feat(scanner/windows): update release info (#1696 )

chore(scanner): do not show logs when lsof: no Internet files located (#1688 )
feat(os): add Fedora 38 EOL date (#1689 )
2023-06-29 14:05:10 +09:00 · 2023-06-23 16:08:49 +09:00 · 2023-06-13 17:23:11 +09:00 · 2023-05-31 09:27:43 +09:00 · 2023-05-26 14:39:02 +09:00 · 2023-05-18 10:17:34 +09:00
58 changed files with 3340 additions and 1295 deletions
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -22,13 +22,11 @@ jobs:
          go-version-file: go.mod
      -
        name: Run GoReleaser
-        run: |
-          docker run --rm \
-            -e CGO_ENABLED=1 \
-            -e GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \
-            -v /var/run/docker.sock:/var/run/docker.sock \
-            -v `pwd`:/go/src/github.com/future-architect/vuls \
-            -w /go/src/github.com/future-architect/vuls \
-            ghcr.io/goreleaser/goreleaser-cross:v1.20 \
-            release --clean
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,5 @@ vuls
 !cmd/vuls
 future-vuls
 trivy-to-vuls
+snmp2cpe
+!snmp2cpe/
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,64 +1,18 @@
 project_name: vuls
-env:
-  - GO111MODULE=on
 release:
  github:
    owner: future-architect
    name: vuls
 builds:
- id: vuls-linux-amd64
+- id: vuls
+  env:
+  - CGO_ENABLED=0
  goos:
  - linux
-  goarch:
-  - amd64
-  env:
-  - CGO_ENABLED=1
-  - CC=x86_64-linux-gnu-gcc
-  main: ./cmd/vuls/main.go
-  flags:
-  - -a
-  ldflags: 
-  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
-  binary: vuls
-
- id: vuls-linux-arm64
-  goos:
-  - linux
-  goarch:
-  - arm64
-  env:
-  - CGO_ENABLED=1
-  - CC=aarch64-linux-gnu-gcc
-  main: ./cmd/vuls/main.go
-  flags:
-  - -a
-  ldflags: 
-  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
-  binary: vuls
-
- id: vuls-windows-amd64
-  goos:
  - windows
  goarch:
  - amd64
-  env:
-  - CGO_ENABLED=1
-  - CC=x86_64-w64-mingw32-gcc
-  main: ./cmd/vuls/main.go
-  flags:
-  - -a
-  ldflags: 
-  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
-  binary: vuls
-
- id: vuls-windows-arm64
-  goos:
-  - windows
-  goarch:
  - arm64
-  env:
-  - CGO_ENABLED=1
-  - CC=/llvm-mingw/bin/aarch64-w64-mingw32-gcc
  main: ./cmd/vuls/main.go
  flags:
  - -a
@@ -100,6 +54,8 @@ builds:
  tags:
  - scanner
  main: ./contrib/trivy/cmd/main.go
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
  binary: trivy-to-vuls

 - id: future-vuls
@@ -117,18 +73,37 @@ builds:
  - -a
  tags:
  - scanner
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
  main: ./contrib/future-vuls/cmd/main.go
  binary: future-vuls

+- id: snmp2cpe
+  env:
+  - CGO_ENABLED=0
+  goos:
+  - linux
+  - windows
+  goarch:
+  - 386
+  - amd64
+  - arm
+  - arm64
+  flags:
+  - -a
+  tags:
+  - scanner
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
+  main: ./contrib/snmp2cpe/cmd/main.go
+  binary: snmp2cpe
+
 archives:

 - id: vuls
  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
  builds:
-  - vuls-linux-amd64
-  - vuls-linux-arm64
-  - vuls-windows-amd64
-  - vuls-windows-arm64
+  - vuls
  format: tar.gz
  files:
  - LICENSE
@@ -164,5 +139,16 @@ archives:
  - LICENSE
  - README*
  - CHANGELOG.md
+
+- id: snmp2cpe
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - snmp2cpe
+  format: tar.gz
+  files:
+  - LICENSE
+  - README*
+  - CHANGELOG.md
+
 snapshot:
  name_template: SNAPSHOT-{{ .Commit }}
--- a/41
+++ b/41
@@ -18,10 +18,7 @@ VERSION := $(shell git describe --tags --abbrev=0)
 REVISION := $(shell git rev-parse --short HEAD)
 BUILDTIME := $(shell date "+%Y%m%d_%H%M%S")
 LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
-GO := GO111MODULE=on go
-CGO_UNABLED := CGO_ENABLED=0 go
-GO_OFF := GO111MODULE=off go
-
+GO := CGO_ENABLED=0 go

 all: build test

@@ -32,28 +29,25 @@ install: ./cmd/vuls/main.go
 	$(GO) install -ldflags "$(LDFLAGS)" ./cmd/vuls

 build-scanner: ./cmd/scanner/main.go 
-	$(CGO_UNABLED) build -tags=scanner -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/scanner
+	$(GO) build -tags=scanner -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/scanner

 install-scanner: ./cmd/scanner/main.go 
-	$(CGO_UNABLED) install -tags=scanner -ldflags "$(LDFLAGS)" ./cmd/scanner
+	$(GO) install -tags=scanner -ldflags "$(LDFLAGS)" ./cmd/scanner

 lint:
-	$(GO) install github.com/mgechev/revive@latest
+	go install github.com/mgechev/revive@latest
 	revive -config ./.revive.toml -formatter plain $(PKGS)

 vet:
 	echo $(PKGS) | xargs env $(GO) vet || exit;

 golangci:
-	$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 	golangci-lint run

 fmt:
 	gofmt -s -w $(SRCS)

-mlint:
-	$(foreach file,$(SRCS),gometalinter $(file) || exit;)
-
 fmtcheck:
 	$(foreach file,$(SRCS),gofmt -s -d $(file);)

@@ -62,9 +56,6 @@ pretest: lint vet fmtcheck
 test: pretest
 	$(GO) test -cover -v ./... || exit;

-unused:
-	$(foreach pkg,$(PKGS),unused $(pkg);)
-
 cov:
 	@ go get -v github.com/axw/gocov/gocov
 	@ go get golang.org/x/tools/cmd/cover
@@ -81,12 +72,16 @@ build-trivy-to-vuls: ./contrib/trivy/cmd/main.go
 build-future-vuls: ./contrib/future-vuls/cmd/main.go
 	$(GO) build -a -ldflags "$(LDFLAGS)" -o future-vuls ./contrib/future-vuls/cmd

+# snmp2cpe
+build-snmp2cpe: ./contrib/snmp2cpe/cmd/main.go
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o snmp2cpe ./contrib/snmp2cpe/cmd
+
 # integration-test
 BASE_DIR := '${PWD}/integration/results'
-# $(shell mkdir -p ${BASE_DIR})
-NOW=$(shell date --iso-8601=seconds)
+CURRENT := `find ${BASE_DIR} -type d  -exec basename {} \; | sort -nr | head -n 1`
+NOW=$(shell date '+%Y-%m-%dT%H-%M-%S%z')
 NOW_JSON_DIR := '${BASE_DIR}/$(NOW)'
-ONE_SEC_AFTER=$(shell date -d '+1 second' --iso-8601=seconds)
+ONE_SEC_AFTER=$(shell date -d '+1 second' '+%Y-%m-%dT%H-%M-%S%z')
 ONE_SEC_AFTER_JSON_DIR := '${BASE_DIR}/$(ONE_SEC_AFTER)'
 LIBS := 'bundler' 'pip' 'pipenv' 'poetry' 'composer' 'npm' 'yarn' 'pnpm' 'cargo' 'gomod' 'gosum' 'gobinary' 'jar' 'pom' 'gradle' 'nuget-lock' 'nuget-config' 'dotnet-deps' 'conan' 'nvd_exact' 'nvd_rough' 'nvd_vendor_product' 'nvd_match_no_jvn' 'jvn_vendor_product' 'jvn_vendor_product_nover'

@@ -106,14 +101,14 @@ endif
 	mkdir -p ${NOW_JSON_DIR}
 	sleep 1
 	./vuls.old scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	cp ${BASE_DIR}/$(CURRENT)/*.json ${NOW_JSON_DIR}
 	- cp integration/data/results/*.json ${NOW_JSON_DIR}
 	./vuls.old report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${NOW}

 	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
 	sleep 1
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	cp ${BASE_DIR}/$(CURRENT)/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	- cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${ONE_SEC_AFTER}

@@ -139,14 +134,14 @@ endif
 	mkdir -p ${NOW_JSON_DIR}
 	sleep 1
 	./vuls.old scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp -f ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	cp -f ${BASE_DIR}/$(CURRENT)/*.json ${NOW_JSON_DIR}
 	- cp integration/data/results/*.json ${NOW_JSON_DIR}
 	./vuls.old report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${NOW}

 	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
 	sleep 1
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp -f ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	cp -f ${BASE_DIR}/$(CURRENT)/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	- cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${ONE_SEC_AFTER}

@@ -163,14 +158,14 @@ endif
 	sleep 1
 	# new vs new
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp -f ${BASE_DIR}/current/*.json ${NOW_JSON_DIR}
+	cp -f ${BASE_DIR}/$(CURRENT)/*.json ${NOW_JSON_DIR}
 	cp integration/data/results/*.json ${NOW_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-config.toml ${NOW}

 	mkdir -p ${ONE_SEC_AFTER_JSON_DIR}
 	sleep 1
 	./vuls.new scan -config=./integration/int-config.toml --results-dir=${BASE_DIR} ${LIBS}
-	cp -f ${BASE_DIR}/current/*.json ${ONE_SEC_AFTER_JSON_DIR}
+	cp -f ${BASE_DIR}/$(CURRENT)/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	cp integration/data/results/*.json ${ONE_SEC_AFTER_JSON_DIR}
 	./vuls.new report --format-json --refresh-cve --results-dir=${BASE_DIR} -config=./integration/int-redis-config.toml ${ONE_SEC_AFTER}

--- a/README.md
+++ b/README.md
@@ -3,7 +3,6 @@

 [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](http://goo.gl/forms/xm5KFo35tu)
 [![License](https://img.shields.io/github/license/future-architect/vuls.svg?style=flat-square)](https://github.com/future-architect/vuls/blob/master/LICENSE)
-[![Build Status](https://travis-ci.org/future-architect/vuls.svg?branch=master)](https://travis-ci.org/future-architect/vuls)
 [![Go Report Card](https://goreportcard.com/badge/github.com/future-architect/vuls)](https://goreportcard.com/report/github.com/future-architect/vuls)
 [![Contributors](https://img.shields.io/github/contributors/future-architect/vuls.svg)](https://github.com/future-architect/vuls/graphs/contributors)

--- a/config/config.go
+++ b/config/config.go
@@ -278,6 +278,7 @@ type WordPressConf struct {
 	OSUser  string `toml:"osUser,omitempty" json:"osUser,omitempty"`
 	DocRoot string `toml:"docRoot,omitempty" json:"docRoot,omitempty"`
 	CmdPath string `toml:"cmdPath,omitempty" json:"cmdPath,omitempty"`
+	NoSudo  bool   `toml:"noSudo,omitempty" json:"noSudo,omitempty"`
 }

 // IsZero return  whether this struct is not specified in config.toml
--- a/config/config_windows.go
+++ b/config/config_windows.go
@@ -276,6 +276,7 @@ type WordPressConf struct {
 	OSUser  string `toml:"osUser,omitempty" json:"osUser,omitempty"`
 	DocRoot string `toml:"docRoot,omitempty" json:"docRoot,omitempty"`
 	CmdPath string `toml:"cmdPath,omitempty" json:"cmdPath,omitempty"`
+	NoSudo  bool   `toml:"noSudo,omitempty" json:"noSudo,omitempty"`
 }

 // IsZero return  whether this struct is not specified in config.toml
--- a/config/os.go
+++ b/config/os.go
@@ -41,8 +41,12 @@ func GetEOL(family, release string) (eol EOL, found bool) {
 	case constant.Amazon:
 		eol, found = map[string]EOL{
 			"1":    {StandardSupportUntil: time.Date(2023, 6, 30, 23, 59, 59, 0, time.UTC)},
-			"2":    {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"2":    {StandardSupportUntil: time.Date(2025, 6, 30, 23, 59, 59, 0, time.UTC)},
 			"2022": {StandardSupportUntil: time.Date(2026, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"2023": {StandardSupportUntil: time.Date(2027, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"2025": {StandardSupportUntil: time.Date(2029, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"2027": {StandardSupportUntil: time.Date(2031, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"2029": {StandardSupportUntil: time.Date(2033, 6, 30, 23, 59, 59, 0, time.UTC)},
 		}[getAmazonLinuxVersion(release)]
 	case constant.RedHat:
 		// https://access.redhat.com/support/policy/updates/errata
@@ -123,6 +127,9 @@ func GetEOL(family, release string) (eol EOL, found bool) {
 			"9":  {StandardSupportUntil: time.Date(2022, 6, 30, 23, 59, 59, 0, time.UTC)},
 			"10": {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
 			"11": {StandardSupportUntil: time.Date(2026, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"12": {StandardSupportUntil: time.Date(2028, 6, 30, 23, 59, 59, 0, time.UTC)},
+			// "13": {StandardSupportUntil: time.Date(2030, 6, 30, 23, 59, 59, 0, time.UTC)},
+			// "14": {StandardSupportUntil: time.Date(2032, 6, 30, 23, 59, 59, 0, time.UTC)},
 		}[major(release)]
 	case constant.Raspbian:
 		// Not found
@@ -186,9 +193,9 @@ func GetEOL(family, release string) (eol EOL, found bool) {
 			"22.10": {
 				StandardSupportUntil: time.Date(2023, 7, 20, 23, 59, 59, 0, time.UTC),
 			},
-			// "23.04": {
-			// 	StandardSupportUntil: time.Date(2024, 1, 31, 23, 59, 59, 0, time.UTC),
-			// },
+			"23.04": {
+				StandardSupportUntil: time.Date(2024, 1, 31, 23, 59, 59, 0, time.UTC),
+			},
 		}[release]
 	case constant.OpenSUSE:
 		// https://en.opensuse.org/Lifetime
@@ -310,6 +317,7 @@ func GetEOL(family, release string) (eol EOL, found bool) {
 			"35": {StandardSupportUntil: time.Date(2022, 12, 12, 23, 59, 59, 0, time.UTC)},
 			"36": {StandardSupportUntil: time.Date(2023, 5, 16, 23, 59, 59, 0, time.UTC)},
 			"37": {StandardSupportUntil: time.Date(2023, 12, 15, 23, 59, 59, 0, time.UTC)},
+			"38": {StandardSupportUntil: time.Date(2024, 5, 14, 23, 59, 59, 0, time.UTC)},
 		}[major(release)]
 	case constant.Windows:
 		// https://learn.microsoft.com/ja-jp/lifecycle/products/?products=windows
@@ -410,9 +418,25 @@ func majorDotMinor(osVer string) (majorDotMinor string) {
 }

 func getAmazonLinuxVersion(osRelease string) string {
-	ss := strings.Fields(osRelease)
-	if len(ss) == 1 {
+	switch s := strings.Fields(osRelease)[0]; s {
+	case "1":
 		return "1"
+	case "2":
+		return "2"
+	case "2022":
+		return "2022"
+	case "2023":
+		return "2023"
+	case "2025":
+		return "2025"
+	case "2027":
+		return "2027"
+	case "2029":
+		return "2029"
+	default:
+		if _, err := time.Parse("2006.01", s); err == nil {
+			return "1"
+		}
+		return "unknown"
 	}
-	return ss[0]
 }
--- a/config/os_test.go
+++ b/config/os_test.go
@@ -54,8 +54,16 @@ func TestEOL_IsStandardSupportEnded(t *testing.T) {
 			found:    true,
 		},
 		{
-			name:     "amazon linux 2024 not found",
-			fields:   fields{family: Amazon, release: "2024 (Amazon Linux)"},
+			name:     "amazon linux 2023 supported",
+			fields:   fields{family: Amazon, release: "2023"},
+			now:      time.Date(2023, 7, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "amazon linux 2031 not found",
+			fields:   fields{family: Amazon, release: "2031"},
 			now:      time.Date(2023, 7, 1, 23, 59, 59, 0, time.UTC),
 			stdEnded: false,
 			extEnded: false,
@@ -347,7 +355,23 @@ func TestEOL_IsStandardSupportEnded(t *testing.T) {
 			stdEnded: false,
 			extEnded: false,
 		},
+		{
+			name:     "Ubuntu 23.04 supported",
+			fields:   fields{family: Ubuntu, release: "23.04"},
+			now:      time.Date(2023, 3, 16, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: false,
+			extEnded: false,
+		},
 		//Debian
+		{
+			name:     "Debian 8 supported",
+			fields:   fields{family: Debian, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
 		{
 			name:     "Debian 9 supported",
 			fields:   fields{family: Debian, release: "9"},
@@ -364,14 +388,6 @@ func TestEOL_IsStandardSupportEnded(t *testing.T) {
 			extEnded: false,
 			found:    true,
 		},
-		{
-			name:     "Debian 8 supported",
-			fields:   fields{family: Debian, release: "8"},
-			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
-			stdEnded: true,
-			extEnded: true,
-			found:    true,
-		},
 		{
 			name:     "Debian 11 supported",
 			fields:   fields{family: Debian, release: "11"},
@@ -381,8 +397,16 @@ func TestEOL_IsStandardSupportEnded(t *testing.T) {
 			found:    true,
 		},
 		{
-			name:     "Debian 12 is not supported yet",
+			name:     "Debian 12 supported",
 			fields:   fields{family: Debian, release: "12"},
+			now:      time.Date(2023, 6, 10, 0, 0, 0, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Debian 13 is not supported yet",
+			fields:   fields{family: Debian, release: "13"},
 			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
 			stdEnded: false,
 			extEnded: false,
@@ -600,9 +624,25 @@ func TestEOL_IsStandardSupportEnded(t *testing.T) {
 			found:    true,
 		},
 		{
-			name:     "Fedora 38 not found",
+			name:     "Fedora 38 supported",
 			fields:   fields{family: Fedora, release: "38"},
-			now:      time.Date(2023, 12, 15, 23, 59, 59, 0, time.UTC),
+			now:      time.Date(2024, 5, 14, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Fedora 38 eol since 2024-05-15",
+			fields:   fields{family: Fedora, release: "38"},
+			now:      time.Date(2024, 5, 15, 0, 0, 0, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Fedora 39 not found",
+			fields:   fields{family: Fedora, release: "39"},
+			now:      time.Date(2024, 5, 14, 23, 59, 59, 0, time.UTC),
 			stdEnded: false,
 			extEnded: false,
 			found:    false,
@@ -688,3 +728,58 @@ func Test_majorDotMinor(t *testing.T) {
 		})
 	}
 }
+
+func Test_getAmazonLinuxVersion(t *testing.T) {
+	tests := []struct {
+		release string
+		want    string
+	}{
+		{
+			release: "2017.09",
+			want:    "1",
+		},
+		{
+			release: "2018.03",
+			want:    "1",
+		},
+		{
+			release: "1",
+			want:    "1",
+		},
+		{
+			release: "2",
+			want:    "2",
+		},
+		{
+			release: "2022",
+			want:    "2022",
+		},
+		{
+			release: "2023",
+			want:    "2023",
+		},
+		{
+			release: "2025",
+			want:    "2025",
+		},
+		{
+			release: "2027",
+			want:    "2027",
+		},
+		{
+			release: "2029",
+			want:    "2029",
+		},
+		{
+			release: "2031",
+			want:    "unknown",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.release, func(t *testing.T) {
+			if got := getAmazonLinuxVersion(tt.release); got != tt.want {
+				t.Errorf("getAmazonLinuxVersion() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/contrib/Dockerfile
+++ b/contrib/Dockerfile
@@ -11,7 +11,8 @@ COPY . $GOPATH/src/$REPOSITORY
 RUN cd $GOPATH/src/$REPOSITORY && \
        make build-scanner && mv vuls $GOPATH/bin && \
        make build-trivy-to-vuls && mv trivy-to-vuls $GOPATH/bin && \
-        make build-future-vuls && mv future-vuls $GOPATH/bin
+        make build-future-vuls && mv future-vuls $GOPATH/bin && \
+        make build-snmp2cpe && mv snmp2cpe $GOPATH/bin

 FROM alpine:3.15

@@ -25,7 +26,7 @@ RUN apk add --no-cache \
        nmap \
    && mkdir -p $WORKDIR $LOGDIR

-COPY --from=builder /go/bin/vuls /go/bin/trivy-to-vuls /go/bin/future-vuls /usr/local/bin/
+COPY --from=builder /go/bin/vuls /go/bin/trivy-to-vuls /go/bin/future-vuls /go/bin/snmp2cpe /usr/local/bin/
 COPY --from=aquasec/trivy:latest /usr/local/bin/trivy /usr/local/bin/trivy

