fix(report): fix segfault while uploading to s3 (#1033 )

fix(msfdb): udpate go-msfdb-deps (#1032 )
fix(gost): suppress err logging when unsupported debian (#1031 )
2020-08-07 10:31:43 +09:00 · 2020-08-06 16:54:14 +09:00 · 2020-08-05 20:05:50 +09:00 · 2020-07-31 16:55:12 +09:00 · 2020-07-03 14:05:07 +09:00 · 2020-06-24 17:14:43 +09:00
170 changed files with 30267 additions and 11307 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+.dockerignore
+Dockerfile
+vendor/
+cve.sqlite3*
+oval.sqlite3*
+setup/
+img/
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: kotakanbe
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,36 +0,0 @@
-
-# Environment
-
-## Vuls
-
-Hash : ____
-
-To check the commit hash of HEAD
-$ vuls -v
-
-or
-$ cd $GOPATH/src/github.com/future-architect/vuls 
-$ git rev-parse --short HEAD 
-
-## OS
- Target Server: Write here
- Vuls Server: Write here
-
-## Go
- Go version: here
-
-# Current Output
-
-Please re-run the command using ```-debug``` and provide the output below.
-
-# Addition Details
-
-Can you also please fill in each of the remaining sections.
-
-## Expected Behavior
-
-## Actual Behavior
-
-## Steps to reproduce the behaviour
-
-
--- a/.github/ISSUE_TEMPLATE/BUG_REPORT.md
+++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.md
@@ -0,0 +1,43 @@
+---
+name: Bug Report
+labels: bug
+about: If something isn't working as expected.
+---
+
+# What did you do? (required. The issue will be **closed** when not provided.)
+
+
+# What did you expect to happen?
+
+
+# What happened instead?
+
+* Current Output
+
+Please re-run the command using ```-debug``` and provide the output below.
+
+# Steps to reproduce the behaviour
+
+
+# Configuration (**MUST** fill this out):
+
+* Go version (`go version`):
+
+* Go environment (`go env`):
+
+* Vuls environment:
+
+Hash : ____
+
+To check the commit hash of HEAD
+$ vuls -v
+
+or
+
+$ cd $GOPATH/src/github.com/future-architect/vuls 
+$ git rev-parse --short HEAD 
+
+* config.toml:
+
+* command:
+
--- a/.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md
+++ b/.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md
@@ -0,0 +1,9 @@
+---
+name: Feature Request
+labels: enhancement
+about: I have a suggestion (and might want to implement myself)!
+---
+
+<!--
+If this is a FEATURE REQUEST, request format does not matter!
+-->
--- a/.github/ISSUE_TEMPLATE/SUPPORT_QUESTION.md
+++ b/.github/ISSUE_TEMPLATE/SUPPORT_QUESTION.md
@@ -0,0 +1,10 @@
+---
+name: Support Question
+labels: question
+about: If you have a question about Vuls.
+---
+
+<!--
+If you have a trouble, feel free to ask.
+Make sure you're not asking duplicate question by searching on the issues lists.
+-->
--- a/.github/ISSUE_TEMPLATE/VULSREPO.md
+++ b/.github/ISSUE_TEMPLATE/VULSREPO.md
@@ -0,0 +1,7 @@
+---
+name: Vuls Repo
+labels: vulsrepo
+about: If something isn't working as expected.
+---
+
+
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,14 +1,26 @@
-## What did you implement:

-Closes #XXXXX
+If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

-## How did you implement it:
+# What did you implement:

+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. 

-## How can we verify it:
+Fixes # (issue)

+## Type of change

-## Todos:
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+# How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce.
+
+# Checklist:
 You don't have to satisfy all of the following.

 - [ ] Write tests
@@ -21,4 +33,8 @@ You don't have to satisfy all of the following.
 - [ ] Update the messages below

 ***Is this ready for review?:*** NO  
-***Is it a breaking change?:*** NO
+
+# Reference
+
+* https://blog.github.com/2015-01-21-how-to-write-the-perfect-pull-request/
+
--- a/.github/workflows/golangci.yml
+++ b/.github/workflows/golangci.yml
@@ -0,0 +1,28 @@
+name: golangci-lint
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+  pull_request:
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v1
+        with:
+          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
+          version: v1.26
+          
+          # Optional: working directory, useful for monorepos
+          # working-directory: somedir
+
+          # Optional: golangci-lint command line arguments.
+          # args: --issues-exit-code=0
+
+          # Optional: show only new issues if it's a pull request. The default value is `false`.
+          # only-new-issues: true
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -0,0 +1,31 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Unshallow
+        run: git fetch --prune --unshallow
+      -
+        name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.14
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,21 @@
+name: Test
+
+on: [pull_request]
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go 1.x
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.14.x
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Test
+      run: make test
--- a/.github/workflows/tidy.yml
+++ b/.github/workflows/tidy.yml
@@ -0,0 +1,22 @@
+name: go-mod-tidy-pr
+
+on:
+  schedule:
+    - cron: "0 0 * * 1" # Weekly build
+
+jobs:
+  go-mod-tidy-pr:
+    name: go-mod-tidy-pr
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run go-mod-tidy-pr
+        uses: sue445/go-mod-tidy-pr@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          git_user_name: kotakanbe
+          git_user_email: kotakanbe@gmail.com
+          go_version: 1.14.x
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 vuls
 .vscode
 *.txt
+*.json
 *.sqlite3*
 *.db
 tags
@@ -12,3 +13,6 @@ log/
 results/
 *config.toml
 !setup/docker/*
+.DS_Store
+dist/
+.idea
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,17 @@
+name: golang-ci
+
+linters-settings:
+  errcheck:
+    #exclude: /path/to/file.txt
+
+linters:
+  disable-all: true
+  enable:
+    - goimports
+    - golint
+    - govet
+    - misspell
+    - errcheck
+    - staticcheck
+    - prealloc
+    - ineffassign
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -0,0 +1,70 @@
+project_name: vuls
+env:
+  - GO111MODULE=on
+release:
+  github:
+    owner: future-architect
+    name: vuls
+builds:
+- id: vuls
+  goos:
+  - linux
+  goarch:
+  - amd64
+  main: .
+  flags:
+      - -a
+  ldflags: -s -w -X main.version={{.Version}} -X main.revision={{.Commit}} 
+  binary: vuls
+
+- id: trivy-to-vuls
+  goos:
+  - linux
+  goarch:
+  - amd64
+  main: ./contrib/trivy/cmd/main.go
+  binary: trivy-to-vuls
+
+- id: future-vuls
+  goos:
+  - linux
+  goarch:
+  - amd64
+  main: ./contrib/future-vuls/cmd/main.go
+  binary: future-vuls
+archives:
+
+- id: vuls
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - vuls
+  format: tar.gz
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+
+- id: trivy-to-vuls
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - trivy-to-vuls
+  format: tar.gz
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+- id: future-vuls
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+
+  - future-vuls
+  format: tar.gz
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+snapshot:
+  name_template: SNAPSHOT-{{ .Commit }}
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +0,0 @@
-language: go
-
-go:
-  - 1.8
-
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,7 @@
 # Change Log

+## v0.4.1 and later, see [GitHub release](https://github.com/future-architect/vuls/releases)
+
 ## [v0.4.0](https://github.com/future-architect/vuls/tree/v0.4.0) (2017-08-25)
 [Full Changelog](https://github.com/future-architect/vuls/compare/v0.3.0...v0.4.0)

@@ -509,4 +511,4 @@



-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
--- a/34
+++ b/34
@@ -0,0 +1,34 @@
+FROM golang:alpine as builder
+
+RUN apk add --no-cache \
+        git \
+        make \
+        gcc \
+        musl-dev
+
+ENV REPOSITORY github.com/future-architect/vuls
+COPY . $GOPATH/src/$REPOSITORY
+RUN cd $GOPATH/src/$REPOSITORY && make install
+
+
+FROM alpine:3.11
+
+MAINTAINER hikachan sadayuki-matsuno
+
+ENV LOGDIR /var/log/vuls
+ENV WORKDIR /vuls
+
+RUN apk add --no-cache \
+        openssh-client \
+        ca-certificates \
+        git \
+    && mkdir -p $WORKDIR $LOGDIR
+
+COPY --from=builder /go/bin/vuls /usr/local/bin/
+
+VOLUME ["$WORKDIR", "$LOGDIR"]
+WORKDIR $WORKDIR
+ENV PWD $WORKDIR
+
+ENTRYPOINT ["vuls"]
+CMD ["--help"]
--- a/60
+++ b/60
@@ -1,11 +1,9 @@
 .PHONY: \
-	dep \
-	depup \
 	build \
 	install \
 	all \
 	vendor \
-	lint \
+ 	lint \
 	vet \
 	fmt \
 	fmtcheck \
@@ -15,50 +13,49 @@
 	clean

 SRCS = $(shell git ls-files '*.go')
-PKGS = ./. ./cache ./commands ./config ./models ./oval ./report ./scan ./util 
+PKGS = $(shell go list ./...)
 VERSION := $(shell git describe --tags --abbrev=0)
 REVISION := $(shell git rev-parse --short HEAD)
-LDFLAGS := -X 'main.version=$(VERSION)' \
-	-X 'main.revision=$(REVISION)'
+BUILDTIME := $(shell date "+%Y%m%d_%H%M%S")
+LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' \
+    -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
+GO := GO111MODULE=on go
+GO_OFF := GO111MODULE=off go

-all: dep build test

-dep:
-	go get -u github.com/golang/dep/...
-	dep ensure
+all: build

-depup:
-	go get -u github.com/golang/dep/...
-	dep ensure -update
+build: main.go pretest fmt
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls $<

-build: main.go dep
-	go build -ldflags "$(LDFLAGS)" -o vuls $<
-
-install: main.go dep
-	go install -ldflags "$(LDFLAGS)"
+b: 	main.go pretest fmt
+	$(GO) build -ldflags "$(LDFLAGS)" -o vuls $<

+install: main.go pretest
+	$(GO) install -ldflags "$(LDFLAGS)"

 lint:
-	@ go get -v github.com/golang/lint/golint
-	$(foreach file,$(SRCS),golint $(file) || exit;)
+	$(GO_OFF) get -u golang.org/x/lint/golint
+	golint $(PKGS)

 vet:
-	#  @-go get -v golang.org/x/tools/cmd/vet
-	echo $(PKGS) | xargs go vet || exit;
+	echo $(PKGS) | xargs env $(GO) vet || exit;

 fmt:
-	gofmt -w $(SRCS)
+	gofmt -s -w $(SRCS)
+
+mlint:
+	$(foreach file,$(SRCS),gometalinter $(file) || exit;)

 fmtcheck:
-	$(foreach file,$(SRCS),gofmt -d $(file);)
+	$(foreach file,$(SRCS),gofmt -s -d $(file);)

 pretest: lint vet fmtcheck

-test: pretest
-	go install
-	echo $(PKGS) | xargs go test -cover -v || exit;
+test: 
+	$(GO) test -cover -v ./... || exit;

-unused :
+unused:
 	$(foreach pkg,$(PKGS),unused $(pkg);)

 cov:
@@ -69,3 +66,10 @@ cov:
 clean:
 	echo $(PKGS) | xargs go clean || exit;

+# trivy-to-vuls
+build-trivy-to-vuls: pretest fmt
+	$(GO) build -o trivy-to-vuls contrib/trivy/cmd/*.go
+
+# future-vuls
+build-future-vuls: pretest fmt
+	$(GO) build -o future-vuls contrib/future-vuls/cmd/*.go
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -1,291 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
-  name = "github.com/Azure/azure-sdk-for-go"
-  packages = ["storage"]
-  revision = "57db66900881e9fd21fd041a9d013514700ecab3"
-  version = "v10.3.0-beta"
-
-[[projects]]
-  name = "github.com/Azure/go-autorest"
-  packages = ["autorest","autorest/adal","autorest/azure","autorest/date"]
-  revision = "77a52603f06947221c672f10275abc9bf2c7d557"
-  version = "v8.3.0"
-
-[[projects]]
-  name = "github.com/BurntSushi/toml"
-  packages = ["."]
-  revision = "b26d9c308763d68093482582cea63d69be07a0f0"
-  version = "v0.3.0"
-
-[[projects]]
-  name = "github.com/asaskevich/govalidator"
-  packages = ["."]
-  revision = "4918b99a7cb949bb295f3c7bbaf24b577d806e35"
-  version = "v6"
-
-[[projects]]
-  name = "github.com/aws/aws-sdk-go"
-  packages = ["aws","aws/awserr","aws/awsutil","aws/client","aws/client/metadata","aws/corehandlers","aws/credentials","aws/credentials/ec2rolecreds","aws/credentials/endpointcreds","aws/credentials/stscreds","aws/defaults","aws/ec2metadata","aws/endpoints","aws/request","aws/session","aws/signer/v4","internal/shareddefaults","private/protocol","private/protocol/query","private/protocol/query/queryutil","private/protocol/rest","private/protocol/restxml","private/protocol/xml/xmlutil","service/s3","service/sts"]
-  revision = "264af29009637e0a9e5d4a276d0969c3ed918ffd"
-  version = "v1.10.29"
-
-[[projects]]
-  name = "github.com/boltdb/bolt"
-  packages = ["."]
-  revision = "2f1ce7a837dcb8da3ec595b1dac9d0632f0f99e8"
-  version = "v1.3.1"
-
-[[projects]]
-  name = "github.com/cenkalti/backoff"
-  packages = ["."]
-  revision = "61153c768f31ee5f130071d08fc82b85208528de"
-  version = "v1.1.0"
-
-[[projects]]
-  name = "github.com/cheggaaa/pb"
-  packages = ["."]
-  revision = "0d6285554e726cc0620cbecc7e6969c945dcc63b"
-  version = "v1.0.17"
-
-[[projects]]
-  name = "github.com/dgrijalva/jwt-go"
-  packages = ["."]
-  revision = "d2709f9f1f31ebcda9651b03077758c1f3a0018c"
-  version = "v3.0.0"
-
-[[projects]]
-  name = "github.com/go-ini/ini"
-  packages = ["."]
-  revision = "20b96f641a5ea98f2f8619ff4f3e061cff4833bd"
-  version = "v1.28.2"
-
-[[projects]]
-  name = "github.com/go-redis/redis"
-  packages = [".","internal","internal/consistenthash","internal/hashtag","internal/pool","internal/proto"]
-  revision = "19c1c2272e00c1aaa903cf574c746cd449f9cd3c"
-  version = "v6.5.7"
-
-[[projects]]
-  name = "github.com/go-sql-driver/mysql"
-  packages = ["."]
-  revision = "a0583e0143b1624142adab07e0e97fe106d99561"
-  version = "v1.3"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/google/subcommands"
-  packages = ["."]
-  revision = "ce3d4cfc062faac7115d44e5befec8b5a08c3faa"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/gosuri/uitable"
-  packages = [".","util/strutil","util/wordwrap"]
-  revision = "36ee7e946282a3fb1cfecd476ddc9b35d8847e42"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/howeyc/gopass"
-  packages = ["."]
-  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
-
-[[projects]]
-  name = "github.com/jinzhu/gorm"
-  packages = [".","dialects/mysql","dialects/postgres","dialects/sqlite"]
-  revision = "5174cc5c242a728b435ea2be8a2f7f998e15429b"
-  version = "v1.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/jinzhu/inflection"
-  packages = ["."]
-  revision = "1c35d901db3da928c72a72d8458480cc9ade058f"
-
-[[projects]]
-  name = "github.com/jmespath/go-jmespath"
-  packages = ["."]
-  revision = "3433f3ea46d9f8019119e7dd41274e112a2359a9"
-  version = "0.2.2"
-
-[[projects]]
-  name = "github.com/jroimartin/gocui"
-  packages = ["."]
-  revision = "4e9ce9a8e26f2ef33dfe297dbdfca148733b6b9b"
-  version = "v0.3.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/k0kubun/pp"
-  packages = ["."]
-  revision = "d1532fc5d94ecdf2da29e24d7b99721f3287de4a"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/knqyf263/go-deb-version"
-  packages = ["."]
-  revision = "9865fe14d09b1c729188ac810466dde90f897ee3"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/knqyf263/go-rpm-version"
-  packages = ["."]
-  revision = "74609b86c936dff800c69ec89fcf4bc52d5f13a4"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/kotakanbe/go-cve-dictionary"
-  packages = ["config","db","jvn","log","models","nvd","util"]
-  revision = "c20fa7e1d07f7c700baf12c855f7fcf61525f1b6"
-
-[[projects]]
-  name = "github.com/kotakanbe/go-pingscanner"
-  packages = ["."]
-  revision = "641dc2cc2d3cbf295dad356667b74c69bcbd6f70"
-  version = "v0.1.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/kotakanbe/goval-dictionary"
-  packages = ["config","db","db/rdb","log","models"]
-  revision = "3523cc174e68f285d0572d07c68ffa3a9290799c"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/kotakanbe/logrus-prefixed-formatter"
-  packages = ["."]
-  revision = "75edb2e85a38873f0318be05a458446681d1022f"
-
-[[projects]]
-  name = "github.com/labstack/gommon"
-  packages = ["color","log"]
-  revision = "779b8a8b9850a97acba6a3fe20feb628c39e17c1"
-  version = "0.2.2"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/lib/pq"
-  packages = [".","hstore","oid"]
-  revision = "e42267488fe361b9dc034be7a6bffef5b195bceb"
-
-[[projects]]
-  name = "github.com/mattn/go-colorable"
-  packages = ["."]
-  revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
-  version = "v0.0.9"
-
-[[projects]]
-  name = "github.com/mattn/go-isatty"
-  packages = ["."]
-  revision = "fc9e8d8ef48496124e79ae0df75490096eccf6fe"
-  version = "v0.0.2"
-
-[[projects]]
-  name = "github.com/mattn/go-runewidth"
-  packages = ["."]
-  revision = "9e777a8366cce605130a531d2cd6363d07ad7317"
-  version = "v0.0.2"
-
-[[projects]]
-  name = "github.com/mattn/go-sqlite3"
-  packages = ["."]
-  revision = "ca5e3819723d8eeaf170ad510e7da1d6d2e94a08"
-  version = "v1.2.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/mgutz/ansi"
-  packages = ["."]
-  revision = "9520e82c474b0a04dd04f8a40959027271bab992"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/moul/http2curl"
-  packages = ["."]
-  revision = "4e24498b31dba4683efb9d35c1c8a91e2eda28c8"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/nsf/termbox-go"
-  packages = ["."]
-  revision = "4ed959e0540971545eddb8c75514973d670cf739"
-
-[[projects]]
-  name = "github.com/parnurzeal/gorequest"
-  packages = ["."]
-  revision = "a578a48e8d6ca8b01a3b18314c43c6716bb5f5a3"
-  version = "v0.2.15"
-
-[[projects]]
-  name = "github.com/pkg/errors"
-  packages = ["."]
-  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
-  version = "v0.8.0"
-
-[[projects]]
-  name = "github.com/rifflock/lfshook"
-  packages = ["."]
-  revision = "6844c808343cb8fa357d7f141b1b990e05d24e41"
-  version = "1.7"
-
-[[projects]]
-  name = "github.com/satori/uuid"
-  packages = ["."]
-  revision = "879c5887cd475cd7864858769793b2ceb0d44feb"
-  version = "v1.1.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/sirupsen/logrus"
-  packages = ["."]
-  revision = "84573d5f03ab3740f524c7842c3a9bf617961d32"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/valyala/bytebufferpool"
-  packages = ["."]
-  revision = "e746df99fe4a3986f4d4f79e13c1e0117ce9c2f7"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/valyala/fasttemplate"
-  packages = ["."]
-  revision = "dcecefd839c4193db0d35b88ec65b4c12d360ab0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/ymomoi/goval-parser"
-  packages = ["oval"]
-  revision = "0a0be1dd9d0855b50be0be5a10ad3085382b6d59"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/crypto"
-  packages = ["curve25519","ed25519","ed25519/internal/edwards25519","ssh","ssh/agent","ssh/terminal"]
-  revision = "eb71ad9bd329b5ac0fd0148dd99bd62e8be8e035"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/net"
-  packages = ["context","idna","publicsuffix"]
-  revision = "1c05540f6879653db88113bc4a2b70aec4bd491f"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/sys"
-  packages = ["unix","windows"]
-  revision = "07c182904dbd53199946ba614a412c61d3c548f5"
-
-[[projects]]
-  branch = "master"
-  name = "golang.org/x/text"
-  packages = ["internal/gen","internal/triegen","internal/ucd","secure/bidirule","transform","unicode/bidi","unicode/cldr","unicode/norm","unicode/rangetable"]
-  revision = "e56139fd9c5bc7244c76116c68e500765bb6db6b"
-
-[solve-meta]
-  analyzer-name = "dep"
-  analyzer-version = 1
-  inputs-digest = "36d700add80d36c56484ed310b9a7e622b3e308ab22eb42bdfb02fd8f5c90407"
-  solver-name = "gps-cdcl"
-  solver-version = 1
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -1,90 +0,0 @@
-
-# Gopkg.toml example
-#
-# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#  name = "github.com/x/y"
-#  version = "2.4.0"
-
-
-[[constraint]]
-  name = "github.com/BurntSushi/toml"
-  version = "0.3.0"
-
-[[constraint]]
-  name = "github.com/asaskevich/govalidator"
-  version = "6.0.0"
-
-[[constraint]]
-  name = "github.com/boltdb/bolt"
-  version = "1.3.1"
-
-[[constraint]]
-  name = "github.com/cenkalti/backoff"
-  version = "1.0.0"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/google/subcommands"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/gosuri/uitable"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/howeyc/gopass"
-
-[[constraint]]
-  name = "github.com/jroimartin/gocui"
-  version = "0.3.0"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/k0kubun/pp"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/knqyf263/go-deb-version"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/knqyf263/go-rpm-version"
-
-[[constraint]]
-  name = "github.com/kotakanbe/go-pingscanner"
-  version = "0.1.0"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/kotakanbe/logrus-prefixed-formatter"
-
-[[constraint]]
-  name = "github.com/parnurzeal/gorequest"
-  version = "0.2.15"
-
-[[constraint]]
-  name = "github.com/rifflock/lfshook"
-  version = "1.7.0"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/sirupsen/logrus"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/kotakanbe/go-cve-dictionary"
--- a/153
+++ b/153
@@ -1,23 +1,21 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007

- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

                            Preamble

-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.

  The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
+our General Public Licenses are intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
+software for all its users.

  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -26,44 +24,34 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.

-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.

-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.

-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.

-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.

  The precise terms and conditions for copying, distribution and
 modification follow.
@@ -72,7 +60,7 @@ modification follow.

  0. Definitions.

-  "This License" refers to version 3 of the GNU General Public License.
+  "This License" refers to version 3 of the GNU Affero General Public License.

  "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -549,35 +537,45 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.

-  13. Use with the GNU Affero General Public License.
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.

  Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
+under version 3 of the GNU General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.

  14. Revised Versions of this License.

  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.

  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
+Program specifies that a certain numbered version of the GNU Affero General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
+GNU Affero General Public License, you may choose any version ever published
 by the Free Software Foundation.

  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
+versions of the GNU Affero General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.

@@ -631,44 +629,33 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.

-    Vuls - Vulnerability Scanner
-    Copyright (C) 2016  Future Architect, Inc. Japan.
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>

    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
+    GNU Affero General Public License for more details.

-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.

 Also add information on how to contact you by electronic and paper mail.

-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    Vuls  Copyright (C) 2016  Future Architect, Inc. Japan.
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.

  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.
--- a/2
+++ b/2
@@ -1,2 +1,2 @@
-Vuls Copyright (C) 2016  Future Architect, Inc. Japan.
+Vuls Copyright (C) 2016  Future Corporation , Japan.

--- a/README.fr.md
+++ b/README.fr.md
@@ -1,224 +0,0 @@
-
-# Vuls: VULnerability Scanner
-
-[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](http://goo.gl/forms/xm5KFo35tu)
-
-Scanneur de vulnérabilité Linux, sans agent, écrit en golang
-
-Nous avons une équipe Slack. [Rejoignez notre Slack Team](http://goo.gl/forms/xm5KFo35tu)  
-
-[README en English](https://github.com/future-architect/vuls/blob/master/README.md)  
-[README en Japonais](https://github.com/future-architect/vuls/blob/master/README.ja.md)  
-
-[![asciicast](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck.png)](https://asciinema.org/a/3y9zrf950agiko7klg8abvyck)
-
-![Vuls-slack](img/vuls-slack-en.png)
-
-
-
----
-
-# Résumé
-
-Effectuer des recherches de vulnérabilités et des mises à jour quotidiennes peut etre un fardeau pour un administrateur système.
-Afin d'éviter des interruptions systèmes dans un environnement de production, il est fréquent pour un administrateur système de choisir de ne pas utiliser la fonction de mise à jour automatique proposée par le gestionnaire de paquets et d'effecter ces mises à jour manuellement.
-Ce qui implique les problèmes suivants :
- L'administrateur système devra surveiller constamment toutes les nouvelles vulnérabilités dans NVD (National Vulnerability Database) etc.
- Il pourrait être impossible pour un administrateur système de surveiller tous les logiciels installés sur un serveur.
- Il est coûteux d'effectuer une analyse pour déterminer quels sont les serveurs affectés par de nouvelles vulnérabilités. La possibilité de négliger un serveur ou deux est bien présente.
-
-Vuls est un outil crée pour palier aux problèmes listés ci-dessus. Voici ses caractéristiques.
- Informer les utilisateurs des vulnérabilités système.
- Informer les utilisateurs des systèmes concernés. 
- La détection de vulnérabilités est effectuée automatiquement pour éviter toute négligence.
- Les rapports sont générés régulièrement via CRON pour mieux gérer ces vulnérabilités.
-
-![Vuls-Motivation](img/vuls-motivation.png)
-
----
-
-# Caractéristiques principales
-
- Recherche de vulnérabilités sur des serveurs Linux
-    - Supporte Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Raspbian
-    - Cloud, auto-hébergement, Docker
- Scan d'intergiciels non inclus dans le gestionnaire de paquets de l'OS
-    - Scan d'intergiciels, de libraries de language de programmation et framework pour des vulnérabilités
-    - Supporte les logiciels inscrits au CPE
- Architecture sans agent
-    - L'utilisateur doit seulement mettre en place VULS sur une seule machine qui se connectera aux autres via SSH
- Génération automatique des fichiers de configuration
-    - Auto detection de serveurs via CIDR et génération de configuration
- Email et notification Slack possibles (supporte le Japonais) 
- Les résultats d'un scan sont accessibles dans un shell via TUI Viewer terminal.
-
----
-
-# Ce que Vuls ne fait pas
-
- Vuls ne met pas à jour les programmes affectés par les vulnérabilités découvertes.
-
----
-
-# Hello Vuls 
-
-Ce tutoriel décrit la recherche de vulnérabilités sur une machine locale avec Vuls.
-Voici les étapes à suivre. 
-
-1. Démrarrage d'Amazon Linux
-1. Autoriser les connexions SSH depuis localhost
-1. Installation des prérequis
-1. Déploiement de go-cve-dictionary
-1. Deploiement de Vuls
-1. Configuration
-1. Préparation
-1. Scan
-1. TUI(Terminal-Based User Interface)
-
-## Step1. Démrarrage d'Amazon Linux
-
- Nous utilisons dans cette exemple une vieille AMI (amzn-ami-hvm-2015.09.1.x86_64-gp2 - ami-383c1956)
- Taille de l'instance : t2.medium
-    - La première fois, t2.medium et plus sont requis pour la récupération des CVE depuis NVD (2.3GB de mémoire utilisé)
-    - Une fois la récupération initiale des données NVD terminée vous pouvez passer sur une instance t2.nano.
- Ajoutez la configuration suivante au cloud-init, afin d'éviter une mise à jour automatique lors du premier démarrage.
-
-    - [Q: How do I disable the automatic installation of critical and important security updates on initial launch?](https://aws.amazon.com/amazon-linux-ami/faqs/?nc1=h_ls)
-    ```
-    #cloud-config
-    repo_upgrade: none
-    ```
-
-## Step2. Paramètres SSH
-
-Il est obligatoire que le serveur puisse se connecter à son propre serveur SSH
-
-Générez une paire de clés SSH et ajoutez la clé publique dans le fichier authorized_keys
-```bash
-$ ssh-keygen -t rsa
-$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
-$ chmod 600 ~/.ssh/authorized_keys
-```
-
-## Step3. Installation des prérequis
-
-Vuls requiert l'installation des paquets suivants : 
-
- sqlite
- git
- gcc
- go v1.7.1 or later
-    - https://golang.org/doc/install
-
-```bash
-$ ssh ec2-user@52.100.100.100  -i ~/.ssh/private.pem
-$ sudo yum -y install sqlite git gcc
-$ wget https://storage.googleapis.com/golang/go1.7.1.linux-amd64.tar.gz
-$ sudo tar -C /usr/local -xzf go1.7.1.linux-amd64.tar.gz
-$ mkdir $HOME/go
-```
-Ajoutez les lignes suivantes dans /etc/profile.d/goenv.sh
-
-```bash
-export GOROOT=/usr/local/go
-export GOPATH=$HOME/go
-export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
-```
-
-Ajoutons ces nouvelles variables d’environnement au shell
-```bash
-$ source /etc/profile.d/goenv.sh
-```
-
-## Step4. Déploiement de [go-cve-dictionary](https://github.com/kotakanbe/go-cve-dictionary)
-
-go get
-
-```bash
-$ sudo mkdir /var/log/vuls
-$ sudo chown ec2-user /var/log/vuls
-$ sudo chmod 700 /var/log/vuls
-$ go get github.com/kotakanbe/go-cve-dictionary
-```
-
-Démarrez go-cve-dictionary en mode serveur.
-Lors de son premier démarrage go-cve-dictionary récupère la liste des vulnérabilités depuis NVD
-Cette opération prend environ 10 minutes (sur AWS).  
-
-## Step5. Déploiement de Vuls
-
-Ouvrez un second terminal, connectez vous à l'instance ec2 via SSH
-
-go get
-```
-$ go get github.com/future-architect/vuls
-```
-
-## Step6. Configuration
-
-Créez un fichier de configuration (TOML format).
-
-```
-$ cat config.toml
-[servers]
-
-[servers.172-31-4-82]
-host         = "172.31.4.82"
-port        = "22"
-user        = "ec2-user"
-keyPath     = "/home/ec2-user/.ssh/id_rsa"
-```
-
-## Step7. Configuration des serveurs cibles vuls  
-
-```
-$ vuls prepare
-```
-
-## Step8. Scan
-
-```
-$ vuls scan -cve-dictionary-dbpath=$PWD/cve.sqlite3
-INFO[0000] Begin scanning (config: /home/ec2-user/config.toml)
-
-... snip ...
-
-172-31-4-82 (amazon 2015.09)
-============================
-CVE-2016-0494   10.0    Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle
-                        Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to
-                        affect confidentiality, integrity, and availability via unknown vectors related to
-                        2D.
-... snip ...
-
-CVE-2016-0494
-------------
-Score           10.0 (High)
-Vector          (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-Summary         Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105,
-                7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality,
-                integrity, and availability via unknown vectors related to 2D.
-NVD             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0494
-MITRE           https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
-CVE Details     http://www.cvedetails.com/cve/CVE-2016-0494
-CVSS Calculator https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2016-0494&vector=(AV:N/AC:L/Au:N/C:C/I:C/A:C)
-RHEL-CVE        https://access.redhat.com/security/cve/CVE-2016-0494
-ALAS-2016-643   https://alas.aws.amazon.com/ALAS-2016-643.html
-Package/CPE     java-1.7.0-openjdk-1.7.0.91-2.6.2.2.63.amzn1 -> java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.65.amzn1
-
-```
-
-## Step9. TUI
-
-Les résultats de Vuls peuvent etre affichés dans un Shell via TUI (Terminal-Based User Interface).
-
-```
-$ vuls tui
-```
-
-![Vuls-TUI](img/hello-vuls-tui.png)
-
-
----
-
-For more information see [README in English](https://github.com/future-architect/vuls/blob/master/README.md)  
--- a/README.ja.md
+++ b/README.ja.md
--- a/README.md
+++ b/README.md
--- a/cache/bolt.go
+++ b/cache/bolt.go
@@ -1,30 +1,13 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package cache

 import (
 	"encoding/json"
-	"fmt"
 	"time"

 	"github.com/boltdb/bolt"
 	"github.com/future-architect/vuls/util"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/xerrors"
 )

 // Bolt holds a pointer of bolt.DB
@@ -69,7 +52,7 @@ func (b *Bolt) createBucketIfNotExists(name string) error {
 	return b.db.Update(func(tx *bolt.Tx) error {
 		_, err := tx.CreateBucketIfNotExists([]byte(name))
 		if err != nil {
-			return fmt.Errorf("Failed to create bucket: %s", err)
+			return xerrors.Errorf("Failed to create bucket: %w", err)
 		}
 		return nil
 	})
@@ -98,7 +81,7 @@ func (b Bolt) RefreshMeta(meta Meta) error {
 	meta.CreatedAt = time.Now()
 	jsonBytes, err := json.Marshal(meta)
 	if err != nil {
-		return fmt.Errorf("Failed to marshal to JSON: %s", err)
+		return xerrors.Errorf("Failed to marshal to JSON: %w", err)
 	}
 	return b.db.Update(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(metabucket))
@@ -114,7 +97,7 @@ func (b Bolt) RefreshMeta(meta Meta) error {
 func (b Bolt) EnsureBuckets(meta Meta) error {
 	jsonBytes, err := json.Marshal(meta)
 	if err != nil {
-		return fmt.Errorf("Failed to marshal to JSON: %s", err)
+		return xerrors.Errorf("Failed to marshal to JSON: %w", err)
 	}
 	return b.db.Update(func(tx *bolt.Tx) error {
 		b.Log.Debugf("Put to meta: %s", meta.Name)
@@ -163,7 +146,7 @@ func (b Bolt) GetChangelog(servername, packName string) (changelog string, err e
 	err = b.db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
 		if bkt == nil {
-			return fmt.Errorf("Faild to get Bucket: %s", servername)
+			return xerrors.Errorf("Failed to get Bucket: %s", servername)
 		}
 		v := bkt.Get([]byte(packName))
 		if v == nil {
@@ -181,11 +164,8 @@ func (b Bolt) PutChangelog(servername, packName, changelog string) error {
 	return b.db.Update(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
 		if bkt == nil {
-			return fmt.Errorf("Faild to get Bucket: %s", servername)
+			return xerrors.Errorf("Failed to get Bucket: %s", servername)
 		}
-		if err := bkt.Put([]byte(packName), []byte(changelog)); err != nil {
-			return err
-		}
-		return nil
+		return bkt.Put([]byte(packName), []byte(changelog))
 	})
 }
--- a/cache/bolt_test.go
+++ b/cache/bolt_test.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package cache

 import (
@@ -63,7 +46,7 @@ func TestSetupBolt(t *testing.T) {
 		t.Errorf("Failed to open bolt: %s", err)
 	}

-	db.View(func(tx *bolt.Tx) error {
+	_ = db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(metabucket))
 		if bkt == nil {
 			t.Errorf("Meta bucket nof found")
@@ -104,7 +87,7 @@ func TestEnsureBuckets(t *testing.T) {
 	if err != nil {
 		t.Errorf("Failed to open bolt: %s", err)
 	}
-	db.View(func(tx *bolt.Tx) error {
+	_ = db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
 		if bkt == nil {
 			t.Errorf("Meta bucket nof found")
--- a/cache/db.go
+++ b/cache/db.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package cache

 import (
--- a/commands/configtest.go
+++ b/commands/configtest.go
@@ -1,27 +1,12 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands

 import (
 	"context"
 	"flag"
+	"fmt"
 	"os"
 	"path/filepath"
+	"strings"

 	"github.com/google/subcommands"

@@ -33,15 +18,8 @@ import (
 // ConfigtestCmd is Subcommand
 type ConfigtestCmd struct {
 	configPath     string
-	logDir         string
 	askKeyPassword bool
-	containersOnly bool
-	deep           bool
-	sshNative      bool
-	httpProxy      string
 	timeoutSec     int
-
-	debug bool
 }

 // Name return subcommand name
@@ -54,15 +32,15 @@ func (*ConfigtestCmd) Synopsis() string { return "Test configuration" }
 func (*ConfigtestCmd) Usage() string {
 	return `configtest:
 	configtest
-			[-deep]
 			[-config=/path/to/config.toml]
 			[-log-dir=/path/to/log]
 			[-ask-key-password]
 			[-timeout=300]
-			[-ssh-external]
+			[-ssh-config]
 			[-containers-only]
 			[-http-proxy=http://192.168.0.1:8080]
 			[-debug]
+			[-vvv]

 			[SERVER]...
 `
@@ -75,48 +53,39 @@ func (p *ConfigtestCmd) SetFlags(f *flag.FlagSet) {
 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")

 	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
-
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")

 	f.IntVar(&p.timeoutSec, "timeout", 5*60, "Timeout(Sec)")

-	f.BoolVar(
-		&p.askKeyPassword,
-		"ask-key-password",
-		false,
+	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
 		"Ask ssh privatekey password before scanning",
 	)

-	f.BoolVar(&p.deep, "deep", false, "Config test for deep scan mode")
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")

-	f.StringVar(
-		&p.httpProxy,
-		"http-proxy",
-		"",
-		"http://proxy-url:port (default: empty)",
-	)
-
-	f.BoolVar(
-		&p.sshNative,
-		"ssh-native-insecure",
-		false,
+	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
 		"Use Native Go implementation of SSH. Default: Use the external command")

-	f.BoolVar(
-		&p.containersOnly,
-		"containers-only",
-		false,
+	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
+		"[Deprecated] Use SSH options specified in ssh_config preferentially")
+
+	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
 		"Test containers only. Default: Test both of hosts and containers")
+
+	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")
 }

 // Execute execute
 func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	// Setup Logger
-	c.Conf.Debug = p.debug
-	c.Conf.LogDir = p.logDir
 	util.Log = util.NewCustomLogger(c.ServerInfo{})

+	if err := mkdirDotVuls(); err != nil {
+		util.Log.Errorf("Failed to create .vuls. err: %+v", err)
+		return subcommands.ExitUsageError
+	}
+
 	var keyPass string
 	var err error
 	if p.askKeyPassword {
@@ -129,15 +98,24 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa

 	err = c.Load(p.configPath, keyPass)
 	if err != nil {
-		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
-		util.Log.Errorf("If you update Vuls and get this error, there may be incompatible changes in config.toml")
-		util.Log.Errorf("Please check README: https://github.com/future-architect/vuls#configuration")
+		msg := []string{
+			fmt.Sprintf("Error loading %s", p.configPath),
+			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
+			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
+		}
+		util.Log.Errorf("%s\n%+v", strings.Join(msg, "\n"), err)
+		return subcommands.ExitUsageError
+	}
+
+	if c.Conf.SSHConfig {
+		msg := []string{
+			"-ssh-config is deprecated",
+			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
+			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
+		}
+		util.Log.Errorf("%s", strings.Join(msg, "\n"))
 		return subcommands.ExitUsageError
 	}
-	c.Conf.SSHNative = p.sshNative
-	c.Conf.HTTPProxy = p.httpProxy
-	c.Conf.ContainersOnly = p.containersOnly
-	c.Conf.Deep = p.deep

 	var servernames []string
 	if 0 < len(f.Args()) {
@@ -170,7 +148,13 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa

 	util.Log.Info("Detecting Server/Container OS... ")
 	if err := scan.InitServers(p.timeoutSec); err != nil {
-		util.Log.Errorf("Failed to init servers: %s", err)
+		util.Log.Errorf("Failed to init servers. err: %+v", err)
+		return subcommands.ExitFailure
+	}
+
+	util.Log.Info("Checking Scan Modes...")
+	if err := scan.CheckScanModes(); err != nil {
+		util.Log.Errorf("Fix config.toml. err: %+v", err)
 		return subcommands.ExitFailure
 	}

@@ -180,6 +164,10 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa
 	util.Log.Info("Checking sudo settings...")
 	scan.CheckIfSudoNoPasswd(p.timeoutSec)

