bump up version

* fix(scan): alpine detection #965

* use knqyf263/go-apk-version

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: kotakanbe

.github/ISSUE_TEMPLATE/BUG_REPORT.md

@@ -1,3 +1,8 @@
+---
+name: Bug Report
+labels: bug
+about: If something isn't working as expected.
+---
 
 # What did you do? (required. The issue will be **closed** when not provided.)
 

.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md

@@ -0,0 +1,9 @@
+---
+name: Feature Request
+labels: enhancement
+about: I have a suggestion (and might want to implement myself)!
+---
+
+<!--
+If this is a FEATURE REQUEST, request format does not matter!
+-->

.github/ISSUE_TEMPLATE/SUPPORT_QUESTION.md

@@ -0,0 +1,10 @@
+---
+name: Support Question
+labels: question
+about: If you have a question about Vuls.
+---
+
+<!--
+If you have a trouble, feel free to ask.
+Make sure you're not asking duplicate question by searching on the issues lists.
+-->

.github/ISSUE_TEMPLATE/VULSREPO.md

@@ -0,0 +1,7 @@
+---
+name: Vuls Repo
+labels: vulsrepo
+about: If something isn't working as expected.
+---
+
+

.gitignore

@@ -13,3 +13,6 @@ log/
 results/
 *config.toml
 !setup/docker/*
+.DS_Store
+dist/
+.idea

.goreleaser.yml

@@ -1,4 +1,6 @@
 project_name: vuls
+env:
+  - GO111MODULE=on
 release:
   github:
     owner: future-architect
@@ -9,7 +11,9 @@ builds:
   goarch:
   - amd64
   main: .
-  ldflags: -s -w -X main.version={{.Version}} -X main.revision={{.Commit}}
+  flags:
+      - -a
+  ldflags: -s -w -X main.version={{.Version}} -X main.revision={{.Commit}} 
   binary: vuls
 archive:
   format: tar.gz

.travis.yml

@@ -1,7 +1,7 @@
 language: go
 
 go:
-  - "1.11.x"
+  - "1.13.x"
 
 after_success:
   - test -n "$TRAVIS_TAG" && curl -sL https://git.io/goreleaser | bash

Dockerfile

@@ -21,11 +21,12 @@ ENV WORKDIR /vuls
 RUN apk add --no-cache \
         openssh-client \
         ca-certificates \
+        git \
     && mkdir -p $WORKDIR $LOGDIR
 
 COPY --from=builder /go/bin/vuls /usr/local/bin/
 
-VOLUME [$WORKDIR, $LOGDIR]
+VOLUME ["$WORKDIR", "$LOGDIR"]
 WORKDIR $WORKDIR
 ENV PWD $WORKDIR
 

GNUmakefile

@@ -1,11 +1,9 @@
 .PHONY: \
-	dep \
-	depup \
 	build \
 	install \
 	all \
 	vendor \
-	lint \
+ 	lint \
 	vet \
 	fmt \
 	fmtcheck \
@@ -18,33 +16,30 @@ SRCS = $(shell git ls-files '*.go')
 PKGS = $(shell go list ./...)
 VERSION := $(shell git describe --tags --abbrev=0)
 REVISION := $(shell git rev-parse --short HEAD)
+BUILDTIME := $(shell date "+%Y%m%d_%H%M%S")
 LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' \
-	-X 'github.com/future-architect/vuls/config.Revision=$(REVISION)'
+    -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
+GO := GO111MODULE=on go
+GO_OFF := GO111MODULE=off go
 
-all: dep build
 
-dep:
-	go get -u github.com/golang/dep/...
-	dep ensure -v
+all: build
 
-depup:
-	go get -u github.com/golang/dep/...
-	dep ensure -update -v
+build: main.go pretest fmt
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls $<
 
-build: main.go dep pretest
-	go build -ldflags "$(LDFLAGS)" -o vuls $<
-
-install: main.go dep pretest
-	go install -ldflags "$(LDFLAGS)"
+b: 	main.go pretest fmt
+	$(GO) build -ldflags "$(LDFLAGS)" -o vuls $<
 
+install: main.go pretest
+	$(GO) install -ldflags "$(LDFLAGS)"
 
 lint:
-	@ go get -v golang.org/x/lint/golint
+	$(GO_OFF) get -u golang.org/x/lint/golint
 	golint $(PKGS)
 
 vet:
-	#  @-go get -v golang.org/x/tools/cmd/vet
-	go vet ./... || exit;
+	echo $(PKGS) | xargs env $(GO) vet || exit;
 
 fmt:
 	gofmt -s -w $(SRCS)
@@ -58,7 +53,7 @@ fmtcheck:
 pretest: lint vet fmtcheck
 
 test: 
-	echo $(PKGS) | xargs go test -cover -v || exit;
+	$(GO) test -cover -v ./... || exit;
 
 unused:
 	$(foreach pkg,$(PKGS),unused $(pkg);)

Gopkg.lock

@@ -1,847 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
-  digest = "1:2f806c4d4e9dee6f144c59099abfa9243a42a8ad9fe0d648273f6f192de6174a"
-  name = "github.com/Azure/azure-sdk-for-go"
-  packages = [
-    "storage",
-    "version",
-  ]
-  pruneopts = "UT"
-  revision = "ef9744da754d0cf00d0cfeae7d1a83f2245a4b1c"
-  version = "v21.2.0"
-
-[[projects]]
-  digest = "1:1fe87891e29a291377b0b2224b99fd857553dff7dce8a6ffb5fda003ce52a8b0"
-  name = "github.com/Azure/go-autorest"
-  packages = [
-    "autorest",
-    "autorest/adal",
-    "autorest/azure",
-    "autorest/date",
-    "logger",
-    "version",
-  ]
-  pruneopts = "UT"
-  revision = "4b7f49dc5db2e1e6d528524d269b4181981a7ebf"
-  version = "v11.1.1"
-
-[[projects]]
-  digest = "1:9f3b30d9f8e0d7040f729b82dcbc8f0dead820a133b3147ce355fc451f32d761"
-  name = "github.com/BurntSushi/toml"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005"
-  version = "v0.3.1"
-
-[[projects]]
-  branch = "master"
-  digest = "1:bb6c15391e666c4f44bdc604772301b93102233ed687be6df6d1c2abbde4f15c"
-  name = "github.com/RackSec/srslog"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "a4725f04ec91af1a91b380da679d6e0c2f061e59"
-
-[[projects]]
-  digest = "1:320e7ead93de9fd2b0e59b50fd92a4d50c1f8ab455d96bc2eb083267453a9709"
-  name = "github.com/asaskevich/govalidator"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "ccb8e960c48f04d6935e72476ae4a51028f9e22f"
-  version = "v9"
-
-[[projects]]
-  digest = "1:b75da992f409ab285c5c2d57869d3df50e1d6869d25bee46bb04571a81db53d9"
-  name = "github.com/aws/aws-sdk-go"
-  packages = [
-    "aws",
-    "aws/awserr",
-    "aws/awsutil",
-    "aws/client",
-    "aws/client/metadata",
-    "aws/corehandlers",
-    "aws/credentials",
-    "aws/credentials/ec2rolecreds",
-    "aws/credentials/endpointcreds",
-    "aws/credentials/stscreds",
-    "aws/csm",
-    "aws/defaults",
-    "aws/ec2metadata",
-    "aws/endpoints",
-    "aws/request",
-    "aws/session",
-    "aws/signer/v4",
-    "internal/s3err",
-    "internal/sdkio",
-    "internal/sdkrand",
-    "internal/sdkuri",
-    "internal/shareddefaults",
-    "private/protocol",
-    "private/protocol/eventstream",
-    "private/protocol/eventstream/eventstreamapi",
-    "private/protocol/query",
-    "private/protocol/query/queryutil",
-    "private/protocol/rest",
-    "private/protocol/restxml",
-    "private/protocol/xml/xmlutil",
-    "service/s3",
-    "service/sts",
-  ]
-  pruneopts = "UT"
-  revision = "66832f7f150914a46ffbfc03210f3b9cb0e4c005"
-  version = "v1.15.57"
-
-[[projects]]
-  digest = "1:0f98f59e9a2f4070d66f0c9c39561f68fcd1dc837b22a852d28d0003aebd1b1e"
-  name = "github.com/boltdb/bolt"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "2f1ce7a837dcb8da3ec595b1dac9d0632f0f99e8"
-  version = "v1.3.1"
-
-[[projects]]
-  digest = "1:2209584c0f7c9b68c23374e659357ab546e1b70eec2761f03280f69a8fd23d77"
-  name = "github.com/cenkalti/backoff"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e"
-  version = "v2.0.0"
-
-[[projects]]
-  digest = "1:e04c00d619875ce5fa67180891984a9b1fadcc031af36bcd7a3509cbdad1df15"
-  name = "github.com/cheggaaa/pb"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "c112833d014c77e8bde723fd0158e3156951639f"
-  version = "v2.0.6"
-
-[[projects]]
-  digest = "1:76dc72490af7174349349838f2fe118996381b31ea83243812a97e5a0fd5ed55"
-  name = "github.com/dgrijalva/jwt-go"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e"
-  version = "v3.2.0"
-
-[[projects]]
-  digest = "1:865079840386857c809b72ce300be7580cb50d3d3129ce11bf9aa6ca2bc1934a"
-  name = "github.com/fatih/color"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"
-  version = "v1.7.0"
-
-[[projects]]
-  digest = "1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd"
-  name = "github.com/fsnotify/fsnotify"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9"
-  version = "v1.4.7"
-
-[[projects]]
-  digest = "1:15e27372d379b45b18ac917b9dafc45c45485239490ece18cca97a12f9591146"
-  name = "github.com/go-ini/ini"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "9c8236e659b76e87bf02044d06fde8683008ff3e"
-  version = "v1.39.0"
-
-[[projects]]
-  digest = "1:7c2fd446293ff7799cc496d3446e674ee67902d119f244de645caf95dff1bb98"
-  name = "github.com/go-redis/redis"
-  packages = [
-    ".",
-    "internal",
-    "internal/consistenthash",
-    "internal/hashtag",
-    "internal/pool",
-    "internal/proto",
-    "internal/singleflight",
-    "internal/util",
-  ]
-  pruneopts = "UT"
-  revision = "f3bba01df2026fc865f7782948845db9cf44cf23"
-  version = "v6.14.1"
-
-[[projects]]
-  digest = "1:adea5a94903eb4384abef30f3d878dc9ff6b6b5b0722da25b82e5169216dfb61"
-  name = "github.com/go-sql-driver/mysql"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "d523deb1b23d913de5bdada721a6071e71283618"
-  version = "v1.4.0"
-
-[[projects]]
-  digest = "1:586ea76dbd0374d6fb649a91d70d652b7fe0ccffb8910a77468e7702e7901f3d"
-  name = "github.com/go-stack/stack"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "2fee6af1a9795aafbe0253a0cfbdf668e1fb8a9a"
-  version = "v1.8.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:df265b7f54410945dad5cf5979d91461b9fa7ff9b397ab58d2d577002a8a0e24"
-  name = "github.com/google/subcommands"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "46f0354f63152e8801bb460d26f5b6c4c878efbb"
-
-[[projects]]
-  digest = "1:7b5c6e2eeaa9ae5907c391a91c132abfd5c9e8a784a341b5625e750c67e6825d"
-  name = "github.com/gorilla/websocket"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "66b9c49e59c6c48f0ffce28c2d8b8a5678502c6d"
-  version = "v1.4.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:4e08dc2383a46b3107f0b34ca338c4459e8fc8ee90e46a60e728aa8a2b21d558"
-  name = "github.com/gosuri/uitable"
-  packages = [
-    ".",
-    "util/strutil",
-    "util/wordwrap",
-  ]
-  pruneopts = "UT"
-  revision = "36ee7e946282a3fb1cfecd476ddc9b35d8847e42"
-
-[[projects]]
-  branch = "master"
-  digest = "1:8dbe76014be3c83806abc61befcb5e1789d2d872bc8f98a8fb955405550c63be"
-  name = "github.com/grokify/html-strip-tags-go"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "e9e44961e26f513866063f54bf85070db95600f7"
-
-[[projects]]
-  digest = "1:77395dd3847dac9c45118c668f5dab85aedf0163dc3b38aea6578c5cf0d502f9"
-  name = "github.com/hashicorp/go-version"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "b5a281d3160aa11950a6182bd9a9dc2cb1e02d50"
-  version = "v1.0.0"
-
-[[projects]]
-  digest = "1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10"
-  name = "github.com/hashicorp/hcl"
-  packages = [
-    ".",
-    "hcl/ast",
-    "hcl/parser",
-    "hcl/printer",
-    "hcl/scanner",
-    "hcl/strconv",
-    "hcl/token",
-    "json/parser",
-    "json/scanner",
-    "json/token",
-  ]
-  pruneopts = "UT"
-  revision = "8cb6e5b959231cc1119e43259c4a608f9c51a241"
-  version = "v1.0.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:0f8b63af5601a93b6b6a63a420c857819e98a252369262d8faf66f3566ba294e"
-  name = "github.com/hashicorp/uuid"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "ebb0a03e909c9c642a36d2527729104324c44fdb"
-
-[[projects]]
-  branch = "master"
-  digest = "1:0778dc7fce1b4669a8bfa7ae506ec1f595b6ab0f8989c1c0d22a8ca1144e9972"
-  name = "github.com/howeyc/gopass"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
-
-[[projects]]
-  digest = "1:e96640e5b9ce93e2d7ee18f48048483080fd23e72e3c38bc17e9c8b77062031a"
-  name = "github.com/inconshreveable/log15"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "67afb5ed74ec82fd7ac8f49d27c509ac6f991970"
-  version = "v2.14"
-
-[[projects]]
-  digest = "1:8fe19266ce82209076d4a81007ff93f40dd349faca4a917aea59d33956bbd4fd"
-  name = "github.com/jinzhu/gorm"
-  packages = [
-    ".",
-    "dialects/mysql",
-    "dialects/postgres",
-    "dialects/sqlite",
-  ]
-  pruneopts = "UT"
-  revision = "6ed508ec6a4ecb3531899a69cbc746ccf65a4166"
-  version = "v1.9.1"
-
-[[projects]]
-  branch = "master"
-  digest = "1:fd97437fbb6b7dce04132cf06775bd258cce305c44add58eb55ca86c6c325160"
-  name = "github.com/jinzhu/inflection"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "04140366298a54a039076d798123ffa108fff46c"
-
-[[projects]]
-  digest = "1:e22af8c7518e1eab6f2eab2b7d7558927f816262586cd6ed9f349c97a6c285c4"
-  name = "github.com/jmespath/go-jmespath"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "0b12d6b5"
-
-[[projects]]
-  digest = "1:114ecad51af93a73ae6781fd0d0bc28e52b433c852b84ab4b4c109c15e6c6b6d"
-  name = "github.com/jroimartin/gocui"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "c055c87ae801372cd74a0839b972db4f7697ae5f"
-  version = "v0.4.0"
-
-[[projects]]
-  digest = "1:16dd6b893b78a50564cdde1d9f7ea67224dece11bb0886bd882f1dc3dc1d440d"
-  name = "github.com/k0kubun/pp"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "027a6d1765d673d337e687394dbe780dd64e2a1e"
-  version = "v2.3.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:bdf08c9b41c029c60ba5dc99443a3ce74eedad842cf2adf9c255513f432422e2"
-  name = "github.com/knqyf263/go-cpe"
-  packages = [
-    "common",
-    "matching",
-    "naming",
-  ]
-  pruneopts = "UT"
-  revision = "659663f6eca2ff32258e282557e7808115ea498a"
-
-[[projects]]
-  branch = "master"
-  digest = "1:a9955a589c7f6f28bd5a5f69da3f1e2cc857c23c7605c5fa7b605f065ba8f3fe"
-  name = "github.com/knqyf263/go-deb-version"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "9865fe14d09b1c729188ac810466dde90f897ee3"
-
-[[projects]]
-  branch = "master"
-  digest = "1:5734c5362ef66c39ddf1b4a11dfe75fa3c1adb70e78059543c83c0c6e89f2bc0"
-  name = "github.com/knqyf263/go-rpm-version"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "74609b86c936dff800c69ec89fcf4bc52d5f13a4"
-
-[[projects]]
-  branch = "master"
-  digest = "1:784bbde718d6f806578d929df8ad88a24817ca4fea5ce498165f46ff238d0deb"
-  name = "github.com/knqyf263/gost"
-  packages = [
-    "config",
-    "db",
-    "models",
-    "util",
-  ]
-  pruneopts = "UT"
-  revision = "920046ad61b30ed1d554140c85daaa9e3ed2ca9e"
-
-[[projects]]
-  digest = "1:0a69a1c0db3591fcefb47f115b224592c8dfa4368b7ba9fae509d5e16cdc95c8"
-  name = "github.com/konsorten/go-windows-terminal-sequences"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "5c8c8bd35d3832f5d134ae1e1e375b69a4d25242"
-  version = "v1.0.1"
-
-[[projects]]
-  branch = "master"
-  digest = "1:336333e5514fc6178cdb4245f64cc34f9c0212daa523a5267e357a7535d5470f"
-  name = "github.com/kotakanbe/go-cve-dictionary"
-  packages = [
-    "config",
-    "db",
-    "log",
-    "models",
-  ]
-  pruneopts = "UT"
-  revision = "bff11c4b0f9d2915f21f49d4530c99033898dbca"
-
-[[projects]]
-  digest = "1:54d3c90db1164399906830313a6fce7770917d7e4a12da8f2d8693d18ff5ef27"
-  name = "github.com/kotakanbe/go-pingscanner"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "641dc2cc2d3cbf295dad356667b74c69bcbd6f70"
-  version = "v0.1.0"
-
-[[projects]]
-  digest = "1:564a03e039dfed4121709e3d76c05c08a9d4291335ca682b5065ae46285a688a"
-  name = "github.com/kotakanbe/goval-dictionary"
-  packages = [
-    "config",
-    "db",
-    "db/rdb",
-    "models",
-  ]
-  pruneopts = "UT"
-  revision = "818624daf2658cc177ea93100ff20c5caed064b6"
-  version = "v0.1.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:0daead102d7ca3af110dfb832e8c14393f197d94e5ffe3f0639f10ea2cc55530"
-  name = "github.com/kotakanbe/logrus-prefixed-formatter"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "928f7356cb964637e2489a6ef37eee55181676c5"
-
-[[projects]]
-  digest = "1:faee5b9f53eb1ae4eb04708c040c8c4dd685ce46509671e57a08520a15c54368"
-  name = "github.com/labstack/gommon"
-  packages = [
-    "color",
-    "log",
-  ]
-  pruneopts = "UT"
-  revision = "2a618302b929cc20862dda3aa6f02f64dbe740dd"
-  version = "v0.2.7"
-
-[[projects]]
-  digest = "1:b18ffc558326ebaed3b4a175617f1e12ed4e3f53d6ebfe5ba372a3de16d22278"
-  name = "github.com/lib/pq"
-  packages = [
-    ".",
-    "hstore",
-    "oid",
-  ]
-  pruneopts = "UT"
-  revision = "4ded0e9383f75c197b3a2aaa6d590ac52df6fd79"
-  version = "v1.0.0"
-
-[[projects]]
-  digest = "1:c568d7727aa262c32bdf8a3f7db83614f7af0ed661474b24588de635c20024c7"
-  name = "github.com/magiconair/properties"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "c2353362d570a7bfa228149c62842019201cfb71"
-  version = "v1.8.0"
-
-[[projects]]
-  digest = "1:4e878df5f4e9fd625bf9c9aac77ef7cbfa4a74c01265505527c23470c0e40300"
-  name = "github.com/marstr/guid"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "8bd9a64bf37eb297b492a4101fb28e80ac0b290f"
-  version = "v1.1.0"
-
-[[projects]]
-  digest = "1:c658e84ad3916da105a761660dcaeb01e63416c8ec7bc62256a9b411a05fcd67"
-  name = "github.com/mattn/go-colorable"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
-  version = "v0.0.9"
-
-[[projects]]
-  digest = "1:0981502f9816113c9c8c4ac301583841855c8cf4da8c72f696b3ebedf6d0e4e5"
-  name = "github.com/mattn/go-isatty"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"
-  version = "v0.0.4"
-
-[[projects]]
-  digest = "1:cdb899c199f907ac9fb50495ec71212c95cb5b0e0a8ee0800da0238036091033"
-  name = "github.com/mattn/go-runewidth"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "ce7b0b5c7b45a81508558cd1dba6bb1e4ddb51bb"
-  version = "v0.0.3"
-
-[[projects]]
-  digest = "1:3cafc6a5a1b8269605d9df4c6956d43d8011fc57f266ca6b9d04da6c09dee548"
-  name = "github.com/mattn/go-sqlite3"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "25ecb14adfc7543176f7d85291ec7dba82c6f7e4"
-  version = "v1.9.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:2b32af4d2a529083275afc192d1067d8126b578c7a9613b26600e4df9c735155"
-  name = "github.com/mgutz/ansi"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "9520e82c474b0a04dd04f8a40959027271bab992"
-
-[[projects]]
-  digest = "1:78bbb1ba5b7c3f2ed0ea1eab57bdd3859aec7e177811563edc41198a760b06af"
-  name = "github.com/mitchellh/go-homedir"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "ae18d6b8b3205b561c79e8e5f69bff09736185f4"
-  version = "v1.0.0"
-
-[[projects]]
-  digest = "1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318"
-  name = "github.com/mitchellh/mapstructure"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "3536a929edddb9a5b34bd6861dc4a9647cb459fe"
-  version = "v1.1.2"
-
-[[projects]]
-  branch = "master"
-  digest = "1:7aefb397a53fc437c90f0fdb3e1419c751c5a3a165ced52325d5d797edf1aca6"
-  name = "github.com/moul/http2curl"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "9ac6cf4d929b2fa8fd2d2e6dec5bb0feb4f4911d"
-
-[[projects]]
-  branch = "master"
-  digest = "1:c72d41e2be29143a802361f175f9eafe81ecd35119b80b7673bb3e997b086687"
-  name = "github.com/mozqnet/go-exploitdb"
-  packages = [
-    "db",
-    "models",
-    "util",
-  ]
-  pruneopts = "UT"
-  revision = "b359807ea9b24f7ce80d1bfa02ffca5ed428ffb5"
-
-[[projects]]
-  digest = "1:95d38d218bf2290987c6b0e885a9f0f2d3d3239235acaddca01c3fe36e5e5566"
-  name = "github.com/nlopes/slack"
-  packages = [
-    ".",
-    "slackutilsx",
-  ]
-  pruneopts = "UT"
-  revision = "b9033a72a20bf84563485e86a2adbea4bf265804"
-  version = "v0.4.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:f335d800550786b6f51ddaedb9d1107a7a72f4a2195e5b039dd7c0e103e119bc"
-  name = "github.com/nsf/termbox-go"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "b66b20ab708e289ff1eb3e218478302e6aec28ce"
-
-[[projects]]
-  branch = "master"
-  digest = "1:f611266e3ac01ab4adb6f1d67f6c1be82998d02f452faff450596658712d860b"
-  name = "github.com/olekukonko/tablewriter"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "be2c049b30ccd4d3fd795d6bf7dce74e42eeedaa"
-
-[[projects]]
-  digest = "1:d776f3e95774a8719f2e57fabbbb33103035fe072dcf6f1864f33abd17b753e5"
-  name = "github.com/parnurzeal/gorequest"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "a578a48e8d6ca8b01a3b18314c43c6716bb5f5a3"
-  version = "v0.2.15"
-
-[[projects]]
-  digest = "1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e"
-  name = "github.com/pelletier/go-toml"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "c01d1270ff3e442a8a57cddc1c92dc1138598194"
-  version = "v1.2.0"
-
-[[projects]]
-  digest = "1:40e195917a951a8bf867cd05de2a46aaf1806c50cf92eebf4c16f78cd196f747"
-  name = "github.com/pkg/errors"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
-  version = "v0.8.0"
-
-[[projects]]
-  digest = "1:1a23fdd843129ef761ffe7651bc5fe7c5b09fbe933e92783ab06cc11c37b7b37"
-  name = "github.com/rifflock/lfshook"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "b9218ef580f59a2e72dad1aa33d660150445d05a"
-  version = "v2.4"
-
-[[projects]]
-  digest = "1:274f67cb6fed9588ea2521ecdac05a6d62a8c51c074c1fccc6a49a40ba80e925"
-  name = "github.com/satori/go.uuid"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3"
-  version = "v1.2.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:b17bd7b89f445e9c4b82f6144a8fe41e60d921fbe4279f669f9464b277927254"
-  name = "github.com/sirupsen/logrus"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "680f584d621da87ee04ea659130e149ba9d23cae"
-
-[[projects]]
-  digest = "1:6a4a11ba764a56d2758899ec6f3848d24698d48442ebce85ee7a3f63284526cd"
-  name = "github.com/spf13/afero"
-  packages = [
-    ".",
-    "mem",
-  ]
-  pruneopts = "UT"
-  revision = "d40851caa0d747393da1ffb28f7f9d8b4eeffebd"
-  version = "v1.1.2"
-
-[[projects]]
-  digest = "1:516e71bed754268937f57d4ecb190e01958452336fa73dbac880894164e91c1f"
-  name = "github.com/spf13/cast"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "8965335b8c7107321228e3e3702cab9832751bac"
-  version = "v1.2.0"
-
-[[projects]]
-  digest = "1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb"
-  name = "github.com/spf13/jwalterweatherman"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "4a4406e478ca629068e7768fc33f3f044173c0a6"
-  version = "v1.0.0"
-
-[[projects]]
-  digest = "1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2"
-  name = "github.com/spf13/pflag"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "298182f68c66c05229eb03ac171abe6e309ee79a"
-  version = "v1.0.3"
-
-[[projects]]
-  digest = "1:214775c11fd26da94a100111a62daa25339198a4f9c57cb4aab352da889f5b93"
-  name = "github.com/spf13/viper"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "2c12c60302a5a0e62ee102ca9bc996277c2f64f5"
-  version = "v1.2.1"
-
-[[projects]]
-  digest = "1:c468422f334a6b46a19448ad59aaffdfc0a36b08fdcc1c749a0b29b6453d7e59"
-  name = "github.com/valyala/bytebufferpool"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "e746df99fe4a3986f4d4f79e13c1e0117ce9c2f7"
-  version = "v1.0.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:268b8bce0064e8c057d7b913605459f9a26dcab864c0886a56d196540fbf003f"
-  name = "github.com/valyala/fasttemplate"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "dcecefd839c4193db0d35b88ec65b4c12d360ab0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:0792df7c7ff49b81c7a8c5a2a47aee897c5bab31fb348c8e2f80a560d675f941"
-  name = "github.com/ymomoi/goval-parser"
-  packages = ["oval"]
-  pruneopts = "UT"
-  revision = "0a0be1dd9d0855b50be0be5a10ad3085382b6d59"
-
-[[projects]]
-  branch = "master"
-  digest = "1:1e63ada43d2806f05965163d1b7d0de9366d60a9077eb1b0c3618156b445e713"
-  name = "golang.org/x/crypto"
-  packages = [
-    "curve25519",
-    "ed25519",
-    "ed25519/internal/edwards25519",
-    "internal/chacha20",
-    "internal/subtle",
-    "poly1305",
-    "ssh",
-    "ssh/agent",
-    "ssh/terminal",
-  ]
-  pruneopts = "UT"
-  revision = "0c41d7ab0a0ee717d4590a44bcb987dfd9e183eb"
-
-[[projects]]
-  branch = "master"
-  digest = "1:fa44bfbd6a531dbb03a45ba46765f876abd24579fcf6d1b64b8546b98a00f15b"
-  name = "golang.org/x/net"
-  packages = [
-    "context",
-    "idna",
-    "publicsuffix",
-  ]
-  pruneopts = "UT"
-  revision = "04a2e542c03f1d053ab3e4d6e5abcd4b66e2be8e"
-
-[[projects]]
-  branch = "master"
-  digest = "1:f5aa274a0377f85735edc7fedfb0811d3cbc20af91633797cb359e29c3272271"
-  name = "golang.org/x/sys"
-  packages = [
-    "unix",
-    "windows",
-  ]
-  pruneopts = "UT"
-  revision = "fa43e7bc11baaae89f3f902b2b4d832b68234844"
-
-[[projects]]
-  digest = "1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18"
-  name = "golang.org/x/text"
-  packages = [
-    "collate",
-    "collate/build",
-    "internal/colltab",
-    "internal/gen",
-    "internal/tag",
-    "internal/triegen",
-    "internal/ucd",
-    "language",
-    "secure/bidirule",
-    "transform",
-    "unicode/bidi",
-    "unicode/cldr",
-    "unicode/norm",
-    "unicode/rangetable",
-  ]
-  pruneopts = "UT"
-  revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
-  version = "v0.3.0"
-
-[[projects]]
-  digest = "1:c25289f43ac4a68d88b02245742347c94f1e108c534dda442188015ff80669b3"
-  name = "google.golang.org/appengine"
-  packages = ["cloudsql"]
-  pruneopts = "UT"
-  revision = "ae0ab99deb4dc413a2b4bd6c8bdd0eb67f1e4d06"
-  version = "v1.2.0"
-
-[[projects]]
-  digest = "1:e626376fab8608a972d47e91b3c1bbbddaecaf1d42b82be6dcc52d10a7557893"
-  name = "gopkg.in/VividCortex/ewma.v1"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "b24eb346a94c3ba12c1da1e564dbac1b498a77ce"
-  version = "v1.1.1"
-
-[[projects]]
-  digest = "1:50ec2f81389fbc7a1e496e1d1dc07adfe080fd15e015e9ba0e08ddaf1d4635ef"
-  name = "gopkg.in/cheggaaa/pb.v1"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "007b75a044e968336a69a6c0c617251ab62ac14c"
-  version = "v1.0.26"
-
-[[projects]]
-  digest = "1:256938e7d43c73bd5e7bb97dd281d1ebe294b2928403ee1fbec96249915d1150"
-  name = "gopkg.in/cheggaaa/pb.v2"
-  packages = ["termutil"]
-  pruneopts = "UT"
-  revision = "c112833d014c77e8bde723fd0158e3156951639f"
-  version = "v2.0.6"
-
-[[projects]]
-  digest = "1:865079840386857c809b72ce300be7580cb50d3d3129ce11bf9aa6ca2bc1934a"
-  name = "gopkg.in/fatih/color.v1"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "5b77d2a35fb0ede96d138fc9a99f5c9b6aef11b4"
-  version = "v1.7.0"
-
-[[projects]]
-  digest = "1:c658e84ad3916da105a761660dcaeb01e63416c8ec7bc62256a9b411a05fcd67"
-  name = "gopkg.in/mattn/go-colorable.v0"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
-  version = "v0.0.9"
-
-[[projects]]
-  digest = "1:0981502f9816113c9c8c4ac301583841855c8cf4da8c72f696b3ebedf6d0e4e5"
-  name = "gopkg.in/mattn/go-isatty.v0"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "6ca4dbf54d38eea1a992b3c722a76a5d1c4cb25c"
-  version = "v0.0.4"
-
-[[projects]]
-  digest = "1:cdb899c199f907ac9fb50495ec71212c95cb5b0e0a8ee0800da0238036091033"
-  name = "gopkg.in/mattn/go-runewidth.v0"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "ce7b0b5c7b45a81508558cd1dba6bb1e4ddb51bb"
-  version = "v0.0.3"
-
-[[projects]]
-  digest = "1:342378ac4dcb378a5448dd723f0784ae519383532f5e70ade24132c4c8693202"
-  name = "gopkg.in/yaml.v2"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183"
-  version = "v2.2.1"
-
-[solve-meta]
-  analyzer-name = "dep"
-  analyzer-version = 1
-  input-imports = [
-    "github.com/Azure/azure-sdk-for-go/storage",
-    "github.com/BurntSushi/toml",
-    "github.com/RackSec/srslog",
-    "github.com/asaskevich/govalidator",
-    "github.com/aws/aws-sdk-go/aws",
-    "github.com/aws/aws-sdk-go/aws/credentials",
-    "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds",
-    "github.com/aws/aws-sdk-go/aws/ec2metadata",
-    "github.com/aws/aws-sdk-go/aws/session",
-    "github.com/aws/aws-sdk-go/service/s3",
-    "github.com/aws/aws-sdk-go/service/sts",
-    "github.com/boltdb/bolt",
-    "github.com/cenkalti/backoff",
-    "github.com/google/subcommands",
-    "github.com/gosuri/uitable",
-    "github.com/hashicorp/uuid",
-    "github.com/howeyc/gopass",
-    "github.com/jroimartin/gocui",
-    "github.com/k0kubun/pp",
-    "github.com/knqyf263/go-cpe/naming",
-    "github.com/knqyf263/go-deb-version",
-    "github.com/knqyf263/go-rpm-version",
-    "github.com/knqyf263/gost/db",
-    "github.com/knqyf263/gost/models",
-    "github.com/kotakanbe/go-cve-dictionary/db",
-    "github.com/kotakanbe/go-cve-dictionary/log",
-    "github.com/kotakanbe/go-cve-dictionary/models",
-    "github.com/kotakanbe/go-pingscanner",
-    "github.com/kotakanbe/goval-dictionary/db",
-    "github.com/kotakanbe/goval-dictionary/models",
-    "github.com/kotakanbe/logrus-prefixed-formatter",
-    "github.com/mitchellh/go-homedir",
-    "github.com/mozqnet/go-exploitdb/db",
-    "github.com/mozqnet/go-exploitdb/models",
-    "github.com/nlopes/slack",
-    "github.com/olekukonko/tablewriter",
-    "github.com/parnurzeal/gorequest",
-    "github.com/pkg/errors",
-    "github.com/rifflock/lfshook",
-    "github.com/sirupsen/logrus",
-    "golang.org/x/crypto/ssh",
-    "golang.org/x/crypto/ssh/agent",
-  ]
-  solver-name = "gps-cdcl"
-  solver-version = 1

Gopkg.toml

@@ -1,37 +0,0 @@
-# Gopkg.toml example
-#
-# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#   name = "github.com/x/y"
-#   version = "2.4.0"
-#
-# [prune]
-#   non-go = false
-#   go-tests = true
-#   unused-packages = true
-
-[[constraint]]
-  name = "github.com/knqyf263/gost"
-  branch = "master"
-
-[[constraint]]
-  name = "github.com/kotakanbe/go-cve-dictionary"
-  branch = "master"
-
-[prune]
-  go-tests = true
-  unused-packages = true

LICENSE

@@ -1,23 +1,21 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
                             Preamble
 
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
 
   The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
+our General Public Licenses are intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
+software for all its users.
 
   When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -26,44 +24,34 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.
 
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
 
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
 
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
 
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
@@ -72,7 +60,7 @@ modification follow.
 
   0. Definitions.
 
-  "This License" refers to version 3 of the GNU General Public License.
+  "This License" refers to version 3 of the GNU Affero General Public License.
 
   "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -549,35 +537,45 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.
 
-  13. Use with the GNU Affero General Public License.
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
 
   Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
+under version 3 of the GNU General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
 
   14. Revised Versions of this License.
 
   The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 
   Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
+Program specifies that a certain numbered version of the GNU Affero General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
+GNU Affero General Public License, you may choose any version ever published
 by the Free Software Foundation.
 
   If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
+versions of the GNU Affero General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.
 
@@ -631,44 +629,33 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
-    Vuls - Vulnerability Scanner
-    Copyright (C) 2016  Future Corporation , Japan.
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
 
     This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
     (at your option) any later version.
 
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
+    GNU Affero General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    Vuls  Copyright (C) 2016  Future Corporation , Japan.
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
 
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

README.md

@@ -5,12 +5,12 @@
 [![License](https://img.shields.io/github/license/future-architect/vuls.svg?style=flat-square)](https://github.com/future-architect/vuls/blob/master/LICENSE)
 [![Build Status](https://travis-ci.org/future-architect/vuls.svg?branch=master)](https://travis-ci.org/future-architect/vuls)
 [![Go Report Card](https://goreportcard.com/badge/github.com/future-architect/vuls)](https://goreportcard.com/report/github.com/future-architect/vuls)
+[![Contributors](https://img.shields.io/github/contributors/future-architect/vuls.svg)](https://github.com/future-architect/vuls/graphs/contributors)
 
+![Vuls-logo](img/vuls_logo.png)
 
-![Vuls-logo](img/vuls_logo.png)  
-
-Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.  
-We have a slack team. [Join slack team](http://goo.gl/forms/xm5KFo35tu)  
+Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.
+We have a slack team. [Join slack team](http://goo.gl/forms/xm5KFo35tu)
 Twitter: [@vuls_en](https://twitter.com/vuls_en)
 
 ![Vuls-Abstract](img/vuls-abstract.png)
@@ -23,135 +23,190 @@ Twitter: [@vuls_en](https://twitter.com/vuls_en)
 
 ----
 
-# Abstract
+## NEWS
+
+| Version     | Main Feature |  Date |
+|:------------|:---------------------------------|:--------------------|
+| [v0.8.0](https://github.com/future-architect/vuls/releases/tag/v0.8.0) | secret | Coming soon |
+| [v0.7.0](https://github.com/future-architect/vuls/releases/tag/v0.7.0) | WordPress Vulnerability Scan | 2019/Apr/8 |
+| [v0.6.3](https://github.com/future-architect/vuls/releases/tag/v0.6.3) | GitHub Integration | 2019/Feb/20 |
+| [v0.6.2](https://github.com/future-architect/vuls/releases/tag/v0.6.2) | Add US-CERT/JPCERT Alerts as VulnSrc | 2019/Jan/23 |
+| [v0.6.1](https://github.com/future-architect/vuls/releases/tag/v0.6.1) | BugFix | 2018/Nov/16 |
+| [v0.6.0](https://github.com/future-architect/vuls/releases/tag/v0.6.0) | Add ExploitDB as VulnSrc | 2018/Nov/3 |
+| [v0.5.0](https://github.com/future-architect/vuls/releases/tag/v0.5.0) | Scan accuracy improvement | 2018/Aug/27 |
+
+----
+
+## Abstract
 
 For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden.
-To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually.
+To avoid downtime in a production environment, it is common for a system administrator to choose not to use the automatic update option provided by the package manager and to perform update manually.
 This leads to the following problems.
-- System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) or similar databases.
-- It might be impossible for the system administrator to monitor all the software if there are a large number of software installed in server.
+
+- The system administrator will have to constantly watch out for any new vulnerabilities in NVD (National Vulnerability Database) or similar databases.
+- It might be impossible for the system administrator to monitor all the software if there are a large number of software packages installed in the server.
 - It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.
 
-
 Vuls is a tool created to solve the problems listed above. It has the following characteristics.
+
 - Informs users of the vulnerabilities that are related to the system.
 - Informs users of the servers that are affected.
 - Vulnerability detection is done automatically to prevent any oversight.
-- Report is generated on regular basis using CRON or other methods. to manage vulnerability.
+- A report is generated on a regular basis using CRON or other methods. to manage vulnerability.
 
 ![Vuls-Motivation](img/vuls-motivation.png)
 
 ----
 
-# Main Features
+## Main Features
 
-## Scan for any vulnerabilities in Linux/FreeBSD Server
+### Scan for any vulnerabilities in Linux/FreeBSD Server
 
 [Supports major Linux/FreeBSD](https://vuls.io/docs/en/supported-os.html)
-- Alpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSD
-- Cloud, on-premise, Docker
 
-##  High quality scan
+- Alpine, Amazon Linux, CentOS, Debian, Oracle Linux, Raspbian, RHEL, SUSE Enterprise Linux, and Ubuntu
+- FreeBSD
+- Cloud, on-premise, Docker Container and Docker Image
+
+### High-quality scan
+
+Vuls uses multiple vulnerability databases
 
-Vuls uses Multiple vulnerability databases
 - [NVD](https://nvd.nist.gov/)
 - [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
 - OVAL
-	- [RedHat](https://www.redhat.com/security/data/oval/)
-	- [Debian](https://www.debian.org/security/oval/)
-	- [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
-	- [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
-	- [Oracle Linux](https://linux.oracle.com/security/oval/)
+  - [Debian](https://www.debian.org/security/oval/)
+  - [Oracle Linux](https://linux.oracle.com/security/oval/)
+  - [RedHat](https://www.redhat.com/security/data/oval/)
+  - [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
+  - [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
+
 - [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
-- [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
 - [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/)
-- Commands(yum, zypper, pkg-audit)
-	- RHSA/ALAS/ELSA/FreeBSD-SA
+- [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
+- Commands (yum, zypper, and pkg-audit)
+  - RHSA/ALAS/ELSA/FreeBSD-SA
 - [Exploit Database](https://www.exploit-db.com/)
+- [US-CERT](https://www.us-cert.gov/ncas/alerts)
+- [JPCERT](http://www.jpcert.or.jp/at/2019.html)
+- [WPVulnDB](https://wpvulndb.com/api)
+- [Node.js Security Working Group](https://github.com/nodejs/security-wg)
+- [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db)
+- [Safety DB(Python)](https://github.com/pyupio/safety-db)
+- [PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories)
+- [RustSec Advisory Database](https://github.com/RustSec/advisory-db)
 - Changelog
 
-## Fast scan and Deep scan
+### Scan mode
 
 [Fast Scan](https://vuls.io/docs/en/architecture-fast-scan.html)
+
 - Scan without root privilege, no dependencies
 - Almost no load on the scan target server
-- Offline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)
+- Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)
 
 [Fast Root Scan](https://vuls.io/docs/en/architecture-fast-root-scan.html)
+
 - Scan with root privilege
 - Almost no load on the scan target server
-- Detect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux)
+- Detect processes affected by update using yum-ps (Amazon Linux, CentOS, Oracle Linux, and RedHat)
 - Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)
-- Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian)
+- Offline mode scan with no internet access. (CentOS, Debian, Oracle Linux, Red Hat, and Ubuntu)
 
-[Deep Scan](https://vuls.io/docs/en/architecture-deep-scan.html)
-- Scan with root privilege
-- Parses the Changelog  
-    Changelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed.
-    By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software
-    it's possible to create a list of all vulnerabilities that need to be fixed.
-- Sometimes load on the scan target server
+### [Remote, Local scan mode, Server mode](https://vuls.io/docs/en/architecture-remote-local.html)
 
-## [Remote scan and Local scan](https://vuls.io/docs/en/architecture-remote-local.html)
+[Remote scan mode](https://vuls.io/docs/en/architecture-remote-scan.html)
 
-[Remote Scan](https://vuls.io/docs/en/architecture-remote-scan.html)
-- User is required to only setup one machine that is connected to other target servers via SSH
+- User is required to only set up one machine that is connected to other target servers via SSH
+
+[Local scan mode](https://vuls.io/docs/en/architecture-local-scan.html)
 
-[Local Scan](https://vuls.io/docs/en/architecture-local-scan.html)
 - If you don't want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.
 