 VOLUME ["$WORKDIR", "$LOGDIR"]
--- a/contrib/snmp2cpe/README.md
+++ b/contrib/snmp2cpe/README.md
@@ -0,0 +1,50 @@
+# snmp2cpe
+
+## Main Features
+
+- Estimate hardware and OS CPE from SNMP reply of network devices
+
+## Installation
+
+```console
+$ git clone https://github.com/future-architect/vuls.git
+$ make build-snmp2cpe
+```
+
+## Command Reference
+
+```console
+$ snmp2cpe help
+snmp2cpe: SNMP reply To CPE
+
+Usage:
+  snmp2cpe [command]
+
+Available Commands:
+  completion  Generate the autocompletion script for the specified shell
+  convert     snmpget reply to CPE
+  help        Help about any command
+  v1          snmpget with SNMPv1
+  v2c         snmpget with SNMPv2c
+  v3          snmpget with SNMPv3
+  version     Print the version
+
+Flags:
+  -h, --help   help for snmp2cpe
+
+Use "snmp2cpe [command] --help" for more information about a command.
+```
+
+## Usage
+
+```console
+$ snmp2cpe v2c --debug 192.168.1.99 public
+2023/03/28 14:16:54 DEBUG: .1.3.6.1.2.1.1.1.0 -> 
+2023/03/28 14:16:54 DEBUG: .1.3.6.1.2.1.47.1.1.1.1.12.1 -> Fortinet
+2023/03/28 14:16:54 DEBUG: .1.3.6.1.2.1.47.1.1.1.1.7.1 -> FGT_50E
+2023/03/28 14:16:54 DEBUG: .1.3.6.1.2.1.47.1.1.1.1.10.1 -> FortiGate-50E v5.4.6,build1165b1165,171018 (GA)
+{"192.168.1.99":{"entPhysicalTables":{"1":{"entPhysicalMfgName":"Fortinet","entPhysicalName":"FGT_50E","entPhysicalSoftwareRev":"FortiGate-50E v5.4.6,build1165b1165,171018 (GA)"}}}}
+
+$ snmp2cpe v2c 192.168.1.99 public | snmp2cpe convert
+{"192.168.1.99":["cpe:2.3:h:fortinet:fortigate-50e:-:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*"]}
+```
--- a/contrib/snmp2cpe/cmd/main.go
+++ b/contrib/snmp2cpe/cmd/main.go
@@ -0,0 +1,15 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	rootCmd "github.com/future-architect/vuls/contrib/snmp2cpe/pkg/cmd/root"
+)
+
+func main() {
+	if err := rootCmd.NewCmdRoot().Execute(); err != nil {
+		fmt.Fprintf(os.Stderr, "failed to exec snmp2cpe: %s\n", fmt.Sprintf("%+v", err))
+		os.Exit(1)
+	}
+}
--- a/contrib/snmp2cpe/pkg/cmd/convert/convert.go
+++ b/contrib/snmp2cpe/pkg/cmd/convert/convert.go
@@ -0,0 +1,52 @@
+package convert
+
+import (
+	"encoding/json"
+	"os"
+
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/cpe"
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/snmp"
+)
+
+// NewCmdConvert ...
+func NewCmdConvert() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "convert",
+		Short: "snmpget reply to CPE",
+		Args:  cobra.MaximumNArgs(1),
+		Example: `$ snmp2cpe v2c 192.168.11.11 public | snmp2cpe convert
+$ snmp2cpe v2c 192.168.11.11 public | snmp2cpe convert -
+$ snmp2cpe v2c 192.168.11.11 public > v2c.json && snmp2cpe convert v2c.json`,
+		RunE: func(_ *cobra.Command, args []string) error {
+			r := os.Stdin
+			if len(args) == 1 && args[0] != "-" {
+				f, err := os.Open(args[0])
+				if err != nil {
+					return errors.Wrapf(err, "failed to open %s", args[0])
+				}
+				defer f.Close()
+				r = f
+			}
+
+			var reply map[string]snmp.Result
+			if err := json.NewDecoder(r).Decode(&reply); err != nil {
+				return errors.Wrap(err, "failed to decode")
+			}
+
+			converted := map[string][]string{}
+			for ipaddr, res := range reply {
+				converted[ipaddr] = cpe.Convert(res)
+			}
+
+			if err := json.NewEncoder(os.Stdout).Encode(converted); err != nil {
+				return errors.Wrap(err, "failed to encode")
+			}
+
+			return nil
+		},
+	}
+	return cmd
+}
--- a/contrib/snmp2cpe/pkg/cmd/root/root.go
+++ b/contrib/snmp2cpe/pkg/cmd/root/root.go
@@ -0,0 +1,30 @@
+package root
+
+import (
+	"github.com/spf13/cobra"
+
+	convertCmd "github.com/future-architect/vuls/contrib/snmp2cpe/pkg/cmd/convert"
+	v1Cmd "github.com/future-architect/vuls/contrib/snmp2cpe/pkg/cmd/v1"
+	v2cCmd "github.com/future-architect/vuls/contrib/snmp2cpe/pkg/cmd/v2c"
+	v3Cmd "github.com/future-architect/vuls/contrib/snmp2cpe/pkg/cmd/v3"
+	versionCmd "github.com/future-architect/vuls/contrib/snmp2cpe/pkg/cmd/version"
+)
+
+// NewCmdRoot ...
+func NewCmdRoot() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:           "snmp2cpe <command>",
+		Short:         "snmp2cpe",
+		Long:          "snmp2cpe: SNMP reply To CPE",
+		SilenceErrors: true,
+		SilenceUsage:  true,
+	}
+
+	cmd.AddCommand(v1Cmd.NewCmdV1())
+	cmd.AddCommand(v2cCmd.NewCmdV2c())
+	cmd.AddCommand(v3Cmd.NewCmdV3())
+	cmd.AddCommand(convertCmd.NewCmdConvert())
+	cmd.AddCommand(versionCmd.NewCmdVersion())
+
+	return cmd
+}
--- a/contrib/snmp2cpe/pkg/cmd/v1/v1.go
+++ b/contrib/snmp2cpe/pkg/cmd/v1/v1.go
@@ -0,0 +1,47 @@
+package v1
+
+import (
+	"encoding/json"
+	"os"
+
+	"github.com/gosnmp/gosnmp"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/snmp"
+)
+
+// SNMPv1Options ...
+type SNMPv1Options struct {
+	Debug bool
+}
+
+// NewCmdV1 ...
+func NewCmdV1() *cobra.Command {
+	opts := &SNMPv1Options{
+		Debug: false,
+	}
+
+	cmd := &cobra.Command{
+		Use:     "v1 <IP Address> <Community>",
+		Short:   "snmpget with SNMPv1",
+		Example: "$ snmp2cpe v1 192.168.100.1 public",
+		Args:    cobra.ExactArgs(2),
+		RunE: func(_ *cobra.Command, args []string) error {
+			r, err := snmp.Get(gosnmp.Version1, args[0], snmp.WithCommunity(args[1]), snmp.WithDebug(opts.Debug))
+			if err != nil {
+				return errors.Wrap(err, "failed to snmpget")
+			}
+
+			if err := json.NewEncoder(os.Stdout).Encode(map[string]snmp.Result{args[0]: r}); err != nil {
+				return errors.Wrap(err, "failed to encode")
+			}
+
+			return nil
+		},
+	}
+
+	cmd.Flags().BoolVarP(&opts.Debug, "debug", "", false, "debug mode")
+
+	return cmd
+}
--- a/contrib/snmp2cpe/pkg/cmd/v2c/v2c.go
+++ b/contrib/snmp2cpe/pkg/cmd/v2c/v2c.go
@@ -0,0 +1,47 @@
+package v2c
+
+import (
+	"encoding/json"
+	"os"
+
+	"github.com/gosnmp/gosnmp"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/snmp"
+)
+
+// SNMPv2cOptions ...
+type SNMPv2cOptions struct {
+	Debug bool
+}
+
+// NewCmdV2c ...
+func NewCmdV2c() *cobra.Command {
+	opts := &SNMPv2cOptions{
+		Debug: false,
+	}
+
+	cmd := &cobra.Command{
+		Use:     "v2c <IP Address> <Community>",
+		Short:   "snmpget with SNMPv2c",
+		Example: "$ snmp2cpe v2c 192.168.100.1 public",
+		Args:    cobra.ExactArgs(2),
+		RunE: func(_ *cobra.Command, args []string) error {
+			r, err := snmp.Get(gosnmp.Version2c, args[0], snmp.WithCommunity(args[1]), snmp.WithDebug(opts.Debug))
+			if err != nil {
+				return errors.Wrap(err, "failed to snmpget")
+			}
+
+			if err := json.NewEncoder(os.Stdout).Encode(map[string]snmp.Result{args[0]: r}); err != nil {
+				return errors.Wrap(err, "failed to encode")
+			}
+
+			return nil
+		},
+	}
+
+	cmd.Flags().BoolVarP(&opts.Debug, "debug", "", false, "debug mode")
+
+	return cmd
+}
--- a/contrib/snmp2cpe/pkg/cmd/v3/v3.go
+++ b/contrib/snmp2cpe/pkg/cmd/v3/v3.go
@@ -0,0 +1,39 @@
+package v3
+
+import (
+	"github.com/gosnmp/gosnmp"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/snmp"
+)
+
+// SNMPv3Options ...
+type SNMPv3Options struct {
+	Debug bool
+}
+
+// NewCmdV3 ...
+func NewCmdV3() *cobra.Command {
+	opts := &SNMPv3Options{
+		Debug: false,
+	}
+
+	cmd := &cobra.Command{
+		Use:     "v3 <args>",
+		Short:   "snmpget with SNMPv3",
+		Example: "$ snmp2cpe v3",
+		RunE: func(_ *cobra.Command, _ []string) error {
+			_, err := snmp.Get(gosnmp.Version3, "", snmp.WithDebug(opts.Debug))
+			if err != nil {
+				return errors.Wrap(err, "failed to snmpget")
+			}
+
+			return nil
+		},
+	}
+
+	cmd.Flags().BoolVarP(&opts.Debug, "debug", "", false, "debug mode")
+
+	return cmd
+}
--- a/contrib/snmp2cpe/pkg/cmd/version/version.go
+++ b/contrib/snmp2cpe/pkg/cmd/version/version.go
@@ -0,0 +1,23 @@
+package version
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/future-architect/vuls/config"
+)
+
+// NewCmdVersion ...
+func NewCmdVersion() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "version",
+		Short: "Print the version",
+		Args:  cobra.NoArgs,
+		Run: func(_ *cobra.Command, _ []string) {
+			fmt.Fprintf(os.Stdout, "snmp2cpe %s %s\n", config.Version, config.Revision)
+		},
+	}
+	return cmd
+}
--- a/contrib/snmp2cpe/pkg/cpe/cpe.go
+++ b/contrib/snmp2cpe/pkg/cpe/cpe.go
@@ -0,0 +1,212 @@
+package cpe
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/go-version"
+
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/snmp"
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/util"
+)
+
+// Convert ...
+func Convert(result snmp.Result) []string {
+	var cpes []string
+
+	switch detectVendor(result) {
+	case "Cisco":
+		var p, v string
+		lhs, _, _ := strings.Cut(result.SysDescr0, " RELEASE SOFTWARE")
+		for _, s := range strings.Split(lhs, ",") {
+			s = strings.TrimSpace(s)
+			switch {
+			case strings.Contains(s, "Cisco NX-OS"):
+				p = "nx-os"
+			case strings.Contains(s, "Cisco IOS Software"), strings.Contains(s, "Cisco Internetwork Operating System Software IOS"):
+				p = "ios"
+				if strings.Contains(lhs, "IOSXE") || strings.Contains(lhs, "IOS-XE") {
+					p = "ios_xe"
+				}
+			case strings.HasPrefix(s, "Version "):
+				v = strings.ToLower(strings.TrimPrefix(s, "Version "))
+			}
+		}
+		if p != "" && v != "" {
+			cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:cisco:%s:%s:*:*:*:*:*:*:*", p, v))
+		}
+
+		if t, ok := result.EntPhysicalTables[1]; ok {
+			if t.EntPhysicalName != "" {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:cisco:%s:-:*:*:*:*:*:*:*", strings.ToLower(t.EntPhysicalName)))
+			}
+			if p != "" && t.EntPhysicalSoftwareRev != "" {
+				s, _, _ := strings.Cut(t.EntPhysicalSoftwareRev, " RELEASE SOFTWARE")
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:cisco:%s:%s:*:*:*:*:*:*:*", p, strings.ToLower(strings.TrimSuffix(s, ","))))
+			}
+		}
+	case "Juniper Networks":
+		if strings.HasPrefix(result.SysDescr0, "Juniper Networks, Inc.") {
+			for _, s := range strings.Split(strings.TrimPrefix(result.SysDescr0, "Juniper Networks, Inc. "), ",") {
+				s = strings.TrimSpace(s)
+				switch {
+				case strings.HasPrefix(s, "qfx"), strings.HasPrefix(s, "ex"), strings.HasPrefix(s, "mx"), strings.HasPrefix(s, "ptx"), strings.HasPrefix(s, "acx"), strings.HasPrefix(s, "bti"), strings.HasPrefix(s, "srx"):
+					cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:juniper:%s:-:*:*:*:*:*:*:*", strings.Fields(s)[0]))
+				case strings.HasPrefix(s, "kernel JUNOS "):
+					cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:juniper:junos:%s:*:*:*:*:*:*:*", strings.ToLower(strings.Fields(strings.TrimPrefix(s, "kernel JUNOS "))[0])))
+				}
+			}
+
+			if t, ok := result.EntPhysicalTables[1]; ok {
+				if t.EntPhysicalSoftwareRev != "" {
+					cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:juniper:junos:%s:*:*:*:*:*:*:*", strings.ToLower(t.EntPhysicalSoftwareRev)))
+				}
+			}
+		} else {
+			h, v, ok := strings.Cut(result.SysDescr0, " version ")
+			if ok {
+				cpes = append(cpes,
+					fmt.Sprintf("cpe:2.3:h:juniper:%s:-:*:*:*:*:*:*:*", strings.ToLower(h)),
+					fmt.Sprintf("cpe:2.3:o:juniper:screenos:%s:*:*:*:*:*:*:*", strings.ToLower(strings.Fields(v)[0])),
+				)
+			}
+		}
+	case "Arista Networks":
+		v, h, ok := strings.Cut(result.SysDescr0, " running on an ")
+		if ok {
+			if strings.HasPrefix(v, "Arista Networks EOS version ") {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:arista:eos:%s:*:*:*:*:*:*:*", strings.ToLower(strings.TrimPrefix(v, "Arista Networks EOS version "))))
+			}
+			cpes = append(cpes, fmt.Sprintf("cpe:/h:arista:%s:-:*:*:*:*:*:*:*", strings.ToLower(strings.TrimPrefix(h, "Arista Networks "))))
+		}
+		if t, ok := result.EntPhysicalTables[1]; ok {
+			if t.EntPhysicalSoftwareRev != "" {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:arista:eos:%s:*:*:*:*:*:*:*", strings.ToLower(t.EntPhysicalSoftwareRev)))
+			}
+		}
+	case "Fortinet":
+		if t, ok := result.EntPhysicalTables[1]; ok {
+			if strings.HasPrefix(t.EntPhysicalName, "FGT_") {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:fortinet:fortigate-%s:-:*:*:*:*:*:*:*", strings.ToLower(strings.TrimPrefix(t.EntPhysicalName, "FGT_"))))
+			}
+			for _, s := range strings.Fields(t.EntPhysicalSoftwareRev) {
+				switch {
+				case strings.HasPrefix(s, "FortiGate-"):
+					cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:fortinet:%s:-:*:*:*:*:*:*:*", strings.ToLower(s)))
+				case strings.HasPrefix(s, "v") && strings.Contains(s, "build"):
+					if v, _, found := strings.Cut(strings.TrimPrefix(s, "v"), ",build"); found {
+						if _, err := version.NewVersion(v); err == nil {
+							cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:fortinet:fortios:%s:*:*:*:*:*:*:*", v))
+						}
+					}
+				}
+			}
+		}
+	case "YAMAHA":
+		var h, v string
+		for _, s := range strings.Fields(result.SysDescr0) {
+			switch {
+			case strings.HasPrefix(s, "RTX"), strings.HasPrefix(s, "NVR"), strings.HasPrefix(s, "RTV"), strings.HasPrefix(s, "RT"),
+				strings.HasPrefix(s, "SRT"), strings.HasPrefix(s, "FWX"), strings.HasPrefix(s, "YSL-V810"):
+				h = strings.ToLower(s)
+			case strings.HasPrefix(s, "Rev."):
+				if _, err := version.NewVersion(strings.TrimPrefix(s, "Rev.")); err == nil {
+					v = strings.TrimPrefix(s, "Rev.")
+				}
+			}
+		}
+		if h != "" {
+			cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:yamaha:%s:-:*:*:*:*:*:*:*", h))
+			if v != "" {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:yamaha:%s:%s:*:*:*:*:*:*:*", h, v))
+			}
+		}
+	case "NEC":
+		var h, v string
+		for _, s := range strings.Split(result.SysDescr0, ",") {
+			s = strings.TrimSpace(s)
+			switch {
+			case strings.HasPrefix(s, "IX Series "):
+				h = strings.ToLower(strings.TrimSuffix(strings.TrimPrefix(s, "IX Series "), " (magellan-sec) Software"))
+			case strings.HasPrefix(s, "Version "):
+				if _, err := version.NewVersion(strings.TrimSpace(strings.TrimPrefix(s, "Version "))); err == nil {
+					v = strings.TrimSpace(strings.TrimPrefix(s, "Version "))
+				}
+			}
+		}
+		if h != "" {
+			cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:nec:%s:-:*:*:*:*:*:*:*", h))
+			if v != "" {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:nec:%s:%s:*:*:*:*:*:*:*", h, v))
+			}
+		}
+	case "Palo Alto Networks":
+		if t, ok := result.EntPhysicalTables[1]; ok {
+			if t.EntPhysicalName != "" {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:paloaltonetworks:%s:-:*:*:*:*:*:*:*", strings.ToLower(t.EntPhysicalName)))
+			}
+			if t.EntPhysicalSoftwareRev != "" {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:paloaltonetworks:pan-os:%s:*:*:*:*:*:*:*", t.EntPhysicalSoftwareRev))
+			}
+		}
+	default:
+		return []string{}
+	}
+
+	return util.Unique(cpes)
+}
+
+func detectVendor(r snmp.Result) string {
+	if t, ok := r.EntPhysicalTables[1]; ok {
+		switch t.EntPhysicalMfgName {
+		case "Cisco":
+			return "Cisco"
+		case "Juniper Networks":
+			return "Juniper Networks"
+		case "Arista Networks":
+			return "Arista Networks"
+		case "Fortinet":
+			return "Fortinet"
+		case "YAMAHA":
+			return "YAMAHA"
+		case "NEC":
+			return "NEC"
+		case "Palo Alto Networks":
+			return "Palo Alto Networks"
+		}
+	}
+
+	switch {
+	case strings.Contains(r.SysDescr0, "Cisco"):
+		return "Cisco"
+	case strings.Contains(r.SysDescr0, "Juniper Networks"),
+		strings.Contains(r.SysDescr0, "SSG5"), strings.Contains(r.SysDescr0, "SSG20"), strings.Contains(r.SysDescr0, "SSG140"),
+		strings.Contains(r.SysDescr0, "SSG320"), strings.Contains(r.SysDescr0, "SSG350"), strings.Contains(r.SysDescr0, "SSG520"),
+		strings.Contains(r.SysDescr0, "SSG550"):
+		return "Juniper Networks"
+	case strings.Contains(r.SysDescr0, "Arista Networks"):
+		return "Arista Networks"
+	case strings.Contains(r.SysDescr0, "Fortinet"), strings.Contains(r.SysDescr0, "FortiGate"):
+		return "Fortinet"
+	case strings.Contains(r.SysDescr0, "YAMAHA"),
+		strings.Contains(r.SysDescr0, "RTX810"), strings.Contains(r.SysDescr0, "RTX830"),
+		strings.Contains(r.SysDescr0, "RTX1000"), strings.Contains(r.SysDescr0, "RTX1100"),
+		strings.Contains(r.SysDescr0, "RTX1200"), strings.Contains(r.SysDescr0, "RTX1210"), strings.Contains(r.SysDescr0, "RTX1220"),
+		strings.Contains(r.SysDescr0, "RTX1300"), strings.Contains(r.SysDescr0, "RTX1500"), strings.Contains(r.SysDescr0, "RTX2000"),
+		strings.Contains(r.SysDescr0, "RTX3000"), strings.Contains(r.SysDescr0, "RTX3500"), strings.Contains(r.SysDescr0, "RTX5000"),
+		strings.Contains(r.SysDescr0, "NVR500"), strings.Contains(r.SysDescr0, "NVR510"), strings.Contains(r.SysDescr0, "NVR700W"),
+		strings.Contains(r.SysDescr0, "RTV01"), strings.Contains(r.SysDescr0, "RTV700"),
+		strings.Contains(r.SysDescr0, "RT105i"), strings.Contains(r.SysDescr0, "RT105p"), strings.Contains(r.SysDescr0, "RT105e"),
+		strings.Contains(r.SysDescr0, "RT107e"), strings.Contains(r.SysDescr0, "RT250i"), strings.Contains(r.SysDescr0, "RT300i"),
+		strings.Contains(r.SysDescr0, "SRT100"),
+		strings.Contains(r.SysDescr0, "FWX100"),
+		strings.Contains(r.SysDescr0, "YSL-V810"):
+		return "YAMAHA"
+	case strings.Contains(r.SysDescr0, "NEC"):
+		return "NEC"
+	case strings.Contains(r.SysDescr0, "Palo Alto Networks"):
+		return "Palo Alto Networks"
+	default:
+		return ""
+	}
+}
--- a/contrib/snmp2cpe/pkg/cpe/cpe_test.go
+++ b/contrib/snmp2cpe/pkg/cpe/cpe_test.go
@@ -0,0 +1,244 @@
+package cpe_test
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/cpe"
+	"github.com/future-architect/vuls/contrib/snmp2cpe/pkg/snmp"
+)
+
+func TestConvert(t *testing.T) {
+	tests := []struct {
+		name string
+		args snmp.Result
+		want []string
+	}{
+		{
+			name: "Cisco NX-OS Version 7.1(4)N1(1)",
+			args: snmp.Result{
+				SysDescr0: "Cisco NX-OS(tm) n6000, Software (n6000-uk9), Version 7.1(4)N1(1), RELEASE SOFTWARE Copyright (c) 2002-2012 by Cisco Systems, Inc. Device Manager Version 6.0(2)N1(1),Compiled 9/2/2016 10:00:00",
+			},
+			want: []string{"cpe:2.3:o:cisco:nx-os:7.1(4)n1(1):*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Cisco IOS Version 15.1(4)M3",
+			args: snmp.Result{
+				SysDescr0: `Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M3, RELEASE SOFTWARE (fc1)
+		Technical Support: http://www.cisco.com/techsupport
+		Copyright (c) 1986-2011 by Cisco Systems, Inc.
+		Compiled Tue 06-Dec-11 16:21 by prod_rel_team`,
+			},
+			want: []string{"cpe:2.3:o:cisco:ios:15.1(4)m3:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Cisco IOS Version 15.1(4)M4",
+			args: snmp.Result{
+				SysDescr0: `Cisco IOS Software, C181X Software (C181X-ADVENTERPRISEK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
+		Technical Support: http://www.cisco.com/techsupport
+		Copyright (c) 1986-2012 by Cisco Systems, Inc.
+		Compiled Tue 20-Mar-12 23:34 by prod_rel_team`,
+			},
+			want: []string{"cpe:2.3:o:cisco:ios:15.1(4)m4:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Cisco IOS Vresion 15.5(3)M on Cisco 892J-K9-V02",
+			args: snmp.Result{
+				SysDescr0: `Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.5(3)M, RELEASE SOFTWARE (fc1)
+		Technical Support: http://www.cisco.com/techsupport
+		Copyright (c) 1986-2015 by Cisco Systems, Inc.
+		Compiled Thu 23-Jul-15 03:08 by prod_rel_team`,
+				EntPhysicalTables: map[int]snmp.EntPhysicalTable{1: {
+					EntPhysicalMfgName:     "Cisco",
+					EntPhysicalName:        "892",
+					EntPhysicalSoftwareRev: "15.5(3)M, RELEASE SOFTWARE (fc1)",
+				}},
+			},
+			want: []string{"cpe:2.3:h:cisco:892:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:15.5(3)m:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Cisco IOS Version 15.4(3)M5 on Cisco C892FSP-K9-V02",
+			args: snmp.Result{
+				SysDescr0: `Cisco IOS Software, C800 Software (C800-UNIVERSALK9-M), Version 15.4(3)M5, RELEASE SOFTWARE (fc1)
+		Technical Support: http://www.cisco.com/techsupport
+		Copyright (c) 1986-2016 by Cisco Systems, Inc.
+		Compiled Tue 09-Feb-16 06:15 by prod_rel_team`,
+				EntPhysicalTables: map[int]snmp.EntPhysicalTable{1: {
+					EntPhysicalMfgName:     "Cisco",
+					EntPhysicalName:        "C892FSP-K9",
+					EntPhysicalSoftwareRev: "15.4(3)M5, RELEASE SOFTWARE (fc1)",
+				}},
+			},
+			want: []string{"cpe:2.3:h:cisco:c892fsp-k9:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:15.4(3)m5:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Cisco IOS Version 12.2(17d)SXB11",
+			args: snmp.Result{
+				SysDescr0: `Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-JK9SV-M), Version 12.2(17d)SXB11, RELEASE SOFTWARE (fc1)
+		Technical Support: http://www.cisco.com/techsupport
+		Copyright (c) 1986-2005 by cisco Systems, Inc.`,
+			},
+			want: []string{"cpe:2.3:o:cisco:ios:12.2(17d)sxb11:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Cisco IOX-XE Version 16.12.4",
+			args: snmp.Result{
+				SysDescr0: `Cisco IOS Software [Gibraltar], Catalyst L3 Switch Software (CAT9K_LITE_IOSXE), Version 16.12.4, RELEASE SOFTWARE (fc5)
+		Technical Support: http://www.cisco.com/techsupport
+		Copyright (c) 1986-2020 by Cisco Systems, Inc.
+		Compiled Thu 09-Jul-20 19:31 by m`,
+			},
+			want: []string{"cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Cisco IOX-XE Version 03.06.07.E",
+			args: snmp.Result{
+				SysDescr0: `Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.06.07.E RELEASE SOFTWARE (fc3)
+		Technical Support: http://www.cisco.com/techsupport
+		Copyright (c) 1986-2017 by Cisco Systems, Inc.
+		Compiled Wed`,
+			},
+			want: []string{"cpe:2.3:o:cisco:ios_xe:03.06.07.e:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Juniper SSG-5-SH-BT",
+			args: snmp.Result{
+				SysDescr0: "SSG5-ISDN version 6.3.0r14.0 (SN: 0000000000000001, Firewall+VPN)",
+			},
+			want: []string{"cpe:2.3:h:juniper:ssg5-isdn:-:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:screenos:6.3.0r14.0:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "JUNOS 20.4R3-S4.8 on Juniper MX240",
+			args: snmp.Result{
+				SysDescr0: "Juniper Networks, Inc. mx240 internet router, kernel JUNOS 20.4R3-S4.8, Build date: 2022-08-16 20:42:11 UTC Copyright (c) 1996-2022 Juniper Networks, Inc.",
+				EntPhysicalTables: map[int]snmp.EntPhysicalTable{1: {
+					EntPhysicalMfgName:     "Juniper Networks",
+					EntPhysicalName:        "CHAS-BP3-MX240-S",
+					EntPhysicalSoftwareRev: "20.4R3-S4.8",
+				}},
+			},
+			want: []string{"cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:20.4r3-s4.8:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "JUNOS 12.1X46-D65.4 on Juniper SRX220H",
+			args: snmp.Result{
+				SysDescr0: "Juniper Networks, Inc. srx220h internet router, kernel JUNOS 12.1X46-D65.4 #0: 2016-12-30 01:34:30 UTC     builder@quoarth.juniper.net:/volume/build/junos/12.1/service/12.1X46-D65.4/obj-octeon/junos/bsd/kernels/JSRXNLE/kernel Build date: 2016-12-30 02:59",
+			},
+			want: []string{"cpe:2.3:h:juniper:srx220h:-:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:12.1x46-d65.4:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "JUNOS 12.3X48-D30.7 on Juniper SRX220H2",
+			args: snmp.Result{
+				SysDescr0: "Juniper Networks, Inc. srx220h2 internet router, kernel JUNOS 12.3X48-D30.7, Build date: 2016-04-29 00:01:04 UTC Copyright (c) 1996-2016 Juniper Networks, Inc.",
+			},
+			want: []string{"cpe:2.3:h:juniper:srx220h2:-:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:12.3x48-d30.7:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "JUNOS 20.4R3-S4.8 on Juniper SRX4600",
+			args: snmp.Result{
+				SysDescr0: "Juniper Networks, Inc. srx4600 internet router, kernel JUNOS 20.4R3-S4.8, Build date: 2022-08-16 20:42:11 UTC Copyright (c) 1996-2022 Juniper Networks, Inc.",
+			},
+			want: []string{"cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:20.4r3-s4.8:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "cpe:2.3:o:juniper:junos:20.4:r2-s2.2:*:*:*:*:*:*",
+			args: snmp.Result{
+				SysDescr0: "Juniper Networks, Inc. ex4300-32f Ethernet Switch, kernel JUNOS 20.4R3-S4.8, Build date: 2022-08-16 21:10:45 UTC Copyright (c) 1996-2022 Juniper Networks, Inc.",
+				EntPhysicalTables: map[int]snmp.EntPhysicalTable{1: {
+					EntPhysicalMfgName:     "Juniper Networks",
+					EntPhysicalName:        "",
+					EntPhysicalSoftwareRev: "20.4R3-S4.8",
+				}},
+			},
+			want: []string{"cpe:2.3:h:juniper:ex4300-32f:-:*:*:*:*:*:*:*", "cpe:2.3:o:juniper:junos:20.4r3-s4.8:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Arista Networks EOS version 4.28.4M on DCS-7050TX-64",
+			args: snmp.Result{
+				SysDescr0: "Arista Networks EOS version 4.28.4M running on an Arista Networks DCS-7050TX-64",
+				EntPhysicalTables: map[int]snmp.EntPhysicalTable{1: {
+					EntPhysicalMfgName:     "Arista Networks",
+					EntPhysicalName:        "",
+					EntPhysicalSoftwareRev: "4.28.4M",
+				}},
+			},
+			want: []string{"cpe:/h:arista:dcs-7050tx-64:-:*:*:*:*:*:*:*", "cpe:2.3:o:arista:eos:4.28.4m:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "FortiGate-50E",
+			args: snmp.Result{
+				EntPhysicalTables: map[int]snmp.EntPhysicalTable{1: {
+					EntPhysicalMfgName:     "Fortinet",
+					EntPhysicalName:        "FGT_50E",
+					EntPhysicalSoftwareRev: "FortiGate-50E v5.4.6,build1165b1165,171018 (GA)",
+				}},
+			},
+			want: []string{"cpe:2.3:h:fortinet:fortigate-50e:-:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:5.4.6:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "FortiGate-60F",
+			args: snmp.Result{
+				EntPhysicalTables: map[int]snmp.EntPhysicalTable{1: {
+					EntPhysicalMfgName:     "Fortinet",
+					EntPhysicalName:        "FGT_60F",
+					EntPhysicalSoftwareRev: "FortiGate-60F v6.4.11,build2030,221031 (GA.M)",
+				}},
+			},
+			want: []string{"cpe:2.3:h:fortinet:fortigate-60f:-:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "YAMAHA RTX1000",
+			args: snmp.Result{
+				SysDescr0: "RTX1000 Rev.8.01.29 (Fri Apr 15 11:50:44 2011)",
+			},
+			want: []string{"cpe:2.3:h:yamaha:rtx1000:-:*:*:*:*:*:*:*", "cpe:2.3:o:yamaha:rtx1000:8.01.29:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "YAMAHA RTX810",
+			args: snmp.Result{
+				SysDescr0: "RTX810 Rev.11.01.34 (Tue Nov 26 18:39:12 2019)",
+			},
+			want: []string{"cpe:2.3:h:yamaha:rtx810:-:*:*:*:*:*:*:*", "cpe:2.3:o:yamaha:rtx810:11.01.34:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "NEC IX2105",
+			args: snmp.Result{
+				SysDescr0: "NEC Portable Internetwork Core Operating System Software, IX Series IX2105 (magellan-sec) Software, Version 8.8.22, RELEASE SOFTWARE, Compiled Jul 04-Wed-2012 14:18:46 JST #2, IX2105",
+			},
+			want: []string{"cpe:2.3:h:nec:ix2105:-:*:*:*:*:*:*:*", "cpe:2.3:o:nec:ix2105:8.8.22:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "NEC IX2235",
+			args: snmp.Result{
+				SysDescr0: "NEC Portable Internetwork Core Operating System Software, IX Series IX2235 (magellan-sec) Software, Version 10.6.21, RELEASE SOFTWARE, Compiled Dec 15-Fri-YYYY HH:MM:SS JST #2, IX2235",
+			},
+			want: []string{"cpe:2.3:h:nec:ix2235:-:*:*:*:*:*:*:*", "cpe:2.3:o:nec:ix2235:10.6.21:*:*:*:*:*:*:*"},
+		},
+		{
+			name: "Palo Alto Networks PAN-OS 10.0.0 on PA-220",
+			args: snmp.Result{
+				SysDescr0: "Palo Alto Networks PA-220 series firewall",
+				EntPhysicalTables: map[int]snmp.EntPhysicalTable{1: {
+					EntPhysicalMfgName:     "Palo Alto Networks",
+					EntPhysicalName:        "PA-220",
+					EntPhysicalSoftwareRev: "10.0.0",
+				}},
+			},
+			want: []string{"cpe:2.3:h:paloaltonetworks:pa-220:-:*:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.0.0:*:*:*:*:*:*:*"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			opts := []cmp.Option{
+				cmpopts.SortSlices(func(i, j string) bool {
+					return i < j
+				}),
+			}
+			if diff := cmp.Diff(cpe.Convert(tt.args), tt.want, opts...); diff != "" {
+				t.Errorf("Convert() value is mismatch (-got +want):%s\n", diff)
+			}
+		})
+	}
+}
--- a/contrib/snmp2cpe/pkg/snmp/snmp.go
+++ b/contrib/snmp2cpe/pkg/snmp/snmp.go
@@ -0,0 +1,131 @@
+package snmp
+
+import (
+	"log"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/gosnmp/gosnmp"
+	"github.com/pkg/errors"
+)
+
+type options struct {
+	community string
+	debug     bool
+}
+
+// Option ...
+type Option interface {
+	apply(*options)
+}
+
+type communityOption string
+
+func (c communityOption) apply(opts *options) {
+	opts.community = string(c)
+}
+
+// WithCommunity ...
+func WithCommunity(c string) Option {
+	return communityOption(c)
+}
+
+type debugOption bool
+
+func (d debugOption) apply(opts *options) {
+	opts.debug = bool(d)
+}
+
+// WithDebug ...
+func WithDebug(d bool) Option {
+	return debugOption(d)
+}
+
+// Get ...
+func Get(version gosnmp.SnmpVersion, ipaddr string, opts ...Option) (Result, error) {
+	var options options
+	for _, o := range opts {
+		o.apply(&options)
+	}
+
+	r := Result{SysDescr0: "", EntPhysicalTables: map[int]EntPhysicalTable{}}
+
+	params := &gosnmp.GoSNMP{
+		Target:             ipaddr,
+		Port:               161,
+		Version:            version,
+		Timeout:            time.Duration(2) * time.Second,
+		Retries:            3,
+		ExponentialTimeout: true,
+		MaxOids:            gosnmp.MaxOids,
+	}
+
+	switch version {
+	case gosnmp.Version1, gosnmp.Version2c:
+		params.Community = options.community
+	case gosnmp.Version3:
+		return Result{}, errors.New("not implemented")
+	}
+
+	if err := params.Connect(); err != nil {
+		return Result{}, errors.Wrap(err, "failed to connect")
+	}
+	defer params.Conn.Close()
+
+	for _, oid := range []string{"1.3.6.1.2.1.1.1.0", "1.3.6.1.2.1.47.1.1.1.1.12.1", "1.3.6.1.2.1.47.1.1.1.1.7.1", "1.3.6.1.2.1.47.1.1.1.1.10.1"} {
+		resp, err := params.Get([]string{oid})
+		if err != nil {
+			return Result{}, errors.Wrap(err, "send SNMP GET request")
+		}
+		for _, v := range resp.Variables {
+			if options.debug {
+				switch v.Type {
+				case gosnmp.OctetString:
+					log.Printf("DEBUG: %s -> %s", v.Name, string(v.Value.([]byte)))
+				default:
+					log.Printf("DEBUG: %s -> %v", v.Name, v.Value)
+				}
+			}
+
+			switch {
+			case v.Name == ".1.3.6.1.2.1.1.1.0":
+				if v.Type == gosnmp.OctetString {
+					r.SysDescr0 = string(v.Value.([]byte))
+				}
+			case strings.HasPrefix(v.Name, ".1.3.6.1.2.1.47.1.1.1.1.12."):
+				i, err := strconv.Atoi(strings.TrimPrefix(v.Name, ".1.3.6.1.2.1.47.1.1.1.1.12."))
+				if err != nil {
+					return Result{}, errors.Wrap(err, "failed to get index")
+				}
+				if v.Type == gosnmp.OctetString {
+					b := r.EntPhysicalTables[i]
+					b.EntPhysicalMfgName = string(v.Value.([]byte))
+					r.EntPhysicalTables[i] = b
+				}
+			case strings.HasPrefix(v.Name, ".1.3.6.1.2.1.47.1.1.1.1.7."):
+				i, err := strconv.Atoi(strings.TrimPrefix(v.Name, ".1.3.6.1.2.1.47.1.1.1.1.7."))
+				if err != nil {
+					return Result{}, errors.Wrap(err, "failed to get index")
+				}
+				if v.Type == gosnmp.OctetString {
+					b := r.EntPhysicalTables[i]
+					b.EntPhysicalName = string(v.Value.([]byte))
+					r.EntPhysicalTables[i] = b
+				}
+			case strings.HasPrefix(v.Name, ".1.3.6.1.2.1.47.1.1.1.1.10."):
+				i, err := strconv.Atoi(strings.TrimPrefix(v.Name, ".1.3.6.1.2.1.47.1.1.1.1.10."))
+				if err != nil {
+					return Result{}, errors.Wrap(err, "failed to get index")
+				}
+				if v.Type == gosnmp.OctetString {
+					b := r.EntPhysicalTables[i]
+					b.EntPhysicalSoftwareRev = string(v.Value.([]byte))
+					r.EntPhysicalTables[i] = b
+				}
+			}
+		}
+	}
+
+	return r, nil
+}
--- a/contrib/snmp2cpe/pkg/snmp/types.go
+++ b/contrib/snmp2cpe/pkg/snmp/types.go
@@ -0,0 +1,14 @@
+package snmp
+
+// Result ...
+type Result struct {
+	SysDescr0         string                   `json:"sysDescr0,omitempty"`
+	EntPhysicalTables map[int]EntPhysicalTable `json:"entPhysicalTables,omitempty"`
+}
+
+// EntPhysicalTable ...
+type EntPhysicalTable struct {
+	EntPhysicalMfgName     string `json:"entPhysicalMfgName,omitempty"`
+	EntPhysicalName        string `json:"entPhysicalName,omitempty"`
+	EntPhysicalSoftwareRev string `json:"entPhysicalSoftwareRev,omitempty"`
+}
--- a/contrib/snmp2cpe/pkg/util/util.go
+++ b/contrib/snmp2cpe/pkg/util/util.go
@@ -0,0 +1,12 @@
+package util
+
+import "golang.org/x/exp/maps"
+
+// Unique return unique elements
+func Unique[T comparable](s []T) []T {
+	m := map[T]struct{}{}
+	for _, v := range s {
+		m[v] = struct{}{}
+	}
+	return maps.Keys(m)
+}
--- a/detector/cti.go
+++ b/detector/cti.go
@@ -211,9 +211,9 @@ func newCTIDB(cnf config.VulnDictInterface) (ctidb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := ctidb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ctidb.Option{})
+	driver, err := ctidb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ctidb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, ctidb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init cti DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init cti DB. DB Path: %s, err: %w", path, err)
--- a/detector/cve_client.go
+++ b/detector/cve_client.go
@@ -213,9 +213,9 @@ func newCveDB(cnf config.VulnDictInterface) (cvedb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := cvedb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), cvedb.Option{})
+	driver, err := cvedb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), cvedb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, cvedb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init CVE DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init CVE DB. DB Path: %s, err: %w", path, err)
--- a/detector/detector.go
+++ b/detector/detector.go
@@ -425,20 +425,20 @@ func detectPkgsCvesWithOval(cnf config.GovalDictConf, r *models.ScanResult, logO
 		}
 	}()

