont, ok := vinfo.CveContents[cvss.Type]; ok {
+			v := fmt.Sprintf("<%s|%s> %s (<%s|%s>)",
+				calcURL,
+				fmt.Sprintf("%3.1f/%s", cvss.Value.Score, cvss.Value.Vector),
+				cvss.Value.Severity,
+				cont.SourceLink,
+				cvss.Type)
+			vectors = append(vectors, v)
 
-		jvn := cveInfo.CveDetail.Jvn
-		return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s",
-			cveInfo.CveDetail.CvssScore(config.Conf.Lang),
-			jvn.CvssSeverity(),
-			fmt.Sprintf(cvssV2CalcURLTemplate, cveInfo.CveDetail.CveID, jvn.CvssVector()),
-			jvn.CvssVector(),
-			jvn.CveTitle(),
-			linkText,
-		)
+		} else {
+			if 0 < len(vinfo.DistroAdvisories) {
+				links := []string{}
+				for k, v := range vinfo.VendorLinks(osFamily) {
+					links = append(links, fmt.Sprintf("<%s|%s>",
+						v, k))
+				}
 
-	case 0 < cveInfo.CveDetail.CvssScore("en"):
-		nvd := cveInfo.CveDetail.Nvd
-		return fmt.Sprintf("*%4.1f (%s)* <%s|%s>\n%s\n%s",
-			cveInfo.CveDetail.CvssScore(config.Conf.Lang),
-			nvd.CvssSeverity(),
-			fmt.Sprintf(cvssV2CalcURLTemplate, cveInfo.CveDetail.CveID, nvd.CvssVector()),
-			nvd.CvssVector(),
-			nvd.CveSummary(),
-			linkText,
-		)
-	default:
-		nvd := cveInfo.CveDetail.Nvd
-		return fmt.Sprintf("?\n%s\n%s", nvd.CveSummary(), linkText)
-	}
-}
-
-func links(cveInfo models.CveInfo, osFamily string) string {
-	links := []string{}
-
-	cweID := cveInfo.CveDetail.CweID()
-	if 0 < len(cweID) {
-		links = append(links, fmt.Sprintf("<%s|%s>",
-			cweURL(cweID), cweID))
-		if config.Conf.Lang == "ja" {
-			links = append(links, fmt.Sprintf("<%s|%s(JVN)>",
-				cweJvnURL(cweID), cweID))
+				v := fmt.Sprintf("<%s|%s> %s (%s)",
+					calcURL,
+					fmt.Sprintf("%3.1f/%s", cvss.Value.Score, cvss.Value.Vector),
+					cvss.Value.Severity,
+					strings.Join(links, ", "))
+				vectors = append(vectors, v)
+			}
 		}
 	}
 
-	cveID := cveInfo.CveDetail.CveID
-	if config.Conf.Lang == "ja" && 0 < len(cveInfo.CveDetail.Jvn.Link()) {
-		jvn := fmt.Sprintf("<%s|JVN>", cveInfo.CveDetail.Jvn.Link())
-		links = append(links, jvn)
-	}
-	links = append(links, fmt.Sprintf("<%s|CVEDetails>",
-		fmt.Sprintf("%s/%s", cveDetailsBaseURL, cveID)))
-	links = append(links, fmt.Sprintf("<%s|MITRE>",
-		fmt.Sprintf("%s%s", mitreBaseURL, cveID)))
-
-	dlinks := distroLinks(cveInfo, osFamily)
-	for _, link := range dlinks {
-		links = append(links,
-			fmt.Sprintf("<%s|%s>", link.url, link.title))
+	severity := strings.ToUpper(maxCvss.Value.Severity)
+	if severity == "" {
+		severity = "?"
 	}
 
-	return strings.Join(links, " / ")
+	nwvec := vinfo.AttackVector()
+	if nwvec == "Network" || nwvec == "remote" {
+		nwvec = fmt.Sprintf("*%s*", nwvec)
+	}
+
+	mitigation := ""
+	if vinfo.Mitigations(osFamily)[0].Type != models.Unknown {
+		mitigation = fmt.Sprintf("\nMitigation:\n```%s```\n",
+			vinfo.Mitigations(osFamily)[0].Value)
+	}
+
+	return fmt.Sprintf("*%4.1f (%s)* %s %s\n%s\n```\n%s\n```%s\n%s\n",
+		maxCvss.Value.Score,
+		severity,
+		nwvec,
+		vinfo.PatchStatus(packs),
+		strings.Join(vectors, "\n"),
+		vinfo.Summaries(config.Conf.Lang, osFamily)[0].Value,
+		mitigation,
+		cweIDs(vinfo, osFamily, cweDict),
+	)
+}
+
+func cweIDs(vinfo models.VulnInfo, osFamily string, cweDict models.CweDict) string {
+	links := []string{}
+	for _, c := range vinfo.CveContents.UniqCweIDs(osFamily) {
+		name, url, top10Rank, top10URL := cweDict.Get(c.Value, osFamily)
+		line := ""
+		if top10Rank != "" {
+			line = fmt.Sprintf("<%s|[OWASP Top %s]>",
+				top10URL, top10Rank)
+		}
+		links = append(links, fmt.Sprintf("%s <%s|%s>: %s",
+			line, url, c.Value, name))
+	}
+	return strings.Join(links, "\n")
 }
 