-## **Dynamic** Analysis
+[Server mode](https://vuls.io/docs/en/usage-server.html)
 
-- It is possible to acquire the state of the server by connecting via SSH and executing the command. 
+- First, start Vuls in server mode and listen as an HTTP server.
+- Next, issue a command on the scan target server to collect software information. Then send the result to Vuls Server via HTTP. You receive the scan results as JSON format.
+- No SSH needed, No Scanner needed. Only issuing Linux commands directory on the scan target server.
+
+### **Dynamic** Analysis
+
+- It is possible to acquire the state of the server by connecting via SSH and executing the command.
 - Vuls warns when the scan target server was updated the kernel etc. but not restarting it.
 
-## [Scan middleware that are not included in OS package management](https://vuls.io/docs/en/usage-scan-non-os-packages.html)
+### **Static** Analysis
 
-- Scan middleware, programming language libraries and framework for vulnerability
-- Support software registered in CPE
+**Image scan function is no longer supported from Vuls v0.9.5. Use Trivy directry**
+
+~~Vuls v0.8.0 can scan Docker images using [knqyf263/trivy](https://github.com/knqyf263/trivy).
+Following Registry supported.~~
+
+- ~~ECR~~
+- ~~GCR~~
+- ~~Local Image~~
+
+~~For details, see [Scan docker image](https://vuls.io/docs/en/tutorial-scan-docker-image.html)~~  
+
+### Scan vulnerabilities of non-OS-packages
+
+- Libraries of programming language
+- Self-compiled software
+- Network Devices
+
+Vuls has some options to detect the vulnerabilities
+
+- [Lockfile based Scan](https://vuls.io/docs/en/usage-scan-non-os-packages.html#library-vulns-scan)
+- [GitHub Integration](https://vuls.io/docs/en/usage-scan-non-os-packages.html#usage-integrate-with-github-security-alerts)
+- [Common Platform Enumeration (CPE) based Scan](https://vuls.io/docs/en/usage-scan-non-os-packages.html#cpe-scan)
+- [OWASP Dependency Check Integration](https://vuls.io/docs/en/usage-scan-non-os-packages.html#usage-integrate-with-owasp-dependency-check-to-automatic-update-when-the-libraries-are-updated-experimental)
+
+## Scan WordPress core, themes, plugins
+
+- [Scan WordPress](https://vuls.io/docs/en/usage-scan-wordpress.html)
 
 ## MISC
 
 - Nondestructive testing
 - Pre-authorization is *NOT* necessary before scanning on AWS
-	- Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
-- Auto generation of configuration file template
-	- Auto detection of servers set using CIDR, generate configuration file template
+  - Vuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.
+- Auto-generation of configuration file template
+  - Auto-detection of servers set using CIDR, generate configuration file template
 - Email and Slack notification is possible (supports Japanese language)
-- Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI ([VulsRepo](https://github.com/usiusi360/vulsrepo)).
+- Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI ([VulsRepo](https://github.com/ishiDACo/vulsrepo)).
 
 ----
 
-# What Vuls Doesn't Do
+## What Vuls Doesn't Do
 
 - Vuls doesn't update the vulnerable packages.
 
 ----
 
-# Document
+## Document
 
-For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)  
+For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)
 [日本語翻訳ドキュメント](https://vuls.io/ja/)
 
 ----
 
-# Authors
+## Authors
 
 kotakanbe ([@kotakanbe](https://twitter.com/kotakanbe)) created vuls and [these fine people](https://github.com/future-architect/vuls/graphs/contributors) have contributed.
 
 ----
 
-# Change Log
+## Change Log
 
 Please see [CHANGELOG](https://github.com/future-architect/vuls/blob/master/CHANGELOG.md).
 
 ----
-# Stargazers over time		
-		
-[![Stargazers over time](https://starcharts.herokuapp.com/future-architect/vuls.svg)](https://starcharts.herokuapp.com/future-architect/vuls)		
 
------
+## Stargazers over time
 
-# License
+[![Stargazers over time](https://starcharts.herokuapp.com/future-architect/vuls.svg)](https://starcharts.herokuapp.com/future-architect/vuls)
+
+-----;
+
+## License
 
 Please see [LICENSE](https://github.com/future-architect/vuls/blob/master/LICENSE).

cache/bolt.go

@@ -1,30 +1,13 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package cache
 
 import (
 	"encoding/json"
-	"fmt"
 	"time"
 
 	"github.com/boltdb/bolt"
 	"github.com/future-architect/vuls/util"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/xerrors"
 )
 
 // Bolt holds a pointer of bolt.DB
@@ -69,7 +52,7 @@ func (b *Bolt) createBucketIfNotExists(name string) error {
 	return b.db.Update(func(tx *bolt.Tx) error {
 		_, err := tx.CreateBucketIfNotExists([]byte(name))
 		if err != nil {
-			return fmt.Errorf("Failed to create bucket: %s", err)
+			return xerrors.Errorf("Failed to create bucket: %w", err)
 		}
 		return nil
 	})
@@ -98,7 +81,7 @@ func (b Bolt) RefreshMeta(meta Meta) error {
 	meta.CreatedAt = time.Now()
 	jsonBytes, err := json.Marshal(meta)
 	if err != nil {
-		return fmt.Errorf("Failed to marshal to JSON: %s", err)
+		return xerrors.Errorf("Failed to marshal to JSON: %w", err)
 	}
 	return b.db.Update(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(metabucket))
@@ -114,7 +97,7 @@ func (b Bolt) RefreshMeta(meta Meta) error {
 func (b Bolt) EnsureBuckets(meta Meta) error {
 	jsonBytes, err := json.Marshal(meta)
 	if err != nil {
-		return fmt.Errorf("Failed to marshal to JSON: %s", err)
+		return xerrors.Errorf("Failed to marshal to JSON: %w", err)
 	}
 	return b.db.Update(func(tx *bolt.Tx) error {
 		b.Log.Debugf("Put to meta: %s", meta.Name)
@@ -163,7 +146,7 @@ func (b Bolt) GetChangelog(servername, packName string) (changelog string, err e
 	err = b.db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
 		if bkt == nil {
-			return fmt.Errorf("Failed to get Bucket: %s", servername)
+			return xerrors.Errorf("Failed to get Bucket: %s", servername)
 		}
 		v := bkt.Get([]byte(packName))
 		if v == nil {
@@ -181,7 +164,7 @@ func (b Bolt) PutChangelog(servername, packName, changelog string) error {
 	return b.db.Update(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
 		if bkt == nil {
-			return fmt.Errorf("Failed to get Bucket: %s", servername)
+			return xerrors.Errorf("Failed to get Bucket: %s", servername)
 		}
 		return bkt.Put([]byte(packName), []byte(changelog))
 	})

cache/bolt_test.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package cache
 
 import (

cache/db.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package cache
 
 import (

commands/configtest.go

@@ -1,27 +1,12 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands
 
 import (
 	"context"
 	"flag"
+	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/google/subcommands"
 
@@ -98,7 +83,7 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa
 	util.Log = util.NewCustomLogger(c.ServerInfo{})
 
 	if err := mkdirDotVuls(); err != nil {
-		util.Log.Errorf("Failed to create .vuls: %s", err)
+		util.Log.Errorf("Failed to create .vuls. err: %+v", err)
 		return subcommands.ExitUsageError
 	}
 
@@ -114,9 +99,12 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa
 
 	err = c.Load(p.configPath, keyPass)
 	if err != nil {
-		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
-		util.Log.Errorf("If you update Vuls and get this error, there may be incompatible changes in config.toml")
-		util.Log.Errorf("Please check README: https://github.com/future-architect/vuls#configuration")
+		msg := []string{
+			fmt.Sprintf("Error loading %s", p.configPath),
+			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
+			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
+		}
+		util.Log.Errorf("%s\n%+v", strings.Join(msg, "\n"), err)
 		return subcommands.ExitUsageError
 	}
 
@@ -151,13 +139,13 @@ func (p *ConfigtestCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interfa
 
 	util.Log.Info("Detecting Server/Container OS... ")
 	if err := scan.InitServers(p.timeoutSec); err != nil {
-		util.Log.Errorf("Failed to init servers: %s", err)
+		util.Log.Errorf("Failed to init servers. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 
 	util.Log.Info("Checking Scan Modes...")
 	if err := scan.CheckScanModes(); err != nil {
-		util.Log.Errorf("Fix config.toml: %s", err)
+		util.Log.Errorf("Fix config.toml. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 

commands/discover.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands
 
 import (
@@ -176,6 +159,11 @@ sqlite3Path = "/path/to/go-exploitdb.sqlite3"
 #room     = "xxxxxxxxxxx"
 #apiToken = "xxxxxxxxxxxxxxxxxx"
 
+# https://vuls.io/docs/en/usage-settings.html#telegram-section
+#[telegram]
+#chatID     = "xxxxxxxxxxx"
+#token = "xxxxxxxxxxxxxxxxxx"
+
 # https://vuls.io/docs/en/usage-settings.html#default-section
 [default]
 #port               = "22"
@@ -215,10 +203,19 @@ host                = "{{$ip}}"
 #owaspDCXMLPath = "/path/to/dependency-check-report.xml"
 #ignoreCves     = ["CVE-2014-0160"]
 
+#[servers.{{index $names $i}}.githubs."owner/repo"]
+#token   = "yourToken"
+
+#[servers.{{index $names $i}}.wordpress]
+#cmdPath = "/usr/local/bin/wp"
+#osUser = "wordpress"
+#docRoot = "/path/to/DocumentRoot/"
+#wpVulnDBToken = "xxxxTokenxxxx"
+#ignoreInactive = true
+
 #[servers.{{index $names $i}}.optional]
 #key = "value1"
 
-
 {{end}}
 
 `

commands/history.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands
 
 import (

commands/report.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands
 
 import (
@@ -23,6 +6,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/aquasecurity/trivy/pkg/utils"
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/exploit"
 	"github.com/future-architect/vuls/gost"
@@ -64,12 +48,14 @@ func (*ReportCmd) Usage() string {
 		[-diff]
 		[-ignore-unscored-cves]
 		[-ignore-unfixed]
+		[-ignore-github-dismissed]
 		[-to-email]
 		[-to-http]
 		[-to-slack]
 		[-to-stride]
 		[-to-hipchat]
 		[-to-chatwork]
+		[-to-telegram]
 		[-to-localfile]
 		[-to-s3]
 		[-to-azure-blob]
@@ -85,20 +71,23 @@ func (*ReportCmd) Usage() string {
 		[-http-proxy=http://192.168.0.1:8080]
 		[-debug]
 		[-debug-sql]
+		[-quiet]
+		[-no-progress]
 		[-pipe]
-		[-cvedb-type=sqlite3|mysql|postgres|redis]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
 		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
 		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
 		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
 		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis]
+		[-gostdb-type=sqlite3|mysql|redis|http]
 		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
 		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
-		[-exploitdb-type=sqlite3|mysql|redis]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
 		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
-		[-exploitdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
 		[-http="http://vuls-report-server"]
+		[-trivy-cachedb-dir=/path/to/dir]
 
 		[RFC3339 datetime format under results dir]
 `
@@ -109,6 +98,8 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
 	f.StringVar(&c.Conf.Lang, "lang", "en", "[en|ja]")
 	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
 	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
+	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
+	f.BoolVar(&c.Conf.NoProgress, "no-progress", false, "Suppress progress bar")
 
 	wd, _ := os.Getwd()
 	defaultConfPath := filepath.Join(wd, "config.toml")
@@ -132,10 +123,12 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
 	f.BoolVar(&c.Conf.IgnoreUnscoredCves, "ignore-unscored-cves", false,
 		"Don't report the unscored CVEs")
 
-	f.BoolVar(
-		&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
+	f.BoolVar(&c.Conf.IgnoreUnfixed, "ignore-unfixed", false,
 		"Don't report the unfixed CVEs")
 
+	f.BoolVar(&c.Conf.IgnoreGitHubDismissed, "ignore-github-dismissed", false,
+		"Don't report the dismissed CVEs on GitHub Security Alerts")
+
 	f.StringVar(
 		&c.Conf.HTTPProxy, "http-proxy", "",
 		"http://proxy-url:port (default: empty)")
@@ -154,6 +147,7 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
 	f.BoolVar(&c.Conf.ToStride, "to-stride", false, "Send report via Stride")
 	f.BoolVar(&c.Conf.ToHipChat, "to-hipchat", false, "Send report via hipchat")
 	f.BoolVar(&c.Conf.ToChatWork, "to-chatwork", false, "Send report via chatwork")
+	f.BoolVar(&c.Conf.ToTelegram, "to-telegram", false, "Send report via Telegram")
 	f.BoolVar(&c.Conf.ToEmail, "to-email", false, "Send report via Email")
 	f.BoolVar(&c.Conf.ToSyslog, "to-syslog", false, "Send report via Syslog")
 	f.BoolVar(&c.Conf.ToLocalFile, "to-localfile", false, "Write report to localfile")
@@ -171,31 +165,33 @@ func (p *ReportCmd) SetFlags(f *flag.FlagSet) {
 	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use args passed via PIPE")
 
 	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
-		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
 		"http://go-cve-dictionary.com:1323 or DB connection string")
 
 	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
-		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
+		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
 		"http://goval-dictionary.com:1324 or DB connection string")
 
 	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
-		"DB type of gost (sqlite3, mysql, postgres or redis)")
+		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
 		"http://gost.com:1325 or DB connection string")
 
 	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
-		"DB type of exploit (sqlite3, mysql, postgres or redis)")
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
 		"http://exploit.com:1326 or DB connection string")
 
 	f.StringVar(&p.httpConf.URL, "http", "", "-to-http http://vuls-report")
 
+	f.StringVar(&c.Conf.TrivyCacheDBDir, "trivy-cachedb-dir",
+		utils.DefaultCacheDir(), "/path/to/dir")
 }
 
 // Execute execute
@@ -204,7 +200,7 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
 
 	if err := c.Load(p.configPath, ""); err != nil {
-		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("Error loading %s, %+v", p.configPath, err)
 		return subcommands.ExitUsageError
 	}
 
@@ -222,7 +218,7 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		dir, err = report.JSONDir(f.Args())
 	}
 	if err != nil {
-		util.Log.Errorf("Failed to read from JSON: %s", err)
+		util.Log.Errorf("Failed to read from JSON: %+v", err)
 		return subcommands.ExitFailure
 	}
 
@@ -247,6 +243,10 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		reports = append(reports, report.ChatWorkWriter{})
 	}
 
+	if c.Conf.ToTelegram {
+		reports = append(reports, report.TelegramWriter{})
+	}
+
 	if c.Conf.ToEmail {
 		reports = append(reports, report.EMailWriter{})
 	}
@@ -267,7 +267,7 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 
 	if c.Conf.ToS3 {
 		if err := report.CheckIfBucketExists(); err != nil {
-			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %s",
+			util.Log.Errorf("Check if there is a bucket beforehand: %s, err: %+v",
 				c.Conf.AWS.S3Bucket, err)
 			return subcommands.ExitUsageError
 		}
@@ -288,7 +288,7 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 			return subcommands.ExitUsageError
 		}
 		if err := report.CheckIfAzureContainerExists(); err != nil {
-			util.Log.Errorf("Check if there is a container beforehand: %s, err: %s",
+			util.Log.Errorf("Check if there is a container beforehand: %s, err: %+v",
 				c.Conf.Azure.ContainerName, err)
 			return subcommands.ExitUsageError
 		}
@@ -321,15 +321,21 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	util.Log.Infof("Loaded: %s", dir)
 
 	var res models.ScanResults
+	hasError := false
 	for _, r := range loaded {
 		if len(r.Errors) == 0 {
 			res = append(res, r)
 		} else {
-			util.Log.Warnf("Ignored since errors occurred during scanning: %s",
-				r.ServerName)
+			util.Log.Errorf("Ignored since errors occurred during scanning: %s, err: %v",
+				r.ServerName, r.Errors)
+			hasError = true
 		}
 	}
 
+	if len(res) == 0 {
+		return subcommands.ExitFailure
+	}
+
 	for _, r := range res {
 		util.Log.Debugf("%s: %s",
 			r.ServerInfo(),
@@ -339,7 +345,7 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	if c.Conf.UUID {
 		// Ensure UUIDs of scan target servers in config.toml
 		if err := report.EnsureUUIDs(p.configPath, res); err != nil {
-			util.Log.Errorf("Failed to ensure UUIDs: %s", err)
+			util.Log.Errorf("Failed to ensure UUIDs. err: %+v", err)
 			return subcommands.ExitFailure
 		}
 	}
@@ -350,59 +356,40 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 			return subcommands.ExitUsageError
 		}
 
-		if err := report.CveClient.CheckHealth(); err != nil {
-			util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-sqlite3-path option instead of -cvedb-url")
-			return subcommands.ExitFailure
-		}
 		if c.Conf.CveDict.URL != "" {
-			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
-		} else {
-			if c.Conf.CveDict.Type == "sqlite3" {
-				util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
+			if err := report.CveClient.CheckHealth(); err != nil {
+				util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+				return subcommands.ExitFailure
 			}
 		}
 
 		if c.Conf.OvalDict.URL != "" {
-			util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
 			err := oval.Base{}.CheckHTTPHealth()
 			if err != nil {
-				util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-				util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-sqlite3-path option instead of -ovaldb-url")
+				util.Log.Errorf("OVAL HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
 				return subcommands.ExitFailure
 			}
-		} else {
-			if c.Conf.OvalDict.Type == "sqlite3" {
-				util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
-			}
 		}
 
 		if c.Conf.Gost.URL != "" {
 			util.Log.Infof("gost: %s", c.Conf.Gost.URL)
 			err := gost.Base{}.CheckHTTPHealth()
 			if err != nil {
-				util.Log.Errorf("gost HTTP server is not running. err: %s", err)
-				util.Log.Errorf("Run gost as server mode before reporting or run with -gostdb-sqlite3-path option instead of -gostdb-url")
+				util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
 				return subcommands.ExitFailure
 			}
-		} else {
-			if c.Conf.Gost.Type == "sqlite3" {
-				util.Log.Infof("gost: %s", c.Conf.Gost.SQLite3Path)
-			}
 		}
 
 		if c.Conf.Exploit.URL != "" {
-			util.Log.Infof("exploit: %s", c.Conf.Exploit.URL)
 			err := exploit.CheckHTTPHealth()
 			if err != nil {
-				util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
-				util.Log.Errorf("Run exploit as server mode before reporting or run with -exploitdb-sqlite3-path option instead of -exploitdb-url")
+				util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
+				util.Log.Errorf("Run go-exploitdb as server mode before reporting")
 				return subcommands.ExitFailure
 			}
-		} else {
-			if c.Conf.Exploit.Type == "sqlite3" {
-				util.Log.Infof("exploit: %s", c.Conf.Exploit.SQLite3Path)
-			}
 		}
 		dbclient, locked, err := report.NewDBClient(report.DBClientConf{
 			CveDictCnf:  c.Conf.CveDict,
@@ -412,27 +399,31 @@ func (p *ReportCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 			DebugSQL:    c.Conf.DebugSQL,
 		})
 		if locked {
-			util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
+			util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again. err: %+v", err)
 			return subcommands.ExitFailure
 		}
 		if err != nil {
-			util.Log.Errorf("Failed to init DB Clients: %s", err)
+			util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
 			return subcommands.ExitFailure
 		}
 		defer dbclient.CloseDB()
 
 		if res, err = report.FillCveInfos(*dbclient, res, dir); err != nil {
-			util.Log.Error(err)
+			util.Log.Errorf("%+v", err)
 			return subcommands.ExitFailure
 		}
 	}
 
 	for _, w := range reports {
 		if err := w.Write(res...); err != nil {
-			util.Log.Errorf("Failed to report: %s", err)
+			util.Log.Errorf("Failed to report. err: %+v", err)
 			return subcommands.ExitFailure
 		}
 	}
 
+	if hasError {
+		return subcommands.ExitFailure
+	}
+
 	return subcommands.ExitSuccess
 }

commands/scan.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands
 
 import (
@@ -58,6 +41,8 @@ func (*ScanCmd) Usage() string {
 		[-ssh-native-insecure]
 		[-ssh-config]
 		[-containers-only]
+		[-libs-only]
+		[-wordpress-only]
 		[-skip-broken]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-ask-key-password]
@@ -66,6 +51,8 @@ func (*ScanCmd) Usage() string {
 		[-debug]
 		[-pipe]
 		[-vvv]
+		[-ips]
+
 
 		[SERVER]...
 `
@@ -96,7 +83,13 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
 		"Use SSH options specified in ssh_config preferentially")
 
 	f.BoolVar(&c.Conf.ContainersOnly, "containers-only", false,
-		"Scan containers only. Default: Scan both of hosts and containers")
+		"Scan running containers only. Default: Scan both of hosts and running containers")
+
+	f.BoolVar(&c.Conf.LibsOnly, "libs-only", false,
+		"Scan libraries (lock files) specified in config.toml only.")
+
+	f.BoolVar(&c.Conf.WordPressOnly, "wordpress-only", false,
+		"Scan WordPress only.")
 
 	f.BoolVar(&c.Conf.SkipBroken, "skip-broken", false,
 		"[For CentOS] yum update changelog with --skip-broken option")
@@ -109,6 +102,8 @@ func (p *ScanCmd) SetFlags(f *flag.FlagSet) {
 	)
 
 	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
+
+	f.BoolVar(&c.Conf.DetectIPS, "ips", false, "retrieve IPS information")
 	f.BoolVar(&c.Conf.Vvv, "vvv", false, "ssh -vvv")
 
 	f.IntVar(&p.timeoutSec, "timeout", 5*60,
@@ -126,7 +121,7 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 	util.Log = util.NewCustomLogger(c.ServerInfo{})
 
 	if err := mkdirDotVuls(); err != nil {
-		util.Log.Errorf("Failed to create .vuls: %s", err)
+		util.Log.Errorf("Failed to create .vuls. err: %+v", err)
 		return subcommands.ExitUsageError
 	}
 
@@ -142,9 +137,12 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 
 	err = c.Load(p.configPath, keyPass)
 	if err != nil {
-		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
-		util.Log.Errorf("If you update Vuls and get this error, there may be incompatible changes in config.toml")
-		util.Log.Errorf("Please check README: https://github.com/future-architect/vuls#configuration")
+		msg := []string{
+			fmt.Sprintf("Error loading %s", p.configPath),
+			"If you update Vuls and get this error, there may be incompatible changes in config.toml",
+			"Please check config.toml template : https://vuls.io/docs/en/usage-settings.html",
+		}
+		util.Log.Errorf("%s\n%+v", strings.Join(msg, "\n"), err)
 		return subcommands.ExitUsageError
 	}
 
@@ -157,7 +155,7 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 	} else if c.Conf.Pipe {
 		bytes, err := ioutil.ReadAll(os.Stdin)
 		if err != nil {
-			util.Log.Errorf("Failed to read stdin: %s", err)
+			util.Log.Errorf("Failed to read stdin. err: %+v", err)
 			return subcommands.ExitFailure
 		}
 		fields := strings.Fields(string(bytes))
@@ -193,22 +191,24 @@ func (p *ScanCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{})
 
 	util.Log.Info("Detecting Server/Container OS... ")
 	if err := scan.InitServers(p.timeoutSec); err != nil {
-		util.Log.Errorf("Failed to init servers: %s", err)
+		util.Log.Errorf("Failed to init servers: %+v", err)
 		return subcommands.ExitFailure
 	}
 
 	util.Log.Info("Checking Scan Modes... ")
 	if err := scan.CheckScanModes(); err != nil {
-		util.Log.Errorf("Fix config.toml: %s", err)
+		util.Log.Errorf("Fix config.toml. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 
 	util.Log.Info("Detecting Platforms... ")
 	scan.DetectPlatforms(p.timeoutSec)
+	util.Log.Info("Detecting IPS identifiers... ")
+	scan.DetectIPSs(p.timeoutSec)
 
 	util.Log.Info("Scanning vulnerabilities... ")
 	if err := scan.Scan(p.scanTimeoutSec); err != nil {
-		util.Log.Errorf("Failed to scan. err: %s", err)
+		util.Log.Errorf("Failed to scan. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 	fmt.Printf("\n\n\n")

commands/server.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands
 
 import (
@@ -28,6 +11,8 @@ import (
 	// "github.com/future-architect/vuls/Server"
 
 	c "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/report"
 	"github.com/future-architect/vuls/server"
@@ -38,11 +23,12 @@ import (
 
 // ServerCmd is subcommand for server
 type ServerCmd struct {
-	configPath string
-	listen     string
-	cvelDict   c.GoCveDictConf
-	ovalDict   c.GovalDictConf
-	gostConf   c.GostConf
+	configPath  string
+	listen      string
+	cveDict     c.GoCveDictConf
+	ovalDict    c.GovalDictConf
+	gostConf    c.GostConf
+	exploitConf c.ExploitConf
 }
 
 // Name return subcommand name
@@ -59,36 +45,26 @@ func (*ServerCmd) Usage() string {
 		[-config=/path/to/config.toml]
 		[-log-dir=/path/to/log]
 		[-cvss-over=7]
-		[-diff]
 		[-ignore-unscored-cves]
 		[-ignore-unfixed]
-		[-to-email]
-		[-to-slack]
-		[-to-stride]
-		[-to-hipchat]
-		[-to-chatwork]
 		[-to-localfile]
-		[-to-s3]
-		[-to-azure-blob]
 		[-format-json]
-		[-format-xml]
-		[-format-one-email]
-		[-format-one-line-text]
-		[-format-list]
-		[-format-full-text]
 		[-http-proxy=http://192.168.0.1:8080]
 		[-debug]
 		[-debug-sql]
 		[-listen=localhost:5515]
-		[-cvedb-type=sqlite3|mysql|postgres|redis]
-		[-cvedb-path=/path/to/cve.sqlite3]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
 		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis]
-		[-ovaldb-path=/path/to/oval.sqlite3]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
 		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis]
-		[-gostdb-path=/path/to/gost.sqlite3]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
 		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
 
 		[RFC3339 datetime format under results dir]
 `
@@ -101,8 +77,7 @@ func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
 	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "SQL debug mode")
 
 	wd, _ := os.Getwd()
-	defaultConfPath := filepath.Join(wd, "config.toml")
-	f.StringVar(&p.configPath, "config", defaultConfPath, "/path/to/toml")
+	f.StringVar(&p.configPath, "config", "", "/path/to/toml")
 
 	defaultResultsDir := filepath.Join(wd, "results")
 	f.StringVar(&c.Conf.ResultsDir, "results-dir", defaultResultsDir, "/path/to/results")
@@ -128,23 +103,29 @@ func (p *ServerCmd) SetFlags(f *flag.FlagSet) {
 	f.StringVar(&p.listen, "listen", "localhost:5515",
 		"host:port (default: localhost:5515)")
 
-	f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
-		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
+		"DB type of go-cve-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
 		"http://go-cve-dictionary.com:1323 or DB connection string")
 
 	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
-		"DB type of goval-dictionary (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-path", "", "/path/to/sqlite3")
+		"DB type of goval-dictionary (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.ovalDict.SQLite3Path, "ovaldb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.ovalDict.URL, "ovaldb-url", "",
 		"http://goval-dictionary.com:1324 or DB connection string")
 
 	f.StringVar(&p.gostConf.Type, "gostdb-type", "",
-		"DB type of gost (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-path", "", "/path/to/sqlite3")
+		"DB type of gost (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.gostConf.SQLite3Path, "gostdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.gostConf.URL, "gostdb-url", "",
 		"http://gost.com:1325 or DB connection string")
+
+	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
+	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
+		"http://exploit.com:1326 or DB connection string")
 }
 
 // Execute execute
@@ -152,39 +133,61 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	util.Log = util.NewCustomLogger(c.ServerInfo{})
 	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
 
-	c.Conf.CveDict.Overwrite(p.cvelDict)
+	if p.configPath != "" {
+		if err := c.Load(p.configPath, ""); err != nil {
+			util.Log.Errorf("Error loading %s. err: %+v", p.configPath, err)
+			return subcommands.ExitUsageError
+		}
+	}
+
+	c.Conf.CveDict.Overwrite(p.cveDict)
 	c.Conf.OvalDict.Overwrite(p.ovalDict)
 	c.Conf.Gost.Overwrite(p.gostConf)
+	c.Conf.Exploit.Overwrite(p.exploitConf)
 
 	util.Log.Info("Validating config...")
 	if !c.Conf.ValidateOnReport() {
 		return subcommands.ExitUsageError
 	}
 
-	if err := report.CveClient.CheckHealth(); err != nil {
-		util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
-		util.Log.Errorf("Run go-cve-dictionary as server mode before Servering or run with -cvedb-path option")
-		return subcommands.ExitFailure
+	util.Log.Info("Validating db config...")
+	if !c.Conf.ValidateOnReportDB() {
+		return subcommands.ExitUsageError
 	}
+
 	if c.Conf.CveDict.URL != "" {
-		util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
-	} else {
-		if c.Conf.CveDict.Type == "sqlite3" {
-			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+			return subcommands.ExitFailure
 		}
 	}
 
 	if c.Conf.OvalDict.URL != "" {
-		util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
 		err := oval.Base{}.CheckHTTPHealth()
 		if err != nil {
 			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before Servering or run with -ovaldb-path option")
+			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
 			return subcommands.ExitFailure
 		}
-	} else {
-		if c.Conf.OvalDict.Type == "sqlite3" {
-			util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
+	}
+
+	if c.Conf.Gost.URL != "" {
+		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
+		err := gost.Base{}.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
+			return subcommands.ExitFailure
+		}
+	}
+
+	if c.Conf.Exploit.URL != "" {
+		err := exploit.CheckHTTPHealth()
+		if err != nil {
+			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
+			return subcommands.ExitFailure
 		}
 	}
 
@@ -192,15 +195,16 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 		CveDictCnf:  c.Conf.CveDict,
 		OvalDictCnf: c.Conf.OvalDict,
 		GostCnf:     c.Conf.Gost,
+		ExploitCnf:  c.Conf.Exploit,
 		DebugSQL:    c.Conf.DebugSQL,
 	})
 	if locked {
-		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
+		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %+v", err)
 		return subcommands.ExitFailure
 	}
 
 	if err != nil {
-		util.Log.Errorf("Failed to init DB Clients: %s", err)
+		util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 
@@ -212,7 +216,7 @@ func (p *ServerCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}
 	})
 	util.Log.Infof("Listening on %s", p.listen)
 	if err := http.ListenAndServe(p.listen, nil); err != nil {
-		util.Log.Errorf("Failed to start server: %s", err)
+		util.Log.Errorf("Failed to start server. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 	return subcommands.ExitSuccess

commands/tui.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands
 
 import (
@@ -23,6 +6,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/aquasecurity/trivy/pkg/utils"
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/exploit"
 	"github.com/future-architect/vuls/gost"
@@ -37,7 +21,7 @@ import (
 // TuiCmd is Subcommand of host discovery mode
 type TuiCmd struct {
 	configPath  string
-	cvelDict    c.GoCveDictConf
+	cveDict     c.GoCveDictConf
 	ovalDict    c.GovalDictConf
 	gostConf    c.GostConf
 	exploitConf c.ExploitConf
@@ -63,16 +47,22 @@ func (*TuiCmd) Usage() string {
 		[-log-dir=/path/to/log]
 		[-debug]
 		[-debug-sql]
+		[-quiet]
+		[-no-progress]
 		[-pipe]
-		[-cvedb-type=sqlite3|mysql|postgres|redis]
-		[-cvedb-path=/path/to/cve.sqlite3]
+		[-cvedb-type=sqlite3|mysql|postgres|redis|http]
+		[-cvedb-sqlite3-path=/path/to/cve.sqlite3]
 		[-cvedb-url=http://127.0.0.1:1323 or DB connection string]
-		[-ovaldb-type=sqlite3|mysql|redis]
-		[-ovaldb-path=/path/to/oval.sqlite3]
+		[-ovaldb-type=sqlite3|mysql|redis|http]
+		[-ovaldb-sqlite3-path=/path/to/oval.sqlite3]
 		[-ovaldb-url=http://127.0.0.1:1324 or DB connection string]
-		[-gostdb-type=sqlite3|mysql|redis]
-		[-gostdb-path=/path/to/gost.sqlite3]
+		[-gostdb-type=sqlite3|mysql|redis|http]
+		[-gostdb-sqlite3-path=/path/to/gost.sqlite3]
 		[-gostdb-url=http://127.0.0.1:1325 or DB connection string]
+		[-exploitdb-type=sqlite3|mysql|redis|http]
+		[-exploitdb-sqlite3-path=/path/to/exploitdb.sqlite3]
+		[-exploitdb-url=http://127.0.0.1:1326 or DB connection string]
+		[-trivy-cachedb-dir=/path/to/dir]
 
 `
 }
@@ -82,6 +72,8 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
 	//  f.StringVar(&p.lang, "lang", "en", "[en|ja]")
 	f.BoolVar(&c.Conf.DebugSQL, "debug-sql", false, "debug SQL")
 	f.BoolVar(&c.Conf.Debug, "debug", false, "debug mode")
+	f.BoolVar(&c.Conf.Quiet, "quiet", false, "Quiet mode. No output on stdout")
+	f.BoolVar(&c.Conf.NoProgress, "no-progress", false, "Suppress progress bar")
 
 	defaultLogDir := util.GetDefaultLogDir()
 	f.StringVar(&c.Conf.LogDir, "log-dir", defaultLogDir, "/path/to/log")
@@ -111,10 +103,10 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
 
 	f.BoolVar(&c.Conf.Pipe, "pipe", false, "Use stdin via PIPE")
 
-	f.StringVar(&p.cvelDict.Type, "cvedb-type", "sqlite3",
+	f.StringVar(&p.cveDict.Type, "cvedb-type", "",
 		"DB type of go-cve-dictionary (sqlite3, mysql, postgres or redis)")
-	f.StringVar(&p.cvelDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
-	f.StringVar(&p.cvelDict.URL, "cvedb-url", "",
+	f.StringVar(&p.cveDict.SQLite3Path, "cvedb-path", "", "/path/to/sqlite3")
+	f.StringVar(&p.cveDict.URL, "cvedb-url", "",
 		"http://go-cve-dictionary.com:1323 or DB connection string")
 
 	f.StringVar(&p.ovalDict.Type, "ovaldb-type", "",
@@ -130,11 +122,13 @@ func (p *TuiCmd) SetFlags(f *flag.FlagSet) {
 		"http://gost.com:1325 or DB connection string")
 
 	f.StringVar(&p.exploitConf.Type, "exploitdb-type", "",
-		"DB type of exploit (sqlite3, mysql, postgres or redis)")
+		"DB type of exploit (sqlite3, mysql, postgres, redis or http)")
 	f.StringVar(&p.exploitConf.SQLite3Path, "exploitdb-sqlite3-path", "", "/path/to/sqlite3")
 	f.StringVar(&p.exploitConf.URL, "exploitdb-url", "",
 		"http://exploit.com:1326 or DB connection string")
 
+	f.StringVar(&c.Conf.TrivyCacheDBDir, "trivy-cachedb-dir",
+		utils.DefaultCacheDir(), "/path/to/dir")
 }
 
 // Execute execute
@@ -146,11 +140,11 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 	cvelog.SetLogger(c.Conf.LogDir, false, c.Conf.Debug, false)
 
 	if err := c.Load(p.configPath, ""); err != nil {
-		util.Log.Errorf("Error loading %s, %s", p.configPath, err)
+		util.Log.Errorf("Error loading %s, err: %+v", p.configPath, err)
 		return subcommands.ExitUsageError
 	}
 
-	c.Conf.CveDict.Overwrite(p.cvelDict)
+	c.Conf.CveDict.Overwrite(p.cveDict)
 	c.Conf.OvalDict.Overwrite(p.ovalDict)
 	c.Conf.Gost.Overwrite(p.gostConf)
 	c.Conf.Exploit.Overwrite(p.exploitConf)
@@ -163,7 +157,7 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 		dir, err = report.JSONDir(f.Args())
 	}
 	if err != nil {
-		util.Log.Errorf("Failed to read from JSON: %s", err)
+		util.Log.Errorf("Failed to read from JSON. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 
@@ -179,59 +173,45 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 	}
 	util.Log.Infof("Loaded: %s", dir)
 
-	if err := report.CveClient.CheckHealth(); err != nil {
-		util.Log.Errorf("CVE HTTP server is not running. err: %s", err)
-		util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with -cvedb-sqlite3-path option instead of -cvedb-url")
-		return subcommands.ExitFailure
+	util.Log.Info("Validating db config...")
+	if !c.Conf.ValidateOnReportDB() {
+		return subcommands.ExitUsageError
 	}
+
 	if c.Conf.CveDict.URL != "" {
-		util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.URL)
-	} else {
-		if c.Conf.CveDict.Type == "sqlite3" {
-			util.Log.Infof("cve-dictionary: %s", c.Conf.CveDict.SQLite3Path)
+		if err := report.CveClient.CheckHealth(); err != nil {
+			util.Log.Errorf("CVE HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-cve-dictionary as server mode before reporting or run with `-cvedb-type=sqlite3 -cvedb-sqlite3-path` option instead of -cvedb-url")
+			return subcommands.ExitFailure
 		}
 	}
 
 	if c.Conf.OvalDict.URL != "" {
-		util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.URL)
 		err := oval.Base{}.CheckHTTPHealth()
 		if err != nil {
-			util.Log.Errorf("OVAL HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with -ovaldb-sqlite3-path option instead of -ovaldb-url")
+			util.Log.Errorf("OVAL HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run goval-dictionary as server mode before reporting or run with `-ovaldb-type=sqlite3 -ovaldb-sqlite3-path` option instead of -ovaldb-url")
 			return subcommands.ExitFailure
 		}
-	} else {
-		if c.Conf.OvalDict.Type == "sqlite3" {
-			util.Log.Infof("oval-dictionary: %s", c.Conf.OvalDict.SQLite3Path)
-		}
 	}
 
 	if c.Conf.Gost.URL != "" {
 		util.Log.Infof("gost: %s", c.Conf.Gost.URL)
 		err := gost.Base{}.CheckHTTPHealth()
 		if err != nil {
-			util.Log.Errorf("gost HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run gost as server mode before reporting or run with -gostdb-sqlite3-path option instead of -gostdb-url")
+			util.Log.Errorf("gost HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run gost as server mode before reporting or run with `-gostdb-type=sqlite3 -gostdb-sqlite3-path` option instead of -gostdb-url")
 			return subcommands.ExitFailure
 		}
-	} else {
-		if c.Conf.Gost.Type == "sqlite3" {
-			util.Log.Infof("gost: %s", c.Conf.Gost.SQLite3Path)
-		}
 	}
 
 	if c.Conf.Exploit.URL != "" {
-		util.Log.Infof("exploit: %s", c.Conf.Exploit.URL)
 		err := exploit.CheckHTTPHealth()
 		if err != nil {
-			util.Log.Errorf("exploit HTTP server is not running. err: %s", err)
-			util.Log.Errorf("Run exploit as server mode before reporting or run with -exploitdb-sqlite3-path option instead of -exploitdb-url")
+			util.Log.Errorf("exploit HTTP server is not running. err: %+v", err)
+			util.Log.Errorf("Run go-exploitdb as server mode before reporting")
 			return subcommands.ExitFailure
 		}
-	} else {
-		if c.Conf.Exploit.Type == "sqlite3" {
-			util.Log.Infof("exploit: %s", c.Conf.Exploit.SQLite3Path)
-		}
 	}
 	dbclient, locked, err := report.NewDBClient(report.DBClientConf{
 		CveDictCnf:  c.Conf.CveDict,
@@ -241,12 +221,12 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 		DebugSQL:    c.Conf.DebugSQL,
 	})
 	if locked {
-		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %s", err)
+		util.Log.Errorf("SQLite3 is locked. Close other DB connections and try again: %+v", err)
 		return subcommands.ExitFailure
 	}
 
 	if err != nil {
-		util.Log.Errorf("Failed to init DB Clients: %s", err)
+		util.Log.Errorf("Failed to init DB Clients. err: %+v", err)
 		return subcommands.ExitFailure
 	}
 
@@ -256,5 +236,13 @@ func (p *TuiCmd) Execute(_ context.Context, f *flag.FlagSet, _ ...interface{}) s
 		util.Log.Error(err)
 		return subcommands.ExitFailure
 	}
+
+	for _, r := range res {
+		if len(r.Warnings) != 0 {
+			util.Log.Warnf("Warning: Some warnings occurred while scanning on %s: %s",
+				r.FormatServerName(), r.Warnings)
+		}
+	}
+
 	return report.RunTui(res)
 }

commands/util.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package commands
 
 import (
@@ -24,6 +7,7 @@ import (
 
 	"github.com/howeyc/gopass"
 	homedir "github.com/mitchellh/go-homedir"
+	"golang.org/x/xerrors"
 )
 
 func getPasswd(prompt string) (string, error) {
@@ -31,7 +15,7 @@ func getPasswd(prompt string) (string, error) {
 		fmt.Print(prompt)
 		pass, err := gopass.GetPasswdMasked()
 		if err != nil {
-			return "", fmt.Errorf("Failed to read password")
+			return "", xerrors.New("Failed to read a password")
 		}
 		if 0 < len(pass) {
 			return string(pass), nil

commands/util_test.go

@@ -1,18 +0,0 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package commands

config/color.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config
 
 var (

config/config.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config
 
 import (
@@ -27,13 +10,13 @@ import (
 	"strings"
 
 	syslog "github.com/RackSec/srslog"
-
 	valid "github.com/asaskevich/govalidator"
 	log "github.com/sirupsen/logrus"
+	"golang.org/x/xerrors"
 )
 