-	logging.Log.Debugf("Check if oval fetched: %s %s", r.Family, r.Release)
-	ok, err := client.CheckIfOvalFetched(r.Family, r.Release)
-	if err != nil {
-		return err
-	}
-	if !ok {
-		switch r.Family {
-		case constant.Debian, constant.Ubuntu:
-			logging.Log.Infof("Skip OVAL and Scan with gost alone.")
-			logging.Log.Infof("%s: %d CVEs are detected with OVAL", r.FormatServerName(), 0)
-			return nil
-		case constant.Windows, constant.FreeBSD, constant.ServerTypePseudo:
-			return nil
-		default:
+	switch r.Family {
+	case constant.Debian, constant.Raspbian, constant.Ubuntu:
+		logging.Log.Infof("Skip OVAL and Scan with gost alone.")
+		logging.Log.Infof("%s: %d CVEs are detected with OVAL", r.FormatServerName(), 0)
+		return nil
+	case constant.Windows, constant.FreeBSD, constant.ServerTypePseudo:
+		return nil
+	default:
+		logging.Log.Debugf("Check if oval fetched: %s %s", r.Family, r.Release)
+		ok, err := client.CheckIfOvalFetched(r.Family, r.Release)
+		if err != nil {
+			return err
+		}
+		if !ok {
 			return xerrors.Errorf("OVAL entries of %s %s are not found. Fetch OVAL before reporting. For details, see `https://github.com/vulsio/goval-dictionary#usage`", r.Family, r.Release)
 		}
 	}
@@ -473,7 +473,7 @@ func detectPkgsCvesWithGost(cnf config.GostConf, r *models.ScanResult, logOpts l
 	nCVEs, err := client.DetectCVEs(r, true)
 	if err != nil {
 		switch r.Family {
-		case constant.Debian, constant.Ubuntu, constant.Windows:
+		case constant.Debian, constant.Raspbian, constant.Ubuntu, constant.Windows:
 			return xerrors.Errorf("Failed to detect CVEs with gost: %w", err)
 		default:
 			return xerrors.Errorf("Failed to detect unfixed CVEs with gost: %w", err)
@@ -481,7 +481,7 @@ func detectPkgsCvesWithGost(cnf config.GostConf, r *models.ScanResult, logOpts l
 	}

 	switch r.Family {
-	case constant.Debian, constant.Ubuntu, constant.Windows:
+	case constant.Debian, constant.Raspbian, constant.Ubuntu, constant.Windows:
 		logging.Log.Infof("%s: %d CVEs are detected with gost", r.FormatServerName(), nCVEs)
 	default:
 		logging.Log.Infof("%s: %d unfixed CVEs are detected with gost", r.FormatServerName(), nCVEs)
--- a/detector/exploitdb.go
+++ b/detector/exploitdb.go
@@ -239,7 +239,7 @@ func httpGetExploit(url string, req exploitRequest, resChan chan<- exploitRespon
 	}
 }

-func newExploitDB(cnf config.VulnDictInterface) (driver exploitdb.DB, err error) {
+func newExploitDB(cnf config.VulnDictInterface) (exploitdb.DB, error) {
 	if cnf.IsFetchViaHTTP() {
 		return nil, nil
 	}
@@ -247,9 +247,9 @@ func newExploitDB(cnf config.VulnDictInterface) (driver exploitdb.DB, err error)
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := exploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), exploitdb.Option{})
+	driver, err := exploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), exploitdb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, exploitdb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init exploit DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init exploit DB. DB Path: %s, err: %w", path, err)
--- a/detector/github.go
+++ b/detector/github.go
@@ -10,9 +10,12 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strconv"
 	"time"

+	"github.com/cenkalti/backoff"
 	"github.com/future-architect/vuls/errof"
+	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"golang.org/x/oauth2"
 )
@@ -216,51 +219,91 @@ func DetectGitHubDependencyGraph(r *models.ScanResult, owner, repo, token string
 	//TODO Proxy
 	httpClient := oauth2.NewClient(context.Background(), src)

-	return fetchDependencyGraph(r, httpClient, owner, repo, "", "")
+	return fetchDependencyGraph(r, httpClient, owner, repo, "", "", 10, 100)
 }

 // recursive function
-func fetchDependencyGraph(r *models.ScanResult, httpClient *http.Client, owner, repo, after, dependenciesAfter string) (err error) {
+func fetchDependencyGraph(r *models.ScanResult, httpClient *http.Client, owner, repo, after, dependenciesAfter string, first, dependenciesFirst int) (err error) {
 	const queryFmt = `{"query":
-	"query { repository(owner:\"%s\", name:\"%s\") { url dependencyGraphManifests(first: %d, withDependencies: true%s) { pageInfo { endCursor hasNextPage } edges { node { blobPath filename repository { url } parseable exceedsMaxSize dependenciesCount dependencies%s { pageInfo { endCursor hasNextPage } edges { node { packageName packageManager repository { url } requirements hasDependencies } } } } } } } }"}`
-
-	queryStr := fmt.Sprintf(queryFmt, owner, repo, 100, after, dependenciesAfter)
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
-		"https://api.github.com/graphql",
-		bytes.NewBuffer([]byte(queryStr)),
-	)
+	"query { repository(owner:\"%s\", name:\"%s\") { url dependencyGraphManifests(first: %d, withDependencies: true%s) { pageInfo { endCursor hasNextPage } edges { node { blobPath filename repository { url } parseable exceedsMaxSize dependenciesCount dependencies(first: %d%s) { pageInfo { endCursor hasNextPage } edges { node { packageName packageManager repository { url } requirements hasDependencies } } } } } } } }"}`
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
 	defer cancel()
-	if err != nil {
+
+	var graph DependencyGraph
+	rateLimitRemaining := 5000
+	count, retryMax := 0, 10
+	retryCheck := func(err error) error {
+		if count == retryMax {
+			return backoff.Permanent(err)
+		}
+		if rateLimitRemaining == 0 {
+			// The GraphQL API rate limit is 5,000 points per hour.
+			// Terminate　with an error on rate limit reached.
+			return backoff.Permanent(errof.New(errof.ErrFailedToAccessGithubAPI,
+				fmt.Sprintf("rate limit exceeded. error: %s", err.Error())))
+		}
 		return err
 	}
+	operation := func() error {
+		count++
+		queryStr := fmt.Sprintf(queryFmt, owner, repo, first, after, dependenciesFirst, dependenciesAfter)
+		req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+			"https://api.github.com/graphql",
+			bytes.NewBuffer([]byte(queryStr)),
+		)
+		if err != nil {
+			return retryCheck(err)
+		}

-	// https://docs.github.com/en/graphql/overview/schema-previews#access-to-a-repository-s-dependency-graph-preview
-	// TODO remove this header if it is no longer preview status in the future.
-	req.Header.Set("Accept", "application/vnd.github.hawkgirl-preview+json")
-	req.Header.Set("Content-Type", "application/json")
+		// https://docs.github.com/en/graphql/overview/schema-previews#access-to-a-repository-s-dependency-graph-preview
+		// TODO remove this header if it is no longer preview status in the future.
+		req.Header.Set("Accept", "application/vnd.github.hawkgirl-preview+json")
+		req.Header.Set("Content-Type", "application/json")

-	resp, err := httpClient.Do(req)
-	if err != nil {
-		return err
+		resp, err := httpClient.Do(req)
+		if err != nil {
+			return retryCheck(err)
+		}
+		defer resp.Body.Close()
+
+		// https://docs.github.com/en/graphql/overview/resource-limitations#rate-limit
+		if rateLimitRemaining, err = strconv.Atoi(resp.Header.Get("X-RateLimit-Remaining")); err != nil {
+			// If the header retrieval fails, rateLimitRemaining will be set to 0,
+			// preventing further retries. To enable retry, we reset it to 5000.
+			rateLimitRemaining = 5000
+			return retryCheck(errof.New(errof.ErrFailedToAccessGithubAPI, "Failed to get X-RateLimit-Remaining header"))
+		}
+
+		body, err := io.ReadAll(resp.Body)
+		if err != nil {
+			return retryCheck(err)
+		}
+
+		graph = DependencyGraph{}
+		if err := json.Unmarshal(body, &graph); err != nil {
+			return retryCheck(err)
+		}
+
+		if len(graph.Errors) > 0 || graph.Data.Repository.URL == "" {
+			// this mainly occurs on timeout
+			// reduce the number of dependencies to be fetched for the next retry
+			if dependenciesFirst > 50 {
+				dependenciesFirst -= 5
+			}
+			return retryCheck(errof.New(errof.ErrFailedToAccessGithubAPI,
+				fmt.Sprintf("Failed to access to GitHub API. Repository: %s/%s; Response: %s", owner, repo, string(body))))
+		}
+
+		return nil
 	}
-	defer resp.Body.Close()
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return err
+	notify := func(err error, t time.Duration) {
+		logging.Log.Warnf("Failed attempts (count: %d). retrying in %s. err: %+v", count, t, err)
 	}

-	graph := DependencyGraph{}
-	if err := json.Unmarshal(body, &graph); err != nil {
+	if err = backoff.RetryNotify(operation, backoff.NewExponentialBackOff(), notify); err != nil {
 		return err
 	}

-	if graph.Data.Repository.URL == "" {
-		return errof.New(errof.ErrFailedToAccessGithubAPI,
-			fmt.Sprintf("Failed to access to GitHub API. Response: %s", string(body)))
-	}
-
 	dependenciesAfter = ""
 	for _, m := range graph.Data.Repository.DependencyGraphManifests.Edges {
 		manifest, ok := r.GitHubManifests[m.Node.BlobPath]
@@ -283,16 +326,16 @@ func fetchDependencyGraph(r *models.ScanResult, httpClient *http.Client, owner,
 		r.GitHubManifests[m.Node.BlobPath] = manifest

 		if m.Node.Dependencies.PageInfo.HasNextPage {
-			dependenciesAfter = fmt.Sprintf(`(after: \"%s\")`, m.Node.Dependencies.PageInfo.EndCursor)
+			dependenciesAfter = fmt.Sprintf(`, after: \"%s\"`, m.Node.Dependencies.PageInfo.EndCursor)
 		}
 	}
 	if dependenciesAfter != "" {
-		return fetchDependencyGraph(r, httpClient, owner, repo, after, dependenciesAfter)
+		return fetchDependencyGraph(r, httpClient, owner, repo, after, dependenciesAfter, first, dependenciesFirst)
 	}

 	if graph.Data.Repository.DependencyGraphManifests.PageInfo.HasNextPage {
 		after = fmt.Sprintf(`, after: \"%s\"`, graph.Data.Repository.DependencyGraphManifests.PageInfo.EndCursor)
-		return fetchDependencyGraph(r, httpClient, owner, repo, after, dependenciesAfter)
+		return fetchDependencyGraph(r, httpClient, owner, repo, after, dependenciesAfter, first, dependenciesFirst)
 	}

 	return nil
@@ -340,4 +383,13 @@ type DependencyGraph struct {
 			} `json:"dependencyGraphManifests"`
 		} `json:"repository"`
 	} `json:"data"`
+	Errors []struct {
+		Type      string        `json:"type,omitempty"`
+		Path      []interface{} `json:"path,omitempty"`
+		Locations []struct {
+			Line   int `json:"line"`
+			Column int `json:"column"`
+		} `json:"locations,omitempty"`
+		Message string `json:"message"`
+	} `json:"errors,omitempty"`
 }
--- a/detector/kevuln.go
+++ b/detector/kevuln.go
@@ -234,9 +234,9 @@ func newKEVulnDB(cnf config.VulnDictInterface) (kevulndb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := kevulndb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), kevulndb.Option{})
+	driver, err := kevulndb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), kevulndb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, kevulndb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init kevuln DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init kevuln DB. DB Path: %s, err: %w", path, err)
--- a/detector/msf.go
+++ b/detector/msf.go
@@ -233,9 +233,9 @@ func newMetasploitDB(cnf config.VulnDictInterface) (metasploitdb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := metasploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), metasploitdb.Option{})
+	driver, err := metasploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), metasploitdb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, metasploitdb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init metasploit DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init metasploit DB. DB Path: %s, err: %w", path, err)
--- a/go.mod
+++ b/go.mod
@@ -3,22 +3,24 @@ module github.com/future-architect/vuls
 go 1.20

 require (
-	github.com/Azure/azure-sdk-for-go v66.0.0+incompatible
+	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 	github.com/BurntSushi/toml v1.2.1
-	github.com/CycloneDX/cyclonedx-go v0.7.0
-	github.com/Ullaakut/nmap/v2 v2.1.2-0.20210406060955-59a52fe80a4f
+	github.com/CycloneDX/cyclonedx-go v0.7.1
+	github.com/Ullaakut/nmap/v2 v2.2.2
 	github.com/aquasecurity/go-dep-parser v0.0.0-20221114145626-35ef808901e8
 	github.com/aquasecurity/trivy v0.35.0
 	github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
-	github.com/aws/aws-sdk-go v1.44.136
-	github.com/c-robinson/iplib v1.0.3
+	github.com/aws/aws-sdk-go v1.44.263
+	github.com/c-robinson/iplib v1.0.6
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
 	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
-	github.com/emersion/go-smtp v0.14.0
+	github.com/emersion/go-smtp v0.16.0
+	github.com/google/go-cmp v0.5.9
 	github.com/google/subcommands v1.2.0
 	github.com/google/uuid v1.3.0
+	github.com/gosnmp/gosnmp v1.35.0
 	github.com/gosuri/uitable v0.0.4
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/go-version v1.6.0
@@ -35,22 +37,23 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/package-url/packageurl-go v0.1.1-0.20220203205134-d70459300c8a
 	github.com/parnurzeal/gorequest v0.2.16
+	github.com/pkg/errors v0.9.1
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d
 	github.com/sirupsen/logrus v1.9.0
-	github.com/spf13/cobra v1.6.1
-	github.com/vulsio/go-cti v0.0.2
-	github.com/vulsio/go-cve-dictionary v0.8.3
-	github.com/vulsio/go-exploitdb v0.4.4
-	github.com/vulsio/go-kev v0.1.1
-	github.com/vulsio/go-msfdb v0.2.1
-	github.com/vulsio/gost v0.4.2
-	github.com/vulsio/goval-dictionary v0.8.2
-	go.etcd.io/bbolt v1.3.6
-	golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb
-	golang.org/x/oauth2 v0.1.0
-	golang.org/x/sync v0.1.0
-	golang.org/x/text v0.7.0
+	github.com/spf13/cobra v1.7.0
+	github.com/vulsio/go-cti v0.0.3
+	github.com/vulsio/go-cve-dictionary v0.8.4
+	github.com/vulsio/go-exploitdb v0.4.5
+	github.com/vulsio/go-kev v0.1.2
+	github.com/vulsio/go-msfdb v0.2.2
+	github.com/vulsio/gost v0.4.4
+	github.com/vulsio/goval-dictionary v0.9.2
+	go.etcd.io/bbolt v1.3.7
+	golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53
+	golang.org/x/oauth2 v0.8.0
+	golang.org/x/sync v0.2.0
+	golang.org/x/text v0.9.0
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
 )

@@ -67,36 +70,39 @@ require (
 	github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/PuerkitoBio/goquery v1.8.1 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
-	github.com/andybalholm/cascadia v1.3.1 // indirect
+	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce // indirect
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 // indirect
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
-	github.com/briandowns/spinner v1.21.0 // indirect
+	github.com/briandowns/spinner v1.23.0 // indirect
 	github.com/caarlos0/env/v6 v6.10.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cheggaaa/pb/v3 v3.1.0 // indirect
+	github.com/cheggaaa/pb/v3 v3.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dnaeon/go-vcr v1.2.0 // indirect
 	github.com/docker/cli v20.10.20+incompatible // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v20.10.20+incompatible // indirect
+	github.com/docker/distribution v2.8.2+incompatible // indirect
+	github.com/docker/docker v23.0.4+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/fatih/color v1.14.1 // indirect
+	github.com/fatih/color v1.15.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/glebarez/go-sqlite v1.21.1 // indirect
+	github.com/glebarez/sqlite v1.8.1-0.20230417114740-1accfe103bf2 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
-	github.com/go-sql-driver/mysql v1.7.0 // indirect
+	github.com/go-sql-driver/mysql v1.7.1 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/go-containerregistry v0.12.0 // indirect
 	github.com/google/licenseclassifier/v2 v2.0.0-pre6 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.1 // indirect
@@ -105,16 +111,16 @@ require (
 	github.com/gorilla/websocket v1.4.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.6.2 // indirect
+	github.com/hashicorp/go-getter v1.7.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/inconshreveable/log15 v2.16.0+incompatible // indirect
+	github.com/inconshreveable/log15 v3.0.0-testing.5+incompatible // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/jackc/pgx/v5 v5.3.0 // indirect
+	github.com/jackc/pgx/v5 v5.3.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -126,31 +132,30 @@ require (
 	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
 	github.com/masahiro331/go-xfs-filesystem v0.0.0-20221127135739-051c25f1becd // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/mattn/go-sqlite3 v1.14.16 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
-	github.com/mitchellh/go-testing-interface v1.0.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/nsf/termbox-go v1.1.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.7 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rogpeppe/go-internal v1.8.1 // indirect
 	github.com/samber/lo v1.33.0 // indirect
 	github.com/sergi/go-diff v1.3.1 // indirect
 	github.com/smartystreets/assertions v1.13.0 // indirect
 	github.com/spdx/tools-golang v0.3.0 // indirect
-	github.com/spf13/afero v1.9.4 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.15.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
-	github.com/stretchr/testify v1.8.1 // indirect
+	github.com/stretchr/testify v1.8.2 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
@@ -159,13 +164,12 @@ require (
 	go.uber.org/goleak v1.1.12 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.23.0 // indirect
-	golang.org/x/crypto v0.6.0 // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/term v0.5.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/term v0.8.0 // indirect
+	golang.org/x/tools v0.9.1 // indirect
 	google.golang.org/api v0.107.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
@@ -173,13 +177,13 @@ require (
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gorm.io/driver/mysql v1.4.7 // indirect
-	gorm.io/driver/postgres v1.4.8 // indirect
-	gorm.io/driver/sqlite v1.4.4 // indirect
-	gorm.io/gorm v1.24.5 // indirect
+	gorm.io/driver/mysql v1.5.0 // indirect
+	gorm.io/driver/postgres v1.5.0 // indirect
+	gorm.io/gorm v1.25.0 // indirect
 	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
+	modernc.org/libc v1.22.6 // indirect
+	modernc.org/mathutil v1.5.0 // indirect
+	modernc.org/memory v1.5.0 // indirect
+	modernc.org/sqlite v1.22.1 // indirect
 	moul.io/http2curl v1.0.0 // indirect
 )
-
-// See https://github.com/moby/moby/issues/42939#issuecomment-1114255529
-replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible
--- a/go.sum
+++ b/go.sum
--- a/gost/debian.go
+++ b/gost/debian.go
@@ -5,8 +5,12 @@ package gost

 import (
 	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"

 	debver "github.com/knqyf263/go-deb-version"
+	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"

 	"github.com/future-architect/vuls/logging"
@@ -20,19 +24,16 @@ type Debian struct {
 	Base
 }

-type packCves struct {
-	packName  string
-	isSrcPack bool
-	cves      []models.CveContent
-	fixes     models.PackageFixStatuses
-}
-
 func (deb Debian) supported(major string) bool {
 	_, ok := map[string]string{
+		"7":  "wheezy",
 		"8":  "jessie",
 		"9":  "stretch",
 		"10": "buster",
 		"11": "bullseye",
+		"12": "bookworm",
+		// "13": "trixie",
+		// "14": "forky",
 	}[major]
 	return ok
 }
@@ -45,199 +46,218 @@ func (deb Debian) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 		return 0, nil
 	}

-	// Add linux and set the version of running kernel to search Gost.
 	if r.Container.ContainerID == "" {
-		if r.RunningKernel.Version != "" {
-			newVer := ""
-			if p, ok := r.Packages["linux-image-"+r.RunningKernel.Release]; ok {
-				newVer = p.NewVersion
-			}
-			r.Packages["linux"] = models.Package{
-				Name:       "linux",
-				Version:    r.RunningKernel.Version,
-				NewVersion: newVer,
-			}
-		} else {
-			logging.Log.Warnf("Since the exact kernel version is not available, the vulnerability in the linux package is not detected.")
+		if r.RunningKernel.Release == "" {
+			logging.Log.Warnf("Since the exact kernel release is not available, the vulnerability in the kernel package is not detected.")
 		}
 	}

-	var stashLinuxPackage models.Package
-	if linux, ok := r.Packages["linux"]; ok {
-		stashLinuxPackage = linux
-	}
-	nFixedCVEs, err := deb.detectCVEsWithFixState(r, "resolved")
+	fixedCVEs, err := deb.detectCVEsWithFixState(r, true)
 	if err != nil {
 		return 0, xerrors.Errorf("Failed to detect fixed CVEs. err: %w", err)
 	}

-	if stashLinuxPackage.Name != "" {
-		r.Packages["linux"] = stashLinuxPackage
-	}
-	nUnfixedCVEs, err := deb.detectCVEsWithFixState(r, "open")
+	unfixedCVEs, err := deb.detectCVEsWithFixState(r, false)
 	if err != nil {
 		return 0, xerrors.Errorf("Failed to detect unfixed CVEs. err: %w", err)
 	}

-	return (nFixedCVEs + nUnfixedCVEs), nil
+	return len(unique(append(fixedCVEs, unfixedCVEs...))), nil
 }

-func (deb Debian) detectCVEsWithFixState(r *models.ScanResult, fixStatus string) (nCVEs int, err error) {
-	if fixStatus != "resolved" && fixStatus != "open" {
-		return 0, xerrors.Errorf(`Failed to detectCVEsWithFixState. fixStatus is not allowed except "open" and "resolved"(actual: fixStatus -> %s).`, fixStatus)
-	}
-
-	packCvesList := []packCves{}
+func (deb Debian) detectCVEsWithFixState(r *models.ScanResult, fixed bool) ([]string, error) {
+	detects := map[string]cveContent{}
 	if deb.driver == nil {
-		url, err := util.URLPathJoin(deb.baseURL, "debian", major(r.Release), "pkgs")
+		urlPrefix, err := util.URLPathJoin(deb.baseURL, "debian", major(r.Release), "pkgs")
 		if err != nil {
-			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+			return nil, xerrors.Errorf("Failed to join URLPath. err: %w", err)
 		}
-
-		s := "unfixed-cves"
-		if s == "resolved" {
-			s = "fixed-cves"
+		s := "fixed-cves"
+		if !fixed {
+			s = "unfixed-cves"
 		}
-		responses, err := getCvesWithFixStateViaHTTP(r, url, s)
+		responses, err := getCvesWithFixStateViaHTTP(r, urlPrefix, s)
 		if err != nil {
-			return 0, xerrors.Errorf("Failed to get CVEs via HTTP. err: %w", err)
+			return nil, xerrors.Errorf("Failed to get CVEs via HTTP. err: %w", err)
 		}

 		for _, res := range responses {
-			debCves := map[string]gostmodels.DebianCVE{}
-			if err := json.Unmarshal([]byte(res.json), &debCves); err != nil {
-				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			if !res.request.isSrcPack {
+				continue
 			}
-			cves := []models.CveContent{}
-			fixes := []models.PackageFixStatus{}
-			for _, debcve := range debCves {
-				cves = append(cves, *deb.ConvertToModel(&debcve))
-				fixes = append(fixes, checkPackageFixStatus(&debcve)...)
-			}
-			packCvesList = append(packCvesList, packCves{
-				packName:  res.request.packName,
-				isSrcPack: res.request.isSrcPack,
-				cves:      cves,
-				fixes:     fixes,
-			})
-		}
-	} else {
-		for _, pack := range r.Packages {
-			cves, fixes, err := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
-			if err != nil {
-				return 0, xerrors.Errorf("Failed to get CVEs for Package. err: %w", err)
-			}
-			packCvesList = append(packCvesList, packCves{
-				packName:  pack.Name,
-				isSrcPack: false,
-				cves:      cves,
-				fixes:     fixes,
-			})
-		}