-	scan.PrintSSHableServerNames()
-	return subcommands.ExitSuccess
+	util.Log.Info("It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode")
+
+	if scan.PrintSSHableServerNames() {
+		return subcommands.ExitSuccess
+	}
+	return subcommands.ExitFailure
 }
--- a/commands/discover.go
+++ b/commands/discover.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands

 import (
@@ -57,6 +40,7 @@ func (p *DiscoverCmd) SetFlags(f *flag.FlagSet) {
 func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
 	// validate
 	if len(f.Args()) == 0 {
+		logrus.Errorf("Usage: " + p.Usage())
 		return subcommands.ExitUsageError
 	}

@@ -65,7 +49,6 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
 			CIDR: cidr,
 			PingOptions: []string{
 				"-c1",
-				"-t1",
 			},
 			NumOfConcurrency: 100,
 		}
@@ -90,60 +73,154 @@ func (p *DiscoverCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface
 // Output the template of config.toml
 func printConfigToml(ips []string) (err error) {
 	const tomlTemplate = `
-[slack]
-hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
-channel      = "#channel-name"
-#channel      = "${servername}"
-iconEmoji    = ":ghost:"
-authUser     = "username"
-notifyUsers  = ["@username"]

-[email]
-smtpAddr      = "smtp.example.com"
-smtpPort      = "587"
-user          = "username"
-password      = "password"
-from          = "from@example.com"
-to            = ["to@example.com"]
-cc            = ["cc@example.com"]
-subjectPrefix = "[vuls]"
+# https://vuls.io/docs/en/usage-settings.html
+[cveDict]
+type        = "sqlite3"
+sqlite3Path = "/path/to/cve.sqlite3"
+#url        = ""

+[ovalDict]
+type        = "sqlite3"
+sqlite3Path = "/path/to/oval.sqlite3"
+#url        = ""
+
+[gost]
+type        = "sqlite3"
+sqlite3Path = "/path/to/gost.sqlite3"
+#url        = ""
+
+[exploit]
+type        = "sqlite3"
+sqlite3Path = "/path/to/go-exploitdb.sqlite3"
+#url        = ""
+
+[metasploit]
+type        = "sqlite3"
+sqlite3Path = "/path/to/go-msfdb.sqlite3"
+#url        = ""
+
+# https://vuls.io/docs/en/usage-settings.html#slack-section
+#[slack]
+#hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
+##legacyToken = "xoxp-11111111111-222222222222-3333333333"
+#channel      = "#channel-name"
+##channel     = "${servername}"
+#iconEmoji    = ":ghost:"
+#authUser     = "username"
+#notifyUsers  = ["@username"]
+
+# https://vuls.io/docs/en/usage-settings.html#email-section
+#[email]
+#smtpAddr      = "smtp.example.com"
+#smtpPort      = "587"
+#user          = "username"
+#password      = "password"
+#from          = "from@example.com"
+#to            = ["to@example.com"]
+#cc            = ["cc@example.com"]
+#subjectPrefix = "[vuls]"
+
+# https://vuls.io/docs/en/usage-settings.html#http-section
+#[http]
+#url = "http://localhost:11234"
+
+# https://vuls.io/docs/en/usage-settings.html#syslog-section
+#[syslog]
+#protocol    = "tcp"
+#host        = "localhost"
+#port        = "514"
+#tag         = "vuls"
+#facility    = "local0"
+#severity    = "alert"
+#verbose     = false
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
+#[aws]
+#profile                = "default"
+#region                 = "ap-northeast-1"
+#s3Bucket               = "vuls"
+#s3ResultsDir           = "/path/to/result"
+#s3ServerSideEncryption = "AES256"
+
+# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
+#[azure]
+#accountName   = "default"
+#accountKey    = "xxxxxxxxxxxxxx"
+#containerName = "vuls"
+
+# https://vuls.io/docs/en/usage-settings.html#stride-section
+#[stride]
+#hookURL   = "xxxxxxxxxxxxxxx"
+#authToken = "xxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#hipchat-section
+#[hipchat]
+#room      = "vuls"
+#authToken = "xxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#chatwork-section
+#[chatwork]
+#room     = "xxxxxxxxxxx"
+#apiToken = "xxxxxxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#telegram-section
+#[telegram]
+#chatID     = "xxxxxxxxxxx"
+#token = "xxxxxxxxxxxxxxxxxx"
+
+# https://vuls.io/docs/en/usage-settings.html#default-section
 [default]
-#port        = "22"
-#user        = "username"
-#keyPath     = "/home/username/.ssh/id_rsa"
+#port               = "22"
+#user               = "username"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
 #cpeNames = [
 #  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
 #]
-#dependencyCheckXMLPath = "/tmp/dependency-check-report.xml"
-#ignoreCves = ["CVE-2014-6271"]
-#optional = [
-#    ["key", "value"],
-#]
-#containers = ["${running}"]
-
+#owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-6271"]
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]

+# https://vuls.io/docs/en/usage-settings.html#servers-section
 [servers]
 {{- $names:=  .Names}}
 {{range $i, $ip := .IPs}}
 [servers.{{index $names $i}}]
-host         = "{{$ip}}"
-#port        = "22"
-#user        = "root"
-#keyPath     = "/home/username/.ssh/id_rsa"
-#cpeNames = [
-#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
-#]
-#dependencyCheckXMLPath = "/tmp/dependency-check-report.xml"
-#ignoreCves = ["CVE-2014-0160"]
-#optional = [
-#    ["key", "value"],
-#]
-#[servers.{{index $names $i}}.containers]
-#type = "docker" #or "lxd" default: docker
-#includes = ["${running}"]
-#excludes = ["container_name_a", "4aa37a8b63b9"]
+host                = "{{$ip}}"
+#port               = "22"
+#user               = "root"
+#sshConfigPath		= "/home/username/.ssh/config"
+#keyPath            = "/home/username/.ssh/id_rsa"
+#scanMode           = ["fast", "fast-root", "deep", "offline"]
+#type               = "pseudo"
+#memo               = "DB Server"
+#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
+#ignoreCves         = ["CVE-2014-0160"]
+#containerType      = "docker" #or "lxd" or "lxc" default: docker
+#containersIncluded = ["${running}"]
+#containersExcluded = ["container_name_a"]

+#[servers.{{index $names $i}}.containers.container_name_a]
+#cpeNames       = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
+#owaspDCXMLPath = "/path/to/dependency-check-report.xml"
+#ignoreCves     = ["CVE-2014-0160"]
+
+#[servers.{{index $names $i}}.githubs."owner/repo"]
+#token   = "yourToken"
+
+#[servers.{{index $names $i}}.wordpress]
+#cmdPath = "/usr/local/bin/wp"
+#osUser = "wordpress"
+#docRoot = "/path/to/DocumentRoot/"
+#wpVulnDBToken = "xxxxTokenxxxx"
+#ignoreInactive = true
+
+#[servers.{{index $names $i}}.optional]
+#key = "value1"

 {{end}}

--- a/commands/history.go
+++ b/commands/history.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands

 import (
@@ -32,11 +15,7 @@ import (
 )

 // HistoryCmd is Subcommand of list scanned results
-type HistoryCmd struct {
-	debug      bool
-	debugSQL   bool
-	resultsDir string
-}
+type HistoryCmd struct{}

 // Name return subcommand name
 func (*HistoryCmd) Name() string { return "history" }
@@ -56,19 +35,16 @@ func (*HistoryCmd) Usage() string {

 // SetFlags set flag
 func (p *HistoryCmd) SetFlags(f *flag.FlagSet) {
-	f.BoolVar(&p.debugSQL, "debug-sql", false, "SQL debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")

 	wd, _ := os.Getwd()
 	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&p.resultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
 }

 // Execute execute
 func (p *HistoryCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {

-	c.Conf.DebugSQL = p.debugSQL
-	c.Conf.ResultsDir = p.resultsDir
-
 	dirs, err := report.ListValidJSONDirs()
 	if err != nil {
 		return subcommands.ExitFailure
--- a/commands/report.go
+++ b/commands/report.go
@@ -1,86 +1,33 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands

 import (
 	"context"
 	"flag"
-	"fmt"
 	"os"
 	"path/filepath"

+	"github.com/aquasecurity/trivy/pkg/utils"
 	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/msf"
 	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
+	"github.com/k0kubun/pp"
 )

 // ReportCmd is subcommand for reporting
 type ReportCmd struct {
-	lang       string
-	debug      bool
-	debugSQL   bool
-	configPath string
-	resultsDir string
-	logDir     string
-	refreshCve bool
-
-	cvssScoreOver      float64
-	ignoreUnscoredCves bool
-	httpProxy          string
-
-	cveDBType string
-	cveDBPath string
-	cveDBURL  string
-
-	ovalDBType string
-	ovalDBPath string
-	ovalDBURL  string
-
-	toSlack     bool
-	toEMail     bool
-	toLocalFile bool
-	toS3        bool
-	toAzureBlob bool
-
-	formatJSON        bool
-	formatXML         bool
-	formatOneEMail    bool
-	formatOneLineText bool
-	formatShortText   bool
-	formatFullText    bool
-
-	gzip bool
-
-	awsProfile      string
-	awsS3Bucket     string
-	awsS3ResultsDir string
-	awsRegion       string
-
-	azureAccount   string
-	azureKey       string
-	azureContainer string
-
-	pipe bool
-
-	diff bool
+	configPath     string
+	cveDict        c.GoCveDictConf
+	ovalDict       c.GovalDictConf
+	gostConf       c.GostConf
+	exploitConf    c.ExploitConf
+	metasploitConf c.MetasploitConf
+	httpConf       c.HTTPConf
 }

 // Name return subcommand name
@@ -98,242 +45,193 @@ func (*ReportCmd) Usage() string {
 		[-results-dir=/path/to/results]
 		[-log-dir=/path/to/log]
 		[-refresh-cve]
-		[-cvedb-type=sqlite3|mysql|postgres]
-		[-cvedb-path=/path/to/cve.sqlite3]
-		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql]
-		[-ovaldb-path=/path/to/oval.sqlite3]
-		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
 		[-cvss-over=7]
 		[-diff]
+		[-wp-ignore-inactive]
 		[-ignore-unscored-cves]
+		[-ignore-unfixed]
+		[-ignore-github-dismissed]
 		[-to-email]
+		[-to-http]
 		[-to-slack]
+		[-to-stride]
+		[-to-hipchat]
+		[-to-chatwork]
+		[-to-telegram]
 		[-to-localfile]
 		[-to-s3]
 		[-to-azure-blob]
+		[-to-saas]
 		[-format-json]
 		[-format-xml]
 		[-format-one-email]
 		[-format-one-line-text]
-		[-format-short-text]
+		[-format-list]
 		[-format-full-text]
 		[-gzip]
-		[-aws-profile=default]
-		[-aws-region=us-west-2]
-		[-aws-s3-bucket=bucket_name]
-		[-aws-s3-results-dir=/bucket/path/to/results]
-		[-azure-account=account]
-		[-azure-key=key]
-		[-azure-container=container]
+		[-uuid]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-debug]
 		[-debug-sql]
+		[-quiet]
+		[-no-progress]
 		[-pipe]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
+		[-msfdb-type=sqlite3|mysql|redis|http]
+		[-msfdb-sqlite3-path=/path/to/msfdb.sqlite3]
+		[-msfdb-url=http://127.0.0.1:1327 or DB connection string]
+		[-http="http://vuls-report-server"]
+		[-trivy-cachedb-dir=/path/to/dir]

-		[SERVER]...
+		[RFC3339 datetime format under results dir]
 `
 }

 // SetFlags set flag
 func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
-	f.StringVar(&p.lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
-	f.BoolVar(&p.debugSQL, "debug-sql", false, "SQL debug mode")
+	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
+	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
+	f.BoolVar(&c.Conf.NoProgress, "no-progress", false, "Suppress progress bar")

 	wd, _ := os.Getwd()
-
 	defaultConfPath := filepath.Join(wd, "config.toml")
 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")

 	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&p.resultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")

 	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")

-	f.BoolVar(
-		&p.refreshCve,
-		"refresh-cve",
-		false,
+	f.BoolVar(&c.Conf.RefreshCve, "refresh-cve", false,
 		"Refresh CVE information in JSON file under results dir")

-	f.StringVar(
-		&p.cveDBType,
-		"cvedb-type",
-		"sqlite3",
-		"DB type for fetching CVE dictionary (sqlite3, mysql or postgres)")
-
-	defaultCveDBPath := filepath.Join(wd, "cve.sqlite3")
-	f.StringVar(
-		&p.cveDBPath,
-		"cvedb-path",
-		defaultCveDBPath,
-		"/path/to/sqlite3 (For get cve detail from cve.sqlite3)")
-
-	f.StringVar(
-		&p.cveDBURL,
-		"cvedb-url",
-		"",
-		"http://cve-dictionary.com:1323 or mysql connection string")
-
-	f.StringVar(
-		&p.ovalDBType,
-		"ovaldb-type",
-		"sqlite3",
-		"DB type for fetching OVAL dictionary (sqlite3 or mysql)")
-
-	defaultOvalDBPath := filepath.Join(wd, "oval.sqlite3")
-	f.StringVar(
-		&p.ovalDBPath,
-		"ovaldb-path",
-		defaultOvalDBPath,
-		"/path/to/sqlite3 (For get oval detail from oval.sqlite3)")
-
-	f.StringVar(
-		&p.ovalDBURL,
-		"ovaldb-url",
-		"",
-		"http://goval-dictionary.com:1324 or mysql connection string")
-
-	f.Float64Var(
-		&p.cvssScoreOver,
-		"cvss-over",
-		0,
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
 		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")

-	f.BoolVar(&p.diff,
-		"diff",
-		false,
-		fmt.Sprintf("Difference between previous result and current result "))
+	f.BoolVar(&c.Conf.Diff, "diff", false,
+		"Difference between previous result and current result ")

-	f.BoolVar(
-		&p.ignoreUnscoredCves,
-		"ignore-unscored-cves",
-		false,
+	f.BoolVar(&c.Conf.WpIgnoreInactive, "wp-ignore-inactive", false,
+		"ignore inactive on wordpress's plugin and theme")
+
+	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
 		"Don't report the unscored CVEs")

+	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't report the unfixed CVEs")
+
+	f.BoolVar(&c.Conf.IgnoreGitHubDismissed, "ignore-github-dismissed", false,
+		"Don't report the dismissed CVEs on GitHub Security Alerts")
+
 	f.StringVar(
-		&p.httpProxy,
-		"http-proxy",
-		"",
+		&c.Conf.HTTPProxy, "http-proxy", "",
 		"http://proxy-url:port (default: empty)")

-	f.BoolVar(&p.formatJSON,
-		"format-json",
-		false,
-		fmt.Sprintf("JSON format"))
-
-	f.BoolVar(&p.formatXML,
-		"format-xml",
-		false,
-		fmt.Sprintf("XML format"))
-
-	f.BoolVar(&p.formatOneEMail,
-		"format-one-email",
-		false,
+	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
+	f.BoolVar(&c.Conf.FormatXML, "format-xml", false, "XML format")
+	f.BoolVar(&c.Conf.FormatOneEMail, "format-one-email", false,
 		"Send all the host report via only one EMail (Specify with -to-email)")
+	f.BoolVar(&c.Conf.FormatOneLineText, "format-one-line-text", false,
+		"One line summary in plain text")
+	f.BoolVar(&c.Conf.FormatList, "format-list", false, "Display as list format")
+	f.BoolVar(&c.Conf.FormatFullText, "format-full-text", false,
+		"Detail report in plain text")

-	f.BoolVar(&p.formatOneLineText,
-		"format-one-line-text",
-		false,
-		fmt.Sprintf("One line summary in plain text"))
-
-	f.BoolVar(&p.formatShortText,
-		"format-short-text",
-		false,
-		fmt.Sprintf("Summary in plain text"))
-
-	f.BoolVar(&p.formatFullText,
-		"format-full-text",
-		false,
-		fmt.Sprintf("Detail report in plain text"))
-
-	f.BoolVar(&p.gzip, "gzip", false, "gzip compression")
-
-	f.BoolVar(&p.toSlack, "to-slack", false, "Send report via Slack")
-	f.BoolVar(&p.toEMail, "to-email", false, "Send report via Email")
-	f.BoolVar(&p.toLocalFile,
-		"to-localfile",
-		false,
-		fmt.Sprintf("Write report to localfile"))
-
-	f.BoolVar(&p.toS3,
-		"to-s3",
-		false,
+	f.BoolVar(&c.Conf.ToSlack, "to-slack", false, "Send report via Slack")
+	f.BoolVar(&c.Conf.ToStride, "to-stride", false, "Send report via Stride")
+	f.BoolVar(&c.Conf.ToHipChat, "to-hipchat", false, "Send report via hipchat")
+	f.BoolVar(&c.Conf.ToChatWork, "to-chatwork", false, "Send report via chatwork")
+	f.BoolVar(&c.Conf.ToTelegram, "to-telegram", false, "Send report via Telegram")
+	f.BoolVar(&c.Conf.ToEmail, "to-email", false, "Send report via Email")
+	f.BoolVar(&c.Conf.ToSyslog, "to-syslog", false, "Send report via Syslog")
+	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
+	f.BoolVar(&c.Conf.ToS3, "to-s3", false,
 		"Write report to S3 (bucket/yyyyMMdd_HHmm/servername.json/xml/txt)")
-	f.StringVar(&p.awsProfile, "aws-profile", "default", "AWS profile to use")
-	f.StringVar(&p.awsRegion, "aws-region", "us-east-1", "AWS region to use")
-	f.StringVar(&p.awsS3Bucket, "aws-s3-bucket", "", "S3 bucket name")
-	f.StringVar(&p.awsS3ResultsDir, "aws-s3-results-dir", "", "/bucket/path/to/results")
-
-	f.BoolVar(&p.toAzureBlob,
-		"to-azure-blob",
-		false,
+	f.BoolVar(&c.Conf.ToHTTP, "to-http", false, "Send report via HTTP POST")
+	f.BoolVar(&c.Conf.ToAzureBlob, "to-azure-blob", false,
 		"Write report to Azure Storage blob (container/yyyyMMdd_HHmm/servername.json/xml/txt)")
-	f.StringVar(&p.azureAccount,
-		"azure-account",
-		"",
-		"Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified")
-	f.StringVar(&p.azureKey,
-		"azure-key",
-		"",
-		"Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified")
-	f.StringVar(&p.azureContainer, "azure-container", "", "Azure storage container name")
+	f.BoolVar(&c.Conf.ToSaas, "to-saas", false,
+		"Upload report to Future Vuls(https://vuls.biz/) before report")

-	f.BoolVar(
-		&p.pipe,
-		"pipe",
-		false,
-		"Use args passed via PIPE")
+	f.BoolVar(&c.Conf.GZIP, "gzip", false, "gzip compression")
+	f.BoolVar(&c.Conf.UUID, "uuid", false,
+		"Auto generate of scan target servers and then write to config.toml and scan result")
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE")
+
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
+		"http://exploit.com:1326 or DB connection string")
+
+	f.StringVar(&p.metasploitConf.Type, "msfdb-type", "",
+		"DB type of msf (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.metasploitConf.SQLite3Path, "msfdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.metasploitConf.URL, "msfdb-url", "",
+		"http://metasploit.com:1327 or DB connection string")
+
+	f.StringVar(&p.httpConf.URL, "http", "", "-to-http http://vuls-report")
+
+	f.StringVar(&c.Conf.TrivyCacheDBDir, "trivy-cachedb-dir",
+		utils.DefaultCacheDir(), "/path/to/dir")
 }

 // Execute execute
 func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	c.Conf.Debug = p.debug
-	c.Conf.DebugSQL = p.debugSQL
-	c.Conf.LogDir = p.logDir
 	util.Log = util.NewCustomLogger(c.ServerInfo{})
-
 	if err := c.Load(p.configPath, ""); err != nil {
-		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("Error loading %s, %+v", p.configPath, err)
 		return subcommands.ExitUsageError
 	}

-	c.Conf.Lang = p.lang
-	c.Conf.ResultsDir = p.resultsDir
-	c.Conf.RefreshCve = p.refreshCve
-	c.Conf.Diff = p.diff
-	c.Conf.CveDBType = p.cveDBType
-	c.Conf.CveDBPath = p.cveDBPath
-	c.Conf.CveDBURL = p.cveDBURL
-	c.Conf.OvalDBType = p.ovalDBType
-	c.Conf.OvalDBPath = p.ovalDBPath
-	c.Conf.OvalDBURL = p.ovalDBURL
-	c.Conf.CvssScoreOver = p.cvssScoreOver
-	c.Conf.IgnoreUnscoredCves = p.ignoreUnscoredCves
-	c.Conf.HTTPProxy = p.httpProxy
-
-	c.Conf.FormatXML = p.formatXML
-	c.Conf.FormatJSON = p.formatJSON
-	c.Conf.FormatOneEMail = p.formatOneEMail
-	c.Conf.FormatOneLineText = p.formatOneLineText
-	c.Conf.FormatShortText = p.formatShortText
-	c.Conf.FormatFullText = p.formatFullText
-
-	c.Conf.GZIP = p.gzip
-	c.Conf.Diff = p.diff
-	c.Conf.Pipe = p.pipe
+	c.Conf.CveDict.Overwrite(p.cveDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.Exploit.Overwrite(p.exploitConf)
+	c.Conf.Metasploit.Overwrite(p.metasploitConf)
+	c.Conf.HTTP.Overwrite(p.httpConf)

 	var dir string
 	var err error
-	if p.diff {
+	if c.Conf.Diff {
 		dir, err = report.JSONDir([]string{})
 	} else {
 		dir, err = report.JSONDir(f.Args())
 	}
 	if err != nil {
-		util.Log.Errorf("Failed to read from JSON: %s", err)
+		util.Log.Errorf("Failed to read from JSON: %+v", err)
 		return subcommands.ExitFailure
 	}

@@ -342,103 +240,213 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		report.StdoutWriter{},
 	}

-	if p.toSlack {
+	if c.Conf.ToSlack {
 		reports = append(reports, report.SlackWriter{})
 	}

-	if p.toEMail {
+	if c.Conf.ToStride {
+		reports = append(reports, report.StrideWriter{})
+	}
+
+	if c.Conf.ToHipChat {
+		reports = append(reports, report.HipChatWriter{})
+	}
+
+	if c.Conf.ToChatWork {
+		reports = append(reports, report.ChatWorkWriter{})
+	}
+
+	if c.Conf.ToTelegram {
+		reports = append(reports, report.TelegramWriter{})
+	}
+
+	if c.Conf.ToEmail {
 		reports = append(reports, report.EMailWriter{})
 	}

-	if p.toLocalFile {
+	if c.Conf.ToSyslog {
+		reports = append(reports, report.SyslogWriter{})
+	}
+
+	if c.Conf.ToHTTP {
+		reports = append(reports, report.HTTPRequestWriter{})
+	}
+
+	if c.Conf.ToLocalFile {
 		reports = append(reports, report.LocalFileWriter{
 			CurrentDir: dir,
 		})
 	}

-	if p.toS3 {
-		c.Conf.AwsRegion = p.awsRegion
-		c.Conf.AwsProfile = p.awsProfile
-		c.Conf.S3Bucket = p.awsS3Bucket
-		c.Conf.S3ResultsDir = p.awsS3ResultsDir
+	if c.Conf.ToS3 {
 		if err := report.CheckIfBucketExists(); err != nil {
-			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %s", c.Conf.S3Bucket, err)
+			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %+v",
+				c.Conf.AWS.S3Bucket, err)
 			return subcommands.ExitUsageError
 		}
 		reports = append(reports, report.S3Writer{})
 	}

-	if p.toAzureBlob {
-		c.Conf.AzureAccount = p.azureAccount
-		if len(c.Conf.AzureAccount) == 0 {
-			c.Conf.AzureAccount = os.Getenv("AZURE_STORAGE_ACCOUNT")
+	if c.Conf.ToAzureBlob {
+		if len(c.Conf.Azure.AccountName) == 0 {
+			c.Conf.Azure.AccountName = os.Getenv("AZURE_STORAGE_ACCOUNT")
 		}

-		c.Conf.AzureKey = p.azureKey
-		if len(c.Conf.AzureKey) == 0 {
-			c.Conf.AzureKey = os.Getenv("AZURE_STORAGE_ACCESS_KEY")
+		if len(c.Conf.Azure.AccountKey) == 0 {
+			c.Conf.Azure.AccountKey = os.Getenv("AZURE_STORAGE_ACCESS_KEY")
 		}

-		c.Conf.AzureContainer = p.azureContainer
-		if len(c.Conf.AzureContainer) == 0 {
+		if len(c.Conf.Azure.ContainerName) == 0 {
 			util.Log.Error("Azure storage container name is required with -azure-container option")
 			return subcommands.ExitUsageError
 		}
 		if err := report.CheckIfAzureContainerExists(); err != nil {
-			util.Log.Errorf("Check if there is a container beforehand: %s, err: %s", c.Conf.AzureContainer, err)
+			util.Log.Errorf("Check if there is a container beforehand: %s, err: %+v",
+				c.Conf.Azure.ContainerName, err)
 			return subcommands.ExitUsageError
 		}
 		reports = append(reports, report.AzureBlobWriter{})
 	}

-	if !(p.formatJSON || p.formatOneLineText ||
-		p.formatShortText || p.formatFullText || p.formatXML) {
-		c.Conf.FormatShortText = true
+	if c.Conf.ToSaas {
+		if !c.Conf.UUID {
+			util.Log.Errorf("If you use the -to-saas option, you need to enable the uuid option")
+			return subcommands.ExitUsageError
+		}
+		reports = append(reports, report.SaasWriter{})
+	}
+
+	if !(c.Conf.FormatJSON || c.Conf.FormatOneLineText ||
+		c.Conf.FormatList || c.Conf.FormatFullText || c.Conf.FormatXML) {
+		c.Conf.FormatList = true
 	}

 	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnReport() {
 		return subcommands.ExitUsageError
 	}
-	if err := report.CveClient.CheckHealth(); err != nil {
-		util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
-		util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-path option")
-		return subcommands.ExitFailure
-	}
-	if c.Conf.CveDBURL != "" {
-		util.Log.Infof("cve-dictionary: %s", c.Conf.CveDBURL)
-	} else {
-		if c.Conf.CveDBType == "sqlite3" {
-			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDBPath)
-		}
-	}

-	if c.Conf.OvalDBURL != "" {
-		err := oval.Base{}.CheckHTTPHealth()
-		if err != nil {
-			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-path option")
-			return subcommands.ExitFailure
-		}
-	}
-
-	var res models.ScanResults
-	if res, err = report.LoadScanResults(dir); err != nil {
+	var loaded models.ScanResults
+	if loaded, err = report.LoadScanResults(dir); err != nil {
 		util.Log.Error(err)
 		return subcommands.ExitFailure
 	}
 	util.Log.Infof("Loaded: %s", dir)

-	if res, err = report.FillCveInfos(res, dir); err != nil {
-		util.Log.Error(err)
+	var res models.ScanResults
+	hasError := false
+	for _, r := range loaded {
+		if len(r.Errors) == 0 {
+			res = append(res, r)
+		} else {
+			util.Log.Errorf("Ignored since errors occurred during scanning: %s, err: %v",
+				r.ServerName, r.Errors)
+			hasError = true
+		}
+	}
+
+	if len(res) == 0 {
 		return subcommands.ExitFailure
 	}

+	for _, r := range res {
+		util.Log.Debugf("%s: %s",
+			r.ServerInfo(),
+			pp.Sprintf("%s", c.Conf.Servers[r.ServerName]))
+	}
+
+	if c.Conf.UUID {
+		// Ensure UUIDs of scan target servers in config.toml
+		if err := report.EnsureUUIDs(p.configPath, res); err != nil {
+			util.Log.Errorf("Failed to ensure UUIDs. err: %+v", err)
+			return subcommands.ExitFailure
+		}
+	}
+
+	if !c.Conf.ToSaas {
+		util.Log.Info("Validating db config...")
+		if !c.Conf.ValidateOnReportDB() {
+			return subcommands.ExitUsageError
+		}
+
+		if c.Conf.CveDict.URL != "" {
+			if err := report.CveClient.CheckHealth(); err != nil {
+				util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+				return subcommands.ExitFailure
+			}
+		}
+
+		if c.Conf.OvalDict.URL != "" {
+			err := oval.Base{}.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("OVAL HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
+				return subcommands.ExitFailure
+			}
+		}
+
+		if c.Conf.Gost.URL != "" {
+			util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+			err := gost.Base{}.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
+				return subcommands.ExitFailure
+			}
+		}
+
+		if c.Conf.Exploit.URL != "" {
+			err := exploit.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run go-exploitdb as server mode before reporting")
+				return subcommands.ExitFailure
+			}
+		}
+
+		if c.Conf.Metasploit.URL != "" {
+			err := msf.CheckHTTPHealth()
+			if err != nil {
+				util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run go-msfdb as server mode before reporting")
+				return subcommands.ExitFailure
+			}
+		}
+		dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+			CveDictCnf:    c.Conf.CveDict,
+			OvalDictCnf:   c.Conf.OvalDict,
+			GostCnf:       c.Conf.Gost,
+			ExploitCnf:    c.Conf.Exploit,
+			MetasploitCnf: c.Conf.Metasploit,
+			DebugSQL:      c.Conf.DebugSQL,
+		})
+		if locked {
+			util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again. err: %+v", err)
+			return subcommands.ExitFailure
+		}
+		if err != nil {
+			util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
+			return subcommands.ExitFailure
+		}
+		defer dbclient.CloseDB()
+
+		if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
+			util.Log.Errorf("%+v", err)
+			return subcommands.ExitFailure
+		}
+	}
+
 	for _, w := range reports {
 		if err := w.Write(res...); err != nil {
-			util.Log.Errorf("Failed to report: %s", err)
+			util.Log.Errorf("Failed to report. err: %+v", err)
 			return subcommands.ExitFailure
 		}
 	}
+
+	if hasError {
+		return subcommands.ExitFailure
+	}
+
 	return subcommands.ExitSuccess
 }
--- a/commands/scan.go
+++ b/commands/scan.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands

 import (
@@ -35,18 +18,8 @@ import (

 // ScanCmd is Subcommand of host discovery mode
 type ScanCmd struct {
-	debug          bool
 	configPath     string
-	resultsDir     string
-	logDir         string
-	cacheDBPath    string
-	httpProxy      string
 	askKeyPassword bool
-	containersOnly bool
-	deep           bool
-	skipBroken     bool
-	sshNative      bool
-	pipe           bool
 	timeoutSec     int
 	scanTimeoutSec int
 }
@@ -61,20 +34,26 @@ func (*ScanCmd) Synopsis() string { return "Scan vulnerabilities" }
 func (*ScanCmd) Usage() string {
 	return `scan:
 	scan
-		[-deep]
 		[-config=/path/to/config.toml]
 		[-results-dir=/path/to/results]
 		[-log-dir=/path/to/log]
 		[-cachedb-path=/path/to/cache.db]
 		[-ssh-native-insecure]
+		[-ssh-config]
 		[-containers-only]
+		[-libs-only]
+		[-wordpress-only]
 		[-skip-broken]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-ask-key-password]
 		[-timeout=300]
 		[-timeout-scan=7200]
 		[-debug]
+		[-quiet]
 		[-pipe]
+		[-vvv]
+		[-ips]
+

 		[SERVER]...
 `
@@ -82,93 +61,72 @@ func (*ScanCmd) Usage() string {

 // SetFlags set flag
 func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")

 	wd, _ := os.Getwd()
-
 	defaultConfPath := filepath.Join(wd, "config.toml")
 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")

 	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&p.resultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")

 	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")

 	defaultCacheDBPath := filepath.Join(wd, "cache.db")
-	f.StringVar(
-		&p.cacheDBPath,
-		"cachedb-path",
-		defaultCacheDBPath,
+	f.StringVar(&c.Conf.CacheDBPath, "cachedb-path", defaultCacheDBPath,
 		"/path/to/cache.db (local cache of changelog for Ubuntu/Debian)")

-	f.BoolVar(
-		&p.sshNative,
-		"ssh-native-insecure",
-		false,
+	f.BoolVar(&c.Conf.SSHNative, "ssh-native-insecure", false,
 		"Use Native Go implementation of SSH. Default: Use the external command")

-	f.BoolVar(
-		&p.containersOnly,
-		"containers-only",
-		false,
-		"Scan containers only. Default: Scan both of hosts and containers")
+	f.BoolVar(&c.Conf.SSHConfig, "ssh-config", false,
+		"[Deprecated] Use SSH options specified in ssh_config preferentially")

-	f.BoolVar(
-		&p.skipBroken,
-		"skip-broken",
-		false,
+	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
+		"Scan running containers only. Default: Scan both of hosts and running containers")
+
+	f.BoolVar(&c.Conf.LibsOnly, "libs-only", false,
+		"Scan libraries (lock files) specified in config.toml only.")
+
+	f.BoolVar(&c.Conf.WordPressOnly, "wordpress-only", false,
+		"Scan WordPress only.")
+
+	f.BoolVar(&c.Conf.SkipBroken, "skip-broken", false,
 		"[For CentOS] yum update changelog with --skip-broken option")

-	f.StringVar(
-		&p.httpProxy,
-		"http-proxy",
-		"",
-		"http://proxy-url:port (default: empty)",
-	)
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")

-	f.BoolVar(
-		&p.askKeyPassword,
-		"ask-key-password",
-		false,
+	f.BoolVar(&p.askKeyPassword, "ask-key-password", false,
 		"Ask ssh privatekey password before scanning",
 	)

-	f.BoolVar(
-		&p.deep,
-		"deep",
-		false,
-		"Deep scan mode. Scan accuracy improves and scanned information becomes richer. Since analysis of changelog, issue commands requiring sudo, but it may be slower and high load on the target server")
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")

-	f.BoolVar(
-		&p.pipe,
-		"pipe",
-		false,
-		"Use stdin via PIPE")
+	f.BoolVar(&c.Conf.DetectIPS, "ips", false, "retrieve IPS information")
+	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")

-	f.IntVar(
-		&p.timeoutSec,
-		"timeout",
-		5*60,
+	f.IntVar(&p.timeoutSec, "timeout", 5*60,
 		"Number of seconds for processing other than scan",
 	)

-	f.IntVar(
-		&p.scanTimeoutSec,
-		"timeout-scan",
-		120*60,
+	f.IntVar(&p.scanTimeoutSec, "timeout-scan", 120*60,
 		"Number of seconds for scanning vulnerabilities for all servers",
 	)
 }

 // Execute execute
 func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-
 	// Setup Logger
-	c.Conf.Debug = p.debug
-	c.Conf.LogDir = p.logDir
 	util.Log = util.NewCustomLogger(c.ServerInfo{})

+	if err := mkdirDotVuls(); err != nil {
+		util.Log.Errorf("Failed to create .vuls. err: %+v", err)
+		return subcommands.ExitUsageError
+	}
+
 	var keyPass string
 	var err error
 	if p.askKeyPassword {
@@ -181,23 +139,35 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})

 	err = c.Load(p.configPath, keyPass)
 	if err != nil {
-		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
-		util.Log.Errorf("If you update Vuls and get this error, there may be incompatible changes in config.toml")
-		util.Log.Errorf("Please check README: https://github.com/future-architect/vuls#configuration")
+		msg := []string{
+			fmt.Sprintf("Error loading %s", p.configPath),
+			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
+			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
+		}
+		util.Log.Errorf("%s\n%+v", strings.Join(msg, "\n"), err)
+		return subcommands.ExitUsageError
+	}
+
+	if c.Conf.SSHConfig {
+		msg := []string{
+			"-ssh-config is deprecated",
+			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
+			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
+		}
+		util.Log.Errorf("%s", strings.Join(msg, "\n"))
 		return subcommands.ExitUsageError
 	}

 	util.Log.Info("Start scanning")
 	util.Log.Infof("config: %s", p.configPath)

-	c.Conf.Pipe = p.pipe
 	var servernames []string
 	if 0 < len(f.Args()) {
 		servernames = f.Args()
 	} else if c.Conf.Pipe {
 		bytes, err := ioutil.ReadAll(os.Stdin)
 		if err != nil {
-			util.Log.Errorf("Failed to read stdin: %s", err)
+			util.Log.Errorf("Failed to read stdin. err: %+v", err)
 			return subcommands.ExitFailure
 		}
 		fields := strings.Fields(string(bytes))
@@ -226,14 +196,6 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 	}
 	util.Log.Debugf("%s", pp.Sprintf("%v", target))

-	c.Conf.ResultsDir = p.resultsDir
-	c.Conf.CacheDBPath = p.cacheDBPath
-	c.Conf.SSHNative = p.sshNative
-	c.Conf.HTTPProxy = p.httpProxy
-	c.Conf.ContainersOnly = p.containersOnly
-	c.Conf.Deep = p.deep
-	c.Conf.SkipBroken = p.skipBroken
-
 	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnScan() {
 		return subcommands.ExitUsageError
@@ -241,16 +203,24 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})

 	util.Log.Info("Detecting Server/Container OS... ")
 	if err := scan.InitServers(p.timeoutSec); err != nil {
-		util.Log.Errorf("Failed to init servers: %s", err)
+		util.Log.Errorf("Failed to init servers: %+v", err)
+		return subcommands.ExitFailure
+	}
+
+	util.Log.Info("Checking Scan Modes... ")
+	if err := scan.CheckScanModes(); err != nil {
+		util.Log.Errorf("Fix config.toml. err: %+v", err)
 		return subcommands.ExitFailure
 	}

 	util.Log.Info("Detecting Platforms... ")
 	scan.DetectPlatforms(p.timeoutSec)
+	util.Log.Info("Detecting IPS identifiers... ")
+	scan.DetectIPSs(p.timeoutSec)

 	util.Log.Info("Scanning vulnerabilities... ")
 	if err := scan.Scan(p.scanTimeoutSec); err != nil {
-		util.Log.Errorf("Failed to scan. err: %s", err)
+		util.Log.Errorf("Failed to scan. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 	fmt.Printf("\n\n\n")
--- a/commands/server.go
+++ b/commands/server.go
@@ -0,0 +1,241 @@
+package commands
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	// "github.com/future-architect/vuls/Server"
+
+	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
+	"github.com/future-architect/vuls/msf"
+	"github.com/future-architect/vuls/oval"
+	"github.com/future-architect/vuls/report"
+	"github.com/future-architect/vuls/server"
+	"github.com/future-architect/vuls/util"
+	"github.com/google/subcommands"
+)
+
+// ServerCmd is subcommand for server
+type ServerCmd struct {
+	configPath     string
+	listen         string
+	cveDict        c.GoCveDictConf
+	ovalDict       c.GovalDictConf
+	gostConf       c.GostConf
+	exploitConf    c.ExploitConf
+	metasploitConf c.MetasploitConf
+}
+
+// Name return subcommand name
+func (*ServerCmd) Name() string { return "server" }
+
+// Synopsis return synopsis
+func (*ServerCmd) Synopsis() string { return "Server" }
+
+// Usage return usage
+func (*ServerCmd) Usage() string {
+	return `Server:
+	Server
+		[-lang=en|ja]
+		[-config=/path/to/config.toml]
+		[-log-dir=/path/to/log]
+		[-cvss-over=7]
+		[-ignore-unscored-cves]
+		[-ignore-unfixed]
+		[-to-localfile]
+		[-format-json]
+		[-http-proxy=http://192.168.0.1:8080]
+		[-debug]
+		[-debug-sql]
+		[-listen=localhost:5515]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
+		[-msfdb-type=sqlite3|mysql|redis|http]
+		[-msfdb-sqlite3-path=/path/to/msfdb.sqlite3]
+		[-msfdb-url=http://127.0.0.1:1327 or DB connection string]
+
+		[RFC3339 datetime format under results dir]
+`
+}
+
+// SetFlags set flag
+func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
+	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
+
+	wd, _ := os.Getwd()
+	f.StringVar(&p.configPath, "config", "", "/path/to/toml")
+
+	defaultResultsDir := filepath.Join(wd, "results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+
+	defaultLogDir := util.GetDefaultLogDir()
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
+
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
+		"-cvss-over=6.5 means Servering CVSS Score 6.5 and over (default: 0 (means Server all))")
+
+	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
+		"Don't Server the unscored CVEs")
+
+	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't Server the unfixed CVEs")
+
+	f.StringVar(&c.Conf.HTTPProxy, "http-proxy", "",
+		"http://proxy-url:port (default: empty)")
+
+	f.BoolVar(&c.Conf.FormatJSON, "format-json", false, "JSON format")
+
+	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
+	f.StringVar(&p.listen, "listen", "localhost:5515",
+		"host:port (default: localhost:5515)")
+
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
+		"http://exploit.com:1326 or DB connection string")
+
+	f.StringVar(&p.metasploitConf.Type, "msfdb-type", "",
+		"DB type of msf (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.metasploitConf.SQLite3Path, "msfdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.metasploitConf.URL, "msfdb-url", "",
+		"http://metasploit.com:1327 or DB connection string")
+}
+
+// Execute execute
+func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
+	util.Log = util.NewCustomLogger(c.ServerInfo{})
+	if p.configPath != "" {
+		if err := c.Load(p.configPath, ""); err != nil {
+			util.Log.Errorf("Error loading %s. err: %+v", p.configPath, err)
+			return subcommands.ExitUsageError
+		}
+	}
+
+	c.Conf.CveDict.Overwrite(p.cveDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.Exploit.Overwrite(p.exploitConf)
+	c.Conf.Metasploit.Overwrite(p.metasploitConf)
+
+	util.Log.Info("Validating config...")
+	if !c.Conf.ValidateOnReport() {
+		return subcommands.ExitUsageError
+	}
+
+	util.Log.Info("Validating db config...")
+	if !c.Conf.ValidateOnReportDB() {
+		return subcommands.ExitUsageError
+	}
+
+	if c.Conf.CveDict.URL != "" {
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.OvalDict.URL != "" {
+		err := oval.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
+			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Gost.URL != "" {
+		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+		err := gost.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Exploit.URL != "" {
+		err := exploit.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Metasploit.URL != "" {
+		err := msf.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-msfdb as server mode before reporting")
+			return subcommands.ExitFailure
+		}
+	}
+	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+		CveDictCnf:    c.Conf.CveDict,
+		OvalDictCnf:   c.Conf.OvalDict,
+		GostCnf:       c.Conf.Gost,
+		ExploitCnf:    c.Conf.Exploit,
+		MetasploitCnf: c.Conf.Metasploit,
+		DebugSQL:      c.Conf.DebugSQL,
+	})
+	if locked {
+		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %+v", err)
+		return subcommands.ExitFailure
+	}
+
+	if err != nil {
+		util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
+		return subcommands.ExitFailure
+	}
+
+	defer dbclient.CloseDB()
+
+	http.Handle("/vuls", server.VulsHandler{DBclient: *dbclient})
+	http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, "ok")
+	})
+	util.Log.Infof("Listening on %s", p.listen)
+	if err := http.ListenAndServe(p.listen, nil); err != nil {
+		util.Log.Errorf("Failed to start server. err: %+v", err)
+		return subcommands.ExitFailure
+	}
+	return subcommands.ExitSuccess
+}
--- a/commands/tui.go
+++ b/commands/tui.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands

 import (
@@ -23,8 +6,13 @@ import (
 	"os"
 	"path/filepath"