 // Version of Vuls
-var Version = "0.5.0"
+var Version = "0.9.5"
 
 // Revision of Git
 var Revision string
@@ -98,31 +81,43 @@ const (
 
 //Config is struct of Configuration
 type Config struct {
-	Debug      bool   `json:"debug"`
-	DebugSQL   bool   `json:"debugSQL"`
-	Lang       string `json:"lang"`
-	HTTPProxy  string `valid:"url" json:"httpProxy"`
-	LogDir     string `json:"logDir"`
-	ResultsDir string `json:"resultsDir"`
-	Pipe       bool   `json:"pipe"`
+	Debug      bool   `json:"debug,omitempty"`
+	DebugSQL   bool   `json:"debugSQL,omitempty"`
+	Lang       string `json:"lang,omitempty"`
+	HTTPProxy  string `valid:"url" json:"httpProxy,omitempty"`
+	LogDir     string `json:"logDir,omitempty"`
+	ResultsDir string `json:"resultsDir,omitempty"`
+	Pipe       bool   `json:"pipe,omitempty"`
+	Quiet      bool   `json:"quiet,omitempty"`
+	NoProgress bool   `json:"noProgress,omitempty"`
 
-	Default            ServerInfo            `json:"default"`
-	Servers            map[string]ServerInfo `json:"servers"`
-	CvssScoreOver      float64               `json:"cvssScoreOver"`
-	IgnoreUnscoredCves bool                  `json:"ignoreUnscoredCves"`
-	IgnoreUnfixed      bool                  `json:"ignoreUnfixed"`
-	SSHNative          bool                  `json:"sshNative"`
-	SSHConfig          bool                  `json:"sshConfig"`
-	ContainersOnly     bool                  `json:"containersOnly"`
-	SkipBroken         bool                  `json:"skipBroken"`
-	CacheDBPath        string                `json:"cacheDBPath"`
-	Vvv                bool                  `json:"vvv"`
-	UUID               bool                  `json:"uuid"`
+	Default       ServerInfo            `json:"default,omitempty"`
+	Servers       map[string]ServerInfo `json:"servers,omitempty"`
+	CvssScoreOver float64               `json:"cvssScoreOver,omitempty"`
 
-	CveDict  GoCveDictConf `json:"cveDict"`
-	OvalDict GovalDictConf `json:"ovalDict"`
-	Gost     GostConf      `json:"gost"`
-	Exploit  ExploitConf   `json:"exploit"`
+	IgnoreUnscoredCves    bool `json:"ignoreUnscoredCves,omitempty"`
+	IgnoreUnfixed         bool `json:"ignoreUnfixed,omitempty"`
+	IgnoreGitHubDismissed bool `json:"ignore_git_hub_dismissed,omitempty"`
+
+	SSHNative bool `json:"sshNative,omitempty"`
+	SSHConfig bool `json:"sshConfig,omitempty"`
+
+	ContainersOnly bool `json:"containersOnly,omitempty"`
+	LibsOnly       bool `json:"libsOnly,omitempty"`
+	WordPressOnly  bool `json:"wordpressOnly,omitempty"`
+
+	CacheDBPath     string `json:"cacheDBPath,omitempty"`
+	TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
+
+	SkipBroken bool `json:"skipBroken,omitempty"`
+	Vvv        bool `json:"vvv,omitempty"`
+	UUID       bool `json:"uuid,omitempty"`
+	DetectIPS  bool `json:"detectIps,omitempty"`
+
+	CveDict  GoCveDictConf `json:"cveDict,omitempty"`
+	OvalDict GovalDictConf `json:"ovalDict,omitempty"`
+	Gost     GostConf      `json:"gost,omitempty"`
+	Exploit  ExploitConf   `json:"exploit,omitempty"`
 
 	Slack    SlackConf    `json:"-"`
 	EMail    SMTPConf     `json:"-"`
@@ -133,36 +128,38 @@ type Config struct {
 	Stride   StrideConf   `json:"-"`
 	HipChat  HipChatConf  `json:"-"`
 	ChatWork ChatWorkConf `json:"-"`
+	Telegram TelegramConf `json:"-"`
 	Saas     SaasConf     `json:"-"`
 
-	RefreshCve        bool `json:"refreshCve"`
-	ToSlack           bool `json:"toSlack"`
-	ToStride          bool `json:"toStride"`
-	ToHipChat         bool `json:"toHipChat"`
-	ToChatWork        bool `json:"toChatWork"`
-	ToEmail           bool `json:"toEmail"`
-	ToSyslog          bool `json:"toSyslog"`
-	ToLocalFile       bool `json:"toLocalFile"`
-	ToS3              bool `json:"toS3"`
-	ToAzureBlob       bool `json:"toAzureBlob"`
-	ToSaas            bool `json:"toSaas"`
-	ToHTTP            bool `json:"toHTTP"`
-	FormatXML         bool `json:"formatXML"`
-	FormatJSON        bool `json:"formatJSON"`
-	FormatOneEMail    bool `json:"formatOneEMail"`
-	FormatOneLineText bool `json:"formatOneLineText"`
-	FormatList        bool `json:"formatList"`
-	FormatFullText    bool `json:"formatFullText"`
-	GZIP              bool `json:"gzip"`
-	Diff              bool `json:"diff"`
+	RefreshCve        bool `json:"refreshCve,omitempty"`
+	ToSlack           bool `json:"toSlack,omitempty"`
+	ToStride          bool `json:"toStride,omitempty"`
+	ToHipChat         bool `json:"toHipChat,omitempty"`
+	ToChatWork        bool `json:"toChatWork,omitempty"`
+	ToTelegram        bool `json:"ToTelegram,omitempty"`
+	ToEmail           bool `json:"toEmail,omitempty"`
+	ToSyslog          bool `json:"toSyslog,omitempty"`
+	ToLocalFile       bool `json:"toLocalFile,omitempty"`
+	ToS3              bool `json:"toS3,omitempty"`
+	ToAzureBlob       bool `json:"toAzureBlob,omitempty"`
+	ToSaas            bool `json:"toSaas,omitempty"`
+	ToHTTP            bool `json:"toHTTP,omitempty"`
+	FormatXML         bool `json:"formatXML,omitempty"`
+	FormatJSON        bool `json:"formatJSON,omitempty"`
+	FormatOneEMail    bool `json:"formatOneEMail,omitempty"`
+	FormatOneLineText bool `json:"formatOneLineText,omitempty"`
+	FormatList        bool `json:"formatList,omitempty"`
+	FormatFullText    bool `json:"formatFullText,omitempty"`
+	GZIP              bool `json:"gzip,omitempty"`
+	Diff              bool `json:"diff,omitempty"`
 }
 
 // ValidateOnConfigtest validates
 func (c Config) ValidateOnConfigtest() bool {
-	errs := []error{}
+	errs := c.checkSSHKeyExist()
 
 	if runtime.GOOS == "windows" && !c.SSHNative {
-		errs = append(errs, fmt.Errorf("-ssh-native-insecure is needed on windows"))
+		errs = append(errs, xerrors.New("-ssh-native-insecure is needed on windows"))
 	}
 
 	_, err := valid.ValidateStruct(c)
@@ -179,29 +176,22 @@ func (c Config) ValidateOnConfigtest() bool {
 
 // ValidateOnScan validates configuration
 func (c Config) ValidateOnScan() bool {
-	errs := []error{}
-
-	if len(c.ResultsDir) != 0 {
-		if ok, _ := valid.IsFilePath(c.ResultsDir); !ok {
-			errs = append(errs, fmt.Errorf(
-				"JSON base directory must be a *Absolute* file path. -results-dir: %s", c.ResultsDir))
-		}
-	}
+	errs := c.checkSSHKeyExist()
 
 	if runtime.GOOS == "windows" && !c.SSHNative {
-		errs = append(errs, fmt.Errorf("-ssh-native-insecure is needed on windows"))
+		errs = append(errs, xerrors.New("-ssh-native-insecure is needed on windows"))
 	}
 
 	if len(c.ResultsDir) != 0 {
 		if ok, _ := valid.IsFilePath(c.ResultsDir); !ok {
-			errs = append(errs, fmt.Errorf(
+			errs = append(errs, xerrors.Errorf(
 				"JSON base directory must be a *Absolute* file path. -results-dir: %s", c.ResultsDir))
 		}
 	}
 
 	if len(c.CacheDBPath) != 0 {
 		if ok, _ := valid.IsFilePath(c.CacheDBPath); !ok {
-			errs = append(errs, fmt.Errorf(
+			errs = append(errs, xerrors.Errorf(
 				"Cache DB path must be a *Absolute* file path. -cache-dbpath: %s",
 				c.CacheDBPath))
 		}
@@ -219,6 +209,21 @@ func (c Config) ValidateOnScan() bool {
 	return len(errs) == 0
 }
 
+func (c Config) checkSSHKeyExist() (errs []error) {
+	for serverName, v := range c.Servers {
+		if v.Type == ServerTypePseudo {
+			continue
+		}
+		if v.KeyPath != "" {
+			if _, err := os.Stat(v.KeyPath); err != nil {
+				errs = append(errs, xerrors.Errorf(
+					"%s is invalid. keypath: %s not exists", serverName, v.KeyPath))
+			}
+		}
+	}
+	return errs
+}
+
 // ValidateOnReportDB validates configuration
 func (c Config) ValidateOnReportDB() bool {
 	errs := []error{}
@@ -226,16 +231,19 @@ func (c Config) ValidateOnReportDB() bool {
 	if err := validateDB("cvedb", c.CveDict.Type, c.CveDict.SQLite3Path, c.CveDict.URL); err != nil {
 		errs = append(errs, err)
 	}
-	if c.CveDict.Type == "sqlite3" {
-		if _, err := os.Stat(c.CveDict.SQLite3Path); os.IsNotExist(err) {
-			errs = append(errs, fmt.Errorf("SQLite3 DB path (%s) is not exist: %s", "cvedb", c.CveDict.SQLite3Path))
-		}
-	}
 
 	if err := validateDB("ovaldb", c.OvalDict.Type, c.OvalDict.SQLite3Path, c.OvalDict.URL); err != nil {
 		errs = append(errs, err)
 	}
 
+	if err := validateDB("gostdb", c.Gost.Type, c.Gost.SQLite3Path, c.Gost.URL); err != nil {
+		errs = append(errs, err)
+	}
+
+	if err := validateDB("exploitdb", c.Exploit.Type, c.Exploit.SQLite3Path, c.Exploit.URL); err != nil {
+		errs = append(errs, err)
+	}
+
 	for _, err := range errs {
 		log.Error(err)
 	}
@@ -249,7 +257,7 @@ func (c Config) ValidateOnReport() bool {
 
 	if len(c.ResultsDir) != 0 {
 		if ok, _ := valid.IsFilePath(c.ResultsDir); !ok {
-			errs = append(errs, fmt.Errorf(
+			errs = append(errs, xerrors.Errorf(
 				"JSON base directory must be a *Absolute* file path. -results-dir: %s", c.ResultsDir))
 		}
 	}
@@ -279,6 +287,10 @@ func (c Config) ValidateOnReport() bool {
 		errs = append(errs, strideerrs...)
 	}
 
+	if telegramerrs := c.Telegram.Validate(); 0 < len(telegramerrs) {
+		errs = append(errs, telegramerrs...)
+	}
+
 	if saaserrs := c.Saas.Validate(); 0 < len(saaserrs) {
 		errs = append(errs, saaserrs...)
 	}
@@ -304,7 +316,7 @@ func (c Config) ValidateOnTui() bool {
 
 	if len(c.ResultsDir) != 0 {
 		if ok, _ := valid.IsFilePath(c.ResultsDir); !ok {
-			errs = append(errs, fmt.Errorf(
+			errs = append(errs, xerrors.Errorf(
 				"JSON base directory must be a *Absolute* file path. -results-dir: %s", c.ResultsDir))
 		}
 	}
@@ -312,11 +324,6 @@ func (c Config) ValidateOnTui() bool {
 	if err := validateDB("cvedb", c.CveDict.Type, c.CveDict.SQLite3Path, c.CveDict.URL); err != nil {
 		errs = append(errs, err)
 	}
-	if c.CveDict.Type == "sqlite3" {
-		if _, err := os.Stat(c.CveDict.SQLite3Path); os.IsNotExist(err) {
-			errs = append(errs, fmt.Errorf("SQLite3 DB path (%s) is not exist: %s", "cvedb", c.CveDict.SQLite3Path))
-		}
-	}
 
 	for _, err := range errs {
 		log.Error(err)
@@ -328,39 +335,42 @@ func (c Config) ValidateOnTui() bool {
 // validateDB validates configuration
 //  dictionaryDB name is 'cvedb' or 'ovaldb'
 func validateDB(dictionaryDBName, dbType, dbPath, dbURL string) error {
+	log.Infof("-%s-type: %s, -%s-url: %s, -%s-path: %s",
+		dictionaryDBName, dbType, dictionaryDBName, dbURL, dictionaryDBName, dbPath)
+
 	switch dbType {
 	case "sqlite3":
+		if dbURL != "" {
+			return xerrors.Errorf("To use SQLite3, specify -%s-type=sqlite3 and -%s-path. To use as http server mode, specify -%s-type=http and -%s-url",
+				dictionaryDBName, dictionaryDBName, dictionaryDBName, dictionaryDBName)
+		}
 		if ok, _ := valid.IsFilePath(dbPath); !ok {
-			return fmt.Errorf(
-				"SQLite3 DB path (%s) must be a *Absolute* file path. -%s-path: %s",
-				dictionaryDBName,
-				dictionaryDBName,
-				dbPath)
+			return xerrors.Errorf("SQLite3 path must be a *Absolute* file path. -%s-path: %s",
+				dictionaryDBName, dbPath)
 		}
 	case "mysql":
 		if dbURL == "" {
-			return fmt.Errorf(
-				`MySQL connection string is needed. -%s-url="user:pass@tcp(localhost:3306)/dbname"`,
+			return xerrors.Errorf(`MySQL connection string is needed. -%s-url="user:pass@tcp(localhost:3306)/dbname"`,
 				dictionaryDBName)
 		}
 	case "postgres":
 		if dbURL == "" {
-			return fmt.Errorf(
-				`PostgreSQL connection string is needed. -%s-url="host=myhost user=user dbname=dbname sslmode=disable password=password"`,
+			return xerrors.Errorf(`PostgreSQL connection string is needed. -%s-url="host=myhost user=user dbname=dbname sslmode=disable password=password"`,
 				dictionaryDBName)
 		}
 	case "redis":
 		if dbURL == "" {
-			return fmt.Errorf(
-				`Redis connection string is needed. -%s-url="redis://localhost/0"`,
+			return xerrors.Errorf(`Redis connection string is needed. -%s-url="redis://localhost/0"`,
+				dictionaryDBName)
+		}
+	case "http":
+		if dbURL == "" {
+			return xerrors.Errorf(`URL is needed. -%s-url="http://localhost:1323"`,
 				dictionaryDBName)
 		}
 	default:
-		return fmt.Errorf(
-			"%s type must be either 'sqlite3', 'mysql', 'postgres' or 'redis'.  -%s-type: %s",
-			dictionaryDBName,
-			dictionaryDBName,
-			dbType)
+		return xerrors.Errorf("%s type must be either 'sqlite3', 'mysql', 'postgres', 'redis' or 'http'.  -%s-type: %s",
+			dictionaryDBName, dictionaryDBName, dbType)
 	}
 	return nil
 }
@@ -383,7 +393,7 @@ func checkEmails(emails []string) (errs []error) {
 			return
 		}
 		if ok := valid.IsEmail(addr); !ok {
-			errs = append(errs, fmt.Errorf("Invalid email address. email: %s", addr))
+			errs = append(errs, xerrors.Errorf("Invalid email address. email: %s", addr))
 		}
 	}
 	return
@@ -405,16 +415,16 @@ func (c *SMTPConf) Validate() (errs []error) {
 	}
 
 	if len(c.SMTPAddr) == 0 {
-		errs = append(errs, fmt.Errorf("email.smtpAddr must not be empty"))
+		errs = append(errs, xerrors.New("email.smtpAddr must not be empty"))
 	}
 	if len(c.SMTPPort) == 0 {
-		errs = append(errs, fmt.Errorf("email.smtpPort must not be empty"))
+		errs = append(errs, xerrors.New("email.smtpPort must not be empty"))
 	}
 	if len(c.To) == 0 {
-		errs = append(errs, fmt.Errorf("email.To required at least one address"))
+		errs = append(errs, xerrors.New("email.To required at least one address"))
 	}
 	if len(c.From) == 0 {
-		errs = append(errs, fmt.Errorf("email.From required at least one address"))
+		errs = append(errs, xerrors.New("email.From required at least one address"))
 	}
 
 	_, err := valid.ValidateStruct(c)
@@ -437,11 +447,11 @@ func (c *StrideConf) Validate() (errs []error) {
 	}
 
 	if len(c.HookURL) == 0 {
-		errs = append(errs, fmt.Errorf("stride.HookURL must not be empty"))
+		errs = append(errs, xerrors.New("stride.HookURL must not be empty"))
 	}
 
 	if len(c.AuthToken) == 0 {
-		errs = append(errs, fmt.Errorf("stride.AuthToken must not be empty"))
+		errs = append(errs, xerrors.New("stride.AuthToken must not be empty"))
 	}
 
 	_, err := valid.ValidateStruct(c)
@@ -469,21 +479,21 @@ func (c *SlackConf) Validate() (errs []error) {
 	}
 
 	if len(c.HookURL) == 0 && len(c.LegacyToken) == 0 {
-		errs = append(errs, fmt.Errorf("slack.hookURL or slack.LegacyToken must not be empty"))
+		errs = append(errs, xerrors.New("slack.hookURL or slack.LegacyToken must not be empty"))
 	}
 
 	if len(c.Channel) == 0 {
-		errs = append(errs, fmt.Errorf("slack.channel must not be empty"))
+		errs = append(errs, xerrors.New("slack.channel must not be empty"))
 	} else {
 		if !(strings.HasPrefix(c.Channel, "#") ||
 			c.Channel == "${servername}") {
-			errs = append(errs, fmt.Errorf(
+			errs = append(errs, xerrors.Errorf(
 				"channel's prefix must be '#', channel: %s", c.Channel))
 		}
 	}
 
 	if len(c.AuthUser) == 0 {
-		errs = append(errs, fmt.Errorf("slack.authUser must not be empty"))
+		errs = append(errs, xerrors.New("slack.authUser must not be empty"))
 	}
 
 	_, err := valid.ValidateStruct(c)
@@ -506,11 +516,11 @@ func (c *HipChatConf) Validate() (errs []error) {
 		return
 	}
 	if len(c.Room) == 0 {
-		errs = append(errs, fmt.Errorf("hipcaht.room must not be empty"))
+		errs = append(errs, xerrors.New("hipcaht.room must not be empty"))
 	}
 
 	if len(c.AuthToken) == 0 {
-		errs = append(errs, fmt.Errorf("hipcaht.AuthToken must not be empty"))
+		errs = append(errs, xerrors.New("hipcaht.AuthToken must not be empty"))
 	}
 
 	_, err := valid.ValidateStruct(c)
@@ -532,11 +542,37 @@ func (c *ChatWorkConf) Validate() (errs []error) {
 		return
 	}
 	if len(c.Room) == 0 {
-		errs = append(errs, fmt.Errorf("chatworkcaht.room must not be empty"))
+		errs = append(errs, xerrors.New("chatworkcaht.room must not be empty"))
 	}
 
 	if len(c.APIToken) == 0 {
-		errs = append(errs, fmt.Errorf("chatworkcaht.ApiToken must not be empty"))
+		errs = append(errs, xerrors.New("chatworkcaht.ApiToken must not be empty"))
+	}
+
+	_, err := valid.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
+
+// TelegramConf is Telegram config
+type TelegramConf struct {
+	Token  string `json:"-"`
+	ChatID string `json:"-"`
+}
+
+// Validate validates configuration
+func (c *TelegramConf) Validate() (errs []error) {
+	if !Conf.ToTelegram {
+		return
+	}
+	if len(c.ChatID) == 0 {
+		errs = append(errs, xerrors.New("TelegramConf.ChatID must not be empty"))
+	}
+
+	if len(c.Token) == 0 {
+		errs = append(errs, xerrors.New("TelegramConf.Token must not be empty"))
 	}
 
 	_, err := valid.ValidateStruct(c)
@@ -560,15 +596,15 @@ func (c *SaasConf) Validate() (errs []error) {
 	}
 
 	if c.GroupID == 0 {
-		errs = append(errs, fmt.Errorf("saas.GroupID must not be empty"))
+		errs = append(errs, xerrors.New("saas.GroupID must not be empty"))
 	}
 
 	if len(c.Token) == 0 {
-		errs = append(errs, fmt.Errorf("saas.Token must not be empty"))
+		errs = append(errs, xerrors.New("saas.Token must not be empty"))
 	}
 
 	if len(c.URL) == 0 {
-		errs = append(errs, fmt.Errorf("saas.URL must not be empty"))
+		errs = append(errs, xerrors.New("saas.URL must not be empty"))
 	}
 
 	_, err := valid.ValidateStruct(c)
@@ -642,7 +678,7 @@ func (c *SyslogConf) GetSeverity() (syslog.Priority, error) {
 	case "debug":
 		return syslog.LOG_DEBUG, nil
 	default:
-		return -1, fmt.Errorf("Invalid severity: %s", c.Severity)
+		return -1, xerrors.Errorf("Invalid severity: %s", c.Severity)
 	}
 }
 
@@ -694,7 +730,7 @@ func (c *SyslogConf) GetFacility() (syslog.Priority, error) {
 	case "local7":
 		return syslog.LOG_LOCAL7, nil
 	default:
-		return -1, fmt.Errorf("Invalid facility: %s", c.Facility)
+		return -1, xerrors.Errorf("Invalid facility: %s", c.Facility)
 	}
 }
 
@@ -783,6 +819,11 @@ func (cnf *GoCveDictConf) Overwrite(cmdOpt GoCveDictConf) {
 	cnf.setDefault()
 }
 
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GoCveDictConf) IsFetchViaHTTP() bool {
+	return Conf.CveDict.Type == "http"
+}
+
 // GovalDictConf is goval-dictionary config
 type GovalDictConf struct {
 
@@ -837,6 +878,11 @@ func (cnf *GovalDictConf) Overwrite(cmdOpt GovalDictConf) {
 	cnf.setDefault()
 }
 
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GovalDictConf) IsFetchViaHTTP() bool {
+	return Conf.OvalDict.Type == "http"
+}
+
 // GostConf is gost config
 type GostConf struct {
 	// DB type for gost dictionary (sqlite3, mysql, postgres or redis)
@@ -890,6 +936,11 @@ func (cnf *GostConf) Overwrite(cmdOpt GostConf) {
 	cnf.setDefault()
 }
 
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GostConf) IsFetchViaHTTP() bool {
+	return Conf.Gost.Type == "http"
+}
+
 // ExploitConf is exploit config
 type ExploitConf struct {
 	// DB type for exploit dictionary (sqlite3, mysql, postgres or redis)
@@ -943,6 +994,11 @@ func (cnf *ExploitConf) Overwrite(cmdOpt ExploitConf) {
 	cnf.setDefault()
 }
 
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *ExploitConf) IsFetchViaHTTP() bool {
+	return Conf.Exploit.Type == "http"
+}
+
 // AWS is aws config
 type AWS struct {
 	// AWS profile to use
@@ -975,31 +1031,38 @@ type Azure struct {
 
 // ServerInfo has SSH Info, additional CPE packages to scan.
 type ServerInfo struct {
-	ServerName             string                      `toml:"-" json:"serverName"`
-	User                   string                      `toml:"user,omitempty" json:"user"`
-	Host                   string                      `toml:"host,omitempty" json:"host"`
-	Port                   string                      `toml:"port,omitempty" json:"port"`
-	KeyPath                string                      `toml:"keyPath,omitempty" json:"keyPath"`
-	KeyPassword            string                      `json:"-" toml:"-"`
+	ServerName             string                      `toml:"-" json:"serverName,omitempty"`
+	User                   string                      `toml:"user,omitempty" json:"user,omitempty"`
+	Host                   string                      `toml:"host,omitempty" json:"host,omitempty"`
+	Port                   string                      `toml:"port,omitempty" json:"port,omitempty"`
+	KeyPath                string                      `toml:"keyPath,omitempty" json:"keyPath,omitempty"`
+	KeyPassword            string                      `json:"-,omitempty" toml:"-"`
 	CpeNames               []string                    `toml:"cpeNames,omitempty" json:"cpeNames,omitempty"`
 	ScanMode               []string                    `toml:"scanMode,omitempty" json:"scanMode,omitempty"`
 	DependencyCheckXMLPath string                      `toml:"dependencyCheckXMLPath,omitempty" json:"-"` // TODO Deprecated remove in near future
-	OwaspDCXMLPath         string                      `toml:"owaspDCXMLPath,omitempty" json:"owaspDCXMLPath"`
+	OwaspDCXMLPath         string                      `toml:"owaspDCXMLPath,omitempty" json:"owaspDCXMLPath,omitempty"`
 	ContainersIncluded     []string                    `toml:"containersIncluded,omitempty" json:"containersIncluded,omitempty"`
 	ContainersExcluded     []string                    `toml:"containersExcluded,omitempty" json:"containersExcluded,omitempty"`
 	ContainerType          string                      `toml:"containerType,omitempty" json:"containerType,omitempty"`
 	Containers             map[string]ContainerSetting `toml:"containers" json:"containers,omitempty"`
 	IgnoreCves             []string                    `toml:"ignoreCves,omitempty" json:"ignoreCves,omitempty"`
 	IgnorePkgsRegexp       []string                    `toml:"ignorePkgsRegexp,omitempty" json:"ignorePkgsRegexp,omitempty"`
+	GitHubRepos            map[string]GitHubConf       `toml:"githubs" json:"githubs,omitempty"` // key: owner/repo
 	UUIDs                  map[string]string           `toml:"uuids,omitempty" json:"uuids,omitempty"`
-	Memo                   string                      `toml:"memo,omitempty" json:"memo"`
+	Memo                   string                      `toml:"memo,omitempty" json:"memo,omitempty"`
 	Enablerepo             []string                    `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, RHEL, Amazon
 	Optional               map[string]interface{}      `toml:"optional,omitempty" json:"optional,omitempty"`     // Optional key-value set that will be outputted to JSON
-	Type                   string                      `toml:"type,omitempty" json:"type"`                       // "pseudo" or ""
-	IPv4Addrs              []string                    `toml:"-" json:"ipv4Addrs,omitempty"`
-	IPv6Addrs              []string                    `toml:"-" json:"ipv6Addrs,omitempty"`
+	Lockfiles              []string                    `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"`   // ie) path/to/package-lock.json
+	FindLock               bool                        `toml:"findLock,omitempty" json:"findLock,omitempty"`
+	Type                   string                      `toml:"type,omitempty" json:"type,omitempty"` // "pseudo" or ""
+
+	WordPress WordPressConf `toml:"wordpress,omitempty" json:"wordpress,omitempty"`
 
 	// used internal
+	IPv4Addrs      []string       `toml:"-" json:"ipv4Addrs,omitempty"`
+	IPv6Addrs      []string       `toml:"-" json:"ipv6Addrs,omitempty"`
+	IPSIdentifiers map[IPS]string `toml:"-" json:"ipsIdentifiers,omitempty"`
+
 	LogMsgAnsiColor string    `toml:"-" json:"-"` // DebugLog Color
 	Container       Container `toml:"-" json:"-"`
 	Distro          Distro    `toml:"-" json:"-"`
@@ -1014,6 +1077,20 @@ type ContainerSetting struct {
 	IgnoreCves       []string `json:"ignoreCves,omitempty"`
 }
 
+// WordPressConf used for WordPress Scanning
+type WordPressConf struct {
+	OSUser         string `toml:"osUser" json:"osUser,omitempty"`
+	DocRoot        string `toml:"docRoot" json:"docRoot,omitempty"`
+	CmdPath        string `toml:"cmdPath" json:"cmdPath,omitempty"`
+	WPVulnDBToken  string `toml:"wpVulnDBToken" json:"-,omitempty"`
+	IgnoreInactive bool   `json:"ignoreInactive,omitempty"`
+}
+
+// GitHubConf is used for GitHub integration
+type GitHubConf struct {
+	Token string `json:"-"`
+}
+
 // ScanMode has a type of scan mode. fast, fast-root, deep and offline
 type ScanMode struct {
 	flag byte
@@ -1054,9 +1131,9 @@ func (s ScanMode) validate() error {
 	if numTrue == 0 {
 		s.Set(Fast)
 	} else if s.IsDeep() && s.IsOffline() {
-		return fmt.Errorf("Don't specify both of -deep and offline")
+		return xerrors.New("Don't specify both of -deep and offline")
 	} else if numTrue != 1 {
-		return fmt.Errorf("Specify only one of -fast, -fast-root or -deep")
+		return xerrors.New("Specify only one of -fast, -fast-root or -deep")
 	}
 	return nil
 }
@@ -1119,7 +1196,7 @@ func (l Distro) MajorVersion() (ver int, err error) {
 	if 0 < len(l.Release) {
 		ver, err = strconv.Atoi(strings.Split(l.Release, ".")[0])
 	} else {
-		err = fmt.Errorf("Release is empty")
+		err = xerrors.New("Release is empty")
 	}
 	return
 }

config/ips.go

@@ -0,0 +1,9 @@
+package config
+
+// IPS is
+type IPS string
+
+const (
+	// DeepSecurity is
+	DeepSecurity IPS = "deepsecurity"
+)

config/jsonloader.go

@@ -1,23 +1,6 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config
 
-import "fmt"
+import "golang.org/x/xerrors"
 
 // JSONLoader loads configuration
 type JSONLoader struct {
@@ -25,5 +8,5 @@ type JSONLoader struct {
 
 // Load load the configuration JSON file specified by path arg.
 func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error) {
-	return fmt.Errorf("Not implement yet")
+	return xerrors.New("Not implement yet")
 }

config/loader.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config
 
 // Load loads configuration

config/tomlloader.go

@@ -1,30 +1,12 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package config
 
 import (
-	"fmt"
-	"os"
 	"regexp"
 	"strings"
 
 	"github.com/BurntSushi/toml"
 	"github.com/knqyf263/go-cpe/naming"
+	"golang.org/x/xerrors"
 )
 
 // TOMLLoader loads config
@@ -42,6 +24,7 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 	Conf.Stride = conf.Stride
 	Conf.HipChat = conf.HipChat
 	Conf.ChatWork = conf.ChatWork
+	Conf.Telegram = conf.Telegram
 	Conf.Saas = conf.Saas
 	Conf.Syslog = conf.Syslog
 	Conf.HTTP = conf.HTTP
@@ -64,14 +47,14 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 	i := 0
 	for serverName, v := range conf.Servers {
 		if 0 < len(v.KeyPassword) {
-			return fmt.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", serverName)
+			return xerrors.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", serverName)
 		}
 
 		s := ServerInfo{ServerName: serverName}
 		if v.Type != ServerTypePseudo {
 			s.Host = v.Host
 			if len(s.Host) == 0 {
-				return fmt.Errorf("%s is invalid. host is empty", serverName)
+				return xerrors.Errorf("%s is invalid. host is empty", serverName)
 			}
 
 			switch {
@@ -90,7 +73,7 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 				s.User = d.User
 			default:
 				if s.Port != "local" {
-					return fmt.Errorf("%s is invalid. User is empty", serverName)
+					return xerrors.Errorf("%s is invalid. User is empty", serverName)
 				}
 			}
 
@@ -98,13 +81,6 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			if len(s.KeyPath) == 0 {
 				s.KeyPath = d.KeyPath
 			}
-			if s.KeyPath != "" {
-				if _, err := os.Stat(s.KeyPath); err != nil {
-					return fmt.Errorf(
-						"%s is invalid. keypath: %s not exists", serverName, s.KeyPath)
-				}
-			}
-
 			s.KeyPassword = v.KeyPassword
 			if len(s.KeyPassword) == 0 {
 				s.KeyPassword = d.KeyPassword
@@ -129,11 +105,11 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			case "offline":
 				s.Mode.Set(Offline)
 			default:
-				return fmt.Errorf("scanMode: %s of %s is invalie. Specify -fast, -fast-root, -deep or offline", m, serverName)
+				return xerrors.Errorf("scanMode: %s of %s is invalie. Specify -fast, -fast-root, -deep or offline", m, serverName)
 			}
 		}
 		if err := s.Mode.validate(); err != nil {
-			return fmt.Errorf("%s in %s", err, serverName)
+			return xerrors.Errorf("%s in %s", err, serverName)
 		}
 
 		s.CpeNames = v.CpeNames
@@ -141,10 +117,17 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 			s.CpeNames = d.CpeNames
 		}
 
+		s.Lockfiles = v.Lockfiles
+		if len(s.Lockfiles) == 0 {
+			s.Lockfiles = d.Lockfiles
+		}
+
+		s.FindLock = v.FindLock
+
 		for i, n := range s.CpeNames {
 			uri, err := toCpeURI(n)
 			if err != nil {
-				return fmt.Errorf("Failed to parse CPENames %s in %s: %s", n, serverName, err)
+				return xerrors.Errorf("Failed to parse CPENames %s in %s, err: %w", n, serverName, err)
 			}
 			s.CpeNames[i] = uri
 		}
@@ -171,7 +154,7 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 		}
 
 		if len(v.DependencyCheckXMLPath) != 0 || len(d.DependencyCheckXMLPath) != 0 {
-			return fmt.Errorf("[DEPRECATED] dependencyCheckXMLPath IS DEPRECATED. USE owaspDCXMLPath INSTEAD: %s", serverName)
+			return xerrors.Errorf("[DEPRECATED] dependencyCheckXMLPath IS DEPRECATED. USE owaspDCXMLPath INSTEAD: %s", serverName)
 		}
 
 		s.OwaspDCXMLPath = v.OwaspDCXMLPath
@@ -214,14 +197,14 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 		for _, reg := range s.IgnorePkgsRegexp {
 			_, err := regexp.Compile(reg)
 			if err != nil {
-				return fmt.Errorf("Faild to parse %s in %s. err: %s", reg, serverName, err)
+				return xerrors.Errorf("Faild to parse %s in %s. err: %w", reg, serverName, err)
 			}
 		}
 		for contName, cont := range s.Containers {
 			for _, reg := range cont.IgnorePkgsRegexp {
 				_, err := regexp.Compile(reg)
 				if err != nil {
-					return fmt.Errorf("Faild to parse %s in %s@%s. err: %s",
+					return xerrors.Errorf("Faild to parse %s in %s@%s. err: %w",
 						reg, contName, serverName, err)
 				}
 			}
@@ -246,16 +229,34 @@ func (c TOMLLoader) Load(pathToToml, keyPass string) error {
 				case "base", "updates":
 					// nop
 				default:
-					return fmt.Errorf(
+					return xerrors.Errorf(
 						"For now, enablerepo have to be base or updates: %s, servername: %s",
 						s.Enablerepo, serverName)
 				}
 			}
 		}
 
+		s.GitHubRepos = v.GitHubRepos
+		for ownerRepo, githubSetting := range s.GitHubRepos {
+			if ss := strings.Split(ownerRepo, "/"); len(ss) != 2 {
+				return xerrors.Errorf("Failed to parse GitHub owner/repo: %s in %s",
+					ownerRepo, serverName)
+			}
+			if githubSetting.Token == "" {
+				return xerrors.Errorf("GitHub owner/repo: %s in %s token is empty",
+					ownerRepo, serverName)
+			}
+		}
+
 		s.UUIDs = v.UUIDs
 		s.Type = v.Type
 
+		s.WordPress.WPVulnDBToken = v.WordPress.WPVulnDBToken
+		s.WordPress.CmdPath = v.WordPress.CmdPath
+		s.WordPress.DocRoot = v.WordPress.DocRoot
+		s.WordPress.OSUser = v.WordPress.OSUser
+		s.WordPress.IgnoreInactive = v.WordPress.IgnoreInactive
+
 		s.LogMsgAnsiColor = Colors[i%len(Colors)]
 		i++
 
@@ -279,5 +280,5 @@ func toCpeURI(cpename string) (string, error) {
 		}
 		return naming.BindToURI(wfn), nil
 	}
-	return "", fmt.Errorf("Unknow CPE format: %s", cpename)
+	return "", xerrors.Errorf("Unknow CPE format: %s", cpename)
 }

contrib/owasp-dependency-check/parser/parser.go

@@ -2,12 +2,13 @@ package parser
 
 import (
 	"encoding/xml"
-	"fmt"
 	"io/ioutil"
 	"os"
 	"strings"
 
+	"github.com/knqyf263/go-cpe/naming"
 	log "github.com/sirupsen/logrus"
+	"golang.org/x/xerrors"
 )
 
 type analysis struct {
@@ -15,12 +16,11 @@ type analysis struct {
 }
 
 type dependency struct {
-	Identifiers []identifier `xml:"identifiers>identifier"`
+	Identifiers []vulnerabilityID `xml:"identifiers>vulnerabilityIds"`
 }
 
-type identifier struct {
-	Name string `xml:"name"`
-	Type string `xml:"type,attr"`
+type vulnerabilityID struct {
+	ID string `xml:"id"`
 }
 
 func appendIfMissing(slice []string, str string) []string {
@@ -49,17 +49,22 @@ func Parse(path string) ([]string, error) {
 
 	var anal analysis
 	if err := xml.Unmarshal(b, &anal); err != nil {
-		return nil, fmt.Errorf("Failed to unmarshal: %s", err)
+		return nil, xerrors.Errorf("Failed to unmarshal: %s", err)
 	}
 
 	cpes := []string{}
 	for _, d := range anal.Dependencies {
 		for _, ident := range d.Identifiers {
-			if ident.Type == "cpe" {
-				name := strings.TrimPrefix(ident.Name, "(")
-				name = strings.TrimSuffix(name, ")")
-				cpes = appendIfMissing(cpes, name)
+			id := ident.ID // Start with cpe:2.3:
+			// Convert from CPE 2.3 to CPE 2.2
+			if strings.HasPrefix(id, "cpe:2.3:") {
+				wfn, err := naming.UnbindFS(id)
+				if err != nil {
+					return []string{}, err
+				}
+				id = naming.BindToURI(wfn)
 			}
+			cpes = appendIfMissing(cpes, id)
 		}
 	}
 	return cpes, nil

cwe/cwe.go

@@ -0,0 +1,33 @@
+package cwe
+
+// CweTopTwentyfive2019 has CWE-ID in CWE Top 25
+var CweTopTwentyfive2019 = map[string]string{
+	"119": "1",
+	"79":  "2",
+	"20":  "3",
+	"200": "4",
+	"125": "5",
+	"89":  "6",
+	"416": "7",
+	"190": "8",
+	"352": "9",
+	"22":  "10",
+	"78":  "11",
+	"787": "12",
+	"287": "13",
+	"476": "14",
+	"732": "16",
+	"434": "16",
+	"611": "17",
+	"94":  "18",
+	"798": "19",
+	"400": "20",
+	"772": "21",
+	"426": "22",
+	"502": "23",
+	"269": "24",
+	"295": "25",
+}
+
+// CweTopTwentyfive2019URL has CWE Top25 links
+var CweTopTwentyfive2019URL = "https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html"

cwe/sans.go

@@ -0,0 +1,33 @@
+package cwe
+
+// SansTopTwentyfive has CWE-ID in CWE/SANS Top 25
+var SansTopTwentyfive = map[string]string{
+	"89":  "1",
+	"78":  "2",
+	"120": "3",
+	"79":  "4",
+	"306": "5",
+	"862": "6",
+	"798": "7",
+	"311": "8",
+	"434": "9",
+	"807": "10",
+	"250": "11",
+	"352": "12",
+	"22":  "13",
+	"494": "14",
+	"863": "15",
+	"829": "16",
+	"732": "17",
+	"676": "18",
+	"327": "19",
+	"131": "20",
+	"307": "21",
+	"601": "22",
+	"134": "23",
+	"190": "24",
+	"759": "25",
+}
+
+// SansTopTwentyfiveURL is a URL of sans 25
+var SansTopTwentyfiveURL = "https://www.sans.org/top25-software-errors/"

errof/errof.go

@@ -0,0 +1,27 @@
+package errof
+
+// ErrorCode is vuls error code
+type ErrorCode string
+
+// Error is vuls error
+type Error struct {
+	Code    ErrorCode
+	Message string
+}
+
+func (e Error) Error() string {
+	return e.Message
+}
+
+var (
+	// ErrFailedToAccessGithubAPI is error of github alert's api access
+	ErrFailedToAccessGithubAPI ErrorCode = "ErrFailedToAccessGithubAPI"
+)
+
+// New :
+func New(code ErrorCode, msg string) Error {
+	return Error{
+		Code:    code,
+		Message: msg,
+	}
+}

exploit/exploit.go

@@ -1,81 +1,85 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package exploit
 
 import (
+	"encoding/json"
 	"fmt"
 	"net/http"
 
 	cnf "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
 	"github.com/mozqnet/go-exploitdb/db"
 	exploitmodels "github.com/mozqnet/go-exploitdb/models"
 	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )
 