 // See testcase

report/stdout.go

@@ -1,5 +1,5 @@
 /* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
+Copyright (C) 2016  Future Corporation , Japan.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -30,9 +30,9 @@ type StdoutWriter struct{}
 // WriteScanSummary prints Scan summary at the end of scan
 func (w StdoutWriter) WriteScanSummary(rs ...models.ScanResult) {
 	fmt.Printf("\n\n")
-	fmt.Printf("Scan Summary\n")
-	fmt.Printf("============\n")
-	fmt.Printf("%s\n", toScanSummary(rs...))
+	fmt.Println("One Line Summary")
+	fmt.Println("================")
+	fmt.Printf("%s\n", formatScanSummary(rs...))
 }
 
 func (w StdoutWriter) Write(rs ...models.ScanResult) error {
@@ -40,19 +40,19 @@ func (w StdoutWriter) Write(rs ...models.ScanResult) error {
 		fmt.Print("\n\n")
 		fmt.Println("One Line Summary")
 		fmt.Println("================")
-		fmt.Println(toOneLineSummary(rs...))
+		fmt.Println(formatOneLineSummary(rs...))
 		fmt.Print("\n")
 	}
 
-	if c.Conf.FormatShortText {
+	if c.Conf.FormatList {
 		for _, r := range rs {
-			fmt.Println(toShortPlainText(r))
+			fmt.Println(formatList(r))
 		}
 	}
 
 	if c.Conf.FormatFullText {
 		for _, r := range rs {
-			fmt.Println(toFullPlainText(r))
+			fmt.Println(formatFullPlainText(r))
 		}
 	}
 	return nil

report/stride.go

@@ -0,0 +1,81 @@
+package report
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// StrideWriter send report to Stride
+type StrideWriter struct{}
+type strideSender struct{}
+
+func (w StrideWriter) Write(rs ...models.ScanResult) (err error) {
+	conf := config.Conf.Stride
+
+	for _, r := range rs {
+		w := strideSender{}
+
+		serverInfo := fmt.Sprintf("%s", r.ServerInfo())
+		message := fmt.Sprintf(`{"body":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":" %s  "}]}]}}`,
+			serverInfo,
+		)
+		if err = w.sendMessage(conf.HookURL, conf.AuthToken, message); err != nil {
+			return err
+		}
+
+		for _, vinfo := range r.ScannedCves {
+			maxCvss := vinfo.MaxCvssScore()
+			severity := strings.ToUpper(maxCvss.Value.Severity)
+			if severity == "" {
+				severity = "?"
+			}
+
+			message = fmt.Sprintf(`{"body":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":" %s ","marks": [ { "type": "link", "attrs": { "href": "https://nvd.nist.gov/vuln/detail/%s", "title": "cve" } } ]}]}]}}`,
+				vinfo.CveID,
+				vinfo.CveID,
+			)
+			if err = w.sendMessage(conf.HookURL, conf.AuthToken, message); err != nil {
+				return err
+			}
+
+			message = fmt.Sprintf(`{"body":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":" %s (%s) "}]}]}}`,
+				strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
+				severity,
+			)
+			if err = w.sendMessage(conf.HookURL, conf.AuthToken, message); err != nil {
+				return err
+			}
+
+			message = fmt.Sprintf(`{"body":{"version":1,"type":"doc","content":[{"type":"paragraph","content":[{"type":"text","text":" %s "}]}]}}`,
+				vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value,
+			)
+			if err = w.sendMessage(conf.HookURL, conf.AuthToken, message); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (w strideSender) sendMessage(uri, token, jsonStr string) error {
+	reqs, err := http.NewRequest("POST", uri, bytes.NewBuffer([]byte(jsonStr)))
+	if err != nil {
+		return err
+	}
+	reqs.Header.Add("Content-Type", "application/json")
+	reqs.Header.Add("Authorization", "Bearer "+token)
+	client := &http.Client{}
+	resp, err := client.Do(reqs)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	return nil
+}