-		// SrcPack
-		for _, pack := range r.SrcPackages {
-			cves, fixes, err := deb.getCvesDebianWithfixStatus(fixStatus, major(r.Release), pack.Name)
-			if err != nil {
-				return 0, xerrors.Errorf("Failed to get CVEs for SrcPackage. err: %w", err)
-			}
-			packCvesList = append(packCvesList, packCves{
-				packName:  pack.Name,
-				isSrcPack: true,
-				cves:      cves,
-				fixes:     fixes,
-			})
-		}
-	}
+			n := strings.NewReplacer("linux-signed", "linux", "linux-latest", "linux", "-amd64", "", "-arm64", "", "-i386", "").Replace(res.request.packName)

-	delete(r.Packages, "linux")
-
-	for _, p := range packCvesList {
-		for i, cve := range p.cves {
-			v, ok := r.ScannedCves[cve.CveID]
-			if ok {
-				if v.CveContents == nil {
-					v.CveContents = models.NewCveContents(cve)
-				} else {
-					v.CveContents[models.DebianSecurityTracker] = []models.CveContent{cve}
-					v.Confidences = models.Confidences{models.DebianSecurityTrackerMatch}
-				}
-			} else {
-				v = models.VulnInfo{
-					CveID:       cve.CveID,
-					CveContents: models.NewCveContents(cve),
-					Confidences: models.Confidences{models.DebianSecurityTrackerMatch},
-				}
-
-				if fixStatus == "resolved" {
-					versionRelease := ""
-					if p.isSrcPack {
-						versionRelease = r.SrcPackages[p.packName].Version
-					} else {
-						versionRelease = r.Packages[p.packName].FormatVer()
-					}
-
-					if versionRelease == "" {
+			if deb.isKernelSourcePackage(n) {
+				isRunning := false
+				for _, bn := range r.SrcPackages[res.request.packName].BinaryNames {
+					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
+						isRunning = true
 						break
 					}
-
-					affected, err := isGostDefAffected(versionRelease, p.fixes[i].FixedIn)
-					if err != nil {
-						logging.Log.Debugf("Failed to parse versions: %s, Ver: %s, Gost: %s",
-							err, versionRelease, p.fixes[i].FixedIn)
-						continue
-					}
-
-					if !affected {
-						continue
-					}
 				}
-
-				nCVEs++
-			}
-
-			names := []string{}
-			if p.isSrcPack {
-				if srcPack, ok := r.SrcPackages[p.packName]; ok {
-					for _, binName := range srcPack.BinaryNames {
-						if _, ok := r.Packages[binName]; ok {
-							names = append(names, binName)
-						}
-					}
-				}
-			} else {
-				if p.packName == "linux" {
-					names = append(names, "linux-image-"+r.RunningKernel.Release)
-				} else {
-					names = append(names, p.packName)
+				// To detect vulnerabilities in running kernels only, skip if the kernel is not running.
+				if !isRunning {
+					continue
 				}
 			}

-			if fixStatus == "resolved" {
-				for _, name := range names {
-					v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
-						Name:    name,
-						FixedIn: p.fixes[i].FixedIn,
-					})
+			cs := map[string]gostmodels.DebianCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cs); err != nil {
+				return nil, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			}
+			for _, content := range deb.detect(cs, models.SrcPackage{Name: res.request.packName, Version: r.SrcPackages[res.request.packName].Version, BinaryNames: r.SrcPackages[res.request.packName].BinaryNames}, models.Kernel{Release: r.RunningKernel.Release, Version: r.Packages[fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)].Version}) {
+				c, ok := detects[content.cveContent.CveID]
+				if ok {
+					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
 				}
-			} else {
-				for _, name := range names {
-					v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
-						Name:        name,
-						FixState:    "open",
-						NotFixedYet: true,
-					})
+				detects[content.cveContent.CveID] = content
+			}
+		}
+	} else {
+		for _, p := range r.SrcPackages {
+			n := strings.NewReplacer("linux-signed", "linux", "linux-latest", "linux", "-amd64", "", "-arm64", "", "-i386", "").Replace(p.Name)
+
+			if deb.isKernelSourcePackage(n) {
+				isRunning := false
+				for _, bn := range p.BinaryNames {
+					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
+						isRunning = true
+						break
+					}
+				}
+				// To detect vulnerabilities in running kernels only, skip if the kernel is not running.
+				if !isRunning {
+					continue
 				}
 			}

-			r.ScannedCves[cve.CveID] = v
+			var f func(string, string) (map[string]gostmodels.DebianCVE, error) = deb.driver.GetFixedCvesDebian
+			if !fixed {
+				f = deb.driver.GetUnfixedCvesDebian
+			}
+			cs, err := f(major(r.Release), n)
+			if err != nil {
+				return nil, xerrors.Errorf("Failed to get CVEs. release: %s, src package: %s, err: %w", major(r.Release), p.Name, err)
+			}
+			for _, content := range deb.detect(cs, p, models.Kernel{Release: r.RunningKernel.Release, Version: r.Packages[fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)].Version}) {
+				c, ok := detects[content.cveContent.CveID]
+				if ok {
+					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
+				}
+				detects[content.cveContent.CveID] = content
+			}
 		}
 	}

-	return nCVEs, nil
+	for _, content := range detects {
+		v, ok := r.ScannedCves[content.cveContent.CveID]
+		if ok {
+			if v.CveContents == nil {
+				v.CveContents = models.NewCveContents(content.cveContent)
+			} else {
+				v.CveContents[models.DebianSecurityTracker] = []models.CveContent{content.cveContent}
+			}
+			v.Confidences.AppendIfMissing(models.DebianSecurityTrackerMatch)
+		} else {
+			v = models.VulnInfo{
+				CveID:       content.cveContent.CveID,
+				CveContents: models.NewCveContents(content.cveContent),
+				Confidences: models.Confidences{models.DebianSecurityTrackerMatch},
+			}
+		}
+
+		for _, s := range content.fixStatuses {
+			v.AffectedPackages = v.AffectedPackages.Store(s)
+		}
+		r.ScannedCves[content.cveContent.CveID] = v
+	}
+
+	return maps.Keys(detects), nil
 }

-func isGostDefAffected(versionRelease, gostVersion string) (affected bool, err error) {
+func (deb Debian) isKernelSourcePackage(pkgname string) bool {
+	switch ss := strings.Split(pkgname, "-"); len(ss) {
+	case 1:
+		return pkgname == "linux"
+	case 2:
+		if ss[0] != "linux" {
+			return false
+		}
+		switch ss[1] {
+		case "grsec":
+			return true
+		default:
+			_, err := strconv.ParseFloat(ss[1], 64)
+			return err == nil
+		}
+	default:
+		return false
+	}
+}
+
+func (deb Debian) detect(cves map[string]gostmodels.DebianCVE, srcPkg models.SrcPackage, runningKernel models.Kernel) []cveContent {
+	n := strings.NewReplacer("linux-signed", "linux", "linux-latest", "linux", "-amd64", "", "-arm64", "", "-i386", "").Replace(srcPkg.Name)
+
+	var contents []cveContent
+	for _, cve := range cves {
+		c := cveContent{
+			cveContent: *(Debian{}).ConvertToModel(&cve),
+		}
+
+		for _, p := range cve.Package {
+			for _, r := range p.Release {
+				switch r.Status {
+				case "open", "undetermined":
+					for _, bn := range srcPkg.BinaryNames {
+						if deb.isKernelSourcePackage(n) && bn != fmt.Sprintf("linux-image-%s", runningKernel.Release) {
+							continue
+						}
+						c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
+							Name:        bn,
+							FixState:    r.Status,
+							NotFixedYet: true,
+						})
+					}
+				case "resolved":
+					installedVersion := srcPkg.Version
+					patchedVersion := r.FixedVersion
+
+					if deb.isKernelSourcePackage(n) {
+						installedVersion = runningKernel.Version
+					}
+
+					affected, err := deb.isGostDefAffected(installedVersion, patchedVersion)
+					if err != nil {
+						logging.Log.Debugf("Failed to parse versions: %s, Ver: %s, Gost: %s", err, installedVersion, patchedVersion)
+						continue
+					}
+
+					if affected {
+						for _, bn := range srcPkg.BinaryNames {
+							if deb.isKernelSourcePackage(n) && bn != fmt.Sprintf("linux-image-%s", runningKernel.Release) {
+								continue
+							}
+							c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
+								Name:    bn,
+								FixedIn: patchedVersion,
+							})
+						}
+					}
+				default:
+					logging.Log.Debugf("Failed to check vulnerable CVE. err: unknown status: %s", r.Status)
+				}
+			}
+		}
+
+		if len(c.fixStatuses) > 0 {
+			contents = append(contents, c)
+		}
+	}
+	return contents
+}
+
+func (deb Debian) isGostDefAffected(versionRelease, gostVersion string) (affected bool, err error) {
 	vera, err := debver.NewVersion(versionRelease)
 	if err != nil {
 		return false, xerrors.Errorf("Failed to parse version. version: %s, err: %w", versionRelease, err)
@@ -249,27 +269,6 @@ func isGostDefAffected(versionRelease, gostVersion string) (affected bool, err e
 	return vera.LessThan(verb), nil
 }

-func (deb Debian) getCvesDebianWithfixStatus(fixStatus, release, pkgName string) ([]models.CveContent, []models.PackageFixStatus, error) {
-	var f func(string, string) (map[string]gostmodels.DebianCVE, error)
-	if fixStatus == "resolved" {
-		f = deb.driver.GetFixedCvesDebian
-	} else {
-		f = deb.driver.GetUnfixedCvesDebian
-	}
-	debCves, err := f(release, pkgName)
-	if err != nil {
-		return nil, nil, xerrors.Errorf("Failed to get CVEs. fixStatus: %s, release: %s, src package: %s, err: %w", fixStatus, release, pkgName, err)
-	}
-
-	cves := []models.CveContent{}
-	fixes := []models.PackageFixStatus{}
-	for _, devbCve := range debCves {
-		cves = append(cves, *deb.ConvertToModel(&devbCve))
-		fixes = append(fixes, checkPackageFixStatus(&devbCve)...)
-	}
-	return cves, fixes, nil
-}
-
 // ConvertToModel converts gost model to vuls model
 func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
 	severity := ""
@@ -279,34 +278,17 @@ func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
 			break
 		}
 	}
+	var optinal map[string]string
+	if cve.Scope != "" {
+		optinal = map[string]string{"attack range": cve.Scope}
+	}
 	return &models.CveContent{
 		Type:          models.DebianSecurityTracker,
 		CveID:         cve.CveID,
 		Summary:       cve.Description,
 		Cvss2Severity: severity,
 		Cvss3Severity: severity,
-		SourceLink:    "https://security-tracker.debian.org/tracker/" + cve.CveID,
-		Optional: map[string]string{
-			"attack range": cve.Scope,
-		},
+		SourceLink:    fmt.Sprintf("https://security-tracker.debian.org/tracker/%s", cve.CveID),
+		Optional:      optinal,
 	}
 }
-
-func checkPackageFixStatus(cve *gostmodels.DebianCVE) []models.PackageFixStatus {
-	fixes := []models.PackageFixStatus{}
-	for _, p := range cve.Package {
-		for _, r := range p.Release {
-			f := models.PackageFixStatus{Name: p.PackageName}
-
-			if r.Status == "open" {
-				f.NotFixedYet = true
-			} else {
-				f.FixedIn = r.FixedVersion
-			}
-
-			fixes = append(fixes, f)
-		}
-	}
-
-	return fixes
-}
--- a/gost/debian_test.go
+++ b/gost/debian_test.go
@@ -3,69 +3,348 @@

 package gost

-import "testing"
+import (
+	"reflect"
+	"testing"
+
+	"golang.org/x/exp/slices"
+
+	"github.com/future-architect/vuls/models"
+	gostmodels "github.com/vulsio/gost/models"
+)

 func TestDebian_Supported(t *testing.T) {
-	type fields struct {
-		Base Base
-	}
-	type args struct {
-		major string
-	}
 	tests := []struct {
 		name string
-		args args
+		args string
 		want bool
 	}{
+		{
+			name: "7 is supported",
+			args: "7",
+			want: true,
+		},
 		{
 			name: "8 is supported",
-			args: args{
-				major: "8",
-			},
+			args: "8",
 			want: true,
 		},
 		{
 			name: "9 is supported",
-			args: args{
-				major: "9",
-			},
+			args: "9",
 			want: true,
 		},
 		{
 			name: "10 is supported",
-			args: args{
-				major: "10",
-			},
+			args: "10",
 			want: true,
 		},
 		{
 			name: "11 is supported",
-			args: args{
-				major: "11",
-			},
+			args: "11",
 			want: true,
 		},
 		{
-			name: "12 is not supported yet",
-			args: args{
-				major: "12",
-			},
+			name: "12 is supported",
+			args: "12",
+			want: true,
+		},
+		{
+			name: "13 is not supported yet",
+			args: "13",
+			want: false,
+		},
+		{
+			name: "14 is not supported yet",
+			args: "14",
 			want: false,
 		},
 		{
 			name: "empty string is not supported yet",
-			args: args{
-				major: "",
-			},
+			args: "",
 			want: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			deb := Debian{}
-			if got := deb.supported(tt.args.major); got != tt.want {
+			if got := (Debian{}).supported(tt.args); got != tt.want {
 				t.Errorf("Debian.Supported() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
+
+func TestDebian_ConvertToModel(t *testing.T) {
+	tests := []struct {
+		name string
+		args gostmodels.DebianCVE
+		want models.CveContent
+	}{
+		{
+			name: "gost Debian.ConvertToModel",
+			args: gostmodels.DebianCVE{
+				CveID:       "CVE-2022-39260",
+				Scope:       "local",
+				Description: "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.",
+				Package: []gostmodels.DebianPackage{
+					{
+						PackageName: "git",
+						Release: []gostmodels.DebianRelease{
+							{
+								ProductName:  "bookworm",
+								Status:       "resolved",
+								FixedVersion: "1:2.38.1-1",
+								Urgency:      "not yet assigned",
+								Version:      "1:2.39.2-1.1",
+							},
+							{
+								ProductName:  "bullseye",
+								Status:       "resolved",
+								FixedVersion: "1:2.30.2-1+deb11u1",
+								Urgency:      "not yet assigned",
+								Version:      "1:2.30.2-1",
+							},
+							{
+								ProductName:  "buster",
+								Status:       "resolved",
+								FixedVersion: "1:2.20.1-2+deb10u5",
+								Urgency:      "not yet assigned",
+								Version:      "1:2.20.1-2+deb10u3",
+							},
+							{
+								ProductName:  "sid",
+								Status:       "resolved",
+								FixedVersion: "1:2.38.1-1",
+								Urgency:      "not yet assigned",
+								Version:      "1:2.40.0-1",
+							},
+						},
+					},
+				},
+			},
+			want: models.CveContent{
+				Type:          models.DebianSecurityTracker,
+				CveID:         "CVE-2022-39260",
+				Summary:       "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.",
+				Cvss2Severity: "not yet assigned",
+				Cvss3Severity: "not yet assigned",
+				SourceLink:    "https://security-tracker.debian.org/tracker/CVE-2022-39260",
+				Optional:      map[string]string{"attack range": "local"},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := (Debian{}).ConvertToModel(&tt.args); !reflect.DeepEqual(got, &tt.want) {
+				t.Errorf("Debian.ConvertToModel() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestDebian_detect(t *testing.T) {
+	type args struct {
+		cves          map[string]gostmodels.DebianCVE
+		srcPkg        models.SrcPackage
+		runningKernel models.Kernel
+	}
+	tests := []struct {
+		name string
+		args args
+		want []cveContent
+	}{
+		{
+			name: "fixed",
+			args: args{
+				cves: map[string]gostmodels.DebianCVE{
+					"CVE-0000-0000": {
+						CveID: "CVE-0000-0000",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "pkg",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName:  "bullseye",
+										Status:       "resolved",
+										FixedVersion: "0.0.0-0",
+									},
+								},
+							},
+						},
+					},
+					"CVE-0000-0001": {
+						CveID: "CVE-0000-0001",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "pkg",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName:  "bullseye",
+										Status:       "resolved",
+										FixedVersion: "0.0.0-2",
+									},
+								},
+							},
+						},
+					},
+				},
+				srcPkg: models.SrcPackage{Name: "pkg", Version: "0.0.0-1", BinaryNames: []string{"pkg"}},
+			},
+			want: []cveContent{
+				{
+					cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
+					fixStatuses: models.PackageFixStatuses{{
+						Name:    "pkg",
+						FixedIn: "0.0.0-2",
+					}},
+				},
+			},
+		},
+		{
+			name: "unfixed",
+			args: args{
+				cves: map[string]gostmodels.DebianCVE{
+					"CVE-0000-0000": {
+						CveID: "CVE-0000-0000",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "pkg",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName: "bullseye",
+										Status:      "open",
+									},
+								},
+							},
+						},
+					},
+					"CVE-0000-0001": {
+						CveID: "CVE-0000-0001",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "pkg",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName: "bullseye",
+										Status:      "undetermined",
+									},
+								},
+							},
+						},
+					},
+				},
+				srcPkg: models.SrcPackage{Name: "pkg", Version: "0.0.0-1", BinaryNames: []string{"pkg"}},
+			},
+			want: []cveContent{
+				{
+					cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0000", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0000"},
+					fixStatuses: models.PackageFixStatuses{{
+						Name:        "pkg",
+						FixState:    "open",
+						NotFixedYet: true,
+					}},
+				},
+				{
+					cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
+					fixStatuses: models.PackageFixStatuses{{
+						Name:        "pkg",
+						FixState:    "undetermined",
+						NotFixedYet: true,
+					}},
+				},
+			},
+		},
+		{
+			name: "linux-signed-amd64",
+			args: args{
+				cves: map[string]gostmodels.DebianCVE{
+					"CVE-0000-0000": {
+						CveID: "CVE-0000-0000",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "linux",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName:  "bullseye",
+										Status:       "resolved",
+										FixedVersion: "0.0.0-0",
+									},
+								},
+							},
+						},
+					},
+					"CVE-0000-0001": {
+						CveID: "CVE-0000-0001",
+						Package: []gostmodels.DebianPackage{
+							{
+								PackageName: "linux",
+								Release: []gostmodels.DebianRelease{
+									{
+										ProductName:  "bullseye",
+										Status:       "resolved",
+										FixedVersion: "0.0.0-2",
+									},
+								},
+							},
+						},
+					},
+				},
+				srcPkg:        models.SrcPackage{Name: "linux-signed-amd64", Version: "0.0.0+1", BinaryNames: []string{"linux-image-5.10.0-20-amd64"}},
+				runningKernel: models.Kernel{Release: "5.10.0-20-amd64", Version: "0.0.0-1"},
+			},
+			want: []cveContent{
+				{
+					cveContent: models.CveContent{Type: models.DebianSecurityTracker, CveID: "CVE-0000-0001", SourceLink: "https://security-tracker.debian.org/tracker/CVE-0000-0001"},
+					fixStatuses: models.PackageFixStatuses{{
+						Name:    "linux-image-5.10.0-20-amd64",
+						FixedIn: "0.0.0-2",
+					}},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := (Debian{}).detect(tt.args.cves, tt.args.srcPkg, tt.args.runningKernel)
+			slices.SortFunc(got, func(i, j cveContent) bool { return i.cveContent.CveID < j.cveContent.CveID })
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("Debian.detect() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestDebian_isKernelSourcePackage(t *testing.T) {
+	tests := []struct {
+		pkgname string
+		want    bool
+	}{
+		{
+			pkgname: "linux",
+			want:    true,
+		},
+		{
+			pkgname: "apt",
+			want:    false,
+		},
+		{
+			pkgname: "linux-5.10",
+			want:    true,
+		},
+		{
+			pkgname: "linux-grsec",
+			want:    true,
+		},
+		{
+			pkgname: "linux-base",
+			want:    false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.pkgname, func(t *testing.T) {
+			if got := (Debian{}).isKernelSourcePackage(tt.pkgname); got != tt.want {
+				t.Errorf("Debian.isKernelSourcePackage() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/gost/gost.go
+++ b/gost/gost.go
@@ -89,9 +89,9 @@ func newGostDB(cnf config.VulnDictInterface) (gostdb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := gostdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), gostdb.Option{})
+	driver, err := gostdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), gostdb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, gostdb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init gost DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init gost DB. DB Path: %s, err: %w", path, err)
--- a/gost/ubuntu.go
+++ b/gost/ubuntu.go
@@ -6,9 +6,11 @@ package gost
 import (
 	"encoding/json"
 	"fmt"
-	"regexp"
+	"strconv"
 	"strings"

+	debver "github.com/knqyf263/go-deb-version"
+	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"

 	"github.com/future-architect/vuls/logging"
@@ -58,7 +60,7 @@ func (ubu Ubuntu) supported(version string) bool {
 		"2110": "impish",
 		"2204": "jammy",
 		"2210": "kinetic",
-		// "2304": "lunar",
+		"2304": "lunar",
 	}[version]
 	return ok
 }
@@ -68,25 +70,46 @@ type cveContent struct {
 	fixStatuses models.PackageFixStatuses
 }

-var kernelSourceNamePattern = regexp.MustCompile(`^linux((-(ti-omap4|armadaxp|mako|manta|flo|goldfish|joule|raspi2?|snapdragon|aws|azure|bluefield|dell300x|gcp|gke(op)?|ibm|intel|lowlatency|kvm|oem|oracle|euclid|lts-xenial|hwe|riscv))?(-(edge|fde|iotg|hwe|osp1))?(-[\d\.]+)?)?$`)
-
 // DetectCVEs fills cve information that has in Gost
 func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error) {
-	ubuReleaseVer := strings.Replace(r.Release, ".", "", 1)
-	if !ubu.supported(ubuReleaseVer) {
+	if !ubu.supported(strings.Replace(r.Release, ".", "", 1)) {
 		logging.Log.Warnf("Ubuntu %s is not supported yet", r.Release)
 		return 0, nil
 	}

+	if r.Container.ContainerID == "" {
+		if r.RunningKernel.Release == "" {
+			logging.Log.Warnf("Since the exact kernel release is not available, the vulnerability in the kernel package is not detected.")
+		}
+	}
+
+	fixedCVEs, err := ubu.detectCVEsWithFixState(r, true)
+	if err != nil {
+		return 0, xerrors.Errorf("Failed to detect fixed CVEs. err: %w", err)
+	}
+
+	unfixedCVEs, err := ubu.detectCVEsWithFixState(r, false)
+	if err != nil {
+		return 0, xerrors.Errorf("Failed to detect unfixed CVEs. err: %w", err)
+	}
+
+	return len(unique(append(fixedCVEs, unfixedCVEs...))), nil
+}
+
+func (ubu Ubuntu) detectCVEsWithFixState(r *models.ScanResult, fixed bool) ([]string, error) {
 	detects := map[string]cveContent{}
 	if ubu.driver == nil {
-		urlPrefix, err := util.URLPathJoin(ubu.baseURL, "ubuntu", ubuReleaseVer, "pkgs")
+		urlPrefix, err := util.URLPathJoin(ubu.baseURL, "ubuntu", strings.Replace(r.Release, ".", "", 1), "pkgs")
 		if err != nil {
-			return 0, xerrors.Errorf("Failed to join URLPath. err: %w", err)
+			return nil, xerrors.Errorf("Failed to join URLPath. err: %w", err)
 		}
-		responses, err := getCvesWithFixStateViaHTTP(r, urlPrefix, "fixed-cves")
+		s := "fixed-cves"
+		if !fixed {
+			s = "unfixed-cves"
+		}
+		responses, err := getCvesWithFixStateViaHTTP(r, urlPrefix, s)
 		if err != nil {
-			return 0, xerrors.Errorf("Failed to get fixed CVEs via HTTP. err: %w", err)
+			return nil, xerrors.Errorf("Failed to get fixed CVEs via HTTP. err: %w", err)
 		}

 		for _, res := range responses {
@@ -96,61 +119,25 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error

 			n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(res.request.packName)

-			if kernelSourceNamePattern.MatchString(n) {
-				isDetect := false
+			if ubu.isKernelSourcePackage(n) {
+				isRunning := false
 				for _, bn := range r.SrcPackages[res.request.packName].BinaryNames {
 					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
-						isDetect = true
+						isRunning = true
 						break
 					}
 				}
-				if !isDetect {
+				// To detect vulnerabilities in running kernels only, skip if the kernel is not running.
+				if !isRunning {
 					continue
 				}
 			}

-			fixeds := map[string]gostmodels.UbuntuCVE{}
-			if err := json.Unmarshal([]byte(res.json), &fixeds); err != nil {
-				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
+			cs := map[string]gostmodels.UbuntuCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cs); err != nil {
+				return nil, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
 			}
-			for _, content := range detect(fixeds, true, models.SrcPackage{Name: res.request.packName, Version: r.SrcPackages[res.request.packName].Version, BinaryNames: r.SrcPackages[res.request.packName].BinaryNames}, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
-				c, ok := detects[content.cveContent.CveID]
-				if ok {
-					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
-				}
-				detects[content.cveContent.CveID] = content
-			}
-		}
-
-		responses, err = getCvesWithFixStateViaHTTP(r, urlPrefix, "unfixed-cves")
-		if err != nil {
-			return 0, xerrors.Errorf("Failed to get unfixed CVEs via HTTP. err: %w", err)
-		}
-		for _, res := range responses {
-			if !res.request.isSrcPack {
-				continue
-			}
-
-			n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(res.request.packName)
-
-			if kernelSourceNamePattern.MatchString(n) {
-				isDetect := false
-				for _, bn := range r.SrcPackages[res.request.packName].BinaryNames {
-					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
-						isDetect = true
-						break
-					}
-				}
-				if !isDetect {
-					continue
-				}
-			}
-
-			unfixeds := map[string]gostmodels.UbuntuCVE{}
-			if err := json.Unmarshal([]byte(res.json), &unfixeds); err != nil {
-				return 0, xerrors.Errorf("Failed to unmarshal json. err: %w", err)
-			}
-			for _, content := range detect(unfixeds, false, models.SrcPackage{Name: res.request.packName, Version: r.SrcPackages[res.request.packName].Version, BinaryNames: r.SrcPackages[res.request.packName].BinaryNames}, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
+			for _, content := range ubu.detect(cs, fixed, models.SrcPackage{Name: res.request.packName, Version: r.SrcPackages[res.request.packName].Version, BinaryNames: r.SrcPackages[res.request.packName].BinaryNames}, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
 				c, ok := detects[content.cveContent.CveID]
 				if ok {
 					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
@@ -159,39 +146,32 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 			}
 		}
 	} else {
-		for _, pack := range r.SrcPackages {
-			n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(pack.Name)
+		for _, p := range r.SrcPackages {
+			n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(p.Name)