 // FillWithExploit fills exploit information that has in Exploit
 func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err error) {
-	if isFetchViaHTTP() {
-		// TODO
-		return 0, fmt.Errorf("We are not yet supporting data acquisition in exploitdb server mode")
-	}
-
-	if driver == nil {
-		return 0, nil
-	}
-	for cveID, vuln := range r.ScannedCves {
-		es := driver.GetExploitByCveID(cveID)
-		if len(es) == 0 {
-			continue
+	if cnf.Conf.Exploit.IsFetchViaHTTP() {
+		var cveIDs []string
+		for cveID := range r.ScannedCves {
+			cveIDs = append(cveIDs, cveID)
+		}
+		prefix, _ := util.URLPathJoin(cnf.Conf.Exploit.URL, "cves")
+		responses, err := getCvesViaHTTP(cveIDs, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			exps := []*exploitmodels.Exploit{}
+			if err := json.Unmarshal([]byte(res.json), &exps); err != nil {
+				return 0, err
+			}
+			exploits := ConvertToModels(exps)
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				v.Exploits = exploits
+			}
+			r.ScannedCves[res.request.cveID] = v
+			nExploitCve++
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for cveID, vuln := range r.ScannedCves {
+			if cveID == "" {
+				continue
+			}
+			es := driver.GetExploitByCveID(cveID)
+			if len(es) == 0 {
+				continue
+			}
+			exploits := ConvertToModels(es)
+			vuln.Exploits = exploits
+			r.ScannedCves[cveID] = vuln
+			nExploitCve++
 		}
-		exploits := ConvertToModel(es)
-		vuln.Exploits = exploits
-		r.ScannedCves[cveID] = vuln
-		nExploitCve++
 	}
 	return nExploitCve, nil
 }
 
-// ConvertToModel converts gost model to vuls model
-func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
+// ConvertToModels converts gost model to vuls model
+func ConvertToModels(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
 	for _, e := range es {
-		var documentURL, paperURL, shellURL *string
-		var description string
-		if e.Document != nil {
-			documentURL = &e.Document.DocumentURL
-			description = e.Document.Description
-		}
-		if e.ShellCode != nil {
-			shellURL = &e.ShellCode.ShellCodeURL
-			description = e.ShellCode.Description
-		}
-		if e.Paper != nil {
-			paperURL = &e.Paper.PaperURL
-			description = e.Paper.Description
+		var documentURL, shellURL *string
+		if e.OffensiveSecurity != nil {
+			os := e.OffensiveSecurity
+			if os.Document != nil {
+				documentURL = &os.Document.DocumentURL
+			}
+			if os.ShellCode != nil {
+				shellURL = &os.ShellCode.ShellCodeURL
+			}
 		}
 		exploit := models.Exploit{
-			ExploitType:  models.ExploitDB,
-			ID:           e.ExploitDBID,
-			URL:          e.ExploitDBURL,
-			Description:  description,
+			ExploitType:  e.ExploitType,
+			ID:           e.ExploitUniqueID,
+			URL:          e.URL,
+			Description:  e.Description,
 			DocumentURL:  documentURL,
 			ShellCodeURL: shellURL,
-			PaperURL:     paperURL,
 		}
 		exploits = append(exploits, exploit)
 	}
@@ -84,7 +88,7 @@ func ConvertToModel(es []*exploitmodels.Exploit) (exploits []models.Exploit) {
 
 // CheckHTTPHealth do health check
 func CheckHTTPHealth() error {
-	if !isFetchViaHTTP() {
+	if !cnf.Conf.Exploit.IsFetchViaHTTP() {
 		return nil
 	}
 
@@ -95,8 +99,7 @@ func CheckHTTPHealth() error {
 	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
 	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return fmt.Errorf("Failed to connect to exploit server. url: %s, errs: %v",
-			url, errs)
+		return xerrors.Errorf("Failed to connect to exploit server. url: %s, errs: %w", url, errs)
 	}
 	return nil
 }
@@ -112,8 +115,3 @@ func CheckIfExploitFresh(driver db.DB, osFamily string) (ok bool, err error) {
 	//TODO
 	return true, nil
 }
-
-func isFetchViaHTTP() bool {
-	// Default value of OvalDBType is sqlite3
-	return cnf.Conf.Exploit.URL != "" && cnf.Conf.Exploit.Type == "sqlite3"
-}

exploit/exploit_test.go

@@ -1,8 +0,0 @@
-package exploit
-
-import (
-	"testing"
-)
-
-func TestSetPackageStates(t *testing.T) {
-}

exploit/util.go

@@ -1,30 +1,13 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package exploit
 
 import (
-	"fmt"
 	"net/http"
 	"time"
 
 	"github.com/cenkalti/backoff"
 	"github.com/future-architect/vuls/util"
 	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )
 
 type response struct {
@@ -79,11 +62,11 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, fmt.Errorf("Timeout Fetching OVAL")
+			return nil, xerrors.New("Timeout Fetching OVAL")
 		}
 	}
 	if len(errs) != 0 {
-		return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
 	}
 	return
 }
@@ -108,8 +91,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 			if count == retryMax {
 				return nil
 			}
-			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
-				errs, url, resp)
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
 		}
 		return nil
 	}
@@ -118,11 +100,11 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
-		errChan <- fmt.Errorf("HTTP Error %s", err)
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
 		return
 	}
 	if count == retryMax {
-		errChan <- fmt.Errorf("HRetry count exceeded")
+		errChan <- xerrors.New("Retry count exceeded")
 		return
 	}
 

github/github.go

@@ -0,0 +1,179 @@
+package github
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"time"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/errof"
+	"github.com/future-architect/vuls/models"
+	"golang.org/x/oauth2"
+)
+
+// FillGitHubSecurityAlerts access to owner/repo on GitHub and fetch scurity alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult.
+// https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
+func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error) {
+	src := oauth2.StaticTokenSource(
+		&oauth2.Token{AccessToken: token},
+	)
+	httpClient := oauth2.NewClient(context.Background(), src)
+
+	// TODO Use `https://github.com/shurcooL/githubv4` if the tool supports vulnerabilityAlerts Endpoint
+	// Memo : https://developer.github.com/v4/explorer/
+	const jsonfmt = `{"query":
+	"query { repository(owner:\"%s\", name:\"%s\") { url vulnerabilityAlerts(first: %d, %s) { pageInfo { endCursor hasNextPage startCursor } edges { node { id dismissReason dismissedAt securityVulnerability{ package { name ecosystem } severity vulnerableVersionRange firstPatchedVersion { identifier } } securityAdvisory { description ghsaId permalink publishedAt summary updatedAt withdrawnAt origin severity references { url } identifiers { type value } } } } } } } "}`
+	after := ""
+
+	for {
+		jsonStr := fmt.Sprintf(jsonfmt, owner, repo, 100, after)
+		req, err := http.NewRequest("POST",
+			"https://api.github.com/graphql",
+			bytes.NewBuffer([]byte(jsonStr)),
+		)
+		if err != nil {
+			return 0, err
+		}
+
+		// https://developer.github.com/v4/previews/#repository-vulnerability-alerts
+		// To toggle this preview and access data, need to provide a custom media type in the Accept header:
+		// MEMO: I tried to get the affected version via GitHub API. Bit it seems difficult to determin the affected version if there are multiple dependency files such as package.json.
+		// TODO remove this header if it is no longer preview status in the future.
+		req.Header.Set("Accept", "application/vnd.github.package-deletes-preview+json")
+		req.Header.Set("Content-Type", "application/json")
+
+		resp, err := httpClient.Do(req)
+		if err != nil {
+			return 0, err
+		}
+		defer resp.Body.Close()
+
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return 0, err
+		}
+
+		alerts := SecurityAlerts{}
+		if json.Unmarshal(body, &alerts); err != nil {
+			return 0, err
+		}
+
+		// util.Log.Debugf("%s", pp.Sprint(alerts))
+		// util.Log.Debugf("%s", string(body))
+		if alerts.Data.Repository.URL == "" {
+			return 0, errof.New(
+				errof.ErrFailedToAccessGithubAPI,
+				fmt.Sprintf("Failed to access to GitHub API. Response: %s", string(body)),
+			)
+		}
+
+		for _, v := range alerts.Data.Repository.VulnerabilityAlerts.Edges {
+			if config.Conf.IgnoreGitHubDismissed && v.Node.DismissReason != "" {
+				continue
+			}
+
+			pkgName := fmt.Sprintf("%s %s",
+				alerts.Data.Repository.URL, v.Node.SecurityVulnerability.Package.Name)
+
+			m := models.GitHubSecurityAlert{
+				PackageName:   pkgName,
+				FixedIn:       v.Node.SecurityVulnerability.FirstPatchedVersion.Identifier,
+				AffectedRange: v.Node.SecurityVulnerability.VulnerableVersionRange,
+				Dismissed:     len(v.Node.DismissReason) != 0,
+				DismissedAt:   v.Node.DismissedAt,
+				DismissReason: v.Node.DismissReason,
+			}
+
+			cveIDs, other := []string{}, []string{}
+			for _, identifier := range v.Node.SecurityAdvisory.Identifiers {
+				if identifier.Type == "CVE" {
+					cveIDs = append(cveIDs, identifier.Value)
+				} else {
+					other = append(other, identifier.Value)
+				}
+			}
+
+			// If CVE-ID has not been assigned, use the GHSA ID etc as a ID.
+			if len(cveIDs) == 0 {
+				cveIDs = other
+			}
+
+			for _, cveID := range cveIDs {
+				if val, ok := r.ScannedCves[cveID]; ok {
+					val.GitHubSecurityAlerts = val.GitHubSecurityAlerts.Add(m)
+					r.ScannedCves[cveID] = val
+					nCVEs++
+				} else {
+					v := models.VulnInfo{
+						CveID:                cveID,
+						Confidences:          models.Confidences{models.GitHubMatch},
+						GitHubSecurityAlerts: models.GitHubSecurityAlerts{m},
+					}
+					r.ScannedCves[cveID] = v
+					nCVEs++
+				}
+			}
+		}
+		if !alerts.Data.Repository.VulnerabilityAlerts.PageInfo.HasNextPage {
+			break
+		}
+		after = fmt.Sprintf(`after: \"%s\"`, alerts.Data.Repository.VulnerabilityAlerts.PageInfo.EndCursor)
+	}
+	return nCVEs, err
+}
+
+//SecurityAlerts has detected CVE-IDs, PackageNames, Refs
+type SecurityAlerts struct {
+	Data struct {
+		Repository struct {
+			URL                 string `json:"url"`
+			VulnerabilityAlerts struct {
+				PageInfo struct {
+					EndCursor   string `json:"endCursor"`
+					HasNextPage bool   `json:"hasNextPage"`
+					StartCursor string `json:"startCursor"`
+				} `json:"pageInfo"`
+				Edges []struct {
+					Node struct {
+						ID                    string    `json:"id"`
+						DismissReason         string    `json:"dismissReason"`
+						DismissedAt           time.Time `json:"dismissedAt"`
+						SecurityVulnerability struct {
+							Package struct {
+								Name      string `json:"name"`
+								Ecosystem string `json:"ecosystem"`
+							} `json:"package"`
+							Severity               string `json:"severity"`
+							VulnerableVersionRange string `json:"vulnerableVersionRange"`
+							FirstPatchedVersion    struct {
+								Identifier string `json:"identifier"`
+							} `json:"firstPatchedVersion"`
+						} `json:"securityVulnerability"`
+						SecurityAdvisory struct {
+							Description string    `json:"description"`
+							GhsaID      string    `json:"ghsaId"`
+							Permalink   string    `json:"permalink"`
+							PublishedAt time.Time `json:"publishedAt"`
+							Summary     string    `json:"summary"`
+							UpdatedAt   time.Time `json:"updatedAt"`
+							WithdrawnAt time.Time `json:"withdrawnAt"`
+							Origin      string    `json:"origin"`
+							Severity    string    `json:"severity"`
+							References  []struct {
+								URL string `json:"url"`
+							} `json:"references"`
+							Identifiers []struct {
+								Type  string `json:"type"`
+								Value string `json:"value"`
+							} `json:"identifiers"`
+						} `json:"securityAdvisory"`
+					} `json:"node"`
+				} `json:"edges"`
+			} `json:"vulnerabilityAlerts"`
+		} `json:"repository"`
+	} `json:"data"`
+}

go.mod

@@ -0,0 +1,53 @@
+module github.com/future-architect/vuls
+
+go 1.13
+
+replace (
+	gopkg.in/mattn/go-colorable.v0 => github.com/mattn/go-colorable v0.1.0
+	gopkg.in/mattn/go-isatty.v0 => github.com/mattn/go-isatty v0.0.6
+)
+
+require (
+	github.com/Azure/azure-sdk-for-go v42.0.0+incompatible
+	github.com/BurntSushi/toml v0.3.1
+	github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91
+	github.com/aquasecurity/fanal v0.0.0-20200427221647-c3528846e21c
+	github.com/aquasecurity/go-dep-parser v0.0.0-20200123140603-4dc0125084da // indirect
+	github.com/aquasecurity/trivy v0.6.0
+	github.com/aquasecurity/trivy-db v0.0.0-20200427221211-19fb3b7a88b5
+	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
+	github.com/aws/aws-sdk-go v1.30.16
+	github.com/boltdb/bolt v1.3.1
+	github.com/cenkalti/backoff v2.2.1+incompatible
+	github.com/google/subcommands v1.2.0
+	github.com/gosuri/uitable v0.0.4
+	github.com/hashicorp/go-uuid v1.0.2
+	github.com/hashicorp/go-version v1.2.0
+	github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c
+	github.com/jesseduffield/gocui v0.3.0
+	github.com/k0kubun/pp v3.0.1+incompatible
+	github.com/knqyf263/go-apk-version v0.0.0-20200507080916-9f84b1e3c54c
+	github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2
+	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
+	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
+	github.com/knqyf263/go-version v1.1.1
+	github.com/knqyf263/gost v0.1.3
+	github.com/kotakanbe/go-cve-dictionary v0.4.2
+	github.com/kotakanbe/go-pingscanner v0.1.0
+	github.com/kotakanbe/goval-dictionary v0.2.5
+	github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96
+	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/mitchellh/go-homedir v1.1.0
+	github.com/mozqnet/go-exploitdb v0.0.0-20190911093644-f647f17ea8ca
+	github.com/nlopes/slack v0.6.0
+	github.com/nsf/termbox-go v0.0.0-20200418040025-38ba6e5628f1 // indirect
+	github.com/olekukonko/tablewriter v0.0.4
+	github.com/parnurzeal/gorequest v0.2.16
+	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
+	github.com/sirupsen/logrus v1.5.0
+	github.com/spf13/afero v1.2.2
+	golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
+	k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
+)

go.sum

@@ -0,0 +1,909 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.37.4/go.mod h1:NHPJ89PdicEuT9hdPXMROBD91xc5uRDxsMtSB16k7hw=
+cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v42.0.0+incompatible h1:yz6sFf5bHZ+gEOQVuK5JhPqTTAmv+OvSLSaqgzqaCwY=
+github.com/Azure/azure-sdk-for-go v42.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
+github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
+github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
+github.com/Azure/go-autorest/autorest v0.9.3 h1:OZEIaBbMdUE/Js+BQKlpO81XlISgipr6yDJ+PSwsgi4=
+github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
+github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
+github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
+github.com/Azure/go-autorest/autorest/adal v0.8.1 h1:pZdL8o72rK+avFWl+p9nE8RWi1JInZrWJYlnpfXJwHk=
+github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
+github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
+github.com/Azure/go-autorest/autorest/date v0.2.0 h1:yW+Zlqf26583pE43KhfnhFcdmSWlm5Ew6bxipnr/tbM=
+github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
+github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
+github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
+github.com/Azure/go-autorest/autorest/mocks v0.3.0 h1:qJumjCaCudz+OcqE9/XtEPfvtOjOmKaui4EOpFI6zZc=
+github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
+github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
+github.com/Azure/go-autorest/autorest/to v0.3.0 h1:zebkZaadz7+wIQYgC7GXaz3Wb28yKYfVkkBKwc38VF8=
+github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
+github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8=
+github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY=
+github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
+github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VYyQflFE619k=
+github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
+github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0 h1:wykTgKwhVr2t2qs+xI020s6W5dt614QqCHV+7W9dg64=
+github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs=
+github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14=
+github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
+github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA=
+github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
+github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
+github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg=
+github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91 h1:vX+gnvBc56EbWYrmlhYbFYRaeikAke1GL84N4BEYOFE=
+github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91/go.mod h1:cDLGBht23g0XQdLjzn6xOGXDkLK182YfINAaZEQLCHQ=
+github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
+github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
+github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
+github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
+github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/andybalholm/cascadia v1.0.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
+github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6/go.mod h1:enEz4FFetw4XAbkffaYgyCVq1556R9Ry+noqT4rq9BE=
+github.com/aquasecurity/fanal v0.0.0-20200413182139-9213b79eba1a/go.mod h1:30hyjv+qxL7/Cv2mpsUKMHM4xaqn3Y4ehxHnebpu5aE=
+github.com/aquasecurity/fanal v0.0.0-20200427221647-c3528846e21c h1:Rg4yt5YiL2SfOx2sbJjn3Y3jgYxOSJ+XXj7ogp+FeWk=
+github.com/aquasecurity/fanal v0.0.0-20200427221647-c3528846e21c/go.mod h1:3H3F3x2XtcdFH3o1LQJEzfu2sS/rf+XufPIngMZrKO4=
+github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b/go.mod h1:BpNTD9vHfrejKsED9rx04ldM1WIbeyXGYxUrqTVwxVQ=
+github.com/aquasecurity/go-dep-parser v0.0.0-20200123140603-4dc0125084da h1:bZwcALhBf7ksmkprrT370z+z+UHAxOwbEeCDtDr5bR0=
+github.com/aquasecurity/go-dep-parser v0.0.0-20200123140603-4dc0125084da/go.mod h1:X42mTIRhgPalSm81Om2kD+3ydeunbC8TZtZj1bvgRo8=
+github.com/aquasecurity/testdocker v0.0.0-20200406162423-9b83286bd1ae/go.mod h1:vyPK00Qw+SJfLuGM/7wRo1i02eqhEBRvw0PBmaj41bI=
+github.com/aquasecurity/testdocker v0.0.0-20200426142840-5f05bce6f12a h1:hsw7PpiymXP64evn/K7gsj3hWzMqLrdoeE6JkqDocVg=
+github.com/aquasecurity/testdocker v0.0.0-20200426142840-5f05bce6f12a/go.mod h1:psfu0MVaiTDLpNxCoNsTeILSKY2EICBwv345f3M+Ffs=
+github.com/aquasecurity/trivy v0.1.6/go.mod h1:5hobyhxLzDtxruHzPxpND2PUKOssvGUdE9BocpJUwo4=
+github.com/aquasecurity/trivy v0.6.0 h1:kK5RtNWXdQdzn0hJtBXJH7hn8/JtbamYqr3TgZSKxLM=
+github.com/aquasecurity/trivy v0.6.0/go.mod h1:p7iICGuuu2dvHal7P+F4Ir2JRSaOgGZzoRxsBuPe9hc=
+github.com/aquasecurity/trivy-db v0.0.0-20200331122722-2adcf16a2a26/go.mod h1:Uf9bXd50zTHtWTP7+7u5+OFCPtUVrmsS4v0RXd7E5lw=
+github.com/aquasecurity/trivy-db v0.0.0-20200427221211-19fb3b7a88b5 h1:irTEKL/v2RTgfMUh6lbgcU/qGBDdXrEYAGZDXold+wo=
+github.com/aquasecurity/trivy-db v0.0.0-20200427221211-19fb3b7a88b5/go.mod h1:ymdX+3QnN/A0EcduWNMMxkWsESHxCig9VIcqaTDAo6I=
+github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2/go.mod h1:6NhOP0CjZJL27bZZcaHECtzWdwDDm2g6yCY0QgXEGQQ=
+github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
+github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
+github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.19.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.30.16 h1:1eabOZiVGl+XB02/VG9NpR+3fngaNc74pgb5RmyzgLY=
+github.com/aws/aws-sdk-go v1.30.16/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
+github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
+github.com/briandowns/spinner v0.0.0-20190319032542-ac46072a5a91/go.mod h1:hw/JEQBIE+c/BLI4aKM8UU8v+ZqrD3h7HC27kKt8JQU=
+github.com/caarlos0/env/v6 v6.0.0 h1:NZt6FAoB8ieKO5lEwRdwCzYxWFx7ZYF2R7UcoyaWtyc=
+github.com/caarlos0/env/v6 v6.0.0/go.mod h1:+wdyOmtjoZIW2GJOc2OYa5NoOFuWD/bIpWqm30NgtRk=
+github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
+github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cheggaaa/pb v2.0.7+incompatible h1:gLKifR1UkZ/kLkda5gC0K6c8g+jU2sINPtBeOiNlMhU=
+github.com/cheggaaa/pb v2.0.7+incompatible/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
+github.com/cheggaaa/pb/v3 v3.0.3 h1:8WApbyUmgMOz7WIxJVNK0IRDcRfAmTxcEdi0TuxjdP4=
+github.com/cheggaaa/pb/v3 v3.0.3/go.mod h1:Pp35CDuiEpHa/ZLGCtBbM6CBwMstv1bJlG884V+73Yc=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
+github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/containerd v1.3.3 h1:LoIzb5y9x5l8VKAlyrbusNPXqBY0+kviRloxFUMFwKc=
+github.com/containerd/containerd v1.3.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/continuity v0.0.0-20180921161001-7f53d412b9eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
+github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/clair v0.0.0-20180919182544-44ae4bc9590a/go.mod h1:uXhHPWAoRqw0jJc2f8RrPCwRhIo9otQ8OEWUFtpCiwA=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
+github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
+github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ=
+github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
+github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3/go.mod h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM=
+github.com/denisenkom/go-mssqldb v0.0.0-20190909000816-272160613861 h1:qLpBq6uLTG2OUlPqS6D3uQf8zJteDR5vOJGPjF2Elu4=
+github.com/denisenkom/go-mssqldb v0.0.0-20190909000816-272160613861/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/dnaeon/go-vcr v1.0.1 h1:r8L/HqC0Hje5AXMu1ooW8oyQyOFv4GxqpL0nRP7SLLY=
+github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
+github.com/docker/cli v0.0.0-20180920165730-54c19e67f69c/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017 h1:2HQmlpI3yI9deH18Q6xiSOIjXD4sLI55Y/gfpa8/558=
+github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/distribution v0.0.0-20180920194744-16128bbac47f/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
+github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v0.0.0-20180924202107-a9c061deec0f/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v0.7.3-0.20190506211059-b20a14b54661/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7 h1:Cvj7S8I4Xpx78KAl6TwTmMHuHlZ/0SM60NUneGJQ7IE=
+github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-ce v0.0.0-20180924210327-f53bd8bb8e43/go.mod h1:l1FUGRYBvbjnZ8MS6A2xOji4aZFlY/Qmgz7p4oXH7ac=
+github.com/docker/docker-credential-helpers v0.6.1/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
+github.com/docker/docker-credential-helpers v0.6.2/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
+github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ=
+github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
+github.com/docker/go-connections v0.0.0-20180821093606-97c2040d34df/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
+github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
+github.com/docker/go-metrics v0.0.0-20181218153428-b84716841b82/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
+github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
+github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
+github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
+github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
+github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
+github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
+github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+github.com/elazarl/goproxy v0.0.0-20190711103511-473e67f1d7d2 h1:aZtFdDNWY/yH86JPR2WX/PN63635VsE/f/nXNPAbYxY=
+github.com/elazarl/goproxy v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8=
+github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2 h1:dWB6v3RcOy03t/bUadywsbyrQwCqZeNIEX6M1OtSZOM=
+github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8=
+github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/emirpasic/gods v1.9.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
+github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y=
+github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
+github.com/etcd-io/bbolt v1.3.2/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
+github.com/etcd-io/bbolt v1.3.3 h1:gSJmxrs37LgTqR/oyJBWok6k6SvXEUerFTbltIhXkBM=
+github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
+github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fernet/fernet-go v0.0.0-20180830025343-9eac43b88a5e/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/genuinetools/pkg v0.0.0-20180910213200-1c141f661797/go.mod h1:XTcrCYlXPxnxL2UpnwuRn7tcaTn9HAhxFoFJucootk8=
+github.com/genuinetools/pkg v0.0.0-20181022210355-2fcf164d37cb/go.mod h1:XTcrCYlXPxnxL2UpnwuRn7tcaTn9HAhxFoFJucootk8=
+github.com/genuinetools/reg v0.16.0/go.mod h1:12Fe9EIvK3dG/qWhNk5e9O96I8SGmCKLsJ8GsXUbk+Y=
+github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do=
+github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/gliderlabs/ssh v0.1.3/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
+github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
+github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
+github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
+github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
+github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
+github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
+github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
+github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
+github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
+github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-redis/redis v6.15.5+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-redis/redis v6.15.7+incompatible h1:3skhDh95XQMpnqeqNftPkQD9jL9e5e36z/1SUm6dy1U=
+github.com/go-redis/redis v6.15.7+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gocarina/gocsv v0.0.0-20190821091544-020a928c6f4e/go.mod h1:/oj50ZdPq/cUjA02lMZhijk5kR31SEydKyqah1OgBuo=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
+github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
+github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
+github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3 h1:gyjaxf+svBWX08ZjK86iN9geUJF0H6gp2IRKX6Nf6/I=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-containerregistry v0.0.0-20200331213917-3d03ed9b1ca2 h1:k2YJ1fw6LwICNNUQHZNp9vTtHMuVqHJtMjZOc5SDIJo=
+github.com/google/go-containerregistry v0.0.0-20200331213917-3d03ed9b1ca2/go.mod h1:pD1UFYs7MCAx+ZLShBdttcaOSbyc8F9Na/9IZLNwJeA=
+github.com/google/go-github/v28 v28.1.1 h1:kORf5ekX5qwXO2mGzXXOjMe/g6ap8ahVe0sBEulhSxo=
+github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM=
+github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
+github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/wire v0.3.0 h1:imGQZGEVEHpje5056+K+cgdO72p0LQv2xIIFXNGUf60=
+github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
+github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
+github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.7.1/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
+github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.2.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q=
+github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=
+github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo=
+github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grokify/html-strip-tags-go v0.0.0-20190424092004-025bd760b278 h1:DZo48DQFIDo/YWjUeFip1dfJztBhRuaxfUnPd+gAfcs=
+github.com/grokify/html-strip-tags-go v0.0.0-20190424092004-025bd760b278/go.mod h1:Xk7G0nwBiIloTMbLddk4WWJOqi4i/JLhadLd0HUXO30=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI=
+github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E=
+github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c h1:nQcv325vxv2fFHJsOt53eSRf1eINt6vOdYUFfXs4rgk=
+github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c/go.mod h1:fHzc09UnyJyqyW+bFuq864eh+wC7dj65aXmXLRe5to0=
+github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c h1:aY2hhxLhjEAbfXOx2nRJxCXezC6CO2V/yN+OCr1srtk=
+github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
+github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/htcat/htcat v1.0.2 h1:zro95dGwkKDeZOgq9ei+9szd5qurGxBGfHY8hRehA7k=
+github.com/htcat/htcat v1.0.2/go.mod h1:i8ViQbjSi2+lJzM6Lx20FIxHENCz6mzJglK3HH06W3s=
+github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/inconshreveable/log15 v0.0.0-20180818164646-67afb5ed74ec h1:CGkYB1Q7DSsH/ku+to+foV4agt2F2miquaLUgF6L178=
+github.com/inconshreveable/log15 v0.0.0-20180818164646-67afb5ed74ec/go.mod h1:cOaXtrgN4ScfRrD9Bre7U1thNq5RtJ8ZoP4iXVGRj6o=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/jesseduffield/gocui v0.3.0 h1:l7wH8MKR2p+ozuZdtdhQiX7szILbv50vkMk1tg2+xow=
+github.com/jesseduffield/gocui v0.3.0/go.mod h1:2RtZznzYKt8RLRwvFiSkXjU0Ei8WwHdubgnlaYH47dw=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jinzhu/gorm v1.9.10 h1:HvrsqdhCW78xpJF67g1hMxS6eCToo9PZH4LDB8WKPac=
+github.com/jinzhu/gorm v1.9.10/go.mod h1:Kh6hTsSGffh4ui079FHrR5Gg+5D0hgihqDcsDN2BBJY=
+github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
+github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
+github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M=
+github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc=
+github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
+github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 h1:uC1QfSlInpQF+M0ao65imhwqKnz3Q2z/d8PWZRMQvDM=
+github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
+github.com/k0kubun/pp v3.0.1+incompatible h1:3tqvf7QgUnZ5tXO6pNAZlrvHgl6DvifjDrd9g2S9Z40=
+github.com/k0kubun/pp v3.0.1+incompatible/go.mod h1:GWse8YhT0p8pT4ir3ZgBbfZild3tgzSScAn6HmfYukg=
+github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
+github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg=
+github.com/knqyf263/go-apk-version v0.0.0-20200507080916-9f84b1e3c54c h1:qHcn6FUgD+GRk2ieUL3Re+/+rgjh+QK7Db2ClEUQ0RM=
+github.com/knqyf263/go-apk-version v0.0.0-20200507080916-9f84b1e3c54c/go.mod h1:q59u9px8b7UTj0nIjEjvmTWekazka6xIt6Uogz5Dm+8=
+github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2 h1:9CYbtr3i56D/rD6u6jJ/Aocsic9G+MupyVu7gb+QHF4=
+github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2/go.mod h1:XM58Cg7dN+g0J9UPVmKjiXWlGi55lx+9IMs0IMoFWQo=
+github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d h1:X4cedH4Kn3JPupAwwWuo4AzYp16P0OyLO9d7OnMZc/c=
+github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
+github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936 h1:HDjRqotkViMNcGMGicb7cgxklx8OwnjtCBmyWEqrRvM=
+github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936/go.mod h1:i4sF0l1fFnY1aiw08QQSwVAFxHEm311Me3WsU/X7nL0=
+github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc/go.mod h1:MrSSvdMpTSymaQWk1yFr9sxFSyQmKMj6jkbvGrchBV8=
+github.com/knqyf263/go-version v1.1.1 h1:+MpcBC9b7rk5ihag8Y/FLG8get1H2GjniwKQ+9DxI2o=
+github.com/knqyf263/go-version v1.1.1/go.mod h1:0tBvHvOBSf5TqGNcY+/ih9o8qo3R16iZCpB9rP0D3VM=
+github.com/knqyf263/gost v0.1.3 h1:jr0H56Vfvf23X319TGmIacpgR7PwmW8q5pjo4xLhOFY=
+github.com/knqyf263/gost v0.1.3/go.mod h1:okRxldLs7RVZEjNVBOQEqKj93OU91TmULMnHWU6gJ1s=
+github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc=
+github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kotakanbe/go-cve-dictionary v0.4.2 h1:UuEi6yr1wDN2MQJKkvdY9nSjqG5tJksk3MPyozGRRXo=
+github.com/kotakanbe/go-cve-dictionary v0.4.2/go.mod h1:zgnFBROvdhyd30KU0yekNI0J1kQkjTMND8GqlL8y25k=
+github.com/kotakanbe/go-pingscanner v0.1.0 h1:VG4/9l0i8WeToXclj7bIGoAZAu7a07Z3qmQiIfU0gT0=
+github.com/kotakanbe/go-pingscanner v0.1.0/go.mod h1:/761QZzuZFcfN8h/1QuawUA+pKukp3qcNj5mxJCOiAk=
+github.com/kotakanbe/goval-dictionary v0.2.5 h1:wae0zFw4UnakJaApdxwWgw+QDE7dWP4AeDPtMencPN4=
+github.com/kotakanbe/goval-dictionary v0.2.5/go.mod h1:OozI5ZbKWHIPcjYgOITYHRy+Vo6ZbksY1FU8aCwojK4=
+github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96 h1:xNVK0mQJdQjw+QYeaMM4G6fvucWr8rTGGIhlPakx1wU=
+github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96/go.mod h1:ljq48H1V+0Vh0u7ucA3LjR4AfkAeCpxrf7LaaCk8Vmo=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/labstack/echo v3.3.10+incompatible/go.mod h1:0INS7j/VjnFxD4E2wkz67b8cVwCLbBmJyDaka6Cmk1s=
+github.com/labstack/gommon v0.2.9/go.mod h1:E8ZTmW9vw5az5/ZyHWCp0Lw4OH2ecsaBP1C/NKavGG4=
+github.com/labstack/gommon v0.3.0 h1:JEeO0bvc78PKdyHxloTKiF8BD5iGrH8T6MSeGvSgob0=
+github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
+github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
+github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
+github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.0 h1:v2XXALHHh6zHfYTJ+cSkwtyffnaOyR1MXaA91mTrb8o=
+github.com/mattn/go-colorable v0.1.0/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.6 h1:SrwhHcpV4nWrMGdNcC2kXpMfcBVYGDuTArqyhocJgvA=
+github.com/mattn/go-isatty v0.0.6/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
+github.com/mattn/go-isatty v0.0.10 h1:qxFzApOv4WsAL965uUPIsXzAKCZxN2p9UqdhFS4ZW10=
+github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
+github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed/go.mod h1:SDJ4hurDYyQ9/7nc+eCYtXqdufgK4Cq9TJlwPklqEYA=
+github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.7 h1:Ei8KR0497xHyKJPAv59M1dkC+rOZCMBJ+t3fZ+twI54=
+github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.11.0 h1:LDdKkqtYlom37fkvqs8rMPFKAMe8+SgjbwZ6ex1/A/Q=
+github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
+github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=
+github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
+github.com/mozqnet/go-exploitdb v0.0.0-20190911093644-f647f17ea8ca h1:YdnY8FDl9NbO++O+q/kx1iledsHAk1KZLICZpEhqWFo=
+github.com/mozqnet/go-exploitdb v0.0.0-20190911093644-f647f17ea8ca/go.mod h1:TsEciLihBvN8yO9iCHBahCLxZff11NxbBO/xm8nVH9g=
+github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/nlopes/slack v0.6.0 h1:jt0jxVQGhssx1Ib7naAOZEZcGdtIhTzkP0nopK0AsRA=
+github.com/nlopes/slack v0.6.0/go.mod h1:JzQ9m3PMAqcpeCam7UaHSuBuupz7CmpjehYMayT6YOk=
+github.com/nsf/termbox-go v0.0.0-20200418040025-38ba6e5628f1 h1:lh3PyZvY+B9nFliSGTn5uFuqQQJGuNrD0MLCokv09ag=
+github.com/nsf/termbox-go v0.0.0-20200418040025-38ba6e5628f1/go.mod h1:IuKpRQcYE1Tfu+oAQqaLisqDeXgjyyltCfsaoYN18NQ=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
+github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
+github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ=
+github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8=
+github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
+github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
+github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
+github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
+github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 h1:yN8BPXVwMBAm3Cuvh1L5XE8XpvYRMdsVLd82ILprhUU=
+github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
+github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
+github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
+github.com/parnurzeal/gorequest v0.2.16 h1:T/5x+/4BT+nj+3eSknXmCTnEVGSzFzPGdpqmUVVZXHQ=
+github.com/parnurzeal/gorequest v0.2.16/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
+github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo=
+github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/peterhellberg/link v1.0.0 h1:mUWkiegowUXEcmlb+ybF75Q/8D2Y0BjZtR8cxoKhaQo=
+github.com/peterhellberg/link v1.0.0/go.mod h1:gtSlOT4jmkY8P47hbTc8PTgiDDWpdPbFYl75keYyBB8=
+github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
+github.com/prometheus/client_golang v0.0.0-20180924113449-f69c853d21c1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/procfs v0.0.0-20180920065004-418d78d0b9a7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
+github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
+github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 h1:mZHayPoR0lNmnHyvtYjDeq0zlVHn9K/ZXoy17ylucdo=
+github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5/go.mod h1:GEXHk5HgEKCvEIIrSpFI3ozzG5xOKA2DVlEX/gGnewM=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto=
+github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/httpfs v0.0.0-20181222201310-74dc9339e414/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/simplereach/timeutils v1.2.0/go.mod h1:VVbQDfN/FHRZa1LSqcwo4kNZ62OOyqLLGQKYB3pB0Q8=
+github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q=
+github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/smartystreets/goconvey v0.0.0-20190731233626-505e41936337 h1:WN9BUFbdyOsSH/XohnWpXOlq9NBD5sGAB2FciQMUEe8=
+github.com/smartystreets/goconvey v0.0.0-20190731233626-505e41936337/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc=
+github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
+github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/spf13/viper v1.4.0 h1:yXHLWeravcrgGyFSyCgdYpXQ9dR9c/WED3pg1RhxqEU=
+github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/tealeg/xlsx v1.0.3/go.mod h1:uxu5UY2ovkuRPWKQ8Q7JG0JbSivrISjdPzZQKeo74mA=
+github.com/testcontainers/testcontainers-go v0.3.1/go.mod h1:br7bkzIukhPSIjy07Ma3OuXjjFvl2jm7CDU0LQNsqLw=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00 h1:0e4vRd9YqnQBIAIAE39jLKDWffRfJWxloyWwcaMAQho=
+github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00/go.mod h1:RQE7h2jyIxekQZ24/wad0c9RGP+KSq4XzHh7h83ALi8=
+github.com/twitchtv/twirp v5.10.1+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
+github.com/urfave/cli v1.22.1 h1:+mkCCcOFKPnCmVYVcURKps1Xe+3zP90gSYGNfRkjoIY=
+github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasttemplate v1.0.1 h1:tY9CJiPnMXf1ERmG2EyK7gNUd+c6RKGD0IfU8WdUSz8=
+github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
+github.com/vdemeester/k8s-pkg-credentialprovider v1.17.4/go.mod h1:inCTmtUdr5KJbreVojo06krnTgaeAz/Z7lynpPk/Q2c=
+github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
+github.com/xanzy/ssh-agent v0.2.0/go.mod h1:0NyE30eGUDliuLEHJgYte/zncp2zdTStcOnWhgSqHD8=
+github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/ymomoi/goval-parser v0.0.0-20170813122243-0a0be1dd9d08 h1:OsHsjWw5m3P0r+RJITvigJu9dn6L8812S54x42jxeII=
+github.com/ymomoi/goval-parser v0.0.0-20170813122243-0a0be1dd9d08/go.mod h1:ox1Nt/rGgWuhVrNg+jKYonAs4BiQG1tRJwj4ue91iy4=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.etcd.io/bbolt v1.3.4 h1:hi1bXHMVrlQh6WwxAy+qZCV/SYIlqo+Ushwdpa4tAKg=
+go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
+go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
+go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.5.1 h1:rsqfU5vBkVknbhUGbAUwQKR2H4ItV8tjJ+6kJX4cxHM=
+go.uber.org/atomic v1.5.1/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
+go.uber.org/multierr v1.4.0 h1:f3WCSC2KzAcBXGATIxAB1E2XuCpNU255wNKZ505qi3E=
+go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
+go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4=
+go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
+go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.13.0 h1:nR6NoDBgAf67s68NhaXbsojM+2gxp3S1hWkHDl27pVU=
+go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc h1:ZGI/fILM2+ueot/UixBSoj9188jCAxVHEZEGhqq67I4=
+golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee h1:WG0RUwxtNT4qqaXX3DPA8zHFNm/D9xaBpxzHt1WcA/E=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180925072008-f04abc6bdfa7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190909003024-a7b16738d86b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191108221443-4ba9e2ef068c/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180925112736-b09afc3d579e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190506115046-ca7f33d4116e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190909082730-f460065e899a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE=
+golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180810170437-e96c4e24768d/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190503185657-3b6f9c0030f7/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
+golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200210192313-1ace956b0e17 h1:a/Fd23DJvg1CaeDH0dYHahE+hCI0v9rFgxSNIThoUcM=
+golang.org/x/tools v0.0.0-20200210192313-1ace956b0e17/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
+gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
+gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
+google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.6.1-0.20190607001116-5213b8090861/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.2 h1:j8RI1yW0SkI+paT6uGwMlrMI/6zwYA6/CFil8rxOzGI=
+google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20180924164928-221a8d4f7494/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/grpc v1.15.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
+google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.28.0 h1:bO/TA4OxCOummhSf10siHuG7vJOiwh7SpRpFZDkOgl4=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+gopkg.in/VividCortex/ewma.v1 v1.1.1 h1:tWHEKkKq802K/JT9RiqGCBU5fW3raAPnJGTE9ostZvg=
+gopkg.in/VividCortex/ewma.v1 v1.1.1/go.mod h1:TekXuFipeiHWiAlO1+wSS23vTcyFau5u3rxXUSXj710=
+gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
+gopkg.in/cheggaaa/pb.v1 v1.0.28 h1:n1tBJnnK2r7g9OW2btFH91V92STTUevLXYFb8gy9EMk=
+gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
+gopkg.in/cheggaaa/pb.v2 v2.0.7 h1:beaAg8eacCdMQS9Y7obFEtkY7gQl0uZ6Zayb3ry41VY=
+gopkg.in/cheggaaa/pb.v2 v2.0.7/go.mod h1:0CiZ1p8pvtxBlQpLXkHuUTpdJ1shm3OqCF1QugkjHL4=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/fatih/color.v1 v1.7.0 h1:bYGjb+HezBM6j/QmgBfgm1adxHpzzrss6bj4r9ROppk=
+gopkg.in/fatih/color.v1 v1.7.0/go.mod h1:P7yosIhqIl/sX8J8UypY5M+dDpD2KmyfP5IRs5v/fo0=
+gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/gcfg.v1 v1.2.0/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
+gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
+gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
+gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/mattn/go-runewidth.v0 v0.0.4 h1:r0P71TnzQDlNIcizCqvPSSANoFa3WVGtcNJf3TWurcY=
+gopkg.in/mattn/go-runewidth.v0 v0.0.4/go.mod h1:BmXejnxvhwdaATwiJbB1vZ2dtXkQKZGu9yLFCZb4msQ=
+gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/src-d/go-billy.v4 v4.2.1/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
+gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
+gopkg.in/src-d/go-git-fixtures.v3 v3.1.1/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g=
+gopkg.in/src-d/go-git-fixtures.v3 v3.4.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g=
+gopkg.in/src-d/go-git.v4 v4.10.0/go.mod h1:Vtut8izDyrM8BUVQnzJ+YvmNcem2J89EmfZYCkLokZk=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gotest.tools v0.0.0-20181223230014-1083505acf35/go.mod h1:R//lfYlUuTOTfblYI3lGoAAAebUdzjvbmQsuB7Ykd90=
+gotest.tools v2.1.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+k8s.io/api v0.17.4/go.mod h1:5qxx6vjmwUVG2nHQTKGlLts8Tbok8PzHl4vHtVFuZCA=
+k8s.io/apimachinery v0.17.4/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
+k8s.io/apiserver v0.17.4/go.mod h1:5ZDQ6Xr5MNBxyi3iUZXS84QOhZl+W7Oq2us/29c0j9I=
+k8s.io/client-go v0.17.4/go.mod h1:ouF6o5pz3is8qU0/qYL2RnoxOPqgfuidYLowytyLJmc=
+k8s.io/cloud-provider v0.17.4/go.mod h1:XEjKDzfD+b9MTLXQFlDGkk6Ho8SGMpaU8Uugx/KNK9U=
+k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
+k8s.io/component-base v0.17.4/go.mod h1:5BRqHMbbQPm2kKu35v3G+CpVq4K0RJKC7TRioF0I9lE=
+k8s.io/csi-translation-lib v0.17.4/go.mod h1:CsxmjwxEI0tTNMzffIAcgR9lX4wOh6AKHdxQrT7L0oo=
+k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
+k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
+k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
+k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
+k8s.io/legacy-cloud-providers v0.17.4/go.mod h1:FikRNoD64ECjkxO36gkDgJeiQWwyZTuBkhu+yxOc1Js=
+k8s.io/utils v0.0.0-20191010214722-8d271d903fe4/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
+k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
+k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
+modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
+modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
+modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
+modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
+modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
+moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
+moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=
+sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
+sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18=
+sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

gost/base.go

@@ -0,0 +1,51 @@
+package gost
+
+import (
+	"fmt"
+	"net/http"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+)
+
+// Base is a base struct
+type Base struct {
+}
+
+// FillCVEsWithRedHat fills cve information that has in Gost
+func (b Base) FillCVEsWithRedHat(driver db.DB, r *models.ScanResult) error {
+	return RedHat{}.fillFixed(driver, r)
+}
+
+// CheckHTTPHealth do health check
+func (b Base) CheckHTTPHealth() error {
+	if !cnf.Conf.Gost.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %w", url, errs)
+	}
+	return nil
+}
+
+// CheckIfGostFetched checks if oval entries are in DB by family, release.
+func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
+	//TODO
+	return true, nil
+}
+
+// CheckIfGostFresh checks if oval entries are fresh enough
+func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
+	//TODO
+	return true, nil
+}

gost/debian.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package gost
 
 import (
@@ -38,8 +21,8 @@ type packCves struct {
 	cves      []models.CveContent
 }
 