report/stride_test.go

@@ -0,0 +1 @@
+package report

report/syslog.go

@@ -0,0 +1,110 @@
+/* Vuls - Vulnerability Scanner
+Copyright (C) 2018  Future Corporation , Japan.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package report
+
+import (
+	"fmt"
+	"log/syslog"
+	"strings"
+
+	"github.com/pkg/errors"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+)
+
+// SyslogWriter send report to syslog
+type SyslogWriter struct{}
+
+func (w SyslogWriter) Write(rs ...models.ScanResult) (err error) {
+	conf := config.Conf.Syslog
+	facility, _ := conf.GetFacility()
+	severity, _ := conf.GetSeverity()
+	raddr := fmt.Sprintf("%s:%s", conf.Host, conf.Port)
+
+	sysLog, err := syslog.Dial(conf.Protocol, raddr, severity|facility, conf.Tag)
+	if err != nil {
+		return errors.Wrap(err, "Failed to initialize syslog client")
+	}
+
+	for _, r := range rs {
+		messages := w.encodeSyslog(r)
+		for _, m := range messages {
+			if _, err = fmt.Fprintf(sysLog, m); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (w SyslogWriter) encodeSyslog(result models.ScanResult) (messages []string) {
+	ipv4Addrs := strings.Join(result.IPv4Addrs, ",")
+	ipv6Addrs := strings.Join(result.IPv6Addrs, ",")
+
+	var commonKvPairs []string
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`scanned_at="%s"`, result.ScannedAt))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`server_name="%s"`, result.ServerName))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`os_family="%s"`, result.Family))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`os_release="%s"`, result.Release))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`ipv4_addr="%s"`, ipv4Addrs))
+	commonKvPairs = append(commonKvPairs, fmt.Sprintf(`ipv6_addr="%s"`, ipv6Addrs))
+
+	for cveID, vinfo := range result.ScannedCves {
+		kvPairs := commonKvPairs
+
+		var pkgNames []string
+		for _, pkg := range vinfo.AffectedPackages {
+			pkgNames = append(pkgNames, pkg.Name)
+		}
+		pkgs := strings.Join(pkgNames, ",")
+		kvPairs = append(kvPairs, fmt.Sprintf(`packages="%s"`, pkgs))
+
+		kvPairs = append(kvPairs, fmt.Sprintf(`cve_id="%s"`, cveID))
+		for _, cvss := range vinfo.Cvss2Scores(result.Family) {
+			kvPairs = append(kvPairs, fmt.Sprintf(`cvss_score_%s_v2="%.2f"`, cvss.Type, cvss.Value.Score))
+			kvPairs = append(kvPairs, fmt.Sprintf(`cvss_vector_%s_v2="%s"`, cvss.Type, cvss.Value.Vector))
+		}
+
+		for _, cvss := range vinfo.Cvss3Scores() {
+			kvPairs = append(kvPairs, fmt.Sprintf(`cvss_score_%s_v3="%.2f"`, cvss.Type, cvss.Value.Score))
+			kvPairs = append(kvPairs, fmt.Sprintf(`cvss_vector_%s_v3="%s"`, cvss.Type, cvss.Value.Vector))
+		}
+
+		if content, ok := vinfo.CveContents[models.NvdXML]; ok {
+			cwes := strings.Join(content.CweIDs, ",")
+			kvPairs = append(kvPairs, fmt.Sprintf(`cwe_ids="%s"`, cwes))
+			if config.Conf.Syslog.Verbose {
+				kvPairs = append(kvPairs, fmt.Sprintf(`source_link="%s"`, content.SourceLink))
+				kvPairs = append(kvPairs, fmt.Sprintf(`summary="%s"`, content.Summary))
+			}
+		}
+		if content, ok := vinfo.CveContents[models.RedHat]; ok {
+			kvPairs = append(kvPairs, fmt.Sprintf(`title="%s"`, content.Title))
+		}
+
+		// message: key1="value1" key2="value2"...
+		messages = append(messages, strings.Join(kvPairs, " "))
+	}
+
+	if len(messages) == 0 {
+		commonKvPairs = append(commonKvPairs, `message="No CVE-IDs are found"`)
+		messages = append(messages, strings.Join(commonKvPairs, " "))
+	}
+	return messages
+}