+	"github.com/aquasecurity/trivy/pkg/utils"
 	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/msf"
+	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
@@ -32,24 +20,12 @@ import (

 // TuiCmd is Subcommand of host discovery mode
 type TuiCmd struct {
-	lang       string
-	debugSQL   bool
-	debug      bool
-	configPath string
-	logDir     string
-
-	resultsDir string
-	refreshCve bool
-
-	cvedbtype        string
-	cvedbpath        string
-	cveDictionaryURL string
-
-	ovalDBType string
-	ovalDBPath string
-	ovalDBURL  string
-
-	pipe bool
+	configPath     string
+	cveDict        c.GoCveDictConf
+	ovalDict       c.GovalDictConf
+	gostConf       c.GostConf
+	exploitConf    c.ExploitConf
+	metasploitConf c.MetasploitConf
 }

 // Name return subcommand name
@@ -62,19 +38,35 @@ func (*TuiCmd) Synopsis() string { return "Run Tui view to analyze vulnerabiliti
 func (*TuiCmd) Usage() string {
 	return `tui:
 	tui
-		[-config=/path/to/config.toml]
-		[-cvedb-type=sqlite3|mysql|postgres]
-		[-cvedb-path=/path/to/cve.sqlite3]
-		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql]
-		[-ovaldb-path=/path/to/oval.sqlite3]
-		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
 		[-refresh-cve]
+		[-config=/path/to/config.toml]
+		[-cvss-over=7]
+		[-diff]
+		[-ignore-unscored-cves]
+		[-ignore-unfixed]
 		[-results-dir=/path/to/results]
 		[-log-dir=/path/to/log]
 		[-debug]
 		[-debug-sql]
+		[-quiet]
+		[-no-progress]
 		[-pipe]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
+		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
+		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
+		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
+		[-msfdb-type=sqlite3|mysql|redis|http]
+		[-msfdb-sqlite3-path=/path/to/msfdb.sqlite3]
+		[-msfdb-url=http://127.0.0.1:1327 or DB connection string]
+		[-trivy-cachedb-dir=/path/to/dir]

 `
 }
@@ -82,106 +74,105 @@ func (*TuiCmd) Usage() string {
 // SetFlags set flag
 func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
 	//  f.StringVar(&p.lang, "lang", "en", "[en|ja]")
-	f.BoolVar(&p.debugSQL, "debug-sql", false, "debug SQL")
-	f.BoolVar(&p.debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "debug SQL")
+	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
+	f.BoolVar(&c.Conf.NoProgress, "no-progress", false, "Suppress progress bar")

 	defaultLogDir := util.GetDefaultLogDir()
-	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
+	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")

 	wd, _ := os.Getwd()
 	defaultResultsDir := filepath.Join(wd, "results")
-	f.StringVar(&p.resultsDir, "results-dir", defaultResultsDir, "/path/to/results")
+	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")

 	defaultConfPath := filepath.Join(wd, "config.toml")
 	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")

-	f.BoolVar(
-		&p.refreshCve,
-		"refresh-cve",
-		false,
+	f.BoolVar(&c.Conf.RefreshCve, "refresh-cve", false,
 		"Refresh CVE information in JSON file under results dir")

-	f.StringVar(
-		&p.cvedbtype,
-		"cvedb-type",
-		"sqlite3",
-		"DB type for fetching CVE dictionary (sqlite3, mysql or postgres)")
+	f.Float64Var(&c.Conf.CvssScoreOver, "cvss-over", 0,
+		"-cvss-over=6.5 means reporting CVSS Score 6.5 and over (default: 0 (means report all))")

-	defaultCveDBPath := filepath.Join(wd, "cve.sqlite3")
-	f.StringVar(
-		&p.cvedbpath,
-		"cvedb-path",
-		defaultCveDBPath,
-		"/path/to/sqlite3 (For get cve detail from cve.sqlite3)")
-
-	f.StringVar(
-		&p.cveDictionaryURL,
-		"cvedb-url",
-		"",
-		"http://cve-dictionary.example.com:1323 or mysql connection string")
-
-	f.StringVar(
-		&p.ovalDBType,
-		"ovaldb-type",
-		"sqlite3",
-		"DB type for fetching OVAL dictionary (sqlite3 or mysql)")
-
-	defaultOvalDBPath := filepath.Join(wd, "oval.sqlite3")
-	f.StringVar(
-		&p.ovalDBPath,
-		"ovaldb-path",
-		defaultOvalDBPath,
-		"/path/to/sqlite3 (For get oval detail from oval.sqlite3)")
-
-	f.StringVar(
-		&p.ovalDBURL,
-		"ovaldb-url",
-		"",
-		"http://goval-dictionary.example.com:1324 or mysql connection string")
+	f.BoolVar(&c.Conf.Diff, "diff", false,
+		"Difference between previous result and current result ")

 	f.BoolVar(
-		&p.pipe,
-		"pipe",
-		false,
-		"Use stdin via PIPE")
+		&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
+		"Don't report the unscored CVEs")
+
+	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+		"Don't report the unfixed CVEs")
+
+	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
+
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
+		"http://go-cve-dictionary.com:1323 or DB connection string")
+
+	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
+		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
+		"http://goval-dictionary.com:1324 or DB connection string")
+
+	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
+		"DB type of gost (sqlite3, mysql, postgres or redis)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
+		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
+		"http://exploit.com:1326 or DB connection string")
+
+	f.StringVar(&p.metasploitConf.Type, "msfdb-type", "",
+		"DB type of msf (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.metasploitConf.SQLite3Path, "msfdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.metasploitConf.URL, "msfdb-url", "",
+		"http://metasploit.com:1327 or DB connection string")
+
+	f.StringVar(&c.Conf.TrivyCacheDBDir, "trivy-cachedb-dir",
+		utils.DefaultCacheDir(), "/path/to/dir")
 }

 // Execute execute
 func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) subcommands.ExitStatus {
-	c.Conf.Lang = "en"
-
-	// Setup Logger
-	c.Conf.Debug = p.debug
-	c.Conf.DebugSQL = p.debugSQL
-	c.Conf.LogDir = p.logDir
 	util.Log = util.NewCustomLogger(c.ServerInfo{})
-	log := util.Log
-
 	if err := c.Load(p.configPath, ""); err != nil {
-		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("Error loading %s, err: %+v", p.configPath, err)
 		return subcommands.ExitUsageError
 	}

-	c.Conf.ResultsDir = p.resultsDir
-	c.Conf.CveDBType = p.cvedbtype
-	c.Conf.CveDBPath = p.cvedbpath
-	c.Conf.CveDBURL = p.cveDictionaryURL
-	c.Conf.OvalDBType = p.ovalDBType
-	c.Conf.OvalDBPath = p.ovalDBPath
-	c.Conf.OvalDBURL = p.ovalDBURL
+	c.Conf.Lang = "en"
+	c.Conf.CveDict.Overwrite(p.cveDict)
+	c.Conf.OvalDict.Overwrite(p.ovalDict)
+	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.Exploit.Overwrite(p.exploitConf)
+	c.Conf.Metasploit.Overwrite(p.metasploitConf)

-	log.Info("Validating config...")
+	var dir string
+	var err error
+	if c.Conf.Diff {
+		dir, err = report.JSONDir([]string{})
+	} else {
+		dir, err = report.JSONDir(f.Args())
+	}
+	if err != nil {
+		util.Log.Errorf("Failed to read from JSON. err: %+v", err)
+		return subcommands.ExitFailure
+	}
+
+	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnTui() {
 		return subcommands.ExitUsageError
 	}

-	c.Conf.Pipe = p.pipe
-
-	dir, err := report.JSONDir(f.Args())
-	if err != nil {
-		util.Log.Errorf("Failed to read from JSON: %s", err)
-		return subcommands.ExitFailure
-	}
 	var res models.ScanResults
 	if res, err = report.LoadScanResults(dir); err != nil {
 		util.Log.Error(err)
@@ -189,9 +180,86 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 	}
 	util.Log.Infof("Loaded: %s", dir)

-	if res, err = report.FillCveInfos(res, dir); err != nil {
+	util.Log.Info("Validating db config...")
+	if !c.Conf.ValidateOnReportDB() {
+		return subcommands.ExitUsageError
+	}
+
+	if c.Conf.CveDict.URL != "" {
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.OvalDict.URL != "" {
+		err := oval.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("OVAL HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Gost.URL != "" {
+		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+		err := gost.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Exploit.URL != "" {
+		err := exploit.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Metasploit.URL != "" {
+		err := msf.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("metasploit HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-msfdb as server mode before reporting")
+			return subcommands.ExitFailure
+		}
+	}
+	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
+		CveDictCnf:    c.Conf.CveDict,
+		OvalDictCnf:   c.Conf.OvalDict,
+		GostCnf:       c.Conf.Gost,
+		ExploitCnf:    c.Conf.Exploit,
+		MetasploitCnf: c.Conf.Metasploit,
+		DebugSQL:      c.Conf.DebugSQL,
+	})
+	if locked {
+		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %+v", err)
+		return subcommands.ExitFailure
+	}
+
+	if err != nil {
+		util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
+		return subcommands.ExitFailure
+	}
+
+	defer dbclient.CloseDB()
+
+	if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
 		util.Log.Error(err)
 		return subcommands.ExitFailure
 	}
+
+	for _, r := range res {
+		if len(r.Warnings) != 0 {
+			util.Log.Warnf("Warning: Some warnings occurred while scanning on %s: %s",
+				r.FormatServerName(), r.Warnings)
+		}
+	}
+
 	return report.RunTui(res)
 }
--- a/commands/util.go
+++ b/commands/util.go
@@ -1,26 +1,13 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands

 import (
 	"fmt"
+	"os"
+	"path/filepath"

 	"github.com/howeyc/gopass"
+	homedir "github.com/mitchellh/go-homedir"
+	"golang.org/x/xerrors"
 )

 func getPasswd(prompt string) (string, error) {
@@ -28,11 +15,25 @@ func getPasswd(prompt string) (string, error) {
 		fmt.Print(prompt)
 		pass, err := gopass.GetPasswdMasked()
 		if err != nil {
-			return "", fmt.Errorf("Failed to read password")
+			return "", xerrors.New("Failed to read a password")
 		}
 		if 0 < len(pass) {
-			return string(pass[:]), nil
+			return string(pass), nil
 		}
 	}

 }
+
+func mkdirDotVuls() error {
+	home, err := homedir.Dir()
+	if err != nil {
+		return err
+	}
+	dotVuls := filepath.Join(home, ".vuls")
+	if _, err := os.Stat(dotVuls); os.IsNotExist(err) {
+		if err := os.Mkdir(dotVuls, 0700); err != nil {
+			return err
+		}
+	}
+	return nil
+}
--- a/commands/util_test.go
+++ b/commands/util_test.go
@@ -1,18 +0,0 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package commands
--- a/config/color.go
+++ b/config/color.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config

 var (
--- a/config/config.go
+++ b/config/config.go
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -0,0 +1,103 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestSyslogConfValidate(t *testing.T) {
+	var tests = []struct {
+		conf              SyslogConf
+		expectedErrLength int
+	}{
+		{
+			conf:              SyslogConf{},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "tcp",
+				Port:     "5140",
+			},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "udp",
+				Port:     "12345",
+				Severity: "emerg",
+				Facility: "user",
+			},
+			expectedErrLength: 0,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "foo",
+				Port:     "514",
+			},
+			expectedErrLength: 1,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "invalid",
+				Port:     "-1",
+			},
+			expectedErrLength: 2,
+		},
+		{
+			conf: SyslogConf{
+				Protocol: "invalid",
+				Port:     "invalid",
+				Severity: "invalid",
+				Facility: "invalid",
+			},
+			expectedErrLength: 4,
+		},
+	}
+
+	for i, tt := range tests {
+		Conf.ToSyslog = true
+		errs := tt.conf.Validate()
+		if len(errs) != tt.expectedErrLength {
+			t.Errorf("test: %d, expected %d, actual %d", i, tt.expectedErrLength, len(errs))
+		}
+	}
+}
+
+func TestDistro_MajorVersion(t *testing.T) {
+	var tests = []struct {
+		in  Distro
+		out int
+	}{
+		{
+			in: Distro{
+				Family:  Amazon,
+				Release: "2 (2017.12)",
+			},
+			out: 2,
+		},
+		{
+			in: Distro{
+				Family:  Amazon,
+				Release: "2017.12",
+			},
+			out: 1,
+		},
+		{
+			in: Distro{
+				Family:  CentOS,
+				Release: "7.10",
+			},
+			out: 7,
+		},
+	}
+
+	for i, tt := range tests {
+		ver, err := tt.in.MajorVersion()
+		if err != nil {
+			t.Errorf("[%d] err occurred: %s", i, err)
+		}
+		if tt.out != ver {
+			t.Errorf("[%d] expected %d, actual %d", i, tt.out, ver)
+		}
+	}
+}
--- a/config/ips.go
+++ b/config/ips.go
@@ -0,0 +1,9 @@
+package config
+
+// IPS is
+type IPS string
+
+const (
+	// DeepSecurity is
+	DeepSecurity IPS = "deepsecurity"
+)
--- a/config/jsonloader.go
+++ b/config/jsonloader.go
@@ -1,29 +1,12 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config

-import "fmt"
+import "golang.org/x/xerrors"

 // JSONLoader loads configuration
 type JSONLoader struct {
 }

-// Load load the configuraiton JSON file specified by path arg.
+// Load load the configuration JSON file specified by path arg.
 func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error) {
-	return fmt.Errorf("Not implement yet")
+	return xerrors.New("Not implement yet")
 }
--- a/config/loader.go
+++ b/config/loader.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config

 // Load loads configuration
--- a/config/tomlloader.go
+++ b/config/tomlloader.go
@@ -1,49 +1,41 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config

 import (
-	"fmt"
-	"os"
+	"regexp"
+	"strings"

 	"github.com/BurntSushi/toml"
-	"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
-	log "github.com/sirupsen/logrus"
+	"github.com/knqyf263/go-cpe/naming"
+	"golang.org/x/xerrors"
 )

 // TOMLLoader loads config
 type TOMLLoader struct {
 }

-// Load load the configuraiton TOML file specified by path arg.
+// Load load the configuration TOML file specified by path arg.
 func (c TOMLLoader) Load(pathToToml, keyPass string) error {
-	if Conf.Debug {
-		log.SetLevel(log.DebugLevel)
-	}
-
 	var conf Config
 	if _, err := toml.DecodeFile(pathToToml, &conf); err != nil {
-		log.Error("Load config failed", err)
 		return err
 	}
-
 	Conf.EMail = conf.EMail
 	Conf.Slack = conf.Slack
+	Conf.Stride = conf.Stride
+	Conf.HipChat = conf.HipChat
+	Conf.ChatWork = conf.ChatWork
+	Conf.Telegram = conf.Telegram
+	Conf.Saas = conf.Saas
+	Conf.Syslog = conf.Syslog
+	Conf.HTTP = conf.HTTP
+	Conf.AWS = conf.AWS
+	Conf.Azure = conf.Azure
+
+	Conf.CveDict = conf.CveDict
+	Conf.OvalDict = conf.OvalDict
+	Conf.Gost = conf.Gost
+	Conf.Exploit = conf.Exploit
+	Conf.Metasploit = conf.Metasploit

 	d := conf.Default
 	Conf.Default = d
@@ -54,53 +46,81 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 	}

 	i := 0
-	for name, v := range conf.Servers {
+	for serverName, v := range conf.Servers {
 		if 0 < len(v.KeyPassword) {
-			log.Warn("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE.")
+			return xerrors.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", serverName)
 		}

-		s := ServerInfo{ServerName: name}
+		s := ServerInfo{ServerName: serverName}
+		if v.Type != ServerTypePseudo {
+			s.Host = v.Host
+			if len(s.Host) == 0 {
+				return xerrors.Errorf("%s is invalid. host is empty", serverName)
+			}

-		s.Host = v.Host
-		if len(s.Host) == 0 {
-			return fmt.Errorf("%s is invalid. host is empty", name)
-		}
+			s.JumpServer = v.JumpServer
+			if len(s.JumpServer) == 0 {
+				s.JumpServer = d.JumpServer
+			}

-		switch {
-		case v.Port != "":
-			s.Port = v.Port
-		case d.Port != "":
-			s.Port = d.Port
-		default:
-			s.Port = "22"
-		}
+			switch {
+			case v.Port != "":
+				s.Port = v.Port
+			case d.Port != "":
+				s.Port = d.Port
+			default:
+				s.Port = "22"
+			}

-		switch {
-		case v.User != "":
-			s.User = v.User
-		case d.User != "":
-			s.User = d.User
-		default:
-			if s.Port != "local" {
-				return fmt.Errorf("%s is invalid. User is empty", name)
+			switch {
+			case v.User != "":
+				s.User = v.User
+			case d.User != "":
+				s.User = d.User
+			default:
+				if s.Port != "local" {
+					return xerrors.Errorf("%s is invalid. User is empty", serverName)
+				}
+			}
+
+			s.SSHConfigPath = v.SSHConfigPath
+			if len(s.SSHConfigPath) == 0 {
+				s.SSHConfigPath = d.SSHConfigPath
+			}
+
+			s.KeyPath = v.KeyPath
+			if len(s.KeyPath) == 0 {
+				s.KeyPath = d.KeyPath
+			}
+			s.KeyPassword = v.KeyPassword
+			if len(s.KeyPassword) == 0 {
+				s.KeyPassword = d.KeyPassword
 			}
 		}

-		s.KeyPath = v.KeyPath
-		if len(s.KeyPath) == 0 {
-			s.KeyPath = d.KeyPath
-		}
-		if s.KeyPath != "" {
-			if _, err := os.Stat(s.KeyPath); err != nil {
-				return fmt.Errorf(
-					"%s is invalid. keypath: %s not exists", name, s.KeyPath)
+		s.ScanMode = v.ScanMode
+		if len(s.ScanMode) == 0 {
+			s.ScanMode = d.ScanMode
+			if len(s.ScanMode) == 0 {
+				s.ScanMode = []string{"fast"}
 			}
 		}
-
-		//  s.KeyPassword = keyPass
-		s.KeyPassword = v.KeyPassword
-		if len(s.KeyPassword) == 0 {
-			s.KeyPassword = d.KeyPassword
+		for _, m := range s.ScanMode {
+			switch m {
+			case "fast":
+				s.Mode.Set(Fast)
+			case "fast-root":
+				s.Mode.Set(FastRoot)
+			case "deep":
+				s.Mode.Set(Deep)
+			case "offline":
+				s.Mode.Set(Offline)
+			default:
+				return xerrors.Errorf("scanMode: %s of %s is invalie. Specify -fast, -fast-root, -deep or offline", m, serverName)
+			}
+		}
+		if err := s.Mode.validate(); err != nil {
+			return xerrors.Errorf("%s in %s", err, serverName)
 		}

 		s.CpeNames = v.CpeNames
@@ -108,26 +128,54 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			s.CpeNames = d.CpeNames
 		}

-		s.DependencyCheckXMLPath = v.DependencyCheckXMLPath
-		if len(s.DependencyCheckXMLPath) == 0 {
-			s.DependencyCheckXMLPath = d.DependencyCheckXMLPath
+		s.Lockfiles = v.Lockfiles
+		if len(s.Lockfiles) == 0 {
+			s.Lockfiles = d.Lockfiles
 		}

-		// Load CPEs from OWASP Dependency Check XML
-		if len(s.DependencyCheckXMLPath) != 0 {
-			cpes, err := parser.Parse(s.DependencyCheckXMLPath)
+		s.FindLock = v.FindLock
+
+		for i, n := range s.CpeNames {
+			uri, err := toCpeURI(n)
 			if err != nil {
-				return fmt.Errorf(
-					"Failed to read OWASP Dependency Check XML: %s", err)
+				return xerrors.Errorf("Failed to parse CPENames %s in %s, err: %w", n, serverName, err)
 			}
-			log.Debugf("Loaded from OWASP Dependency Check XML: %s",
-				s.ServerName)
-			s.CpeNames = append(s.CpeNames, cpes...)
+			s.CpeNames[i] = uri
+		}
+
+		s.ContainersIncluded = v.ContainersIncluded
+		if len(s.ContainersIncluded) == 0 {
+			s.ContainersIncluded = d.ContainersIncluded
+		}
+
+		s.ContainersExcluded = v.ContainersExcluded
+		if len(s.ContainersExcluded) == 0 {
+			s.ContainersExcluded = d.ContainersExcluded
+		}
+
+		s.ContainerType = v.ContainerType
+		if len(s.ContainerType) == 0 {
+			s.ContainerType = d.ContainerType
 		}

 		s.Containers = v.Containers
-		if len(s.Containers.Includes) == 0 {
-			s.Containers = d.Containers
+		for contName, cont := range s.Containers {
+			cont.IgnoreCves = append(cont.IgnoreCves, d.IgnoreCves...)
+			s.Containers[contName] = cont
+		}
+
+		if len(v.DependencyCheckXMLPath) != 0 || len(d.DependencyCheckXMLPath) != 0 {
+			return xerrors.Errorf("[DEPRECATED] dependencyCheckXMLPath IS DEPRECATED. USE owaspDCXMLPath INSTEAD: %s", serverName)
+		}
+
+		s.OwaspDCXMLPath = v.OwaspDCXMLPath
+		if len(s.OwaspDCXMLPath) == 0 {
+			s.OwaspDCXMLPath = d.OwaspDCXMLPath
+		}
+
+		s.Memo = v.Memo
+		if s.Memo == "" {
+			s.Memo = d.Memo
 		}

 		s.IgnoreCves = v.IgnoreCves
@@ -144,19 +192,43 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			}
 		}

-		s.Optional = v.Optional
-		for _, dkv := range d.Optional {
+		s.IgnorePkgsRegexp = v.IgnorePkgsRegexp
+		for _, pkg := range d.IgnorePkgsRegexp {
 			found := false
-			for _, kv := range s.Optional {
-				if dkv[0] == kv[0] {
+			for _, p := range s.IgnorePkgsRegexp {
+				if pkg == p {
 					found = true
 					break
 				}
 			}
 			if !found {
-				s.Optional = append(s.Optional, dkv)
+				s.IgnorePkgsRegexp = append(s.IgnorePkgsRegexp, pkg)
 			}
 		}
+		for _, reg := range s.IgnorePkgsRegexp {
+			_, err := regexp.Compile(reg)
+			if err != nil {
+				return xerrors.Errorf("Faild to parse %s in %s. err: %w", reg, serverName, err)
+			}
+		}
+		for contName, cont := range s.Containers {
+			for _, reg := range cont.IgnorePkgsRegexp {
+				_, err := regexp.Compile(reg)
+				if err != nil {
+					return xerrors.Errorf("Faild to parse %s in %s@%s. err: %w",
+						reg, contName, serverName, err)
+				}
+			}
+		}
+
+		opt := map[string]interface{}{}
+		for k, v := range d.Optional {
+			opt[k] = v
+		}
+		for k, v := range v.Optional {
+			opt[k] = v
+		}
+		s.Optional = opt

 		s.Enablerepo = v.Enablerepo
 		if len(s.Enablerepo) == 0 {
@@ -168,18 +240,56 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 				case "base", "updates":
 					// nop
 				default:
-					return fmt.Errorf(
+					return xerrors.Errorf(
 						"For now, enablerepo have to be base or updates: %s, servername: %s",
-						s.Enablerepo, name)
+						s.Enablerepo, serverName)
 				}
 			}
 		}

+		s.GitHubRepos = v.GitHubRepos
+		for ownerRepo, githubSetting := range s.GitHubRepos {
+			if ss := strings.Split(ownerRepo, "/"); len(ss) != 2 {
+				return xerrors.Errorf("Failed to parse GitHub owner/repo: %s in %s",
+					ownerRepo, serverName)
+			}
+			if githubSetting.Token == "" {
+				return xerrors.Errorf("GitHub owner/repo: %s in %s token is empty",
+					ownerRepo, serverName)
+			}
+		}
+
+		s.UUIDs = v.UUIDs
+		s.Type = v.Type
+
+		s.WordPress.WPVulnDBToken = v.WordPress.WPVulnDBToken
+		s.WordPress.CmdPath = v.WordPress.CmdPath
+		s.WordPress.DocRoot = v.WordPress.DocRoot
+		s.WordPress.OSUser = v.WordPress.OSUser
+		s.WordPress.IgnoreInactive = v.WordPress.IgnoreInactive
+
 		s.LogMsgAnsiColor = Colors[i%len(Colors)]
 		i++

-		servers[name] = s
+		servers[serverName] = s
 	}
 	Conf.Servers = servers
 	return nil
 }
+
+func toCpeURI(cpename string) (string, error) {
+	if strings.HasPrefix(cpename, "cpe:2.3:") {
+		wfn, err := naming.UnbindFS(cpename)
+		if err != nil {
+			return "", err
+		}
+		return naming.BindToURI(wfn), nil
+	} else if strings.HasPrefix(cpename, "cpe:/") {
+		wfn, err := naming.UnbindURI(cpename)
+		if err != nil {
+			return "", err
+		}
+		return naming.BindToURI(wfn), nil
+	}
+	return "", xerrors.Errorf("Unknow CPE format: %s", cpename)
+}
--- a/config/tomlloader_test.go
+++ b/config/tomlloader_test.go
@@ -0,0 +1,44 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestToCpeURI(t *testing.T) {
+	var tests = []struct {
+		in       string
+		expected string
+		err      bool
+	}{
+		{
+			in:       "",
+			expected: "",
+			err:      true,
+		},
+		{
+			in:       "cpe:/a:microsoft:internet_explorer:10",
+			expected: "cpe:/a:microsoft:internet_explorer:10",
+			err:      false,
+		},
+		{
+			in:       "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
+			expected: "cpe:/a:microsoft:internet_explorer:10",
+			err:      false,
+		},
+	}
+
+	for i, tt := range tests {
+		actual, err := toCpeURI(tt.in)
+		if err != nil && !tt.err {
+			t.Errorf("[%d] unexpected error occurred, in: %s act: %s, exp: %s",
+				i, tt.in, actual, tt.expected)
+		} else if err == nil && tt.err {
+			t.Errorf("[%d] expected error is not occurred, in: %s act: %s, exp: %s",
+				i, tt.in, actual, tt.expected)
+		}
+		if actual != tt.expected {
+			t.Errorf("[%d] in: %s, actual: %s, expected: %s",
+				i, tt.in, actual, tt.expected)
+		}
+	}
+}
--- a/contrib/future-vuls/README.md
+++ b/contrib/future-vuls/README.md
@@ -0,0 +1,38 @@
+# future-vuls
+
+## Main Features
+
+- upload vuls results json to future-vuls
+
+## Installation
+
+```
+git clone https://github.com/future-architect/vuls.git
+make build-future-vuls
+```
+
+## Command Reference
+
+```
+Upload to FutureVuls
+
+Usage:
+  future-vuls upload [flags]
+
+Flags:
+      --config string   config file (default is $HOME/.cobra.yaml)
+  -g, --group-id int    future vuls group id, ENV: VULS_GROUP_ID
+  -h, --help            help for upload
+  -s, --stdin           input from stdin. ENV: VULS_STDIN
+  -t, --token string    future vuls token
+      --url string      future vuls upload url
+      --uuid string     server uuid. ENV: VULS_SERVER_UUID
+```
+
+## Usage
+
+- update results json
+
+```
+ cat results.json | future-vuls upload --stdin --token xxxx --url https://xxxx --group-id 1 --uuid xxxx
+```
--- a/contrib/future-vuls/cmd/main.go
+++ b/contrib/future-vuls/cmd/main.go
@@ -0,0 +1,98 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"os"
+	"strconv"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/report"
+	"github.com/spf13/cobra"
+)
+
+var (
+	configFile string
+	stdIn      bool
+	jsonDir    string
+	serverUUID string
+	groupID    int64
+	token      string
+	url        string
+)
+
+func main() {
+	var err error
+	var cmdFvulsUploader = &cobra.Command{
+		Use:   "upload",
+		Short: "Upload to FutureVuls",
+		Long:  `Upload to FutureVuls`,
+		Run: func(cmd *cobra.Command, args []string) {
+			if len(serverUUID) == 0 {
+				serverUUID = os.Getenv("VULS_SERVER_UUID")
+			}
+			if groupID == 0 {
+				envGroupID := os.Getenv("VULS_GROUP_ID")
+				if groupID, err = strconv.ParseInt(envGroupID, 10, 64); err != nil {
+					fmt.Printf("Invalid GroupID: %s\n", envGroupID)
+					return
+				}
+			}
+			if len(url) == 0 {
+				url = os.Getenv("VULS_URL")
+			}
+			if len(token) == 0 {
+				token = os.Getenv("VULS_TOKEN")
+			}
+
+			var scanResultJSON []byte
+			if stdIn {
+				reader := bufio.NewReader(os.Stdin)
+				buf := new(bytes.Buffer)
+				if _, err = buf.ReadFrom(reader); err != nil {
+					return
+				}
+				scanResultJSON = buf.Bytes()
+			} else {
+				fmt.Println("use --stdin option")
+				os.Exit(1)
+				return
+			}
+
+			var scanResult models.ScanResult
+			if err = json.Unmarshal(scanResultJSON, &scanResult); err != nil {
+				fmt.Println("Failed to parse json", err)
+				os.Exit(1)
+				return
+			}
+			scanResult.ServerUUID = serverUUID
+
+			config.Conf.Saas.GroupID = groupID
+			config.Conf.Saas.Token = token
+			config.Conf.Saas.URL = url
+			if err = (report.SaasWriter{}).Write(scanResult); err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+				return
+			}
+			return
+		},
+	}
+	cmdFvulsUploader.PersistentFlags().StringVar(&serverUUID, "uuid", "", "server uuid. ENV: VULS_SERVER_UUID")
+	cmdFvulsUploader.PersistentFlags().StringVar(&configFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
+	cmdFvulsUploader.PersistentFlags().BoolVarP(&stdIn, "stdin", "s", false, "input from stdin. ENV: VULS_STDIN")
+	// TODO Read JSON file from directory
+	//	cmdFvulsUploader.Flags().StringVarP(&jsonDir, "results-dir", "d", "./", "vuls scan results json dir")
+	cmdFvulsUploader.PersistentFlags().Int64VarP(&groupID, "group-id", "g", 0, "future vuls group id, ENV: VULS_GROUP_ID")
+	cmdFvulsUploader.PersistentFlags().StringVarP(&token, "token", "t", "", "future vuls token")
+	cmdFvulsUploader.PersistentFlags().StringVar(&url, "url", "", "future vuls upload url")
+
+	var rootCmd = &cobra.Command{Use: "future-vuls"}
+	rootCmd.AddCommand(cmdFvulsUploader)
+	if err = rootCmd.Execute(); err != nil {
+		fmt.Println("Failed to execute command", err)
+	}
+}
--- a/contrib/owasp-dependency-check/parser/parser.go
+++ b/contrib/owasp-dependency-check/parser/parser.go
@@ -2,10 +2,13 @@ package parser

 import (
 	"encoding/xml"
-	"fmt"
 	"io/ioutil"
 	"os"
 	"strings"
+
+	"github.com/knqyf263/go-cpe/naming"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/xerrors"
 )

 type analysis struct {
@@ -13,12 +16,11 @@ type analysis struct {
 }

 type dependency struct {
-	Identifiers []identifier `xml:"identifiers>identifier"`
+	Identifiers []vulnerabilityID `xml:"identifiers>vulnerabilityIds"`
 }

-type identifier struct {
-	Name string `xml:"name"`
-	Type string `xml:"type,attr"`
+type vulnerabilityID struct {
+	ID string `xml:"id"`
 }

 func appendIfMissing(slice []string, str string) []string {
@@ -30,32 +32,39 @@ func appendIfMissing(slice []string, str string) []string {
 	return append(slice, str)
 }