-			if kernelSourceNamePattern.MatchString(n) {
-				isDetect := false
-				for _, bn := range pack.BinaryNames {
+			if ubu.isKernelSourcePackage(n) {
+				isRunning := false
+				for _, bn := range p.BinaryNames {
 					if bn == fmt.Sprintf("linux-image-%s", r.RunningKernel.Release) {
-						isDetect = true
+						isRunning = true
 						break
 					}
 				}
-				if !isDetect {
+				// To detect vulnerabilities in running kernels only, skip if the kernel is not running.
+				if !isRunning {
 					continue
 				}
 			}

-			fixeds, err := ubu.driver.GetFixedCvesUbuntu(ubuReleaseVer, n)
+			var f func(string, string) (map[string]gostmodels.UbuntuCVE, error) = ubu.driver.GetFixedCvesUbuntu
+			if !fixed {
+				f = ubu.driver.GetUnfixedCvesUbuntu
+			}
+			cs, err := f(strings.Replace(r.Release, ".", "", 1), n)
 			if err != nil {
-				return 0, xerrors.Errorf("Failed to get fixed CVEs for SrcPackage. err: %w", err)
+				return nil, xerrors.Errorf("Failed to get CVEs. release: %s, src package: %s, err: %w", major(r.Release), p.Name, err)
 			}
-			for _, content := range detect(fixeds, true, pack, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
-				c, ok := detects[content.cveContent.CveID]
-				if ok {
-					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
-				}
-				detects[content.cveContent.CveID] = content
-			}
-
-			unfixeds, err := ubu.driver.GetUnfixedCvesUbuntu(ubuReleaseVer, n)
-			if err != nil {
-				return 0, xerrors.Errorf("Failed to get unfixed CVEs for SrcPackage. err: %w", err)
-			}
-			for _, content := range detect(unfixeds, false, pack, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
+			for _, content := range ubu.detect(cs, fixed, p, fmt.Sprintf("linux-image-%s", r.RunningKernel.Release)) {
 				c, ok := detects[content.cveContent.CveID]
 				if ok {
 					content.fixStatuses = append(content.fixStatuses, c.fixStatuses...)
@@ -208,8 +188,8 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 				v.CveContents = models.NewCveContents(content.cveContent)
 			} else {
 				v.CveContents[models.UbuntuAPI] = []models.CveContent{content.cveContent}
-				v.Confidences = models.Confidences{models.UbuntuAPIMatch}
 			}
+			v.Confidences.AppendIfMissing(models.UbuntuAPIMatch)
 		} else {
 			v = models.VulnInfo{
 				CveID:       content.cveContent.CveID,
@@ -224,10 +204,10 @@ func (ubu Ubuntu) DetectCVEs(r *models.ScanResult, _ bool) (nCVEs int, err error
 		r.ScannedCves[content.cveContent.CveID] = v
 	}

-	return len(detects), nil
+	return maps.Keys(detects), nil
 }

-func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcPackage, runningKernelBinaryPkgName string) []cveContent {
+func (ubu Ubuntu) detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcPackage, runningKernelBinaryPkgName string) []cveContent {
 	n := strings.NewReplacer("linux-signed", "linux", "linux-meta", "linux").Replace(srcPkg.Name)

 	var contents []cveContent
@@ -243,7 +223,7 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 					patchedVersion := rp.Note

 					// https://git.launchpad.net/ubuntu-cve-tracker/tree/scripts/generate-oval#n384
-					if kernelSourceNamePattern.MatchString(n) && strings.HasPrefix(srcPkg.Name, "linux-meta") {
+					if ubu.isKernelSourcePackage(n) && strings.HasPrefix(srcPkg.Name, "linux-meta") {
 						// 5.15.0.1026.30~20.04.16 -> 5.15.0.1026
 						ss := strings.Split(installedVersion, ".")
 						if len(ss) >= 4 {
@@ -257,7 +237,7 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 						}
 					}

-					affected, err := isGostDefAffected(installedVersion, patchedVersion)
+					affected, err := ubu.isGostDefAffected(installedVersion, patchedVersion)
 					if err != nil {
 						logging.Log.Debugf("Failed to parse versions: %s, Ver: %s, Gost: %s", err, installedVersion, patchedVersion)
 						continue
@@ -265,7 +245,7 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP

 					if affected {
 						for _, bn := range srcPkg.BinaryNames {
-							if kernelSourceNamePattern.MatchString(n) && bn != runningKernelBinaryPkgName {
+							if ubu.isKernelSourcePackage(n) && bn != runningKernelBinaryPkgName {
 								continue
 							}
 							c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
@@ -278,7 +258,7 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 			}
 		} else {
 			for _, bn := range srcPkg.BinaryNames {
-				if kernelSourceNamePattern.MatchString(n) && bn != runningKernelBinaryPkgName {
+				if ubu.isKernelSourcePackage(n) && bn != runningKernelBinaryPkgName {
 					continue
 				}
 				c.fixStatuses = append(c.fixStatuses, models.PackageFixStatus{
@@ -290,12 +270,25 @@ func detect(cves map[string]gostmodels.UbuntuCVE, fixed bool, srcPkg models.SrcP
 		}

 		if len(c.fixStatuses) > 0 {
+			c.fixStatuses.Sort()
 			contents = append(contents, c)
 		}
 	}
 	return contents
 }

+func (ubu Ubuntu) isGostDefAffected(versionRelease, gostVersion string) (affected bool, err error) {
+	vera, err := debver.NewVersion(versionRelease)
+	if err != nil {
+		return false, xerrors.Errorf("Failed to parse version. version: %s, err: %w", versionRelease, err)
+	}
+	verb, err := debver.NewVersion(gostVersion)
+	if err != nil {
+		return false, xerrors.Errorf("Failed to parse version. version: %s, err: %w", gostVersion, err)
+	}
+	return vera.LessThan(verb), nil
+}
+
 // ConvertToModel converts gost model to vuls model
 func (ubu Ubuntu) ConvertToModel(cve *gostmodels.UbuntuCVE) *models.CveContent {
 	references := []models.Reference{}
@@ -323,8 +316,118 @@ func (ubu Ubuntu) ConvertToModel(cve *gostmodels.UbuntuCVE) *models.CveContent {
 		Summary:       cve.Description,
 		Cvss2Severity: cve.Priority,
 		Cvss3Severity: cve.Priority,
-		SourceLink:    "https://ubuntu.com/security/" + cve.Candidate,
+		SourceLink:    fmt.Sprintf("https://ubuntu.com/security/%s", cve.Candidate),
 		References:    references,
 		Published:     cve.PublicDate,
 	}
 }
+
+// https://git.launchpad.net/ubuntu-cve-tracker/tree/scripts/cve_lib.py#n931
+func (ubu Ubuntu) isKernelSourcePackage(pkgname string) bool {
+	switch ss := strings.Split(pkgname, "-"); len(ss) {
+	case 1:
+		return pkgname == "linux"
+	case 2:
+		if ss[0] != "linux" {
+			return false
+		}
+		switch ss[1] {
+		case "armadaxp", "mako", "manta", "flo", "goldfish", "joule", "raspi", "raspi2", "snapdragon", "aws", "azure", "bluefield", "dell300x", "gcp", "gke", "gkeop", "ibm", "lowlatency", "kvm", "oem", "oracle", "euclid", "hwe", "riscv":
+			return true
+		default:
+			_, err := strconv.ParseFloat(ss[1], 64)
+			return err == nil
+		}
+	case 3:
+		if ss[0] != "linux" {
+			return false
+		}
+		switch ss[1] {
+		case "ti":
+			return ss[2] == "omap4"
+		case "raspi", "raspi2", "gke", "gkeop", "ibm", "oracle", "riscv":
+			_, err := strconv.ParseFloat(ss[2], 64)
+			return err == nil
+		case "aws":
+			switch ss[2] {
+			case "hwe", "edge":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "azure":
+			switch ss[2] {
+			case "fde", "edge":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "gcp":
+			switch ss[2] {
+			case "edge":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "intel":
+			switch ss[2] {
+			case "iotg":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "oem":
+			switch ss[2] {
+			case "osp1":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		case "lts":
+			return ss[2] == "xenial"
+		case "hwe":
+			switch ss[2] {
+			case "edge":
+				return true
+			default:
+				_, err := strconv.ParseFloat(ss[2], 64)
+				return err == nil
+			}
+		default:
+			return false
+		}
+	case 4:
+		if ss[0] != "linux" {
+			return false
+		}
+		switch ss[1] {
+		case "azure":
+			if ss[2] != "fde" {
+				return false
+			}
+			_, err := strconv.ParseFloat(ss[3], 64)
+			return err == nil
+		case "intel":
+			if ss[2] != "iotg" {
+				return false
+			}
+			_, err := strconv.ParseFloat(ss[3], 64)
+			return err == nil
+		case "lowlatency":
+			if ss[2] != "hwe" {
+				return false
+			}
+			_, err := strconv.ParseFloat(ss[3], 64)
+			return err == nil
+		default:
+			return false
+		}
+	default:
+		return false
+	}
+}
--- a/gost/ubuntu_test.go
+++ b/gost/ubuntu_test.go
@@ -10,68 +10,51 @@ import (
 )

 func TestUbuntu_Supported(t *testing.T) {
-	type args struct {
-		ubuReleaseVer string
-	}
 	tests := []struct {
 		name string
-		args args
+		args string
 		want bool
 	}{
 		{
 			name: "14.04 is supported",
-			args: args{
-				ubuReleaseVer: "1404",
-			},
+			args: "1404",
 			want: true,
 		},
 		{
 			name: "16.04 is supported",
-			args: args{
-				ubuReleaseVer: "1604",
-			},
+			args: "1604",
 			want: true,
 		},
 		{
 			name: "18.04 is supported",
-			args: args{
-				ubuReleaseVer: "1804",
-			},
+			args: "1804",
 			want: true,
 		},
 		{
 			name: "20.04 is supported",
-			args: args{
-				ubuReleaseVer: "2004",
-			},
+			args: "2004",
 			want: true,
 		},
 		{
 			name: "20.10 is supported",
-			args: args{
-				ubuReleaseVer: "2010",
-			},
+			args: "2010",
 			want: true,
 		},
 		{
 			name: "21.04 is supported",
-			args: args{
-				ubuReleaseVer: "2104",
-			},
+			args: "2104",
 			want: true,
 		},
 		{
 			name: "empty string is not supported yet",
-			args: args{
-				ubuReleaseVer: "",
-			},
+			args: "",
 			want: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			ubu := Ubuntu{}
-			if got := ubu.supported(tt.args.ubuReleaseVer); got != tt.want {
+			if got := ubu.supported(tt.args); got != tt.want {
 				t.Errorf("Ubuntu.Supported() = %v, want %v", got, tt.want)
 			}
 		})
@@ -289,9 +272,60 @@ func Test_detect(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := detect(tt.args.cves, tt.args.fixed, tt.args.srcPkg, tt.args.runningKernelBinaryPkgName); !reflect.DeepEqual(got, tt.want) {
+			if got := (Ubuntu{}).detect(tt.args.cves, tt.args.fixed, tt.args.srcPkg, tt.args.runningKernelBinaryPkgName); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("detect() = %#v, want %#v", got, tt.want)
 			}
 		})
 	}
 }
+
+func TestUbuntu_isKernelSourcePackage(t *testing.T) {
+	tests := []struct {
+		pkgname string
+		want    bool
+	}{
+		{
+			pkgname: "linux",
+			want:    true,
+		},
+		{
+			pkgname: "apt",
+			want:    false,
+		},
+		{
+			pkgname: "linux-aws",
+			want:    true,
+		},
+		{
+			pkgname: "linux-5.9",
+			want:    true,
+		},
+		{
+			pkgname: "linux-base",
+			want:    false,
+		},
+		{
+			pkgname: "apt-utils",
+			want:    false,
+		},
+		{
+			pkgname: "linux-aws-edge",
+			want:    true,
+		},
+		{
+			pkgname: "linux-aws-5.15",
+			want:    true,
+		},
+		{
+			pkgname: "linux-lowlatency-hwe-5.15",
+			want:    true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.pkgname, func(t *testing.T) {
+			if got := (Ubuntu{}).isKernelSourcePackage(tt.pkgname); got != tt.want {
+				t.Errorf("Ubuntu.isKernelSourcePackage() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/gost/util.go
+++ b/gost/util.go
@@ -80,10 +80,9 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 }

 type request struct {
-	osMajorVersion string
-	packName       string
-	isSrcPack      bool
-	cveID          string
+	packName  string
+	isSrcPack bool
+	cveID     string
 }

 func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string) (responses []response, err error) {
@@ -98,16 +97,14 @@ func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string
 	go func() {
 		for _, pack := range r.Packages {
 			reqChan <- request{
-				osMajorVersion: major(r.Release),
-				packName:       pack.Name,
-				isSrcPack:      false,
+				packName:  pack.Name,
+				isSrcPack: false,
 			}
 		}
 		for _, pack := range r.SrcPackages {
 			reqChan <- request{
-				osMajorVersion: major(r.Release),
-				packName:       pack.Name,
-				isSrcPack:      true,
+				packName:  pack.Name,
+				isSrcPack: true,
 			}
 		}
 	}()
@@ -142,11 +139,11 @@ func getCvesWithFixStateViaHTTP(r *models.ScanResult, urlPrefix, fixState string
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, xerrors.New("Timeout Fetching OVAL")
+			return nil, xerrors.New("Timeout Fetching Gost")
 		}
 	}
 	if len(errs) != 0 {
-		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
+		return nil, xerrors.Errorf("Failed to fetch Gost. err: %w", errs)
 	}
 	return
 }
--- a/2
+++ b/2
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -236,10 +236,13 @@ func (ps PackageFixStatuses) Store(pkg PackageFixStatus) PackageFixStatuses {
 	return ps
 }

-// Sort by Name
+// Sort by Name asc, FixedIn desc
 func (ps PackageFixStatuses) Sort() {
 	sort.Slice(ps, func(i, j int) bool {
-		return ps[i].Name < ps[j].Name
+		if ps[i].Name != ps[j].Name {
+			return ps[i].Name < ps[j].Name
+		}
+		return ps[j].FixedIn < ps[i].FixedIn
 	})
 }

--- a/models/vulninfos_test.go
+++ b/models/vulninfos_test.go
@@ -991,6 +991,28 @@ func TestSortPackageStatues(t *testing.T) {
 				{Name: "b"},
 			},
 		},
+		{
+			in: PackageFixStatuses{
+				{
+					Name:    "libzstd1",
+					FixedIn: "1.3.1+dfsg-1~ubuntu0.16.04.1+esm1",
+				},
+				{
+					Name:    "libzstd1",
+					FixedIn: "1.3.1+dfsg-1~ubuntu0.16.04.1+esm2",
+				},
+			},
+			out: PackageFixStatuses{
+				{
+					Name:    "libzstd1",
+					FixedIn: "1.3.1+dfsg-1~ubuntu0.16.04.1+esm2",
+				},
+				{
+					Name:    "libzstd1",
+					FixedIn: "1.3.1+dfsg-1~ubuntu0.16.04.1+esm1",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		tt.in.Sort()
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -4,13 +4,9 @@
 package oval

 import (
-	"golang.org/x/xerrors"
-
 	"github.com/future-architect/vuls/constant"
-	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	ovaldb "github.com/vulsio/goval-dictionary/db"
-	ovalmodels "github.com/vulsio/goval-dictionary/models"
 )

 // DebianBase is the base struct of Debian and Ubuntu
@@ -18,102 +14,6 @@ type DebianBase struct {
 	Base
 }

-func (o DebianBase) update(r *models.ScanResult, defpacks defPacks) {
-	for _, cve := range defpacks.def.Advisory.Cves {
-		ovalContent := o.convertToModel(cve.CveID, &defpacks.def)
-		if ovalContent == nil {
-			continue
-		}
-		vinfo, ok := r.ScannedCves[cve.CveID]
-		if !ok {
-			logging.Log.Debugf("%s is newly detected by OVAL", cve.CveID)
-			vinfo = models.VulnInfo{
-				CveID:       cve.CveID,
-				Confidences: []models.Confidence{models.OvalMatch},
-				CveContents: models.NewCveContents(*ovalContent),
-			}
-		} else {
-			cveContents := vinfo.CveContents
-			if _, ok := vinfo.CveContents[ovalContent.Type]; ok {
-				logging.Log.Debugf("%s OVAL will be overwritten", cve.CveID)
-			} else {
-				logging.Log.Debugf("%s is also detected by OVAL", cve.CveID)
-				cveContents = models.CveContents{}
-			}
-			vinfo.Confidences.AppendIfMissing(models.OvalMatch)
-			cveContents[ovalContent.Type] = []models.CveContent{*ovalContent}
-			vinfo.CveContents = cveContents
-		}
-
-		// uniq(vinfo.AffectedPackages[].Name + defPacks.binpkgFixstat(map[string(=package name)]fixStat{}))
-		collectBinpkgFixstat := defPacks{
-			binpkgFixstat: map[string]fixStat{},
-		}
-		for packName, fixStatus := range defpacks.binpkgFixstat {
-			collectBinpkgFixstat.binpkgFixstat[packName] = fixStatus
-		}
-
-		for _, pack := range vinfo.AffectedPackages {
-			collectBinpkgFixstat.binpkgFixstat[pack.Name] = fixStat{
-				notFixedYet: pack.NotFixedYet,
-				fixedIn:     pack.FixedIn,
-				isSrcPack:   false,
-			}
-		}
-
-		// Update package status of source packages.
-		// In the case of Debian based Linux, sometimes source package name is defined as affected package in OVAL.
-		// To display binary package name showed in apt-get, need to convert source name to binary name.
-		for binName := range defpacks.binpkgFixstat {
-			if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok {
-				for _, p := range defpacks.def.AffectedPacks {
-					if p.Name == srcPack.Name {
-						collectBinpkgFixstat.binpkgFixstat[binName] = fixStat{
-							notFixedYet: p.NotFixedYet,
-							fixedIn:     p.Version,
-							isSrcPack:   true,
-							srcPackName: srcPack.Name,
-						}
-					}
-				}
-			}
-		}
-
-		vinfo.AffectedPackages = collectBinpkgFixstat.toPackStatuses()
-		vinfo.AffectedPackages.Sort()
-		r.ScannedCves[cve.CveID] = vinfo
-	}
-}
-
-func (o DebianBase) convertToModel(cveID string, def *ovalmodels.Definition) *models.CveContent {
-	refs := make([]models.Reference, 0, len(def.References))
-	for _, r := range def.References {
-		refs = append(refs, models.Reference{
-			Link:   r.RefURL,
-			Source: r.Source,
-			RefID:  r.RefID,
-		})
-	}
-
-	for _, cve := range def.Advisory.Cves {
-		if cve.CveID != cveID {
-			continue
-		}
-
-		return &models.CveContent{
-			Type:          models.NewCveContentType(o.family),
-			CveID:         cve.CveID,
-			Title:         def.Title,
-			Summary:       def.Description,
-			Cvss2Severity: def.Advisory.Severity,
-			Cvss3Severity: def.Advisory.Severity,
-			References:    refs,
-		}
-	}
-
-	return nil
-}
-
 // Debian is the interface for Debian OVAL
 type Debian struct {
 	DebianBase
@@ -133,67 +33,8 @@ func NewDebian(driver ovaldb.DB, baseURL string) Debian {
 }

 // FillWithOval returns scan result after updating CVE info by OVAL
-func (o Debian) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
-
-	//Debian's uname gives both of kernel release(uname -r), version(kernel-image version)
-	linuxImage := "linux-image-" + r.RunningKernel.Release
-
-	// Add linux and set the version of running kernel to search OVAL.
-	if r.Container.ContainerID == "" {
-		if r.RunningKernel.Version != "" {
-			newVer := ""
-			if p, ok := r.Packages[linuxImage]; ok {
-				newVer = p.NewVersion
-			}
-			r.Packages["linux"] = models.Package{
-				Name:       "linux",
-				Version:    r.RunningKernel.Version,
-				NewVersion: newVer,
-			}
-		} else {
-			logging.Log.Warnf("Since the exact kernel version is not available, the vulnerability in the linux package is not detected.")
-		}
-	}
-
-	var relatedDefs ovalResult
-	if o.driver == nil {
-		if relatedDefs, err = getDefsByPackNameViaHTTP(r, o.baseURL); err != nil {
-			return 0, xerrors.Errorf("Failed to get Definitions via HTTP. err: %w", err)
-		}
-	} else {
-		if relatedDefs, err = getDefsByPackNameFromOvalDB(r, o.driver); err != nil {
-			return 0, xerrors.Errorf("Failed to get Definitions from DB. err: %w", err)
-		}
-	}
-
-	delete(r.Packages, "linux")
-
-	for _, defPacks := range relatedDefs.entries {
-		// Remove "linux" added above for oval search
-		// linux is not a real package name (key of affected packages in OVAL)
-		if notFixedYet, ok := defPacks.binpkgFixstat["linux"]; ok {
-			defPacks.binpkgFixstat[linuxImage] = notFixedYet
-			delete(defPacks.binpkgFixstat, "linux")
-			for i, p := range defPacks.def.AffectedPacks {
-				if p.Name == "linux" {
-					p.Name = linuxImage
-					defPacks.def.AffectedPacks[i] = p
-				}
-			}
-		}
-
-		o.update(r, defPacks)
-	}
-
-	for _, vuln := range r.ScannedCves {
-		if conts, ok := vuln.CveContents[models.Debian]; ok {
-			for i, cont := range conts {
-				cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
-				vuln.CveContents[models.Debian][i] = cont
-			}
-		}
-	}
-	return len(relatedDefs.entries), nil
+func (o Debian) FillWithOval(_ *models.ScanResult) (nCVEs int, err error) {
+	return 0, nil
 }

 // Ubuntu is the interface for Debian OVAL
--- a/oval/debian_test.go
+++ b/oval/debian_test.go
@@ -1,120 +0,0 @@
-//go:build !scanner
-// +build !scanner
-
-package oval
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/future-architect/vuls/models"
-	ovalmodels "github.com/vulsio/goval-dictionary/models"
-)
-
-func TestPackNamesOfUpdateDebian(t *testing.T) {
-	var tests = []struct {
-		in       models.ScanResult
-		defPacks defPacks
-		out      models.ScanResult
-	}{
-		{
-			in: models.ScanResult{
-				ScannedCves: models.VulnInfos{
-					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packA"},
-							{Name: "packC"},
-						},
-					},
-				},
-			},
-			defPacks: defPacks{
-				def: ovalmodels.Definition{
-					Advisory: ovalmodels.Advisory{
-						Cves: []ovalmodels.Cve{{CveID: "CVE-2000-1000"}},
-					},
-				},
-				binpkgFixstat: map[string]fixStat{
-					"packB": {
-						notFixedYet: true,
-						fixedIn:     "1.0.0",
-					},
-				},
-			},
-			out: models.ScanResult{
-				ScannedCves: models.VulnInfos{
-					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packA"},
-							{Name: "packB", NotFixedYet: true, FixedIn: "1.0.0"},
-							{Name: "packC"},
-						},
-					},
-				},
-			},
-		},
-		{
-			in: models.ScanResult{
-				ScannedCves: models.VulnInfos{
-					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packA"},
-						},
-					},
-					"CVE-2000-1001": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packC"},
-						},
-					},
-				},
-			},
-			defPacks: defPacks{
-				def: ovalmodels.Definition{
-					Advisory: ovalmodels.Advisory{
-						Cves: []ovalmodels.Cve{
-							{
-								CveID: "CVE-2000-1000",
-							},
-							{
-								CveID: "CVE-2000-1001",
-							},
-						},
-					},
-				},
-				binpkgFixstat: map[string]fixStat{
-					"packB": {
-						notFixedYet: false,
-					},
-				},
-			},
-			out: models.ScanResult{
-				ScannedCves: models.VulnInfos{
-					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packA"},
-							{Name: "packB", NotFixedYet: false},
-						},
-					},
-					"CVE-2000-1001": models.VulnInfo{
-						AffectedPackages: models.PackageFixStatuses{
-							{Name: "packB", NotFixedYet: false},
-							{Name: "packC"},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	// util.Log = util.NewCustomLogger()
-	for i, tt := range tests {
-		Debian{}.update(&tt.in, tt.defPacks)
-		for cveid := range tt.out.ScannedCves {
-			e := tt.out.ScannedCves[cveid].AffectedPackages
-			a := tt.in.ScannedCves[cveid].AffectedPackages
-			if !reflect.DeepEqual(a, e) {
-				t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
-			}
-		}
-	}
-}
--- a/oval/oval.go
+++ b/oval/oval.go
@@ -133,9 +133,9 @@ func newOvalDB(cnf config.VulnDictInterface) (ovaldb.DB, error) {
 	if cnf.GetType() == "sqlite3" {
 		path = cnf.GetSQLite3Path()
 	}
-	driver, locked, err := ovaldb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ovaldb.Option{})
+	driver, err := ovaldb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ovaldb.Option{})
 	if err != nil {
-		if locked {
+		if xerrors.Is(err, ovaldb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init OVAL DB. SQLite3: %s is locked. err: %w, ", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init OVAL DB. DB Path: %s, err: %w", path, err)
--- a/oval/redhat.go
+++ b/oval/redhat.go
@@ -68,12 +68,15 @@ func (o RedHatBase) FillWithOval(r *models.ScanResult) (nCVEs int, err error) {
 			for _, d := range vuln.DistroAdvisories {
 				if conts, ok := vuln.CveContents[models.Amazon]; ok {
 					for i, cont := range conts {
-						if strings.HasPrefix(d.AdvisoryID, "ALAS2022-") {
-							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/AL2022/%s.html", strings.ReplaceAll(d.AdvisoryID, "ALAS2022", "ALAS"))
-						} else if strings.HasPrefix(d.AdvisoryID, "ALAS2-") {
-							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/AL2/%s.html", strings.ReplaceAll(d.AdvisoryID, "ALAS2", "ALAS"))
-						} else if strings.HasPrefix(d.AdvisoryID, "ALAS-") {
+						switch {
+						case strings.HasPrefix(d.AdvisoryID, "ALAS-"):
 							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/%s.html", d.AdvisoryID)
+						case strings.HasPrefix(d.AdvisoryID, "ALAS2-"):
+							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/AL2/%s.html", strings.ReplaceAll(d.AdvisoryID, "ALAS2", "ALAS"))
+						case strings.HasPrefix(d.AdvisoryID, "ALAS2022-"):
+							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/AL2022/%s.html", strings.ReplaceAll(d.AdvisoryID, "ALAS2022", "ALAS"))
+						case strings.HasPrefix(d.AdvisoryID, "ALAS2023-"):
+							cont.SourceLink = fmt.Sprintf("https://alas.aws.amazon.com/AL2023/%s.html", strings.ReplaceAll(d.AdvisoryID, "ALAS2023", "ALAS"))
 						}
 						vuln.CveContents[models.Amazon][i] = cont
 					}
--- a/oval/util.go
+++ b/oval/util.go
@@ -112,13 +112,25 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult, url string) (relatedDefs ova
 	case constant.CentOS:
 		ovalRelease = strings.TrimPrefix(r.Release, "stream")
 	case constant.Amazon:
-		switch strings.Fields(r.Release)[0] {
-		case "2022":
-			ovalRelease = "2022"
+		switch s := strings.Fields(r.Release)[0]; s {
+		case "1":
+			ovalRelease = "1"
 		case "2":
 			ovalRelease = "2"
+		case "2022":
+			ovalRelease = "2022"
+		case "2023":
+			ovalRelease = "2023"
+		case "2025":
+			ovalRelease = "2025"
+		case "2027":
+			ovalRelease = "2027"
+		case "2029":
+			ovalRelease = "2029"
 		default:
-			ovalRelease = "1"
+			if _, err := time.Parse("2006.01", s); err == nil {
+				ovalRelease = "1"
+			}
 		}
 	}

@@ -274,13 +286,25 @@ func getDefsByPackNameFromOvalDB(r *models.ScanResult, driver ovaldb.DB) (relate
 	case constant.CentOS:
 		ovalRelease = strings.TrimPrefix(r.Release, "stream")
 	case constant.Amazon:
-		switch strings.Fields(r.Release)[0] {
-		case "2022":
-			ovalRelease = "2022"
+		switch s := strings.Fields(r.Release)[0]; s {
+		case "1":
+			ovalRelease = "1"
 		case "2":
 			ovalRelease = "2"
+		case "2022":
+			ovalRelease = "2022"
+		case "2023":
+			ovalRelease = "2023"
+		case "2025":
+			ovalRelease = "2025"
+		case "2027":
+			ovalRelease = "2027"
+		case "2029":
+			ovalRelease = "2029"
 		default:
-			ovalRelease = "1"
+			if _, err := time.Parse("2006.01", s); err == nil {
+				ovalRelease = "1"
+			}
 		}
 	}