-// FillWithGost fills cve information that has in Gost
-func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+// DetectUnfixed fills cve information that has in Gost
+func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
 	linuxImage := "linux-image-" + r.RunningKernel.Release
 	// Add linux and set the version of running kernel to search OVAL.
 	if r.Container.ContainerID == "" {
@@ -55,7 +38,7 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, e
 	}
 
 	packCvesList := []packCves{}
-	if deb.isFetchViaHTTP() {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
 		responses, err := getAllUnfixedCvesViaHTTP(r, url)
 		if err != nil {
@@ -115,7 +98,11 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, e
 		for _, cve := range p.cves {
 			v, ok := r.ScannedCves[cve.CveID]
 			if ok {
-				v.CveContents[models.DebianSecurityTracker] = cve
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(cve)
+				} else {
+					v.CveContents[models.DebianSecurityTracker] = cve
+				}
 			} else {
 				v = models.VulnInfo{
 					CveID:       cve.CveID,
@@ -143,7 +130,7 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, e
 			}
 
 			for _, name := range names {
-				v.AffectedPackages = v.AffectedPackages.Store(models.PackageStatus{
+				v.AffectedPackages = v.AffectedPackages.Store(models.PackageFixStatus{
 					Name:        name,
 					FixState:    "open",
 					NotFixedYet: true,

gost/gost.go

@@ -1,36 +1,15 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package gost
 
 import (
-	"fmt"
-	"net/http"
-	"strings"
-
 	cnf "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/knqyf263/gost/db"
-	"github.com/parnurzeal/gorequest"
 )
 
 // Client is the interface of OVAL client.
 type Client interface {
-	FillWithGost(db.DB, *models.ScanResult) (int, error)
+	DetectUnfixed(db.DB, *models.ScanResult, bool) (int, error)
+	FillCVEsWithRedHat(db.DB, *models.ScanResult) error
 
 	//TODO implement
 	// CheckHTTPHealth() error
@@ -52,58 +31,3 @@ func NewClient(family string) Client {
 		return Pseudo{}
 	}
 }
-
-// Base is a base struct
-type Base struct {
-	family string
-}
-
-// CheckHTTPHealth do health check
-func (b Base) CheckHTTPHealth() error {
-	if !b.isFetchViaHTTP() {
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().Get(url).End()
-	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return fmt.Errorf("Failed to connect to gost server. url: %s, errs: %v",
-			url, errs)
-	}
-	return nil
-}
-
-// CheckIfGostFetched checks if oval entries are in DB by family, release.
-func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
-	//TODO
-	return true, nil
-}
-
-// CheckIfGostFresh checks if oval entries are fresh enough
-func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
-	//TODO
-	return true, nil
-}
-
-func (b Base) isFetchViaHTTP() bool {
-	// Default value of OvalDBType is sqlite3
-	return cnf.Conf.Gost.URL != "" && cnf.Conf.Gost.Type == "sqlite3"
-}
-
-// Pseudo is Gost client except for RedHat family and Debian
-type Pseudo struct {
-	Base
-}
-
-// FillWithGost fills cve information that has in Gost
-func (pse Pseudo) FillWithGost(driver db.DB, r *models.ScanResult) (int, error) {
-	return 0, nil
-}
-
-func major(osVer string) (majorVersion string) {
-	return strings.Split(osVer, ".")[0]
-}

gost/gost_test.go

@@ -14,7 +14,7 @@ func TestSetPackageStates(t *testing.T) {
 		installed models.Packages
 		release   string
 		in        models.VulnInfo
-		out       models.PackageStatuses
+		out       models.PackageFixStatuses
 	}{
 
 		//0 one
@@ -31,7 +31,7 @@ func TestSetPackageStates(t *testing.T) {
 			},
 			release: "7",
 			in:      models.VulnInfo{},
-			out: []models.PackageStatus{
+			out: []models.PackageFixStatus{
 				{
 					Name:        "bouncycastle",
 					FixState:    "Will not fix",
@@ -66,7 +66,7 @@ func TestSetPackageStates(t *testing.T) {
 			},
 			release: "7",
 			in:      models.VulnInfo{},
-			out: []models.PackageStatus{
+			out: []models.PackageFixStatus{
 				{
 					Name:        "bouncycastle",
 					FixState:    "Will not fix",
@@ -94,9 +94,9 @@ func TestSetPackageStates(t *testing.T) {
 			},
 			release: "7",
 			in: models.VulnInfo{
-				AffectedPackages: models.PackageStatuses{},
+				AffectedPackages: models.PackageFixStatuses{},
 			},
-			out: models.PackageStatuses{},
+			out: models.PackageFixStatuses{},
 		},
 
 		//3 look only the same os release.
@@ -113,9 +113,9 @@ func TestSetPackageStates(t *testing.T) {
 			},
 			release: "7",
 			in: models.VulnInfo{
-				AffectedPackages: models.PackageStatuses{},
+				AffectedPackages: models.PackageFixStatuses{},
 			},
-			out: models.PackageStatuses{},
+			out: models.PackageFixStatuses{},
 		},
 	}
 

gost/microsoft.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package gost
 
 import (
@@ -30,8 +13,8 @@ type Microsoft struct {
 	Base
 }
 
-// FillWithGost fills cve information that has in Gost
-func (ms Microsoft) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
+// DetectUnfixed fills cve information that has in Gost
+func (ms Microsoft) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
 	if driver == nil {
 		return 0, nil
 	}
@@ -45,6 +28,9 @@ func (ms Microsoft) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int,
 		}
 		cveCont := ms.ConvertToModel(&msCve)
 		v, _ := r.ScannedCves[cveID]
+		if v.CveContents == nil {
+			v.CveContents = models.CveContents{}
+		}
 		v.CveContents[models.Microsoft] = *cveCont
 		r.ScannedCves[cveID] = v
 	}

gost/pseudo.go

@@ -0,0 +1,21 @@
+package gost
+
+import (
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+	"strings"
+)
+
+// Pseudo is Gost client except for RedHat family and Debian
+type Pseudo struct {
+	Base
+}
+
+// DetectUnfixed fills cve information that has in Gost
+func (pse Pseudo) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (int, error) {
+	return 0, nil
+}
+
+func major(osVer string) (majorVersion string) {
+	return strings.Split(osVer, ".")[0]
+}

gost/redhat.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package gost
 
 import (
@@ -34,12 +17,9 @@ type RedHat struct {
 	Base
 }
 
-// FillWithGost fills cve information that has in Gost
-func (red RedHat) FillWithGost(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
-	if nCVEs, err = red.fillUnfixed(driver, r); err != nil {
-		return 0, err
-	}
-	return nCVEs, red.fillFixed(driver, r)
+// DetectUnfixed fills cve information that has in Gost
+func (red RedHat) DetectUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
+	return red.fillUnfixed(driver, r, ignoreWillNotFix)
 }
 
 func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
@@ -51,7 +31,7 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 		cveIDs = append(cveIDs, cveID)
 	}
 
-	if red.isFetchViaHTTP() {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
 			"redhat", "cves")
 		responses, err := getCvesViaHTTP(cveIDs, prefix)
@@ -67,8 +47,20 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 				continue
 			}
 			cveCont := red.ConvertToModel(&redCve)
-			v, _ := r.ScannedCves[res.request.cveID]
-			v.CveContents[models.RedHatAPI] = *cveCont
+			v, ok := r.ScannedCves[res.request.cveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(*cveCont)
+				} else {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cveCont.CveID,
+					CveContents: models.NewCveContents(*cveCont),
+					Confidences: models.Confidences{models.RedHatAPIMatch},
+				}
+			}
 			r.ScannedCves[res.request.cveID] = v
 		}
 	} else {
@@ -76,12 +68,24 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 			return nil
 		}
 		for cveID, redCve := range driver.GetRedhatMulti(cveIDs) {
-			if redCve.ID == 0 {
+			if len(redCve.Name) == 0 {
 				continue
 			}
 			cveCont := red.ConvertToModel(&redCve)
-			v, _ := r.ScannedCves[cveID]
-			v.CveContents[models.RedHatAPI] = *cveCont
+			v, ok := r.ScannedCves[cveID]
+			if ok {
+				if v.CveContents == nil {
+					v.CveContents = models.NewCveContents(*cveCont)
+				} else {
+					v.CveContents[models.RedHatAPI] = *cveCont
+				}
+			} else {
+				v = models.VulnInfo{
+					CveID:       cveCont.CveID,
+					CveContents: models.NewCveContents(*cveCont),
+					Confidences: models.Confidences{models.RedHatAPIMatch},
+				}
+			}
 			r.ScannedCves[cveID] = v
 		}
 	}
@@ -89,8 +93,8 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 	return nil
 }
 
-func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
-	if red.isFetchViaHTTP() {
+func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
 			"redhat", major(r.Release), "pkgs")
 		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
@@ -108,14 +112,10 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
 				cveCont := red.ConvertToModel(&cve)
 				v, ok := r.ScannedCves[cve.Name]
 				if ok {
-					if _, ok := v.CveContents[models.RedHatAPI]; ok {
-						v.CveContents[models.RedHatAPI] = *cveCont
+					if v.CveContents == nil {
+						v.CveContents = models.NewCveContents(*cveCont)
 					} else {
-						v = models.VulnInfo{
-							CveID:       cveCont.CveID,
-							CveContents: models.NewCveContents(*cveCont),
-							Confidences: models.Confidences{models.RedHatAPIMatch},
-						}
+						v.CveContents[models.RedHatAPI] = *cveCont
 					}
 				} else {
 					v = models.VulnInfo{
@@ -125,7 +125,6 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
 					}
 					nCVEs++
 				}
-
 				pkgStats := red.mergePackageStates(v,
 					cve.PackageState, r.Packages, r.Release)
 				if 0 < len(pkgStats) {
@@ -141,19 +140,15 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
 		for _, pack := range r.Packages {
 			// CVE-ID: RedhatCVE
 			cves := map[string]gostmodels.RedhatCVE{}
-			cves = driver.GetUnfixedCvesRedhat(major(r.Release), pack.Name)
+			cves = driver.GetUnfixedCvesRedhat(major(r.Release), pack.Name, ignoreWillNotFix)
 			for _, cve := range cves {
 				cveCont := red.ConvertToModel(&cve)
 				v, ok := r.ScannedCves[cve.Name]
 				if ok {
-					if _, ok := v.CveContents[models.RedHatAPI]; ok {
-						v.CveContents[models.RedHatAPI] = *cveCont
+					if v.CveContents == nil {
+						v.CveContents = models.NewCveContents(*cveCont)
 					} else {
-						v = models.VulnInfo{
-							CveID:       cveCont.CveID,
-							CveContents: models.NewCveContents(*cveCont),
-							Confidences: models.Confidences{models.RedHatAPIMatch},
-						}
+						v.CveContents[models.RedHatAPI] = *cveCont
 					}
 				} else {
 					v = models.VulnInfo{
@@ -176,7 +171,7 @@ func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult) (nCVEs int, er
 	return nCVEs, nil
 }
 
-func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPackageState, installed models.Packages, release string) (pkgStats models.PackageStatuses) {
+func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPackageState, installed models.Packages, release string) (pkgStats models.PackageFixStatuses) {
 	pkgStats = v.AffectedPackages
 	for _, pstate := range ps {
 		if pstate.Cpe !=
@@ -185,7 +180,8 @@ func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPa
 		}
 
 		if !(pstate.FixState == "Will not fix" ||
-			pstate.FixState == "Fix deferred") {
+			pstate.FixState == "Fix deferred" ||
+			pstate.FixState == "Affected") {
 			return
 		}
 
@@ -195,11 +191,11 @@ func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPa
 
 		notFixedYet := false
 		switch pstate.FixState {
-		case "Will not fix", "Fix deferred":
+		case "Will not fix", "Fix deferred", "Affected":
 			notFixedYet = true
 		}
 
-		pkgStats = pkgStats.Store(models.PackageStatus{
+		pkgStats = pkgStats.Store(models.PackageFixStatus{
 			Name:        pstate.PackageName,
 			FixState:    pstate.FixState,
 			NotFixedYet: notFixedYet,

gost/util.go

@@ -1,24 +1,6 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package gost
 
 import (
-	"fmt"
 	"net/http"
 	"time"
 
@@ -26,6 +8,7 @@ import (
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
 	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )
 
 type response struct {
@@ -80,11 +63,11 @@ func getCvesViaHTTP(cveIDs []string, urlPrefix string) (
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, fmt.Errorf("Timeout Fetching OVAL")
+			return nil, xerrors.New("Timeout Fetching OVAL")
 		}
 	}
 	if len(errs) != 0 {
-		return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
 	}
 	return
 }
@@ -154,11 +137,11 @@ func getAllUnfixedCvesViaHTTP(r *models.ScanResult, urlPrefix string) (
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, fmt.Errorf("Timeout Fetching OVAL")
+			return nil, xerrors.New("Timeout Fetching OVAL")
 		}
 	}
 	if len(errs) != 0 {
-		return nil, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+		return nil, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
 	}
 	return
 }
@@ -176,8 +159,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 			if count == retryMax {
 				return nil
 			}
-			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
-				errs, url, resp)
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
 		}
 		return nil
 	}
@@ -186,11 +168,11 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
-		errChan <- fmt.Errorf("HTTP Error %s", err)
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
 		return
 	}
 	if count == retryMax {
-		errChan <- fmt.Errorf("HRetry count exceeded")
+		errChan <- xerrors.New("Retry count exceeded")
 		return
 	}
 

libmanager/libManager.go

@@ -0,0 +1,103 @@
+package libmanager
+
+import (
+	"context"
+
+	db2 "github.com/aquasecurity/trivy-db/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/github"
+	"github.com/aquasecurity/trivy/pkg/indicator"
+	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/spf13/afero"
+	"golang.org/x/xerrors"
+	"k8s.io/utils/clock"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
+)
+
+// FillLibrary fills LibraryScanner informations
+func FillLibrary(r *models.ScanResult) (totalCnt int, err error) {
+	if len(r.LibraryScanners) == 0 {
+		return
+	}
+
+	// initialize trivy's logger and db
+	err = log.InitLogger(false, false)
+	if err != nil {
+		return 0, err
+	}
+
+	util.Log.Info("Updating library db...")
+	if err := downloadDB(config.Version, config.Conf.TrivyCacheDBDir, config.Conf.NoProgress, false, false); err != nil {
+		return 0, err
+	}
+
+	if err := db2.Init(config.Conf.TrivyCacheDBDir); err != nil {
+		return 0, err
+	}
+	defer db2.Close()
+
+	for _, lib := range r.LibraryScanners {
+		vinfos, err := lib.Scan()
+		if err != nil {
+			return 0, err
+		}
+		for _, vinfo := range vinfos {
+			vinfo.Confidences.AppendIfMissing(models.TrivyMatch)
+			r.ScannedCves[vinfo.CveID] = vinfo
+		}
+		totalCnt += len(vinfos)
+	}
+
+	return totalCnt, nil
+}
+
+func downloadDB(appVersion, cacheDir string, quiet, light, skipUpdate bool) error {
+	client := initializeDBClient(cacheDir, quiet)
+	ctx := context.Background()
+	needsUpdate, err := client.NeedsUpdate(appVersion, light, skipUpdate)
+	if err != nil {
+		return xerrors.Errorf("database error: %w", err)
+	}
+
+	if needsUpdate {
+		util.Log.Info("Need to update DB")
+		util.Log.Info("Downloading DB...")
+		if err := client.Download(ctx, cacheDir, light); err != nil {
+			return xerrors.Errorf("failed to download vulnerability DB: %w", err)
+		}
+		if err = client.UpdateMetadata(cacheDir); err != nil {
+			return xerrors.Errorf("unable to update database metadata: %w", err)
+		}
+	}
+
+	// for debug
+	if err := showDBInfo(cacheDir); err != nil {
+		return xerrors.Errorf("failed to show database info: %w", err)
+	}
+	return nil
+}
+
+func initializeDBClient(cacheDir string, quiet bool) db.Client {
+	config := db2.Config{}
+	client := github.NewClient()
+	progressBar := indicator.NewProgressBar(quiet)
+	realClock := clock.RealClock{}
+	fs := afero.NewOsFs()
+	metadata := db.NewMetadata(fs, cacheDir)
+	dbClient := db.NewClient(config, client, progressBar, realClock, metadata)
+	return dbClient
+}
+
+func showDBInfo(cacheDir string) error {
+	m := db.NewMetadata(afero.NewOsFs(), cacheDir)
+	metadata, err := m.Get()
+	if err != nil {
+		return xerrors.Errorf("something wrong with DB: %w", err)
+	}
+	util.Log.Debugf("DB Schema: %d, Type: %d, UpdatedAt: %s, NextUpdate: %s",
+		metadata.Version, metadata.Type, metadata.UpdatedAt, metadata.NextUpdate)
+	return nil
+}

main.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package main
 
 import (

models/cvecontents.go

@@ -1,24 +1,9 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models
 
 import (
 	"time"
+
+	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 )
 
 // CveContents has CveContent
@@ -68,6 +53,9 @@ func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveCont
 	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found {
+			if cont.SourceLink == "" {
+				continue
+			}
 			values = append(values, CveContentStr{ctype, cont.SourceLink})
 		}
 	}
@@ -108,7 +96,7 @@ type CveContentCpes struct {
 // Cpes returns affected CPEs of this Vulnerability
 func (v CveContents) Cpes(myFamily string) (values []CveContentCpes) {
 	order := CveContentTypes{NewCveContentType(myFamily)}
-	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+	order = append(order, AllCveContetTypes.Except(order...)...)
 
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && 0 < len(cont.Cpes) {
@@ -130,7 +118,7 @@ type CveContentRefs struct {
 // References returns References
 func (v CveContents) References(myFamily string) (values []CveContentRefs) {
 	order := CveContentTypes{NewCveContentType(myFamily)}
-	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+	order = append(order, AllCveContetTypes.Except(order...)...)
 
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && 0 < len(cont.References) {
@@ -140,13 +128,14 @@ func (v CveContents) References(myFamily string) (values []CveContentRefs) {
 			})
 		}
 	}
+
 	return
 }
 
 // CweIDs returns related CweIDs of the vulnerability
 func (v CveContents) CweIDs(myFamily string) (values []CveContentStr) {
 	order := CveContentTypes{NewCveContentType(myFamily)}
-	order = append(order, AllCveContetTypes.Except(append(order)...)...)
+	order = append(order, AllCveContetTypes.Except(order...)...)
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found && 0 < len(cont.CweIDs) {
 			for _, cweID := range cont.CweIDs {
@@ -222,7 +211,7 @@ func NewCveContentType(name string) CveContentType {
 		return Oracle
 	case "ubuntu":
 		return Ubuntu
-	case "debian":
+	case "debian", vulnerability.DebianOVAL:
 		return Debian
 	case "redhat_api":
 		return RedHatAPI
@@ -230,6 +219,22 @@ func NewCveContentType(name string) CveContentType {
 		return DebianSecurityTracker
 	case "microsoft":
 		return Microsoft
+	case "wordpress":
+		return WPVulnDB
+	case "amazon":
+		return Amazon
+	case "trivy":
+		return Trivy
+	// case vulnerability.NodejsSecurityWg:
+	// 	return NodeSec
+	// case vulnerability.PythonSafetyDB:
+	// 	return PythonSec
+	// case vulnerability.RustSec:
+	// 	return RustSec
+	// case vulnerability.PhpSecurityAdvisories:
+	// 	return PhpSec
+	// case vulnerability.RubySec:
+	// 	return RubySec
 	default:
 		return Unknown
 	}
@@ -263,12 +268,36 @@ const (
 	// Oracle is Oracle Linux
 	Oracle CveContentType = "oracle"
 
+	// Amazon is Amazon Linux
+	Amazon CveContentType = "amazon"
+
 	// SUSE is SUSE Linux
 	SUSE CveContentType = "suse"
 
 	// Microsoft is Microsoft
 	Microsoft CveContentType = "microsoft"
 
+	// WPVulnDB is WordPress
+	WPVulnDB CveContentType = "wpvulndb"
+
+	// Trivy is Trivy
+	Trivy CveContentType = "trivy"
+
+	// NodeSec : for JS
+	// NodeSec CveContentType = "node"
+
+	// // PythonSec : for PHP
+	// PythonSec CveContentType = "python"
+
+	// // PhpSec : for PHP
+	// PhpSec CveContentType = "php"
+
+	// // RubySec : for Ruby
+	// RubySec CveContentType = "ruby"
+
+	// // RustSec : for Rust
+	// RustSec CveContentType = "rust"
+
 	// Unknown is Unknown
 	Unknown CveContentType = "unknown"
 )
@@ -282,10 +311,19 @@ var AllCveContetTypes = CveContentTypes{
 	NvdXML,
 	Jvn,
 	RedHat,
+	RedHatAPI,
 	Debian,
 	Ubuntu,
-	RedHatAPI,
+	Amazon,
+	SUSE,
 	DebianSecurityTracker,
+	WPVulnDB,
+	Trivy,
+	// NodeSec,
+	// PythonSec,
+	// PhpSec,
+	// RubySec,
+	// RustSec,
 }
 
 // Except returns CveContentTypes except for given args

models/cvecontents_test.go

@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package models
 
 import (

models/library.go

@@ -0,0 +1,144 @@
+package models
+
+import (
+	"path/filepath"
+
+	"github.com/aquasecurity/trivy-db/pkg/db"
+	trivyDBTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/detector/library"
+
+	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/future-architect/vuls/util"
+	"golang.org/x/xerrors"
+
+	// "github.com/aquasecurity/go-dep-parser/pkg/types"
+	"github.com/knqyf263/go-version"
+)
+
+// LibraryScanners is an array of LibraryScanner
+type LibraryScanners []LibraryScanner
+
+// Find : find by name
+func (lss LibraryScanners) Find(name string) map[string]types.Library {
+	filtered := map[string]types.Library{}
+	for _, ls := range lss {
+		for _, lib := range ls.Libs {
+			if lib.Name == name {
+				filtered[ls.Path] = lib
+				break
+			}
+		}
+	}
+	return filtered
+}
+
+// LibraryScanner has libraries information
+type LibraryScanner struct {
+	Path string
+	Libs []types.Library
+}
+
+// Scan : scan target library
+func (s LibraryScanner) Scan() ([]VulnInfo, error) {
+	scanner := library.DriverFactory{}.NewDriver(filepath.Base(string(s.Path)))
+	if scanner == nil {
+		return nil, xerrors.New("unknown file type")
+	}
+
+	var vulnerabilities []VulnInfo
+	for _, pkg := range s.Libs {
+		v, err := version.NewVersion(pkg.Version)
+		if err != nil {
+			util.Log.Debugf("new version cant detected %s@%s", pkg.Name, pkg.Version)
+			continue
+		}
+
+		tvulns, err := scanner.Detect(pkg.Name, v)
+		if err != nil {
+			return nil, xerrors.Errorf("failed to detect %s vulnerabilities: %w", scanner.Type(), err)
+		}
+		if len(tvulns) == 0 {
+			continue
+		}
+
+		vulns := s.convertFanalToVuln(tvulns)
+		vulnerabilities = append(vulnerabilities, vulns...)
+	}
+
+	return vulnerabilities, nil
+}
+
+func (s LibraryScanner) convertFanalToVuln(tvulns []types.DetectedVulnerability) (vulns []VulnInfo) {
+	for _, tvuln := range tvulns {
+		vinfo, err := s.getVulnDetail(tvuln)
+		if err != nil {
+			util.Log.Debugf("failed to getVulnDetail. err: %s, tvun: %#v", err, tvuln)
+			continue
+		}
+		vulns = append(vulns, vinfo)
+	}
+	return vulns
+}
+
+func (s LibraryScanner) getVulnDetail(tvuln types.DetectedVulnerability) (vinfo VulnInfo, err error) {
+	vul, err := db.Config{}.GetVulnerability(tvuln.VulnerabilityID)
+	if err != nil {
+		return vinfo, err
+	}
+
+	vinfo.CveID = tvuln.VulnerabilityID
+	vinfo.CveContents = getCveContents(tvuln.VulnerabilityID, vul)
+	if tvuln.FixedVersion != "" {
+		vinfo.LibraryFixedIns = []LibraryFixedIn{
+			{
+				Key:     s.GetLibraryKey(),
+				Name:    tvuln.PkgName,
+				FixedIn: tvuln.FixedVersion,
+			},
+		}
+	}
+	return vinfo, nil
+}
+
+func getCveContents(cveID string, vul trivyDBTypes.Vulnerability) (contents map[CveContentType]CveContent) {
+	contents = map[CveContentType]CveContent{}
+	refs := []Reference{}
+	for _, refURL := range vul.References {
+		refs = append(refs, Reference{Source: "trivy", Link: refURL})
+	}
+
+	content := CveContent{
+		Type:          Trivy,
+		CveID:         cveID,
+		Title:         vul.Title,
+		Summary:       vul.Description,
+		Cvss3Severity: string(vul.Severity),
+		References:    refs,
+	}
+	contents[Trivy] = content
+	return contents
+}
+
+// LibraryMap is filename and library type
+var LibraryMap = map[string]string{
+	"package-lock.json": "node",
+	"yarn.lock":         "node",
+	"Gemfile.lock":      "ruby",
+	"Cargo.lock":        "rust",
+	"composer.lock":     "php",
+	"Pipfile.lock":      "python",
+	"poetry.lock":       "python",
+}
+
+// GetLibraryKey returns target library key
+func (s LibraryScanner) GetLibraryKey() string {
+	fileName := filepath.Base(s.Path)
+	return LibraryMap[fileName]
+}
+
+// LibraryFixedIn has library fixed information
+type LibraryFixedIn struct {
+	Key     string `json:"key,omitempty"`
+	Name    string `json:"name,omitempty"`
+	FixedIn string `json:"fixedIn,omitempty"`
+}

models/library_test.go

@@ -0,0 +1,146 @@
+package models
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/aquasecurity/trivy-db/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/utils"
+)
+
+func TestScan(t *testing.T) {
+	var tests = []struct {
+		path string
+		pkgs []types.Library
+	}{
+		{
+			path: "app/package-lock.json",
+			pkgs: []types.Library{
+				{
+					Name:    "jquery",
+					Version: "2.2.4",
+				},
+				{
+					Name:    "@babel/traverse",
+					Version: "7.4.4",
+				},
+			},
+		},
+	}
+
+	if err := log.InitLogger(false, false); err != nil {
+		t.Errorf("trivy logger failed")
+	}
+
+	cacheDir := utils.DefaultCacheDir()
+	if err := db.Init(cacheDir); err != nil {
+		t.Errorf("trivy db.Init failed")
+	}
+	for _, v := range tests {
+		lib := LibraryScanner{
+			Path: v.path,
+			Libs: v.pkgs,
+		}
+		actual, err := lib.Scan()
+		if err != nil {
+			t.Errorf("error occurred")
+		}
+		if len(actual) == 0 {
+			t.Errorf("no vuln found : actual: %v\n", actual)
+		}
+	}
+	db.Close()
+}
+
+func TestLibraryScanners_Find(t *testing.T) {
+	type args struct {
+		name string
+	}
+	tests := []struct {
+		name string
+		lss  LibraryScanners
+		args args
+		want map[string]types.Library
+	}{
+		{
+			name: "single file",
+			lss: LibraryScanners{
+				{
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
+				},
+			},
+			args: args{"libA"},
+			want: map[string]types.Library{
+				"/pathA": {
+					Name:    "libA",
+					Version: "1.0.0",
+				},
+			},
+		},
+		{
+			name: "multi file",
+			lss: LibraryScanners{
+				{
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
+				},
+				{
+					Path: "/pathB",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.5",
+						},
+					},
+				},
+			},
+			args: args{"libA"},
+			want: map[string]types.Library{
+				"/pathA": {
+					Name:    "libA",
+					Version: "1.0.0",
+				},
+				"/pathB": {
+					Name:    "libA",
+					Version: "1.0.5",
+				},
+			},
+		},
+		{
+			name: "miss",
+			lss: LibraryScanners{
+				{
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
+				},
+			},
+			args: args{"libB"},
+			want: map[string]types.Library{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.lss.Find(tt.args.name); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("LibraryScanners.Find() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

models/models.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models
 
 // JSONVersion is JSON Version

models/models_test.go

@@ -1,18 +0,0 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-package models

models/packages.go

@@ -1,26 +1,11 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models
 
 import (
 	"bytes"
 	"fmt"
 	"strings"
+
+	"golang.org/x/xerrors"
 )
 
 // Packages is Map of Package
@@ -83,7 +68,7 @@ func (ps Packages) FindByFQPN(nameVerRelArc string) (*Package, error) {
 			return &p, nil
 		}
 	}
-	return nil, fmt.Errorf("Failed to find the package: %s", nameVerRelArc)
+	return nil, xerrors.Errorf("Failed to find the package: %s", nameVerRelArc)
 }
 
 // Package has installed binary packages.
@@ -135,18 +120,23 @@ func (p Package) FormatNewVer() string {
 }
 
 // FormatVersionFromTo formats installed and new package version
-func (p Package) FormatVersionFromTo(notFixedYet bool, status string) string {
+func (p Package) FormatVersionFromTo(stat PackageFixStatus) string {
 	to := p.FormatNewVer()
-	if notFixedYet {
-		if status != "" {
-			to = status
+	if stat.NotFixedYet {
+		if stat.FixState != "" {
+			to = stat.FixState
 		} else {
 			to = "Not Fixed Yet"
 		}
 	} else if p.NewVersion == "" {
 		to = "Unknown"
 	}
-	return fmt.Sprintf("%s-%s -> %s", p.Name, p.FormatVer(), to)
+	var fixedIn string
+	if stat.FixedIn != "" {
+		fixedIn = fmt.Sprintf(" (FixedIn: %s)", stat.FixedIn)
+	}
+	return fmt.Sprintf("%s-%s -> %s%s",
+		p.Name, p.FormatVer(), to, fixedIn)
 }
 
 // FormatChangelog formats the changelog
@@ -183,8 +173,9 @@ type Changelog struct {
 
 // AffectedProcess keep a processes information affected by software update
 type AffectedProcess struct {
-	PID  string `json:"pid"`
-	Name string `json:"name"`
+	PID         string   `json:"pid,omitempty"`
+	Name        string   `json:"name,omitempty"`
+	ListenPorts []string `json:"listenPorts,omitempty"`
 }
 
 // NeedRestartProcess keep a processes information affected by software update
@@ -204,6 +195,7 @@ type NeedRestartProcess struct {
 type SrcPackage struct {
 	Name        string   `json:"name"`
 	Version     string   `json:"version"`
+	Arch        string   `json:"arch"`
 	BinaryNames []string `json:"binaryNames"`
 }
 

models/packages_test.go

@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package models
 
 import (
@@ -191,3 +175,125 @@ func TestFindByBinName(t *testing.T) {
 		}
 	}
 }
+
+func TestPackage_FormatVersionFromTo(t *testing.T) {
+	type fields struct {
+		Name             string
+		Version          string
+		Release          string
+		NewVersion       string
+		NewRelease       string
+		Arch             string
+		Repository       string
+		Changelog        Changelog
+		AffectedProcs    []AffectedProcess
+		NeedRestartProcs []NeedRestartProcess
+	}
+	type args struct {
+		stat PackageFixStatus
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   string
+	}{
+		{
+			name: "fixed",
+			fields: fields{
+				Name:       "packA",
+				Version:    "1.0.0",
+				Release:    "a",
+				NewVersion: "1.0.1",
+				NewRelease: "b",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: false,
+					FixedIn:     "1.0.1-b",
+				},
+			},
+			want: "packA-1.0.0-a -> 1.0.1-b (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+				},
+			},
+			want: "packA-1.0.0-a -> Not Fixed Yet",
+		},
+		{
+			name: "nfy",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: false,
+					FixedIn:     "1.0.1-b",
+				},
+			},
+			want: "packA-1.0.0-a -> Unknown (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy2",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+					FixedIn:     "1.0.1-b",
+					FixState:    "open",
+				},
+			},
+			want: "packA-1.0.0-a -> open (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy3",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+					FixedIn:     "1.0.1-b",
+					FixState:    "open",
+				},
+			},
+			want: "packA-1.0.0-a -> open (FixedIn: 1.0.1-b)",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := Package{
+				Name:             tt.fields.Name,
+				Version:          tt.fields.Version,
+				Release:          tt.fields.Release,
+				NewVersion:       tt.fields.NewVersion,
+				NewRelease:       tt.fields.NewRelease,
+				Arch:             tt.fields.Arch,
+				Repository:       tt.fields.Repository,
+				Changelog:        tt.fields.Changelog,
+				AffectedProcs:    tt.fields.AffectedProcs,
+				NeedRestartProcs: tt.fields.NeedRestartProcs,
+			}
+			if got := p.FormatVersionFromTo(tt.args.stat); got != tt.want {
+				t.Errorf("Package.FormatVersionFromTo() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

models/scanresults.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models
 
 import (
@@ -34,32 +17,41 @@ type ScanResults []ScanResult
 
 // ScanResult has the result of scanned CVE information.
 type ScanResult struct {
-	JSONVersion      int                    `json:"jsonVersion"`
-	Lang             string                 `json:"lang"`
-	ServerUUID       string                 `json:"serverUUID"`
-	ServerName       string                 `json:"serverName"` // TOML Section key
-	Family           string                 `json:"family"`
-	Release          string                 `json:"release"`
-	Container        Container              `json:"container"`
-	Platform         Platform               `json:"platform"`
-	IPv4Addrs        []string               `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
-	IPv6Addrs        []string               `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
-	ScannedAt        time.Time              `json:"scannedAt"`
-	ScannedVersion   string                 `json:"scannedVersion"`
-	ScannedRevision  string                 `json:"scannedRevision"`
-	ScannedBy        string                 `json:"scannedBy"`
-	ReportedAt       time.Time              `json:"reportedAt"`
-	ReportedVersion  string                 `json:"reportedVersion"`
-	ReportedRevision string                 `json:"reportedRevision"`
-	ReportedBy       string                 `json:"reportedBy"`
-	ScannedCves      VulnInfos              `json:"scannedCves"`
-	RunningKernel    Kernel                 `json:"runningKernel"`
-	Packages         Packages               `json:"packages"`
-	CweDict          CweDict                `json:"cweDict"`
-	Optional         map[string]interface{} `json:",omitempty"`
-	SrcPackages      SrcPackages            `json:",omitempty"`
-	Errors           []string               `json:"errors"`
-	Config           struct {
+	JSONVersion      int                   `json:"jsonVersion"`
+	Lang             string                `json:"lang"`
+	ServerUUID       string                `json:"serverUUID"`
+	ServerName       string                `json:"serverName"` // TOML Section key
+	Family           string                `json:"family"`
+	Release          string                `json:"release"`
+	Container        Container             `json:"container"`
+	Platform         Platform              `json:"platform"`
+	IPv4Addrs        []string              `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPv6Addrs        []string              `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
+	IPSIdentifiers   map[config.IPS]string `json:"ipsIdentifiers,omitempty"`
+	ScannedAt        time.Time             `json:"scannedAt"`
+	ScanMode         string                `json:"scanMode"`
+	ScannedVersion   string                `json:"scannedVersion"`
+	ScannedRevision  string                `json:"scannedRevision"`
+	ScannedBy        string                `json:"scannedBy"`
+	ScannedVia       string                `json:"scannedVia"`
+	ScannedIPv4Addrs []string              `json:"scannedIpv4Addrs,omitempty"`
+	ScannedIPv6Addrs []string              `json:"scannedIpv6Addrs,omitempty"`
+	ReportedAt       time.Time             `json:"reportedAt"`
+	ReportedVersion  string                `json:"reportedVersion"`
+	ReportedRevision string                `json:"reportedRevision"`
+	ReportedBy       string                `json:"reportedBy"`
+	Errors           []string              `json:"errors"`
+	Warnings         []string              `json:"warnings"`
+
+	ScannedCves       VulnInfos              `json:"scannedCves"`
+	RunningKernel     Kernel                 `json:"runningKernel"`
+	Packages          Packages               `json:"packages"`
+	SrcPackages       SrcPackages            `json:",omitempty"`
+	WordPressPackages *WordPressPackages     `json:",omitempty"`
+	LibraryScanners   LibraryScanners        `json:"libraries,omitempty"`
+	CweDict           CweDict                `json:"cweDict,omitempty"`
+	Optional          map[string]interface{} `json:",omitempty"`
+	Config            struct {
 		Scan   config.Config `json:"scan"`
 		Report config.Config `json:"report"`
 	} `json:"config"`
@@ -69,7 +61,7 @@ type ScanResult struct {
 type CweDict map[string]CweDictEntry
 
 // Get the name, url, top10URL for the specified cweID, lang
-func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string) {
+func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL string) {
 	cweNum := strings.TrimPrefix(cweID, "CWE-")
 	switch config.Conf.Lang {
 	case "ja":
@@ -77,6 +69,14 @@ func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string)
 			top10Rank = dict.OwaspTopTen2017
 			top10URL = cwe.OwaspTopTen2017GitHubURLJa[dict.OwaspTopTen2017]
 		}
+		if dict, ok := c[cweNum]; ok && dict.CweTopTwentyfive2019 != "" {
+			cweTop25Rank = dict.CweTopTwentyfive2019
+			cweTop25URL = cwe.CweTopTwentyfive2019URL
+		}
+		if dict, ok := c[cweNum]; ok && dict.SansTopTwentyfive != "" {
+			sansTop25Rank = dict.SansTopTwentyfive
+			sansTop25URL = cwe.SansTopTwentyfiveURL
+		}
 		if dict, ok := cwe.CweDictJa[cweNum]; ok {
 			name = dict.Name
 			url = fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID)
@@ -91,6 +91,14 @@ func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string)
 			top10Rank = dict.OwaspTopTen2017
 			top10URL = cwe.OwaspTopTen2017GitHubURLEn[dict.OwaspTopTen2017]
 		}
+		if dict, ok := c[cweNum]; ok && dict.CweTopTwentyfive2019 != "" {
+			cweTop25Rank = dict.CweTopTwentyfive2019
+			cweTop25URL = cwe.CweTopTwentyfive2019URL
+		}
+		if dict, ok := c[cweNum]; ok && dict.SansTopTwentyfive != "" {
+			sansTop25Rank = dict.SansTopTwentyfive
+			sansTop25URL = cwe.SansTopTwentyfiveURL
+		}
 		url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID)
 		if dict, ok := cwe.CweDictEn[cweNum]; ok {
 			name = dict.Name
@@ -101,9 +109,11 @@ func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string)
 