-// Parse parses XML and collect list of cpe
+// Parse parses OWASP dependency check XML and collect list of cpe
 func Parse(path string) ([]string, error) {
 	file, err := os.Open(path)
 	if err != nil {
-		return nil, fmt.Errorf("Failed to open: %s", err)
+		log.Warnf("OWASP Dependency Check XML is not found: %s", path)
+		return []string{}, nil
 	}
 	defer file.Close()

 	b, err := ioutil.ReadAll(file)
 	if err != nil {
-		return nil, fmt.Errorf("Failed to read: %s", err)
+		log.Warnf("Failed to read OWASP Dependency Check XML: %s", path)
+		return []string{}, nil
 	}

 	var anal analysis
 	if err := xml.Unmarshal(b, &anal); err != nil {
-		return nil, fmt.Errorf("Failed to unmarshal: %s", err)
+		return nil, xerrors.Errorf("Failed to unmarshal: %s", err)
 	}

 	cpes := []string{}
 	for _, d := range anal.Dependencies {
 		for _, ident := range d.Identifiers {
-			if ident.Type == "cpe" {
-				name := strings.TrimPrefix(ident.Name, "(")
-				name = strings.TrimSuffix(name, ")")
-				cpes = appendIfMissing(cpes, name)
+			id := ident.ID // Start with cpe:2.3:
+			// Convert from CPE 2.3 to CPE 2.2
+			if strings.HasPrefix(id, "cpe:2.3:") {
+				wfn, err := naming.UnbindFS(id)
+				if err != nil {
+					return []string{}, err
+				}
+				id = naming.BindToURI(wfn)
 			}
+			cpes = appendIfMissing(cpes, id)
 		}
 	}
 	return cpes, nil
--- a/contrib/trivy/README.md
+++ b/contrib/trivy/README.md
@@ -0,0 +1,35 @@
+# trivy-to-vuls
+
+## Main Features
+
+- convert trivy's results json to vuls's report json
+
+## Installation
+
+```
+git clone https://github.com/future-architect/vuls.git
+make build-trivy-to-vuls
+```
+
+## Command Reference
+
+```
+Parse trivy json to vuls results
+
+Usage:
+  trivy-to-vuls parse [flags]
+
+Flags:
+  -h, --help                          help for parse
+  -s, --stdin                         input from stdin
+  -d, --trivy-json-dir string         trivy json dir (default "./")
+  -f, --trivy-json-file-name string   trivy json file name (default "results.json")
+```
+
+## Usage
+
+- use trivy output
+
+```
+ trivy -q image -f=json python:3.4-alpine | trivy-to-vuls parse --stdin
+```
--- a/contrib/trivy/cmd/main.go
+++ b/contrib/trivy/cmd/main.go
@@ -0,0 +1,78 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/future-architect/vuls/contrib/trivy/parser"
+	"github.com/future-architect/vuls/models"
+	"github.com/spf13/cobra"
+)
+
+var (
+	serverUUID   string
+	stdIn        bool
+	jsonDir      string
+	jsonFileName string
+)
+
+func main() {
+	var err error
+	var cmdTrivyToVuls = &cobra.Command{
+		Use:   "parse",
+		Short: "Parse trivy json to vuls results",
+		Long:  `Parse trivy json to vuls results`,
+		Run: func(cmd *cobra.Command, args []string) {
+			jsonFilePath := filepath.Join(jsonDir, jsonFileName)
+			var trivyJSON []byte
+			if stdIn {
+				reader := bufio.NewReader(os.Stdin)
+				buf := new(bytes.Buffer)
+				if _, err = buf.ReadFrom(reader); err != nil {
+					os.Exit(1)
+					return
+				}
+				trivyJSON = buf.Bytes()
+			} else {
+				if trivyJSON, err = ioutil.ReadFile(jsonFilePath); err != nil {
+					fmt.Println("Failed to read file", err)
+					os.Exit(1)
+					return
+				}
+			}
+
+			scanResult := &models.ScanResult{
+				JSONVersion: models.JSONVersion,
+				ScannedCves: models.VulnInfos{},
+			}
+			if scanResult, err = parser.Parse(trivyJSON, scanResult); err != nil {
+				fmt.Println("Failed to execute command", err)
+				os.Exit(1)
+				return
+			}
+			var resultJSON []byte
+			if resultJSON, err = json.MarshalIndent(scanResult, "", "   "); err != nil {
+				fmt.Println("Failed to create json", err)
+				os.Exit(1)
+				return
+			}
+			fmt.Println(string(resultJSON))
+			return
+		},
+	}
+	cmdTrivyToVuls.Flags().BoolVarP(&stdIn, "stdin", "s", false, "input from stdin")
+	cmdTrivyToVuls.Flags().StringVarP(&jsonDir, "trivy-json-dir", "d", "./", "trivy json dir")
+	cmdTrivyToVuls.Flags().StringVarP(&jsonFileName, "trivy-json-file-name", "f", "results.json", "trivy json file name")
+
+	var rootCmd = &cobra.Command{Use: "trivy-to-vuls"}
+	rootCmd.AddCommand(cmdTrivyToVuls)
+	if err = rootCmd.Execute(); err != nil {
+		fmt.Println("Failed to execute command", err)
+		os.Exit(1)
+	}
+}
--- a/contrib/trivy/parser/parser.go
+++ b/contrib/trivy/parser/parser.go
@@ -0,0 +1,164 @@
+package parser
+
+import (
+	"encoding/json"
+	"sort"
+	"time"
+
+	"github.com/aquasecurity/fanal/analyzer/os"
+	"github.com/aquasecurity/trivy/pkg/report"
+	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/future-architect/vuls/models"
+)
+
+// Parse :
+func Parse(vulnJSON []byte, scanResult *models.ScanResult) (result *models.ScanResult, err error) {
+	var trivyResults report.Results
+	if err = json.Unmarshal(vulnJSON, &trivyResults); err != nil {
+		return nil, err
+	}
+
+	pkgs := models.Packages{}
+	vulnInfos := models.VulnInfos{}
+	uniqueLibraryScannerPaths := map[string]models.LibraryScanner{}
+	for _, trivyResult := range trivyResults {
+		for _, vuln := range trivyResult.Vulnerabilities {
+			if _, ok := vulnInfos[vuln.VulnerabilityID]; !ok {
+				vulnInfos[vuln.VulnerabilityID] = models.VulnInfo{
+					CveID: vuln.VulnerabilityID,
+					Confidences: models.Confidences{
+						{
+							Score:           100,
+							DetectionMethod: models.TrivyMatchStr,
+						},
+					},
+					AffectedPackages: models.PackageFixStatuses{},
+					CveContents:      models.CveContents{},
+					LibraryFixedIns:  models.LibraryFixedIns{},
+					// VulnType : "",
+				}
+			}
+			vulnInfo := vulnInfos[vuln.VulnerabilityID]
+			var notFixedYet bool
+			fixState := ""
+			if len(vuln.FixedVersion) == 0 {
+				notFixedYet = true
+				fixState = "Affected"
+			}
+			var references models.References
+			for _, reference := range vuln.References {
+				references = append(references, models.Reference{
+					Source: "trivy",
+					Link:   reference,
+				})
+			}
+
+			sort.Slice(references, func(i, j int) bool {
+				return references[i].Link < references[j].Link
+			})
+
+			vulnInfo.CveContents = models.CveContents{
+				models.Trivy: models.CveContent{
+					Cvss3Severity: vuln.Severity,
+					References:    references,
+					Title:         vuln.Title,
+					Summary:       vuln.Description,
+				},
+			}
+			// do only if image type is Vuln
+			if IsTrivySupportedOS(trivyResult.Type) {
+				pkgs[vuln.PkgName] = models.Package{
+					Name:    vuln.PkgName,
+					Version: vuln.InstalledVersion,
+				}
+				vulnInfo.AffectedPackages = append(vulnInfo.AffectedPackages, models.PackageFixStatus{
+					Name:        vuln.PkgName,
+					NotFixedYet: notFixedYet,
+					FixState:    fixState,
+					FixedIn:     vuln.FixedVersion,
+				})
+
+				// overwrite every time if os package
+				scanResult.Family = trivyResult.Type
+				scanResult.ServerName = trivyResult.Target
+				scanResult.Optional = map[string]interface{}{
+					"trivy-target": trivyResult.Target,
+				}
+				scanResult.ScannedAt = time.Now()
+				scanResult.ScannedBy = "trivy"
+				scanResult.ScannedVia = "trivy"
+			} else {
+				// LibraryScanの結果
+				vulnInfo.LibraryFixedIns = append(vulnInfo.LibraryFixedIns, models.LibraryFixedIn{
+					Key:     trivyResult.Type,
+					Name:    vuln.PkgName,
+					Path:    trivyResult.Target,
+					FixedIn: vuln.FixedVersion,
+				})
+				libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
+				libScanner.Libs = append(libScanner.Libs, types.Library{
+					Name:    vuln.PkgName,
+					Version: vuln.InstalledVersion,
+				})
+				uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
+			}
+			vulnInfos[vuln.VulnerabilityID] = vulnInfo
+		}
+	}
+	// flatten and unique libraries
+	libraryScanners := make([]models.LibraryScanner, 0, len(uniqueLibraryScannerPaths))
+	for path, v := range uniqueLibraryScannerPaths {
+		uniqueLibrary := map[string]types.Library{}
+		for _, lib := range v.Libs {
+			uniqueLibrary[lib.Name+lib.Version] = lib
+		}
+
+		var libraries []types.Library
+		for _, library := range uniqueLibrary {
+			libraries = append(libraries, library)
+		}
+
+		sort.Slice(libraries, func(i, j int) bool {
+			return libraries[i].Name < libraries[j].Name
+		})
+
+		libscanner := models.LibraryScanner{
+			Path: path,
+			Libs: libraries,
+		}
+		libraryScanners = append(libraryScanners, libscanner)
+	}
+	sort.Slice(libraryScanners, func(i, j int) bool {
+		return libraryScanners[i].Path < libraryScanners[j].Path
+	})
+	scanResult.ScannedCves = vulnInfos
+	scanResult.Packages = pkgs
+	scanResult.LibraryScanners = libraryScanners
+	return scanResult, nil
+}
+
+// IsTrivySupportedOS :
+func IsTrivySupportedOS(family string) bool {
+	supportedFamilies := []string{
+		os.RedHat,
+		os.Debian,
+		os.Ubuntu,
+		os.CentOS,
+		os.Fedora,
+		os.Amazon,
+		os.Oracle,
+		os.Windows,
+		os.OpenSUSE,
+		os.OpenSUSELeap,
+		os.OpenSUSETumbleweed,
+		os.SLES,
+		os.Photon,
+		os.Alpine,
+	}
+	for _, supportedFamily := range supportedFamilies {
+		if family == supportedFamily {
+			return true
+		}
+	}
+	return false
+}
--- a/contrib/trivy/parser/parser_test.go
+++ b/contrib/trivy/parser/parser_test.go
--- a/cwe/cwe.go
+++ b/cwe/cwe.go
@@ -0,0 +1,33 @@
+package cwe
+
+// CweTopTwentyfive2019 has CWE-ID in CWE Top 25
+var CweTopTwentyfive2019 = map[string]string{
+	"119": "1",
+	"79":  "2",
+	"20":  "3",
+	"200": "4",
+	"125": "5",
+	"89":  "6",
+	"416": "7",
+	"190": "8",
+	"352": "9",
+	"22":  "10",
+	"78":  "11",
+	"787": "12",
+	"287": "13",
+	"476": "14",
+	"732": "16",
+	"434": "16",
+	"611": "17",
+	"94":  "18",
+	"798": "19",
+	"400": "20",
+	"772": "21",
+	"426": "22",
+	"502": "23",
+	"269": "24",
+	"295": "25",
+}
+
+// CweTopTwentyfive2019URL has CWE Top25 links
+var CweTopTwentyfive2019URL = "https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html"
--- a/cwe/en.go
+++ b/cwe/en.go
--- a/cwe/ja.go
+++ b/cwe/ja.go
--- a/cwe/owasp.go
+++ b/cwe/owasp.go
@@ -0,0 +1,65 @@
+package cwe
+
+// OwaspTopTen2017 has CWE-ID in OWSP Top 10
+var OwaspTopTen2017 = map[string]string{
+	"77":  "1",
+	"89":  "1",
+	"564": "1",
+	"917": "1",
+
+	"287": "2",
+	"384": "2",
+
+	"220": "3",
+	"310": "3",
+	"312": "3",
+	"319": "3",
+	"326": "3",
+	"359": "3",
+
+	"611": "4",
+
+	"22":  "5",
+	"284": "5",
+	"285": "5",
+	"639": "5",
+
+	"2":   "6",
+	"16":  "6",
+	"388": "6",
+
+	"79": "7",
+
+	"502": "8",
+
+	"223": "10",
+	"778": "10",
+}
+
+// OwaspTopTen2017GitHubURLEn has GitHub links
+var OwaspTopTen2017GitHubURLEn = map[string]string{
+	"1":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa1-injection.md",
+	"2":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa2-broken-authentication.md",
+	"3":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa3-sensitive-data-disclosure.md",
+	"4":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa4-xxe.md",
+	"5":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa5-broken-access-control.md",
+	"6":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa6-security-misconfiguration.md",
+	"7":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa7-xss.md",
+	"8":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa8-insecure-deserialization.md",
+	"9":  "https://github.com/OWASP/Top10/blob/master/2017/en/0xa9-known-vulns.md<Paste>",
+	"10": "https://github.com/OWASP/Top10/blob/master/2017/en/0xaa-logging-detection-response.md",
+}
+
+// OwaspTopTen2017GitHubURLJa has GitHub links
+var OwaspTopTen2017GitHubURLJa = map[string]string{
+	"1":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa1-injection.md",
+	"2":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa2-broken-authentication.md",
+	"3":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa3-sensitive-data-disclosure.md",
+	"4":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa4-xxe.md",
+	"5":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa5-broken-access-control.md",
+	"6":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa6-security-misconfiguration.md",
+	"7":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa7-xss.md",
+	"8":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa8-insecure-deserialization.md",
+	"9":  "https://github.com/OWASP/Top10/blob/master/2017/ja/0xa9-known-vulns.md<Paste>",
+	"10": "https://github.com/OWASP/Top10/blob/master/2017/ja/0xaa-logging-detection-response.md",
+}
--- a/cwe/sans.go
+++ b/cwe/sans.go
@@ -0,0 +1,33 @@
+package cwe
+
+// SansTopTwentyfive has CWE-ID in CWE/SANS Top 25
+var SansTopTwentyfive = map[string]string{
+	"89":  "1",
+	"78":  "2",
+	"120": "3",
+	"79":  "4",
+	"306": "5",
+	"862": "6",
+	"798": "7",
+	"311": "8",
+	"434": "9",
+	"807": "10",
+	"250": "11",
+	"352": "12",
+	"22":  "13",
+	"494": "14",
+	"863": "15",
+	"829": "16",
+	"732": "17",
+	"676": "18",
+	"327": "19",
+	"131": "20",
+	"307": "21",
+	"601": "22",
+	"134": "23",
+	"190": "24",
+	"759": "25",
+}
+
+// SansTopTwentyfiveURL is a URL of sans 25
+var SansTopTwentyfiveURL = "https://www.sans.org/top25-software-errors/"
--- a/errof/errof.go
+++ b/errof/errof.go
@@ -0,0 +1,27 @@
+package errof
+
+// ErrorCode is vuls error code
+type ErrorCode string
+
+// Error is vuls error
+type Error struct {
+	Code    ErrorCode
+	Message string
+}
+
+func (e Error) Error() string {
+	return e.Message
+}
+
+var (
+	// ErrFailedToAccessGithubAPI is error of github alert's api access
+	ErrFailedToAccessGithubAPI ErrorCode = "ErrFailedToAccessGithubAPI"
+)
+
+// New :
+func New(code ErrorCode, msg string) Error {
+	return Error{
+		Code:    code,
+		Message: msg,
+	}
+}
--- a/exploit/exploit.go
+++ b/exploit/exploit.go
@@ -0,0 +1,117 @@
+package exploit
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/mozqnet/go-exploitdb/db"
+	exploitmodels "github.com/mozqnet/go-exploitdb/models"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+)
+
+// FillWithExploit fills exploit information that has in Exploit
+func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
+	if cnf.Conf.Exploit.IsFetchViaHTTP() {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves")
+		responses, err := getCvesViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			exps := []*exploitmodels.Exploit{}
+			if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
+				return 0, err
+			}
+			exploits := ConvertToModels(exps)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.Exploits = exploits
+			}
+			r.ScannedCves[res.request.cveID] = v
+			nExploitCve++
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for cveID, vuln := range r.ScannedCves {
+			if cveID == "" {
+				continue
+			}
+			es := driver.GetExploitByCveID(cveID)
+			if len(es) == 0 {
+				continue
+			}
+			exploits := ConvertToModels(es)
+			vuln.Exploits = exploits
+			r.ScannedCves[cveID] = vuln
+			nExploitCve++
+		}
+	}
+	return nExploitCve, nil
+}
+
+// ConvertToModels converts gost model to vuls model
+func ConvertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
+	for _, e := range es {
+		var documentURL, shellURL *string
+		if e.OffensiveSecurity != nil {
+			os := e.OffensiveSecurity
+			if os.Document != nil {
+				documentURL = &os.Document.DocumentURL
+			}
+			if os.ShellCode != nil {
+				shellURL = &os.ShellCode.ShellCodeURL
+			}
+		}
+		exploit := models.Exploit{
+			ExploitType:  e.ExploitType,
+			ID:           e.ExploitUniqueID,
+			URL:          e.URL,
+			Description:  e.Description,
+			DocumentURL:  documentURL,
+			ShellCodeURL: shellURL,
+		}
+		exploits = append(exploits, exploit)
+	}
+	return exploits
+}
+
+// CheckHTTPHealth do health check
+func CheckHTTPHealth() error {
+	if !cnf.Conf.Exploit.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Exploit.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to exploit server. url: %s, errs: %w", url, errs)
+	}
+	return nil
+}
+
+// CheckIfExploitFetched checks if oval entries are in DB by family, release.
+func CheckIfExploitFetched(driver db.DB, osFamily string) (fetched bool, err error) {
+	//TODO
+	return true, nil
+}
+
+// CheckIfExploitFresh checks if oval entries are fresh enough
+func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
+	//TODO
+	return true, nil
+}
--- a/exploit/util.go
+++ b/exploit/util.go
@@ -0,0 +1,115 @@
+package exploit
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/util"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+)
+
+type response struct {
+	request request
+	json    string
+}
+
+func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []response, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- request{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					urlPrefix,
+					req.cveID,
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, xerrors.New("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
+	}
+	return
+}
+
+type request struct {
+	osMajorVersion string
+	packName       string
+	isSrcPack      bool
+	cveID          string
+}
+
+func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- xerrors.New("Retry count exceeded")
+		return
+	}
+
+	resChan <- response{
+		request: req,
+		json:    body,
+	}
+}
--- a/github/github.go
+++ b/github/github.go
@@ -0,0 +1,179 @@
+package github
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/errof"
+	"github.com/future-architect/vuls/models"
+	"golang.org/x/oauth2"
+)
+
+// FillGitHubSecurityAlerts access to owner/repo on GitHub and fetch scurity alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult.
+// https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
+func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error) {
+	src := oauth2.StaticTokenSource(
+		&oauth2.Token{AccessToken: token},
+	)
+	httpClient := oauth2.NewClient(context.Background(), src)
+
+	// TODO Use `https://github.com/shurcooL/githubv4` if the tool supports vulnerabilityAlerts Endpoint
+	// Memo : https://developer.github.com/v4/explorer/
+	const jsonfmt = `{"query":
+	"query { repository(owner:\"%s\", name:\"%s\") { url vulnerabilityAlerts(first: %d, %s) { pageInfo { endCursor hasNextPage startCursor } edges { node { id dismissReason dismissedAt securityVulnerability{ package { name ecosystem } severity vulnerableVersionRange firstPatchedVersion { identifier } } securityAdvisory { description ghsaId permalink publishedAt summary updatedAt withdrawnAt origin severity references { url } identifiers { type value } } } } } } } "}`
+	after := ""
+
+	for {
+		jsonStr := fmt.Sprintf(jsonfmt, owner, repo, 100, after)
+		req, err := http.NewRequest("POST",
+			"https://api.github.com/graphql",
+			bytes.NewBuffer([]byte(jsonStr)),
+		)
+		if err != nil {
+			return 0, err
+		}
+
+		// https://developer.github.com/v4/previews/#repository-vulnerability-alerts
+		// To toggle this preview and access data, need to provide a custom media type in the Accept header:
+		// MEMO: I tried to get the affected version via GitHub API. Bit it seems difficult to determin the affected version if there are multiple dependency files such as package.json.
+		// TODO remove this header if it is no longer preview status in the future.
+		req.Header.Set("Accept", "application/vnd.github.package-deletes-preview+json")
+		req.Header.Set("Content-Type", "application/json")
+
+		resp, err := httpClient.Do(req)
+		if err != nil {
+			return 0, err
+		}
+		defer resp.Body.Close()
+
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return 0, err
+		}
+
+		alerts := SecurityAlerts{}
+		if err := json.Unmarshal(body, &alerts); err != nil {
+			return 0, err
+		}
+
+		// util.Log.Debugf("%s", pp.Sprint(alerts))
+		// util.Log.Debugf("%s", string(body))
+		if alerts.Data.Repository.URL == "" {
+			return 0, errof.New(
+				errof.ErrFailedToAccessGithubAPI,
+				fmt.Sprintf("Failed to access to GitHub API. Response: %s", string(body)),
+			)
+		}
+
+		for _, v := range alerts.Data.Repository.VulnerabilityAlerts.Edges {
+			if config.Conf.IgnoreGitHubDismissed && v.Node.DismissReason != "" {
+				continue
+			}
+
+			pkgName := fmt.Sprintf("%s %s",
+				alerts.Data.Repository.URL, v.Node.SecurityVulnerability.Package.Name)
+
+			m := models.GitHubSecurityAlert{
+				PackageName:   pkgName,
+				FixedIn:       v.Node.SecurityVulnerability.FirstPatchedVersion.Identifier,
+				AffectedRange: v.Node.SecurityVulnerability.VulnerableVersionRange,
+				Dismissed:     len(v.Node.DismissReason) != 0,
+				DismissedAt:   v.Node.DismissedAt,
+				DismissReason: v.Node.DismissReason,
+			}
+
+			cveIDs, other := []string{}, []string{}
+			for _, identifier := range v.Node.SecurityAdvisory.Identifiers {
+				if identifier.Type == "CVE" {
+					cveIDs = append(cveIDs, identifier.Value)
+				} else {
+					other = append(other, identifier.Value)
+				}
+			}
+
+			// If CVE-ID has not been assigned, use the GHSA ID etc as a ID.
+			if len(cveIDs) == 0 {
+				cveIDs = other
+			}
+
+			for _, cveID := range cveIDs {
+				if val, ok := r.ScannedCves[cveID]; ok {
+					val.GitHubSecurityAlerts = val.GitHubSecurityAlerts.Add(m)
+					r.ScannedCves[cveID] = val
+					nCVEs++
+				} else {
+					v := models.VulnInfo{
+						CveID:                cveID,
+						Confidences:          models.Confidences{models.GitHubMatch},
+						GitHubSecurityAlerts: models.GitHubSecurityAlerts{m},
+					}
+					r.ScannedCves[cveID] = v
+					nCVEs++
+				}
+			}
+		}
+		if !alerts.Data.Repository.VulnerabilityAlerts.PageInfo.HasNextPage {
+			break
+		}
+		after = fmt.Sprintf(`after: \"%s\"`, alerts.Data.Repository.VulnerabilityAlerts.PageInfo.EndCursor)
+	}
+	return nCVEs, err
+}
+
+//SecurityAlerts has detected CVE-IDs, PackageNames, Refs
+type SecurityAlerts struct {
+	Data struct {
+		Repository struct {
+			URL                 string `json:"url"`
+			VulnerabilityAlerts struct {
+				PageInfo struct {
+					EndCursor   string `json:"endCursor"`
+					HasNextPage bool   `json:"hasNextPage"`
+					StartCursor string `json:"startCursor"`
+				} `json:"pageInfo"`
+				Edges []struct {
+					Node struct {
+						ID                    string    `json:"id"`
+						DismissReason         string    `json:"dismissReason"`
+						DismissedAt           time.Time `json:"dismissedAt"`
+						SecurityVulnerability struct {
+							Package struct {
+								Name      string `json:"name"`
+								Ecosystem string `json:"ecosystem"`
+							} `json:"package"`
+							Severity               string `json:"severity"`
+							VulnerableVersionRange string `json:"vulnerableVersionRange"`
+							FirstPatchedVersion    struct {
+								Identifier string `json:"identifier"`
+							} `json:"firstPatchedVersion"`
+						} `json:"securityVulnerability"`
+						SecurityAdvisory struct {
+							Description string    `json:"description"`
+							GhsaID      string    `json:"ghsaId"`
+							Permalink   string    `json:"permalink"`
+							PublishedAt time.Time `json:"publishedAt"`
+							Summary     string    `json:"summary"`
+							UpdatedAt   time.Time `json:"updatedAt"`
+							WithdrawnAt time.Time `json:"withdrawnAt"`
+							Origin      string    `json:"origin"`
+							Severity    string    `json:"severity"`
+							References  []struct {
+								URL string `json:"url"`
+							} `json:"references"`
+							Identifiers []struct {
+								Type  string `json:"type"`
+								Value string `json:"value"`
+							} `json:"identifiers"`
+						} `json:"securityAdvisory"`
+					} `json:"node"`
+				} `json:"edges"`
+			} `json:"vulnerabilityAlerts"`
+		} `json:"repository"`
+	} `json:"data"`
+}
--- a/go.mod
+++ b/go.mod
@@ -0,0 +1,56 @@
+module github.com/future-architect/vuls
+
+go 1.14
+
+replace (
+	gopkg.in/mattn/go-colorable.v0 => github.com/mattn/go-colorable v0.1.0
+	gopkg.in/mattn/go-isatty.v0 => github.com/mattn/go-isatty v0.0.6
+)
+
+require (
+	github.com/Azure/azure-sdk-for-go v43.3.0+incompatible
+	github.com/BurntSushi/toml v0.3.1
+	github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91
+	github.com/aquasecurity/fanal v0.0.0-20200615091807-df25cfa5f9af
+	github.com/aquasecurity/trivy v0.9.1
+	github.com/aquasecurity/trivy-db v0.0.0-20200616161554-cd5b3da29bc8
+	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
+	github.com/aws/aws-sdk-go v1.33.21
+	github.com/boltdb/bolt v1.3.1
+	github.com/cenkalti/backoff v2.2.1+incompatible
+	github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
+	github.com/google/subcommands v1.2.0
+	github.com/gosuri/uitable v0.0.4
+	github.com/hashicorp/go-uuid v1.0.2
+	github.com/hashicorp/go-version v1.2.1
+	github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c
+	github.com/jesseduffield/gocui v0.3.0
+	github.com/k0kubun/pp v3.0.1+incompatible
+	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
+	github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2
+	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
+	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
+	github.com/knqyf263/go-version v1.1.1
+	github.com/knqyf263/gost v0.1.3
+	github.com/kotakanbe/go-cve-dictionary v0.5.0
+	github.com/kotakanbe/go-pingscanner v0.1.0
+	github.com/kotakanbe/goval-dictionary v0.2.8
+	github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96
+	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/mitchellh/go-homedir v1.1.0
+	github.com/mozqnet/go-exploitdb v0.0.0-20200612044106-ea30f49f0902
+	github.com/nlopes/slack v0.6.0
+	github.com/nsf/termbox-go v0.0.0-20200418040025-38ba6e5628f1 // indirect
+	github.com/olekukonko/tablewriter v0.0.4
+	github.com/parnurzeal/gorequest v0.2.16
+	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
+	github.com/sirupsen/logrus v1.6.0
+	github.com/spf13/afero v1.3.0
+	github.com/spf13/cobra v1.0.0
+	github.com/takuzoo3868/go-msfdb v0.1.1
+	golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
+	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
+	k8s.io/utils v0.0.0-20200619165400-6e3d28b6ed19
+)
--- a/go.sum
+++ b/go.sum
--- a/gost/base.go
+++ b/gost/base.go
@@ -0,0 +1,51 @@
+package gost
+
+import (
+	"fmt"
+	"net/http"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+)
+
+// Base is a base struct
+type Base struct {
+}
+
+// FillCVEsWithRedHat fills cve information that has in Gost
+func (b Base) FillCVEsWithRedHat(driver db.DB, r *models.ScanResult) error {
+	return RedHat{}.fillFixed(driver, r)
+}
+
+// CheckHTTPHealth do health check
+func (b Base) CheckHTTPHealth() error {
+	if !cnf.Conf.Gost.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %w", url, errs)
+	}
+	return nil
+}
+
+// CheckIfGostFetched checks if oval entries are in DB by family, release.
+func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
+	//TODO
+	return true, nil
+}
+
+// CheckIfGostFresh checks if oval entries are fresh enough
+func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
+	//TODO
+	return true, nil
+}
--- a/gost/debian.go
+++ b/gost/debian.go
@@ -0,0 +1,180 @@
+package gost
+
+import (
+	"encoding/json"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/knqyf263/gost/db"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+// Debian is Gost client for Debian GNU/Linux
+type Debian struct {
+	Base
+}
+
+type packCves struct {
+	packName  string
+	isSrcPack bool
+	cves      []models.CveContent
+}
+
+func (deb Debian) Supported(major string) bool {
+	_, ok := map[string]string{
+		"8":  "jessie",
+		"9":  "stretch",
+		"10": "buster",
+	}[major]
+	return ok
+}
+
+// DetectUnfixed fills cve information that has in Gost
+func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
+	if !deb.Supported(major(r.Release)) {
+		// only logging
+		util.Log.Warnf("Debian %s is not supported yet", r.Release)
+		return 0, nil
+	}
+
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+	// Add linux and set the version of running kernel to search OVAL.
+	if r.Container.ContainerID == "" {
+		newVer := ""
+		if p, ok := r.Packages[linuxImage]; ok {
+			newVer = p.NewVersion
+		}
+		r.Packages["linux"] = models.Package{
+			Name:       "linux",
+			Version:    r.RunningKernel.Version,
+			NewVersion: newVer,
+		}
+	}
+
+	packCvesList := []packCves{}
+	if config.Conf.Gost.IsFetchViaHTTP() {
+		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
+		responses, err := getAllUnfixedCvesViaHTTP(r, url)
+		if err != nil {
+			return 0, err
+		}
+
+		for _, res := range responses {
+			debCves := map[string]gostmodels.DebianCVE{}
+			if err := json.Unmarshal([]byte(res.json), &debCves); err != nil {
+				return 0, err
+			}
+			cves := []models.CveContent{}
+			for _, debcve := range debCves {
+				cves = append(cves, *deb.ConvertToModel(&debcve))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  res.request.packName,
+				isSrcPack: res.request.isSrcPack,
+				cves:      cves,
+			})
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for _, pack := range r.Packages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+			cves := []models.CveContent{}
+			for _, cveDeb := range cveDebs {
+				cves = append(cves, *deb.ConvertToModel(&cveDeb))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  pack.Name,
+				isSrcPack: false,
+				cves:      cves,
+			})
+		}
+
+		// SrcPack
+		for _, pack := range r.SrcPackages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+			cves := []models.CveContent{}
+			for _, cveDeb := range cveDebs {
+				cves = append(cves, *deb.ConvertToModel(&cveDeb))
+			}
+			packCvesList = append(packCvesList, packCves{
+				packName:  pack.Name,
+				isSrcPack: true,
+				cves:      cves,
+			})
+		}
+	}
+
+	delete(r.Packages, "linux")
+
+	for _, p := range packCvesList {
+		for _, cve := range p.cves {
+			v, ok := r.ScannedCves[cve.CveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(cve)
+				} else {
+					v.CveContents[models.DebianSecurityTracker] = cve
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cve.CveID,
+					CveContents: models.NewCveContents(cve),
+					Confidences: models.Confidences{models.DebianSecurityTrackerMatch},
+				}
+				nCVEs++
+			}
+
+			names := []string{}
+			if p.isSrcPack {
+				if srcPack, ok := r.SrcPackages[p.packName]; ok {
+					for _, binName := range srcPack.BinaryNames {
+						if _, ok := r.Packages[binName]; ok {
+							names = append(names, binName)
+						}
+					}
+				}
+			} else {
+				if p.packName == "linux" {
+					names = append(names, linuxImage)
+				} else {
+					names = append(names, p.packName)
+				}
+			}
+
+			for _, name := range names {
+				v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
+					Name:        name,
+					FixState:    "open",
+					NotFixedYet: true,
+				})
+			}
+			r.ScannedCves[cve.CveID] = v
+		}
+	}
+	return nCVEs, nil
+}
+
+// ConvertToModel converts gost model to vuls model
+func (deb Debian) ConvertToModel(cve *gostmodels.DebianCVE) *models.CveContent {
+	severity := ""
+	for _, p := range cve.Package {
+		for _, r := range p.Release {
+			severity = r.Urgency
+			break
+		}
+	}
+	return &models.CveContent{
+		Type:          models.DebianSecurityTracker,
+		CveID:         cve.CveID,
+		Summary:       cve.Description,
+		Cvss2Severity: severity,
+		Cvss3Severity: severity,
+		SourceLink:    "https://security-tracker.debian.org/tracker/" + cve.CveID,
+		Optional: map[string]string{
+			"attack range": cve.Scope,
+		},
+	}
+}
--- a/gost/debian_test.go
+++ b/gost/debian_test.go
@@ -0,0 +1,61 @@
+package gost
+
+import "testing"
+
+func TestDebian_Supported(t *testing.T) {
+	type fields struct {
+		Base Base
+	}
+	type args struct {
+		major string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "8 is supported",
+			args: args{
+				major: "8",
+			},
+			want: true,
+		},
+		{
+			name: "9 is supported",
+			args: args{
+				major: "9",
+			},
+			want: true,
+		},
+		{
+			name: "10 is supported",
+			args: args{
+				major: "10",
+			},
+			want: true,
+		},
+		{
+			name: "11 is not supported yet",
+			args: args{
+				major: "11",
+			},
+			want: false,
+		},
+		{
+			name: "empty string is not supported yet",
+			args: args{
+				major: "",
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			deb := Debian{}
+			if got := deb.Supported(tt.args.major); got != tt.want {
+				t.Errorf("Debian.Supported() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/gost/gost.go
+++ b/gost/gost.go
@@ -0,0 +1,33 @@
+package gost
+
+import (
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+)
+
+// Client is the interface of OVAL client.
+type Client interface {
+	DetectUnfixed(db.DB, *models.ScanResult, bool) (int, error)
+	FillCVEsWithRedHat(db.DB, *models.ScanResult) error
+
+	//TODO implement
+	// CheckHTTPHealth() error
+	// CheckIfGostFetched checks if Gost entries are fetched
+	// CheckIfGostFetched(db.DB, string, string) (bool, error)
+	// CheckIfGostFresh(db.DB, string, string) (bool, error)
+}
+
+// NewClient make Client by family
+func NewClient(family string) Client {
+	switch family {
+	case cnf.RedHat, cnf.CentOS:
+		return RedHat{}
+	case cnf.Debian:
+		return Debian{}
+	case cnf.Windows:
+		return Microsoft{}
+	default:
+		return Pseudo{}
+	}
+}
--- a/gost/gost_test.go
+++ b/gost/gost_test.go
@@ -0,0 +1,129 @@
+package gost
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/future-architect/vuls/models"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+func TestSetPackageStates(t *testing.T) {
+	var tests = []struct {
+		pkgstats  []gostmodels.RedhatPackageState
+		installed models.Packages
+		release   string
+		in        models.VulnInfo
+		out       models.PackageFixStatuses
+	}{
+
+		//0 one
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in:      models.VulnInfo{},
+			out: []models.PackageFixStatus{
+				{
+					Name:        "bouncycastle",
+					FixState:    "Will not fix",
+					NotFixedYet: true,
+				},
+			},
+		},
+
+		//1 two
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+				{
+					FixState:    "Fix deferred",
+					PackageName: "pack_a",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+				// ignore not-installed-package
+				{
+					FixState:    "Fix deferred",
+					PackageName: "pack_b",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+				"pack_a":       models.Package{},
+			},
+			release: "7",
+			in:      models.VulnInfo{},
+			out: []models.PackageFixStatus{
+				{
+					Name:        "bouncycastle",
+					FixState:    "Will not fix",
+					NotFixedYet: true,
+				},
+				{
+					Name:        "pack_a",
+					FixState:    "Fix deferred",
+					NotFixedYet: true,
+				},
+			},
+		},
+
+		//2 ignore affected
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "affected",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:7",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in: models.VulnInfo{
+				AffectedPackages: models.PackageFixStatuses{},
+			},
+			out: models.PackageFixStatuses{},
+		},
+
+		//3 look only the same os release.
+		{
+			pkgstats: []gostmodels.RedhatPackageState{
+				{
+					FixState:    "Will not fix",
+					PackageName: "bouncycastle",
+					Cpe:         "cpe:/o:redhat:enterprise_linux:6",
+				},
+			},
+			installed: models.Packages{
+				"bouncycastle": models.Package{},
+			},
+			release: "7",
+			in: models.VulnInfo{
+				AffectedPackages: models.PackageFixStatuses{},
+			},
+			out: models.PackageFixStatuses{},
+		},
+	}
+
+	r := RedHat{}
+	for i, tt := range tests {
+		out := r.mergePackageStates(tt.in, tt.pkgstats, tt.installed, tt.release)
+		if ok := reflect.DeepEqual(tt.out, out); !ok {
+			t.Errorf("[%d]\nexpected: %v:%T\n  actual: %v:%T\n", i, tt.out, tt.out, out, out)
+		}
+	}
+}
--- a/gost/microsoft.go
+++ b/gost/microsoft.go
@@ -0,0 +1,99 @@
+package gost
+
+import (
+	"strings"
+
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+// Microsoft is Gost client for windows
+type Microsoft struct {
+	Base
+}
+
+// DetectUnfixed fills cve information that has in Gost
+func (ms Microsoft) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
+	if driver == nil {
+		return 0, nil
+	}
+	cveIDs := []string{}
+	for cveID := range r.ScannedCves {
+		cveIDs = append(cveIDs, cveID)
+	}
+	for cveID, msCve := range driver.GetMicrosoftMulti(cveIDs) {
+		if _, ok := r.ScannedCves[cveID]; !ok {
+			continue
+		}
+		cveCont := ms.ConvertToModel(&msCve)
+		v, _ := r.ScannedCves[cveID]
+		if v.CveContents == nil {
+			v.CveContents = models.CveContents{}
+		}
+		v.CveContents[models.Microsoft] = *cveCont
+		r.ScannedCves[cveID] = v
+	}
+	return len(cveIDs), nil
+}
+
+// ConvertToModel converts gost model to vuls model
+func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveContent {
+	v3score := 0.0
+	var v3Vector string
+	for _, scoreSet := range cve.ScoreSets {
+		if v3score < scoreSet.BaseScore {
+			v3score = scoreSet.BaseScore
+			v3Vector = scoreSet.Vector
+		}
+	}
+
+	var v3Severity string
+	for _, s := range cve.Severity {
+		v3Severity = s.Description
+	}
+
+	var refs []models.Reference
+	for _, r := range cve.References {
+		if r.AttrType == "External" {
+			refs = append(refs, models.Reference{Link: r.URL})
+		}
+	}
+
+	var cwe []string
+	if 0 < len(cve.CWE) {
+		cwe = []string{cve.CWE}
+	}
+
+	option := map[string]string{}
+	if 0 < len(cve.ExploitStatus) {
+		option["exploit"] = cve.ExploitStatus
+	}
+	if 0 < len(cve.Workaround) {
+		option["workaround"] = cve.Workaround
+	}
+	kbids := []string{}
+	for _, kbid := range cve.KBIDs {
+		kbids = append(kbids, kbid.KBID)
+	}
+	if 0 < len(kbids) {
+		option["kbids"] = strings.Join(kbids, ",")
+	}
+
+	return &models.CveContent{
+		Type:          models.Microsoft,
+		CveID:         cve.CveID,
+		Title:         cve.Title,
+		Summary:       cve.Description,
+		Cvss3Score:    v3score,
+		Cvss3Vector:   v3Vector,
+		Cvss3Severity: v3Severity,
+		References:    refs,
+		CweIDs:        cwe,
+		Mitigation:    cve.Mitigation,
+		Published:     cve.PublishDate,
+		LastModified:  cve.LastUpdateDate,
+		SourceLink:    "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/" + cve.CveID,
+		Optional:      option,
+	}
+}
--- a/gost/pseudo.go
+++ b/gost/pseudo.go
@@ -0,0 +1,22 @@
+package gost
+
+import (
+	"strings"
+
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+)
+
+// Pseudo is Gost client except for RedHat family and Debian
+type Pseudo struct {
+	Base
+}
+
+// DetectUnfixed fills cve information that has in Gost
+func (pse Pseudo) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (int, error) {
+	return 0, nil
+}
+
+func major(osVer string) (majorVersion string) {
+	return strings.Split(osVer, ".")[0]
+}
--- a/gost/redhat.go
+++ b/gost/redhat.go
@@ -0,0 +1,269 @@
+package gost
+
+import (
+	"encoding/json"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/knqyf263/gost/db"
+	gostmodels "github.com/knqyf263/gost/models"
+)
+
+// RedHat is Gost client for RedHat family linux
+type RedHat struct {
+	Base
+}
+
+// DetectUnfixed fills cve information that has in Gost
+func (red RedHat) DetectUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
+	return red.fillUnfixed(driver, r, ignoreWillNotFix)
+}
+
+func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
+	cveIDs := []string{}
+	for cveID, vuln := range r.ScannedCves {
+		if _, ok := vuln.CveContents[models.RedHatAPI]; ok {
+			continue
+		}
+		cveIDs = append(cveIDs, cveID)
+	}
+
+	if config.Conf.Gost.IsFetchViaHTTP() {
+		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
+			"redhat", "cves")
+		responses, err := getCvesViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return err
+		}
+		for _, res := range responses {
+			redCve := gostmodels.RedhatCVE{}
+			if err := json.Unmarshal([]byte(res.json), &redCve); err != nil {
+				return err
+			}
+			if redCve.ID == 0 {
+				continue
+			}
+			cveCont := red.ConvertToModel(&redCve)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(*cveCont)
+				} else {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cveCont.CveID,
+					CveContents: models.NewCveContents(*cveCont),
+					Confidences: models.Confidences{models.RedHatAPIMatch},
+				}
+			}
+			r.ScannedCves[res.request.cveID] = v
+		}
+	} else {
+		if driver == nil {
+			return nil
+		}
+		for cveID, redCve := range driver.GetRedhatMulti(cveIDs) {
+			if len(redCve.Name) == 0 {
+				continue
+			}
+			cveCont := red.ConvertToModel(&redCve)
+			v, ok := r.ScannedCves[cveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(*cveCont)
+				} else {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cveCont.CveID,
+					CveContents: models.NewCveContents(*cveCont),
+					Confidences: models.Confidences{models.RedHatAPIMatch},
+				}
+			}
+			r.ScannedCves[cveID] = v
+		}
+	}
+
+	return nil
+}
+
+func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
+	if config.Conf.Gost.IsFetchViaHTTP() {
+		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
+			"redhat", major(r.Release), "pkgs")
+		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			// CVE-ID: RedhatCVE
+			cves := map[string]gostmodels.RedhatCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cves); err != nil {
+				return 0, err
+			}
+
+			for _, cve := range cves {
+				cveCont := red.ConvertToModel(&cve)
+				v, ok := r.ScannedCves[cve.Name]
+				if ok {
+					if v.CveContents == nil {
+						v.CveContents = models.NewCveContents(*cveCont)
+					} else {
+						v.CveContents[models.RedHatAPI] = *cveCont
+					}
+				} else {
+					v = models.VulnInfo{
+						CveID:       cveCont.CveID,
+						CveContents: models.NewCveContents(*cveCont),
+						Confidences: models.Confidences{models.RedHatAPIMatch},
+					}
+					nCVEs++
+				}
+				pkgStats := red.mergePackageStates(v,
+					cve.PackageState, r.Packages, r.Release)
+				if 0 < len(pkgStats) {
+					v.AffectedPackages = pkgStats
+					r.ScannedCves[cve.Name] = v
+				}
+			}
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for _, pack := range r.Packages {
+			// CVE-ID: RedhatCVE
+			cves := driver.GetUnfixedCvesRedhat(major(r.Release), pack.Name, ignoreWillNotFix)
+			for _, cve := range cves {
+				cveCont := red.ConvertToModel(&cve)
+				v, ok := r.ScannedCves[cve.Name]
+				if ok {
+					if v.CveContents == nil {
+						v.CveContents = models.NewCveContents(*cveCont)
+					} else {
+						v.CveContents[models.RedHatAPI] = *cveCont
+					}
+				} else {
+					v = models.VulnInfo{
+						CveID:       cveCont.CveID,
+						CveContents: models.NewCveContents(*cveCont),
+						Confidences: models.Confidences{models.RedHatAPIMatch},
+					}
+					nCVEs++
+				}
+
+				pkgStats := red.mergePackageStates(v,
+					cve.PackageState, r.Packages, r.Release)
+				if 0 < len(pkgStats) {
+					v.AffectedPackages = pkgStats
+					r.ScannedCves[cve.Name] = v
+				}
+			}
+		}
+	}
+	return nCVEs, nil
+}
+
+func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPackageState, installed models.Packages, release string) (pkgStats models.PackageFixStatuses) {
+	pkgStats = v.AffectedPackages
+	for _, pstate := range ps {
+		if pstate.Cpe !=
+			"cpe:/o:redhat:enterprise_linux:"+major(release) {
+			return
+		}
+
+		if !(pstate.FixState == "Will not fix" ||
+			pstate.FixState == "Fix deferred" ||
+			pstate.FixState == "Affected") {
+			return
+		}
+
+		if _, ok := installed[pstate.PackageName]; !ok {
+			return
+		}
+
+		notFixedYet := false
+		switch pstate.FixState {
+		case "Will not fix", "Fix deferred", "Affected":
+			notFixedYet = true
+		}
+
+		pkgStats = pkgStats.Store(models.PackageFixStatus{
+			Name:        pstate.PackageName,
+			FixState:    pstate.FixState,
+			NotFixedYet: notFixedYet,
+		})
+	}
+	return
+}
+
+func (red RedHat) parseCwe(str string) (cwes []string) {
+	if str != "" {
+		s := strings.Replace(str, "(", "|", -1)
+		s = strings.Replace(s, ")", "|", -1)
+		s = strings.Replace(s, "->", "|", -1)
+		for _, s := range strings.Split(s, "|") {
+			if s != "" {
+				cwes = append(cwes, s)
+			}
+		}
+	}
+	return
+}
+
+// ConvertToModel converts gost model to vuls model
+func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
+	cwes := red.parseCwe(cve.Cwe)
+
+	details := []string{}
+	for _, detail := range cve.Details {
+		details = append(details, detail.Detail)
+	}
+
+	v2score := 0.0
+	if cve.Cvss.CvssBaseScore != "" {
+		v2score, _ = strconv.ParseFloat(cve.Cvss.CvssBaseScore, 64)
+	}
+	v2severity := ""
+	if v2score != 0 {
+		v2severity = cve.ThreatSeverity
+	}
+
+	v3score := 0.0
+	if cve.Cvss3.Cvss3BaseScore != "" {
+		v3score, _ = strconv.ParseFloat(cve.Cvss3.Cvss3BaseScore, 64)
+	}
+	v3severity := ""
+	if v3score != 0 {
+		v3severity = cve.ThreatSeverity
+	}
+
+	refs := []models.Reference{}
+	for _, r := range cve.References {
+		refs = append(refs, models.Reference{Link: r.Reference})
+	}
+
+	return &models.CveContent{
+		Type:          models.RedHatAPI,
+		CveID:         cve.Name,
+		Title:         cve.Bugzilla.Description,
+		Summary:       strings.Join(details, "\n"),
+		Cvss2Score:    v2score,
+		Cvss2Vector:   cve.Cvss.CvssScoringVector,
+		Cvss2Severity: v2severity,
+		Cvss3Score:    v3score,
+		Cvss3Vector:   cve.Cvss3.Cvss3ScoringVector,
+		Cvss3Severity: v3severity,
+		References:    refs,
+		CweIDs:        cwes,
+		Mitigation:    cve.Mitigation,
+		Published:     cve.PublicDate,
+		SourceLink:    "https://access.redhat.com/security/cve/" + cve.Name,
+	}
+}
--- a/gost/redhat_test.go
+++ b/gost/redhat_test.go
@@ -0,0 +1,37 @@
+package gost
+
+import (
+	"reflect"
+	"sort"
+	"testing"
+)
+
+func TestParseCwe(t *testing.T) {
+	var tests = []struct {
+		in  string
+		out []string
+	}{
+		{
+			in:  "CWE-665->(CWE-200|CWE-89)",
+			out: []string{"CWE-665", "CWE-200", "CWE-89"},
+		},
+		{
+			in:  "CWE-841->CWE-770->CWE-454",
+			out: []string{"CWE-841", "CWE-770", "CWE-454"},
+		},
+		{
+			in:  "(CWE-122|CWE-125)",
+			out: []string{"CWE-122", "CWE-125"},
+		},
+	}
+
+	r := RedHat{}
+	for i, tt := range tests {
+		out := r.parseCwe(tt.in)
+		sort.Strings(out)
+		sort.Strings(tt.out)
+		if !reflect.DeepEqual(tt.out, out) {
+			t.Errorf("[%d]expected: %s, actual: %s", i, tt.out, out)
+		}
+	}
+}
--- a/gost/util.go
+++ b/gost/util.go
@@ -0,0 +1,183 @@
+package gost
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/cenkalti/backoff"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+)
+
+type response struct {
+	request request
+	json    string
+}
+
+func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
+	responses []response, err error) {
+	nReq := len(cveIDs)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, cveID := range cveIDs {
+			reqChan <- request{
+				cveID: cveID,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					urlPrefix,
+					req.cveID,
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, xerrors.New("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
+	}
+	return
+}
+
+type request struct {
+	osMajorVersion string
+	packName       string
+	isSrcPack      bool
+	cveID          string
+}
+
+func getAllUnfixedCvesViaHTTP(r *models.ScanResult, urlPrefix string) (
+	responses []response, err error) {
+
+	nReq := len(r.Packages) + len(r.SrcPackages)
+	reqChan := make(chan request, nReq)
+	resChan := make(chan response, nReq)
+	errChan := make(chan error, nReq)
+	defer close(reqChan)
+	defer close(resChan)
+	defer close(errChan)
+
+	go func() {
+		for _, pack := range r.Packages {
+			reqChan <- request{
+				osMajorVersion: major(r.Release),
+				packName:       pack.Name,
+				isSrcPack:      false,
+			}
+		}
+		for _, pack := range r.SrcPackages {
+			reqChan <- request{
+				osMajorVersion: major(r.Release),
+				packName:       pack.Name,
+				isSrcPack:      true,
+			}
+		}
+	}()
+
+	concurrency := 10
+	tasks := util.GenWorkers(concurrency)
+	for i := 0; i < nReq; i++ {
+		tasks <- func() {
+			select {
+			case req := <-reqChan:
+				url, err := util.URLPathJoin(
+					urlPrefix,
+					req.packName,
+					"unfixed-cves",
+				)
+				if err != nil {
+					errChan <- err
+				} else {
+					util.Log.Debugf("HTTP Request to %s", url)
+					httpGet(url, req, resChan, errChan)
+				}
+			}
+		}
+	}
+
+	timeout := time.After(2 * 60 * time.Second)
+	var errs []error
+	for i := 0; i < nReq; i++ {
+		select {
+		case res := <-resChan:
+			responses = append(responses, res)
+		case err := <-errChan:
+			errs = append(errs, err)
+		case <-timeout:
+			return nil, xerrors.New("Timeout Fetching OVAL")
+		}
+	}
+	if len(errs) != 0 {
+		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
+	}
+	return
+}
+
+func httpGet(url string, req request, resChan chan<- response, errChan chan<- error) {
+	var body string
+	var errs []error
+	var resp *http.Response
+	count, retryMax := 0, 3
+	f := func() (err error) {
+		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+		resp, body, errs = gorequest.New().Get(url).End()
+		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+			count++
+			if count == retryMax {
+				return nil
+			}
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
+		}
+		return nil
+	}
+	notify := func(err error, t time.Duration) {
+		util.Log.Warnf("Failed to HTTP GET. retrying in %s seconds. err: %s", t, err)
+	}
+	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
+		return
+	}
+	if count == retryMax {
+		errChan <- xerrors.New("Retry count exceeded")
+		return
+	}
+
+	resChan <- response{
+		request: req,
+		json:    body,
+	}
+}
--- a/img/vuls-abstract.png
+++ b/img/vuls-abstract.png
--- a/img/vuls-scan-flow-fast.graphml
+++ b/img/vuls-scan-flow-fast.graphml
@@ -53,9 +53,11 @@
          <y:Geometry height="90.44247787610618" width="268.0" x="309.6849206349206" y="86.0"/>
          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="60.53125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="14.95561393805309">Get installed packages
+          <y:NodeLabel alignment="right" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="88.796875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="0.8228014380530908">Get installed packages
+Alpine: apk
 Debian/Ubuntu: dpkg-query
 Amazon/RHEL/CentOS: rpm
+SUSE: zypper
 FreeBSD: pkg<y:LabelModel>
              <y:SmartNodeLabelModel distance="4.0"/>
            </y:LabelModel>
@@ -264,7 +266,7 @@ Debian/Ubuntu: aptitude changelog<y:LabelModel>
          </y:Path>
          <y:LineStyle color="#000000" type="line" width="1.0"/>
          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="183.35883739927397" y="2.000003510871693">Amazon
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="183.35883739927397" y="2.000003510871693">Amazon
 FreeBSD<y:LabelModel>
              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
            </y:LabelModel>
@@ -298,7 +300,6 @@ FreeBSD<y:LabelModel>
      </data>
    </edge>
    <edge id="e4" source="n1" target="n3">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="-123.36984126984123" ty="0.0">
@@ -306,11 +307,13 @@ FreeBSD<y:LabelModel>
          </y:Path>
          <y:LineStyle color="#000000" type="line" width="1.0"/>
          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="74.6640625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="77.078125" x="-97.68364242524859" y="5.005267793098369">CentOS
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="102.9296875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="77.078125" x="-97.68364242524859" y="5.005267793098369">Alpine Linux
+CentOS
 RHEL
 Ubuntu
 Debian
-Oracle Linux<y:LabelModel>
+Oracle Linux
+Suse<y:LabelModel>
              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
            </y:LabelModel>
            <y:ModelParameter>
@@ -323,7 +326,6 @@ Oracle Linux<y:LabelModel>
      </data>
    </edge>
    <edge id="e5" source="n4" target="n3">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -364,7 +366,6 @@ Oracle Linux<y:LabelModel>
      </data>
    </edge>
    <edge id="e9" source="n3" target="n5">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -375,7 +376,6 @@ Oracle Linux<y:LabelModel>
      </data>
    </edge>
    <edge id="e10" source="n1" target="n7">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
@@ -396,7 +396,6 @@ Oracle Linux<y:LabelModel>
      </data>
    </edge>
    <edge id="e11" source="n10" target="n3">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="-125.78842258255952" ty="0.0">
--- a/img/vuls-scan-flow-fast.png
+++ b/img/vuls-scan-flow-fast.png
--- a/img/vuls-scan-flow.graphml
+++ b/img/vuls-scan-flow.graphml
@@ -53,10 +53,12 @@
          <y:Geometry height="90.44247787610618" width="268.0" x="309.6849206349206" y="86.0"/>
          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="60.53125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="14.95561393805309">Get installed packages
+          <y:NodeLabel alignment="right" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="88.796875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="0.8228014380530908">Get installed packages
+Alpine Linux: apk
 Debian/Ubuntu: dpkg-query
 Amazon/RHEL/CentOS: rpm
-FreeBSD: pkg<y:LabelModel>
+FreeBSD: pkg
+SUSE: zypper<y:LabelModel>
              <y:SmartNodeLabelModel distance="4.0"/>
            </y:LabelModel>
            <y:ModelParameter>
@@ -235,7 +237,6 @@ Amazon / RHEL: yum changelog<y:LabelModel>
    </node>
    <node id="n13" yfiles.foldertype="group">
      <data key="d4"/>
-      <data key="d5"/>
      <data key="d6">
        <y:ProxyAutoBoundsNode>
          <y:Realizers active="0">
@@ -315,13 +316,13 @@ Amazon / RHEL: yum changelog<y:LabelModel>
          </y:Path>
          <y:LineStyle color="#000000" type="line" width="1.0"/>
          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="56.98046875" x="-66.95987036992159" y="-48.39843398912808">Debian
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="56.98046875" x="-257.65322875976574" y="2.0000035108718635">Debian
 Ubuntu
 Raspbian<y:LabelModel>
              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
            </y:LabelModel>
            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="right" ratio="0.02215389573439544" segment="0"/>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="left" ratio="0.8652035780364729" segment="0"/>
            </y:ModelParameter>
            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
          </y:EdgeLabel>
@@ -379,13 +380,13 @@ Raspbian<y:LabelModel>
          </y:Path>
          <y:LineStyle color="#000000" type="line" width="1.0"/>
          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="10.125014629061297" y="-48.39843398912805">Amazon
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="200.87829463898197" y="4.000003510871693">Amazon
 RHEL
 FreeBSD<y:LabelModel>
              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
            </y:LabelModel>
            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="left" ratio="0.022401276994204813" segment="0"/>
+              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="6.999999999999886" distanceToCenter="false" position="right" ratio="0.8192728556300707" segment="-1"/>
            </y:ModelParameter>
            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
          </y:EdgeLabel>
@@ -442,7 +443,6 @@ FreeBSD<y:LabelModel>
      </data>
    </edge>
    <edge id="e11" source="n11" target="n7">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="-24.34091537610618">
@@ -455,7 +455,6 @@ FreeBSD<y:LabelModel>
      </data>
    </edge>
    <edge id="e12" source="n8" target="n12">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -466,7 +465,6 @@ FreeBSD<y:LabelModel>
      </data>
    </edge>
    <edge id="e13" source="n12" target="n7">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
@@ -477,7 +475,6 @@ FreeBSD<y:LabelModel>
      </data>
    </edge>
    <edge id="e14" source="n9" target="n13">
-      <data key="d9"/>
      <data key="d10">
        <y:PolyLineEdge>
          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="10.8330078125"/>
@@ -487,6 +484,30 @@ FreeBSD<y:LabelModel>
        </y:PolyLineEdge>
      </data>
    </edge>
+    <edge id="e15" source="n1" target="n7">
+      <data key="d9"/>
+      <data key="d10">
+        <y:PolyLineEdge>
+          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
+            <y:Point x="999.0" y="226.44247787610618"/>
+            <y:Point x="999.0" y="570.8409153761062"/>
+            <y:Point x="743.3698412698412" y="570.8409153761062"/>
+          </y:Path>
+          <y:LineStyle color="#000000" type="line" width="1.0"/>
+          <y:Arrows source="none" target="none"/>
+          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="76.8203125" x="422.923942251054" y="13.867191010871807">Alpine Linux
+SUSE<y:LabelModel>
+              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
+            </y:LabelModel>
+            <y:ModelParameter>
+              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="right" ratio="0.8856709076027529" segment="0"/>
+            </y:ModelParameter>
+            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
+          </y:EdgeLabel>
+          <y:BendStyle smoothed="false"/>
+        </y:PolyLineEdge>
+      </data>
+    </edge>
  </graph>
  <data key="d7">
    <y:Resources/>
--- a/img/vuls-scan-flow.png
+++ b/img/vuls-scan-flow.png
--- a/libmanager/libManager.go
+++ b/libmanager/libManager.go
@@ -0,0 +1,108 @@
+package libmanager
+
+import (
+	"context"
+
+	db2 "github.com/aquasecurity/trivy-db/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/github"
+	"github.com/aquasecurity/trivy/pkg/indicator"
+	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/spf13/afero"
+	"golang.org/x/xerrors"
+	"k8s.io/utils/clock"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+)
+
+// FillLibrary fills LibraryScanner informations
+func FillLibrary(r *models.ScanResult) (totalCnt int, err error) {
+	if len(r.LibraryScanners) == 0 {
+		return
+	}
+
+	// initialize trivy's logger and db
+	err = log.InitLogger(false, false)
+	if err != nil {
+		return 0, err
+	}
+
+	util.Log.Info("Updating library db...")
+	if err := downloadDB(config.Version, config.Conf.TrivyCacheDBDir, config.Conf.NoProgress, false, false); err != nil {
+		return 0, err
+	}
+
+	if err := db2.Init(config.Conf.TrivyCacheDBDir); err != nil {
+		return 0, err
+	}
+	defer db2.Close()
+
+	for _, lib := range r.LibraryScanners {
+		vinfos, err := lib.Scan()
+		if err != nil {
+			return 0, err
+		}
+		for _, vinfo := range vinfos {
+			vinfo.Confidences.AppendIfMissing(models.TrivyMatch)
+			if v, ok := r.ScannedCves[vinfo.CveID]; !ok {
+				r.ScannedCves[vinfo.CveID] = vinfo
+			} else {
+				v.LibraryFixedIns = append(v.LibraryFixedIns, vinfo.LibraryFixedIns...)
+				r.ScannedCves[vinfo.CveID] = v
+			}
+		}
+		totalCnt += len(vinfos)
+	}
+
+	return totalCnt, nil
+}
+
+func downloadDB(appVersion, cacheDir string, quiet, light, skipUpdate bool) error {
+	client := initializeDBClient(cacheDir, quiet)
+	ctx := context.Background()
+	needsUpdate, err := client.NeedsUpdate(appVersion, light, skipUpdate)
+	if err != nil {
+		return xerrors.Errorf("database error: %w", err)
+	}
+
+	if needsUpdate {
+		util.Log.Info("Need to update DB")
+		util.Log.Info("Downloading DB...")
+		if err := client.Download(ctx, cacheDir, light); err != nil {
+			return xerrors.Errorf("failed to download vulnerability DB: %w", err)
+		}
+		if err = client.UpdateMetadata(cacheDir); err != nil {
+			return xerrors.Errorf("unable to update database metadata: %w", err)
+		}
+	}
+
+	// for debug
+	if err := showDBInfo(cacheDir); err != nil {
+		return xerrors.Errorf("failed to show database info: %w", err)
+	}
+	return nil
+}
+
+func initializeDBClient(cacheDir string, quiet bool) db.Client {
+	config := db2.Config{}
+	client := github.NewClient()
+	progressBar := indicator.NewProgressBar(quiet)
+	realClock := clock.RealClock{}
+	fs := afero.NewOsFs()
+	metadata := db.NewMetadata(fs, cacheDir)
+	dbClient := db.NewClient(config, client, progressBar, realClock, metadata)
+	return dbClient
+}
+
+func showDBInfo(cacheDir string) error {
+	m := db.NewMetadata(afero.NewOsFs(), cacheDir)
+	metadata, err := m.Get()
+	if err != nil {
+		return xerrors.Errorf("something wrong with DB: %w", err)
+	}
+	util.Log.Debugf("DB Schema: %d, Type: %d, UpdatedAt: %s, NextUpdate: %s",
+		metadata.Version, metadata.Type, metadata.UpdatedAt, metadata.NextUpdate)
+	return nil
+}
--- a/main.go
+++ b/main.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package main