--- a/reporter/googlechat.go
+++ b/reporter/googlechat.go
@@ -26,7 +26,7 @@ func (w GoogleChatWriter) Write(rs ...models.ScanResult) (err error) {
 	re := regexp.MustCompile(w.Cnf.ServerNameRegexp)

 	for _, r := range rs {
-		if re.Match([]byte(r.FormatServerName())) {
+		if re.MatchString(r.FormatServerName()) {
 			continue
 		}
 		msgs := []string{fmt.Sprintf("*%s*\n%s\t%s\t%s",
@@ -73,11 +73,10 @@ func (w GoogleChatWriter) Write(rs ...models.ScanResult) (err error) {
 }

 func (w GoogleChatWriter) postMessage(message string) error {
-	uri := fmt.Sprintf("%s", w.Cnf.WebHookURL)
 	payload := `{"text": "` + message + `" }`

 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	req, err := http.NewRequestWithContext(ctx, http.MethodPost, uri, bytes.NewBuffer([]byte(payload)))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, w.Cnf.WebHookURL, bytes.NewBuffer([]byte(payload)))
 	defer cancel()
 	if err != nil {
 		return err
@@ -88,7 +87,7 @@ func (w GoogleChatWriter) postMessage(message string) error {
 		return err
 	}
 	resp, err := client.Do(req)
-	if checkResponse(resp) != nil && err != nil {
+	if w.checkResponse(resp) != nil && err != nil {
 		return err
 	}
 	defer resp.Body.Close()
--- a/reporter/telegram.go
+++ b/reporter/telegram.go
@@ -75,14 +75,14 @@ func (w TelegramWriter) sendMessage(chatID, token, message string) error {
 		return err
 	}
 	resp, err := client.Do(req)
-	if checkResponse(resp) != nil && err != nil {
+	if w.checkResponse(resp) != nil && err != nil {
 		return err
 	}
 	defer resp.Body.Close()
 	return nil
 }

-func checkResponse(r *http.Response) error {
+func (w TelegramWriter) checkResponse(r *http.Response) error {
 	if c := r.StatusCode; 200 <= c && c <= 299 {
 		return nil
 	}
--- a/scanner/amazon.go
+++ b/scanner/amazon.go
@@ -1,10 +1,14 @@
 package scanner

 import (
+	"strings"
+	"time"
+
+	"golang.org/x/xerrors"
+
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
-	"golang.org/x/xerrors"
 )

 // inherit OsTypeInterface
@@ -50,12 +54,26 @@ func (o *amazon) depsFast() []string {
 		return []string{}
 	}
 	// repoquery
-	return []string{"yum-utils"}
+	switch s := strings.Fields(o.getDistro().Release)[0]; s {
+	case "1", "2":
+		return []string{"yum-utils"}
+	default:
+		if _, err := time.Parse("2006.01", s); err == nil {
+			return []string{"yum-utils"}
+		}
+		return []string{"dnf-utils"}
+	}
 }

 func (o *amazon) depsFastRoot() []string {
-	return []string{
-		"yum-utils",
+	switch s := strings.Fields(o.getDistro().Release)[0]; s {
+	case "1", "2":
+		return []string{"yum-utils"}
+	default:
+		if _, err := time.Parse("2006.01", s); err == nil {
+			return []string{"yum-utils"}
+		}
+		return []string{"dnf-utils"}
 	}
 }

--- a/scanner/base.go
+++ b/scanner/base.go
@@ -139,7 +139,6 @@ func (l *base) runningKernel() (release, version string, err error) {
 			version = ss[6]
 		}
 		if _, err := debver.NewVersion(version); err != nil {
-			l.log.Warnf("kernel running version is invalid. skip kernel vulnerability detection. actual kernel version: %s, err: %s", version, err)
 			version = ""
 		}
 	}
@@ -817,20 +816,48 @@ func (d *DummyFileInfo) IsDir() bool { return false }
 // Sys is
 func (d *DummyFileInfo) Sys() interface{} { return nil }

+func (l *base) buildWpCliCmd(wpCliArgs string, suppressStderr bool, shell string) string {
+	cmd := fmt.Sprintf("%s %s --path=%s", l.ServerInfo.WordPress.CmdPath, wpCliArgs, l.ServerInfo.WordPress.DocRoot)
+	if !l.ServerInfo.WordPress.NoSudo {
+		cmd = fmt.Sprintf("sudo -u %s -i -- %s --allow-root", l.ServerInfo.WordPress.OSUser, cmd)
+	} else if l.ServerInfo.User != l.ServerInfo.WordPress.OSUser {
+		cmd = fmt.Sprintf("su %s -c '%s'", l.ServerInfo.WordPress.OSUser, cmd)
+	}
+
+	if suppressStderr {
+		switch shell {
+		case "csh", "tcsh":
+			cmd = fmt.Sprintf("( %s > /dev/tty ) >& /dev/null", cmd)
+		default:
+			cmd = fmt.Sprintf("%s 2>/dev/null", cmd)
+		}
+	}
+	return cmd
+}
+
 func (l *base) scanWordPress() error {
 	if l.ServerInfo.WordPress.IsZero() || l.ServerInfo.Type == constant.ServerTypePseudo {
 		return nil
 	}
+
+	shell, err := l.detectShell()
+	if err != nil {
+		return xerrors.Errorf("Failed to detect shell. err: %w", err)
+	}
+
 	l.log.Info("Scanning WordPress...")
-	cmd := fmt.Sprintf("sudo -u %s -i -- %s core version --path=%s --allow-root",
-		l.ServerInfo.WordPress.OSUser,
-		l.ServerInfo.WordPress.CmdPath,
-		l.ServerInfo.WordPress.DocRoot)
+	if l.ServerInfo.WordPress.NoSudo && l.ServerInfo.User != l.ServerInfo.WordPress.OSUser {
+		if r := l.exec(fmt.Sprintf("timeout 2 su %s -c exit", l.ServerInfo.WordPress.OSUser), noSudo); !r.isSuccess() {
+			return xerrors.New("Failed to switch user without password. err: please configure to switch users without password")
+		}
+	}
+
+	cmd := l.buildWpCliCmd("core version", false, shell)
 	if r := exec(l.ServerInfo, cmd, noSudo); !r.isSuccess() {
 		return xerrors.Errorf("Failed to exec `%s`. Check the OS user, command path of wp-cli, DocRoot and permission: %#v", cmd, l.ServerInfo.WordPress)
 	}

-	wp, err := l.detectWordPress()
+	wp, err := l.detectWordPress(shell)
 	if err != nil {
 		return xerrors.Errorf("Failed to scan wordpress: %w", err)
 	}
@@ -838,18 +865,44 @@ func (l *base) scanWordPress() error {
 	return nil
 }

-func (l *base) detectWordPress() (*models.WordPressPackages, error) {
-	ver, err := l.detectWpCore()
+func (l *base) detectShell() (string, error) {
+	if r := l.exec("printenv SHELL", noSudo); r.isSuccess() {
+		if t := strings.TrimSpace(r.Stdout); t != "" {
+			return filepath.Base(t), nil
+		}
+	}
+
+	if r := l.exec(fmt.Sprintf(`grep "^%s" /etc/passwd | awk -F: '/%s/ { print $7 }'`, l.ServerInfo.User, l.ServerInfo.User), noSudo); r.isSuccess() {
+		if t := strings.TrimSpace(r.Stdout); t != "" {
+			return filepath.Base(t), nil
+		}
+	}
+
+	if isLocalExec(l.ServerInfo.Port, l.ServerInfo.Host) {
+		if r := l.exec("ps -p $$ | tail +2 | awk '{print $NF}'", noSudo); r.isSuccess() {
+			return strings.TrimSpace(r.Stdout), nil
+		}
+
+		if r := l.exec("ps -p %self | tail +2 | awk '{print $NF}'", noSudo); r.isSuccess() {
+			return strings.TrimSpace(r.Stdout), nil
+		}
+	}
+
+	return "", xerrors.New("shell cannot be determined")
+}
+
+func (l *base) detectWordPress(shell string) (*models.WordPressPackages, error) {
+	ver, err := l.detectWpCore(shell)
 	if err != nil {
 		return nil, err
 	}

-	themes, err := l.detectWpThemes()
+	themes, err := l.detectWpThemes(shell)
 	if err != nil {
 		return nil, err
 	}

-	plugins, err := l.detectWpPlugins()
+	plugins, err := l.detectWpPlugins(shell)
 	if err != nil {
 		return nil, err
 	}
@@ -866,11 +919,8 @@ func (l *base) detectWordPress() (*models.WordPressPackages, error) {
 	return &pkgs, nil
 }

-func (l *base) detectWpCore() (string, error) {
-	cmd := fmt.Sprintf("sudo -u %s -i -- %s core version --path=%s --allow-root 2>/dev/null",
-		l.ServerInfo.WordPress.OSUser,
-		l.ServerInfo.WordPress.CmdPath,
-		l.ServerInfo.WordPress.DocRoot)
+func (l *base) detectWpCore(shell string) (string, error) {
+	cmd := l.buildWpCliCmd("core version", true, shell)

 	r := exec(l.ServerInfo, cmd, noSudo)
 	if !r.isSuccess() {
@@ -879,11 +929,8 @@ func (l *base) detectWpCore() (string, error) {
 	return strings.TrimSpace(r.Stdout), nil
 }

-func (l *base) detectWpThemes() ([]models.WpPackage, error) {
-	cmd := fmt.Sprintf("sudo -u %s -i -- %s theme list --path=%s --format=json --allow-root 2>/dev/null",
-		l.ServerInfo.WordPress.OSUser,
-		l.ServerInfo.WordPress.CmdPath,
-		l.ServerInfo.WordPress.DocRoot)
+func (l *base) detectWpThemes(shell string) ([]models.WpPackage, error) {
+	cmd := l.buildWpCliCmd("theme list --format=json", true, shell)

 	var themes []models.WpPackage
 	r := exec(l.ServerInfo, cmd, noSudo)
@@ -900,11 +947,8 @@ func (l *base) detectWpThemes() ([]models.WpPackage, error) {
 	return themes, nil
 }

-func (l *base) detectWpPlugins() ([]models.WpPackage, error) {
-	cmd := fmt.Sprintf("sudo -u %s -i -- %s plugin list --path=%s --format=json --allow-root 2>/dev/null",
-		l.ServerInfo.WordPress.OSUser,
-		l.ServerInfo.WordPress.CmdPath,
-		l.ServerInfo.WordPress.DocRoot)
+func (l *base) detectWpPlugins(shell string) ([]models.WpPackage, error) {
+	cmd := l.buildWpCliCmd("plugin list --format=json", true, shell)

 	var plugins []models.WpPackage
 	r := exec(l.ServerInfo, cmd, noSudo)
@@ -1261,10 +1305,15 @@ func (l *base) parseGrepProcMap(stdout string) (soPaths []string) {
 	return soPaths
 }

+var errLSOFNoInternetFiles = xerrors.New("no Internet files located")
+
 func (l *base) lsOfListen() (string, error) {
-	cmd := `lsof -i -P -n`
+	cmd := `lsof -i -P -n -V`
 	r := l.exec(util.PrependProxyEnv(cmd), sudo)
 	if !r.isSuccess() {
+		if strings.TrimSpace(r.Stdout) == "lsof: no Internet files located" {
+			return "", xerrors.Errorf("Failed to lsof: %w", errLSOFNoInternetFiles)
+		}
 		return "", xerrors.Errorf("Failed to lsof: %s", r)
 	}
 	return r.Stdout, nil
@@ -1320,7 +1369,7 @@ func (l *base) pkgPs(getOwnerPkgs func([]string) ([]string, error)) error {

 	pidListenPorts := map[string][]models.PortStat{}
 	stdout, err = l.lsOfListen()
-	if err != nil {
+	if err != nil && !xerrors.Is(err, errLSOFNoInternetFiles) {
 		// warning only, continue scanning
 		l.log.Warnf("Failed to lsof: %+v", err)
 	}
--- a/scanner/debian.go
+++ b/scanner/debian.go
@@ -338,7 +338,7 @@ func (o *debian) rebootRequired() (bool, error) {
 	}
 }

-const dpkgQuery = `dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${Source},\${source:Version}\n"`
+const dpkgQuery = `dpkg-query -W -f="\${binary:Package},\${db:Status-Abbrev},\${Version},\${source:Package},\${source:Version}\n"`

 func (o *debian) scanInstalledPackages() (models.Packages, models.Packages, models.SrcPackages, error) {
 	updatable := models.Packages{}
@@ -417,29 +417,19 @@ func (o *debian) parseInstalledPackages(stdout string) (models.Packages, models.
 				Version: version,
 			}

-			if srcName != "" && srcName != name {
-				if pack, ok := srcPacks[srcName]; ok {
-					pack.AddBinaryName(name)
-					srcPacks[srcName] = pack
-				} else {
-					srcPacks[srcName] = models.SrcPackage{
-						Name:        srcName,
-						Version:     srcVersion,
-						BinaryNames: []string{name},
-					}
+			if pack, ok := srcPacks[srcName]; ok {
+				pack.AddBinaryName(name)
+				srcPacks[srcName] = pack
+			} else {
+				srcPacks[srcName] = models.SrcPackage{
+					Name:        srcName,
+					Version:     srcVersion,
+					BinaryNames: []string{name},
 				}
 			}
 		}
 	}

-	// Remove "linux"
-	// kernel-related packages are showed "linux" as source package name
-	// If "linux" is left, oval detection will cause trouble, so delete.
-	delete(srcPacks, "linux")
-	// Remove duplicate
-	for name := range installed {
-		delete(srcPacks, name)
-	}
 	return installed, srcPacks, nil
 }

@@ -454,8 +444,20 @@ func (o *debian) parseScannedPackagesLine(line string) (name, status, version, s
 		status = strings.TrimSpace(ss[1])
 		version = ss[2]
 		// remove version. ex: tar (1.27.1-2)
+
+		// Source name and version are computed from binary package name and version in dpkg.
+		// Source package name:
+		// https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/lib/dpkg/pkg-format.c#n338
 		srcName = strings.Split(ss[3], " ")[0]
+		if srcName == "" {
+			srcName = name
+		}
+		// Source package version:
+		// https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/lib/dpkg/pkg-show.c#n428
 		srcVersion = ss[4]
+		if srcVersion == "" {
+			srcVersion = version
+		}
 		return
 	}

--- a/scanner/redhatbase.go
+++ b/scanner/redhatbase.go
@@ -188,6 +188,39 @@ func detectRedhat(c config.ServerInfo) (bool, osTypeInterface) {
 		}
 	}

+	if r := exec(c, "ls /etc/amazon-linux-release", noSudo); r.isSuccess() {
+		// $ cat /etc/amazon-linux-release
+		// Amazon Linux release 2022 (Amazon Linux)
+		// Amazon Linux release 2023 (Amazon Linux)
+		if r := exec(c, "cat /etc/amazon-linux-release", noSudo); r.isSuccess() {
+			amazon := newAmazon(c)
+			result := releasePattern.FindStringSubmatch(strings.TrimSpace(r.Stdout))
+			if len(result) != 3 {
+				amazon.setErrs([]error{xerrors.Errorf("Failed to parse /etc/amazon-linux-release. r.Stdout: %s", r.Stdout)})
+				return true, amazon
+			}
+
+			release := result[2]
+			major, err := strconv.Atoi(util.Major(release))
+			if err != nil {
+				amazon.setErrs([]error{xerrors.Errorf("Failed to parse major version from release: %s", release)})
+				return true, amazon
+			}
+			if major < 2022 {
+				amazon.setErrs([]error{xerrors.Errorf("Failed to init Amazon Linux. err: not supported major version. versions prior to Amazon Linux 2022 are not supported, detected version is %s", release)})
+				return true, amazon
+			}
+			switch strings.ToLower(result[1]) {
+			case "amazon", "amazon linux":
+				amazon.setDistro(constant.Amazon, release)
+				return true, amazon
+			default:
+				amazon.setErrs([]error{xerrors.Errorf("Failed to parse Amazon Linux Name. release: %s", release)})
+				return true, amazon
+			}
+		}
+	}
+
 	if r := exec(c, "ls /etc/redhat-release", noSudo); r.isSuccess() {
 		// https://www.rackaid.com/blog/how-to-determine-centos-or-red-hat-version/
 		// e.g.
@@ -266,19 +299,24 @@ func detectRedhat(c config.ServerInfo) (bool, osTypeInterface) {
 		family := constant.Amazon
 		release := "unknown"
 		if r := exec(c, "cat /etc/system-release", noSudo); r.isSuccess() {
-			if strings.HasPrefix(r.Stdout, "Amazon Linux release 2022") {
-				fields := strings.Fields(r.Stdout)
-				release = strings.Join(fields[3:], " ")
-			} else if strings.HasPrefix(r.Stdout, "Amazon Linux 2022") {
-				fields := strings.Fields(r.Stdout)
-				release = strings.Join(fields[2:], " ")
-			} else if strings.HasPrefix(r.Stdout, "Amazon Linux release 2") {
-				fields := strings.Fields(r.Stdout)
-				release = fmt.Sprintf("%s %s", fields[3], fields[4])
-			} else if strings.HasPrefix(r.Stdout, "Amazon Linux 2") {
-				fields := strings.Fields(r.Stdout)
-				release = strings.Join(fields[2:], " ")
-			} else {
+			switch {
+			case strings.HasPrefix(r.Stdout, "Amazon Linux AMI release"):
+				// Amazon Linux AMI release 2017.09
+				// Amazon Linux AMI release 2018.03
+				release = "1"
+			case strings.HasPrefix(r.Stdout, "Amazon Linux 2022"), strings.HasPrefix(r.Stdout, "Amazon Linux release 2022"):
+				// Amazon Linux 2022 (Amazon Linux)
+				// Amazon Linux release 2022 (Amazon Linux)
+				release = "2022"
+			case strings.HasPrefix(r.Stdout, "Amazon Linux 2023"), strings.HasPrefix(r.Stdout, "Amazon Linux release 2023"):
+				// Amazon Linux 2023 (Amazon Linux)
+				// Amazon Linux release 2023 (Amazon Linux)
+				release = "2023"
+			case strings.HasPrefix(r.Stdout, "Amazon Linux 2"), strings.HasPrefix(r.Stdout, "Amazon Linux release 2"):
+				// Amazon Linux 2 (Karoo)
+				// Amazon Linux release 2 (Karoo)
+				release = "2"
+			default:
 				fields := strings.Fields(r.Stdout)
 				if len(fields) == 5 {
 					release = fields[4]
--- a/scanner/scanner.go
+++ b/scanner/scanner.go
@@ -10,7 +10,6 @@ import (
 	"strings"
 	"time"

-	debver "github.com/knqyf263/go-deb-version"
 	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"

@@ -163,13 +162,14 @@ func ViaHTTP(header http.Header, body string, toLocalFile bool) (models.ScanResu

 	switch family {
 	case constant.Windows:
-		osInfo, hotfixs, err := parseSystemInfo(body)
+		osInfo, hotfixs, err := parseSystemInfo(toUTF8(body))
 		if err != nil {
 			return models.ScanResult{}, xerrors.Errorf("Failed to parse systeminfo.exe. err: %w", err)
 		}

 		release := header.Get("X-Vuls-OS-Release")
 		if release == "" {
+			logging.Log.Debugf("osInfo(systeminfo.exe): %+v", osInfo)
 			release, err = detectOSName(osInfo)
 			if err != nil {
 				return models.ScanResult{}, xerrors.Errorf("Failed to detect os name. err: %w", err)
@@ -190,11 +190,6 @@ func ViaHTTP(header http.Header, body string, toLocalFile bool) (models.ScanResu
 				log: logging.Log,
 			},
 		}
-		v, err := w.detectKernelVersion(hotfixs)
-		if err != nil {
-			return models.ScanResult{}, xerrors.Errorf("Failed to detect kernel version. err: %w", err)
-		}
-		w.Kernel = models.Kernel{Version: v}

 		kbs, err := w.detectKBsFromKernelVersion()
 		if err != nil {
@@ -217,7 +212,7 @@ func ViaHTTP(header http.Header, body string, toLocalFile bool) (models.ScanResu
 			Family:     family,
 			Release:    release,
 			RunningKernel: models.Kernel{
-				Version: v,
+				Version: kernelVersion,
 			},
 			WindowsKB:   &models.WindowsKB{Applied: maps.Keys(applied), Unapplied: maps.Keys(unapplied)},
 			ScannedCves: models.VulnInfos{},
@@ -234,16 +229,6 @@ func ViaHTTP(header http.Header, body string, toLocalFile bool) (models.ScanResu
 		}

 		kernelVersion := header.Get("X-Vuls-Kernel-Version")
-		if family == constant.Debian {
-			if kernelVersion == "" {
-				logging.Log.Warn("X-Vuls-Kernel-Version is empty. skip kernel vulnerability detection.")
-			} else {
-				if _, err := debver.NewVersion(kernelVersion); err != nil {
-					logging.Log.Warnf("X-Vuls-Kernel-Version is invalid. skip kernel vulnerability detection. actual kernelVersion: %s, err: %s", kernelVersion, err)
-					kernelVersion = ""
-				}
-			}
-		}

 		distro := config.Distro{
 			Family:  family,
@@ -423,6 +408,10 @@ func validateSSHConfig(c *config.ServerInfo) error {
 	logging.Log.Debugf("Executing... %s", strings.Replace(sshConfigCmd, "\n", "", -1))
 	configResult := localExec(*c, sshConfigCmd, noSudo)
 	if !configResult.isSuccess() {
+		if strings.Contains(configResult.Stderr, "unknown option -- G") {
+			logging.Log.Warn("SSH configuration validation is skipped. To enable validation, G option introduced in OpenSSH 6.8 must be enabled.")
+			return nil
+		}
 		return xerrors.Errorf("Failed to print SSH configuration. err: %w", configResult.Error)
 	}
 	sshConfig := parseSSHConfiguration(configResult.Stdout)
--- a/scanner/scanner_test.go
+++ b/scanner/scanner_test.go
@@ -166,11 +166,11 @@ Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
 				Family:  "windows",
 				Release: "Windows 10 Version 21H2 for x64-based Systems",
 				RunningKernel: models.Kernel{
-					Version: "10.0.19044.1645",
+					Version: "10.0.19044",
 				},
 				WindowsKB: &models.WindowsKB{
-					Applied:   []string{"5009543", "5011487", "5007401", "5011651", "5008212", "5012117", "4562830", "5005699", "5011543", "5012599", "5007253", "5010793", "5010415", "5003791", "5009596", "5010342"},
-					Unapplied: []string{"5021233", "5019275", "5015020", "5014023", "5014666", "5017380", "5020435", "5020030", "5011831", "5014699", "5017308", "5018482", "5022834", "5016139", "5016688", "5018410", "5022282", "5013942", "5015807", "5015878", "5016616", "5020953", "5019959", "5022906"},
+					Applied:   []string{"5012117", "4562830", "5003791", "5007401", "5012599", "5011651", "5005699"},
+					Unapplied: []string{},
 				},
 			},
 		},
--- a/scanner/windows.go
+++ b/scanner/windows.go
@@ -3,12 +3,12 @@ package scanner
 import (
 	"bufio"
 	"fmt"
+	"net"
 	"regexp"
 	"strconv"
 	"strings"

 	"golang.org/x/exp/maps"
-	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"

 	"github.com/future-architect/vuls/config"
@@ -51,22 +51,25 @@ func detectWindows(c config.ServerInfo) (bool, osTypeInterface) {
 	tmp := c
 	tmp.Distro.Family = constant.Windows

-	if r, r2 := exec(tmp, `$CurrentVersion = (Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion"); Format-List -InputObject $CurrentVersion -Property ProductName, CurrentVersion, CurrentMajorVersionNumber, CurrentMinorVersionNumber, CurrentBuildNumber, UBR, CSDVersion, EditionID, InstallationType`, noSudo), exec(tmp, `(Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment").PROCESSOR_ARCHITECTURE`, noSudo); (r.isSuccess() && r.Stdout != "") && (r2.isSuccess() && r2.Stdout != "") {
-		w := newWindows(c)
-		osInfo, err := parseRegistry(r.Stdout, strings.TrimSpace(r2.Stdout))
-		if err != nil {
-			w.setErrs([]error{xerrors.Errorf("Failed to parse Registry. err: %w", err)})
-			return true, w
-		}
+	if isLocalExec(c.Port, c.Host) {
+		if r, r2 := exec(tmp, `$CurrentVersion = (Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion"); Format-List -InputObject $CurrentVersion -Property ProductName, CurrentVersion, CurrentMajorVersionNumber, CurrentMinorVersionNumber, CurrentBuildNumber, UBR, CSDVersion, EditionID, InstallationType`, noSudo), exec(tmp, `(Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment").PROCESSOR_ARCHITECTURE`, noSudo); (r.isSuccess() && r.Stdout != "") && (r2.isSuccess() && r2.Stdout != "") {
+			w := newWindows(c)
+			osInfo, err := parseRegistry(r.Stdout, strings.TrimSpace(r2.Stdout))
+			if err != nil {
+				w.setErrs([]error{xerrors.Errorf("Failed to parse Registry. err: %w", err)})
+				return true, w
+			}

-		release, err := detectOSName(osInfo)
-		if err != nil {
-			w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)})
+			w.log.Debugf("osInfo(Registry): %+v", osInfo)
+			release, err := detectOSName(osInfo)
+			if err != nil {
+				w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)})
+				return true, w
+			}
+			w.setDistro(constant.Windows, release)
+			w.Kernel = models.Kernel{Version: formatKernelVersion(osInfo)}
 			return true, w
 		}
-		w.setDistro(constant.Windows, release)
-		w.Kernel = models.Kernel{Version: formatKernelVersion(osInfo)}
-		return true, w
 	}

 	if r := exec(tmp, "Get-ComputerInfo -Property WindowsProductName, OsVersion, WindowsEditionId, OsCSDVersion, CsSystemType, WindowsInstallationType", noSudo); r.isSuccess() && r.Stdout != "" {
@@ -77,6 +80,7 @@ func detectWindows(c config.ServerInfo) (bool, osTypeInterface) {
 			return true, w
 		}

+		w.log.Debugf("osInfo(Get-ComputerInfo): %+v", osInfo)
 		release, err := detectOSName(osInfo)
 		if err != nil {
 			w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)})
@@ -95,6 +99,7 @@ func detectWindows(c config.ServerInfo) (bool, osTypeInterface) {
 			return true, w
 		}

+		w.log.Debugf("osInfo(Get-WmiObject): %+v", osInfo)
 		release, err := detectOSName(osInfo)
 		if err != nil {
 			w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)})
@@ -113,6 +118,7 @@ func detectWindows(c config.ServerInfo) (bool, osTypeInterface) {
 			return true, w
 		}