 // CweDictEntry is a entry of CWE
 type CweDictEntry struct {
-	En              *cwe.Cwe `json:"en,omitempty"`
-	Ja              *cwe.Cwe `json:"ja,omitempty"`
-	OwaspTopTen2017 string   `json:"owaspTopTen2017"`
+	En                   *cwe.Cwe `json:"en,omitempty"`
+	Ja                   *cwe.Cwe `json:"ja,omitempty"`
+	OwaspTopTen2017      string   `json:"owaspTopTen2017"`
+	CweTopTwentyfive2019 string   `json:"cweTopTwentyfive2019"`
+	SansTopTwentyfive    string   `json:"sansTopTwentyfive"`
 }
 
 // Kernel has the Release, version and whether need restart
@@ -142,8 +152,6 @@ func (r ScanResult) FilterIgnoreCves() ScanResult {
 			if con, ok := s.Containers[r.Container.Name]; ok {
 				ignoreCves = con.IgnoreCves
 			} else {
-				util.Log.Errorf("%s is not found in config.toml",
-					r.Container.Name)
 				return r
 			}
 		} else {
@@ -171,6 +179,10 @@ func (r ScanResult) FilterUnfixed() ScanResult {
 		return r
 	}
 	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		// Report cves detected by CPE because Vuls can't know 'fixed' or 'unfixed'
+		if len(v.CpeURIs) != 0 {
+			return true
+		}
 		NotFixedAll := true
 		for _, p := range v.AffectedPackages {
 			NotFixedAll = NotFixedAll && p.NotFixedYet
@@ -191,8 +203,6 @@ func (r ScanResult) FilterIgnorePkgs() ScanResult {
 			if con, ok := s.Containers[r.Container.Name]; ok {
 				ignorePkgsRegexps = con.IgnorePkgsRegexp
 			} else {
-				util.Log.Errorf("%s is not found in config.toml",
-					r.Container.Name)
 				return r
 			}
 		} else {
@@ -206,7 +216,7 @@ func (r ScanResult) FilterIgnorePkgs() ScanResult {
 	for _, pkgRegexp := range ignorePkgsRegexps {
 		re, err := regexp.Compile(pkgRegexp)
 		if err != nil {
-			util.Log.Errorf("Faild to parse %s, %s", pkgRegexp, err)
+			util.Log.Errorf("Faild to parse %s. err: %+v", pkgRegexp, err)
 			continue
 		} else {
 			regexps = append(regexps, re)
@@ -238,7 +248,31 @@ func (r ScanResult) FilterIgnorePkgs() ScanResult {
 	return r
 }
 
-// ReportFileName returns the filename on localhost without extention
+// FilterInactiveWordPressLibs is filter function.
+func (r ScanResult) FilterInactiveWordPressLibs() ScanResult {
+	if !config.Conf.Servers[r.ServerName].WordPress.IgnoreInactive {
+		return r
+	}
+
+	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
+		if len(v.WpPackageFixStats) == 0 {
+			return true
+		}
+		// Ignore if all libs in this vulnInfo inactive
+		for _, wp := range v.WpPackageFixStats {
+			if p, ok := r.WordPressPackages.Find(wp.Name); ok {
+				if p.Status != Inactive {
+					return true
+				}
+			}
+		}
+		return false
+	})
+	r.ScannedCves = filtered
+	return r
+}
+
+// ReportFileName returns the filename on localhost without extension
 func (r ScanResult) ReportFileName() (name string) {
 	if len(r.Container.ContainerID) == 0 {
 		return fmt.Sprintf("%s", r.ServerName)
@@ -246,7 +280,7 @@ func (r ScanResult) ReportFileName() (name string) {
 	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
 }
 
-// ReportKeyName returns the name of key on S3, Azure-Blob without extention
+// ReportKeyName returns the name of key on S3, Azure-Blob without extension
 func (r ScanResult) ReportKeyName() (name string) {
 	timestr := r.ScannedAt.Format(time.RFC3339)
 	if len(r.Container.ContainerID) == 0 {
@@ -275,6 +309,9 @@ func (r ScanResult) ServerInfoTui() string {
 	if len(r.Container.ContainerID) == 0 {
 		line := fmt.Sprintf("%s (%s%s)",
 			r.ServerName, r.Family, r.Release)
+		if len(r.Warnings) != 0 {
+			line = "[Warn] " + line
+		}
 		if r.RunningKernel.RebootRequired {
 			return "[Reboot] " + line
 		}
@@ -309,13 +346,14 @@ func (r ScanResult) FormatTextReportHeadedr() string {
 		buf.WriteString("=")
 	}
 
-	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s\n",
+	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s\n",
 		r.ServerInfo(),
 		buf.String(),
 		r.ScannedCves.FormatCveSummary(),
 		r.ScannedCves.FormatFixedStatus(r.Packages),
 		r.FormatUpdatablePacksSummary(),
 		r.FormatExploitCveSummary(),
+		r.FormatAlertSummary(),
 	)
 }
 
@@ -347,7 +385,22 @@ func (r ScanResult) FormatExploitCveSummary() string {
 			nExploitCve++
 		}
 	}
-	return fmt.Sprintf("%d cves with exploit", nExploitCve)
+	return fmt.Sprintf("%d exploits", nExploitCve)
+}
+
+// FormatAlertSummary returns a summary of XCERT alerts
+func (r ScanResult) FormatAlertSummary() string {
+	jaCnt := 0
+	enCnt := 0
+	for _, vuln := range r.ScannedCves {
+		if len(vuln.AlertDict.En) > 0 {
+			enCnt += len(vuln.AlertDict.En)
+		}
+		if len(vuln.AlertDict.Ja) > 0 {
+			jaCnt += len(vuln.AlertDict.Ja)
+		}
+	}
+	return fmt.Sprintf("en: %d, ja: %d alerts", enCnt, jaCnt)
 }
 
 func (r ScanResult) isDisplayUpdatableNum() bool {

models/scanresults_test.go

@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package models
 
 import (
@@ -348,7 +332,7 @@ func TestFilterUnfixed(t *testing.T) {
 				ScannedCves: VulnInfos{
 					"CVE-2017-0001": {
 						CveID: "CVE-2017-0001",
-						AffectedPackages: PackageStatuses{
+						AffectedPackages: PackageFixStatuses{
 							{
 								Name:        "a",
 								NotFixedYet: true,
@@ -357,7 +341,7 @@ func TestFilterUnfixed(t *testing.T) {
 					},
 					"CVE-2017-0002": {
 						CveID: "CVE-2017-0002",
-						AffectedPackages: PackageStatuses{
+						AffectedPackages: PackageFixStatuses{
 							{
 								Name:        "b",
 								NotFixedYet: false,
@@ -366,7 +350,7 @@ func TestFilterUnfixed(t *testing.T) {
 					},
 					"CVE-2017-0003": {
 						CveID: "CVE-2017-0003",
-						AffectedPackages: PackageStatuses{
+						AffectedPackages: PackageFixStatuses{
 							{
 								Name:        "c",
 								NotFixedYet: true,
@@ -383,7 +367,7 @@ func TestFilterUnfixed(t *testing.T) {
 				ScannedCves: VulnInfos{
 					"CVE-2017-0002": {
 						CveID: "CVE-2017-0002",
-						AffectedPackages: PackageStatuses{
+						AffectedPackages: PackageFixStatuses{
 							{
 								Name:        "b",
 								NotFixedYet: false,
@@ -392,7 +376,7 @@ func TestFilterUnfixed(t *testing.T) {
 					},
 					"CVE-2017-0003": {
 						CveID: "CVE-2017-0003",
-						AffectedPackages: PackageStatuses{
+						AffectedPackages: PackageFixStatuses{
 							{
 								Name:        "c",
 								NotFixedYet: true,
@@ -435,7 +419,7 @@ func TestFilterIgnorePkgs(t *testing.T) {
 					ScannedCves: VulnInfos{
 						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
-							AffectedPackages: PackageStatuses{
+							AffectedPackages: PackageFixStatuses{
 								{Name: "kernel"},
 							},
 						},
@@ -462,7 +446,7 @@ func TestFilterIgnorePkgs(t *testing.T) {
 					ScannedCves: VulnInfos{
 						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
-							AffectedPackages: PackageStatuses{
+							AffectedPackages: PackageFixStatuses{
 								{Name: "kernel"},
 								{Name: "vim"},
 							},
@@ -475,7 +459,7 @@ func TestFilterIgnorePkgs(t *testing.T) {
 				ScannedCves: VulnInfos{
 					"CVE-2017-0001": {
 						CveID: "CVE-2017-0001",
-						AffectedPackages: PackageStatuses{
+						AffectedPackages: PackageFixStatuses{
 							{Name: "kernel"},
 							{Name: "vim"},
 						},
@@ -491,7 +475,7 @@ func TestFilterIgnorePkgs(t *testing.T) {
 					ScannedCves: VulnInfos{
 						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
-							AffectedPackages: PackageStatuses{
+							AffectedPackages: PackageFixStatuses{
 								{Name: "kernel"},
 								{Name: "vim"},
 							},
@@ -545,7 +529,7 @@ func TestFilterIgnorePkgsContainer(t *testing.T) {
 					ScannedCves: VulnInfos{
 						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
-							AffectedPackages: PackageStatuses{
+							AffectedPackages: PackageFixStatuses{
 								{Name: "kernel"},
 							},
 						},
@@ -574,7 +558,7 @@ func TestFilterIgnorePkgsContainer(t *testing.T) {
 					ScannedCves: VulnInfos{
 						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
-							AffectedPackages: PackageStatuses{
+							AffectedPackages: PackageFixStatuses{
 								{Name: "kernel"},
 								{Name: "vim"},
 							},
@@ -588,7 +572,7 @@ func TestFilterIgnorePkgsContainer(t *testing.T) {
 				ScannedCves: VulnInfos{
 					"CVE-2017-0001": {
 						CveID: "CVE-2017-0001",
-						AffectedPackages: PackageStatuses{
+						AffectedPackages: PackageFixStatuses{
 							{Name: "kernel"},
 							{Name: "vim"},
 						},
@@ -605,7 +589,7 @@ func TestFilterIgnorePkgsContainer(t *testing.T) {
 					ScannedCves: VulnInfos{
 						"CVE-2017-0001": {
 							CveID: "CVE-2017-0001",
-							AffectedPackages: PackageStatuses{
+							AffectedPackages: PackageFixStatuses{
 								{Name: "kernel"},
 								{Name: "vim"},
 							},

models/utils.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models
 
 import (

models/vulninfos.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package models
 
 import (
@@ -25,6 +8,7 @@ import (
 	"time"
 
 	"github.com/future-architect/vuls/config"
+	exploitmodels "github.com/mozqnet/go-exploitdb/models"
 )
 
 // VulnInfos has a map of VulnInfo
@@ -112,27 +96,26 @@ func (v VulnInfos) FormatFixedStatus(packs Packages) string {
 			continue
 		}
 		total++
-		if vInfo.PatchStatus(packs) == "Fixed" {
+		if vInfo.PatchStatus(packs) == "fixed" {
 			fixed++
 		}
 	}
 	return fmt.Sprintf("%d/%d Fixed", fixed, total)
 }
 
-// PackageStatuses is a list of PackageStatus
-type PackageStatuses []PackageStatus
+// PackageFixStatuses is a list of PackageStatus
+type PackageFixStatuses []PackageFixStatus
 
-// FormatTuiSummary format packname to show TUI summary
-func (ps PackageStatuses) FormatTuiSummary() string {
-	names := []string{}
+// Names return a slice of package names
+func (ps PackageFixStatuses) Names() (names []string) {
 	for _, p := range ps {
 		names = append(names, p.Name)
 	}
-	return strings.Join(names, ", ")
+	return names
 }
 
 // Store insert given pkg if missing, update pkg if exists
-func (ps PackageStatuses) Store(pkg PackageStatus) PackageStatuses {
+func (ps PackageFixStatuses) Store(pkg PackageFixStatus) PackageFixStatuses {
 	for i, p := range ps {
 		if p.Name == pkg.Name {
 			ps[i] = pkg
@@ -144,29 +127,109 @@ func (ps PackageStatuses) Store(pkg PackageStatus) PackageStatuses {
 }
 
 // Sort by Name
-func (ps PackageStatuses) Sort() {
+func (ps PackageFixStatuses) Sort() {
 	sort.Slice(ps, func(i, j int) bool {
 		return ps[i].Name < ps[j].Name
 	})
 	return
 }
 
-// PackageStatus has name and other status abount the package
-type PackageStatus struct {
-	Name        string `json:"name"`
-	NotFixedYet bool   `json:"notFixedYet"`
-	FixState    string `json:"fixState"`
+// PackageFixStatus has name and other status abount the package
+type PackageFixStatus struct {
+	Name        string `json:"name,omitempty"`
+	NotFixedYet bool   `json:"notFixedYet,omitempty"`
+	FixState    string `json:"fixState,omitempty"`
+	FixedIn     string `json:"fixedIn,omitempty"`
 }
 
 // VulnInfo has a vulnerability information and unsecure packages
 type VulnInfo struct {
-	CveID            string           `json:"cveID"`
-	Confidences      Confidences      `json:"confidences"`
-	AffectedPackages PackageStatuses  `json:"affectedPackages"`
-	DistroAdvisories []DistroAdvisory `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
-	CpeURIs          []string         `json:"cpeURIs,omitempty"`          // CpeURIs related to this CVE defined in config.toml
-	CveContents      CveContents      `json:"cveContents"`
-	Exploits         []Exploit        `json:"exploits"`
+	CveID                string               `json:"cveID,omitempty"`
+	Confidences          Confidences          `json:"confidences,omitempty"`
+	AffectedPackages     PackageFixStatuses   `json:"affectedPackages,omitempty"`
+	DistroAdvisories     DistroAdvisories     `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
+	CveContents          CveContents          `json:"cveContents,omitempty"`
+	Exploits             []Exploit            `json:"exploits,omitempty"`
+	AlertDict            AlertDict            `json:"alertDict,omitempty"`
+	CpeURIs              []string             `json:"cpeURIs,omitempty"` // CpeURIs related to this CVE defined in config.toml
+	GitHubSecurityAlerts GitHubSecurityAlerts `json:"gitHubSecurityAlerts,omitempty"`
+	WpPackageFixStats    WpPackageFixStats    `json:"wpPackageFixStats,omitempty"`
+	LibraryFixedIns      LibraryFixedIns      `json:"libraryFixedIns,omitempty"`
+
+	VulnType string `json:"vulnType,omitempty"`
+}
+
+// Alert has XCERT alert information
+type Alert struct {
+	URL   string `json:"url,omitempty"`
+	Title string `json:"title,omitempty"`
+	Team  string `json:"team,omitempty"`
+}
+
+// GitHubSecurityAlerts is a list of GitHubSecurityAlert
+type GitHubSecurityAlerts []GitHubSecurityAlert
+
+// Add adds given arg to the slice and return the slice (immutable)
+func (g GitHubSecurityAlerts) Add(alert GitHubSecurityAlert) GitHubSecurityAlerts {
+	for _, a := range g {
+		if a.PackageName == alert.PackageName {
+			return g
+		}
+	}
+	return append(g, alert)
+}
+
+// Names return a slice of lib names
+func (g GitHubSecurityAlerts) Names() (names []string) {
+	for _, a := range g {
+		names = append(names, a.PackageName)
+	}
+	return names
+}
+
+// GitHubSecurityAlert has detected CVE-ID, PackageName, Status fetched via GitHub API
+type GitHubSecurityAlert struct {
+	PackageName   string    `json:"packageName"`
+	FixedIn       string    `json:"fixedIn"`
+	AffectedRange string    `json:"affectedRange"`
+	Dismissed     bool      `json:"dismissed"`
+	DismissedAt   time.Time `json:"dismissedAt"`
+	DismissReason string    `json:"dismissReason"`
+}
+
+// LibraryFixedIns is a list of Library's FixedIn
+type LibraryFixedIns []LibraryFixedIn
+
+// Names return a slice of names
+func (lfs LibraryFixedIns) Names() (names []string) {
+	for _, lf := range lfs {
+		names = append(names, lf.Name)
+	}
+	return names
+}
+
+// WpPackageFixStats is a list of WpPackageFixStatus
+type WpPackageFixStats []WpPackageFixStatus
+
+// Names return a slice of names
+func (ws WpPackageFixStats) Names() (names []string) {
+	for _, w := range ws {
+		names = append(names, w.Name)
+	}
+	return names
+}
+
+// WpPackages has a list of WpPackage
+type WpPackages []WpPackage
+
+// Add adds given arg to the slice and return the slice (immutable)
+func (g WpPackages) Add(pkg WpPackage) WpPackages {
+	for _, a := range g {
+		if a.Name == pkg.Name {
+			return g
+		}
+	}
+	return append(g, pkg)
 }
 
 // Titles returns tilte (TUI)
@@ -182,7 +245,7 @@ func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) {
 		values = append(values, CveContentStr{RedHatAPI, cont.Title})
 	}
 
-	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order := CveContentTypes{Trivy, Nvd, NvdXML, NewCveContentType(myFamily)}
 	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
 	for _, ctype := range order {
 		// Only JVN has meaningful title. so return first 100 char of summary
@@ -222,7 +285,7 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
 		}
 	}
 
-	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order := CveContentTypes{Trivy, NewCveContentType(myFamily), Nvd, NvdXML}
 	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
 	for _, ctype := range order {
 		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) {
@@ -241,6 +304,13 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
 		})
 	}
 
+	if v, ok := v.CveContents[WPVulnDB]; ok {
+		values = append(values, CveContentStr{
+			Type:  "WPVDB",
+			Value: v.Title,
+		})
+	}
+
 	if len(values) == 0 {
 		return []CveContentStr{{
 			Type:  Unknown,
@@ -274,13 +344,13 @@ func (v VulnInfo) Mitigations(myFamily string) (values []CveContentStr) {
 
 // Cvss2Scores returns CVSS V2 Scores
 func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
-	order := []CveContentType{Nvd, NvdXML, RedHat, Jvn}
+	order := []CveContentType{Nvd, NvdXML, RedHatAPI, RedHat, Jvn}
 	if myFamily != config.RedHat && myFamily != config.CentOS {
 		order = append(order, NewCveContentType(myFamily))
 	}
 	for _, ctype := range order {
 		if cont, found := v.CveContents[ctype]; found {
-			if cont.Cvss2Score == 0 && cont.Cvss2Severity == "" {
+			if cont.Cvss2Score == 0 || cont.Cvss2Severity == "" {
 				continue
 			}
 			// https://nvd.nist.gov/vuln-metrics/cvss
@@ -296,26 +366,6 @@ func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
 		}
 	}
 
-	for _, v := range values {
-		if v.Type == RedHat {
-			return
-		}
-	}
-	// Set the CVSS v2 score of vuln that exists only in gost.
-	// Unfixed vulnerabilities detected by gost are not in OVAL, because
-	// OVAL data has only vulnerabilities for already fixed.
-	if cont, found := v.CveContents[RedHatAPI]; found {
-		values = append(values, CveContentCvss{
-			Type: RedHatAPI,
-			Value: Cvss{
-				Type:     CVSS2,
-				Score:    cont.Cvss2Score,
-				Vector:   cont.Cvss2Vector,
-				Severity: strings.ToUpper(cont.Cvss2Severity),
-			},
-		})
-	}
-
 	for _, adv := range v.DistroAdvisories {
 		if adv.Severity != "" {
 			values = append(values, CveContentCvss{
@@ -358,7 +408,7 @@ func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
 
 // Cvss3Scores returns CVSS V3 Score
 func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
-	order := []CveContentType{Nvd, RedHat, Jvn}
+	order := []CveContentType{Nvd, RedHatAPI, RedHat, Jvn}
 	for _, ctype := range order {
 		if cont, found := v.CveContents[ctype]; found {
 			// https://nvd.nist.gov/vuln-metrics/cvss
@@ -374,26 +424,17 @@ func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
 		}
 	}
 
-	for _, v := range values {
-		if v.Type == RedHat {
-			return
-		}
-	}
-
-	// Set the CVSS v3 score of vuln that exists only in gost.
-	// Unfixed vulnerabilities detected by gost are not in OVAL, because
-	// OVAL data has only vulnerabilities for already fixed.
-	if cont, found := v.CveContents[RedHatAPI]; found {
+	if cont, found := v.CveContents[Trivy]; found && cont.Cvss3Severity != "" {
 		values = append(values, CveContentCvss{
-			Type: RedHatAPI,
+			Type: Trivy,
 			Value: Cvss{
 				Type:     CVSS3,
-				Score:    cont.Cvss3Score,
-				Vector:   cont.Cvss3Vector,
+				Score:    severityToV2ScoreRoughly(cont.Cvss3Severity),
 				Severity: strings.ToUpper(cont.Cvss3Severity),
 			},
 		})
 	}
+
 	return
 }
 
@@ -514,16 +555,17 @@ func (v VulnInfo) MaxCvss2Score() CveContentCvss {
 func (v VulnInfo) AttackVector() string {
 	for _, cnt := range v.CveContents {
 		if strings.HasPrefix(cnt.Cvss2Vector, "AV:N") ||
-			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:N") {
-			return "Network"
+			strings.Contains(cnt.Cvss3Vector, "AV:N") {
+			return "AV:N"
 		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:A") ||
-			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:A") {
-			return "Adjacent"
+			strings.Contains(cnt.Cvss3Vector, "AV:A") {
+			return "AV:A"
 		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:L") ||
-			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:L") {
-			return "Local"
-		} else if strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:P") {
-			return "Physical"
+			strings.Contains(cnt.Cvss3Vector, "AV:L") {
+			return "AV:L"
+		} else if strings.Contains(cnt.Cvss3Vector, "AV:P") {
+			// no AV:P in CVSS v2
+			return "AV:P"
 		}
 	}
 	if cont, found := v.CveContents[DebianSecurityTracker]; found {
@@ -534,7 +576,7 @@ func (v VulnInfo) AttackVector() string {
 	return ""
 }
 
-// PatchStatus returns attack vector string
+// PatchStatus returns fixed or unfixed string
 func (v VulnInfo) PatchStatus(packs Packages) string {
 	// Vuls don't know patch status of the CPE
 	if len(v.CpeURIs) != 0 {
@@ -542,17 +584,24 @@ func (v VulnInfo) PatchStatus(packs Packages) string {
 	}
 	for _, p := range v.AffectedPackages {
 		if p.NotFixedYet {
-			return "Unfixed"
+			return "unfixed"
+		}
+
+		// Fast and offline mode can not get the candidate version.
+		// Vuls can be considered as 'fixed' if not-fixed-yet==true and
+		// the fixed-in-version (information in the oval) is not an empty.
+		if p.FixedIn != "" {
+			continue
 		}
 
 		// fast, offline mode doesn't have new version
 		if pack, ok := packs[p.Name]; ok {
 			if pack.NewVersion == "" {
-				return "Unknown"
+				return "unknown"
 			}
 		}
 	}
-	return "Fixed"
+	return "fixed"
 }
 
 // CveContentCvss has CVSS information
@@ -652,6 +701,12 @@ func (v VulnInfo) Cvss3CalcURL() string {
 // VendorLinks returns links of vendor support's URL
 func (v VulnInfo) VendorLinks(family string) map[string]string {
 	links := map[string]string{}
+	if strings.HasPrefix(v.CveID, "WPVDBID") {
+		links["WPVulnDB"] = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s",
+			strings.TrimPrefix(v.CveID, "WPVDBID-"))
+		return links
+	}
+
 	switch family {
 	case config.RedHat, config.CentOS:
 		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
@@ -670,8 +725,14 @@ func (v VulnInfo) VendorLinks(family string) map[string]string {
 	case config.Amazon:
 		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
 		for _, advisory := range v.DistroAdvisories {
-			links[advisory.AdvisoryID] =
-				fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
+			if strings.HasPrefix(advisory.AdvisoryID, "ALAS2") {
+				links[advisory.AdvisoryID] =
+					fmt.Sprintf("https://alas.aws.amazon.com/AL2/%s.html",
+						strings.Replace(advisory.AdvisoryID, "ALAS2", "ALAS", -1))
+			} else {
+				links[advisory.AdvisoryID] =
+					fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
+			}
 		}
 		return links
 	case config.Ubuntu:
@@ -691,6 +752,20 @@ func (v VulnInfo) VendorLinks(family string) map[string]string {
 	return links
 }
 
+// DistroAdvisories is a list of DistroAdvisory
+type DistroAdvisories []DistroAdvisory
+
+// AppendIfMissing appends if missing
+func (advs *DistroAdvisories) AppendIfMissing(adv *DistroAdvisory) bool {
+	for _, a := range *advs {
+		if a.AdvisoryID == adv.AdvisoryID {
+			return false
+		}
+	}
+	*advs = append(*advs, *adv)
+	return true
+}
+
 // DistroAdvisory has Amazon Linux, RHEL, FreeBSD Security Advisory information.
 type DistroAdvisory struct {
 	AdvisoryID  string    `json:"advisoryID"`
@@ -714,24 +789,33 @@ func (p DistroAdvisory) Format() string {
 	return strings.Join(buf, "\n")
 }
 
-// ExploitType is exploit type
-type ExploitType string
-
-const (
-	// ExploitDB : https://www.exploit-db.com/
-	ExploitDB ExploitType = "exploitdb"
-)
-
 // Exploit :
 type Exploit struct {
-	ExploitType  ExploitType `json:"exploitType"`
-	ID           string      `json:"id"`
-	URL          string      `json:"url"`
-	Description  string      `json:"description"`
-	DocumentURL  *string     `json:"documentURL,omitempty"`
-	PaperURL     *string     `json:"paperURL,omitempty"`
-	ShellCodeURL *string     `json:"shellCodeURL,omitempty"`
-	BinaryURL    *string     `json:"binaryURL,omitempty"`
+	ExploitType  exploitmodels.ExploitType `json:"exploitType"`
+	ID           string                    `json:"id"`
+	URL          string                    `json:"url"`
+	Description  string                    `json:"description"`
+	DocumentURL  *string                   `json:"documentURL,omitempty"`
+	ShellCodeURL *string                   `json:"shellCodeURL,omitempty"`
+	BinaryURL    *string                   `json:"binaryURL,omitempty"`
+}
+
+// AlertDict has target cve's JPCERT and USCERT alert data
+type AlertDict struct {
+	Ja []Alert `json:"ja"`
+	En []Alert `json:"en"`
+}
+
+// FormatSource returns which source has this alert
+func (a AlertDict) FormatSource() string {
+	s := []string{}
+	if len(a.En) != 0 {
+		s = append(s, "USCERT")
+	}
+	if len(a.Ja) != 0 {
+		s = append(s, "JPCERT")
+	}
+	return strings.Join(s, "/")
 }
 
 // Confidences is a list of Confidence
@@ -791,12 +875,21 @@ const (
 	// DebianSecurityTrackerMatchStr is a String representation of DebianSecurityTrackerMatch
 	DebianSecurityTrackerMatchStr = "DebianSecurityTrackerMatch"
 
+	// TrivyMatchStr is a String representation of Trivy
+	TrivyMatchStr = "TrivyMatch"
+
 	// ChangelogExactMatchStr is a String representation of ChangelogExactMatch
 	ChangelogExactMatchStr = "ChangelogExactMatch"
 
 	// ChangelogLenientMatchStr is a String representation of ChangelogLenientMatch
 	ChangelogLenientMatchStr = "ChangelogLenientMatch"
 
+	// GitHubMatchStr is a String representation of GitHubMatch
+	GitHubMatchStr = "GitHubMatch"
+
+	// WPVulnDBMatchStr is a String representation of WordPress VulnDB scanning
+	WPVulnDBMatchStr = "WPVulnDBMatch"
+
 	// FailedToGetChangelog is a String representation of FailedToGetChangelog
 	FailedToGetChangelog = "FailedToGetChangelog"
 
@@ -823,9 +916,18 @@ var (
 	// DebianSecurityTrackerMatch ranking how confident the CVE-ID was deteted correctly
 	DebianSecurityTrackerMatch = Confidence{100, DebianSecurityTrackerMatchStr, 0}
 
+	// TrivyMatch ranking how confident the CVE-ID was deteted correctly
+	TrivyMatch = Confidence{100, TrivyMatchStr, 0}
+
 	// ChangelogExactMatch is a ranking how confident the CVE-ID was deteted correctly
 	ChangelogExactMatch = Confidence{95, ChangelogExactMatchStr, 3}
 
 	// ChangelogLenientMatch is a ranking how confident the CVE-ID was deteted correctly
 	ChangelogLenientMatch = Confidence{50, ChangelogLenientMatchStr, 4}
+
+	// GitHubMatch is a ranking how confident the CVE-ID was deteted correctly
+	GitHubMatch = Confidence{97, GitHubMatchStr, 2}
+
+	// WPVulnDBMatch is a ranking how confident the CVE-ID was deteted correctly
+	WPVulnDBMatch = Confidence{100, WPVulnDBMatchStr, 0}
 )

models/vulninfos_test.go

@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package models
 
 import (
@@ -159,14 +143,14 @@ func TestSummaries(t *testing.T) {
 					Type:  Jvn,
 					Value: "Title JVN\nSummary JVN",
 				},
-				{
-					Type:  NvdXML,
-					Value: "Summary NVD",
-				},
 				{
 					Type:  RedHat,
 					Value: "Summary RedHat",
 				},
+				{
+					Type:  NvdXML,
+					Value: "Summary NVD",
+				},
 			},
 		},
 		// lang: en
@@ -193,14 +177,14 @@ func TestSummaries(t *testing.T) {
 				},
 			},
 			out: []CveContentStr{
-				{
-					Type:  NvdXML,
-					Value: "Summary NVD",
-				},
 				{
 					Type:  RedHat,
 					Value: "Summary RedHat",
 				},
+				{
+					Type:  NvdXML,
+					Value: "Summary NVD",
+				},
 			},
 		},
 		// lang: empty
@@ -916,15 +900,15 @@ func TestFormatMaxCvssScore(t *testing.T) {
 
 func TestSortPackageStatues(t *testing.T) {
 	var tests = []struct {
-		in  PackageStatuses
-		out PackageStatuses
+		in  PackageFixStatuses
+		out PackageFixStatuses
 	}{
 		{
-			in: PackageStatuses{
+			in: PackageFixStatuses{
 				{Name: "b"},
 				{Name: "a"},
 			},
-			out: PackageStatuses{
+			out: PackageFixStatuses{
 				{Name: "a"},
 				{Name: "b"},
 			},
@@ -940,19 +924,19 @@ func TestSortPackageStatues(t *testing.T) {
 
 func TestStorePackageStatueses(t *testing.T) {
 	var tests = []struct {
-		pkgstats PackageStatuses
-		in       PackageStatus
-		out      PackageStatuses
+		pkgstats PackageFixStatuses
+		in       PackageFixStatus
+		out      PackageFixStatuses
 	}{
 		{
-			pkgstats: PackageStatuses{
+			pkgstats: PackageFixStatuses{
 				{Name: "a"},
 				{Name: "b"},
 			},
-			in: PackageStatus{
+			in: PackageFixStatus{
 				Name: "c",
 			},
-			out: PackageStatuses{
+			out: PackageFixStatuses{
 				{Name: "a"},
 				{Name: "b"},
 				{Name: "c"},
@@ -1034,3 +1018,148 @@ func TestSortByConfiden(t *testing.T) {
 		}
 	}
 }
+
+func TestDistroAdvisories_AppendIfMissing(t *testing.T) {
+	type args struct {
+		adv *DistroAdvisory
+	}
+	tests := []struct {
+		name  string
+		advs  DistroAdvisories
+		args  args
+		want  bool
+		after DistroAdvisories
+	}{
+		{
+			name: "duplicate no append",
+			advs: DistroAdvisories{
+				DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1214",
+				}},
+			args: args{
+				adv: &DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1214",
+				},
+			},
+			want: false,
+			after: DistroAdvisories{
+				DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1214",
+				}},
+		},
+		{
+			name: "append",
+			advs: DistroAdvisories{
+				DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1214",
+				}},
+			args: args{
+				adv: &DistroAdvisory{
+					AdvisoryID: "ALASs-2019-1215",
+				},
+			},
+			want: true,
+			after: DistroAdvisories{
+				{
+					AdvisoryID: "ALASs-2019-1214",
+				},
+				{
+					AdvisoryID: "ALASs-2019-1215",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.advs.AppendIfMissing(tt.args.adv); got != tt.want {
+				t.Errorf("DistroAdvisories.AppendIfMissing() = %v, want %v", got, tt.want)
+			}
+			if !reflect.DeepEqual(tt.advs, tt.after) {
+				t.Errorf("\nexpected: %v\n  actual: %v\n", tt.after, tt.advs)
+			}
+		})
+	}
+}
+
+func TestVulnInfo_AttackVector(t *testing.T) {
+	type fields struct {
+		CveContents CveContents
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   string
+	}{
+		{
+			name: "2.0:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+		{
+			name: "2.0:A",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:A",
+		},
+		{
+			name: "2.0:L",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:L",
+		},
+
+		{
+			name: "3.0:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss3Vector: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+		{
+			name: "3.1:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			v := VulnInfo{
+				CveContents: tt.fields.CveContents,
+			}
+			if got := v.AttackVector(); got != tt.want {
+				t.Errorf("VulnInfo.AttackVector() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

models/wordpress.go

@@ -0,0 +1,71 @@
+package models
+
+// WordPressPackages has Core version, plugins and themes.
+type WordPressPackages []WpPackage
+
+// CoreVersion returns the core version of the installed WordPress
+func (w WordPressPackages) CoreVersion() string {
+	for _, p := range w {
+		if p.Type == WPCore {
+			return p.Version
+		}
+	}
+	return ""
+}
+
+// Plugins returns a slice of plugins of the installed WordPress
+func (w WordPressPackages) Plugins() (ps []WpPackage) {
+	for _, p := range w {
+		if p.Type == WPPlugin {
+			ps = append(ps, p)
+		}
+	}
+	return
+}
+
+// Themes returns a slice of themes of the installed WordPress
+func (w WordPressPackages) Themes() (ps []WpPackage) {
+	for _, p := range w {
+		if p.Type == WPTheme {
+			ps = append(ps, p)
+		}
+	}
+	return
+}
+
+// Find searches by specified name
+func (w WordPressPackages) Find(name string) (ps *WpPackage, found bool) {
+	for _, p := range w {
+		if p.Name == name {
+			return &p, true
+		}
+	}
+	return nil, false
+}
+
+const (
+	// WPCore is a type `core` in WPPackage struct
+	WPCore = "core"
+	// WPPlugin is a type `plugin` in WPPackage struct
+	WPPlugin = "plugin"
+	// WPTheme is a type `theme` in WPPackage struct
+	WPTheme = "theme"
+
+	// Inactive is a inactive status in WPPackage struct
+	Inactive = "inactive"
+)
+
+// WpPackage has a details of plugin and theme
+type WpPackage struct {
+	Name    string `json:"name,omitempty"`
+	Status  string `json:"status,omitempty"` // active, inactive or must-use
+	Update  string `json:"update,omitempty"` // available or none
+	Version string `json:"version,omitempty"`
+	Type    string `json:"type,omitempty"` // core, plugin, theme
+}
+
+// WpPackageFixStatus is used in Vulninfo.WordPress
+type WpPackageFixStatus struct {
+	Name    string `json:"name,omitempty"`
+	FixedIn string `json:"fixedIn,omitempty"`
+}

oval/alpine.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package oval
 
 import (
@@ -41,7 +24,7 @@ func NewAlpine() Alpine {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o Alpine) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}

oval/debian.go

@@ -1,23 +1,9 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package oval
 
 import (
+	"fmt"
+	"strings"
+
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
@@ -57,17 +43,28 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
 		vinfo.CveContents = cveContents
 	}
 
-	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+	// uniq(vinfo.PackNames + defPacks.binpkgStat)
 	for _, pack := range vinfo.AffectedPackages {
-		defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+		defPacks.binpkgFixstat[pack.Name] = fixStat{
+			notFixedYet: pack.NotFixedYet,
+			fixedIn:     pack.FixedIn,
+			isSrcPack:   false,
+		}
 	}
 
-	// update notFixedYet of SrcPackage
-	for binName := range defPacks.actuallyAffectedPackNames {
+	// Update package status of source packages.
+	// In the case of Debian based Linux, sometimes source package name is difined as affected package in OVAL.
+	// To display binary package name showed in apt-get, need to convert source name to binary name.
+	for binName := range defPacks.binpkgFixstat {
 		if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok {
 			for _, p := range defPacks.def.AffectedPacks {
 				if p.Name == srcPack.Name {
-					defPacks.actuallyAffectedPackNames[binName] = p.NotFixedYet
+					defPacks.binpkgFixstat[binName] = fixStat{
+						notFixedYet: p.NotFixedYet,
+						fixedIn:     p.Version,
+						isSrcPack:   true,
+						srcPackName: srcPack.Name,
+					}
 				}
 			}
 		}
@@ -93,6 +90,7 @@ func (o DebianBase) convertToModel(def *ovalmodels.Definition) *models.CveConten
 		Title:         def.Title,
 		Summary:       def.Description,
 		Cvss2Severity: def.Advisory.Severity,
+		Cvss3Severity: def.Advisory.Severity,
 		References:    refs,
 	}
 }
@@ -133,7 +131,7 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 	}
 
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
@@ -148,9 +146,9 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 	for _, defPacks := range relatedDefs.entries {
 		// Remove "linux" added above for oval search
 		// linux is not a real package name (key of affected packages in OVAL)
-		if notFixedYet, ok := defPacks.actuallyAffectedPackNames["linux"]; ok {
-			defPacks.actuallyAffectedPackNames[linuxImage] = notFixedYet
-			delete(defPacks.actuallyAffectedPackNames, "linux")
+		if notFixedYet, ok := defPacks.binpkgFixstat["linux"]; ok {
+			defPacks.binpkgFixstat[linuxImage] = notFixedYet
+			delete(defPacks.binpkgFixstat, "linux")
 			for i, p := range defPacks.def.AffectedPacks {
 				if p.Name == "linux" {
 					p.Name = linuxImage
@@ -189,61 +187,183 @@ func NewUbuntu() Ubuntu {
 
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
-	ovalKernelImageNames := []string{
-		"linux-aws",
-		"linux-azure",
-		"linux-flo",
-		"linux-gcp",
-		"linux-gke",
-		"linux-goldfish",
-		"linux-hwe",
-		"linux-hwe-edge",
-		"linux-kvm",
-		"linux-mako",
-		"linux-raspi2",
-		"linux-snapdragon",
+	switch major(r.Release) {
+	case "14":
+		kernelNamesInOval := []string{
+			"linux-aws",
+			"linux-azure",
+			"linux-lts-xenial",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-azure",
+			"linux-meta-lts-xenial",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-lts-xenial",
+			"linux",
+		}
+		return o.fillWithOval(driver, r, kernelNamesInOval)
+	case "16":
+		kernelNamesInOval := []string{
+			"linux-aws",
+			"linux-aws-hwe",
+			"linux-azure",
+			"linux-euclid",
+			"linux-flo",
+			"linux-gcp",
+			"linux-gke",
+			"linux-goldfish",
+			"linux-hwe",
+			"linux-kvm",
+			"linux-mako",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-aws-hwe",
+			"linux-meta-azure",
+			"linux-meta-gcp",
+			"linux-meta-hwe",
+			"linux-meta-kvm",
+			"linux-meta-oracle",
+			"linux-meta-raspi2",
+			"linux-meta-snapdragon",
+			"linux-oem",
+			"linux-oracle",
+			"linux-raspi2",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-gcp",
+			"linux-signed-hwe",
+			"linux-signed-oracle",
+			"linux-snapdragon",
+			"linux",
+		}
+		return o.fillWithOval(driver, r, kernelNamesInOval)
+	case "18":
+		kernelNamesInOval := []string{
+			"linux-aws",
+			"linux-aws-5.0",
+			"linux-azure",
+			"linux-gcp",
+			"linux-gcp-5.3",
+			"linux-gke-4.15",
+			"linux-gke-5.0",
+			"linux-gke-5.3",
+			"linux-hwe",
+			"linux-kvm",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-aws-5.0",
+			"linux-meta-azure",
+			"linux-meta-gcp",
+			"linux-meta-gcp-5.3",
+			"linux-meta-gke-4.15",
+			"linux-meta-gke-5.0",
+			"linux-meta-gke-5.3",
+			"linux-meta-hwe",
+			"linux-meta-kvm",
+			"linux-meta-oem",
+			"linux-meta-oem-osp1",
+			"linux-meta-oracle",
+			"linux-meta-oracle-5.0",
+			"linux-meta-oracle-5.3",
+			"linux-meta-raspi2",
+			"linux-meta-raspi2-5.3",
+			"linux-meta-snapdragon",
+			"linux-oem",
+			"linux-oem-osp1",
+			"linux-oracle",
+			"linux-oracle-5.0",
+			"linux-oracle-5.3",
+			"linux-raspi2",
+			"linux-raspi2-5.3",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-gcp",
+			"linux-signed-gcp-5.3",
+			"linux-signed-gke-4.15",
+			"linux-signed-gke-5.0",
+			"linux-signed-gke-5.3",
+			"linux-signed-hwe",
+			"linux-signed-oem",
+			"linux-signed-oem-osp1",
+			"linux-signed-oracle",
+			"linux-signed-oracle-5.0",
+			"linux-signed-oracle-5.3",
+			"linux-snapdragon",
+			"linux",
+		}
+		return o.fillWithOval(driver, r, kernelNamesInOval)
 	}
-	linuxImage := "linux-image-" + r.RunningKernel.Release
+	return 0, fmt.Errorf("Ubuntu %s is not support for now", r.Release)
+}
+
+func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOval []string) (nCVEs int, err error) {
+	linuxImage := "linux-image-" + r.RunningKernel.Release
+	runningKernelVersion := ""
+	kernelPkgInOVAL := ""
+	isOVALKernelPkgAdded := false
+	unusedKernels := []models.Package{}
+	copiedSourcePkgs := models.SrcPackages{}
 