 import (
@@ -25,15 +8,10 @@ import (
 	"context"

 	"github.com/future-architect/vuls/commands"
+	"github.com/future-architect/vuls/config"
 	"github.com/google/subcommands"
 )

-// Version of Vuls
-var version = "0.4.0"
-
-// Revision of Git
-var revision string
-
 func main() {
 	subcommands.Register(subcommands.HelpCommand(), "")
 	subcommands.Register(subcommands.FlagsCommand(), "")
@@ -44,13 +22,14 @@ func main() {
 	subcommands.Register(&commands.HistoryCmd{}, "history")
 	subcommands.Register(&commands.ReportCmd{}, "report")
 	subcommands.Register(&commands.ConfigtestCmd{}, "configtest")
+	subcommands.Register(&commands.ServerCmd{}, "server")

 	var v = flag.Bool("v", false, "Show version")

 	flag.Parse()

 	if *v {
-		fmt.Printf("vuls %s %s\n", version, revision)
+		fmt.Printf("vuls %s %s\n", config.Version, config.Revision)
 		os.Exit(int(subcommands.ExitSuccess))
 	}

--- a/models/cvecontents.go
+++ b/models/cvecontents.go
@@ -1,25 +1,9 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models

 import (
-	"strings"
 	"time"
+
+	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 )

 // CveContents has CveContent
@@ -61,21 +45,24 @@ func (v CveContents) Except(exceptCtypes ...CveContentType) (values CveContents)
 // SourceLinks returns link of source
 func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveContentStr) {
 	if lang == "ja" {
-		if cont, found := v[JVN]; found && 0 < len(cont.SourceLink) {
-			values = append(values, CveContentStr{JVN, cont.SourceLink})
+		if cont, found := v[Jvn]; found && 0 < len(cont.SourceLink) {
+			values = append(values, CveContentStr{Jvn, cont.SourceLink})
 		}
 	}

-	order := CveContentTypes{NVD, NewCveContentType(myFamily)}
+	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found {
+			if cont.SourceLink == "" {
+				continue
+			}
 			values = append(values, CveContentStr{ctype, cont.SourceLink})
 		}
 	}

 	if len(values) == 0 {
 		return []CveContentStr{{
-			Type:  NVD,
+			Type:  Nvd,
 			Value: "https://nvd.nist.gov/vuln/detail/" + cveID,
 		}}
 	}
@@ -109,7 +96,7 @@ type CveContentCpes struct {
 // Cpes returns affected CPEs of this Vulnerability
 func (v CveContents) Cpes(myFamily string) (values []CveContentCpes) {
 	order := CveContentTypes{NewCveContentType(myFamily)}
-	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+	order = append(order, AllCveContetTypes.Except(order...)...)

 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && 0 < len(cont.Cpes) {
@@ -131,7 +118,7 @@ type CveContentRefs struct {
 // References returns References
 func (v CveContents) References(myFamily string) (values []CveContentRefs) {
 	order := CveContentTypes{NewCveContentType(myFamily)}
-	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+	order = append(order, AllCveContetTypes.Except(order...)...)

 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && 0 < len(cont.References) {
@@ -141,18 +128,22 @@ func (v CveContents) References(myFamily string) (values []CveContentRefs) {
 			})
 		}
 	}
+
 	return
 }

 // CweIDs returns related CweIDs of the vulnerability
 func (v CveContents) CweIDs(myFamily string) (values []CveContentStr) {
 	order := CveContentTypes{NewCveContentType(myFamily)}
-	order = append(order, AllCveContetTypes.Except(append(order)...)...)
-
+	order = append(order, AllCveContetTypes.Except(order...)...)
 	for _, ctype := range order {
-		if cont, found := v[ctype]; found && 0 < len(cont.CweID) {
-			// RedHat's OVAL sometimes contains multiple CWE-IDs separated by spaces
-			for _, cweID := range strings.Fields(cont.CweID) {
+		if cont, found := v[ctype]; found && 0 < len(cont.CweIDs) {
+			for _, cweID := range cont.CweIDs {
+				for _, val := range values {
+					if val.Value == cweID {
+						continue
+					}
+				}
 				values = append(values, CveContentStr{
 					Type:  ctype,
 					Value: cweID,
@@ -163,23 +154,38 @@ func (v CveContents) CweIDs(myFamily string) (values []CveContentStr) {
 	return
 }

+// UniqCweIDs returns Uniq CweIDs
+func (v CveContents) UniqCweIDs(myFamily string) (values []CveContentStr) {
+	uniq := map[string]CveContentStr{}
+	for _, cwes := range v.CweIDs(myFamily) {
+		uniq[cwes.Value] = cwes
+	}
+	for _, cwe := range uniq {
+		values = append(values, cwe)
+	}
+	return values
+}
+
 // CveContent has abstraction of various vulnerability information
 type CveContent struct {
-	Type         CveContentType
-	CveID        string
-	Title        string
-	Summary      string
-	Severity     string
-	Cvss2Score   float64
-	Cvss2Vector  string
-	Cvss3Score   float64
-	Cvss3Vector  string
-	SourceLink   string
-	Cpes         []Cpe
-	References   References
-	CweID        string
-	Published    time.Time
-	LastModified time.Time
+	Type          CveContentType    `json:"type"`
+	CveID         string            `json:"cveID"`
+	Title         string            `json:"title"`
+	Summary       string            `json:"summary"`
+	Cvss2Score    float64           `json:"cvss2Score"`
+	Cvss2Vector   string            `json:"cvss2Vector"`
+	Cvss2Severity string            `json:"cvss2Severity"`
+	Cvss3Score    float64           `json:"cvss3Score"`
+	Cvss3Vector   string            `json:"cvss3Vector"`
+	Cvss3Severity string            `json:"cvss3Severity"`
+	SourceLink    string            `json:"sourceLink"`
+	Cpes          []Cpe             `json:"cpes,omitempty"`
+	References    References        `json:"references,omitempty"`
+	CweIDs        []string          `json:"cweIDs,omitempty"`
+	Published     time.Time         `json:"published"`
+	LastModified  time.Time         `json:"lastModified"`
+	Mitigation    string            `json:"mitigation"` // RedHat API
+	Optional      map[string]string `json:"optional,omitempty"`
 }

 // Empty checks the content is empty
@@ -193,33 +199,66 @@ type CveContentType string
 // NewCveContentType create CveContentType
 func NewCveContentType(name string) CveContentType {
 	switch name {
+	case "nvdxml":
+		return NvdXML
 	case "nvd":
-		return NVD
+		return Nvd
 	case "jvn":
-		return JVN
+		return Jvn
 	case "redhat", "centos":
 		return RedHat
 	case "oracle":
 		return Oracle
 	case "ubuntu":
 		return Ubuntu
-	case "debian":
+	case "debian", vulnerability.DebianOVAL:
 		return Debian
+	case "redhat_api":
+		return RedHatAPI
+	case "debian_security_tracker":
+		return DebianSecurityTracker
+	case "microsoft":
+		return Microsoft
+	case "wordpress":
+		return WPVulnDB
+	case "amazon":
+		return Amazon
+	case "trivy":
+		return Trivy
+	// case vulnerability.NodejsSecurityWg:
+	// 	return NodeSec
+	// case vulnerability.PythonSafetyDB:
+	// 	return PythonSec
+	// case vulnerability.RustSec:
+	// 	return RustSec
+	// case vulnerability.PhpSecurityAdvisories:
+	// 	return PhpSec
+	// case vulnerability.RubySec:
+	// 	return RubySec
 	default:
 		return Unknown
 	}
 }

 const (
-	// NVD is NVD
-	NVD CveContentType = "nvd"
+	// NvdXML is NvdXML
+	NvdXML CveContentType = "nvdxml"

-	// JVN is JVN
-	JVN CveContentType = "jvn"
+	// Nvd is Nvd
+	Nvd CveContentType = "nvd"
+
+	// Jvn is Jvn
+	Jvn CveContentType = "jvn"

 	// RedHat is RedHat
 	RedHat CveContentType = "redhat"

+	// RedHatAPI is RedHat
+	RedHatAPI CveContentType = "redhat_api"
+
+	// DebianSecurityTracker is Debian Secury tracker
+	DebianSecurityTracker CveContentType = "debian_security_tracker"
+
 	// Debian is Debian
 	Debian CveContentType = "debian"

@@ -229,6 +268,36 @@ const (
 	// Oracle is Oracle Linux
 	Oracle CveContentType = "oracle"

+	// Amazon is Amazon Linux
+	Amazon CveContentType = "amazon"
+
+	// SUSE is SUSE Linux
+	SUSE CveContentType = "suse"
+
+	// Microsoft is Microsoft
+	Microsoft CveContentType = "microsoft"
+
+	// WPVulnDB is WordPress
+	WPVulnDB CveContentType = "wpvulndb"
+
+	// Trivy is Trivy
+	Trivy CveContentType = "trivy"
+
+	// NodeSec : for JS
+	// NodeSec CveContentType = "node"
+
+	// // PythonSec : for PHP
+	// PythonSec CveContentType = "python"
+
+	// // PhpSec : for PHP
+	// PhpSec CveContentType = "php"
+
+	// // RubySec : for Ruby
+	// RubySec CveContentType = "ruby"
+
+	// // RustSec : for Rust
+	// RustSec CveContentType = "rust"
+
 	// Unknown is Unknown
 	Unknown CveContentType = "unknown"
 )
@@ -237,7 +306,25 @@ const (
 type CveContentTypes []CveContentType

 // AllCveContetTypes has all of CveContentTypes
-var AllCveContetTypes = CveContentTypes{NVD, JVN, RedHat, Debian, Ubuntu}
+var AllCveContetTypes = CveContentTypes{
+	Nvd,
+	NvdXML,
+	Jvn,
+	RedHat,
+	RedHatAPI,
+	Debian,
+	Ubuntu,
+	Amazon,
+	SUSE,
+	DebianSecurityTracker,
+	WPVulnDB,
+	Trivy,
+	// NodeSec,
+	// PythonSec,
+	// PhpSec,
+	// RubySec,
+	// RustSec,
+}

 // Except returns CveContentTypes except for given args
 func (c CveContentTypes) Except(excepts ...CveContentType) (excepted CveContentTypes) {
@@ -258,7 +345,8 @@ func (c CveContentTypes) Except(excepts ...CveContentType) (excepted CveContentT

 // Cpe is Common Platform Enumeration
 type Cpe struct {
-	CpeName string
+	URI             string `json:"uri"`
+	FormattedString string `json:"formattedString"`
 }

 // References is a slice of Reference
@@ -266,7 +354,7 @@ type References []Reference

 // Reference has a related link of the CVE
 type Reference struct {
-	Source string
-	Link   string
-	RefID  string
+	Source string `json:"source"`
+	Link   string `json:"link"`
+	RefID  string `json:"refID"`
 }
--- a/models/cvecontents_test.go
+++ b/models/cvecontents_test.go
@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package models

 import (
@@ -60,27 +44,27 @@ func TestSourceLinks(t *testing.T) {
 				lang:  "ja",
 				cveID: "CVE-2017-6074",
 				cont: CveContents{
-					JVN: {
-						Type:       JVN,
+					Jvn: {
+						Type:       Jvn,
 						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
 					},
 					RedHat: {
 						Type:       RedHat,
 						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
 					},
-					NVD: {
-						Type:       NVD,
+					NvdXML: {
+						Type:       NvdXML,
 						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 					},
 				},
 			},
 			out: []CveContentStr{
 				{
-					Type:  JVN,
+					Type:  Jvn,
 					Value: "https://jvn.jp/vu/JVNVU93610402/",
 				},
 				{
-					Type:  NVD,
+					Type:  NvdXML,
 					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 				},
 				{
@@ -95,23 +79,23 @@ func TestSourceLinks(t *testing.T) {
 				lang:  "en",
 				cveID: "CVE-2017-6074",
 				cont: CveContents{
-					JVN: {
-						Type:       JVN,
+					Jvn: {
+						Type:       Jvn,
 						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
 					},
 					RedHat: {
 						Type:       RedHat,
 						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
 					},
-					NVD: {
-						Type:       NVD,
+					NvdXML: {
+						Type:       NvdXML,
 						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 					},
 				},
 			},
 			out: []CveContentStr{
 				{
-					Type:  NVD,
+					Type:  NvdXML,
 					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 				},
 				{
@@ -129,16 +113,16 @@ func TestSourceLinks(t *testing.T) {
 			},
 			out: []CveContentStr{
 				{
-					Type:  NVD,
+					Type:  Nvd,
 					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 				},
 			},
 		},
 	}
-	for _, tt := range tests {
+	for i, tt := range tests {
 		actual := tt.in.cont.SourceLinks(tt.in.lang, "redhat", tt.in.cveID)
 		if !reflect.DeepEqual(tt.out, actual) {
-			t.Errorf("\nexpected: %v\n  actual: %v\n", tt.out, actual)
+			t.Errorf("\n[%d] expected: %v\n  actual: %v\n", i, tt.out, actual)
 		}
 	}
 }
@@ -158,16 +142,16 @@ func TestVendorLink(t *testing.T) {
 				vinfo: VulnInfo{
 					CveID: "CVE-2017-6074",
 					CveContents: CveContents{
-						JVN: {
-							Type:       JVN,
+						Jvn: {
+							Type:       Jvn,
 							SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
 						},
 						RedHat: {
 							Type:       RedHat,
 							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
 						},
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 						},
 					},
--- a/models/library.go
+++ b/models/library.go
@@ -0,0 +1,145 @@
+package models
+
+import (
+	"path/filepath"
+
+	"github.com/aquasecurity/trivy-db/pkg/db"
+	trivyDBTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/detector/library"
+
+	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/future-architect/vuls/util"
+	"golang.org/x/xerrors"
+
+	// "github.com/aquasecurity/go-dep-parser/pkg/types"
+	"github.com/knqyf263/go-version"
+)
+
+// LibraryScanners is an array of LibraryScanner
+type LibraryScanners []LibraryScanner
+
+// Find : find by name
+func (lss LibraryScanners) Find(path, name string) map[string]types.Library {
+	filtered := map[string]types.Library{}
+	for _, ls := range lss {
+		for _, lib := range ls.Libs {
+			if ls.Path == path && lib.Name == name {
+				filtered[ls.Path] = lib
+				break
+			}
+		}
+	}
+	return filtered
+}
+
+// LibraryScanner has libraries information
+type LibraryScanner struct {
+	Path string
+	Libs []types.Library
+}
+
+// Scan : scan target library
+func (s LibraryScanner) Scan() ([]VulnInfo, error) {
+	scanner, err := library.DriverFactory{}.NewDriver(filepath.Base(string(s.Path)))
+	if err != nil {
+		return nil, xerrors.Errorf("Faild to new a library driver: %w", err)
+	}
+	var vulnerabilities = []VulnInfo{}
+	for _, pkg := range s.Libs {
+		v, err := version.NewVersion(pkg.Version)
+		if err != nil {
+			util.Log.Debugf("new version cant detected %s@%s", pkg.Name, pkg.Version)
+			continue
+		}
+
+		tvulns, err := scanner.Detect(pkg.Name, v)
+		if err != nil {
+			return nil, xerrors.Errorf("failed to detect %s vulnerabilities: %w", scanner.Type(), err)
+		}
+		if len(tvulns) == 0 {
+			continue
+		}
+
+		vulns := s.convertFanalToVuln(tvulns)
+		vulnerabilities = append(vulnerabilities, vulns...)
+	}
+
+	return vulnerabilities, nil
+}
+
+func (s LibraryScanner) convertFanalToVuln(tvulns []types.DetectedVulnerability) (vulns []VulnInfo) {
+	for _, tvuln := range tvulns {
+		vinfo, err := s.getVulnDetail(tvuln)
+		if err != nil {
+			util.Log.Debugf("failed to getVulnDetail. err: %s, tvun: %#v", err, tvuln)
+			continue
+		}
+		vulns = append(vulns, vinfo)
+	}
+	return vulns
+}
+
+func (s LibraryScanner) getVulnDetail(tvuln types.DetectedVulnerability) (vinfo VulnInfo, err error) {
+	vul, err := db.Config{}.GetVulnerability(tvuln.VulnerabilityID)
+	if err != nil {
+		return vinfo, err
+	}
+
+	vinfo.CveID = tvuln.VulnerabilityID
+	vinfo.CveContents = getCveContents(tvuln.VulnerabilityID, vul)
+	if tvuln.FixedVersion != "" {
+		vinfo.LibraryFixedIns = []LibraryFixedIn{
+			{
+				Key:     s.GetLibraryKey(),
+				Name:    tvuln.PkgName,
+				FixedIn: tvuln.FixedVersion,
+				Path:    s.Path,
+			},
+		}
+	}
+	return vinfo, nil
+}
+
+func getCveContents(cveID string, vul trivyDBTypes.Vulnerability) (contents map[CveContentType]CveContent) {
+	contents = map[CveContentType]CveContent{}
+	refs := []Reference{}
+	for _, refURL := range vul.References {
+		refs = append(refs, Reference{Source: "trivy", Link: refURL})
+	}
+
+	content := CveContent{
+		Type:          Trivy,
+		CveID:         cveID,
+		Title:         vul.Title,
+		Summary:       vul.Description,
+		Cvss3Severity: string(vul.Severity),
+		References:    refs,
+	}
+	contents[Trivy] = content
+	return contents
+}
+
+// LibraryMap is filename and library type
+var LibraryMap = map[string]string{
+	"package-lock.json": "node",
+	"yarn.lock":         "node",
+	"Gemfile.lock":      "ruby",
+	"Cargo.lock":        "rust",
+	"composer.lock":     "php",
+	"Pipfile.lock":      "python",
+	"poetry.lock":       "python",
+}
+
+// GetLibraryKey returns target library key
+func (s LibraryScanner) GetLibraryKey() string {
+	fileName := filepath.Base(s.Path)
+	return LibraryMap[fileName]
+}
+
+// LibraryFixedIn has library fixed information
+type LibraryFixedIn struct {
+	Key     string `json:"key,omitempty"`
+	Name    string `json:"name,omitempty"`
+	FixedIn string `json:"fixedIn,omitempty"`
+	Path    string `json:"path,omitempty"`
+}
--- a/models/library_test.go
+++ b/models/library_test.go
@@ -0,0 +1,96 @@
+package models
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+func TestLibraryScanners_Find(t *testing.T) {
+	type args struct {
+		path string
+		name string
+	}
+	tests := []struct {
+		name string
+		lss  LibraryScanners
+		args args
+		want map[string]types.Library
+	}{
+		{
+			name: "single file",
+			lss: LibraryScanners{
+				{
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
+				},
+			},
+			args: args{"/pathA", "libA"},
+			want: map[string]types.Library{
+				"/pathA": {
+					Name:    "libA",
+					Version: "1.0.0",
+				},
+			},
+		},
+		{
+			name: "multi file",
+			lss: LibraryScanners{
+				{
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
+				},
+				{
+					Path: "/pathB",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.5",
+						},
+					},
+				},
+			},
+			args: args{"/pathA", "libA"},
+			want: map[string]types.Library{
+				"/pathA": {
+					Name:    "libA",
+					Version: "1.0.0",
+				},
+			},
+		},
+		{
+			name: "miss",
+			lss: LibraryScanners{
+				{
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
+				},
+			},
+			args: args{"/pathA", "libB"},
+			want: map[string]types.Library{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.lss.Find(tt.args.path, tt.args.name); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("LibraryScanners.Find() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/models/models.go
+++ b/models/models.go
@@ -1,21 +1,4 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models

 // JSONVersion is JSON Version
-const JSONVersion = 2
+const JSONVersion = 4
--- a/models/models_test.go
+++ b/models/models_test.go
@@ -1,18 +0,0 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package models
--- a/models/packages.go
+++ b/models/packages.go
@@ -1,26 +1,11 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models

 import (
 	"bytes"
 	"fmt"
 	"strings"
+
+	"golang.org/x/xerrors"
 )

 // Packages is Map of Package
@@ -38,6 +23,12 @@ func NewPackages(packs ...Package) Packages {

 // MergeNewVersion merges candidate version information to the receiver struct
 func (ps Packages) MergeNewVersion(as Packages) {
+	for name, pack := range ps {
+		pack.NewVersion = pack.Version
+		pack.NewRelease = pack.Release
+		ps[name] = pack
+	}
+
 	for _, a := range as {
 		if pack, ok := ps[a.Name]; ok {
 			pack.NewVersion = a.NewVersion
@@ -60,18 +51,7 @@ func (ps Packages) Merge(other Packages) Packages {
 	return merged
 }

-// FormatUpdatablePacksSummary returns a summary of updatable packages
-func (ps Packages) FormatUpdatablePacksSummary() string {
-	nUpdatable := 0
-	for _, p := range ps {
-		if p.NewVersion != "" {
-			nUpdatable++
-		}
-	}
-	return fmt.Sprintf("%d updatable packages", nUpdatable)
-}
-
-// FindOne search a element by name-newver-newrel-arch
+// FindOne search a element
 func (ps Packages) FindOne(f func(Package) bool) (string, Package, bool) {
 	for key, p := range ps {
 		if f(p) {
@@ -81,16 +61,44 @@ func (ps Packages) FindOne(f func(Package) bool) (string, Package, bool) {
 	return "", Package{}, false
 }

-// Package has installed packages.
+// FindByFQPN search a package by Fully-Qualified-Package-Name
+func (ps Packages) FindByFQPN(nameVerRelArc string) (*Package, error) {
+	for _, p := range ps {
+		if nameVerRelArc == p.FQPN() {
+			return &p, nil
+		}
+	}
+	return nil, xerrors.Errorf("Failed to find the package: %s", nameVerRelArc)
+}
+
+// Package has installed binary packages.
 type Package struct {
-	Name       string
-	Version    string
-	Release    string
-	NewVersion string
-	NewRelease string
-	Arch       string
-	Repository string
-	Changelog  Changelog
+	Name             string               `json:"name"`
+	Version          string               `json:"version"`
+	Release          string               `json:"release"`
+	NewVersion       string               `json:"newVersion"`
+	NewRelease       string               `json:"newRelease"`
+	Arch             string               `json:"arch"`
+	Repository       string               `json:"repository"`
+	Changelog        Changelog            `json:"changelog"`
+	AffectedProcs    []AffectedProcess    `json:",omitempty"`
+	NeedRestartProcs []NeedRestartProcess `json:",omitempty"`
+}
+
+// FQPN returns Fully-Qualified-Package-Name
+// name-version-release.arch
+func (p Package) FQPN() string {
+	fqpn := p.Name
+	if p.Version != "" {
+		fqpn += fmt.Sprintf("-%s", p.Version)
+	}
+	if p.Release != "" {
+		fqpn += fmt.Sprintf("-%s", p.Release)
+	}
+	if p.Arch != "" {
+		fqpn += fmt.Sprintf(".%s", p.Arch)
+	}
+	return fqpn
 }