+		w.log.Debugf("osInfo(systeminfo.exe): %+v", osInfo)
 		release, err := detectOSName(osInfo)
 		if err != nil {
 			w.setErrs([]error{xerrors.Errorf("Failed to detect os name. err: %w", err)})
@@ -169,6 +175,8 @@ func parseSystemInfo(stdout string) (osInfo, []string, error) {
 				o.installationType = "Server"
 			case strings.Contains(line, "Workstation"):
 				o.installationType = "Client"
+			case strings.Contains(line, "Domain Controller"):
+				o.installationType = "Domain Controller"
 			default:
 				return osInfo{}, nil, xerrors.Errorf("Failed to detect installation type. line: %s", line)
 			}
@@ -451,7 +459,7 @@ func parseWmiObject(stdout string) (osInfo, error) {
 			case "2", "3":
 				o.installationType = "Server"
 			case "4", "5":
-				o.installationType = "Controller"
+				o.installationType = "Domain Controller"
 			default:
 				return osInfo{}, xerrors.Errorf("Failed to detect Installation Type from DomainRole. err: %s is invalid DomainRole", domainRole)
 			}
@@ -560,7 +568,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) {
 				return fmt.Sprintf("Microsoft Windows 2000 %s", osInfo.servicePack), nil
 			}
 			return "Microsoft Windows 2000", nil
-		case "Server":
+		case "Server", "Domain Controller":
 			if osInfo.servicePack != "" {
 				return fmt.Sprintf("Microsoft Windows 2000 Server %s", osInfo.servicePack), nil
 			}
@@ -611,7 +619,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) {
 				return fmt.Sprintf("%s %s", n, osInfo.servicePack), nil
 			}
 			return n, nil
-		case "Server":
+		case "Server", "Domain Controller":
 			n := "Microsoft Windows Server 2003"
 			if strings.Contains(osInfo.productName, "R2") {
 				n = "Microsoft Windows Server 2003 R2"
@@ -645,7 +653,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) {
 				return fmt.Sprintf("%s %s", n, osInfo.servicePack), nil
 			}
 			return n, nil
-		case "Server":
+		case "Server", "Domain Controller":
 			arch, err := formatArch(osInfo.arch)
 			if err != nil {
 				return "", err
@@ -675,7 +683,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) {
 				return fmt.Sprintf("Windows 7 for %s Systems %s", arch, osInfo.servicePack), nil
 			}
 			return fmt.Sprintf("Windows 7 for %s Systems", arch), nil
-		case "Server":
+		case "Server", "Domain Controller":
 			arch, err := formatArch(osInfo.arch)
 			if err != nil {
 				return "", err
@@ -702,7 +710,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) {
 				return "", err
 			}
 			return fmt.Sprintf("Windows 8 for %s Systems", arch), nil
-		case "Server":
+		case "Server", "Domain Controller":
 			return "Windows Server 2012", nil
 		case "Server Core":
 			return "Windows Server 2012 (Server Core installation)", nil
@@ -715,7 +723,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) {
 				return "", err
 			}
 			return fmt.Sprintf("Windows 8.1 for %s Systems", arch), nil
-		case "Server":
+		case "Server", "Domain Controller":
 			return "Windows Server 2012 R2", nil
 		case "Server Core":
 			return "Windows Server 2012 R2 (Server Core installation)", nil
@@ -744,7 +752,7 @@ func detectOSNameFromOSInfo(osInfo osInfo) (string, error) {
 				return "", err
 			}
 			return fmt.Sprintf("%s for %s Systems", name, arch), nil
-		case "Server":
+		case "Server", "Nano Server", "Domain Controller":
 			return formatNamebyBuild("Server", osInfo.build)
 		case "Server Core":
 			name, err := formatNamebyBuild("Server", osInfo.build)
@@ -948,6 +956,10 @@ func (o *windows) checkDeps() error {
 }

 func (o *windows) preCure() error {
+	if err := o.detectIPAddr(); err != nil {
+		o.log.Warnf("Failed to detect IP addresses: %s", err)
+		o.warns = append(o.warns, err)
+	}
 	return nil
 }

@@ -955,6 +967,55 @@ func (o *windows) postScan() error {
 	return nil
 }

+func (o *windows) detectIPAddr() error {
+	var err error
+	o.ServerInfo.IPv4Addrs, o.ServerInfo.IPv6Addrs, err = o.ip()
+	return err
+}
+
+func (o *windows) ip() ([]string, []string, error) {
+	r := o.exec("ipconfig.exe", noSudo)
+	if !r.isSuccess() {
+		return nil, nil, xerrors.Errorf("Failed to detect IP address: %v", r)
+	}
+	ipv4Addrs, ipv6Addrs := o.parseIP(r.Stdout)
+	return ipv4Addrs, ipv6Addrs, nil
+}
+
+func (o *windows) parseIP(stdout string) ([]string, []string) {
+	var ipv4Addrs, ipv6Addrs []string
+
+	scanner := bufio.NewScanner(strings.NewReader(stdout))
+	for scanner.Scan() {
+		t := strings.TrimSpace(scanner.Text())
+		lhs, rhs, ok := strings.Cut(t, ":")
+		if !ok {
+			continue
+		}
+		switch {
+		case strings.HasPrefix(lhs, "IPv4 Address"), strings.Contains(lhs, "Autoconfiguration IPv4 Address"), strings.HasPrefix(lhs, "IPv4 アドレス"), strings.HasPrefix(lhs, "自動構成 IPv4 アドレス"):
+			rhs = strings.NewReplacer("(Duplicate)", "", "(Preferred)", "", "(重複)", "", "(優先)", "").Replace(rhs)
+			if ip := net.ParseIP(strings.TrimSpace(rhs)); ip != nil {
+				ipv4Addrs = append(ipv4Addrs, ip.String())
+			}
+		case strings.HasPrefix(lhs, "IPv6 Address"), strings.HasPrefix(lhs, "Temporary IPv6 Address"), strings.HasPrefix(lhs, "IPv6 アドレス"), strings.HasPrefix(lhs, "一時 IPv6 アドレス"):
+			if ip := net.ParseIP(strings.TrimSpace(rhs)); ip != nil {
+				ipv6Addrs = append(ipv6Addrs, ip.String())
+			}
+		case strings.HasPrefix(lhs, "Link-local IPv6 Address"), strings.HasPrefix(lhs, "リンクローカル IPv6 アドレス"):
+			lhs, _, ok := strings.Cut(rhs, "%")
+			if !ok {
+				break
+			}
+			if ip := net.ParseIP(strings.TrimSpace(lhs)); ip != nil {
+				ipv6Addrs = append(ipv6Addrs, ip.String())
+			}
+		default:
+		}
+	}
+	return ipv4Addrs, ipv6Addrs
+}
+
 func (o *windows) scanPackages() error {
 	if r := o.exec("$Packages = (Get-Package); Format-List -InputObject $Packages -Property Name, Version, ProviderName", noSudo); r.isSuccess() {
 		installed, _, err := o.parseInstalledPackages(r.Stdout)
@@ -1037,39 +1098,41 @@ func (o *windows) scanKBs() (*models.WindowsKB, error) {
 		}
 	}

-	var searcher string
-	switch c := o.getServerInfo().Windows; c.ServerSelection {
-	case 3: // https://learn.microsoft.com/en-us/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline
-		searcher = fmt.Sprintf("$UpdateSession = (New-Object -ComObject Microsoft.Update.Session); $UpdateServiceManager = (New-Object -ComObject Microsoft.Update.ServiceManager); $UpdateService = $UpdateServiceManager.AddScanPackageService(\"Offline Sync Service\", \"%s\", 1); $UpdateSearcher = $UpdateSession.CreateUpdateSearcher(); $UpdateSearcher.ServerSelection = %d; $UpdateSearcher.ServiceID = $UpdateService.ServiceID;", c.CabPath, c.ServerSelection)
-	default:
-		searcher = fmt.Sprintf("$UpdateSession = (New-Object -ComObject Microsoft.Update.Session); $UpdateSearcher = $UpdateSession.CreateUpdateSearcher(); $UpdateSearcher.ServerSelection = %d;", c.ServerSelection)
-	}
+	if isLocalExec(o.getServerInfo().Port, o.getServerInfo().Host) {
+		var searcher string
+		switch c := o.getServerInfo().Windows; c.ServerSelection {
+		case 3: // https://learn.microsoft.com/en-us/windows/win32/wua_sdk/using-wua-to-scan-for-updates-offline
+			searcher = fmt.Sprintf("$UpdateSession = (New-Object -ComObject Microsoft.Update.Session); $UpdateServiceManager = (New-Object -ComObject Microsoft.Update.ServiceManager); $UpdateService = $UpdateServiceManager.AddScanPackageService(\"Offline Sync Service\", \"%s\", 1); $UpdateSearcher = $UpdateSession.CreateUpdateSearcher(); $UpdateSearcher.ServerSelection = %d; $UpdateSearcher.ServiceID = $UpdateService.ServiceID;", c.CabPath, c.ServerSelection)
+		default:
+			searcher = fmt.Sprintf("$UpdateSession = (New-Object -ComObject Microsoft.Update.Session); $UpdateSearcher = $UpdateSession.CreateUpdateSearcher(); $UpdateSearcher.ServerSelection = %d;", c.ServerSelection)
+		}

-	if r := o.exec(fmt.Sprintf(`%s $UpdateSearcher.search("IsInstalled = 1 and RebootRequired = 0 and Type='Software'").Updates | ForEach-Object -MemberName KBArticleIDs`, searcher), noSudo); r.isSuccess() {
-		kbs, err := o.parseWindowsUpdaterSearch(r.Stdout)
-		if err != nil {
-			return nil, xerrors.Errorf("Failed to parse Windows Update Search. err: %w", err)
+		if r := o.exec(fmt.Sprintf(`%s $UpdateSearcher.search("IsInstalled = 1 and RebootRequired = 0 and Type='Software'").Updates | ForEach-Object -MemberName KBArticleIDs`, searcher), noSudo); r.isSuccess() {
+			kbs, err := o.parseWindowsUpdaterSearch(r.Stdout)
+			if err != nil {
+				return nil, xerrors.Errorf("Failed to parse Windows Update Search. err: %w", err)
+			}
+			for _, kb := range kbs {
+				applied[kb] = struct{}{}
+			}
 		}
-		for _, kb := range kbs {
-			applied[kb] = struct{}{}
+		if r := o.exec(fmt.Sprintf(`%s $UpdateSearcher.search("IsInstalled = 0 and Type='Software'").Updates | ForEach-Object -MemberName KBArticleIDs`, searcher), noSudo); r.isSuccess() {
+			kbs, err := o.parseWindowsUpdaterSearch(r.Stdout)
+			if err != nil {
+				return nil, xerrors.Errorf("Failed to parse Windows Update Search. err: %w", err)
+			}
+			for _, kb := range kbs {
+				unapplied[kb] = struct{}{}
+			}
 		}
-	}
-	if r := o.exec(fmt.Sprintf(`%s $UpdateSearcher.search("IsInstalled = 0 and Type='Software'").Updates | ForEach-Object -MemberName KBArticleIDs`, searcher), noSudo); r.isSuccess() {
-		kbs, err := o.parseWindowsUpdaterSearch(r.Stdout)
-		if err != nil {
-			return nil, xerrors.Errorf("Failed to parse Windows Update Search. err: %w", err)
-		}
-		for _, kb := range kbs {
-			unapplied[kb] = struct{}{}
-		}
-	}
-	if r := o.exec(fmt.Sprintf(`%s $UpdateSearcher.search("IsInstalled = 1 and RebootRequired = 1 and Type='Software'").Updates | ForEach-Object -MemberName KBArticleIDs`, searcher), noSudo); r.isSuccess() {
-		kbs, err := o.parseWindowsUpdaterSearch(r.Stdout)
-		if err != nil {
-			return nil, xerrors.Errorf("Failed to parse Windows Update Search. err: %w", err)
-		}
-		for _, kb := range kbs {
-			unapplied[kb] = struct{}{}
+		if r := o.exec(fmt.Sprintf(`%s $UpdateSearcher.search("IsInstalled = 1 and RebootRequired = 1 and Type='Software'").Updates | ForEach-Object -MemberName KBArticleIDs`, searcher), noSudo); r.isSuccess() {
+			kbs, err := o.parseWindowsUpdaterSearch(r.Stdout)
+			if err != nil {
+				return nil, xerrors.Errorf("Failed to parse Windows Update Search. err: %w", err)
+			}
+			for _, kb := range kbs {
+				unapplied[kb] = struct{}{}
+			}
 		}
 	}

@@ -1083,12 +1146,6 @@ func (o *windows) scanKBs() (*models.WindowsKB, error) {
 		}
 	}

-	v, err := o.detectKernelVersion(maps.Keys(applied))
-	if err != nil {
-		return nil, xerrors.Errorf("Failed to detect kernel version. err: %w", err)
-	}
-	o.Kernel = models.Kernel{Version: v}
-
 	kbs, err := o.detectKBsFromKernelVersion()
 	if err != nil {
 		return nil, xerrors.Errorf("Failed to detect KBs from kernel version. err: %w", err)
@@ -1340,6 +1397,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "", kb: "5021291"},
 					{revision: "", kb: "5022338"},
 					{revision: "", kb: "5022872"},
+					{revision: "", kb: "5023769"},
+					{revision: "", kb: "5025279"},
+					{revision: "", kb: "5026413"},
+					{revision: "", kb: "5027275"},
 				},
 				securityOnly: []string{
 					"3192391",
@@ -1419,6 +1480,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					"5021288",
 					"5022339",
 					"5022874",
+					"5023759",
+					"5025277",
+					"5026426",
+					"5027256",
 				},
 			},
 		},
@@ -1543,6 +1608,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "", kb: "5021294"},
 					{revision: "", kb: "5022352"},
 					{revision: "", kb: "5022899"},
+					{revision: "", kb: "5023765"},
+					{revision: "", kb: "5025285"},
+					{revision: "", kb: "5026415"},
+					{revision: "", kb: "5027271"},
 				},
 				securityOnly: []string{
 					"3192392",
@@ -1621,6 +1690,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					"5021296",
 					"5022346",
 					"5022894",
+					"5023764",
+					"5025288",
+					"5026409",
+					"5027282",
 				},
 			},
 		},
@@ -1746,6 +1819,11 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "19624", kb: "5021243"},
 					{revision: "19685", kb: "5022297"},
 					{revision: "19747", kb: "5022858"},
+					{revision: "19805", kb: "5023713"},
+					{revision: "19869", kb: "5025234"},
+					{revision: "19926", kb: "5026382"},
+					{revision: "19983", kb: "5027230"},
+					{revision: "19986", kb: "5028622"},
 				},
 			},
 			// https://support.microsoft.com/en-us/topic/windows-10-update-history-2ad7900f-882c-1dfc-f9d7-82b7ca162010
@@ -1946,6 +2024,11 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "5582", kb: "5021235"},
 					{revision: "5648", kb: "5022289"},
 					{revision: "5717", kb: "5022838"},
+					{revision: "5786", kb: "5023697"},
+					{revision: "5850", kb: "5025228"},
+					{revision: "5921", kb: "5026363"},
+					{revision: "5989", kb: "5027219"},
+					{revision: "5996", kb: "5028623"},
 				},
 			},
 			// https://support.microsoft.com/en-us/topic/windows-10-update-history-83aa43c0-82e0-92d8-1580-10642c9ed612
@@ -2316,6 +2399,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "3772", kb: "5022554"},
 					{revision: "3887", kb: "5022286"},
 					{revision: "4010", kb: "5022840"},
+					{revision: "4131", kb: "5023702"},
+					{revision: "4252", kb: "5025229"},
+					{revision: "4377", kb: "5026362"},
+					{revision: "4499", kb: "5027222"},
 				},
 			},
 			// https://support.microsoft.com/en-us/topic/windows-10-update-history-e6058e7c-4116-38f1-b984-4fcacfba5e5d
@@ -2545,6 +2632,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "2546", kb: "5019275"},
 					{revision: "2604", kb: "5022834"},
 					{revision: "2673", kb: "5022906"},
+					{revision: "2728", kb: "5023696"},
+					{revision: "2788", kb: "5023773"},
+					{revision: "2846", kb: "5025221"},
+					{revision: "2965", kb: "5026361"},
 				},
 			},
 			// https://support.microsoft.com/en-us/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11
@@ -2636,6 +2727,11 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "2546", kb: "5019275"},
 					{revision: "2604", kb: "5022834"},
 					{revision: "2673", kb: "5022906"},
+					{revision: "2728", kb: "5023696"},
+					{revision: "2788", kb: "5023773"},
+					{revision: "2846", kb: "5025221"},
+					{revision: "2965", kb: "5026361"},
+					{revision: "3086", kb: "5027215"},
 				},
 			},
 			// https://support.microsoft.com/en-us/topic/windows-10-update-history-8127c2c6-6edf-4fdf-8b9f-0f7be1ef3562
@@ -2650,6 +2746,14 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "2546", kb: "5019275"},
 					{revision: "2604", kb: "5022834"},
 					{revision: "2673", kb: "5022906"},
+					{revision: "2728", kb: "5023696"},
+					{revision: "2788", kb: "5023773"},
+					{revision: "2846", kb: "5025221"},
+					{revision: "2913", kb: "5025297"},
+					{revision: "2965", kb: "5026361"},
+					{revision: "3031", kb: "5026435"},
+					{revision: "3086", kb: "5027215"},
+					{revision: "3155", kb: "5027293"},
 				},
 			},
 		},
@@ -2694,6 +2798,14 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "1516", kb: "5019274"},
 					{revision: "1574", kb: "5022836"},
 					{revision: "1641", kb: "5022905"},
+					{revision: "1696", kb: "5023698"},
+					{revision: "1761", kb: "5023774"},
+					{revision: "1817", kb: "5025224"},
+					{revision: "1880", kb: "5025298"},
+					{revision: "1936", kb: "5026368"},
+					{revision: "2003", kb: "5026436"},
+					{revision: "2057", kb: "5027223"},
+					{revision: "2124", kb: "5027292"},
 				},
 			},
 			// https://support.microsoft.com/en-us/topic/windows-11-version-22h2-update-history-ec4229c3-9c5f-4e75-9d6d-9025ab70fcce
@@ -2711,6 +2823,15 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "1105", kb: "5022303"},
 					{revision: "1194", kb: "5022360"},
 					{revision: "1265", kb: "5022845"},
+					{revision: "1344", kb: "5022913"},
+					{revision: "1413", kb: "5023706"},
+					{revision: "1485", kb: "5023778"},
+					{revision: "1555", kb: "5025239"},
+					{revision: "1635", kb: "5025305"},
+					{revision: "1702", kb: "5026372"},
+					{revision: "1778", kb: "5026446"},
+					{revision: "1848", kb: "5027231"},
+					{revision: "1928", kb: "5027303"},
 				},
 			},
 		},
@@ -2789,6 +2910,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "", kb: "5021289"},
 					{revision: "", kb: "5022340"},
 					{revision: "", kb: "5022890"},
+					{revision: "", kb: "5023755"},
+					{revision: "", kb: "5025271"},
+					{revision: "", kb: "5026408"},
+					{revision: "", kb: "5027279"},
 				},
 				securityOnly: []string{
 					"4457984",
@@ -2846,6 +2971,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					"5021293",
 					"5022353",
 					"5022893",
+					"5023754",
+					"5025273",
+					"5026427",
+					"5027277",
 				},
 			},
 		},
@@ -2968,6 +3097,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "", kb: "5021291"},
 					{revision: "", kb: "5022338"},
 					{revision: "", kb: "5022872"},
+					{revision: "", kb: "5023769"},
+					{revision: "", kb: "5025279"},
+					{revision: "", kb: "5026413"},
+					{revision: "", kb: "5027275"},
 				},
 				securityOnly: []string{
 					"3192391",
@@ -3047,6 +3180,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					"5021288",
 					"5022339",
 					"5022874",
+					"5023759",
+					"5025277",
+					"5026426",
+					"5027256",
 				},
 			},
 		},
@@ -3171,6 +3308,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "", kb: "5021285"},
 					{revision: "", kb: "5022348"},
 					{revision: "", kb: "5022903"},
+					{revision: "", kb: "5023756"},
+					{revision: "", kb: "5025287"},
+					{revision: "", kb: "5026419"},
+					{revision: "", kb: "5027283"},
 				},
 				securityOnly: []string{
 					"3192393",
@@ -3249,6 +3390,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					"5021303",
 					"5022343",
 					"5022895",
+					"5023752",
+					"5025272",
+					"5026411",
+					"5027281",
 				},
 			},
 		},
@@ -3373,6 +3518,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "", kb: "5021294"},
 					{revision: "", kb: "5022352"},
 					{revision: "", kb: "5022899"},
+					{revision: "", kb: "5023765"},
+					{revision: "", kb: "5025285"},
+					{revision: "", kb: "5026415"},
+					{revision: "", kb: "5027271"},
 				},
 				securityOnly: []string{
 					"3192392",
@@ -3451,6 +3600,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					"5021296",
 					"5022346",
 					"5022894",
+					"5023764",
+					"5025288",
+					"5026409",
+					"5027282",
 				},
 			},
 		},
@@ -3608,6 +3761,11 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "5582", kb: "5021235"},
 					{revision: "5648", kb: "5022289"},
 					{revision: "5717", kb: "5022838"},
+					{revision: "5786", kb: "5023697"},
+					{revision: "5850", kb: "5025228"},
+					{revision: "5921", kb: "5026363"},
+					{revision: "5989", kb: "5027219"},
+					{revision: "5996", kb: "5028623"},
 				},
 			},
 		},
@@ -3941,6 +4099,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "3772", kb: "5022554"},
 					{revision: "3887", kb: "5022286"},
 					{revision: "4010", kb: "5022840"},
+					{revision: "4131", kb: "5023702"},
+					{revision: "4252", kb: "5025229"},
+					{revision: "4377", kb: "5026362"},
+					{revision: "4499", kb: "5027222"},
 				},
 			},
 		},
@@ -4178,6 +4340,10 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "2546", kb: "5019275"},
 					{revision: "2604", kb: "5022834"},
 					{revision: "2673", kb: "5022906"},
+					{revision: "2728", kb: "5023696"},
+					{revision: "2788", kb: "5023773"},
+					{revision: "2846", kb: "5025221"},
+					{revision: "2965", kb: "5026361"},
 				},
 			},
 		},
@@ -4223,86 +4389,16 @@ var windowsReleases = map[string]map[string]map[string]updateProgram{
 					{revision: "1368", kb: "5022553"},
 					{revision: "1487", kb: "5022291"},
 					{revision: "1547", kb: "5022842"},
+					{revision: "1607", kb: "5023705"},
+					{revision: "1668", kb: "5025230"},
+					{revision: "1726", kb: "5026370"},
+					{revision: "1787", kb: "5027225"},
 				},
 			},
 		},
 	},
 }

-func (o *windows) detectKernelVersion(applied []string) (string, error) {
-	switch ss := strings.Split(o.Kernel.Version, "."); len(ss) {
-	case 3:
-		switch {
-		case strings.HasPrefix(o.getDistro().Release, "Windows 10"), strings.HasPrefix(o.getDistro().Release, "Windows 11"):
-			osver := strings.Fields(o.getDistro().Release)[1]
-
-			verReleases, ok := windowsReleases["Client"][osver]
-			if !ok {
-				return o.Kernel.Version, nil
-			}
-
-			rels, ok := verReleases[ss[2]]
-			if !ok {
-				return o.Kernel.Version, nil
-			}
-
-			var revs []string
-			for _, r := range rels.rollup {
-				if slices.Contains(applied, r.kb) {
-					revs = append(revs, r.revision)
-				}
-			}
-			if len(revs) == 0 {
-				return o.Kernel.Version, nil
-			}
-
-			slices.SortFunc(revs, func(i, j string) bool {
-				ni, _ := strconv.Atoi(i)
-				nj, _ := strconv.Atoi(j)
-				return ni < nj
-			})
-
-			return fmt.Sprintf("%s.%s", o.Kernel.Version, revs[len(revs)-1]), nil
-		case strings.HasPrefix(o.getDistro().Release, "Windows Server 2016"), strings.HasPrefix(o.getDistro().Release, "Windows Server, Version 1709"), strings.HasPrefix(o.getDistro().Release, "Windows Server, Version 1809"), strings.HasPrefix(o.getDistro().Release, "Windows Server 2019"), strings.HasPrefix(o.getDistro().Release, "Windows Server, Version 1903"), strings.HasPrefix(o.getDistro().Release, "Windows Server, Version 1909"), strings.HasPrefix(o.getDistro().Release, "Windows Server, Version 2004"), strings.HasPrefix(o.getDistro().Release, "Windows Server, Version 20H2"), strings.HasPrefix(o.getDistro().Release, "Windows Server 2022"):
-			osver := strings.TrimSpace(strings.NewReplacer("Windows Server", "", ",", "", "(Server Core installation)", "").Replace(o.getDistro().Release))
-
-			verReleases, ok := windowsReleases["Server"][osver]
-			if !ok {
-				return o.Kernel.Version, nil
-			}
-
-			rels, ok := verReleases[ss[2]]
-			if !ok {
-				return o.Kernel.Version, nil
-			}
-
-			var revs []string
-			for _, r := range rels.rollup {
-				if slices.Contains(applied, r.kb) {
-					revs = append(revs, r.revision)
-				}
-			}
-			if len(revs) == 0 {
-				return o.Kernel.Version, nil
-			}
-
-			slices.SortFunc(revs, func(i, j string) bool {
-				ni, _ := strconv.Atoi(i)
-				nj, _ := strconv.Atoi(j)
-				return ni < nj
-			})
-
-			return fmt.Sprintf("%s.%s", o.Kernel.Version, revs[len(revs)-1]), nil
-		default:
-			return o.Kernel.Version, nil
-		}
-	case 4:
-		return o.Kernel.Version, nil
-	default:
-		return "", xerrors.Errorf("unexpected kernel version. expected: <major version>.<minor version>.<build>(.<revision>), actual: %s", o.Kernel.Version)
-	}
-}
-
 func (o *windows) detectKBsFromKernelVersion() (models.WindowsKB, error) {
 	switch ss := strings.Split(o.Kernel.Version, "."); len(ss) {
 	case 3:
@@ -4404,5 +4500,65 @@ func (o *windows) detectKBsFromKernelVersion() (models.WindowsKB, error) {
 }