report/syslog_test.go

@@ -0,0 +1,111 @@
+package report
+
+import (
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/future-architect/vuls/models"
+)
+
+func TestSyslogWriterEncodeSyslog(t *testing.T) {
+	var tests = []struct {
+		result           models.ScanResult
+		expectedMessages []string
+	}{
+		{
+			result: models.ScanResult{
+				ScannedAt:  time.Date(2018, 6, 13, 16, 10, 0, 0, time.UTC),
+				ServerName: "teste01",
+				Family:     "ubuntu",
+				Release:    "16.04",
+				IPv4Addrs:  []string{"192.168.0.1", "10.0.2.15"},
+				ScannedCves: models.VulnInfos{
+					"CVE-2017-0001": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							models.PackageStatus{Name: "pkg1"},
+							models.PackageStatus{Name: "pkg2"},
+						},
+					},
+					"CVE-2017-0002": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							models.PackageStatus{Name: "pkg3"},
+							models.PackageStatus{Name: "pkg4"},
+						},
+						CveContents: models.CveContents{
+							models.NvdXML: models.CveContent{
+								Cvss2Score:    5.0,
+								Cvss2Vector:   "AV:L/AC:L/Au:N/C:N/I:N/A:C",
+								Cvss2Severity: "MEDIUM",
+								CweIDs:        []string{"CWE-20"},
+							},
+						},
+					},
+				},
+			},
+			expectedMessages: []string{
+				`scanned_at="2018-06-13 16:10:00 +0000 UTC" server_name="teste01" os_family="ubuntu" os_release="16.04" ipv4_addr="192.168.0.1,10.0.2.15" ipv6_addr="" packages="pkg1,pkg2" cve_id="CVE-2017-0001"`,
+				`scanned_at="2018-06-13 16:10:00 +0000 UTC" server_name="teste01" os_family="ubuntu" os_release="16.04" ipv4_addr="192.168.0.1,10.0.2.15" ipv6_addr="" packages="pkg3,pkg4" cve_id="CVE-2017-0002" cvss_score_nvdxml_v2="5.00" cvss_vector_nvdxml_v2="AV:L/AC:L/Au:N/C:N/I:N/A:C" cwe_ids="CWE-20"`,
+			},
+		},
+		{
+			result: models.ScanResult{
+				ScannedAt:  time.Date(2018, 6, 13, 17, 10, 0, 0, time.UTC),
+				ServerName: "teste02",
+				Family:     "centos",
+				Release:    "6",
+				IPv6Addrs:  []string{"2001:0DB8::1"},
+				ScannedCves: models.VulnInfos{
+					"CVE-2017-0003": models.VulnInfo{
+						AffectedPackages: models.PackageStatuses{
+							models.PackageStatus{Name: "pkg5"},
+						},
+						CveContents: models.CveContents{
+							models.RedHat: models.CveContent{
+								Cvss3Score:  5.0,
+								Cvss3Vector: "AV:L/AC:L/Au:N/C:N/I:N/A:C",
+								CweIDs:      []string{"CWE-284"},
+								Title:       "RHSA-2017:0001: pkg5 security update (Important)",
+							},
+						},
+					},
+				},
+			},
+			expectedMessages: []string{
+				`scanned_at="2018-06-13 17:10:00 +0000 UTC" server_name="teste02" os_family="centos" os_release="6" ipv4_addr="" ipv6_addr="2001:0DB8::1" packages="pkg5" cve_id="CVE-2017-0003" cvss_score_redhat_v3="5.00" cvss_vector_redhat_v3="AV:L/AC:L/Au:N/C:N/I:N/A:C" title="RHSA-2017:0001: pkg5 security update (Important)"`,
+			},
+		},
+		{
+			result: models.ScanResult{
+				ScannedAt:   time.Date(2018, 6, 13, 12, 10, 0, 0, time.UTC),
+				ServerName:  "teste03",
+				Family:      "centos",
+				Release:     "7",
+				IPv6Addrs:   []string{"2001:0DB8::1"},
+				ScannedCves: models.VulnInfos{},
+			},
+			expectedMessages: []string{
+				`scanned_at="2018-06-13 12:10:00 +0000 UTC" server_name="teste03" os_family="centos" os_release="7" ipv4_addr="" ipv6_addr="2001:0DB8::1" message="No CVE-IDs are found"`,
+			},
+		},
+	}
+
+	for i, tt := range tests {
+		messages := SyslogWriter{}.encodeSyslog(tt.result)
+		if len(messages) != len(tt.expectedMessages) {
+			t.Fatalf("test: %d, Message Length: expected %d, actual: %d",
+				i, len(tt.expectedMessages), len(messages))
+		}
+
+		sort.Slice(messages, func(i, j int) bool {
+			return messages[i] < messages[j]
+		})
+
+		for j, m := range messages {
+			e := tt.expectedMessages[j]
+			if e != m {
+				t.Errorf("test: %d, Messsage %d: \nexpected %s \nactual   %s", i, j, e, m)
+			}
+		}
+	}
+}