 // FormatVer returns package version-release
@@ -112,12 +120,23 @@ func (p Package) FormatNewVer() string {
 }

 // FormatVersionFromTo formats installed and new package version
-func (p Package) FormatVersionFromTo(notFixedYet bool) string {
+func (p Package) FormatVersionFromTo(stat PackageFixStatus) string {
 	to := p.FormatNewVer()
-	if notFixedYet {
-		to = "Not Fixed Yet"
+	if stat.NotFixedYet {
+		if stat.FixState != "" {
+			to = stat.FixState
+		} else {
+			to = "Not Fixed Yet"
+		}
+	} else if p.NewVersion == "" {
+		to = "Unknown"
 	}
-	return fmt.Sprintf("%s-%s -> %s", p.Name, p.FormatVer(), to)
+	var fixedIn string
+	if stat.FixedIn != "" {
+		fixedIn = fmt.Sprintf(" (FixedIn: %s)", stat.FixedIn)
+	}
+	return fmt.Sprintf("%s-%s -> %s%s",
+		p.Name, p.FormatVer(), to, fixedIn)
 }

 // FormatChangelog formats the changelog
@@ -139,7 +158,7 @@ func (p Package) FormatChangelog() string {
 	case FailedToGetChangelog:
 		clog = "No changelogs"
 	case FailedToFindVersionInChangelog:
-		clog = "Failed to parse changelogs. For detials, check yourself"
+		clog = "Failed to parse changelogs. For details, check yourself"
 	}
 	buf = append(buf, packVer, delim.String(), clog)
 	return strings.Join(buf, "\n")
@@ -148,6 +167,63 @@ func (p Package) FormatChangelog() string {
 // Changelog has contents of changelog and how to get it.
 // Method: models.detectionMethodStr
 type Changelog struct {
-	Contents string
-	Method   DetectionMethod
+	Contents string          `json:"contents"`
+	Method   DetectionMethod `json:"method"`
+}
+
+// AffectedProcess keep a processes information affected by software update
+type AffectedProcess struct {
+	PID         string   `json:"pid,omitempty"`
+	Name        string   `json:"name,omitempty"`
+	ListenPorts []string `json:"listenPorts,omitempty"`
+}
+
+// NeedRestartProcess keep a processes information affected by software update
+type NeedRestartProcess struct {
+	PID         string `json:"pid"`
+	Path        string `json:"path"`
+	ServiceName string `json:"serviceName"`
+	InitSystem  string `json:"initSystem"`
+	HasInit     bool   `json:"-"`
+}
+
+// SrcPackage has installed source package information.
+// Debian based Linux has both of package and source information in dpkg.
+// OVAL database often includes a source version (Not a binary version),
+// so it is also needed to capture source version for OVAL version comparison.
+// https://github.com/future-architect/vuls/issues/504
+type SrcPackage struct {
+	Name        string   `json:"name"`
+	Version     string   `json:"version"`
+	Arch        string   `json:"arch"`
+	BinaryNames []string `json:"binaryNames"`
+}
+
+// AddBinaryName add the name if not exists
+func (s *SrcPackage) AddBinaryName(name string) {
+	found := false
+	for _, n := range s.BinaryNames {
+		if n == name {
+			return
+		}
+	}
+	if !found {
+		s.BinaryNames = append(s.BinaryNames, name)
+	}
+}
+
+// SrcPackages is Map of SrcPackage
+// { "package-name": SrcPackage }
+type SrcPackages map[string]SrcPackage
+
+// FindByBinName finds by bin-package-name
+func (s SrcPackages) FindByBinName(name string) (*SrcPackage, bool) {
+	for _, p := range s {
+		for _, binName := range p.BinaryNames {
+			if binName == name {
+				return &p, true
+			}
+		}
+	}
+	return nil, false
 }
--- a/models/packages_test.go
+++ b/models/packages_test.go
@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package models

 import (
@@ -87,3 +71,229 @@ func TestMerge(t *testing.T) {
 		t.Errorf("expected %s, actual %s", e, a)
 	}
 }
+
+func TestAddBinaryName(t *testing.T) {
+	var tests = []struct {
+		in       SrcPackage
+		name     string
+		expected SrcPackage
+	}{
+		{
+			SrcPackage{Name: "hoge"},
+			"curl",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+		},
+		{
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+			"curl",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+		},
+		{
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl"},
+			},
+			"openssh",
+			SrcPackage{
+				Name:        "hoge",
+				BinaryNames: []string{"curl", "openssh"},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		tt.in.AddBinaryName(tt.name)
+		if !reflect.DeepEqual(tt.in, tt.expected) {
+			t.Errorf("expected %#v, actual %#v", tt.in, tt.expected)
+		}
+	}
+}
+
+func TestFindByBinName(t *testing.T) {
+	var tests = []struct {
+		in       SrcPackages
+		name     string
+		expected *SrcPackage
+		ok       bool
+	}{
+		{
+			in: map[string]SrcPackage{
+				"packA": {
+					Name:        "srcA",
+					BinaryNames: []string{"binA"},
+					Version:     "1.0.0",
+				},
+				"packB": {
+					Name:        "srcB",
+					BinaryNames: []string{"binB"},
+					Version:     "2.0.0",
+				},
+			},
+			name: "binA",
+			expected: &SrcPackage{
+				Name:        "srcA",
+				BinaryNames: []string{"binA"},
+				Version:     "1.0.0",
+			},
+			ok: true,
+		},
+		{
+			in: map[string]SrcPackage{
+				"packA": {
+					Name:        "srcA",
+					BinaryNames: []string{"binA"},
+					Version:     "1.0.0",
+				},
+				"packB": {
+					Name:        "srcB",
+					BinaryNames: []string{"binB"},
+					Version:     "2.0.0",
+				},
+			},
+			name:     "nobin",
+			expected: nil,
+			ok:       false,
+		},
+	}
+
+	for i, tt := range tests {
+		act, ok := tt.in.FindByBinName(tt.name)
+		if ok != tt.ok {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.in, tt.expected)
+		}
+		if act != nil && !reflect.DeepEqual(*tt.expected, *act) {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.in, tt.expected)
+		}
+	}
+}
+
+func TestPackage_FormatVersionFromTo(t *testing.T) {
+	type fields struct {
+		Name             string
+		Version          string
+		Release          string
+		NewVersion       string
+		NewRelease       string
+		Arch             string
+		Repository       string
+		Changelog        Changelog
+		AffectedProcs    []AffectedProcess
+		NeedRestartProcs []NeedRestartProcess
+	}
+	type args struct {
+		stat PackageFixStatus
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   string
+	}{
+		{
+			name: "fixed",
+			fields: fields{
+				Name:       "packA",
+				Version:    "1.0.0",
+				Release:    "a",
+				NewVersion: "1.0.1",
+				NewRelease: "b",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: false,
+					FixedIn:     "1.0.1-b",
+				},
+			},
+			want: "packA-1.0.0-a -> 1.0.1-b (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+				},
+			},
+			want: "packA-1.0.0-a -> Not Fixed Yet",
+		},
+		{
+			name: "nfy",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: false,
+					FixedIn:     "1.0.1-b",
+				},
+			},
+			want: "packA-1.0.0-a -> Unknown (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy2",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+					FixedIn:     "1.0.1-b",
+					FixState:    "open",
+				},
+			},
+			want: "packA-1.0.0-a -> open (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy3",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+					FixedIn:     "1.0.1-b",
+					FixState:    "open",
+				},
+			},
+			want: "packA-1.0.0-a -> open (FixedIn: 1.0.1-b)",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := Package{
+				Name:             tt.fields.Name,
+				Version:          tt.fields.Version,
+				Release:          tt.fields.Release,
+				NewVersion:       tt.fields.NewVersion,
+				NewRelease:       tt.fields.NewRelease,
+				Arch:             tt.fields.Arch,
+				Repository:       tt.fields.Repository,
+				Changelog:        tt.fields.Changelog,
+				AffectedProcs:    tt.fields.AffectedProcs,
+				NeedRestartProcs: tt.fields.NeedRestartProcs,
+			}
+			if got := p.FormatVersionFromTo(tt.args.stat); got != tt.want {
+				t.Errorf("Package.FormatVersionFromTo() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -1,28 +1,15 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models

 import (
 	"bytes"
 	"fmt"
+	"regexp"
+	"strings"
 	"time"

 	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/cwe"
+	"github.com/future-architect/vuls/util"
 )

 // ScanResults is a slide of ScanResult
@@ -30,36 +17,110 @@ type ScanResults []ScanResult

 // ScanResult has the result of scanned CVE information.
 type ScanResult struct {
-	ScannedAt   time.Time
-	ReportedAt  time.Time
-	JSONVersion int
-	Lang        string
-	ServerUUID  string
-	ServerName  string // TOML Section key
-	Family      string
-	Release     string
-	Container   Container
-	Platform    Platform
+	JSONVersion      int                   `json:"jsonVersion"`
+	Lang             string                `json:"lang"`
+	ServerUUID       string                `json:"serverUUID"`
+	ServerName       string                `json:"serverName"` // TOML Section key
+	Family           string                `json:"family"`
+	Release          string                `json:"release"`
+	Container        Container             `json:"container"`
+	Platform         Platform              `json:"platform"`
+	IPv4Addrs        []string              `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPv6Addrs        []string              `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPSIdentifiers   map[config.IPS]string `json:"ipsIdentifiers,omitempty"`
+	ScannedAt        time.Time             `json:"scannedAt"`
+	ScanMode         string                `json:"scanMode"`
+	ScannedVersion   string                `json:"scannedVersion"`
+	ScannedRevision  string                `json:"scannedRevision"`
+	ScannedBy        string                `json:"scannedBy"`
+	ScannedVia       string                `json:"scannedVia"`
+	ScannedIPv4Addrs []string              `json:"scannedIpv4Addrs,omitempty"`
+	ScannedIPv6Addrs []string              `json:"scannedIpv6Addrs,omitempty"`
+	ReportedAt       time.Time             `json:"reportedAt"`
+	ReportedVersion  string                `json:"reportedVersion"`
+	ReportedRevision string                `json:"reportedRevision"`
+	ReportedBy       string                `json:"reportedBy"`
+	Errors           []string              `json:"errors"`
+	Warnings         []string              `json:"warnings"`

-	// Scanned Vulns by SSH scan + CPE + OVAL
-	ScannedCves VulnInfos
+	ScannedCves       VulnInfos              `json:"scannedCves"`
+	RunningKernel     Kernel                 `json:"runningKernel"`
+	Packages          Packages               `json:"packages"`
+	SrcPackages       SrcPackages            `json:",omitempty"`
+	WordPressPackages *WordPressPackages     `json:",omitempty"`
+	LibraryScanners   LibraryScanners        `json:"libraries,omitempty"`
+	CweDict           CweDict                `json:"cweDict,omitempty"`
+	Optional          map[string]interface{} `json:",omitempty"`
+	Config            struct {
+		Scan   config.Config `json:"scan"`
+		Report config.Config `json:"report"`
+	} `json:"config"`
+}

-	RunningKernel Kernel
-	Packages      Packages
-	Errors        []string
-	Optional      [][]interface{}
+// CweDict is a dictionary for CWE
+type CweDict map[string]CweDictEntry

-	Config struct {
-		Scan   config.Config
-		Report config.Config
+// Get the name, url, top10URL for the specified cweID, lang
+func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL string) {
+	cweNum := strings.TrimPrefix(cweID, "CWE-")
+	switch config.Conf.Lang {
+	case "ja":
+		if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" {
+			top10Rank = dict.OwaspTopTen2017
+			top10URL = cwe.OwaspTopTen2017GitHubURLJa[dict.OwaspTopTen2017]
+		}
+		if dict, ok := c[cweNum]; ok && dict.CweTopTwentyfive2019 != "" {
+			cweTop25Rank = dict.CweTopTwentyfive2019
+			cweTop25URL = cwe.CweTopTwentyfive2019URL
+		}
+		if dict, ok := c[cweNum]; ok && dict.SansTopTwentyfive != "" {
+			sansTop25Rank = dict.SansTopTwentyfive
+			sansTop25URL = cwe.SansTopTwentyfiveURL
+		}
+		if dict, ok := cwe.CweDictJa[cweNum]; ok {
+			name = dict.Name
+			url = fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID)
+		} else {
+			if dict, ok := cwe.CweDictEn[cweNum]; ok {
+				name = dict.Name
+			}
+			url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID)
+		}
+	default:
+		if dict, ok := c[cweNum]; ok && dict.OwaspTopTen2017 != "" {
+			top10Rank = dict.OwaspTopTen2017
+			top10URL = cwe.OwaspTopTen2017GitHubURLEn[dict.OwaspTopTen2017]
+		}
+		if dict, ok := c[cweNum]; ok && dict.CweTopTwentyfive2019 != "" {
+			cweTop25Rank = dict.CweTopTwentyfive2019
+			cweTop25URL = cwe.CweTopTwentyfive2019URL
+		}
+		if dict, ok := c[cweNum]; ok && dict.SansTopTwentyfive != "" {
+			sansTop25Rank = dict.SansTopTwentyfive
+			sansTop25URL = cwe.SansTopTwentyfiveURL
+		}
+		url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID)
+		if dict, ok := cwe.CweDictEn[cweNum]; ok {
+			name = dict.Name
+		}
 	}
+	return
+}
+
+// CweDictEntry is a entry of CWE
+type CweDictEntry struct {
+	En                   *cwe.Cwe `json:"en,omitempty"`
+	Ja                   *cwe.Cwe `json:"ja,omitempty"`
+	OwaspTopTen2017      string   `json:"owaspTopTen2017"`
+	CweTopTwentyfive2019 string   `json:"cweTopTwentyfive2019"`
+	SansTopTwentyfive    string   `json:"sansTopTwentyfive"`
 }

 // Kernel has the Release, version and whether need restart
 type Kernel struct {
-	Release        string
-	Version        string
-	RebootRequired bool
+	Release        string `json:"release"`
+	Version        string `json:"version"`
+	RebootRequired bool   `json:"rebootRequired"`
 }

 // FilterByCvssOver is filter function.
@@ -76,28 +137,142 @@ func (r ScanResult) FilterByCvssOver(over float64) ScanResult {
 		}
 		return false
 	})
-
-	copiedScanResult := r
-	copiedScanResult.ScannedCves = filtered
-	return copiedScanResult
+	r.ScannedCves = filtered
+	return r
 }

 // FilterIgnoreCves is filter function.
-func (r ScanResult) FilterIgnoreCves(cveIDs []string) ScanResult {
+func (r ScanResult) FilterIgnoreCves() ScanResult {
+
+	ignoreCves := []string{}
+	if len(r.Container.Name) == 0 {
+		ignoreCves = config.Conf.Servers[r.ServerName].IgnoreCves
+	} else {
+		if s, ok := config.Conf.Servers[r.ServerName]; ok {
+			if con, ok := s.Containers[r.Container.Name]; ok {
+				ignoreCves = con.IgnoreCves
+			} else {
+				return r
+			}
+		} else {
+			util.Log.Errorf("%s is not found in config.toml",
+				r.ServerName)
+			return r
+		}
+	}
+
 	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
-		for _, c := range cveIDs {
+		for _, c := range ignoreCves {
 			if v.CveID == c {
 				return false
 			}
 		}
 		return true
 	})
-	copiedScanResult := r
-	copiedScanResult.ScannedCves = filtered
-	return copiedScanResult
+	r.ScannedCves = filtered
+	return r
 }

-// ReportFileName returns the filename on localhost without extention
+// FilterUnfixed is filter function.
+func (r ScanResult) FilterUnfixed() ScanResult {
+	if !config.Conf.IgnoreUnfixed {
+		return r
+	}
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		// Report cves detected by CPE because Vuls can't know 'fixed' or 'unfixed'
+		if len(v.CpeURIs) != 0 {
+			return true
+		}
+		NotFixedAll := true
+		for _, p := range v.AffectedPackages {
+			NotFixedAll = NotFixedAll && p.NotFixedYet
+		}
+		return !NotFixedAll
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// FilterIgnorePkgs is filter function.
+func (r ScanResult) FilterIgnorePkgs() ScanResult {
+	var ignorePkgsRegexps []string
+	if len(r.Container.Name) == 0 {
+		ignorePkgsRegexps = config.Conf.Servers[r.ServerName].IgnorePkgsRegexp
+	} else {
+		if s, ok := config.Conf.Servers[r.ServerName]; ok {
+			if con, ok := s.Containers[r.Container.Name]; ok {
+				ignorePkgsRegexps = con.IgnorePkgsRegexp
+			} else {
+				return r
+			}
+		} else {
+			util.Log.Errorf("%s is not found in config.toml",
+				r.ServerName)
+			return r
+		}
+	}
+
+	regexps := []*regexp.Regexp{}
+	for _, pkgRegexp := range ignorePkgsRegexps {
+		re, err := regexp.Compile(pkgRegexp)
+		if err != nil {
+			util.Log.Errorf("Faild to parse %s. err: %+v", pkgRegexp, err)
+			continue
+		} else {
+			regexps = append(regexps, re)
+		}
+	}
+	if len(regexps) == 0 {
+		return r
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		if len(v.AffectedPackages) == 0 {
+			return true
+		}
+		for _, p := range v.AffectedPackages {
+			match := false
+			for _, re := range regexps {
+				if re.MatchString(p.Name) {
+					match = true
+				}
+			}
+			if !match {
+				return true
+			}
+		}
+		return false
+	})
+
+	r.ScannedCves = filtered
+	return r
+}
+
+// FilterInactiveWordPressLibs is filter function.
+func (r ScanResult) FilterInactiveWordPressLibs() ScanResult {
+	if !config.Conf.Servers[r.ServerName].WordPress.IgnoreInactive {
+		return r
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		if len(v.WpPackageFixStats) == 0 {
+			return true
+		}
+		// Ignore if all libs in this vulnInfo inactive
+		for _, wp := range v.WpPackageFixStats {
+			if p, ok := r.WordPressPackages.Find(wp.Name); ok {
+				if p.Status != Inactive {
+					return true
+				}
+			}
+		}
+		return false
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// ReportFileName returns the filename on localhost without extension
 func (r ScanResult) ReportFileName() (name string) {
 	if len(r.Container.ContainerID) == 0 {
 		return fmt.Sprintf("%s", r.ServerName)
@@ -105,7 +280,7 @@ func (r ScanResult) ReportFileName() (name string) {
 	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
 }

-// ReportKeyName returns the name of key on S3, Azure-Blob without extention
+// ReportKeyName returns the name of key on S3, Azure-Blob without extension
 func (r ScanResult) ReportKeyName() (name string) {
 	timestr := r.ScannedAt.Format(time.RFC3339)
 	if len(r.Container.ContainerID) == 0 {
@@ -129,11 +304,14 @@ func (r ScanResult) ServerInfo() string {
 	)
 }

-// ServerInfoTui returns server infromation for TUI sidebar
+// ServerInfoTui returns server information for TUI sidebar
 func (r ScanResult) ServerInfoTui() string {
 	if len(r.Container.ContainerID) == 0 {
 		line := fmt.Sprintf("%s (%s%s)",
 			r.ServerName, r.Family, r.Release)
+		if len(r.Warnings) != 0 {
+			line = "[Warn] " + line
+		}
 		if r.RunningKernel.RebootRequired {
 			return "[Reboot] " + line
 		}
@@ -163,29 +341,134 @@ func (r ScanResult) FormatServerName() (name string) {

 // FormatTextReportHeadedr returns header of text report
 func (r ScanResult) FormatTextReportHeadedr() string {
-	serverInfo := r.ServerInfo()
 	var buf bytes.Buffer
-	for i := 0; i < len(serverInfo); i++ {
+	for i := 0; i < len(r.ServerInfo()); i++ {
 		buf.WriteString("=")
 	}
-	return fmt.Sprintf("%s\n%s\n%s\t%s\n",
+
+	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s, %s\n",
 		r.ServerInfo(),
 		buf.String(),
 		r.ScannedCves.FormatCveSummary(),
-		r.Packages.FormatUpdatablePacksSummary(),
+		r.ScannedCves.FormatFixedStatus(r.Packages),
+		r.FormatUpdatablePacksSummary(),
+		r.FormatExploitCveSummary(),
+		r.FormatMetasploitCveSummary(),
+		r.FormatAlertSummary(),
 	)
 }

+// FormatUpdatablePacksSummary returns a summary of updatable packages
+func (r ScanResult) FormatUpdatablePacksSummary() string {
+	if !r.isDisplayUpdatableNum() {
+		return fmt.Sprintf("%d installed", len(r.Packages))
+	}
+
+	nUpdatable := 0
+	for _, p := range r.Packages {
+		if p.NewVersion == "" {
+			continue
+		}
+		if p.Version != p.NewVersion || p.Release != p.NewRelease {
+			nUpdatable++
+		}
+	}
+	return fmt.Sprintf("%d installed, %d updatable",
+		len(r.Packages),
+		nUpdatable)
+}
+
+// FormatExploitCveSummary returns a summary of exploit cve
+func (r ScanResult) FormatExploitCveSummary() string {
+	nExploitCve := 0
+	for _, vuln := range r.ScannedCves {
+		if 0 < len(vuln.Exploits) {
+			nExploitCve++
+		}
+	}
+	return fmt.Sprintf("%d exploits", nExploitCve)
+}
+
+// FormatMetasploitCveSummary returns a summary of exploit cve
+func (r ScanResult) FormatMetasploitCveSummary() string {
+	nMetasploitCve := 0
+	for _, vuln := range r.ScannedCves {
+		if 0 < len(vuln.Metasploits) {
+			nMetasploitCve++
+		}
+	}
+	return fmt.Sprintf("%d modules", nMetasploitCve)
+}
+
+// FormatAlertSummary returns a summary of XCERT alerts
+func (r ScanResult) FormatAlertSummary() string {
+	jaCnt := 0
+	enCnt := 0
+	for _, vuln := range r.ScannedCves {
+		if len(vuln.AlertDict.En) > 0 {
+			enCnt += len(vuln.AlertDict.En)
+		}
+		if len(vuln.AlertDict.Ja) > 0 {
+			jaCnt += len(vuln.AlertDict.Ja)
+		}
+	}
+	return fmt.Sprintf("en: %d, ja: %d alerts", enCnt, jaCnt)
+}
+
+func (r ScanResult) isDisplayUpdatableNum() bool {
+	var mode config.ScanMode
+	s, _ := config.Conf.Servers[r.ServerName]
+	mode = s.Mode
+
+	if mode.IsOffline() {
+		return false
+	}
+	if mode.IsFastRoot() || mode.IsDeep() {
+		return true
+	}
+	if mode.IsFast() {
+		switch r.Family {
+		case config.RedHat,
+			config.Oracle,
+			config.Debian,
+			config.Ubuntu,
+			config.Raspbian:
+			return false
+		default:
+			return true
+		}
+	}
+	return false
+}
+
+// IsContainer returns whether this ServerInfo is about container
+func (r ScanResult) IsContainer() bool {
+	return 0 < len(r.Container.ContainerID)
+}
+
+// IsDeepScanMode checks if the scan mode is deep scan mode.
+func (r ScanResult) IsDeepScanMode() bool {
+	for _, s := range r.Config.Scan.Servers {
+		for _, m := range s.ScanMode {
+			if m == "deep" {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 // Container has Container information
 type Container struct {
-	ContainerID string
-	Name        string
-	Image       string
-	Type        string
+	ContainerID string `json:"containerID"`
+	Name        string `json:"name"`
+	Image       string `json:"image"`
+	Type        string `json:"type"`
+	UUID        string `json:"uuid"`
 }

 // Platform has platform information
 type Platform struct {
-	Name       string // aws or azure or gcp or other...
-	InstanceID string
+	Name       string `json:"name"` // aws or azure or gcp or other...
+	InstanceID string `json:"instanceID"`
 }
--- a/models/scanresults_test.go
+++ b/models/scanresults_test.go
@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package models

 import (
@@ -21,6 +5,7 @@ import (
 	"testing"
 	"time"

+	"github.com/future-architect/vuls/config"
 	"github.com/k0kubun/pp"
 )

@@ -42,7 +27,7 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0001",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         NVD,
+									Type:         NvdXML,
 									CveID:        "CVE-2017-0001",
 									Cvss2Score:   7.1,
 									LastModified: time.Time{},
@@ -53,7 +38,7 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0002",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         NVD,
+									Type:         NvdXML,
 									CveID:        "CVE-2017-0002",
 									Cvss2Score:   6.9,
 									LastModified: time.Time{},
@@ -64,13 +49,13 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0003",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         NVD,
+									Type:         NvdXML,
 									CveID:        "CVE-2017-0003",
 									Cvss2Score:   6.9,
 									LastModified: time.Time{},
 								},
 								CveContent{
-									Type:         JVN,
+									Type:         Jvn,
 									CveID:        "CVE-2017-0003",
 									Cvss2Score:   7.2,
 									LastModified: time.Time{},
@@ -86,7 +71,7 @@ func TestFilterByCvssOver(t *testing.T) {
 						CveID: "CVE-2017-0001",
 						CveContents: NewCveContents(
 							CveContent{
-								Type:         NVD,
+								Type:         NvdXML,
 								CveID:        "CVE-2017-0001",
 								Cvss2Score:   7.1,
 								LastModified: time.Time{},
@@ -97,13 +82,13 @@ func TestFilterByCvssOver(t *testing.T) {
 						CveID: "CVE-2017-0003",
 						CveContents: NewCveContents(
 							CveContent{
-								Type:         NVD,
+								Type:         NvdXML,
 								CveID:        "CVE-2017-0003",
 								Cvss2Score:   6.9,
 								LastModified: time.Time{},
 							},
 							CveContent{
-								Type:         JVN,
+								Type:         Jvn,
 								CveID:        "CVE-2017-0003",
 								Cvss2Score:   7.2,
 								LastModified: time.Time{},
@@ -123,10 +108,10 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0001",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         Ubuntu,
-									CveID:        "CVE-2017-0001",
-									Severity:     "HIGH",
-									LastModified: time.Time{},
+									Type:          Ubuntu,
+									CveID:         "CVE-2017-0001",
+									Cvss2Severity: "HIGH",
+									LastModified:  time.Time{},
 								},
 							),
 						},
@@ -134,10 +119,10 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0002",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         RedHat,
-									CveID:        "CVE-2017-0002",
-									Severity:     "CRITICAL",
-									LastModified: time.Time{},
+									Type:          RedHat,
+									CveID:         "CVE-2017-0002",
+									Cvss2Severity: "CRITICAL",
+									LastModified:  time.Time{},
 								},
 							),
 						},
@@ -145,10 +130,10 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0003",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         Oracle,
-									CveID:        "CVE-2017-0003",
-									Severity:     "IMPORTANT",
-									LastModified: time.Time{},
+									Type:          Oracle,
+									CveID:         "CVE-2017-0003",
+									Cvss2Severity: "IMPORTANT",
+									LastModified:  time.Time{},
 								},
 							),
 						},
@@ -161,10 +146,10 @@ func TestFilterByCvssOver(t *testing.T) {
 						CveID: "CVE-2017-0001",
 						CveContents: NewCveContents(
 							CveContent{
-								Type:         Ubuntu,
-								CveID:        "CVE-2017-0001",
-								Severity:     "HIGH",
-								LastModified: time.Time{},
+								Type:          Ubuntu,
+								CveID:         "CVE-2017-0001",
+								Cvss2Severity: "HIGH",
+								LastModified:  time.Time{},
 							},
 						),
 					},
@@ -172,10 +157,10 @@ func TestFilterByCvssOver(t *testing.T) {
 						CveID: "CVE-2017-0002",
 						CveContents: NewCveContents(
 							CveContent{
-								Type:         RedHat,
-								CveID:        "CVE-2017-0002",
-								Severity:     "CRITICAL",
-								LastModified: time.Time{},
+								Type:          RedHat,
+								CveID:         "CVE-2017-0002",
+								Cvss2Severity: "CRITICAL",
+								LastModified:  time.Time{},
 							},
 						),
 					},
@@ -183,10 +168,10 @@ func TestFilterByCvssOver(t *testing.T) {
 						CveID: "CVE-2017-0003",
 						CveContents: NewCveContents(
 							CveContent{
-								Type:         Oracle,
-								CveID:        "CVE-2017-0003",
-								Severity:     "IMPORTANT",
-								LastModified: time.Time{},
+								Type:          Oracle,
+								CveID:         "CVE-2017-0003",
+								Cvss2Severity: "IMPORTANT",
+								LastModified:  time.Time{},
 							},
 						),
 					},
@@ -205,7 +190,6 @@ func TestFilterByCvssOver(t *testing.T) {
 		}
 	}
 }
-
 func TestFilterIgnoreCveIDs(t *testing.T) {
 	type in struct {
 		cves []string
@@ -219,6 +203,7 @@ func TestFilterIgnoreCveIDs(t *testing.T) {
 			in: in{
 				cves: []string{"CVE-2017-0002"},
 				rs: ScanResult{
+					ServerName: "name",
 					ScannedCves: VulnInfos{
 						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
@@ -233,6 +218,7 @@ func TestFilterIgnoreCveIDs(t *testing.T) {
 				},
 			},
 			out: ScanResult{
+				ServerName: "name",
 				ScannedCves: VulnInfos{
 					"CVE-2017-0001": {
 						CveID: "CVE-2017-0001",
@@ -245,7 +231,10 @@ func TestFilterIgnoreCveIDs(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		actual := tt.in.rs.FilterIgnoreCves(tt.in.cves)
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {IgnoreCves: tt.in.cves},
+		}
+		actual := tt.in.rs.FilterIgnoreCves()
 		for k := range tt.out.ScannedCves {
 			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
 				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
@@ -253,5 +242,481 @@ func TestFilterIgnoreCveIDs(t *testing.T) {
 				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
 			}
 		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterIgnoreCveIDsContainer(t *testing.T) {
+	type in struct {
+		cves []string
+		rs   ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				cves: []string{"CVE-2017-0002"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+						"CVE-2017-0003": {
+							CveID: "CVE-2017-0003",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {
+				Containers: map[string]config.ContainerSetting{
+					"dockerA": {
+						IgnoreCves: tt.in.cves,
+					},
+				},
+			},
+		}
+		actual := tt.in.rs.FilterIgnoreCves()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterUnfixed(t *testing.T) {
+	var tests = []struct {
+		in  ScanResult
+		out ScanResult
+	}{
+		{
+			in: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageFixStatuses{
+							{
+								Name:        "a",
+								NotFixedYet: true,
+							},
+						},
+					},
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+						AffectedPackages: PackageFixStatuses{
+							{
+								Name:        "b",
+								NotFixedYet: false,
+							},
+						},
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						AffectedPackages: PackageFixStatuses{
+							{
+								Name:        "c",
+								NotFixedYet: true,
+							},
+							{
+								Name:        "d",
+								NotFixedYet: false,
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+						AffectedPackages: PackageFixStatuses{
+							{
+								Name:        "b",
+								NotFixedYet: false,
+							},
+						},
+					},
+					"CVE-2017-0003": {
+						CveID: "CVE-2017-0003",
+						AffectedPackages: PackageFixStatuses{
+							{
+								Name:        "c",
+								NotFixedYet: true,
+							},
+							{
+								Name:        "d",
+								NotFixedYet: false,
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	for i, tt := range tests {
+		config.Conf.IgnoreUnfixed = true
+		actual := tt.in.FilterUnfixed()
+		if !reflect.DeepEqual(tt.out.ScannedCves, actual.ScannedCves) {
+			o := pp.Sprintf("%v", tt.out.ScannedCves)
+			a := pp.Sprintf("%v", actual.ScannedCves)
+			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, o, a)
+		}
+	}
+}
+
+func TestFilterIgnorePkgs(t *testing.T) {
+	type in struct {
+		ignorePkgsRegexp []string
+		rs               ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageFixStatuses{
+								{Name: "kernel"},
+							},
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageFixStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageFixStatuses{
+							{Name: "kernel"},
+							{Name: "vim"},
+						},
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel", "^vim", "^bind"},
+				rs: ScanResult{
+					ServerName: "name",
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageFixStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName:  "name",
+				ScannedCves: VulnInfos{},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {IgnorePkgsRegexp: tt.in.ignorePkgsRegexp},
+		}
+		actual := tt.in.rs.FilterIgnorePkgs()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestFilterIgnorePkgsContainer(t *testing.T) {
+	type in struct {
+		ignorePkgsRegexp []string
+		rs               ScanResult
+	}
+	var tests = []struct {
+		in  in
+		out ScanResult
+	}{
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageFixStatuses{
+								{Name: "kernel"},
+							},
+						},
+						"CVE-2017-0002": {
+							CveID: "CVE-2017-0002",
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0002": {
+						CveID: "CVE-2017-0002",
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageFixStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName: "name",
+				Container:  Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{
+					"CVE-2017-0001": {
+						CveID: "CVE-2017-0001",
+						AffectedPackages: PackageFixStatuses{
+							{Name: "kernel"},
+							{Name: "vim"},
+						},
+					},
+				},
+			},
+		},
+		{
+			in: in{
+				ignorePkgsRegexp: []string{"^kernel", "^vim", "^bind"},
+				rs: ScanResult{
+					ServerName: "name",
+					Container:  Container{Name: "dockerA"},
+					ScannedCves: VulnInfos{
+						"CVE-2017-0001": {
+							CveID: "CVE-2017-0001",
+							AffectedPackages: PackageFixStatuses{
+								{Name: "kernel"},
+								{Name: "vim"},
+							},
+						},
+					},
+				},
+			},
+			out: ScanResult{
+				ServerName:  "name",
+				Container:   Container{Name: "dockerA"},
+				ScannedCves: VulnInfos{},
+			},
+		},
+	}
+	for _, tt := range tests {
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {
+				Containers: map[string]config.ContainerSetting{
+					"dockerA": {
+						IgnorePkgsRegexp: tt.in.ignorePkgsRegexp,
+					},
+				},
+			},
+		}
+		actual := tt.in.rs.FilterIgnorePkgs()
+		for k := range tt.out.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+		for k := range actual.ScannedCves {
+			if !reflect.DeepEqual(tt.out.ScannedCves[k], actual.ScannedCves[k]) {
+				o := pp.Sprintf("%v", tt.out.ScannedCves[k])
+				a := pp.Sprintf("%v", actual.ScannedCves[k])
+				t.Errorf("[%s] expected: %v\n  actual: %v\n", k, o, a)
+			}
+		}
+	}
+}
+
+func TestIsDisplayUpdatableNum(t *testing.T) {
+	var tests = []struct {
+		mode     []byte
+		family   string
+		expected bool
+	}{
+		{
+			mode:     []byte{config.Offline},
+			expected: false,
+		},
+		{
+			mode:     []byte{config.FastRoot},
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Deep},
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.RedHat,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Oracle,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Debian,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Ubuntu,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Raspbian,
+			expected: false,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.CentOS,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Amazon,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.FreeBSD,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.OpenSUSE,
+			expected: true,
+		},
+		{
+			mode:     []byte{config.Fast},
+			family:   config.Alpine,
+			expected: true,
+		},
+	}
+
+	for i, tt := range tests {
+		mode := config.ScanMode{}
+		for _, m := range tt.mode {
+			mode.Set(m)
+		}
+		config.Conf.Servers = map[string]config.ServerInfo{
+			"name": {Mode: mode},
+		}
+		r := ScanResult{
+			ServerName: "name",
+			Family:     tt.family,
+		}
+		act := r.isDisplayUpdatableNum()
+		if tt.expected != act {
+			t.Errorf("[%d] expected %#v, actual %#v", i, tt.expected, act)
+		}
 	}
 }
--- a/models/utils.go
+++ b/models/utils.go
@@ -1,92 +1,23 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models

 import (
-	"fmt"
 	"strings"

 	cvedict "github.com/kotakanbe/go-cve-dictionary/models"
 )

-// ConvertNvdToModel convert NVD to CveContent
-func ConvertNvdToModel(cveID string, nvd cvedict.Nvd) *CveContent {
-	var cpes []Cpe
-	for _, c := range nvd.Cpes {
-		cpes = append(cpes, Cpe{CpeName: c.CpeName})
-	}
-
-	var refs []Reference
-	for _, r := range nvd.References {
-		refs = append(refs, Reference{
-			Link:   r.Link,
-			Source: r.Source,
-		})
-	}
-
-	validVec := true
-	for _, v := range []string{
-		nvd.AccessVector,
-		nvd.AccessComplexity,
-		nvd.Authentication,
-		nvd.ConfidentialityImpact,
-		nvd.IntegrityImpact,
-		nvd.AvailabilityImpact,
-	} {
-		if len(v) == 0 {
-			validVec = false
-		}
-	}
-
-	vector := ""
-	if validVec {
-		vector = fmt.Sprintf("AV:%s/AC:%s/Au:%s/C:%s/I:%s/A:%s",
-			string(nvd.AccessVector[0]),
-			string(nvd.AccessComplexity[0]),
-			string(nvd.Authentication[0]),
-			string(nvd.ConfidentialityImpact[0]),
-			string(nvd.IntegrityImpact[0]),
-			string(nvd.AvailabilityImpact[0]))
-	}
-
-	//TODO CVSSv3
-	return &CveContent{
-		Type:         NVD,
-		CveID:        cveID,
-		Summary:      nvd.Summary,
-		Cvss2Score:   nvd.Score,
-		Cvss2Vector:  vector,
-		Severity:     "", // severity is not contained in NVD
-		SourceLink:   "https://nvd.nist.gov/vuln/detail/" + cveID,
-		Cpes:         cpes,
-		CweID:        nvd.CweID,
-		References:   refs,
-		Published:    nvd.PublishedDate,
-		LastModified: nvd.LastModifiedDate,
-	}
-}
-
 // ConvertJvnToModel convert JVN to CveContent
-func ConvertJvnToModel(cveID string, jvn cvedict.Jvn) *CveContent {
-	var cpes []Cpe
-	for _, c := range jvn.Cpes {
-		cpes = append(cpes, Cpe{CpeName: c.CpeName})
+func ConvertJvnToModel(cveID string, jvn *cvedict.Jvn) *CveContent {
+	if jvn == nil {
+		return nil
 	}
+	// var cpes = []Cpe{}
+	// for _, c := range jvn.Cpes {
+	// 	cpes = append(cpes, Cpe{
+	// 		FormattedString: c.FormattedString,
+	// 		URI:             c.URI,
+	// 	})
+	// }

 	refs := []Reference{}
 	for _, r := range jvn.References {
@@ -96,19 +27,71 @@ func ConvertJvnToModel(cveID string, jvn cvedict.Jvn) *CveContent {
 		})
 	}

-	vector := strings.TrimSuffix(strings.TrimPrefix(jvn.Vector, "("), ")")
 	return &CveContent{
-		Type:         JVN,
-		CveID:        cveID,
-		Title:        jvn.Title,
-		Summary:      jvn.Summary,
-		Severity:     jvn.Severity,
-		Cvss2Score:   jvn.Score,
-		Cvss2Vector:  vector,
-		SourceLink:   jvn.JvnLink,
-		Cpes:         cpes,
+		Type:          Jvn,
+		CveID:         cveID,
+		Title:         jvn.Title,
+		Summary:       jvn.Summary,
+		Cvss2Score:    jvn.Cvss2.BaseScore,
+		Cvss2Vector:   jvn.Cvss2.VectorString,
+		Cvss2Severity: jvn.Cvss2.Severity,
+		Cvss3Score:    jvn.Cvss3.BaseScore,
+		Cvss3Vector:   jvn.Cvss3.VectorString,
+		Cvss3Severity: jvn.Cvss3.BaseSeverity,
+		SourceLink:    jvn.JvnLink,
+		// Cpes:          cpes,
 		References:   refs,
 		Published:    jvn.PublishedDate,
 		LastModified: jvn.LastModifiedDate,
 	}
 }
+
+// ConvertNvdJSONToModel convert NVD to CveContent
+func ConvertNvdJSONToModel(cveID string, nvd *cvedict.NvdJSON) *CveContent {
+	if nvd == nil {
+		return nil
+	}
+	// var cpes = []Cpe{}
+	// for _, c := range nvd.Cpes {
+	// 	cpes = append(cpes, Cpe{
+	// 		FormattedString: c.FormattedString,
+	// 		URI:             c.URI,
+	// 	})
+	// }
+
+	var refs = []Reference{}
+	for _, r := range nvd.References {
+		refs = append(refs, Reference{
+			Link:   r.Link,
+			Source: r.Source,
+		})
+	}
+
+	cweIDs := []string{}
+	for _, cid := range nvd.Cwes {
+		cweIDs = append(cweIDs, cid.CweID)
+	}
+
+	desc := []string{}
+	for _, d := range nvd.Descriptions {
+		desc = append(desc, d.Value)
+	}
+
+	return &CveContent{
+		Type:          Nvd,
+		CveID:         cveID,
+		Summary:       strings.Join(desc, "\n"),
+		Cvss2Score:    nvd.Cvss2.BaseScore,
+		Cvss2Vector:   nvd.Cvss2.VectorString,
+		Cvss2Severity: nvd.Cvss2.Severity,
+		Cvss3Score:    nvd.Cvss3.BaseScore,
+		Cvss3Vector:   nvd.Cvss3.VectorString,
+		Cvss3Severity: nvd.Cvss3.BaseSeverity,
+		SourceLink:    "https://nvd.nist.gov/vuln/detail/" + cveID,
+		// Cpes:          cpes,
+		CweIDs:       cweIDs,
+		References:   refs,
+		Published:    nvd.PublishedDate,
+		LastModified: nvd.LastModifiedDate,
+	}
+}
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models

 import (
@@ -25,6 +8,7 @@ import (
 	"time"