-	found := false
 	if r.Container.ContainerID == "" {
-		for _, n := range ovalKernelImageNames {
-			if _, ok := r.Packages[n]; ok {
-				v, ok := r.Packages[linuxImage]
-				if ok {
-					// Set running kernel version
-					p := r.Packages[n]
-					p.Version = v.Version
-					p.NewVersion = v.NewVersion
-					r.Packages[n] = p
-				} else {
-					util.Log.Warnf("Running kernel image %s is not found: %s",
-						linuxImage, r.RunningKernel.Version)
-				}
-				found = true
+		if v, ok := r.Packages[linuxImage]; ok {
+			runningKernelVersion = v.Version
+		} else {
+			util.Log.Warnf("Unable to detect vulns of running kernel because the version of the runnning kernel is unknown. server: %s",
+				r.ServerName)
+		}
+
+		for _, n := range kernelNamesInOval {
+			if p, ok := r.Packages[n]; ok {
+				kernelPkgInOVAL = p.Name
 				break
 			}
 		}
 
-		if !found {
-			// linux-generic is described as "linux" in Ubuntu's oval.
-			// Add "linux" and set the version of running kernel to search OVAL.
-			v, ok := r.Packages[linuxImage]
-			if ok {
-				r.Packages["linux"] = models.Package{
-					Name:       "linux",
-					Version:    v.Version,
-					NewVersion: v.NewVersion,
+		// remove unused kernels from packages to prevent detecting vulns of unused kernel
+		for _, n := range kernelNamesInOval {
+			if v, ok := r.Packages[n]; ok {
+				unusedKernels = append(unusedKernels, v)
+				delete(r.Packages, n)
+			}
+		}
+
+		// Remove linux-* in order to detect only vulnerabilities in the running kernel.
+		for n := range r.Packages {
+			if n != kernelPkgInOVAL && strings.HasPrefix(n, "linux-") {
+				unusedKernels = append(unusedKernels, r.Packages[n])
+				delete(r.Packages, n)
+			}
+		}
+		for srcPackName, srcPack := range r.SrcPackages {
+			copiedSourcePkgs[srcPackName] = srcPack
+			targetBianryNames := []string{}
+			for _, n := range srcPack.BinaryNames {
+				if n == kernelPkgInOVAL || !strings.HasPrefix(n, "linux-") {
+					targetBianryNames = append(targetBianryNames, n)
 				}
-			} else {
-				util.Log.Warnf("%s is not found. Running: %s",
-					linuxImage, r.RunningKernel.Release)
+			}
+			srcPack.BinaryNames = targetBianryNames
+			r.SrcPackages[srcPackName] = srcPack
+		}
+
+		if kernelPkgInOVAL == "" {
+			util.Log.Warnf("The OVAL name of the running kernel image %+v is not found. So vulns of `linux` wll be detected. server: %s",
+				r.RunningKernel, r.ServerName)
+			kernelPkgInOVAL = "linux"
+			isOVALKernelPkgAdded = true
+		}
+
+		if runningKernelVersion != "" {
+			r.Packages[kernelPkgInOVAL] = models.Package{
+				Name:    kernelPkgInOVAL,
+				Version: runningKernelVersion,
 			}
 		}
 	}
 
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
@@ -253,24 +373,27 @@ func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 		}
 	}
 
-	if !found {
-		delete(r.Packages, "linux")
+	if isOVALKernelPkgAdded {
+		delete(r.Packages, kernelPkgInOVAL)
 	}
+	for _, p := range unusedKernels {
+		r.Packages[p.Name] = p
+	}
+	r.SrcPackages = copiedSourcePkgs
 
 	for _, defPacks := range relatedDefs.entries {
-		// Remove "linux" added above to search for oval
+		// Remove "linux" added above for searching oval
 		// "linux" is not a real package name (key of affected packages in OVAL)
-		if _, ok := defPacks.actuallyAffectedPackNames["linux"]; !found && ok {
-			defPacks.actuallyAffectedPackNames[linuxImage] = true
-			delete(defPacks.actuallyAffectedPackNames, "linux")
+		if nfy, ok := defPacks.binpkgFixstat[kernelPkgInOVAL]; isOVALKernelPkgAdded && ok {
+			defPacks.binpkgFixstat[linuxImage] = nfy
+			delete(defPacks.binpkgFixstat, kernelPkgInOVAL)
 			for i, p := range defPacks.def.AffectedPacks {
-				if p.Name == "linux" {
+				if p.Name == kernelPkgInOVAL {
 					p.Name = linuxImage
 					defPacks.def.AffectedPacks[i] = p
 				}
 			}
 		}
-
 		o.update(r, defPacks)
 	}
 

oval/debian_test.go

@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package oval
 
 import (
@@ -36,7 +20,7 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 			in: models.ScanResult{
 				ScannedCves: models.VulnInfos{
 					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{
+						AffectedPackages: models.PackageFixStatuses{
 							{Name: "packA"},
 							{Name: "packC"},
 						},
@@ -49,16 +33,19 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 						CveID: "CVE-2000-1000",
 					},
 				},
-				actuallyAffectedPackNames: map[string]bool{
-					"packB": true,
+				binpkgFixstat: map[string]fixStat{
+					"packB": {
+						notFixedYet: true,
+						fixedIn:     "1.0.0",
+					},
 				},
 			},
 			out: models.ScanResult{
 				ScannedCves: models.VulnInfos{
 					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{
+						AffectedPackages: models.PackageFixStatuses{
 							{Name: "packA"},
-							{Name: "packB", NotFixedYet: true},
+							{Name: "packB", NotFixedYet: true, FixedIn: "1.0.0"},
 							{Name: "packC"},
 						},
 					},
@@ -73,7 +60,7 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 		e := tt.out.ScannedCves["CVE-2000-1000"].AffectedPackages
 		a := tt.in.ScannedCves["CVE-2000-1000"].AffectedPackages
 		if !reflect.DeepEqual(a, e) {
-			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
+			t.Errorf("[%d] expected: %#v\n  actual: %#v\n", i, e, a)
 		}
 	}
 }

oval/oval.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package oval
 
 import (
@@ -28,6 +11,7 @@ import (
 	"github.com/future-architect/vuls/util"
 	"github.com/kotakanbe/goval-dictionary/db"
 	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )
 
 // Client is the interface of OVAL client.
@@ -38,7 +22,6 @@ type Client interface {
 	// CheckIfOvalFetched checks if oval entries are in DB by family, release.
 	CheckIfOvalFetched(db.DB, string, string) (bool, error)
 	CheckIfOvalFresh(db.DB, string, string) (bool, error)
-	IsFetchViaHTTP() bool
 }
 
 // Base is a base struct
@@ -48,7 +31,7 @@ type Base struct {
 
 // CheckHTTPHealth do health check
 func (b Base) CheckHTTPHealth() error {
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		return nil
 	}
 
@@ -59,7 +42,7 @@ func (b Base) CheckHTTPHealth() error {
 	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
 	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return fmt.Errorf("Failed to request to OVAL server. url: %s, errs: %v",
+		return xerrors.Errorf("Failed to request to OVAL server. url: %s, errs: %w",
 			url, errs)
 	}
 	return nil
@@ -67,11 +50,10 @@ func (b Base) CheckHTTPHealth() error {
 
 // CheckIfOvalFetched checks if oval entries are in DB by family, release.
 func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetched bool, err error) {
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		count, err := driver.CountDefs(osFamily, release)
 		if err != nil {
-			return false, fmt.Errorf("Failed to count OVAL defs: %s, %s, %v",
-				osFamily, release, err)
+			return false, xerrors.Errorf("Failed to count OVAL defs: %s, %s, %w", osFamily, release, err)
 		}
 		return 0 < count, nil
 	}
@@ -79,13 +61,11 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche
 	url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "count", osFamily, release)
 	resp, body, errs := gorequest.New().Get(url).End()
 	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return false, fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
-			errs, url, resp)
+		return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
 	}
 	count := 0
 	if err := json.Unmarshal([]byte(body), &count); err != nil {
-		return false, fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
-			body, err)
+		return false, xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
 	}
 	return 0 < count, nil
 }
@@ -93,19 +73,17 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche
 // CheckIfOvalFresh checks if oval entries are fresh enough
 func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool, err error) {
 	var lastModified time.Time
-	if !b.IsFetchViaHTTP() {
+	if !cnf.Conf.OvalDict.IsFetchViaHTTP() {
 		lastModified = driver.GetLastModified(osFamily, release)
 	} else {
 		url, _ := util.URLPathJoin(cnf.Conf.OvalDict.URL, "lastmodified", osFamily, release)
 		resp, body, errs := gorequest.New().Get(url).End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			return false, fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
-				errs, url, resp)
+			return false, xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
 		}
 
 		if err := json.Unmarshal([]byte(body), &lastModified); err != nil {
-			return false, fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
-				body, err)
+			return false, xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
 		}
 	}
 
@@ -119,9 +97,3 @@ func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool,
 	util.Log.Infof("OVAL is fresh: %s %s ", osFamily, release)
 	return true, nil
 }
-
-// IsFetchViaHTTP checks whether fetch via HTTP
-func (b Base) IsFetchViaHTTP() bool {
-	// Default value of OvalDBType is sqlite3
-	return cnf.Conf.OvalDict.URL != "" && cnf.Conf.OvalDict.Type == "sqlite3"
-}

oval/redhat.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package oval
 
 import (
@@ -37,7 +20,7 @@ type RedHatBase struct {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o RedHatBase) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
@@ -119,7 +102,6 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)
 				if v.LastModified.After(ovalContent.LastModified) {
 					util.Log.Debugf("%s, OvalID: %d ignroed: ",
 						cve.CveID, defPacks.def.ID)
-					continue
 				} else {
 					util.Log.Debugf("%s OVAL will be overwritten", cve.CveID)
 				}
@@ -133,12 +115,21 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)
 			vinfo.CveContents = cveContents
 		}
 
+		vinfo.DistroAdvisories.AppendIfMissing(
+			o.convertToDistroAdvisory(&defPacks.def))
+
 		// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
 		for _, pack := range vinfo.AffectedPackages {
-			if nfy, ok := defPacks.actuallyAffectedPackNames[pack.Name]; !ok {
-				defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
-			} else if nfy {
-				defPacks.actuallyAffectedPackNames[pack.Name] = true
+			if stat, ok := defPacks.binpkgFixstat[pack.Name]; !ok {
+				defPacks.binpkgFixstat[pack.Name] = fixStat{
+					notFixedYet: pack.NotFixedYet,
+					fixedIn:     pack.FixedIn,
+				}
+			} else if stat.notFixedYet {
+				defPacks.binpkgFixstat[pack.Name] = fixStat{
+					notFixedYet: true,
+					fixedIn:     pack.FixedIn,
+				}
 			}
 		}
 		vinfo.AffectedPackages = defPacks.toPackStatuses()
@@ -148,6 +139,21 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)
 	return
 }
 
+func (o RedHatBase) convertToDistroAdvisory(def *ovalmodels.Definition) *models.DistroAdvisory {
+	advisoryID := def.Title
+	if (o.family == config.RedHat || o.family == config.CentOS) && len(advisoryID) > 0 {
+		ss := strings.Fields(def.Title)
+		advisoryID = strings.TrimSuffix(ss[0], ":")
+	}
+	return &models.DistroAdvisory{
+		AdvisoryID:  advisoryID,
+		Severity:    def.Advisory.Severity,
+		Issued:      def.Advisory.Issued,
+		Updated:     def.Advisory.Updated,
+		Description: def.Description,
+	}
+}
+
 func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *models.CveContent {
 	for _, cve := range def.Advisory.Cves {
 		if cve.CveID != cveID {
@@ -171,10 +177,10 @@ func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *mo
 		}
 
 		sev2, sev3 := "", ""
-		if score2 != 0 {
+		if score2 == 0 {
 			sev2 = severity
 		}
-		if score3 != 0 {
+		if score3 == 0 {
 			sev3 = severity
 		}
 
@@ -219,12 +225,17 @@ func (o RedHatBase) parseCvss2(scoreVector string) (score float64, vector string
 // 5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
 func (o RedHatBase) parseCvss3(scoreVector string) (score float64, vector string) {
 	var err error
-	ss := strings.Split(scoreVector, "/CVSS:3.0/")
-	if 1 < len(ss) {
-		if score, err = strconv.ParseFloat(ss[0], 64); err != nil {
-			return 0, ""
+	for _, s := range []string{
+		"/CVSS:3.0/",
+		"/CVSS:3.1/",
+	} {
+		ss := strings.Split(scoreVector, s)
+		if 1 < len(ss) {
+			if score, err = strconv.ParseFloat(ss[0], 64); err != nil {
+				return 0, ""
+			}
+			return score, strings.TrimPrefix(s, "/") + ss[1]
 		}
-		return score, fmt.Sprintf("CVSS:3.0/%s", ss[1])
 	}
 	return 0, ""
 }
@@ -276,3 +287,20 @@ func NewOracle() Oracle {
 		},
 	}
 }
+
+// Amazon is the interface for RedhatBase OVAL
+type Amazon struct {
+	// Base
+	RedHatBase
+}
+
+// NewAmazon creates OVAL client for Amazon Linux
+func NewAmazon() Amazon {
+	return Amazon{
+		RedHatBase{
+			Base{
+				family: config.Amazon,
+			},
+		},
+	}
+}

oval/redhat_test.go

@@ -1,19 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
 package oval
 
 import (
@@ -75,6 +59,13 @@ func TestParseCvss3(t *testing.T) {
 				vector: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 			},
 		},
+		{
+			in: "6.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+			out: out{
+				score:  6.1,
+				vector: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+			},
+		},
 		{
 			in: "",
 			out: out{
@@ -102,7 +93,7 @@ func TestPackNamesOfUpdate(t *testing.T) {
 			in: models.ScanResult{
 				ScannedCves: models.VulnInfos{
 					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{
+						AffectedPackages: models.PackageFixStatuses{
 							{Name: "packA"},
 							{Name: "packB", NotFixedYet: false},
 						},
@@ -119,14 +110,17 @@ func TestPackNamesOfUpdate(t *testing.T) {
 						},
 					},
 				},
-				actuallyAffectedPackNames: map[string]bool{
-					"packB": true,
+				binpkgFixstat: map[string]fixStat{
+					"packB": {
+						notFixedYet: true,
+						fixedIn:     "1.0.0",
+					},
 				},
 			},
 			out: models.ScanResult{
 				ScannedCves: models.VulnInfos{
 					"CVE-2000-1000": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{
+						AffectedPackages: models.PackageFixStatuses{
 							{Name: "packA"},
 							{Name: "packB", NotFixedYet: true},
 						},

oval/suse.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package oval
 
 import (
@@ -43,7 +26,7 @@ func NewSUSE() SUSE {
 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o SUSE) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var relatedDefs ovalResult
-	if o.IsFetchViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return 0, err
 		}
@@ -92,7 +75,10 @@ func (o SUSE) update(r *models.ScanResult, defPacks defPacks) {
 
 	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
 	for _, pack := range vinfo.AffectedPackages {
-		defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+		defPacks.binpkgFixstat[pack.Name] = fixStat{
+			notFixedYet: pack.NotFixedYet,
+			fixedIn:     pack.FixedIn,
+		}
 	}
 	vinfo.AffectedPackages = defPacks.toPackStatuses()
 	vinfo.AffectedPackages.Sort()

oval/util.go

@@ -1,25 +1,7 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package oval
 
 import (
 	"encoding/json"
-	"fmt"
 	"net/http"
 	"regexp"
 	"strings"
@@ -29,11 +11,13 @@ import (
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
+	apkver "github.com/knqyf263/go-apk-version"
 	debver "github.com/knqyf263/go-deb-version"
 	rpmver "github.com/knqyf263/go-rpm-version"
 	"github.com/kotakanbe/goval-dictionary/db"
 	ovalmodels "github.com/kotakanbe/goval-dictionary/models"
 	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 )
 
 type ovalResult struct {
@@ -44,32 +28,42 @@ type defPacks struct {
 	def ovalmodels.Definition
 
 	// BinaryPackageName : NotFixedYet
-	actuallyAffectedPackNames map[string]bool
+	binpkgFixstat map[string]fixStat
 }
 
-func (e defPacks) toPackStatuses() (ps models.PackageStatuses) {
-	for name, notFixedYet := range e.actuallyAffectedPackNames {
-		ps = append(ps, models.PackageStatus{
+type fixStat struct {
+	notFixedYet bool
+	fixedIn     string
+	isSrcPack   bool
+	srcPackName string
+}
+
+func (e defPacks) toPackStatuses() (ps models.PackageFixStatuses) {
+	for name, stat := range e.binpkgFixstat {
+		ps = append(ps, models.PackageFixStatus{
 			Name:        name,
-			NotFixedYet: notFixedYet,
+			NotFixedYet: stat.notFixedYet,
+			FixedIn:     stat.fixedIn,
 		})
 	}
 	return
 }
 
-func (e *ovalResult) upsert(def ovalmodels.Definition, packName string, notFixedYet bool) (upserted bool) {
+func (e *ovalResult) upsert(def ovalmodels.Definition, packName string, fstat fixStat) (upserted bool) {
 	// alpine's entry is empty since Alpine secdb is not OVAL format
 	if def.DefinitionID != "" {
 		for i, entry := range e.entries {
 			if entry.def.DefinitionID == def.DefinitionID {
-				e.entries[i].actuallyAffectedPackNames[packName] = notFixedYet
+				e.entries[i].binpkgFixstat[packName] = fstat
 				return true
 			}
 		}
 	}
 	e.entries = append(e.entries, defPacks{
-		def:                       def,
-		actuallyAffectedPackNames: map[string]bool{packName: notFixedYet},
+		def: def,
+		binpkgFixstat: map[string]fixStat{
+			packName: fstat,
+		},
 	})
 
 	return false
@@ -78,7 +72,8 @@ func (e *ovalResult) upsert(def ovalmodels.Definition, packName string, notFixed
 type request struct {
 	packName          string
 	versionRelease    string
-	NewVersionRelease string
+	newVersionRelease string
+	arch              string
 	binaryPackNames   []string
 	isSrcPack         bool
 }
@@ -105,8 +100,9 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult) (
 			reqChan <- request{
 				packName:          pack.Name,
 				versionRelease:    pack.FormatVer(),
-				NewVersionRelease: pack.FormatVer(),
+				newVersionRelease: pack.FormatVer(),
 				isSrcPack:         false,
+				arch:              pack.Arch,
 			}
 		}
 		for _, pack := range r.SrcPackages {
@@ -115,6 +111,7 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult) (
 				binaryPackNames: pack.BinaryNames,
 				versionRelease:  pack.Version,
 				isSrcPack:       true,
+				// arch:            pack.Arch,
 			}
 		}
 	}()
@@ -148,27 +145,37 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult) (
 		select {
 		case res := <-resChan:
 			for _, def := range res.defs {
-				affected, notFixedYet := isOvalDefAffected(def, res.request, r.Family, r.RunningKernel)
+				affected, notFixedYet, fixedIn := isOvalDefAffected(def, res.request, r.Family, r.RunningKernel)
 				if !affected {
 					continue
 				}
 
 				if res.request.isSrcPack {
 					for _, n := range res.request.binaryPackNames {
-						relatedDefs.upsert(def, n, false)
+						fs := fixStat{
+							srcPackName: res.request.packName,
+							isSrcPack:   true,
+							notFixedYet: notFixedYet,
+							fixedIn:     fixedIn,
+						}
+						relatedDefs.upsert(def, n, fs)
 					}
 				} else {
-					relatedDefs.upsert(def, res.request.packName, notFixedYet)
+					fs := fixStat{
+						notFixedYet: notFixedYet,
+						fixedIn:     fixedIn,
+					}
+					relatedDefs.upsert(def, res.request.packName, fs)
 				}
 			}
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return relatedDefs, fmt.Errorf("Timeout Fetching OVAL")
+			return relatedDefs, xerrors.New("Timeout Fetching OVAL")
 		}
 	}
 	if len(errs) != 0 {
-		return relatedDefs, fmt.Errorf("Failed to fetch OVAL. err: %v", errs)
+		return relatedDefs, xerrors.Errorf("Failed to fetch OVAL. err: %w", errs)
 	}
 	return
 }
@@ -186,8 +193,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 			if count == retryMax {
 				return nil
 			}
-			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
-				errs, url, resp)
+			return xerrors.Errorf("HTTP GET error, url: %s, resp: %v, err: %w", url, resp, errs)
 		}
 		return nil
 	}
@@ -196,18 +202,17 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
-		errChan <- fmt.Errorf("HTTP Error %s", err)
+		errChan <- xerrors.Errorf("HTTP Error %w", err)
 		return
 	}
 	if count == retryMax {
-		errChan <- fmt.Errorf("HRetry count exceeded")
+		errChan <- xerrors.New("HRetry count exceeded")
 		return
 	}
 
 	defs := []ovalmodels.Definition{}
 	if err := json.Unmarshal([]byte(body), &defs); err != nil {
-		errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
-			body, err)
+		errChan <- xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
 		return
 	}
 	resChan <- response{
@@ -222,7 +227,8 @@ func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDef
 		requests = append(requests, request{
 			packName:          pack.Name,
 			versionRelease:    pack.FormatVer(),
-			NewVersionRelease: pack.FormatNewVer(),
+			newVersionRelease: pack.FormatNewVer(),
+			arch:              pack.Arch,
 			isSrcPack:         false,
 		})
 	}
@@ -231,27 +237,38 @@ func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDef
 			packName:        pack.Name,
 			binaryPackNames: pack.BinaryNames,
 			versionRelease:  pack.Version,
+			arch:            pack.Arch,
 			isSrcPack:       true,
 		})
 	}
 
 	for _, req := range requests {
-		definitions, err := driver.GetByPackName(r.Release, req.packName)
+		definitions, err := driver.GetByPackName(r.Family, r.Release, req.packName, req.arch)
 		if err != nil {
-			return relatedDefs, fmt.Errorf("Failed to get %s OVAL info by package: %#v, err: %s", r.Family, req, err)
+			return relatedDefs, xerrors.Errorf("Failed to get %s OVAL info by package: %#v, err: %w", r.Family, req, err)
 		}
 		for _, def := range definitions {
-			affected, notFixedYet := isOvalDefAffected(def, req, r.Family, r.RunningKernel)
+			affected, notFixedYet, fixedIn := isOvalDefAffected(def, req, r.Family, r.RunningKernel)
 			if !affected {
 				continue
 			}
 
 			if req.isSrcPack {
-				for _, n := range req.binaryPackNames {
-					relatedDefs.upsert(def, n, false)
+				for _, binName := range req.binaryPackNames {
+					fs := fixStat{
+						notFixedYet: false,
+						isSrcPack:   true,
+						fixedIn:     fixedIn,
+						srcPackName: req.packName,
+					}
+					relatedDefs.upsert(def, binName, fs)
 				}
 			} else {
-				relatedDefs.upsert(def, req.packName, notFixedYet)
+				fs := fixStat{
+					notFixedYet: notFixedYet,
+					fixedIn:     fixedIn,
+				}
+				relatedDefs.upsert(def, req.packName, fs)
 			}
 		}
 	}
@@ -269,7 +286,7 @@ func major(version string) string {
 	return ver[0:strings.Index(ver, ".")]
 }
 
-func isOvalDefAffected(def ovalmodels.Definition, req request, family string, running models.Kernel) (affected, notFixedYet bool) {
+func isOvalDefAffected(def ovalmodels.Definition, req request, family string, running models.Kernel) (affected, notFixedYet bool, fixedIn string) {
 	for _, ovalPack := range def.AffectedPacks {
 		if req.packName != ovalPack.Name {
 			continue
@@ -288,66 +305,100 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family string, ru
 		}
 
 		if ovalPack.NotFixedYet {
-			return true, true
+			return true, true, ovalPack.Version
 		}
 
+		// Compare between the installed version vs the version in OVAL
 		less, err := lessThan(family, req.versionRelease, ovalPack)
 		if err != nil {
 			util.Log.Debugf("Failed to parse versions: %s, Ver: %#v, OVAL: %#v, DefID: %s",
 				err, req.versionRelease, ovalPack, def.DefinitionID)
-			return false, false
+			return false, false, ovalPack.Version
 		}
-
 		if less {
 			if req.isSrcPack {
-				// Unable to judge whether fixed or not fixed of src package(Ubuntu, Debian)
-				return true, false
+				// Unable to judge whether fixed or not-fixed of src package(Ubuntu, Debian)
+				return true, false, ovalPack.Version
 			}
 
+			// If the version of installed is less than in OVAL
+			switch family {
+			case config.RedHat,
+				config.Amazon,
+				config.SUSEEnterpriseServer,
+				config.Debian,
+				config.Ubuntu:
+				// Use fixed state in OVAL for these distros.
+				return true, false, ovalPack.Version
+			}
+
+			// But CentOS can't judge whether fixed or unfixed.
+			// Because fixed state in RHEL's OVAL is different.
+			// So, it have to be judged version comparison.
+
 			// `offline` or `fast` scan mode can't get a updatable version.
 			// In these mode, the blow field was set empty.
 			// Vuls can not judge fixed or unfixed.
-			if req.NewVersionRelease == "" {
-				return true, false
+			if req.newVersionRelease == "" {
+				return true, false, ovalPack.Version
 			}
 
 			// compare version: newVer vs oval
-			less, err := lessThan(family, req.NewVersionRelease, ovalPack)
+			less, err := lessThan(family, req.newVersionRelease, ovalPack)
 			if err != nil {
 				util.Log.Debugf("Failed to parse versions: %s, NewVer: %#v, OVAL: %#v, DefID: %s",
-					err, req.NewVersionRelease, ovalPack, def.DefinitionID)
-				return false, false
+					err, req.newVersionRelease, ovalPack, def.DefinitionID)
+				return false, false, ovalPack.Version
 			}
-			return true, less
+			return true, less, ovalPack.Version
 		}
 	}
-	return false, false
+	return false, false, ""
 }
 
-func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, error) {
+var centosVerPattern = regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`)
+var esVerPattern = regexp.MustCompile(`\.el(\d+)(?:_\d+)?`)
+
+func lessThan(family, newVer string, packInOVAL ovalmodels.Package) (bool, error) {
 	switch family {
-	case config.Debian, config.Ubuntu:
-		vera, err := debver.NewVersion(versionRelease)
+	case config.Debian,
+		config.Ubuntu:
+		vera, err := debver.NewVersion(newVer)
 		if err != nil {
 			return false, err
 		}
-		verb, err := debver.NewVersion(packB.Version)
+		verb, err := debver.NewVersion(packInOVAL.Version)
 		if err != nil {
 			return false, err
 		}
 		return vera.LessThan(verb), nil
-	case config.Oracle, config.SUSEEnterpriseServer, config.Alpine:
-		vera := rpmver.NewVersion(versionRelease)
-		verb := rpmver.NewVersion(packB.Version)
+
+	case config.Alpine:
+		vera, err := apkver.NewVersion(newVer)
+		if err != nil {
+			return false, err
+		}
+		verb, err := apkver.NewVersion(packInOVAL.Version)
+		if err != nil {
+			return false, err
+		}
 		return vera.LessThan(verb), nil
-	case config.RedHat, config.CentOS: // TODO: Suport config.Scientific
-		rea := regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`)
-		reb := regexp.MustCompile(`\.el(\d+)(?:_\d+)?`)
-		vera := rpmver.NewVersion(rea.ReplaceAllString(versionRelease, ".el$1"))
-		verb := rpmver.NewVersion(reb.ReplaceAllString(packB.Version, ".el$1"))
+
+	case config.Oracle,
+		config.SUSEEnterpriseServer,
+		config.Amazon:
+		vera := rpmver.NewVersion(newVer)
+		verb := rpmver.NewVersion(packInOVAL.Version)
 		return vera.LessThan(verb), nil
+
+	case config.RedHat,
+		config.CentOS:
+		vera := rpmver.NewVersion(centosVerPattern.ReplaceAllString(newVer, ".el$1"))
+		verb := rpmver.NewVersion(esVerPattern.ReplaceAllString(packInOVAL.Version, ".el$1"))
+		return vera.LessThan(verb), nil
+
 	default:
 		util.Log.Errorf("Not implemented yet: %s", family)
 	}
-	return false, fmt.Errorf("Package version comparison not supported: %s", family)
+	return false, xerrors.Errorf("Package version comparison not supported: %s", family)
 }

oval/util_test.go

@@ -12,12 +12,12 @@ import (
 
 func TestUpsert(t *testing.T) {
 	var tests = []struct {
-		res         ovalResult
-		def         ovalmodels.Definition
-		packName    string
-		notFixedYet bool
-		upserted    bool
-		out         ovalResult
+		res      ovalResult
+		def      ovalmodels.Definition
+		packName string
+		fixStat  fixStat
+		upserted bool
+		out      ovalResult
 	}{
 		//insert
 		{
@@ -25,17 +25,23 @@ func TestUpsert(t *testing.T) {
 			def: ovalmodels.Definition{
 				DefinitionID: "1111",
 			},
-			packName:    "pack1",
-			notFixedYet: true,
-			upserted:    false,
+			packName: "pack1",
+			fixStat: fixStat{
+				notFixedYet: true,
+				fixedIn:     "1.0.0",
+			},
+			upserted: false,
 			out: ovalResult{
 				[]defPacks{
 					{
 						def: ovalmodels.Definition{
 							DefinitionID: "1111",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack1": true,
+						binpkgFixstat: map[string]fixStat{
+							"pack1": {
+								notFixedYet: true,
+								fixedIn:     "1.0.0",
+							},
 						},
 					},
 				},
@@ -49,16 +55,22 @@ func TestUpsert(t *testing.T) {
 						def: ovalmodels.Definition{
 							DefinitionID: "1111",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack1": true,
+						binpkgFixstat: map[string]fixStat{
+							"pack1": {
+								notFixedYet: true,
+								fixedIn:     "1.0.0",
+							},
 						},
 					},
 					{
 						def: ovalmodels.Definition{
 							DefinitionID: "2222",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack3": true,
+						binpkgFixstat: map[string]fixStat{
+							"pack3": {
+								notFixedYet: true,
+								fixedIn:     "2.0.0",
+							},
 						},
 					},
 				},
@@ -66,26 +78,38 @@ func TestUpsert(t *testing.T) {
 			def: ovalmodels.Definition{
 				DefinitionID: "1111",
 			},
-			packName:    "pack2",
-			notFixedYet: false,
-			upserted:    true,
+			packName: "pack2",
+			fixStat: fixStat{
+				notFixedYet: false,
+				fixedIn:     "3.0.0",
+			},
+			upserted: true,
 			out: ovalResult{
 				[]defPacks{
 					{
 						def: ovalmodels.Definition{
 							DefinitionID: "1111",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack1": true,
-							"pack2": false,
+						binpkgFixstat: map[string]fixStat{
+							"pack1": {
+								notFixedYet: true,
+								fixedIn:     "1.0.0",
+							},
+							"pack2": {
+								notFixedYet: false,
+								fixedIn:     "3.0.0",
+							},
 						},
 					},
 					{
 						def: ovalmodels.Definition{
 							DefinitionID: "2222",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack3": true,
+						binpkgFixstat: map[string]fixStat{
+							"pack3": {
+								notFixedYet: true,
+								fixedIn:     "2.0.0",
+							},
 						},
 					},
 				},
@@ -93,7 +117,7 @@ func TestUpsert(t *testing.T) {
 		},
 	}
 	for i, tt := range tests {
-		upserted := tt.res.upsert(tt.def, tt.packName, tt.notFixedYet)
+		upserted := tt.res.upsert(tt.def, tt.packName, tt.fixStat)
 		if tt.upserted != upserted {
 			t.Errorf("[%d]\nexpected: %t\n  actual: %t\n", i, tt.upserted, upserted)
 		}
@@ -110,7 +134,7 @@ func TestDefpacksToPackStatuses(t *testing.T) {
 	}
 	var tests = []struct {
 		in  in
-		out models.PackageStatuses
+		out models.PackageFixStatuses
 	}{
 		// Ubuntu
 		{
@@ -121,32 +145,40 @@ func TestDefpacksToPackStatuses(t *testing.T) {
 							{
 								Name:        "a",
 								NotFixedYet: true,
+								Version:     "1.0.0",
 							},
 							{
 								Name:        "b",
 								NotFixedYet: false,
+								Version:     "2.0.0",
 							},
 						},
 					},
-					actuallyAffectedPackNames: map[string]bool{
-						"a": true,
-						"b": true,
-						"c": true,
+					binpkgFixstat: map[string]fixStat{
+						"a": {
+							notFixedYet: true,
+							fixedIn:     "1.0.0",
+							isSrcPack:   false,
+						},
+						"b": {
+							notFixedYet: true,
+							fixedIn:     "1.0.0",
+							isSrcPack:   true,
+							srcPackName: "lib-b",
+						},
 					},
 				},
 			},
-			out: models.PackageStatuses{
+			out: models.PackageFixStatuses{
 				{
 					Name:        "a",
 					NotFixedYet: true,
+					FixedIn:     "1.0.0",
 				},
 				{
 					Name:        "b",
 					NotFixedYet: true,
-				},
-				{
-					Name:        "c",
-					NotFixedYet: true,
+					FixedIn:     "1.0.0",
 				},
 			},
 		},
@@ -173,6 +205,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 		in          in
 		affected    bool
 		notFixedYet bool
+		fixedIn     string
 	}{
 		// 0. Ubuntu ovalpack.NotFixedYet == true
 		{
@@ -187,6 +220,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 						{
 							Name:        "b",
 							NotFixedYet: true,
+							Version:     "1.0.0",
 						},
 					},
 				},
@@ -196,6 +230,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: true,
+			fixedIn:     "1.0.0",
 		},
 		// 1. Ubuntu
 		//   ovalpack.NotFixedYet == false
@@ -226,6 +261,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "1.0.0-1",
 		},
 		// 2. Ubuntu
 		//   ovalpack.NotFixedYet == false
@@ -281,11 +317,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "1.0.0-0",
-					NewVersionRelease: "1.0.0-2",
+					newVersionRelease: "1.0.0-2",
 				},
 			},
 			affected:    true,
-			notFixedYet: true,
+			fixedIn:     "1.0.0-3",
+			notFixedYet: false,
 		},
 		// 4. Ubuntu
 		//   ovalpack.NotFixedYet == false
@@ -313,11 +350,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "1.0.0-0",
-					NewVersionRelease: "1.0.0-3",
+					newVersionRelease: "1.0.0-3",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "1.0.0-2",
 		},
 		// 5 RedHat
 		{
@@ -340,11 +378,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6_7.7",
-					NewVersionRelease: "",
+					newVersionRelease: "",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 6 RedHat
 		{
@@ -367,11 +406,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6_7.6",
-					NewVersionRelease: "0:1.2.3-45.el6_7.7",
+					newVersionRelease: "0:1.2.3-45.el6_7.7",
 				},
 			},
 			affected:    true,
-			notFixedYet: true,
+			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 7 RedHat
 		{
@@ -446,11 +486,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6_7.6",
-					NewVersionRelease: "0:1.2.3-45.el6_7.7",
+					newVersionRelease: "0:1.2.3-45.el6_7.7",
 				},
 			},
 			affected:    true,
-			notFixedYet: true,
+			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 10 RedHat
 		{
@@ -473,11 +514,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6_7.6",
-					NewVersionRelease: "0:1.2.3-45.el6_7.8",
+					newVersionRelease: "0:1.2.3-45.el6_7.8",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 11 RedHat
 		{
@@ -499,11 +541,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6_7.6",
-					NewVersionRelease: "0:1.2.3-45.el6_7.9",
+					newVersionRelease: "0:1.2.3-45.el6_7.9",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 12 RedHat
 		{
@@ -578,11 +621,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6.centos.7",
-					NewVersionRelease: "",
+					newVersionRelease: "",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 15
 		{
@@ -657,11 +701,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6.centos.6",
-					NewVersionRelease: "0:1.2.3-45.el6.centos.7",
+					newVersionRelease: "0:1.2.3-45.el6.centos.7",
 				},
 			},
 			affected:    true,
 			notFixedYet: true,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 18
 		{
@@ -684,11 +729,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6.centos.6",
-					NewVersionRelease: "0:1.2.3-45.el6.centos.8",
+					newVersionRelease: "0:1.2.3-45.el6.centos.8",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 19
 		{
@@ -711,11 +757,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.el6.centos.6",
-					NewVersionRelease: "0:1.2.3-45.el6.centos.9",
+					newVersionRelease: "0:1.2.3-45.el6.centos.9",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 20
 		{
@@ -794,6 +841,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		{
 			in: in{
@@ -865,11 +913,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.sl6.6",
-					NewVersionRelease: "0:1.2.3-45.sl6.7",
+					newVersionRelease: "0:1.2.3-45.sl6.7",
 				},
 			},
 			affected:    true,
 			notFixedYet: true,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		{
 			in: in{
@@ -891,11 +940,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.sl6.6",
-					NewVersionRelease: "0:1.2.3-45.sl6.8",
+					newVersionRelease: "0:1.2.3-45.sl6.8",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		{
 			in: in{
@@ -917,11 +967,12 @@ func TestIsOvalDefAffected(t *testing.T) {
 					packName:          "b",
 					isSrcPack:         false,
 					versionRelease:    "0:1.2.3-45.sl6.6",
-					NewVersionRelease: "0:1.2.3-45.sl6.9",
+					newVersionRelease: "0:1.2.3-45.sl6.9",
 				},
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		{
 			in: in{
@@ -989,7 +1040,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 				req: request{
 					packName:          "kernel",
 					versionRelease:    "3.0.0",
-					NewVersionRelease: "3.2.0",
+					newVersionRelease: "3.2.0",
 				},
 				kernel: models.Kernel{
 					Release: "3.0.0",
@@ -1013,7 +1064,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 				req: request{
 					packName:          "kernel",
 					versionRelease:    "3.0.0",
-					NewVersionRelease: "3.2.0",
+					newVersionRelease: "3.2.0",
 				},
 				kernel: models.Kernel{
 					Release: "3.0.0",
@@ -1021,16 +1072,20 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "3.1.0",
 		},
 	}
 	for i, tt := range tests {
-		affected, notFixedYet := isOvalDefAffected(tt.in.def, tt.in.req, tt.in.family, tt.in.kernel)
+		affected, notFixedYet, fixedIn := isOvalDefAffected(tt.in.def, tt.in.req, tt.in.family, tt.in.kernel)
 		if tt.affected != affected {
 			t.Errorf("[%d] affected\nexpected: %v\n  actual: %v\n", i, tt.affected, affected)
 		}
 		if tt.notFixedYet != notFixedYet {
 			t.Errorf("[%d] notfixedyet\nexpected: %v\n  actual: %v\n", i, tt.notFixedYet, notFixedYet)
 		}
+		if tt.fixedIn != fixedIn {
+			t.Errorf("[%d] fixedIn\nexpected: %v\n  actual: %v\n", i, tt.fixedIn, fixedIn)
+		}
 	}
 }
 

report/azureblob.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -25,6 +8,7 @@ import (
 	"time"
 
 	storage "github.com/Azure/azure-sdk-for-go/storage"
+	"golang.org/x/xerrors"
 
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
@@ -60,7 +44,7 @@ func (w AzureBlobWriter) Write(rs ...models.ScanResult) (err error) {
 			k := key + ".json"
 			var b []byte
 			if b, err = json.Marshal(r); err != nil {
-				return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+				return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
 			}
 			if err := createBlockBlob(cli, k, b); err != nil {
 				return err
@@ -87,7 +71,7 @@ func (w AzureBlobWriter) Write(rs ...models.ScanResult) (err error) {
 			k := key + ".xml"
 			var b []byte
 			if b, err = xml.Marshal(r); err != nil {
-				return fmt.Errorf("Failed to Marshal to XML: %s", err)
+				return xerrors.Errorf("Failed to Marshal to XML: %w", err)
 			}
 			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
 			if err := createBlockBlob(cli, k, allBytes); err != nil {
@@ -117,7 +101,7 @@ func CheckIfAzureContainerExists() error {
 		}
 	}
 	if !found {
-		return fmt.Errorf("Container not found. Container: %s", c.Conf.Azure.ContainerName)
+		return xerrors.Errorf("Container not found. Container: %s", c.Conf.Azure.ContainerName)
 	}
 	return nil
 }
@@ -142,7 +126,7 @@ func createBlockBlob(cli storage.BlobStorageClient, k string, b []byte) error {
 	ref := cli.GetContainerReference(c.Conf.Azure.ContainerName)
 	blob := ref.GetBlobReference(k)
 	if err := blob.CreateBlockBlobFromReader(bytes.NewReader(b), nil); err != nil {
-		return fmt.Errorf("Failed to upload data to %s/%s, %s",
+		return xerrors.Errorf("Failed to upload data to %s/%s, err: %w",
 			c.Conf.Azure.ContainerName, k, err)
 	}
 	return nil

report/chatwork_test.go

@@ -1 +0,0 @@
-package report

report/cve_client.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -25,11 +8,12 @@ import (
 
 	"github.com/cenkalti/backoff"
 	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
 
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/util"
 	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
-	cve "github.com/kotakanbe/go-cve-dictionary/models"
+	cvemodels "github.com/kotakanbe/go-cve-dictionary/models"
 )
 
 // CveClient is api client of CVE disctionary service.
@@ -45,7 +29,7 @@ func (api *cvedictClient) initialize() {
 }
 
 func (api cvedictClient) CheckHealth() error {
-	if !api.isFetchViaHTTP() {
+	if !config.Conf.CveDict.IsFetchViaHTTP() {
 		util.Log.Debugf("get cve-dictionary from %s", config.Conf.CveDict.Type)
 		return nil
 	}
@@ -57,7 +41,7 @@ func (api cvedictClient) CheckHealth() error {
 	resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
 	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return fmt.Errorf("Failed to request to CVE server. url: %s, errs: %v",
+		return xerrors.Errorf("Failed to request to CVE server. url: %s, errs: %w",
 			url, errs)
 	}
 	return nil
@@ -65,18 +49,21 @@ func (api cvedictClient) CheckHealth() error {
 
 type response struct {
 	Key       string
-	CveDetail cve.CveDetail
+	CveDetail cvemodels.CveDetail
 }
 