 func (o *windows) detectPlatform() {
+	if o.getServerInfo().Mode.IsOffline() {
+		o.setPlatform(models.Platform{Name: "unknown"})
+		return
+	}
+
+	ok, instanceID, err := o.detectRunningOnAws()
+	if err != nil {
+		o.setPlatform(models.Platform{Name: "other"})
+		return
+	}
+	if ok {
+		o.setPlatform(models.Platform{
+			Name:       "aws",
+			InstanceID: instanceID,
+		})
+		return
+	}
+
+	//TODO Azure, GCP...
 	o.setPlatform(models.Platform{Name: "other"})
 }
+
+func (o *windows) detectRunningOnAws() (bool, string, error) {
+	if r := o.exec("Invoke-WebRequest -MaximumRetryCount 3 -TimeoutSec 1 -NoProxy http://169.254.169.254/latest/meta-data/instance-id", noSudo); r.isSuccess() {
+		id := strings.TrimSpace(r.Stdout)
+		if o.isAwsInstanceID(id) {
+			return true, id, nil
+		}
+	}
+
+	if r := o.exec("Invoke-WebRequest -Method Put -MaximumRetryCount 3 -TimeoutSec 1 -NoProxy -Headers @{\"X-aws-ec2-metadata-token-ttl-seconds\"=\"300\"} http://169.254.169.254/latest/api/token", noSudo); r.isSuccess() {
+		r := o.exec(fmt.Sprintf("Invoke-WebRequest -MaximumRetryCount 3 -TimeoutSec 1 -NoProxy -Headers @{\"X-aws-ec2-metadata-token\"=\"%s\"} http://169.254.169.254/latest/meta-data/instance-id", strings.TrimSpace(r.Stdout)), noSudo)
+		if r.isSuccess() {
+			id := strings.TrimSpace(r.Stdout)
+			if !o.isAwsInstanceID(id) {
+				return false, "", nil
+			}
+			return true, id, nil
+		}
+	}
+
+	if r := o.exec("where.exe curl.exe", noSudo); r.isSuccess() {
+		if r := o.exec("curl.exe --max-time 1 --noproxy 169.254.169.254 http://169.254.169.254/latest/meta-data/instance-id", noSudo); r.isSuccess() {
+			id := strings.TrimSpace(r.Stdout)
+			if o.isAwsInstanceID(id) {
+				return true, id, nil
+			}
+		}
+
+		if r := o.exec("curl.exe -X PUT --max-time 1 --noproxy 169.254.169.254 -H \"X-aws-ec2-metadata-token-ttl-seconds: 300\" http://169.254.169.254/latest/api/token", noSudo); r.isSuccess() {
+			if r := o.exec(fmt.Sprintf("curl.exe -H \"X-aws-ec2-metadata-token: %s\" --max-time 1 --noproxy 169.254.169.254 http://169.254.169.254/latest/meta-data/instance-id", strings.TrimSpace(r.Stdout)), noSudo); r.isSuccess() {
+				id := strings.TrimSpace(r.Stdout)
+				if !o.isAwsInstanceID(id) {
+					return false, "", nil
+				}
+				return true, id, nil
+			}
+		}
+	}
+
+	return false, "", xerrors.Errorf("Failed to Invoke-WebRequest or curl.exe to AWS instance metadata on %s. container: %s", o.ServerInfo.ServerName, o.ServerInfo.Container.Name)
+}
--- a/scanner/windows_test.go
+++ b/scanner/windows_test.go
@@ -18,7 +18,7 @@ func Test_parseSystemInfo(t *testing.T) {
 		wantErr bool
 	}{
 		{
-			name: "happy",
+			name: "Workstation",
 			args: `
 Host Name:                 DESKTOP
 OS Name:                   Microsoft Windows 10 Pro
@@ -83,6 +83,120 @@ Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
 			},
 			kbs: []string{"5012117", "4562830", "5003791", "5007401", "5012599", "5011651", "5005699"},
 		},
+		{
+			name: "Server",
+			args: `
+Host Name:                 WIN-RIBN7SM07BK
+OS Name:                   Microsoft Windows Server 2022 Standard
+OS Version:                10.0.20348 N/A Build 20348
+OS Manufacturer:           Microsoft Corporation
+OS Configuration:          Standalone Server
+OS Build Type:             Multiprocessor Free
+Registered Owner:          Windows User
+Registered Organization:   
+Product ID:                00454-10000-00001-AA483
+Original Install Date:     10/1/2021, 4:15:34 PM
+System Boot Time:          10/22/2021, 8:36:55 AM
+System Manufacturer:       Microsoft Corporation
+System Model:              Virtual Machine
+System Type:               x64-based PC
+Processor(s):              1 Processor(s) Installed.
+						   [01]: Intel64 Family 6 Model 158 Stepping 9 GenuineIntel ~2808 Mhz
+BIOS Version:              Microsoft Corporation Hyper-V UEFI Release v4.0, 12/17/2019
+Windows Directory:         C:\Windows
+System Directory:          C:\Windows\system32
+Boot Device:               \Device\HarddiskVolume1
+System Locale:             en-us;English (United States)
+Input Locale:              en-us;English (United States)
+Time Zone:                 (UTC-08:00) Pacific Time (US & Canada)
+Total Physical Memory:     2,047 MB
+Available Physical Memory: 900 MB
+Virtual Memory: Max Size:  3,199 MB
+Virtual Memory: Available: 2,143 MB
+Virtual Memory: In Use:    1,056 MB
+Page File Location(s):     C:\pagefile.sys
+Domain:                    WORKGROUP
+Logon Server:              \\WIN-RIBN7SM07BK
+Hotfix(s):                 3 Hotfix(s) Installed.
+						   [01]: KB5004330
+						   [02]: KB5005039
+						   [03]: KB5005552
+Network Card(s):           1 NIC(s) Installed.
+						   [01]: Microsoft Hyper-V Network Adapter
+								 Connection Name: Ethernet
+								 DHCP Enabled:    Yes
+								 DHCP Server:     192.168.254.254
+								 IP address(es)
+								 [01]: 192.168.254.172
+								 [02]: fe80::b4a1:11cc:2c4:4f57
+Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.
+`,
+			osInfo: osInfo{
+				productName:      "Microsoft Windows Server 2022 Standard",
+				version:          "10.0",
+				build:            "20348",
+				revision:         "",
+				edition:          "",
+				servicePack:      "",
+				arch:             "x64-based",
+				installationType: "Server",
+			},
+			kbs: []string{"5004330", "5005039", "5005552"},
+		},
+		{
+			name: "Domain Controller",
+			args: `
+Host Name:                 vuls
+OS Name:                   Microsoft Windows Server 2019 Datacenter
+OS Version:                10.0.17763 N/A Build 17763
+OS Manufacturer:           Microsoft Corporation
+OS Configuration:          Primary Domain Controller
+OS Build Type:             Multiprocessor Free
+Registered Owner:          N/A
+Registered Organization:   N/A
+Product ID:                00430-00000-00000-AA602
+Original Install Date:     1/16/2023, 10:04:07 AM
+System Boot Time:          3/28/2023, 8:37:14 AM
+System Manufacturer:       Microsoft Corporation
+System Model:              Virtual Machine
+System Type:               x64-based PC
+Processor(s):              1 Processor(s) Installed.
+						   [01]: Intel64 Family 6 Model 85 Stepping 4 GenuineIntel ~2095 Mhz
+BIOS Version:              Microsoft Corporation Hyper-V UEFI Release v4.1, 5/9/2022
+Windows Directory:         C:\Windows
+System Directory:          C:\Windows\system32
+Boot Device:               \Device\HarddiskVolume3
+System Locale:             en-us;English (United States)
+Input Locale:              en-us;English (United States)
+Time Zone:                 (UTC) Coordinated Universal Time
+Total Physical Memory:     16,383 MB
+Available Physical Memory: 13,170 MB
+Virtual Memory: Max Size:  18,431 MB
+Virtual Memory: Available: 15,208 MB
+Virtual Memory: In Use:    3,223 MB
+Page File Location(s):     C:\pagefile.sys
+Domain:                    vuls
+Logon Server:              \\vuls
+Hotfix(s):                 5 Hotfix(s) Installed.
+						   [01]: KB5022511
+						   [02]: KB5012170
+						   [03]: KB5023702
+						   [04]: KB5020374
+						   [05]: KB5023789
+Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.
+`,
+			osInfo: osInfo{
+				productName:      "Microsoft Windows Server 2019 Datacenter",
+				version:          "10.0",
+				build:            "17763",
+				revision:         "",
+				edition:          "",
+				servicePack:      "",
+				arch:             "x64-based",
+				installationType: "Domain Controller",
+			},
+			kbs: []string{"5022511", "5012170", "5023702", "5020374", "5023789"},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -291,6 +405,20 @@ func Test_detectOSName(t *testing.T) {
 			},
 			want: "Windows Server 2022",
 		},
+		{
+			name: "Windows Server 2019",
+			args: osInfo{
+				productName:      "Microsoft Windows Server 2019 Datacenter",
+				version:          "10.0",
+				build:            "17763",
+				revision:         "",
+				edition:          "",
+				servicePack:      "",
+				arch:             "x64-based",
+				installationType: "Domain Controller",
+			},
+			want: "Windows Server 2019",
+		},
 		{
 			name: "err",
 			args: osInfo{
@@ -580,84 +708,6 @@ ResultCode : 2
 	}
 }

-func Test_windows_detectKernelVersion(t *testing.T) {
-	tests := []struct {
-		name    string
-		base    base
-		args    []string
-		want    string
-		wantErr bool
-	}{
-		{
-			name: "major.minor.build, applied on 10",
-			base: base{
-				Distro:     config.Distro{Release: "Windows 10 Version 22H2 for x64-based Systems"},
-				osPackages: osPackages{Kernel: models.Kernel{Version: "10.0.19045"}},
-			},
-			args: []string{"5020030", "5019275"},
-			want: "10.0.19045.2546",
-		},
-		{
-			name: "major.minor.build, zero applied on 10",
-			base: base{
-				Distro:     config.Distro{Release: "Windows 10 Version 22H2 for x64-based Systems"},
-				osPackages: osPackages{Kernel: models.Kernel{Version: "10.0.19045"}},
-			},
-			args: []string{},
-			want: "10.0.19045",
-		},
-		{
-			name: "major.minor.build.revision",
-			base: base{
-				Distro:     config.Distro{Release: "Windows 10 Version 22H2 for x64-based Systems"},
-				osPackages: osPackages{Kernel: models.Kernel{Version: "10.0.19045.2130"}},
-			},
-			want: "10.0.19045.2130",
-		},
-		{
-			name: "major.minor.build, applied on 11",
-			base: base{
-				Distro:     config.Distro{Release: "Windows 11 Version 22H2 for x64-based Systems"},
-				osPackages: osPackages{Kernel: models.Kernel{Version: "10.0.22621"}},
-			},
-			args: []string{"5017389", "5022303"},
-			want: "10.0.22621.1105",
-		},
-		{
-			name: "major.minor.build, applied on server 2022",
-			base: base{
-				Distro:     config.Distro{Release: "Windows Server 2022"},
-				osPackages: osPackages{Kernel: models.Kernel{Version: "10.0.20348"}},
-			},
-			args: []string{"5022842"},
-			want: "10.0.20348.1547",
-		},
-		{
-			name: "major.minor",
-			base: base{
-				Distro:     config.Distro{Release: "Windows 10 Version 22H2 for x64-based Systems"},
-				osPackages: osPackages{Kernel: models.Kernel{Version: "10.0"}},
-			},
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			o := &windows{
-				base: tt.base,
-			}
-			got, err := o.detectKernelVersion(tt.args)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("windows.detectKernelVersion() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != tt.want {
-				t.Errorf("windows.detectKernelVersion() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
 func Test_windows_detectKBsFromKernelVersion(t *testing.T) {
 	tests := []struct {
 		name    string
@@ -673,7 +723,7 @@ func Test_windows_detectKBsFromKernelVersion(t *testing.T) {
 			},
 			want: models.WindowsKB{
 				Applied:   nil,
-				Unapplied: []string{"5020953", "5019959", "5020030", "5021233", "5022282", "5019275", "5022834", "5022906"},
+				Unapplied: []string{"5020953", "5019959", "5020030", "5021233", "5022282", "5019275", "5022834", "5022906", "5023696", "5023773", "5025221", "5025297", "5026361", "5026435", "5027215", "5027293"},
 			},
 		},
 		{
@@ -684,7 +734,7 @@ func Test_windows_detectKBsFromKernelVersion(t *testing.T) {
 			},
 			want: models.WindowsKB{
 				Applied:   nil,
-				Unapplied: []string{"5020953", "5019959", "5020030", "5021233", "5022282", "5019275", "5022834", "5022906"},
+				Unapplied: []string{"5020953", "5019959", "5020030", "5021233", "5022282", "5019275", "5022834", "5022906", "5023696", "5023773", "5025221", "5025297", "5026361", "5026435", "5027215", "5027293"},
 			},
 		},
 		{
@@ -695,7 +745,7 @@ func Test_windows_detectKBsFromKernelVersion(t *testing.T) {
 			},
 			want: models.WindowsKB{
 				Applied:   []string{"5019311", "5017389", "5018427", "5019509", "5018496", "5019980", "5020044", "5021255", "5022303"},
-				Unapplied: []string{"5022360", "5022845"},
+				Unapplied: []string{"5022360", "5022845", "5022913", "5023706", "5023778", "5025239", "5025305", "5026372", "5026446", "5027231", "5027303"},
 			},
 		},
 		{
@@ -706,6 +756,17 @@ func Test_windows_detectKBsFromKernelVersion(t *testing.T) {
 			},
 			want: models.WindowsKB{
 				Applied:   []string{"5005575", "5005619", "5006699", "5006745", "5007205", "5007254", "5008223", "5010197", "5009555", "5010796", "5009608", "5010354", "5010421", "5011497", "5011558", "5012604", "5012637", "5013944", "5015013", "5014021", "5014678", "5014665", "5015827", "5015879", "5016627", "5016693", "5017316", "5017381", "5018421", "5020436", "5018485", "5019081", "5021656", "5020032", "5021249", "5022553", "5022291", "5022842"},
+				Unapplied: []string{"5023705", "5025230", "5026370", "5027225"},
+			},
+		},
+		{
+			name: "10.0.20348.9999",
+			base: base{
+				Distro:     config.Distro{Release: "Windows Server 2022"},
+				osPackages: osPackages{Kernel: models.Kernel{Version: "10.0.20348.9999"}},
+			},
+			want: models.WindowsKB{
+				Applied:   []string{"5005575", "5005619", "5006699", "5006745", "5007205", "5007254", "5008223", "5010197", "5009555", "5010796", "5009608", "5010354", "5010421", "5011497", "5011558", "5012604", "5012637", "5013944", "5015013", "5014021", "5014678", "5014665", "5015827", "5015879", "5016627", "5016693", "5017316", "5017381", "5018421", "5020436", "5018485", "5019081", "5021656", "5020032", "5021249", "5022553", "5022291", "5022842", "5023705", "5025230", "5026370", "5027225"},
 				Unapplied: nil,
 			},
 		},
@@ -734,3 +795,122 @@ func Test_windows_detectKBsFromKernelVersion(t *testing.T) {
 		})
 	}
 }
+
+func Test_windows_parseIP(t *testing.T) {
+	tests := []struct {
+		name      string
+		args      string
+		ipv4Addrs []string
+		ipv6Addrs []string
+	}{
+		{
+			name: "en",
+			args: `
+
+Windows IP Configuration
+
+
+Ethernet adapter イーサネット 4:
+
+   Connection-specific DNS Suffix  . : vuls.local
+   Link-local IPv6 Address . . . . . : fe80::19b6:ae27:d1fe:2041%33
+   Link-local IPv6 Address . . . . . : fe80::7080:8828:5cc8:c0ba%33
+   IPv4 Address. . . . . . . . . . . : 10.145.8.50
+   Subnet Mask . . . . . . . . . . . : 255.255.0.0
+   Default Gateway . . . . . . . . . : ::
+
+Ethernet adapter イーサネット 2:
+
+   Connection-specific DNS Suffix  . :
+   Link-local IPv6 Address . . . . . : fe80::f49d:2c16:4270:759d%9
+   IPv4 Address. . . . . . . . . . . : 192.168.56.1
+   Subnet Mask . . . . . . . . . . . : 255.255.255.0
+   Default Gateway . . . . . . . . . :
+
+Wireless LAN adapter ローカル エリア接続* 1:
+
+   Media State . . . . . . . . . . . : Media disconnected
+   Connection-specific DNS Suffix  . :
+
+Wireless LAN adapter ローカル エリア接続* 2:
+
+   Media State . . . . . . . . . . . : Media disconnected
+   Connection-specific DNS Suffix  . :
+
+Wireless LAN adapter Wi-Fi:
+
+   Connection-specific DNS Suffix  . :
+   IPv4 Address. . . . . . . . . . . : 192.168.0.205
+   Subnet Mask . . . . . . . . . . . : 255.255.255.0
+   Default Gateway . . . . . . . . . : 192.168.0.1
+
+Ethernet adapter Bluetooth ネットワーク接続:
+
+   Media State . . . . . . . . . . . : Media disconnected
+   Connection-specific DNS Suffix  . :
+`,
+			ipv4Addrs: []string{"10.145.8.50", "192.168.56.1", "192.168.0.205"},
+			ipv6Addrs: []string{"fe80::19b6:ae27:d1fe:2041", "fe80::7080:8828:5cc8:c0ba", "fe80::f49d:2c16:4270:759d"},
+		},
+		{
+			name: "ja",
+			args: `
+
+Windows IP 構成
+
+
+イーサネット アダプター イーサネット 4:
+
+   接続固有の DNS サフィックス . . . . .: future.co.jp
+   リンクローカル IPv6 アドレス. . . . .: fe80::19b6:ae27:d1fe:2041%33
+   リンクローカル IPv6 アドレス. . . . .: fe80::7080:8828:5cc8:c0ba%33
+   IPv4 アドレス . . . . . . . . . . . .: 10.145.8.50
+   サブネット マスク . . . . . . . . . .: 255.255.0.0
+   デフォルト ゲートウェイ . . . . . . .: ::
+
+イーサネット アダプター イーサネット 2:
+
+   接続固有の DNS サフィックス . . . . .:
+   リンクローカル IPv6 アドレス. . . . .: fe80::f49d:2c16:4270:759d%9
+   IPv4 アドレス . . . . . . . . . . . .: 192.168.56.1
+   サブネット マスク . . . . . . . . . .: 255.255.255.0
+   デフォルト ゲートウェイ . . . . . . .:
+
+Wireless LAN adapter ローカル エリア接続* 1:
+
+   メディアの状態. . . . . . . . . . . .: メディアは接続されていません
+   接続固有の DNS サフィックス . . . . .:
+
+Wireless LAN adapter ローカル エリア接続* 2:
+
+   メディアの状態. . . . . . . . . . . .: メディアは接続されていません
+   接続固有の DNS サフィックス . . . . .:
+
+Wireless LAN adapter Wi-Fi:
+
+   接続固有の DNS サフィックス . . . . .:
+   IPv4 アドレス . . . . . . . . . . . .: 192.168.0.205
+   サブネット マスク . . . . . . . . . .: 255.255.255.0
+   デフォルト ゲートウェイ . . . . . . .: 192.168.0.1
+
+イーサネット アダプター Bluetooth ネットワーク接続:
+
+   メディアの状態. . . . . . . . . . . .: メディアは接続されていません
+   接続固有の DNS サフィックス . . . . .:
+`,
+			ipv4Addrs: []string{"10.145.8.50", "192.168.56.1", "192.168.0.205"},
+			ipv6Addrs: []string{"fe80::19b6:ae27:d1fe:2041", "fe80::7080:8828:5cc8:c0ba", "fe80::f49d:2c16:4270:759d"},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotIPv4s, gotIPv6s := (&windows{}).parseIP(tt.args)
+			if !reflect.DeepEqual(gotIPv4s, tt.ipv4Addrs) {
+				t.Errorf("windows.parseIP() got = %v, want %v", gotIPv4s, tt.ipv4Addrs)
+			}
+			if !reflect.DeepEqual(gotIPv6s, tt.ipv6Addrs) {
+				t.Errorf("windows.parseIP() got = %v, want %v", gotIPv6s, tt.ipv6Addrs)
+			}
+		})
+	}
+}
--- a/subcmds/discover.go
+++ b/subcmds/discover.go
@@ -240,6 +240,7 @@ host                = "{{$ip}}"
 #cmdPath = "/usr/local/bin/wp"
 #osUser = "wordpress"
 #docRoot = "/path/to/DocumentRoot/"
+#noSudo = false

 #[servers.{{index $names $i}}.portscan]
 #scannerBinPath = "/usr/bin/nmap"
--- a/subcmds/saas.go
+++ b/subcmds/saas.go
@@ -91,9 +91,8 @@ func (p *SaaSCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 	var res models.ScanResults
 	hasError := false
 	for _, r := range loaded {
-		if len(r.Errors) == 0 {
-			res = append(res, r)
-		} else {
+		res = append(res, r)
+		if len(r.Errors) != 0 {
 			logging.Log.Errorf("Ignored since errors occurred during scanning: %s, err: %v",
 				r.ServerName, r.Errors)
 			hasError = true
@@ -129,11 +128,6 @@ func (p *SaaSCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 		if err := os.RemoveAll(dir); err != nil {
 			logging.Log.Warnf("Failed to remove %s. err: %+v", dir, err)
 		}
-		symlink := filepath.Join(config.Conf.ResultsDir, "current")
-		err := os.Remove(symlink)
-		if err != nil {
-			logging.Log.Warnf("Failed to remove %s. err: %+v", dir, err)
-		}
 	}

 	return subcommands.ExitSuccess
Author	SHA1	Message	Date
MaineK00n	457a3a9627	feat(scanner/windows): update release info (#1696 )	2023-06-29 14:05:10 +09:00
MaineK00n	4253550c99	chore(scanner): do not show logs when lsof: no Internet files located (#1688 )	2023-06-23 16:08:49 +09:00
Atsushi Watanabe	97cf033ed6	feat(os): add Fedora 38 EOL date (#1689 ) * feat: add Fedora 38 EOL date * Update EOL date based on https://fedorapeople.org/groups/schedule/f-38/f-38-key-tasks.html * Fix test case name Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-06-13 17:23:11 +09:00
Kota Kanbe	5a6980436a	feat(ubuntu): Support Ubuntu 14.04 and 16.04 ESM (#1682 ) * feat(ubuntu): Support Ubuntu ESM * Sort PackageFixStatuses to resolve the diff in integrationTest * go mod update gost	2023-05-31 09:27:43 +09:00
Sinclair	6271ec522e	fix(detector/github): Enhance the dependency graph API call on the big repository (#1681 ) * fix: Reduce the number of data to be fetched per page, when retrying after a timeout failure on Dependency Graph API * check rate limit on dependency graph API * comment	2023-05-26 14:39:02 +09:00
dependabot[bot]	83681ad4f0	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.259 to 1.44.263 (#1677 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.259 to 1.44.263. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.259...v1.44.263) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-18 10:17:34 +09:00
dependabot[bot]	779833872b	chore(deps): bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#1678 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-18 10:16:54 +09:00
Sinclair	5c79720f56	fix(detector/github): Dependency graph API touches fewer data per page than before (#1654 ) * fix: Github dependency graph API touches fewer data per page than before * fix: logging on Github API access failure * fix: the previous errors persist upon retrying dependency graph	2023-05-15 19:41:04 +09:00
Wagde Zabit	b2c5b79672	feat(os): support debian 12 (#1676 ) * feat(os): support debian 12 * chore(scanner/debian): remove unneeded warn log --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-05-13 01:04:31 +09:00
dependabot[bot]	b0cc908b73	chore(deps): bump github.com/docker/distribution (#1675 ) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-12 08:56:46 +09:00
MaineK00n	ea3d8a6d0b	test: sort []cveContent by CVEID (#1674 )	2023-05-11 00:53:22 +09:00
MaineK00n	7475b27f6a	chore(deps): update dictionary tools, Vuls is now CGO free (#1667 ) * chore(deps): update dictionary tools, Vuls is now CGO free * chore(integration): update commit	2023-05-11 00:28:51 +09:00
dependabot[bot]	ef80838ddd	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.254 to 1.44.259 (#1672 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.254 to 1.44.259. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.254...v1.44.259) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-09 08:09:49 +09:00
dependabot[bot]	b445b71ca5	chore(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 (#1673 ) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.2.0. - [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-09 08:09:26 +09:00
dependabot[bot]	1ccc5f031a	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.251 to 1.44.254 (#1669 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.251 to 1.44.254. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.251...v1.44.254) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-02 12:17:14 +09:00
MaineK00n	8356e976c4	chore(deps): update goval-dictionary v0.8.3 (#1671 )	2023-05-02 12:14:43 +09:00
MaineK00n	3cc7e92ce5	fix(saas): remove current directory part (#1666 )	2023-04-27 12:09:34 +09:00
dependabot[bot]	046a29467b	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.0 to 0.7.1 (#1663 ) Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.7.0 to 0.7.1. - [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml) - [Commits](https://github.com/CycloneDX/cyclonedx-go/compare/v0.7.0...v0.7.1) --- updated-dependencies: - dependency-name: github.com/CycloneDX/cyclonedx-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 05:54:41 +09:00
dependabot[bot]	ef5ab8eaf0	chore(deps): bump golang.org/x/oauth2 from 0.1.0 to 0.7.0 (#1662 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.1.0 to 0.7.0. - [Release notes](https://github.com/golang/oauth2/releases) - [Commits](https://github.com/golang/oauth2/compare/v0.1.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 05:42:57 +09:00
dependabot[bot]	c8daa5c982	chore(deps): bump github.com/Ullaakut/nmap/v2 (#1665 ) Bumps [github.com/Ullaakut/nmap/v2](https://github.com/Ullaakut/nmap) from 2.1.2-0.20210406060955-59a52fe80a4f to 2.2.2. - [Release notes](https://github.com/Ullaakut/nmap/releases) - [Commits](https://github.com/Ullaakut/nmap/commits/v2.2.2) --- updated-dependencies: - dependency-name: github.com/Ullaakut/nmap/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 05:41:49 +09:00
dependabot[bot]	9309081b3d	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.251 (#1660 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.251. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.251) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 04:01:42 +09:00
dependabot[bot]	f541c32d1f	chore(deps): bump github.com/c-robinson/iplib from 1.0.3 to 1.0.6 (#1659 ) Bumps [github.com/c-robinson/iplib](https://github.com/c-robinson/iplib) from 1.0.3 to 1.0.6. - [Release notes](https://github.com/c-robinson/iplib/releases) - [Commits](https://github.com/c-robinson/iplib/compare/v1.0.3...v1.0.6) --- updated-dependencies: - dependency-name: github.com/c-robinson/iplib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:51:34 +09:00
dependabot[bot]	79a8b62105	chore(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#1657 ) Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.6 to 1.3.7. - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.6...v1.3.7) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:50:53 +09:00
dependabot[bot]	74c91a5a21	chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#1658 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:36:46 +09:00
MaineK00n	6787ab45c5	feat(ubuntu): add ubuntu 23.04 (#1647 )	2023-04-27 03:26:59 +09:00
dependabot[bot]	f631e9e603	chore(deps): bump github.com/emersion/go-smtp from 0.14.0 to 0.16.0 (#1580 ) Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.14.0 to 0.16.0. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.14.0...v0.16.0) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:25:41 +09:00
dependabot[bot]	2ab48afe47	chore(deps): bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.249 (#1656 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.136 to 1.44.249. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.136...v1.44.249) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:24:53 +09:00
dependabot[bot]	53ccd61687	chore(deps): bump github.com/Azure/azure-sdk-for-go (#1588 ) Bumps [github.com/Azure/azure-sdk-for-go](https://github.com/Azure/azure-sdk-for-go) from 66.0.0+incompatible to 68.0.0+incompatible. - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/v66.0.0...v68.0.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-27 03:20:58 +09:00
Sinclair	b91a7b75e2	fix(detector/github): Github dependency graph API request will be retried on error (#1650 ) * fix: Github dependency graph API request will be retried on error * fix: github dependency graph: error handling * github dependency graph: fix retry max	2023-04-24 12:46:29 +09:00
Wagde Zabit	333eae06ea	fix order in identifying amazon linux version (#1652 )	2023-04-21 10:35:19 +09:00
MaineK00n	93d401c70c	chore(integration): update commit (#1649 )	2023-04-20 14:09:21 +09:00
MaineK00n	99dc8e892f	feat(gost/ubuntu): check kernel source package more strictly (#1599 )	2023-04-20 13:05:41 +09:00
MaineK00n	fb904f0543	refactor(reporter): refactoring TelegramWriter, GoogleChatWriter (#1628 ) * style: remove unnecessary line break * style: use regexp.MatchString instead of regexp.Match * refactor(reporter): refactoring TelegramWriter, GoogleChatWriter	2023-04-20 11:53:31 +09:00
MaineK00n	d4d33fc81d	fix(scanner/dpkg): Fix false-negative in Debian and Ubuntu (#1646 ) * fix(scanner/dpkg): fix dpkg-query and not remove src pkgs * refactor(gost): remove unnecesary field and fix typo * refactor(detector/debian): detect using only SrcPackage	2023-04-20 11:42:53 +09:00
Kota Kanbe	a1d3fbf66f	fix(scan): false positives in Debian Pkg for CVE-IDs already detected by Trivy (#1639 ) * fix(scan): false positives in Debian Pkg for CVE-IDs already detected by Trivy * fix * Add detectionMethod only when detected by gost	2023-04-17 09:21:30 +09:00
Sinclair	2cdfbe3bb4	fix: dependency graph using small query at once to avoid timeout (#1642 )	2023-04-14 14:46:31 +09:00
MaineK00n	ac8290119d	fix(configtest): amazon linux 2022, 2023 require dnf-utils (#1635 )	2023-04-10 10:16:03 +09:00
MaineK00n	abdb081af7	feat(scanner): skip ssh config validation if G option is unknown option (#1632 )	2023-04-04 18:50:17 +09:00
kurita0	e506125017	feat(wp): support csh, no sudo scan (#1523 ) Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2023-03-28 21:07:10 +09:00
MaineK00n	8ccaa8c3ef	fix(scanner/windows): support installationType Domain Controller (#1627 )	2023-03-28 21:04:17 +09:00
MaineK00n	de1ed8ecaa	feat(ci): add windows for snmp2cpe (#1626 )	2023-03-28 19:20:03 +09:00
MaineK00n	947d668452	feat(windows): support Windows (#1581 ) * chore(deps): mod update * fix(scanner): do not attach tty because there is no need to enter ssh password * feat(windows): support Windows	2023-03-28 19:00:33 +09:00
MaineK00n	db21149f00	feat(contrib): add snmp2cpe (#1625 )	2023-03-28 18:56:28 +09:00
dependabot[bot]	7f35f4e661	chore(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 (#1606 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.2 to 1.7.0. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.2...v1.7.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-17 05:04:48 +09:00
MaineK00n	6682232b5c	feat(os): support Amazon Linux 2023 (#1621 )	2023-03-16 17:31:57 +09:00
sadayuki-matsuno	984debe929	fix(detector/github) change timeout 10s to 10m (#1616 )	2023-03-01 16:58:11 +09:00
Kota Kanbe	a528362663	fix(saas): upload JSON if err occured during scan (#1615 )	2023-03-01 14:52:03 +09:00