 	"github.com/future-architect/vuls/config"
+	exploitmodels "github.com/mozqnet/go-exploitdb/models"
 )

 // VulnInfos has a map of VulnInfo
@@ -104,43 +88,166 @@ func (v VulnInfos) FormatCveSummary() string {
 		m["High"], m["Medium"], m["Low"], m["Unknown"])
 }

-// PackageStatuses is a list of PackageStatus
-type PackageStatuses []PackageStatus
+// FormatFixedStatus summarize the number of cves are fixed.
+func (v VulnInfos) FormatFixedStatus(packs Packages) string {
+	total, fixed := 0, 0
+	for _, vInfo := range v {
+		if len(vInfo.CpeURIs) != 0 {
+			continue
+		}
+		total++
+		if vInfo.PatchStatus(packs) == "fixed" {
+			fixed++
+		}
+	}
+	return fmt.Sprintf("%d/%d Fixed", fixed, total)
+}
+
+// PackageFixStatuses is a list of PackageStatus
+type PackageFixStatuses []PackageFixStatus
+
+// Names return a slice of package names
+func (ps PackageFixStatuses) Names() (names []string) {
+	for _, p := range ps {
+		names = append(names, p.Name)
+	}
+	return names
+}
+
+// Store insert given pkg if missing, update pkg if exists
+func (ps PackageFixStatuses) Store(pkg PackageFixStatus) PackageFixStatuses {
+	for i, p := range ps {
+		if p.Name == pkg.Name {
+			ps[i] = pkg
+			return ps
+		}
+	}
+	ps = append(ps, pkg)
+	return ps
+}

 // Sort by Name
-func (p PackageStatuses) Sort() {
-	sort.Slice(p, func(i, j int) bool {
-		return p[i].Name < p[j].Name
+func (ps PackageFixStatuses) Sort() {
+	sort.Slice(ps, func(i, j int) bool {
+		return ps[i].Name < ps[j].Name
 	})
 	return
 }

-// PackageStatus has name and other status abount the package
-type PackageStatus struct {
-	Name        string
-	NotFixedYet bool
+// PackageFixStatus has name and other status abount the package
+type PackageFixStatus struct {
+	Name        string `json:"name,omitempty"`
+	NotFixedYet bool   `json:"notFixedYet,omitempty"`
+	FixState    string `json:"fixState,omitempty"`
+	FixedIn     string `json:"fixedIn,omitempty"`
 }

 // VulnInfo has a vulnerability information and unsecure packages
 type VulnInfo struct {
-	CveID            string
-	Confidence       Confidence
-	AffectedPackages PackageStatuses
-	DistroAdvisories []DistroAdvisory // for Aamazon, RHEL, FreeBSD
-	CpeNames         []string
-	CveContents      CveContents
+	CveID                string               `json:"cveID,omitempty"`
+	Confidences          Confidences          `json:"confidences,omitempty"`
+	AffectedPackages     PackageFixStatuses   `json:"affectedPackages,omitempty"`
+	DistroAdvisories     DistroAdvisories     `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
+	CveContents          CveContents          `json:"cveContents,omitempty"`
+	Exploits             []Exploit            `json:"exploits,omitempty"`
+	Metasploits          []Metasploit         `json:"metasploits,omitempty"`
+	AlertDict            AlertDict            `json:"alertDict,omitempty"`
+	CpeURIs              []string             `json:"cpeURIs,omitempty"` // CpeURIs related to this CVE defined in config.toml
+	GitHubSecurityAlerts GitHubSecurityAlerts `json:"gitHubSecurityAlerts,omitempty"`
+	WpPackageFixStats    WpPackageFixStats    `json:"wpPackageFixStats,omitempty"`
+	LibraryFixedIns      LibraryFixedIns      `json:"libraryFixedIns,omitempty"`
+
+	VulnType string `json:"vulnType,omitempty"`
+}
+
+// Alert has XCERT alert information
+type Alert struct {
+	URL   string `json:"url,omitempty"`
+	Title string `json:"title,omitempty"`
+	Team  string `json:"team,omitempty"`
+}
+
+// GitHubSecurityAlerts is a list of GitHubSecurityAlert
+type GitHubSecurityAlerts []GitHubSecurityAlert
+
+// Add adds given arg to the slice and return the slice (immutable)
+func (g GitHubSecurityAlerts) Add(alert GitHubSecurityAlert) GitHubSecurityAlerts {
+	for _, a := range g {
+		if a.PackageName == alert.PackageName {
+			return g
+		}
+	}
+	return append(g, alert)
+}
+
+// Names return a slice of lib names
+func (g GitHubSecurityAlerts) Names() (names []string) {
+	for _, a := range g {
+		names = append(names, a.PackageName)
+	}
+	return names
+}
+
+// GitHubSecurityAlert has detected CVE-ID, PackageName, Status fetched via GitHub API
+type GitHubSecurityAlert struct {
+	PackageName   string    `json:"packageName"`
+	FixedIn       string    `json:"fixedIn"`
+	AffectedRange string    `json:"affectedRange"`
+	Dismissed     bool      `json:"dismissed"`
+	DismissedAt   time.Time `json:"dismissedAt"`
+	DismissReason string    `json:"dismissReason"`
+}
+
+// LibraryFixedIns is a list of Library's FixedIn
+type LibraryFixedIns []LibraryFixedIn
+
+// Names return a slice of names
+func (lfs LibraryFixedIns) Names() (names []string) {
+	for _, lf := range lfs {
+		names = append(names, lf.Name)
+	}
+	return names
+}
+
+// WpPackageFixStats is a list of WpPackageFixStatus
+type WpPackageFixStats []WpPackageFixStatus
+
+// Names return a slice of names
+func (ws WpPackageFixStats) Names() (names []string) {
+	for _, w := range ws {
+		names = append(names, w.Name)
+	}
+	return names
+}
+
+// WpPackages has a list of WpPackage
+type WpPackages []WpPackage
+
+// Add adds given arg to the slice and return the slice (immutable)
+func (g WpPackages) Add(pkg WpPackage) WpPackages {
+	for _, a := range g {
+		if a.Name == pkg.Name {
+			return g
+		}
+	}
+	return append(g, pkg)
 }

 // Titles returns tilte (TUI)
 func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) {
 	if lang == "ja" {
-		if cont, found := v.CveContents[JVN]; found && 0 < len(cont.Title) {
-			values = append(values, CveContentStr{JVN, cont.Title})
+		if cont, found := v.CveContents[Jvn]; found && 0 < len(cont.Title) {
+			values = append(values, CveContentStr{Jvn, cont.Title})
 		}
 	}

-	order := CveContentTypes{NVD, NewCveContentType(myFamily)}
-	order = append(order, AllCveContetTypes.Except(append(order, JVN)...)...)
+	// RedHat API has one line title.
+	if cont, found := v.CveContents[RedHatAPI]; found && 0 < len(cont.Title) {
+		values = append(values, CveContentStr{RedHatAPI, cont.Title})
+	}
+
+	order := CveContentTypes{Trivy, Nvd, NvdXML, NewCveContentType(myFamily)}
+	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
 	for _, ctype := range order {
 		// Only JVN has meaningful title. so return first 100 char of summary
 		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) {
@@ -171,16 +278,16 @@ func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) {
 // Summaries returns summaries
 func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
 	if lang == "ja" {
-		if cont, found := v.CveContents[JVN]; found && 0 < len(cont.Summary) {
+		if cont, found := v.CveContents[Jvn]; found && 0 < len(cont.Summary) {
 			summary := cont.Title
 			summary += "\n" + strings.Replace(
 				strings.Replace(cont.Summary, "\n", " ", -1), "\r", " ", -1)
-			values = append(values, CveContentStr{JVN, summary})
+			values = append(values, CveContentStr{Jvn, summary})
 		}
 	}

-	order := CveContentTypes{NVD, NewCveContentType(myFamily)}
-	order = append(order, AllCveContetTypes.Except(append(order, JVN)...)...)
+	order := CveContentTypes{Trivy, NewCveContentType(myFamily), Nvd, NvdXML}
+	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
 	for _, ctype := range order {
 		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) {
 			summary := strings.Replace(cont.Summary, "\n", " ", -1)
@@ -198,6 +305,13 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
 		})
 	}

+	if v, ok := v.CveContents[WPVulnDB]; ok {
+		values = append(values, CveContentStr{
+			Type:  "WPVDB",
+			Value: v.Title,
+		})
+	}
+
 	if len(values) == 0 {
 		return []CveContentStr{{
 			Type:  Unknown,
@@ -208,23 +322,46 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
 	return
 }

-// Cvss2Scores returns CVSS V2 Scores
-func (v VulnInfo) Cvss2Scores() (values []CveContentCvss) {
-	order := []CveContentType{NVD, RedHat, JVN}
+// Mitigations returns mitigations
+func (v VulnInfo) Mitigations(myFamily string) (values []CveContentStr) {
+	order := CveContentTypes{RedHatAPI}
 	for _, ctype := range order {
-		if cont, found := v.CveContents[ctype]; found && 0 < cont.Cvss2Score {
-			// https://nvd.nist.gov/vuln-metrics/cvss
-			sev := cont.Severity
-			if ctype == NVD {
-				sev = cvss2ScoreToSeverity(cont.Cvss2Score)
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Mitigation) {
+			values = append(values, CveContentStr{
+				Type:  ctype,
+				Value: cont.Mitigation,
+			})
+		}
+	}
+
+	if len(values) == 0 {
+		return []CveContentStr{{
+			Type:  Unknown,
+			Value: "-",
+		}}
+	}
+	return
+}
+
+// Cvss2Scores returns CVSS V2 Scores
+func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
+	order := []CveContentType{Nvd, NvdXML, RedHatAPI, RedHat, Jvn}
+	if myFamily != config.RedHat && myFamily != config.CentOS {
+		order = append(order, NewCveContentType(myFamily))
+	}
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found {
+			if cont.Cvss2Score == 0 || cont.Cvss2Severity == "" {
+				continue
 			}
+			// https://nvd.nist.gov/vuln-metrics/cvss
 			values = append(values, CveContentCvss{
 				Type: ctype,
 				Value: Cvss{
 					Type:     CVSS2,
 					Score:    cont.Cvss2Score,
 					Vector:   cont.Cvss2Vector,
-					Severity: strings.ToUpper(sev),
+					Severity: strings.ToUpper(cont.Cvss2Severity),
 				},
 			})
 		}
@@ -233,7 +370,7 @@ func (v VulnInfo) Cvss2Scores() (values []CveContentCvss) {
 	for _, adv := range v.DistroAdvisories {
 		if adv.Severity != "" {
 			values = append(values, CveContentCvss{
-				Type: "Vendor",
+				Type: "Advisory",
 				Value: Cvss{
 					Type:                 CVSS2,
 					Score:                severityToV2ScoreRoughly(adv.Severity),
@@ -245,35 +382,66 @@ func (v VulnInfo) Cvss2Scores() (values []CveContentCvss) {
 		}
 	}

+	// An OVAL entry in Ubuntu and Debian has only severity (CVSS score isn't included).
+	// Show severity and dummy score calculated roughly.
+	order = append(order, AllCveContetTypes.Except(order...)...)
+	for _, ctype := range order {
+		if cont, found := v.CveContents[ctype]; found &&
+			cont.Cvss2Score == 0 &&
+			cont.Cvss3Score == 0 &&
+			cont.Cvss2Severity != "" {
+
+			values = append(values, CveContentCvss{
+				Type: cont.Type,
+				Value: Cvss{
+					Type:                 CVSS2,
+					Score:                severityToV2ScoreRoughly(cont.Cvss2Severity),
+					CalculatedBySeverity: true,
+					Vector:               "-",
+					Severity:             strings.ToUpper(cont.Cvss2Severity),
+				},
+			})
+		}
+	}
+
 	return
 }

 // Cvss3Scores returns CVSS V3 Score
 func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
-	// TODO implement NVD
-	order := []CveContentType{RedHat}
+	order := []CveContentType{Nvd, RedHatAPI, RedHat, Jvn}
 	for _, ctype := range order {
-		if cont, found := v.CveContents[ctype]; found && 0 < cont.Cvss3Score {
+		if cont, found := v.CveContents[ctype]; found {
 			// https://nvd.nist.gov/vuln-metrics/cvss
-			sev := cont.Severity
 			values = append(values, CveContentCvss{
 				Type: ctype,
 				Value: Cvss{
 					Type:     CVSS3,
 					Score:    cont.Cvss3Score,
 					Vector:   cont.Cvss3Vector,
-					Severity: strings.ToUpper(sev),
+					Severity: strings.ToUpper(cont.Cvss3Severity),
 				},
 			})
 		}
 	}
+
+	if cont, found := v.CveContents[Trivy]; found && cont.Cvss3Severity != "" {
+		values = append(values, CveContentCvss{
+			Type: Trivy,
+			Value: Cvss{
+				Type:     CVSS3,
+				Score:    severityToV2ScoreRoughly(cont.Cvss3Severity),
+				Severity: strings.ToUpper(cont.Cvss3Severity),
+			},
+		})
+	}
+
 	return
 }

 // MaxCvss3Score returns Max CVSS V3 Score
 func (v VulnInfo) MaxCvss3Score() CveContentCvss {
-	// TODO implement NVD
-	order := []CveContentType{RedHat}
+	order := []CveContentType{Nvd, RedHat, RedHatAPI, Jvn}
 	max := 0.0
 	value := CveContentCvss{
 		Type:  Unknown,
@@ -282,14 +450,13 @@ func (v VulnInfo) MaxCvss3Score() CveContentCvss {
 	for _, ctype := range order {
 		if cont, found := v.CveContents[ctype]; found && max < cont.Cvss3Score {
 			// https://nvd.nist.gov/vuln-metrics/cvss
-			sev := cont.Severity
 			value = CveContentCvss{
 				Type: ctype,
 				Value: Cvss{
 					Type:     CVSS3,
 					Score:    cont.Cvss3Score,
 					Vector:   cont.Cvss3Vector,
-					Severity: sev,
+					Severity: strings.ToUpper(cont.Cvss3Severity),
 				},
 			}
 			max = cont.Cvss3Score
@@ -316,7 +483,7 @@ func (v VulnInfo) MaxCvssScore() CveContentCvss {

 // MaxCvss2Score returns Max CVSS V2 Score
 func (v VulnInfo) MaxCvss2Score() CveContentCvss {
-	order := []CveContentType{NVD, RedHat, JVN}
+	order := []CveContentType{Nvd, NvdXML, RedHat, RedHatAPI, Jvn}
 	max := 0.0
 	value := CveContentCvss{
 		Type:  Unknown,
@@ -325,17 +492,13 @@ func (v VulnInfo) MaxCvss2Score() CveContentCvss {
 	for _, ctype := range order {
 		if cont, found := v.CveContents[ctype]; found && max < cont.Cvss2Score {
 			// https://nvd.nist.gov/vuln-metrics/cvss
-			sev := cont.Severity
-			if ctype == NVD {
-				sev = cvss2ScoreToSeverity(cont.Cvss2Score)
-			}
 			value = CveContentCvss{
 				Type: ctype,
 				Value: Cvss{
 					Type:     CVSS2,
 					Score:    cont.Cvss2Score,
 					Vector:   cont.Cvss2Vector,
-					Severity: sev,
+					Severity: strings.ToUpper(cont.Cvss2Severity),
 				},
 			}
 			max = cont.Cvss2Score
@@ -350,8 +513,8 @@ func (v VulnInfo) MaxCvss2Score() CveContentCvss {
 	// Only Ubuntu, RedHat and Oracle have severity data in OVAL.
 	order = []CveContentType{Ubuntu, RedHat, Oracle}
 	for _, ctype := range order {
-		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Severity) {
-			score := severityToV2ScoreRoughly(cont.Severity)
+		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Cvss2Severity) {
+			score := severityToV2ScoreRoughly(cont.Cvss2Severity)
 			if max < score {
 				value = CveContentCvss{
 					Type: ctype,
@@ -360,7 +523,7 @@ func (v VulnInfo) MaxCvss2Score() CveContentCvss {
 						Score:                score,
 						CalculatedBySeverity: true,
 						Vector:               cont.Cvss2Vector,
-						Severity:             cont.Severity,
+						Severity:             strings.ToUpper(cont.Cvss2Severity),
 					},
 				}
 			}
@@ -389,10 +552,63 @@ func (v VulnInfo) MaxCvss2Score() CveContentCvss {
 	return value
 }

-// CveContentCvss has CveContentType and Cvss2
+// AttackVector returns attack vector string
+func (v VulnInfo) AttackVector() string {
+	for _, cnt := range v.CveContents {
+		if strings.HasPrefix(cnt.Cvss2Vector, "AV:N") ||
+			strings.Contains(cnt.Cvss3Vector, "AV:N") {
+			return "AV:N"
+		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:A") ||
+			strings.Contains(cnt.Cvss3Vector, "AV:A") {
+			return "AV:A"
+		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:L") ||
+			strings.Contains(cnt.Cvss3Vector, "AV:L") {
+			return "AV:L"
+		} else if strings.Contains(cnt.Cvss3Vector, "AV:P") {
+			// no AV:P in CVSS v2
+			return "AV:P"
+		}
+	}
+	if cont, found := v.CveContents[DebianSecurityTracker]; found {
+		if attackRange, found := cont.Optional["attack range"]; found {
+			return attackRange
+		}
+	}
+	return ""
+}
+
+// PatchStatus returns fixed or unfixed string
+func (v VulnInfo) PatchStatus(packs Packages) string {
+	// Vuls don't know patch status of the CPE
+	if len(v.CpeURIs) != 0 {
+		return ""
+	}
+	for _, p := range v.AffectedPackages {
+		if p.NotFixedYet {
+			return "unfixed"
+		}
+
+		// Fast and offline mode can not get the candidate version.
+		// Vuls can be considered as 'fixed' if not-fixed-yet==true and
+		// the fixed-in-version (information in the oval) is not an empty.
+		if p.FixedIn != "" {
+			continue
+		}
+
+		// fast, offline mode doesn't have new version
+		if pack, ok := packs[p.Name]; ok {
+			if pack.NewVersion == "" {
+				return "unknown"
+			}
+		}
+	}
+	return "fixed"
+}
+
+// CveContentCvss has CVSS information
 type CveContentCvss struct {
-	Type  CveContentType
-	Value Cvss
+	Type  CveContentType `json:"type"`
+	Value Cvss           `json:"value"`
 }

 // CvssType Represent the type of CVSS
@@ -408,33 +624,27 @@ const (

 // Cvss has CVSS Score
 type Cvss struct {
-	Type                 CvssType
-	Score                float64
-	CalculatedBySeverity bool
-	Vector               string
-	Severity             string
+	Type                 CvssType `json:"type"`
+	Score                float64  `json:"score"`
+	CalculatedBySeverity bool     `json:"calculatedBySeverity"`
+	Vector               string   `json:"vector"`
+	Severity             string   `json:"severity"`
 }

 // Format CVSS Score and Vector
 func (c Cvss) Format() string {
+	if c.Score == 0 || c.Vector == "" {
+		return c.Severity
+	}
 	switch c.Type {
 	case CVSS2:
-		return fmt.Sprintf("%3.1f/%s", c.Score, c.Vector)
+		return fmt.Sprintf("%3.1f/%s %s", c.Score, c.Vector, c.Severity)
 	case CVSS3:
-		return fmt.Sprintf("%3.1f/CVSS:3.0/%s", c.Score, c.Vector)
+		return fmt.Sprintf("%3.1f/%s %s", c.Score, c.Vector, c.Severity)
 	}
 	return ""
 }

-func cvss2ScoreToSeverity(score float64) string {
-	if 7.0 <= score {
-		return "HIGH"
-	} else if 4.0 <= score {
-		return "MEDIUM"
-	}
-	return "LOW"
-}
-
 // Amazon Linux Security Advisory
 // Critical, Important, Medium, Low
 // https://alas.aws.amazon.com/
@@ -461,49 +671,13 @@ func severityToV2ScoreRoughly(severity string) float64 {
 	return 0
 }

-// CveContentCvss3 has CveContentType and Cvss3
-//  type CveContentCvss3 struct {
-//      Type  CveContentType
-//      Value Cvss3
-//  }
-
-// Cvss3 has CVSS v3 Score, Vector and  Severity
-//  type Cvss3 struct {
-//      Score    float64
-//      Vector   string
-//      Severity string
-//  }
-
-// Format CVSS Score and Vector
-//  func (c Cvss3) Format() string {
-//      return fmt.Sprintf("%3.1f/CVSS:3.0/%s", c.Score, c.Vector)
-//  }
-
-//  func cvss3ScoreToSeverity(score float64) string {
-//      if 9.0 <= score {
-//          return "CRITICAL"
-//      } else if 7.0 <= score {
-//          return "HIGH"
-//      } else if 4.0 <= score {
-//          return "MEDIUM"
-//      }
-//      return "LOW"
-//  }
-
 // FormatMaxCvssScore returns Max CVSS Score
 func (v VulnInfo) FormatMaxCvssScore() string {
-	v2Max := v.MaxCvss2Score()
-	v3Max := v.MaxCvss3Score()
-	if v2Max.Value.Score <= v3Max.Value.Score {
-		return fmt.Sprintf("%3.1f %s (%s)",
-			v3Max.Value.Score,
-			strings.ToUpper(v3Max.Value.Severity),
-			v3Max.Type)
-	}
+	max := v.MaxCvssScore()
 	return fmt.Sprintf("%3.1f %s (%s)",
-		v2Max.Value.Score,
-		strings.ToUpper(v2Max.Value.Severity),
-		v2Max.Type)
+		max.Value.Score,
+		strings.ToUpper(max.Value.Severity),
+		max.Type)
 }

 // Cvss2CalcURL returns CVSS v2 caluclator's URL
@@ -519,6 +693,12 @@ func (v VulnInfo) Cvss3CalcURL() string {
 // VendorLinks returns links of vendor support's URL
 func (v VulnInfo) VendorLinks(family string) map[string]string {
 	links := map[string]string{}
+	if strings.HasPrefix(v.CveID, "WPVDBID") {
+		links["WPVulnDB"] = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s",
+			strings.TrimPrefix(v.CveID, "WPVDBID-"))
+		return links
+	}
+
 	switch family {
 	case config.RedHat, config.CentOS:
 		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
@@ -537,8 +717,14 @@ func (v VulnInfo) VendorLinks(family string) map[string]string {
 	case config.Amazon:
 		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
 		for _, advisory := range v.DistroAdvisories {
-			links[advisory.AdvisoryID] =
-				fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
+			if strings.HasPrefix(advisory.AdvisoryID, "ALAS2") {
+				links[advisory.AdvisoryID] =
+					fmt.Sprintf("https://alas.aws.amazon.com/AL2/%s.html",
+						strings.Replace(advisory.AdvisoryID, "ALAS2", "ALAS", -1))
+			} else {
+				links[advisory.AdvisoryID] =
+					fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
+			}
 		}
 		return links
 	case config.Ubuntu:
@@ -546,6 +732,8 @@ func (v VulnInfo) VendorLinks(family string) map[string]string {
 		return links
 	case config.Debian:
 		links["Debian-CVE"] = "https://security-tracker.debian.org/tracker/" + v.CveID
+	case config.SUSEEnterpriseServer:
+		links["SUSE-CVE"] = "https://www.suse.com/security/cve/" + v.CveID
 	case config.FreeBSD:
 		for _, advisory := range v.DistroAdvisories {
 			links["FreeBSD-VuXML"] = fmt.Sprintf("https://vuxml.freebsd.org/freebsd/%s.html", advisory.AdvisoryID)
@@ -556,37 +744,27 @@ func (v VulnInfo) VendorLinks(family string) map[string]string {
 	return links
 }

-// NilToEmpty set nil slice or map fields to empty to avoid null in JSON
-func (v *VulnInfo) NilToEmpty() *VulnInfo {
-	if v.CpeNames == nil {
-		v.CpeNames = []string{}
-	}
-	if v.DistroAdvisories == nil {
-		v.DistroAdvisories = []DistroAdvisory{}
-	}
-	if v.AffectedPackages == nil {
-		v.AffectedPackages = PackageStatuses{}
-	}
-	if v.CveContents == nil {
-		v.CveContents = NewCveContents()
-	}
-	for key := range v.CveContents {
-		if v.CveContents[key].Cpes == nil {
-			cont := v.CveContents[key]
-			cont.Cpes = []Cpe{}
-			v.CveContents[key] = cont
+// DistroAdvisories is a list of DistroAdvisory
+type DistroAdvisories []DistroAdvisory
+
+// AppendIfMissing appends if missing
+func (advs *DistroAdvisories) AppendIfMissing(adv *DistroAdvisory) bool {
+	for _, a := range *advs {
+		if a.AdvisoryID == adv.AdvisoryID {
+			return false
 		}
 	}
-	return v
+	*advs = append(*advs, *adv)
+	return true
 }

 // DistroAdvisory has Amazon Linux, RHEL, FreeBSD Security Advisory information.
 type DistroAdvisory struct {
-	AdvisoryID  string
-	Severity    string
-	Issued      time.Time
-	Updated     time.Time
-	Description string
+	AdvisoryID  string    `json:"advisoryID"`
+	Severity    string    `json:"severity"`
+	Issued      time.Time `json:"issued"`
+	Updated     time.Time `json:"updated"`
+	Description string    `json:"description"`
 }

 // Format the distro advisory information
@@ -603,11 +781,70 @@ func (p DistroAdvisory) Format() string {
 	return strings.Join(buf, "\n")
 }

+// Exploit :
+type Exploit struct {
+	ExploitType  exploitmodels.ExploitType `json:"exploitType"`
+	ID           string                    `json:"id"`
+	URL          string                    `json:"url"`
+	Description  string                    `json:"description"`
+	DocumentURL  *string                   `json:"documentURL,omitempty"`
+	ShellCodeURL *string                   `json:"shellCodeURL,omitempty"`
+	BinaryURL    *string                   `json:"binaryURL,omitempty"`
+}
+
+// Metasploit :
+type Metasploit struct {
+	Name        string   `json:"name"`
+	Title       string   `json:"title"`
+	Description string   `json:"description,omitempty"`
+	URLs        []string `json:",omitempty"`
+}
+
+// AlertDict has target cve's JPCERT and USCERT alert data
+type AlertDict struct {
+	Ja []Alert `json:"ja"`
+	En []Alert `json:"en"`
+}
+
+// FormatSource returns which source has this alert
+func (a AlertDict) FormatSource() string {
+	s := []string{}
+	if len(a.En) != 0 {
+		s = append(s, "USCERT")
+	}
+	if len(a.Ja) != 0 {
+		s = append(s, "JPCERT")
+	}
+	return strings.Join(s, "/")
+}
+
+// Confidences is a list of Confidence
+type Confidences []Confidence
+
+// AppendIfMissing appends confidence to the list if missiong
+func (cs *Confidences) AppendIfMissing(confidence Confidence) {
+	for _, c := range *cs {
+		if c.DetectionMethod == confidence.DetectionMethod {
+			return
+		}
+	}
+	*cs = append(*cs, confidence)
+}
+
+// SortByConfident sorts Confidences
+func (cs Confidences) SortByConfident() Confidences {
+	sort.Slice(cs, func(i, j int) bool {
+		return cs[i].SortOrder < cs[j].SortOrder
+	})
+	return cs
+}
+
 // Confidence is a ranking how confident the CVE-ID was deteted correctly
 // Score: 0 - 100
 type Confidence struct {
-	Score           int
-	DetectionMethod DetectionMethod
+	Score           int             `json:"score"`
+	DetectionMethod DetectionMethod `json:"detectionMethod"`
+	SortOrder       int             `json:"-"`
 }

 func (c Confidence) String() string {
@@ -632,12 +869,27 @@ const (
 	// OvalMatchStr is a String representation of OvalMatch
 	OvalMatchStr = "OvalMatch"

+	// RedHatAPIStr is a String representation of RedHatAPIMatch
+	RedHatAPIStr = "RedHatAPIMatch"
+
+	// DebianSecurityTrackerMatchStr is a String representation of DebianSecurityTrackerMatch
+	DebianSecurityTrackerMatchStr = "DebianSecurityTrackerMatch"
+
+	// TrivyMatchStr is a String representation of Trivy
+	TrivyMatchStr = "TrivyMatch"
+
 	// ChangelogExactMatchStr is a String representation of ChangelogExactMatch
 	ChangelogExactMatchStr = "ChangelogExactMatch"

 	// ChangelogLenientMatchStr is a String representation of ChangelogLenientMatch
 	ChangelogLenientMatchStr = "ChangelogLenientMatch"

+	// GitHubMatchStr is a String representation of GitHubMatch
+	GitHubMatchStr = "GitHubMatch"
+
+	// WPVulnDBMatchStr is a String representation of WordPress VulnDB scanning
+	WPVulnDBMatchStr = "WPVulnDBMatch"
+
 	// FailedToGetChangelog is a String representation of FailedToGetChangelog
 	FailedToGetChangelog = "FailedToGetChangelog"

@@ -647,20 +899,35 @@ const (

 var (
 	// CpeNameMatch is a ranking how confident the CVE-ID was deteted correctly
-	CpeNameMatch = Confidence{100, CpeNameMatchStr}
+	CpeNameMatch = Confidence{100, CpeNameMatchStr, 1}

 	// YumUpdateSecurityMatch is a ranking how confident the CVE-ID was deteted correctly
-	YumUpdateSecurityMatch = Confidence{100, YumUpdateSecurityMatchStr}
+	YumUpdateSecurityMatch = Confidence{100, YumUpdateSecurityMatchStr, 2}

 	// PkgAuditMatch is a ranking how confident the CVE-ID was deteted correctly
-	PkgAuditMatch = Confidence{100, PkgAuditMatchStr}
+	PkgAuditMatch = Confidence{100, PkgAuditMatchStr, 2}

 	// OvalMatch is a ranking how confident the CVE-ID was deteted correctly
-	OvalMatch = Confidence{100, OvalMatchStr}
+	OvalMatch = Confidence{100, OvalMatchStr, 0}
+
+	// RedHatAPIMatch ranking how confident the CVE-ID was deteted correctly
+	RedHatAPIMatch = Confidence{100, RedHatAPIStr, 0}
+
+	// DebianSecurityTrackerMatch ranking how confident the CVE-ID was deteted correctly
+	DebianSecurityTrackerMatch = Confidence{100, DebianSecurityTrackerMatchStr, 0}
+
+	// TrivyMatch ranking how confident the CVE-ID was deteted correctly
+	TrivyMatch = Confidence{100, TrivyMatchStr, 0}

 	// ChangelogExactMatch is a ranking how confident the CVE-ID was deteted correctly
-	ChangelogExactMatch = Confidence{95, ChangelogExactMatchStr}
+	ChangelogExactMatch = Confidence{95, ChangelogExactMatchStr, 3}

 	// ChangelogLenientMatch is a ranking how confident the CVE-ID was deteted correctly
-	ChangelogLenientMatch = Confidence{50, ChangelogLenientMatchStr}
+	ChangelogLenientMatch = Confidence{50, ChangelogLenientMatchStr, 4}
+
+	// GitHubMatch is a ranking how confident the CVE-ID was deteted correctly
+	GitHubMatch = Confidence{97, GitHubMatchStr, 2}
+
+	// WPVulnDBMatch is a ranking how confident the CVE-ID was deteted correctly
+	WPVulnDBMatch = Confidence{100, WPVulnDBMatchStr, 0}
 )
--- a/models/vulninfos_test.go
+++ b/models/vulninfos_test.go
@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package models

 import (
@@ -36,16 +20,16 @@ func TestTitles(t *testing.T) {
 				lang: "ja",
 				cont: VulnInfo{
 					CveContents: CveContents{
-						JVN: {
-							Type:  JVN,
+						Jvn: {
+							Type:  Jvn,
 							Title: "Title1",
 						},
 						RedHat: {
 							Type:    RedHat,
 							Summary: "Summary RedHat",
 						},
-						NVD: {
-							Type:    NVD,
+						NvdXML: {
+							Type:    NvdXML,
 							Summary: "Summary NVD",
 							// Severity is NIOT included in NVD
 						},
@@ -54,11 +38,11 @@ func TestTitles(t *testing.T) {
 			},
 			out: []CveContentStr{
 				{
-					Type:  JVN,
+					Type:  Jvn,
 					Value: "Title1",
 				},
 				{
-					Type:  NVD,
+					Type:  NvdXML,
 					Value: "Summary NVD",
 				},
 				{
@@ -73,16 +57,16 @@ func TestTitles(t *testing.T) {
 				lang: "en",
 				cont: VulnInfo{
 					CveContents: CveContents{
-						JVN: {
-							Type:  JVN,
+						Jvn: {
+							Type:  Jvn,
 							Title: "Title1",
 						},
 						RedHat: {
 							Type:    RedHat,
 							Summary: "Summary RedHat",
 						},
-						NVD: {
-							Type:    NVD,
+						NvdXML: {
+							Type:    NvdXML,
 							Summary: "Summary NVD",
 							// Severity is NIOT included in NVD
 						},
@@ -91,7 +75,7 @@ func TestTitles(t *testing.T) {
 			},
 			out: []CveContentStr{
 				{
-					Type:  NVD,
+					Type:  NvdXML,
 					Value: "Summary NVD",
 				},
 				{
@@ -137,8 +121,8 @@ func TestSummaries(t *testing.T) {
 				lang: "ja",
 				cont: VulnInfo{
 					CveContents: CveContents{
-						JVN: {
-							Type:    JVN,
+						Jvn: {
+							Type:    Jvn,
 							Title:   "Title JVN",
 							Summary: "Summary JVN",
 						},
@@ -146,8 +130,8 @@ func TestSummaries(t *testing.T) {
 							Type:    RedHat,
 							Summary: "Summary RedHat",
 						},
-						NVD: {
-							Type:    NVD,
+						NvdXML: {
+							Type:    NvdXML,
 							Summary: "Summary NVD",
 							// Severity is NIOT included in NVD
 						},
@@ -156,17 +140,17 @@ func TestSummaries(t *testing.T) {
 			},
 			out: []CveContentStr{
 				{
-					Type:  JVN,
+					Type:  Jvn,
 					Value: "Title JVN\nSummary JVN",
 				},
-				{
-					Type:  NVD,
-					Value: "Summary NVD",
-				},
 				{
 					Type:  RedHat,
 					Value: "Summary RedHat",
 				},
+				{
+					Type:  NvdXML,
+					Value: "Summary NVD",
+				},
 			},
 		},
 		// lang: en
@@ -175,8 +159,8 @@ func TestSummaries(t *testing.T) {
 				lang: "en",
 				cont: VulnInfo{
 					CveContents: CveContents{
-						JVN: {
-							Type:    JVN,
+						Jvn: {
+							Type:    Jvn,
 							Title:   "Title JVN",
 							Summary: "Summary JVN",
 						},
@@ -184,8 +168,8 @@ func TestSummaries(t *testing.T) {
 							Type:    RedHat,
 							Summary: "Summary RedHat",
 						},
-						NVD: {
-							Type:    NVD,
+						NvdXML: {
+							Type:    NvdXML,
 							Summary: "Summary NVD",
 							// Severity is NIOT included in NVD
 						},
@@ -193,14 +177,14 @@ func TestSummaries(t *testing.T) {
 				},
 			},
 			out: []CveContentStr{
-				{
-					Type:  NVD,
-					Value: "Summary NVD",
-				},
 				{
 					Type:  RedHat,
 					Value: "Summary RedHat",
 				},
+				{
+					Type:  NvdXML,
+					Value: "Summary NVD",
+				},
 			},
 		},
 		// lang: empty
@@ -235,8 +219,8 @@ func TestCountGroupBySeverity(t *testing.T) {
 				"CVE-2017-0002": {
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -248,8 +232,8 @@ func TestCountGroupBySeverity(t *testing.T) {
 				"CVE-2017-0003": {
 					CveID: "CVE-2017-0003",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 2.0,
 						},
 					},
@@ -257,8 +241,8 @@ func TestCountGroupBySeverity(t *testing.T) {
 				"CVE-2017-0004": {
 					CveID: "CVE-2017-0004",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 5.0,
 						},
 					},
@@ -296,8 +280,8 @@ func TestToSortedSlice(t *testing.T) {
 				"CVE-2017-0002": {
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -309,8 +293,8 @@ func TestToSortedSlice(t *testing.T) {
 				"CVE-2017-0001": {
 					CveID: "CVE-2017-0001",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 7.0,
 						},
 						RedHat: {
@@ -324,8 +308,8 @@ func TestToSortedSlice(t *testing.T) {
 				{
 					CveID: "CVE-2017-0001",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 7.0,
 						},
 						RedHat: {
@@ -337,8 +321,8 @@ func TestToSortedSlice(t *testing.T) {
 				{
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -355,8 +339,8 @@ func TestToSortedSlice(t *testing.T) {
 				"CVE-2017-0002": {
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -388,8 +372,8 @@ func TestToSortedSlice(t *testing.T) {
 				{
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NVD: {
-							Type:       NVD,
+						NvdXML: {
+							Type:       NvdXML,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -407,8 +391,8 @@ func TestToSortedSlice(t *testing.T) {
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
 						Ubuntu: {
-							Type:     Ubuntu,
-							Severity: "High",
+							Type:          Ubuntu,
+							Cvss2Severity: "High",
 						},
 					},
 				},
@@ -416,8 +400,8 @@ func TestToSortedSlice(t *testing.T) {
 					CveID: "CVE-2017-0001",
 					CveContents: CveContents{
 						Ubuntu: {
-							Type:     Ubuntu,
-							Severity: "Low",
+							Type:          Ubuntu,
+							Cvss2Severity: "Low",
 						},
 					},
 				},
@@ -427,8 +411,8 @@ func TestToSortedSlice(t *testing.T) {
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
 						Ubuntu: {
-							Type:     Ubuntu,
-							Severity: "High",
+							Type:          Ubuntu,
+							Cvss2Severity: "High",
 						},
 					},
 				},
@@ -436,8 +420,8 @@ func TestToSortedSlice(t *testing.T) {
 					CveID: "CVE-2017-0001",
 					CveContents: CveContents{
 						Ubuntu: {
-							Type:     Ubuntu,
-							Severity: "Low",
+							Type:          Ubuntu,
+							Cvss2Severity: "Low",
 						},
 					},
 				},
@@ -460,29 +444,29 @@ func TestCvss2Scores(t *testing.T) {
 		{
 			in: VulnInfo{
 				CveContents: CveContents{
-					JVN: {
-						Type:        JVN,
-						Severity:    "HIGH",
-						Cvss2Score:  8.2,
-						Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+					Jvn: {
+						Type:          Jvn,
+						Cvss2Severity: "HIGH",
+						Cvss2Score:    8.2,
+						Cvss2Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 					},
 					RedHat: {
-						Type:        RedHat,
-						Severity:    "HIGH",
-						Cvss2Score:  8.0,
-						Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+						Type:          RedHat,
+						Cvss2Severity: "HIGH",
+						Cvss2Score:    8.0,
+						Cvss2Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 					},
-					NVD: {
-						Type:        NVD,
-						Cvss2Score:  8.1,
-						Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
-						// Severity is NIOT included in NVD
+					NvdXML: {
+						Type:          NvdXML,
+						Cvss2Score:    8.1,
+						Cvss2Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+						Cvss2Severity: "HIGH",
 					},
 				},
 			},
 			out: []CveContentCvss{
 				{
-					Type: NVD,
+					Type: NvdXML,
 					Value: Cvss{
 						Type:     CVSS2,
 						Score:    8.1,
@@ -500,7 +484,7 @@ func TestCvss2Scores(t *testing.T) {
 					},
 				},
 				{
-					Type: JVN,
+					Type: Jvn,
 					Value: Cvss{
 						Type:     CVSS2,
 						Score:    8.2,
@@ -517,9 +501,9 @@ func TestCvss2Scores(t *testing.T) {
 		},
 	}
 	for i, tt := range tests {
-		actual := tt.in.Cvss2Scores()
+		actual := tt.in.Cvss2Scores("redhat")
 		if !reflect.DeepEqual(tt.out, actual) {
-			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, tt.out, actual)
+			t.Errorf("[%d]\nexpected: %v\n  actual: %v\n", i, tt.out, actual)
 		}
 	}
 }
@@ -532,20 +516,20 @@ func TestMaxCvss2Scores(t *testing.T) {
 		{
 			in: VulnInfo{
 				CveContents: CveContents{
-					JVN: {
-						Type:        JVN,
-						Severity:    "HIGH",
-						Cvss2Score:  8.2,
-						Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+					Jvn: {
+						Type:          Jvn,
+						Cvss2Severity: "HIGH",
+						Cvss2Score:    8.2,
+						Cvss2Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 					},
 					RedHat: {
-						Type:        RedHat,
-						Severity:    "HIGH",
-						Cvss2Score:  8.0,
-						Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+						Type:          RedHat,
+						Cvss2Severity: "HIGH",
+						Cvss2Score:    8.0,
+						Cvss2Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 					},
-					NVD: {
-						Type:        NVD,
+					NvdXML: {
+						Type:        NvdXML,
 						Cvss2Score:  8.1,
 						Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 						// Severity is NIOT included in NVD
@@ -553,7 +537,7 @@ func TestMaxCvss2Scores(t *testing.T) {
 				},
 			},
 			out: CveContentCvss{
-				Type: JVN,
+				Type: Jvn,
 				Value: Cvss{
 					Type:     CVSS2,
 					Score:    8.2,
@@ -567,8 +551,8 @@ func TestMaxCvss2Scores(t *testing.T) {
 			in: VulnInfo{
 				CveContents: CveContents{
 					Ubuntu: {
-						Type:     Ubuntu,
-						Severity: "HIGH",
+						Type:          Ubuntu,
+						Cvss2Severity: "HIGH",
 					},
 				},
 			},
@@ -613,16 +597,16 @@ func TestCvss3Scores(t *testing.T) {
 			in: VulnInfo{
 				CveContents: CveContents{
 					RedHat: {
-						Type:        RedHat,
-						Severity:    "HIGH",
-						Cvss3Score:  8.0,
-						Cvss3Vector: "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+						Type:          RedHat,
+						Cvss3Severity: "HIGH",
+						Cvss3Score:    8.0,
+						Cvss3Vector:   "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 					},
-					NVD: {
-						Type:        NVD,
-						Cvss3Score:  8.1,
-						Cvss3Vector: "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
-						// Severity is NIOT included in NVD
+					NvdXML: {
+						Type:          NvdXML,
+						Cvss2Score:    8.1,
+						Cvss2Vector:   "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+						Cvss2Severity: "HIGH",
 					},
 				},
 			},
@@ -661,10 +645,10 @@ func TestMaxCvss3Scores(t *testing.T) {
 			in: VulnInfo{
 				CveContents: CveContents{
 					RedHat: {
-						Type:        RedHat,
-						Severity:    "HIGH",
-						Cvss3Score:  8.0,
-						Cvss3Vector: "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+						Type:          RedHat,
+						Cvss3Severity: "HIGH",
+						Cvss3Score:    8.0,
+						Cvss3Vector:   "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 					},
 				},
 			},
@@ -708,8 +692,8 @@ func TestMaxCvssScores(t *testing.T) {
 		{
 			in: VulnInfo{
 				CveContents: CveContents{
-					NVD: {
-						Type:       NVD,
+					NvdXML: {
+						Type:       NvdXML,
 						Cvss3Score: 7.0,
 					},
 					RedHat: {
@@ -748,8 +732,8 @@ func TestMaxCvssScores(t *testing.T) {
 			in: VulnInfo{
 				CveContents: CveContents{
 					Ubuntu: {
-						Type:     Ubuntu,
-						Severity: "HIGH",
+						Type:          Ubuntu,
+						Cvss2Severity: "HIGH",
 					},
 				},
 			},
@@ -768,17 +752,18 @@ func TestMaxCvssScores(t *testing.T) {
 			in: VulnInfo{
 				CveContents: CveContents{
 					Ubuntu: {
-						Type:     Ubuntu,
-						Severity: "MEDIUM",
+						Type:          Ubuntu,
+						Cvss2Severity: "MEDIUM",
 					},
-					NVD: {
-						Type:       NVD,
-						Cvss2Score: 7.0,
+					NvdXML: {
+						Type:          NvdXML,
+						Cvss2Score:    7.0,
+						Cvss2Severity: "HIGH",
 					},
 				},
 			},
 			out: CveContentCvss{
-				Type: NVD,
+				Type: NvdXML,
 				Value: Cvss{
 					Type:     CVSS2,
 					Score:    7.0,
@@ -810,12 +795,13 @@ func TestMaxCvssScores(t *testing.T) {
 			in: VulnInfo{
 				CveContents: CveContents{
 					Ubuntu: {
-						Type:     Ubuntu,
-						Severity: "MEDIUM",
+						Type:          Ubuntu,
+						Cvss2Severity: "MEDIUM",
 					},
-					NVD: {
-						Type:       NVD,
-						Cvss2Score: 4.0,
+					NvdXML: {
+						Type:          NvdXML,
+						Cvss2Score:    4.0,
+						Cvss2Severity: "MEDIUM",
 					},
 				},
 				DistroAdvisories: []DistroAdvisory{
@@ -825,7 +811,7 @@ func TestMaxCvssScores(t *testing.T) {
 				},
 			},
 			out: CveContentCvss{
-				Type: NVD,
+				Type: NvdXML,
 				Value: Cvss{
 					Type:     CVSS2,
 					Score:    4,
@@ -861,18 +847,18 @@ func TestFormatMaxCvssScore(t *testing.T) {
 		{
 			in: VulnInfo{
 				CveContents: CveContents{
-					JVN: {
-						Type:       JVN,
-						Severity:   "HIGH",
-						Cvss2Score: 8.3,
+					Jvn: {
+						Type:          Jvn,
+						Cvss2Severity: "HIGH",
+						Cvss2Score:    8.3,
 					},
 					RedHat: {
-						Type:       RedHat,
-						Severity:   "HIGH",
-						Cvss3Score: 8.0,
+						Type:          RedHat,
+						Cvss2Severity: "HIGH",
+						Cvss3Score:    8.0,
 					},
-					NVD: {
-						Type:       NVD,
+					NvdXML: {
+						Type:       NvdXML,
 						Cvss2Score: 8.1,
 						// Severity is NIOT included in NVD
 					},
@@ -883,19 +869,20 @@ func TestFormatMaxCvssScore(t *testing.T) {
 		{
 			in: VulnInfo{
 				CveContents: CveContents{
-					JVN: {
-						Type:       JVN,
-						Severity:   "HIGH",
-						Cvss2Score: 8.3,
+					Jvn: {
+						Type:          Jvn,
+						Cvss2Severity: "HIGH",
+						Cvss2Score:    8.3,
 					},
 					RedHat: {
-						Type:       RedHat,
-						Severity:   "HIGH",
-						Cvss2Score: 8.0,
-						Cvss3Score: 9.9,
+						Type:          RedHat,
+						Cvss2Severity: "HIGH",
+						Cvss2Score:    8.0,
+						Cvss3Severity: "HIGH",
+						Cvss3Score:    9.9,
 					},
-					NVD: {
-						Type:       NVD,
+					NvdXML: {
+						Type:       NvdXML,
 						Cvss2Score: 8.1,
 					},
 				},
@@ -913,15 +900,15 @@ func TestFormatMaxCvssScore(t *testing.T) {

 func TestSortPackageStatues(t *testing.T) {
 	var tests = []struct {
-		in  PackageStatuses
-		out PackageStatuses
+		in  PackageFixStatuses
+		out PackageFixStatuses
 	}{
 		{
-			in: PackageStatuses{
+			in: PackageFixStatuses{
 				{Name: "b"},
 				{Name: "a"},
 			},
-			out: PackageStatuses{
+			out: PackageFixStatuses{
 				{Name: "a"},
 				{Name: "b"},
 			},
@@ -934,3 +921,245 @@ func TestSortPackageStatues(t *testing.T) {
 		}
 	}
 }
+
+func TestStorePackageStatueses(t *testing.T) {
+	var tests = []struct {
+		pkgstats PackageFixStatuses
+		in       PackageFixStatus
+		out      PackageFixStatuses
+	}{
+		{
+			pkgstats: PackageFixStatuses{
+				{Name: "a"},
+				{Name: "b"},
+			},
+			in: PackageFixStatus{
+				Name: "c",
+			},
+			out: PackageFixStatuses{
+				{Name: "a"},
+				{Name: "b"},
+				{Name: "c"},
+			},
+		},
+	}
+	for _, tt := range tests {
+		out := tt.pkgstats.Store(tt.in)
+		if ok := reflect.DeepEqual(tt.out, out); !ok {
+			t.Errorf("\nexpected: %v\n  actual: %v\n", tt.out, out)
+		}
+	}
+}
+
+func TestAppendIfMissing(t *testing.T) {
+	var tests = []struct {
+		in  Confidences
+		arg Confidence
+		out Confidences
+	}{
+		{
+			in: Confidences{
+				CpeNameMatch,
+			},
+			arg: CpeNameMatch,
+			out: Confidences{
+				CpeNameMatch,
+			},
+		},
+		{
+			in: Confidences{
+				CpeNameMatch,
+			},
+			arg: ChangelogExactMatch,
+			out: Confidences{
+				CpeNameMatch,
+				ChangelogExactMatch,
+			},
+		},
+	}
+	for _, tt := range tests {
+		tt.in.AppendIfMissing(tt.arg)
+		if !reflect.DeepEqual(tt.in, tt.out) {
+			t.Errorf("\nexpected: %v\n  actual: %v\n", tt.out, tt.in)
+		}
+	}
+}
+
+func TestSortByConfiden(t *testing.T) {
+	var tests = []struct {
+		in  Confidences
+		out Confidences
+	}{
+		{
+			in: Confidences{
+				OvalMatch,
+				CpeNameMatch,
+			},
+			out: Confidences{
+				OvalMatch,
+				CpeNameMatch,
+			},
+		},
+		{
+			in: Confidences{
+				CpeNameMatch,
+				OvalMatch,
+			},
+			out: Confidences{
+				OvalMatch,
+				CpeNameMatch,
+			},
+		},
+	}
+	for _, tt := range tests {
+		act := tt.in.SortByConfident()
+		if !reflect.DeepEqual(tt.out, act) {
+			t.Errorf("\nexpected: %v\n  actual: %v\n", tt.out, act)
+		}
+	}
+}
+
+func TestDistroAdvisories_AppendIfMissing(t *testing.T) {
+	type args struct {
+		adv *DistroAdvisory
+	}
+	tests := []struct {
+		name  string
+		advs  DistroAdvisories
+		args  args
+		want  bool
+		after DistroAdvisories
+	}{
+		{
+			name: "duplicate no append",
+			advs: DistroAdvisories{
+				DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1214",
+				}},
+			args: args{
+				adv: &DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1214",
+				},
+			},
+			want: false,
+			after: DistroAdvisories{
+				DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1214",
+				}},
+		},
+		{
+			name: "append",
+			advs: DistroAdvisories{
+				DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1214",
+				}},
+			args: args{
+				adv: &DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1215",
+				},
+			},
+			want: true,
+			after: DistroAdvisories{
+				{
+					AdvisoryID: "ALASs-2019-1214",
+				},
+				{
+					AdvisoryID: "ALASs-2019-1215",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.advs.AppendIfMissing(tt.args.adv); got != tt.want {
+				t.Errorf("DistroAdvisories.AppendIfMissing() = %v, want %v", got, tt.want)
+			}
+			if !reflect.DeepEqual(tt.advs, tt.after) {
+				t.Errorf("\nexpected: %v\n  actual: %v\n", tt.after, tt.advs)
+			}
+		})
+	}
+}
+
+func TestVulnInfo_AttackVector(t *testing.T) {
+	type fields struct {
+		CveContents CveContents
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   string
+	}{
+		{
+			name: "2.0:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+		{
+			name: "2.0:A",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:A",
+		},
+		{
+			name: "2.0:L",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:L",
+		},
+
+		{
+			name: "3.0:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss3Vector: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+		{
+			name: "3.1:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			v := VulnInfo{
+				CveContents: tt.fields.CveContents,
+			}
+			if got := v.AttackVector(); got != tt.want {
+				t.Errorf("VulnInfo.AttackVector() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/models/wordpress.go
+++ b/models/wordpress.go
@@ -0,0 +1,71 @@
+package models
+
+// WordPressPackages has Core version, plugins and themes.
+type WordPressPackages []WpPackage
+
+// CoreVersion returns the core version of the installed WordPress
+func (w WordPressPackages) CoreVersion() string {
+	for _, p := range w {
+		if p.Type == WPCore {
+			return p.Version
+		}
+	}
+	return ""
+}
+
+// Plugins returns a slice of plugins of the installed WordPress
+func (w WordPressPackages) Plugins() (ps []WpPackage) {
+	for _, p := range w {
+		if p.Type == WPPlugin {
+			ps = append(ps, p)
+		}
+	}
+	return
+}
+
+// Themes returns a slice of themes of the installed WordPress
+func (w WordPressPackages) Themes() (ps []WpPackage) {
+	for _, p := range w {
+		if p.Type == WPTheme {
+			ps = append(ps, p)
+		}
+	}
+	return
+}
+
+// Find searches by specified name
+func (w WordPressPackages) Find(name string) (ps *WpPackage, found bool) {
+	for _, p := range w {
+		if p.Name == name {
+			return &p, true
+		}
+	}
+	return nil, false
+}
+
+const (
+	// WPCore is a type `core` in WPPackage struct
+	WPCore = "core"
+	// WPPlugin is a type `plugin` in WPPackage struct
+	WPPlugin = "plugin"
+	// WPTheme is a type `theme` in WPPackage struct
+	WPTheme = "theme"
+
+	// Inactive is a inactive status in WPPackage struct
+	Inactive = "inactive"
+)
+
+// WpPackage has a details of plugin and theme
+type WpPackage struct {
+	Name    string `json:"name,omitempty"`
+	Status  string `json:"status,omitempty"` // active, inactive or must-use
+	Update  string `json:"update,omitempty"` // available or none
+	Version string `json:"version,omitempty"`
+	Type    string `json:"type,omitempty"` // core, plugin, theme
+}
+
+// WpPackageFixStatus is used in Vulninfo.WordPress
+type WpPackageFixStatus struct {
+	Name    string `json:"name,omitempty"`
+	FixedIn string `json:"fixedIn,omitempty"`
+}
--- a/msf/msf.go
+++ b/msf/msf.go
@@ -0,0 +1,73 @@
+package msf
+
+import (
+	"fmt"
+	"net/http"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/parnurzeal/gorequest"
+	"github.com/takuzoo3868/go-msfdb/db"
+	metasploitmodels "github.com/takuzoo3868/go-msfdb/models"
+	"golang.org/x/xerrors"
+)
+
+// FillWithMetasploit fills metasploit module information that has in module
+func FillWithMetasploit(driver db.DB, r *models.ScanResult) (nMetasploitCve int, err error) {
+	if driver == nil {
+		return 0, nil
+	}
+	for cveID, vuln := range r.ScannedCves {
+		if cveID == "" {
+			continue
+		}
+		ms := driver.GetModuleByCveID(cveID)
+		if len(ms) == 0 {
+			continue
+		}
+		modules := ConvertToModels(ms)
+		vuln.Metasploits = modules
+		r.ScannedCves[cveID] = vuln
+		nMetasploitCve++
+	}
+
+	return nMetasploitCve, nil
+}
+
+// ConvertToModels converts gost model to vuls model
+func ConvertToModels(ms []*metasploitmodels.Metasploit) (modules []models.Metasploit) {
+	for _, m := range ms {
+		var links []string
+		if 0 < len(m.References) {
+			for _, u := range m.References {
+				links = append(links, u.Link)
+			}
+		}
+		module := models.Metasploit{
+			Name:        m.Name,
+			Title:       m.Title,
+			Description: m.Description,
+			URLs:        links,
+		}
+		modules = append(modules, module)
+	}
+	return modules
+}
+
+// CheckHTTPHealth do health check
+func CheckHTTPHealth() error {
+	if !cnf.Conf.Metasploit.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Metasploit.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to metasploit server. url: %s, errs: %w", url, errs)
+	}
+	return nil
+}
--- a/oval/alpine.go
+++ b/oval/alpine.go
@@ -0,0 +1,57 @@
+package oval
+
+import (
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
+)
+
+// Alpine is the struct of Alpine Linux
+type Alpine struct {
+	Base
+}
+
+// NewAlpine creates OVAL client for SUSE
+func NewAlpine() Alpine {
+	return Alpine{
+		Base{
+			family: config.Alpine,
+		},
+	}
+}
+
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o Alpine) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	var relatedDefs ovalResult
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
+		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return 0, err
+		}
+	} else {
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
+		}
+	}
+	for _, defPacks := range relatedDefs.entries {
+		o.update(r, defPacks)
+	}
+
+	return len(relatedDefs.entries), nil
+}
+
+func (o Alpine) update(r *models.ScanResult, defPacks defPacks) {
+	cveID := defPacks.def.Advisory.Cves[0].CveID
+	vinfo, ok := r.ScannedCves[cveID]
+	if !ok {
+		util.Log.Debugf("%s is newly detected by OVAL", cveID)
+		vinfo = models.VulnInfo{
+			CveID:       cveID,
+			Confidences: []models.Confidence{models.OvalMatch},
+		}
+	}
+
+	vinfo.AffectedPackages = defPacks.toPackStatuses()
+	vinfo.AffectedPackages.Sort()
+	r.ScannedCves[cveID] = vinfo
+}
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -1,26 +1,13 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package oval

 import (
+	"fmt"
+	"strings"
+
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
+	"github.com/kotakanbe/goval-dictionary/db"
 	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
 )

@@ -37,7 +24,7 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
 		util.Log.Debugf("%s is newly detected by OVAL", defPacks.def.Debian.CveID)
 		vinfo = models.VulnInfo{
 			CveID:       defPacks.def.Debian.CveID,
-			Confidence:  models.OvalMatch,
+			Confidences: []models.Confidence{models.OvalMatch},
 			CveContents: models.NewCveContents(ovalContent),
 		}
 	} else {
@@ -51,24 +38,45 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
 				defPacks.def.Debian.CveID)
 			cveContents = models.CveContents{}
 		}
-		if vinfo.Confidence.Score < models.OvalMatch.Score {
-			vinfo.Confidence = models.OvalMatch
-		}
+		vinfo.Confidences.AppendIfMissing(models.OvalMatch)
 		cveContents[ctype] = ovalContent
 		vinfo.CveContents = cveContents
 	}

-	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+	// uniq(vinfo.PackNames + defPacks.binpkgStat)
 	for _, pack := range vinfo.AffectedPackages {
-		defPacks.actuallyAffectedPackNames[pack.Name] = true
+		defPacks.binpkgFixstat[pack.Name] = fixStat{
+			notFixedYet: pack.NotFixedYet,
+			fixedIn:     pack.FixedIn,
+			isSrcPack:   false,
+		}
 	}
-	vinfo.AffectedPackages = defPacks.toPackStatuses(r.Family, r.Packages)
+
+	// Update package status of source packages.
+	// In the case of Debian based Linux, sometimes source package name is difined as affected package in OVAL.
+	// To display binary package name showed in apt-get, need to convert source name to binary name.
+	for binName := range defPacks.binpkgFixstat {
+		if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok {
+			for _, p := range defPacks.def.AffectedPacks {
+				if p.Name == srcPack.Name {
+					defPacks.binpkgFixstat[binName] = fixStat{
+						notFixedYet: p.NotFixedYet,
+						fixedIn:     p.Version,
+						isSrcPack:   true,
+						srcPackName: srcPack.Name,
+					}
+				}
+			}
+		}
+	}
+
+	vinfo.AffectedPackages = defPacks.toPackStatuses()
 	vinfo.AffectedPackages.Sort()
 	r.ScannedCves[defPacks.def.Debian.CveID] = vinfo
 }

 func (o DebianBase) convertToModel(def *ovalmodels.Definition) *models.CveContent {
-	var refs []models.Reference
+	refs := []models.Reference{}
 	for _, r := range def.References {
 		refs = append(refs, models.Reference{
 			Link:   r.RefURL,
@@ -78,11 +86,12 @@ func (o DebianBase) convertToModel(def *ovalmodels.Definition) *models.CveConten
 	}

 	return &models.CveContent{
-		CveID:      def.Debian.CveID,
-		Title:      def.Title,
-		Summary:    def.Description,
-		Severity:   def.Advisory.Severity,
-		References: refs,
+		CveID:         def.Debian.CveID,
+		Title:         def.Title,
+		Summary:       def.Description,
+		Cvss2Severity: def.Advisory.Severity,
+		Cvss3Severity: def.Advisory.Severity,
+		References:    refs,
 	}
 }

@@ -103,37 +112,43 @@ func NewDebian() Debian {
 }

 // FillWithOval returns scan result after updating CVE info by OVAL
-func (o Debian) FillWithOval(r *models.ScanResult) (err error) {
+func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {

 	//Debian's uname gives both of kernel release(uname -r), version(kernel-image version)
 	linuxImage := "linux-image-" + r.RunningKernel.Release
+
 	// Add linux and set the version of running kernel to search OVAL.
 	if r.Container.ContainerID == "" {
+		newVer := ""
+		if p, ok := r.Packages[linuxImage]; ok {
+			newVer = p.NewVersion
+		}
 		r.Packages["linux"] = models.Package{
-			Name:    "linux",
-			Version: r.RunningKernel.Version,
+			Name:       "linux",
+			Version:    r.RunningKernel.Version,
+			NewVersion: newVer,
 		}
 	}

 	var relatedDefs ovalResult
-	if o.isFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
-			return err
+			return 0, err
 		}
 	} else {
-		if relatedDefs, err = getDefsByPackNameFromOvalDB(o.family, r.Release, r.Packages); err != nil {
-			return err
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
 		}
 	}

 	delete(r.Packages, "linux")

 	for _, defPacks := range relatedDefs.entries {
-		// Remove linux added above to search for oval
+		// Remove "linux" added above for oval search
 		// linux is not a real package name (key of affected packages in OVAL)
-		if _, ok := defPacks.actuallyAffectedPackNames["linux"]; ok {
-			defPacks.actuallyAffectedPackNames[linuxImage] = true
-			delete(defPacks.actuallyAffectedPackNames, "linux")
+		if notFixedYet, ok := defPacks.binpkgFixstat["linux"]; ok {
+			defPacks.binpkgFixstat[linuxImage] = notFixedYet
+			delete(defPacks.binpkgFixstat, "linux")
 			for i, p := range defPacks.def.AffectedPacks {
 				if p.Name == "linux" {
 					p.Name = linuxImage
@@ -141,6 +156,7 @@ func (o Debian) FillWithOval(r *models.ScanResult) (err error) {
 				}
 			}
 		}
+
 		o.update(r, defPacks)
 	}

@@ -150,7 +166,7 @@ func (o Debian) FillWithOval(r *models.ScanResult) (err error) {
 			vuln.CveContents[models.Debian] = cont
 		}
 	}
-	return nil
+	return len(relatedDefs.entries), nil
 }

 // Ubuntu is the interface for Debian OVAL
@@ -170,84 +186,237 @@ func NewUbuntu() Ubuntu {
 }

 // FillWithOval returns scan result after updating CVE info by OVAL
-func (o Ubuntu) FillWithOval(r *models.ScanResult) (err error) {
-	ovalKernelImageNames := []string{
-		"linux-aws",
-		"linux-azure",
-		"linux-flo",
-		"linux-gcp",
-		"linux-gke",
-		"linux-goldfish",
-		"linux-hwe",
-		"linux-hwe-edge",
-		"linux-kvm",
-		"linux-mako",
-		"linux-raspi2",
-		"linux-snapdragon",
+func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+	switch major(r.Release) {
+	case "14":
+		kernelNamesInOval := []string{
+			"linux-aws",
+			"linux-azure",
+			"linux-lts-xenial",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-azure",
+			"linux-meta-lts-xenial",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-lts-xenial",
+			"linux",
+		}
+		return o.fillWithOval(driver, r, kernelNamesInOval)
+	case "16":
+		kernelNamesInOval := []string{
+			"linux-aws",
+			"linux-aws-hwe",
+			"linux-azure",
+			"linux-euclid",
+			"linux-flo",
+			"linux-gcp",
+			"linux-gke",
+			"linux-goldfish",
+			"linux-hwe",
+			"linux-kvm",
+			"linux-mako",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-aws-hwe",
+			"linux-meta-azure",
+			"linux-meta-gcp",
+			"linux-meta-hwe",
+			"linux-meta-kvm",
+			"linux-meta-oracle",
+			"linux-meta-raspi2",
+			"linux-meta-snapdragon",
+			"linux-oem",
+			"linux-oracle",
+			"linux-raspi2",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-gcp",
+			"linux-signed-hwe",
+			"linux-signed-oracle",
+			"linux-snapdragon",
+			"linux",
+		}
+		return o.fillWithOval(driver, r, kernelNamesInOval)
+	case "18":
+		kernelNamesInOval := []string{
+			"linux-aws",
+			"linux-aws-5.0",
+			"linux-azure",
+			"linux-gcp",
+			"linux-gcp-5.3",
+			"linux-gke-4.15",
+			"linux-gke-5.0",
+			"linux-gke-5.3",
+			"linux-hwe",
+			"linux-kvm",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-aws-5.0",
+			"linux-meta-azure",
+			"linux-meta-gcp",
+			"linux-meta-gcp-5.3",
+			"linux-meta-gke-4.15",
+			"linux-meta-gke-5.0",
+			"linux-meta-gke-5.3",
+			"linux-meta-hwe",
+			"linux-meta-kvm",
+			"linux-meta-oem",
+			"linux-meta-oem-osp1",
+			"linux-meta-oracle",
+			"linux-meta-oracle-5.0",
+			"linux-meta-oracle-5.3",
+			"linux-meta-raspi2",
+			"linux-meta-raspi2-5.3",
+			"linux-meta-snapdragon",
+			"linux-oem",
+			"linux-oem-osp1",
+			"linux-oracle",
+			"linux-oracle-5.0",
+			"linux-oracle-5.3",
+			"linux-raspi2",
+			"linux-raspi2-5.3",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-gcp",
+			"linux-signed-gcp-5.3",
+			"linux-signed-gke-4.15",
+			"linux-signed-gke-5.0",
+			"linux-signed-gke-5.3",
+			"linux-signed-hwe",
+			"linux-signed-oem",
+			"linux-signed-oem-osp1",
+			"linux-signed-oracle",
+			"linux-signed-oracle-5.0",
+			"linux-signed-oracle-5.3",
+			"linux-snapdragon",
+			"linux",
+		}
+		return o.fillWithOval(driver, r, kernelNamesInOval)
+	case "20":
+		kernelNamesInOval := []string{
+			"linux-aws",
+			"linux-azure",
+			"linux-gcp",
+			"linux-kvm",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-azure",
+			"linux-meta-gcp",
+			"linux-meta-kvm",
+			"linux-meta-oem-5.6",
+			"linux-meta-oracle",
+			"linux-meta-raspi",
+			"linux-meta-riscv",
+			"linux-oem-5.6",
+			"linux-oracle",
+			"linux-raspi",
+			"linux-raspi2",
+			"linux-riscv",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-gcp",
+			"linux-signed-oem-5.6",
+			"linux-signed-oracle",
+			"linux",
+		}
+		return o.fillWithOval(driver, r, kernelNamesInOval)
 	}
-	linuxImage := "linux-image-" + r.RunningKernel.Release
+	return 0, fmt.Errorf("Ubuntu %s is not support for now", r.Release)
+}
+
+func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOval []string) (nCVEs int, err error) {
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+	runningKernelVersion := ""
+	kernelPkgInOVAL := ""
+	isOVALKernelPkgAdded := false
+	unusedKernels := []models.Package{}
+	copiedSourcePkgs := models.SrcPackages{}

-	found := false
 	if r.Container.ContainerID == "" {
-		for _, n := range ovalKernelImageNames {
-			if _, ok := r.Packages[n]; ok {
-				v, ok := r.Packages[linuxImage]
-				if ok {
-					// Set running kernel version
-					p := r.Packages[n]
-					p.Version = v.Version
-					p.NewVersion = v.NewVersion
-					r.Packages[n] = p
-				} else {
-					util.Log.Warnf("Running kernel image %s is not found: %s",
-						linuxImage, r.RunningKernel.Version)
-				}
-				found = true
+		if v, ok := r.Packages[linuxImage]; ok {
+			runningKernelVersion = v.Version
+		} else {
+			util.Log.Warnf("Unable to detect vulns of running kernel because the version of the runnning kernel is unknown. server: %s",
+				r.ServerName)
+		}
+
+		for _, n := range kernelNamesInOval {
+			if p, ok := r.Packages[n]; ok {
+				kernelPkgInOVAL = p.Name
 				break
 			}
 		}

-		if !found {
-			// linux-generic is described as "linux" in Ubuntu's oval.
-			// Add "linux" and set the version of running kernel to search OVAL.
-			v, ok := r.Packages[linuxImage]
-			if ok {
-				r.Packages["linux"] = models.Package{
-					Name:       "linux",
-					Version:    v.Version,
-					NewVersion: v.NewVersion,
+		// remove unused kernels from packages to prevent detecting vulns of unused kernel
+		for _, n := range kernelNamesInOval {
+			if v, ok := r.Packages[n]; ok {
+				unusedKernels = append(unusedKernels, v)
+				delete(r.Packages, n)
+			}
+		}
+
+		// Remove linux-* in order to detect only vulnerabilities in the running kernel.
+		for n := range r.Packages {
+			if n != kernelPkgInOVAL && strings.HasPrefix(n, "linux-") {
+				unusedKernels = append(unusedKernels, r.Packages[n])
+				delete(r.Packages, n)
+			}
+		}
+		for srcPackName, srcPack := range r.SrcPackages {
+			copiedSourcePkgs[srcPackName] = srcPack
+			targetBianryNames := []string{}
+			for _, n := range srcPack.BinaryNames {
+				if n == kernelPkgInOVAL || !strings.HasPrefix(n, "linux-") {
+					targetBianryNames = append(targetBianryNames, n)
 				}
-			} else {
-				util.Log.Warnf("%s is not found. Running: %s",
-					linuxImage, r.RunningKernel.Release)
+			}
+			srcPack.BinaryNames = targetBianryNames
+			r.SrcPackages[srcPackName] = srcPack
+		}
+
+		if kernelPkgInOVAL == "" {
+			util.Log.Warnf("The OVAL name of the running kernel image %+v is not found. So vulns of `linux` wll be detected. server: %s",
+				r.RunningKernel, r.ServerName)
+			kernelPkgInOVAL = "linux"
+			isOVALKernelPkgAdded = true
+		}
+
+		if runningKernelVersion != "" {
+			r.Packages[kernelPkgInOVAL] = models.Package{
+				Name:    kernelPkgInOVAL,
+				Version: runningKernelVersion,
 			}
 		}
 	}

 	var relatedDefs ovalResult
-	if o.isFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
-			return err
+			return 0, err
 		}
 	} else {
-		if relatedDefs, err = getDefsByPackNameFromOvalDB(o.family, r.Release, r.Packages); err != nil {
-			return err
+		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+			return 0, err
 		}
 	}

-	if !found {
-		delete(r.Packages, "linux")
+	if isOVALKernelPkgAdded {
+		delete(r.Packages, kernelPkgInOVAL)
 	}
+	for _, p := range unusedKernels {
+		r.Packages[p.Name] = p
+	}
+	r.SrcPackages = copiedSourcePkgs

 	for _, defPacks := range relatedDefs.entries {
-
-		// Remove "linux" added above to search for oval
+		// Remove "linux" added above for searching oval
 		// "linux" is not a real package name (key of affected packages in OVAL)
-		if _, ok := defPacks.actuallyAffectedPackNames["linux"]; !found && ok {
-			defPacks.actuallyAffectedPackNames[linuxImage] = true
-			delete(defPacks.actuallyAffectedPackNames, "linux")
+		if nfy, ok := defPacks.binpkgFixstat[kernelPkgInOVAL]; isOVALKernelPkgAdded && ok {
+			defPacks.binpkgFixstat[linuxImage] = nfy
+			delete(defPacks.binpkgFixstat, kernelPkgInOVAL)
 			for i, p := range defPacks.def.AffectedPacks {
-				if p.Name == "linux" {
+				if p.Name == kernelPkgInOVAL {
 					p.Name = linuxImage
 					defPacks.def.AffectedPacks[i] = p
 				}
@@ -262,5 +431,5 @@ func (o Ubuntu) FillWithOval(r *models.ScanResult) (err error) {
 			vuln.CveContents[models.Ubuntu] = cont
 		}
 	}
-	return nil
+	return len(relatedDefs.entries), nil
 }
--- a/oval/debian_test.go
+++ b/oval/debian_test.go
@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package oval

 import (
@@ -36,7 +20,10 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 			in: models.ScanResult{
 				ScannedCves: models.VulnInfos{
 					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{{Name: "packA"}},
+						AffectedPackages: models.PackageFixStatuses{
+							{Name: "packA"},
+							{Name: "packC"},
+						},
 					},
 				},
 			},
@@ -46,16 +33,20 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 						CveID: "CVE-2000-1000",
 					},
 				},
-				actuallyAffectedPackNames: map[string]bool{
-					"packB": true,
+				binpkgFixstat: map[string]fixStat{
+					"packB": {
+						notFixedYet: true,
+						fixedIn:     "1.0.0",
+					},
 				},
 			},
 			out: models.ScanResult{
 				ScannedCves: models.VulnInfos{
 					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{
+						AffectedPackages: models.PackageFixStatuses{
 							{Name: "packA"},
-							{Name: "packB"},
+							{Name: "packB", NotFixedYet: true, FixedIn: "1.0.0"},
+							{Name: "packC"},
 						},
 					},
 				},
@@ -69,7 +60,7 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 		e := tt.out.ScannedCves["CVE-2000-1000"].AffectedPackages
 		a := tt.in.ScannedCves["CVE-2000-1000"].AffectedPackages
 		if !reflect.DeepEqual(a, e) {
-			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
+			t.Errorf("[%d] expected: %#v\n  actual: %#v\n", i, e, a)
 		}
 	}
 }
--- a/oval/oval.go
+++ b/oval/oval.go
@@ -1,45 +1,27 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package oval

 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"strings"
 	"time"

-	"github.com/future-architect/vuls/config"
+	cnf "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
 	"github.com/kotakanbe/goval-dictionary/db"
-	ovallog "github.com/kotakanbe/goval-dictionary/log"
 	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )

 // Client is the interface of OVAL client.
 type Client interface {
 	CheckHTTPHealth() error
-	FillWithOval(r *models.ScanResult) error
+	FillWithOval(db.DB, *models.ScanResult) (int, error)

 	// CheckIfOvalFetched checks if oval entries are in DB by family, release.
-	CheckIfOvalFetched(string, string) (bool, error)
-	CheckIfOvalFresh(string, string) (bool, error)
+	CheckIfOvalFetched(db.DB, string, string) (bool, error)
+	CheckIfOvalFresh(db.DB, string, string) (bool, error)
 }

 // Base is a base struct
@@ -49,102 +31,69 @@ type Base struct {

 // CheckHTTPHealth do health check
 func (b Base) CheckHTTPHealth() error {
-	if !b.isFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		return nil
 	}

-	url := fmt.Sprintf("%s/health", config.Conf.OvalDBURL)
+	url := fmt.Sprintf("%s/health", cnf.Conf.OvalDict.URL)
 	var errs []error
 	var resp *http.Response
 	resp, _, errs = gorequest.New().Get(url).End()
 	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
 	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return fmt.Errorf("Failed to request to OVAL server. url: %s, errs: %v",
+		return xerrors.Errorf("Failed to request to OVAL server. url: %s, errs: %w",
 			url, errs)
 	}
 	return nil
 }

 // CheckIfOvalFetched checks if oval entries are in DB by family, release.
-func (b Base) CheckIfOvalFetched(osFamily, release string) (fetched bool, err error) {
-	ovallog.Initialize(config.Conf.LogDir)
-	if !b.isFetchViaHTTP() {
-		var ovaldb db.DB
-		if ovaldb, err = db.NewDB(
-			osFamily,
-			config.Conf.OvalDBType,
-			config.Conf.OvalDBPath,
-			config.Conf.DebugSQL,
-		); err != nil {
-			return false, err
-		}
-		defer ovaldb.CloseDB()
-		count, err := ovaldb.CountDefs(osFamily, release)
+func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
+		count, err := driver.CountDefs(osFamily, release)
 		if err != nil {
-			return false, fmt.Errorf("Failed to count OVAL defs: %s, %s, %v",
-				osFamily, release, err)
+			return false, xerrors.Errorf("Failed to count OVAL defs: %s, %s, %w", osFamily, release, err)
 		}
 		return 0 < count, nil
 	}

-	url, _ := util.URLPathJoin(config.Conf.OvalDBURL, "count", osFamily, release)
+	url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "count", osFamily, release)
 	resp, body, errs := gorequest.New().Get(url).End()
 	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return false, fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
-			errs, url, resp)
+		return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
 	}
 	count := 0
 	if err := json.Unmarshal([]byte(body), &count); err != nil {
-		return false, fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
-			body, err)
+		return false, xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
 	}
 	return 0 < count, nil
 }

 // CheckIfOvalFresh checks if oval entries are fresh enough
-func (b Base) CheckIfOvalFresh(osFamily, release string) (ok bool, err error) {
-	ovallog.Initialize(config.Conf.LogDir)
+func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, err error) {
 	var lastModified time.Time
-	if !b.isFetchViaHTTP() {
-		var ovaldb db.DB
-		if ovaldb, err = db.NewDB(
-			osFamily,
-			config.Conf.OvalDBType,
-			config.Conf.OvalDBPath,
-			config.Conf.DebugSQL,
-		); err != nil {
-			return false, err
-		}
-		defer ovaldb.CloseDB()
-		lastModified = ovaldb.GetLastModified(osFamily, release)
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
+		lastModified = driver.GetLastModified(osFamily, release)
 	} else {
-		url, _ := util.URLPathJoin(config.Conf.OvalDBURL, "lastmodified", osFamily, release)
+		url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release)
 		resp, body, errs := gorequest.New().Get(url).End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			return false, fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
-				errs, url, resp)
+			return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
 		}

 		if err := json.Unmarshal([]byte(body), &lastModified); err != nil {
-			return false, fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
-				body, err)
+			return false, xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
 		}
 	}

-	major := strings.Split(release, ".")[0]
 	since := time.Now()
 	since = since.AddDate(0, 0, -3)
 	if lastModified.Before(since) {
 		util.Log.Warnf("OVAL for %s %s is old, last modified is %s. It's recommended to update OVAL to improve scanning accuracy. How to update OVAL database, see https://github.com/kotakanbe/goval-dictionary#usage",
-			osFamily, major, lastModified)
+			osFamily, release, lastModified)
 		return false, nil
 	}
-	util.Log.Infof("OVAL is fresh: %s %s ", osFamily, major)
+	util.Log.Infof("OVAL is fresh: %s %s ", osFamily, release)
 	return true, nil
 }
-
-func (b Base) isFetchViaHTTP() bool {
-	// Default value of OvalDBType is sqlite3
-	return config.Conf.OvalDBURL != "" && config.Conf.OvalDBType == "sqlite3"
-}
--- a/Show More
+++ b/Show More