-func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveDetails []cve.CveDetail, err error) {
-	if !api.isFetchViaHTTP() {
+func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveDetails []cvemodels.CveDetail, err error) {
+	if !config.Conf.CveDict.IsFetchViaHTTP() {
+		if driver == nil {
+			return
+		}
 		for _, cveID := range cveIDs {
 			cveDetail, err := driver.Get(cveID)
 			if err != nil {
-				return nil, fmt.Errorf("Failed to fetch CVE. err: %s", err)
+				return nil, xerrors.Errorf("Failed to fetch CVE. err: %w", err)
 			}
 			if len(cveDetail.CveID) == 0 {
-				cveDetails = append(cveDetails, cve.CveDetail{
+				cveDetails = append(cveDetails, cvemodels.CveDetail{
 					CveID: cveID,
 				})
 			} else {
@@ -123,7 +110,7 @@ func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveD
 		select {
 		case res := <-resChan:
 			if len(res.CveDetail.CveID) == 0 {
-				cveDetails = append(cveDetails, cve.CveDetail{
+				cveDetails = append(cveDetails, cvemodels.CveDetail{
 					CveID: res.Key,
 				})
 			} else {
@@ -132,12 +119,12 @@ func (api cvedictClient) FetchCveDetails(driver cvedb.DB, cveIDs []string) (cveD
 		case err := <-errChan:
 			errs = append(errs, err)
 		case <-timeout:
-			return nil, fmt.Errorf("Timeout Fetching CVE")
+			return nil, xerrors.New("Timeout Fetching CVE")
 		}
 	}
 	if len(errs) != 0 {
 		return nil,
-			fmt.Errorf("Failed to fetch CVE. err: %v", errs)
+			xerrors.Errorf("Failed to fetch CVE. err: %w", errs)
 	}
 	return
 }
@@ -150,8 +137,8 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 		//  resp, body, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
 		resp, body, errs = gorequest.New().Get(url).End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			return fmt.Errorf("HTTP GET error: %v, url: %s, resp: %v",
-				errs, url, resp)
+			return xerrors.Errorf("HTTP GET Error, url: %s, resp: %v, err: %w",
+				url, resp, errs)
 		}
 		return nil
 	}
@@ -161,13 +148,12 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
-		errChan <- fmt.Errorf("HTTP Error %s", err)
+		errChan <- xerrors.Errorf("HTTP Error: %w", err)
 		return
 	}
-	cveDetail := cve.CveDetail{}
+	cveDetail := cvemodels.CveDetail{}
 	if err := json.Unmarshal([]byte(body), &cveDetail); err != nil {
-		errChan <- fmt.Errorf("Failed to Unmarshall. body: %s, err: %s",
-			body, err)
+		errChan <- xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
 		return
 	}
 	resChan <- response{
@@ -176,16 +162,8 @@ func (api cvedictClient) httpGet(key, url string, resChan chan<- response, errCh
 	}
 }
 
-func (api cvedictClient) isFetchViaHTTP() bool {
-	// Default value of CveDBType is sqlite3
-	if config.Conf.CveDict.URL != "" && config.Conf.CveDict.Type == "sqlite3" {
-		return true
-	}
-	return false
-}
-
-func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName string) ([]cve.CveDetail, error) {
-	if api.isFetchViaHTTP() {
+func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName string) ([]cvemodels.CveDetail, error) {
+	if config.Conf.CveDict.IsFetchViaHTTP() {
 		api.baseURL = config.Conf.CveDict.URL
 		url, err := util.URLPathJoin(api.baseURL, "cpes")
 		if err != nil {
@@ -199,7 +177,7 @@ func (api cvedictClient) FetchCveDetailsByCpeName(driver cvedb.DB, cpeName strin
 	return driver.GetByCpeURI(cpeName)
 }
 
-func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]cve.CveDetail, error) {
+func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]cvemodels.CveDetail, error) {
 	var body string
 	var errs []error
 	var resp *http.Response
@@ -211,7 +189,7 @@ func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]c
 		}
 		resp, body, errs = req.End()
 		if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-			return fmt.Errorf("HTTP POST error: %v, url: %s, resp: %v", errs, url, resp)
+			return xerrors.Errorf("HTTP POST error. url: %s, resp: %v, err: %w", url, resp, errs)
 		}
 		return nil
 	}
@@ -220,13 +198,13 @@ func (api cvedictClient) httpPost(key, url string, query map[string]string) ([]c
 	}
 	err := backoff.RetryNotify(f, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
-		return nil, fmt.Errorf("HTTP Error %s", err)
+		return nil, xerrors.Errorf("HTTP Error: %w", err)
 	}
 
-	cveDetails := []cve.CveDetail{}
+	cveDetails := []cvemodels.CveDetail{}
 	if err := json.Unmarshal([]byte(body), &cveDetails); err != nil {
 		return nil,
-			fmt.Errorf("Failed to Unmarshall. body: %s, err: %s", body, err)
+			xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
 	}
 	return cveDetails, nil
 }

report/db_client.go

@@ -1,7 +1,6 @@
 package report
 
 import (
-	"fmt"
 	"os"
 
 	"github.com/future-architect/vuls/config"
@@ -10,6 +9,7 @@ import (
 	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
 	ovaldb "github.com/kotakanbe/goval-dictionary/db"
 	exploitdb "github.com/mozqnet/go-exploitdb/db"
+	"golang.org/x/xerrors"
 )
 
 // DBClient is a dictionarie's db client for reporting
@@ -29,32 +29,19 @@ type DBClientConf struct {
 	DebugSQL    bool
 }
 
-func (c DBClientConf) isCveDBViaHTTP() bool {
-	return c.CveDictCnf.URL != "" && c.CveDictCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isOvalViaHTTP() bool {
-	return c.OvalDictCnf.URL != "" && c.OvalDictCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isGostViaHTTP() bool {
-	return c.GostCnf.URL != "" && c.GostCnf.Type == "sqlite3"
-}
-
-func (c DBClientConf) isExploitViaHTTP() bool {
-	return c.ExploitCnf.URL != "" && c.ExploitCnf.Type == "sqlite3"
-}
-
 // NewDBClient returns db clients
 func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error) {
 	cveDriver, locked, err := NewCveDB(cnf)
-	if err != nil {
+	if locked {
+		return nil, true, xerrors.Errorf("CveDB is locked: %s",
+			cnf.OvalDictCnf.SQLite3Path)
+	} else if err != nil {
 		return nil, locked, err
 	}
 
 	ovaldb, locked, err := NewOvalDB(cnf)
 	if locked {
-		return nil, true, fmt.Errorf("OvalDB is locked: %s",
+		return nil, true, xerrors.Errorf("OvalDB is locked: %s",
 			cnf.OvalDictCnf.SQLite3Path)
 	} else if err != nil {
 		util.Log.Warnf("Unable to use OvalDB: %s, err: %s",
@@ -63,7 +50,7 @@ func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error)
 
 	gostdb, locked, err := NewGostDB(cnf)
 	if locked {
-		return nil, true, fmt.Errorf("gostDB is locked: %s",
+		return nil, true, xerrors.Errorf("gostDB is locked: %s",
 			cnf.GostCnf.SQLite3Path)
 	} else if err != nil {
 		util.Log.Warnf("Unable to use gostDB: %s, err: %s",
@@ -72,7 +59,7 @@ func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error)
 
 	exploitdb, locked, err := NewExploitDB(cnf)
 	if locked {
-		return nil, true, fmt.Errorf("exploitDB is locked: %s",
+		return nil, true, xerrors.Errorf("exploitDB is locked: %s",
 			cnf.ExploitCnf.SQLite3Path)
 	} else if err != nil {
 		util.Log.Warnf("Unable to use exploitDB: %s, err: %s",
@@ -89,19 +76,23 @@ func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error)
 
 // NewCveDB returns cve db client
 func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {
-	if cnf.isCveDBViaHTTP() {
+	if config.Conf.CveDict.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	util.Log.Debugf("open cve-dictionary db (%s)", cnf.CveDictCnf.Type)
 	path := cnf.CveDictCnf.URL
 	if cnf.CveDictCnf.Type == "sqlite3" {
 		path = cnf.CveDictCnf.SQLite3Path
+		if _, err := os.Stat(path); os.IsNotExist(err) {
+			util.Log.Warnf("--cvedb-path=%s file not found. [CPE-scan](https://vuls.io/docs/en/usage-scan-non-os-packages.html#cpe-scan) needs cve-dictionary. if you specify cpe in config.toml, fetch cve-dictionary before reporting. For details, see `https://github.com/kotakanbe/go-cve-dictionary#deploy-go-cve-dictionary`", path)
+			return nil, false, nil
+		}
 	}
 
 	util.Log.Debugf("Open cve-dictionary db (%s): %s", cnf.CveDictCnf.Type, path)
 	driver, locked, err = cvedb.NewDB(cnf.CveDictCnf.Type, path, cnf.DebugSQL)
 	if err != nil {
-		err = fmt.Errorf("Failed to init CVE DB. err: %s, path: %s", err, path)
+		err = xerrors.Errorf("Failed to init CVE DB. err: %w, path: %s", err, path)
 		return nil, locked, err
 	}
 	return driver, false, nil
@@ -109,7 +100,7 @@ func NewCveDB(cnf DBClientConf) (driver cvedb.DB, locked bool, err error) {
 
 // NewOvalDB returns oval db client
 func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
-	if cnf.isOvalViaHTTP() {
+	if config.Conf.OvalDict.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.OvalDictCnf.URL
@@ -117,7 +108,7 @@ func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
 		path = cnf.OvalDictCnf.SQLite3Path
 
 		if _, err := os.Stat(path); os.IsNotExist(err) {
-			util.Log.Warnf("--ovaldb-path=%s is not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage", path)
+			util.Log.Warnf("--ovaldb-path=%s file not found", path)
 			return nil, false, nil
 		}
 	}
@@ -125,7 +116,7 @@ func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
 	util.Log.Debugf("Open oval-dictionary db (%s): %s", cnf.OvalDictCnf.Type, path)
 	driver, locked, err = ovaldb.NewDB("", cnf.OvalDictCnf.Type, path, cnf.DebugSQL)
 	if err != nil {
-		err = fmt.Errorf("Failed to new OVAL DB. err: %s", err)
+		err = xerrors.Errorf("Failed to new OVAL DB. err: %w", err)
 		if locked {
 			return nil, true, err
 		}
@@ -136,7 +127,7 @@ func NewOvalDB(cnf DBClientConf) (driver ovaldb.DB, locked bool, err error) {
 
 // NewGostDB returns db client for Gost
 func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
-	if cnf.isGostViaHTTP() {
+	if config.Conf.Gost.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.GostCnf.URL
@@ -144,7 +135,7 @@ func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
 		path = cnf.GostCnf.SQLite3Path
 
 		if _, err := os.Stat(path); os.IsNotExist(err) {
-			util.Log.Warnf("--gostdb-path=%s is not found. If the scan target server is Debian, RHEL or CentOS, it's recommended to use gost to improve scanning accuracy. To use gost database, see https://github.com/knqyf263/gost#fetch-redhat", path)
+			util.Log.Warnf("--gostdb-path=%s file not found. Vuls can detect `patch-not-released-CVE-ID` using gost if the scan target server is Debian, RHEL or CentOS, For details, see `https://github.com/knqyf263/gost#fetch-redhat`", path)
 			return nil, false, nil
 		}
 	}
@@ -152,7 +143,7 @@ func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
 	util.Log.Debugf("Open gost db (%s): %s", cnf.GostCnf.Type, path)
 	if driver, locked, err = gostdb.NewDB(cnf.GostCnf.Type, path, cnf.DebugSQL); err != nil {
 		if locked {
-			util.Log.Errorf("gostDB is locked: %s", err)
+			util.Log.Errorf("gostDB is locked. err: %+v", err)
 			return nil, true, err
 		}
 		return nil, false, err
@@ -162,7 +153,7 @@ func NewGostDB(cnf DBClientConf) (driver gostdb.DB, locked bool, err error) {
 
 // NewExploitDB returns db client for Exploit
 func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error) {
-	if cnf.isExploitViaHTTP() {
+	if config.Conf.Exploit.IsFetchViaHTTP() {
 		return nil, false, nil
 	}
 	path := cnf.ExploitCnf.URL
@@ -170,7 +161,7 @@ func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error
 		path = cnf.ExploitCnf.SQLite3Path
 
 		if _, err := os.Stat(path); os.IsNotExist(err) {
-			util.Log.Warnf("--exploitdb-path=%s is not found. It's recommended to use exploit to improve scanning accuracy. To use exploit db database, see https://github.com/mozqnet/go-exploitdb", path)
+			util.Log.Warnf("--exploitdb-path=%s file not found. Fetch go-exploit-db before reporting if you want to display exploit codes of detected CVE-IDs. For details, see `https://github.com/mozqnet/go-exploitdb`", path)
 			return nil, false, nil
 		}
 	}
@@ -178,7 +169,7 @@ func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error
 	util.Log.Debugf("Open exploit db (%s): %s", cnf.ExploitCnf.Type, path)
 	if driver, locked, err = exploitdb.NewDB(cnf.ExploitCnf.Type, path, cnf.DebugSQL); err != nil {
 		if locked {
-			util.Log.Errorf("exploitDB is locked: %s", err)
+			util.Log.Errorf("exploitDB is locked. err: %+v", err)
 			return nil, true, err
 		}
 		return nil, false, err
@@ -190,12 +181,12 @@ func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error
 func (d DBClient) CloseDB() {
 	if d.CveDB != nil {
 		if err := d.CveDB.CloseDB(); err != nil {
-			util.Log.Errorf("Failed to close DB: %s", err)
+			util.Log.Errorf("Failed to close DB. err: %+v", err)
 		}
 	}
 	if d.OvalDB != nil {
 		if err := d.OvalDB.CloseDB(); err != nil {
-			util.Log.Errorf("Failed to close DB: %s", err)
+			util.Log.Errorf("Failed to close DB. err: %+v", err)
 		}
 	}
 }

report/email.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -27,6 +10,7 @@ import (
 
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
+	"golang.org/x/xerrors"
 )
 
 // EMailWriter send mail
@@ -41,7 +25,6 @@ func (w EMailWriter) Write(rs ...models.ScanResult) (err error) {
 	for _, r := range rs {
 		if conf.FormatOneEMail {
 			message += formatFullPlainText(r) + "\r\n\r\n"
-
 			mm := r.ScannedCves.CountGroupBySeverity()
 			keys := []string{"High", "Medium", "Low", "Unknown"}
 			for _, k := range keys {
@@ -58,13 +41,19 @@ func (w EMailWriter) Write(rs ...models.ScanResult) (err error) {
 					r.ServerInfo(),
 					r.ScannedCves.FormatCveSummary())
 			}
-			message = formatFullPlainText(r)
+			if conf.FormatList {
+				message = formatList(r)
+			} else {
+				message = formatFullPlainText(r)
+			}
+			if conf.FormatOneLineText {
+				message = fmt.Sprintf("One Line Summary\r\n================\r\n%s", formatOneLineSummary(r))
+			}
 			if err := sender.Send(subject, message); err != nil {
 				return err
 			}
 		}
 	}
-
 	summary := ""
 	if config.Conf.IgnoreUnscoredCves {
 		summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d)",
@@ -73,17 +62,12 @@ func (w EMailWriter) Write(rs ...models.ScanResult) (err error) {
 	summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d ?:%d)",
 		m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
 		m["High"], m["Medium"], m["Low"], m["Unknown"])
-
+	origmessage := message
 	if conf.FormatOneEMail {
-		message = fmt.Sprintf(
-			`
-One Line Summary
-================
-%s
-
-
-%s`,
-			formatOneLineSummary(rs...), message)
+		message = fmt.Sprintf("One Line Summary\r\n================\r\n%s", formatOneLineSummary(rs...))
+		if !conf.FormatOneLineText {
+			message += fmt.Sprintf("\r\n\r\n%s", origmessage)
+		}
 
 		subject := fmt.Sprintf("%s %s",
 			conf.EMail.SubjectPrefix, summary)
@@ -108,7 +92,7 @@ func (e *emailSender) Send(subject, body string) (err error) {
 	cc := strings.Join(emailConf.Cc[:], ", ")
 	mailAddresses := append(emailConf.To, emailConf.Cc...)
 	if _, err := mail.ParseAddressList(strings.Join(mailAddresses[:], ", ")); err != nil {
-		return fmt.Errorf("Failed to parse email addresses: %s", err)
+		return xerrors.Errorf("Failed to parse email addresses: %w", err)
 	}
 
 	headers := make(map[string]string)
@@ -126,20 +110,34 @@ func (e *emailSender) Send(subject, body string) (err error) {
 	message := fmt.Sprintf("%s\r\n%s", header, body)
 
 	smtpServer := net.JoinHostPort(emailConf.SMTPAddr, emailConf.SMTPPort)
+
+	if emailConf.User != "" && emailConf.Password != "" {
+		err = e.send(
+			smtpServer,
+			smtp.PlainAuth(
+				"",
+				emailConf.User,
+				emailConf.Password,
+				emailConf.SMTPAddr,
+			),
+			emailConf.From,
+			mailAddresses,
+			[]byte(message),
+		)
+		if err != nil {
+			return xerrors.Errorf("Failed to send emails: %w", err)
+		}
+		return nil
+	}
 	err = e.send(
 		smtpServer,
-		smtp.PlainAuth(
-			"",
-			emailConf.User,
-			emailConf.Password,
-			emailConf.SMTPAddr,
-		),
+		nil,
 		emailConf.From,
 		mailAddresses,
 		[]byte(message),
 	)
 	if err != nil {
-		return fmt.Errorf("Failed to send emails: %s", err)
+		return xerrors.Errorf("Failed to send emails: %w", err)
 	}
 	return nil
 }

report/email_test.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -100,7 +83,7 @@ func TestSend(t *testing.T) {
 			t.Errorf("#%d: wrong 'addr' field.\r\nexpected: %s\n got: %s", i, test.out.addr, r.addr)
 		}
 
-		if !reflect.DeepEqual(r.auth, test.out.auth) {
+		if !reflect.DeepEqual(r.auth, test.out.auth) && r.auth != nil {
 			t.Errorf("#%d: wrong 'auth' field.\r\nexpected: %v\n got: %v", i, test.out.auth, r.auth)
 		}
 

report/hipchat_test.go

@@ -1 +0,0 @@
-package report

report/http.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Architect, Inc. Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -22,10 +5,9 @@ import (
 	"encoding/json"
 	"net/http"
 
-	"github.com/pkg/errors"
-
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
+	"golang.org/x/xerrors"
 )
 
 // HTTPRequestWriter writes results to HTTP request
@@ -53,7 +35,7 @@ type HTTPResponseWriter struct {
 func (w HTTPResponseWriter) Write(rs ...models.ScanResult) (err error) {
 	res, err := json.Marshal(rs)
 	if err != nil {
-		return errors.Wrap(err, "Failed to marshal scah results")
+		return xerrors.Errorf("Failed to marshal scah results: %w", err)
 	}
 	w.Writer.Header().Set("Content-Type", "application/json")
 	_, err = w.Writer.Write(res)

report/localfile.go

@@ -1,33 +1,16 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
 	"bytes"
 	"encoding/json"
 	"encoding/xml"
-	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
+	"golang.org/x/xerrors"
 )
 
 // LocalFileWriter writes results to a local file.
@@ -40,8 +23,8 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 		path := filepath.Join(w.CurrentDir, "summary.txt")
 		text := formatOneLineSummary(rs...)
 		if err := writeFile(path, []byte(text), 0600); err != nil {
-			return fmt.Errorf(
-				"Failed to write to file. path: %s, err: %s",
+			return xerrors.Errorf(
+				"Failed to write to file. path: %s, err: %w",
 				path, err)
 		}
 	}
@@ -60,15 +43,15 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 			var b []byte
 			if c.Conf.Debug {
 				if b, err = json.MarshalIndent(r, "", "    "); err != nil {
-					return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+					return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
 				}
 			} else {
 				if b, err = json.Marshal(r); err != nil {
-					return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+					return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
 				}
 			}
 			if err := writeFile(p, b, 0600); err != nil {
-				return fmt.Errorf("Failed to write JSON. path: %s, err: %s", p, err)
+				return xerrors.Errorf("Failed to write JSON. path: %s, err: %w", p, err)
 			}
 		}
 
@@ -82,8 +65,8 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 
 			if err := writeFile(
 				p, []byte(formatList(r)), 0600); err != nil {
-				return fmt.Errorf(
-					"Failed to write text files. path: %s, err: %s", p, err)
+				return xerrors.Errorf(
+					"Failed to write text files. path: %s, err: %w", p, err)
 			}
 		}
 
@@ -97,8 +80,8 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 
 			if err := writeFile(
 				p, []byte(formatFullPlainText(r)), 0600); err != nil {
-				return fmt.Errorf(
-					"Failed to write text files. path: %s, err: %s", p, err)
+				return xerrors.Errorf(
+					"Failed to write text files. path: %s, err: %w", p, err)
 			}
 		}
 
@@ -112,11 +95,11 @@ func (w LocalFileWriter) Write(rs ...models.ScanResult) (err error) {
 
 			var b []byte
 			if b, err = xml.Marshal(r); err != nil {
-				return fmt.Errorf("Failed to Marshal to XML: %s", err)
+				return xerrors.Errorf("Failed to Marshal to XML: %w", err)
 			}
 			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
 			if err := writeFile(p, allBytes, 0600); err != nil {
-				return fmt.Errorf("Failed to write XML. path: %s, err: %s", p, err)
+				return xerrors.Errorf("Failed to write XML. path: %s, err: %w", p, err)
 			}
 		}
 	}

report/report.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -28,20 +11,27 @@ import (
 	"strings"
 	"time"
 
+	"github.com/future-architect/vuls/libmanager"
+
 	"github.com/BurntSushi/toml"
+	"github.com/future-architect/vuls/config"
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
 	"github.com/future-architect/vuls/cwe"
 	"github.com/future-architect/vuls/exploit"
+	"github.com/future-architect/vuls/github"
 	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/oval"
 	"github.com/future-architect/vuls/util"
-	"github.com/hashicorp/uuid"
+	"github.com/future-architect/vuls/wordpress"
+	"github.com/hashicorp/go-uuid"
 	gostdb "github.com/knqyf263/gost/db"
 	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
+	cvemodels "github.com/kotakanbe/go-cve-dictionary/models"
 	ovaldb "github.com/kotakanbe/goval-dictionary/db"
 	exploitdb "github.com/mozqnet/go-exploitdb/db"
+	"golang.org/x/xerrors"
 )
 
 const (
@@ -56,19 +46,24 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 	hostname, _ := os.Hostname()
 	for _, r := range rs {
 		if c.Conf.RefreshCve || needToRefreshCve(r) {
+			if ovalSupported(&r) {
+				r.ScannedCves = models.VulnInfos{}
+			}
 			cpeURIs := []string{}
+
 			if len(r.Container.ContainerID) == 0 {
 				cpeURIs = c.Conf.Servers[r.ServerName].CpeNames
 				owaspDCXMLPath := c.Conf.Servers[r.ServerName].OwaspDCXMLPath
 				if owaspDCXMLPath != "" {
 					cpes, err := parser.Parse(owaspDCXMLPath)
 					if err != nil {
-						return nil, fmt.Errorf("Failed to read OWASP Dependency Check XML: %s, %s, %s",
+						return nil, xerrors.Errorf("Failed to read OWASP Dependency Check XML on %s, `%s`, err: %w",
 							r.ServerName, owaspDCXMLPath, err)
 					}
 					cpeURIs = append(cpeURIs, cpes...)
 				}
 			} else {
+				// runningContainer
 				if s, ok := c.Conf.Servers[r.ServerName]; ok {
 					if con, ok := s.Containers[r.Container.Name]; ok {
 						cpeURIs = con.Cpes
@@ -76,7 +71,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 						if owaspDCXMLPath != "" {
 							cpes, err := parser.Parse(owaspDCXMLPath)
 							if err != nil {
-								return nil, fmt.Errorf("Failed to read OWASP Dependency Check XML: %s, %s, %s",
+								return nil, xerrors.Errorf("Failed to read OWASP Dependency Check XML on %s, `%s`, err: %w",
 									r.ServerInfo(), owaspDCXMLPath, err)
 							}
 							cpeURIs = append(cpeURIs, cpes...)
@@ -85,7 +80,17 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 				}
 			}
 
-			if err := FillCveInfo(dbclient, &r, cpeURIs); err != nil {
+			// Integrations
+			githubInts := GithubSecurityAlerts(c.Conf.Servers[r.ServerName].GitHubRepos)
+
+			wpOpt := WordPressOption{c.Conf.Servers[r.ServerName].WordPress.WPVulnDBToken}
+
+			if err := FillCveInfo(dbclient,
+				&r,
+				cpeURIs,
+				true,
+				githubInts,
+				wpOpt); err != nil {
 				return nil, err
 			}
 			r.Lang = c.Conf.Lang
@@ -98,7 +103,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 				r.ServerName: c.Conf.Servers[r.ServerName],
 			}
 			if err := overwriteJSONFile(dir, r); err != nil {
-				return nil, fmt.Errorf("Failed to write JSON: %s", err)
+				return nil, xerrors.Errorf("Failed to write JSON: %w", err)
 			}
 			filledResults = append(filledResults, r)
 		} else {
@@ -132,6 +137,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 		r = r.FilterIgnoreCves()
 		r = r.FilterUnfixed()
 		r = r.FilterIgnorePkgs()
+		r = r.FilterInactiveWordPressLibs()
 		if c.Conf.IgnoreUnscoredCves {
 			r.ScannedCves = r.ScannedCves.FindScoredVulns()
 		}
@@ -141,12 +147,19 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode
 }
 
 // FillCveInfo fill scanResult with cve info.
-func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) error {
+func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string, ignoreWillNotFix bool, integrations ...Integration) error {
 	util.Log.Debugf("need to refresh")
 
-	nCVEs, err := FillWithOval(dbclient.OvalDB, r)
+	nCVEs, err := libmanager.FillLibrary(r)
 	if err != nil {
-		return fmt.Errorf("Failed to fill with OVAL: %s", err)
+		return xerrors.Errorf("Failed to fill with Library dependency: %w", err)
+	}
+	util.Log.Infof("%s: %d CVEs are detected with Library",
+		r.FormatServerName(), nCVEs)
+
+	nCVEs, err = FillWithOval(dbclient.OvalDB, r)
+	if err != nil {
+		return xerrors.Errorf("Failed to fill with OVAL: %w", err)
 	}
 	util.Log.Infof("%s: %d CVEs are detected with OVAL",
 		r.FormatServerName(), nCVEs)
@@ -162,28 +175,36 @@ func FillCveInfo(dbclient DBClient, r *models.ScanResult, cpeURIs []string) erro
 
 	nCVEs, err = fillVulnByCpeURIs(dbclient.CveDB, r, cpeURIs)
 	if err != nil {
-		return fmt.Errorf("Failed to detect vulns of %s: %s", cpeURIs, err)
+		return xerrors.Errorf("Failed to detect vulns of `%s`: %w", cpeURIs, err)
 	}
 	util.Log.Infof("%s: %d CVEs are detected with CPE", r.FormatServerName(), nCVEs)
 
-	nCVEs, err = FillWithGost(dbclient.GostDB, r)
+	ints := &integrationResults{}
+	for _, o := range integrations {
+		if err = o.apply(r, ints); err != nil {
+			return xerrors.Errorf("Failed to fill with integration: %w", err)
+		}
+	}
+	util.Log.Infof("%s: %d CVEs are detected with GitHub Security Alerts", r.FormatServerName(), ints.GithubAlertsCveCounts)
+
+	nCVEs, err = FillWithGost(dbclient.GostDB, r, ignoreWillNotFix)
 	if err != nil {
-		return fmt.Errorf("Failed to fill with gost: %s", err)
+		return xerrors.Errorf("Failed to fill with gost: %w", err)
 	}
 	util.Log.Infof("%s: %d unfixed CVEs are detected with gost",
 		r.FormatServerName(), nCVEs)
 
 	util.Log.Infof("Fill CVE detailed information with CVE-DB")
 	if err := fillCveDetail(dbclient.CveDB, r); err != nil {
-		return fmt.Errorf("Failed to fill with CVE: %s", err)
+		return xerrors.Errorf("Failed to fill with CVE: %w", err)
 	}
 
-	util.Log.Infof("Fill Exploit information with Exploit-DB")
+	util.Log.Infof("Fill exploit information with Exploit-DB")
 	nExploitCve, err := FillWithExploit(dbclient.ExploitDB, r)
 	if err != nil {
-		return fmt.Errorf("Failed to fill with exploit: %s", err)
+		return xerrors.Errorf("Failed to fill with exploit: %w", err)
 	}
-	util.Log.Infof("%s: %d Exploits are detected with exploit",
+	util.Log.Infof("%s: %d exploits are detected",
 		r.FormatServerName(), nExploitCve)
 
 	fillCweDict(r)
@@ -208,6 +229,7 @@ func fillCveDetail(driver cvedb.DB, r *models.ScanResult) error {
 		}
 		jvn := models.ConvertJvnToModel(d.CveID, d.Jvn)
 
+		alerts := fillCertAlerts(&d)
 		for cveID, vinfo := range r.ScannedCves {
 			if vinfo.CveID == d.CveID {
 				if vinfo.CveContents == nil {
@@ -218,6 +240,7 @@ func fillCveDetail(driver cvedb.DB, r *models.ScanResult) error {
 						vinfo.CveContents[con.Type] = *con
 					}
 				}
+				vinfo.AlertDict = alerts
 				r.ScannedCves[cveID] = vinfo
 				break
 			}
@@ -226,6 +249,28 @@ func fillCveDetail(driver cvedb.DB, r *models.ScanResult) error {
 	return nil
 }
 
+func fillCertAlerts(cvedetail *cvemodels.CveDetail) (dict models.AlertDict) {
+	if cvedetail.NvdJSON != nil {
+		for _, cert := range cvedetail.NvdJSON.Certs {
+			dict.En = append(dict.En, models.Alert{
+				URL:   cert.Link,
+				Title: cert.Title,
+				Team:  "us",
+			})
+		}
+	}
+	if cvedetail.Jvn != nil {
+		for _, cert := range cvedetail.Jvn.Certs {
+			dict.Ja = append(dict.Ja, models.Alert{
+				URL:   cert.Link,
+				Title: cert.Title,
+				Team:  "jp",
+			})
+		}
+	}
+	return dict
+}
+
 // FillWithOval fetches OVAL database
 func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error) {
 	var ovalClient oval.Client
@@ -255,34 +300,36 @@ func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error)
 	case c.Alpine:
 		ovalClient = oval.NewAlpine()
 		ovalFamily = c.Alpine
-	case c.Amazon, c.Raspbian, c.FreeBSD, c.Windows:
+	case c.Amazon:
+		ovalClient = oval.NewAmazon()
+		ovalFamily = c.Amazon
+	case c.Raspbian, c.FreeBSD, c.Windows:
 		return 0, nil
 	case c.ServerTypePseudo:
 		return 0, nil
 	default:
 		if r.Family == "" {
-			return 0, fmt.Errorf("Probably an error occurred during scanning. Check the error message")
+			return 0, xerrors.New("Probably an error occurred during scanning. Check the error message")
 		}
-		return 0, fmt.Errorf("OVAL for %s is not implemented yet", r.Family)
+		return 0, xerrors.Errorf("OVAL for %s is not implemented yet", r.Family)
 	}
 
-	if !ovalClient.IsFetchViaHTTP() && driver == nil {
-		return 0, nil
+	if !c.Conf.OvalDict.IsFetchViaHTTP() {
+		if driver == nil {
+			return 0, xerrors.Errorf("You have to fetch OVAL data for %s before reporting. For details, see `https://github.com/kotakanbe/goval-dictionary#usage`", r.Family)
+		}
+		if err = driver.NewOvalDB(ovalFamily); err != nil {
+			return 0, xerrors.Errorf("Failed to New Oval DB. err: %w", err)
+		}
 	}
 
-	if err = driver.NewOvalDB(ovalFamily); err != nil {
-		return 0, fmt.Errorf("Failed to New Oval DB. err: %s", err)
-	}
-
-	util.Log.Debugf("Check whether oval fetched: %s %s",
-		ovalFamily, r.Release)
+	util.Log.Debugf("Check whether oval fetched: %s %s", ovalFamily, r.Release)
 	ok, err := ovalClient.CheckIfOvalFetched(driver, ovalFamily, r.Release)
 	if err != nil {
 		return 0, err
 	}
 	if !ok {
-		util.Log.Warnf("OVAL entries of %s %s are not found. It's recommended to use OVAL to improve scanning accuracy. For details, see https://github.com/kotakanbe/goval-dictionary#usage , Then report with --ovaldb-path or --ovaldb-url flag", ovalFamily, r.Release)
-		return 0, nil
+		return 0, xerrors.Errorf("OVAL entries of %s %s are not found. Fetch OVAL before reporting. For details, see `https://github.com/kotakanbe/goval-dictionary#usage`", ovalFamily, r.Release)
 	}
 
 	_, err = ovalClient.CheckIfOvalFresh(driver, ovalFamily, r.Release)
@@ -295,11 +342,14 @@ func FillWithOval(driver ovaldb.DB, r *models.ScanResult) (nCVEs int, err error)
 
 // FillWithGost fills CVEs with gost dataabase
 // https://github.com/knqyf263/gost
-func FillWithGost(driver gostdb.DB, r *models.ScanResult) (nCVEs int, err error) {
+func FillWithGost(driver gostdb.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
 	gostClient := gost.NewClient(r.Family)
 	// TODO chekc if fetched
 	// TODO chekc if fresh enough
-	return gostClient.FillWithGost(driver, r)
+	if nCVEs, err = gostClient.DetectUnfixed(driver, r, ignoreWillNotFix); err != nil {
+		return
+	}
+	return nCVEs, gostClient.FillCVEsWithRedHat(driver, r)
 }
 
 // FillWithExploit fills Exploits with exploit dataabase
@@ -311,6 +361,11 @@ func FillWithExploit(driver exploitdb.DB, r *models.ScanResult) (nExploitCve int
 }
 
 func fillVulnByCpeURIs(driver cvedb.DB, r *models.ScanResult, cpeURIs []string) (nCVEs int, err error) {
+	if len(cpeURIs) != 0 && driver == nil && !config.Conf.CveDict.IsFetchViaHTTP() {
+		return 0, xerrors.Errorf("cpeURIs %s specified, but cve-dictionary DB not found. Fetch cve-dictionary beofre reporting. For details, see `https://github.com/kotakanbe/go-cve-dictionary#deploy-go-cve-dictionary`",
+			cpeURIs)
+	}
+
 	for _, name := range cpeURIs {
 		details, err := CveClient.FetchCveDetailsByCpeName(driver, name)
 		if err != nil {
@@ -337,6 +392,61 @@ func fillVulnByCpeURIs(driver cvedb.DB, r *models.ScanResult, cpeURIs []string)
 	return nCVEs, nil
 }
 
+type integrationResults struct {
+	GithubAlertsCveCounts int
+	WordPressCveCounts    int
+}
+
+// Integration is integration of vuls report
+type Integration interface {
+	apply(*models.ScanResult, *integrationResults) error
+}
+
+// GithubSecurityAlerts :
+func GithubSecurityAlerts(githubConfs map[string]config.GitHubConf) Integration {
+	return GithubSecurityAlertOption{
+		GithubConfs: githubConfs,
+	}
+}
+
+// GithubSecurityAlertOption :
+type GithubSecurityAlertOption struct {
+	GithubConfs map[string]config.GitHubConf
+}
+
+// https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
+func (g GithubSecurityAlertOption) apply(r *models.ScanResult, ints *integrationResults) (err error) {
+	var nCVEs int
+	for ownerRepo, setting := range g.GithubConfs {
+		ss := strings.Split(ownerRepo, "/")
+		owner, repo := ss[0], ss[1]
+		n, err := github.FillGitHubSecurityAlerts(r, owner, repo, setting.Token)
+		if err != nil {
+			return xerrors.Errorf("Failed to access GitHub Security Alerts: %w", err)
+		}
+		nCVEs += n
+	}
+	ints.GithubAlertsCveCounts = nCVEs
+	return nil
+}
+
+// WordPressOption :
+type WordPressOption struct {
+	token string
+}
+
+func (g WordPressOption) apply(r *models.ScanResult, ints *integrationResults) (err error) {
+	if g.token == "" {
+		return nil
+	}
+	n, err := wordpress.FillWordPress(r, g.token)
+	if err != nil {
+		return xerrors.Errorf("Failed to fetch from WPVulnDB. Check the WPVulnDBToken in config.toml. err: %w", err)
+	}
+	ints.WordPressCveCounts = n
+	return nil
+}
+
 func fillCweDict(r *models.ScanResult) {
 	uniqCweIDMap := map[string]bool{}
 	for _, vinfo := range r.ScannedCves {
@@ -350,9 +460,6 @@ func fillCweDict(r *models.ScanResult) {
 		}
 	}
 
-	// TODO check the format of CWEID, clean CWEID
-	// JVN, NVD XML, JSON, OVALs
-
 	dict := map[string]models.CweDictEntry{}
 	for id := range uniqCweIDMap {
 		entry := models.CweDictEntry{}
@@ -360,6 +467,12 @@ func fillCweDict(r *models.ScanResult) {
 			if rank, ok := cwe.OwaspTopTen2017[id]; ok {
 				entry.OwaspTopTen2017 = rank
 			}
+			if rank, ok := cwe.CweTopTwentyfive2019[id]; ok {
+				entry.CweTopTwentyfive2019 = rank
+			}
+			if rank, ok := cwe.SansTopTwentyfive[id]; ok {
+				entry.SansTopTwentyfive = rank
+			}
 			entry.En = &e
 		} else {
 			util.Log.Debugf("CWE-ID %s is not found in English CWE Dict", id)
@@ -371,6 +484,12 @@ func fillCweDict(r *models.ScanResult) {
 				if rank, ok := cwe.OwaspTopTen2017[id]; ok {
 					entry.OwaspTopTen2017 = rank
 				}
+				if rank, ok := cwe.CweTopTwentyfive2019[id]; ok {
+					entry.CweTopTwentyfive2019 = rank
+				}
+				if rank, ok := cwe.SansTopTwentyfive[id]; ok {
+					entry.SansTopTwentyfive = rank
+				}
 				entry.Ja = &e
 			} else {
 				util.Log.Debugf("CWE-ID %s is not found in Japanese CWE Dict", id)
@@ -385,9 +504,27 @@ func fillCweDict(r *models.ScanResult) {
 
 const reUUID = "[\\da-f]{8}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{4}-[\\da-f]{12}"
 
+// Scanning with the -containers-only flag at scan time, the UUID of Container Host may not be generated,
+// so check it. Otherwise create a UUID of the Container Host and set it.
+func getOrCreateServerUUID(r models.ScanResult, server c.ServerInfo) (serverUUID string, err error) {
+	if id, ok := server.UUIDs[r.ServerName]; !ok {
+		if serverUUID, err = uuid.GenerateUUID(); err != nil {
+			return "", xerrors.Errorf("Failed to generate UUID: %w", err)
+		}
+	} else {
+		matched, err := regexp.MatchString(reUUID, id)
+		if !matched || err != nil {
+			if serverUUID, err = uuid.GenerateUUID(); err != nil {
+				return "", xerrors.Errorf("Failed to generate UUID: %w", err)
+			}
+		}
+	}
+	return serverUUID, nil
+}
+
 // EnsureUUIDs generate a new UUID of the scan target server if UUID is not assigned yet.
 // And then set the generated UUID to config.toml and scan results.
-func EnsureUUIDs(configPath string, results models.ScanResults) error {
+func EnsureUUIDs(configPath string, results models.ScanResults) (err error) {
 	// Sort Host->Container
 	sort.Slice(results, func(i, j int) bool {
 		if results[i].ServerName == results[j].ServerName {
@@ -405,17 +542,9 @@ func EnsureUUIDs(configPath string, results models.ScanResults) error {
 		name := ""
 		if r.IsContainer() {
 			name = fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
-
-			// Scanning with the -containers-only flag at scan time, the UUID of Container Host may not be generated,
-			// so check it. Otherwise create a UUID of the Container Host and set it.
-			serverUUID := ""
-			if id, ok := server.UUIDs[r.ServerName]; !ok {
-				serverUUID = uuid.GenerateUUID()
-			} else {
-				matched, err := regexp.MatchString(reUUID, id)
-				if !matched || err != nil {
-					serverUUID = uuid.GenerateUUID()
-				}
+			serverUUID, err := getOrCreateServerUUID(r, server)
+			if err != nil {
+				return err
 			}
 			if serverUUID != "" {
 				server.UUIDs[r.ServerName] = serverUUID
@@ -441,16 +570,19 @@ func EnsureUUIDs(configPath string, results models.ScanResults) error {
 		}
 
 		// Generate a new UUID and set to config and scan result
-		id := uuid.GenerateUUID()
-		server.UUIDs[name] = id
+		serverUUID, err := uuid.GenerateUUID()
+		if err != nil {
+			return err
+		}
+		server.UUIDs[name] = serverUUID
 		server = cleanForTOMLEncoding(server, c.Conf.Default)
 		c.Conf.Servers[r.ServerName] = server
 
 		if r.IsContainer() {
-			results[i].Container.UUID = id
+			results[i].Container.UUID = serverUUID
 			results[i].ServerUUID = server.UUIDs[r.ServerName]
 		} else {
-			results[i].ServerUUID = id
+			results[i].ServerUUID = serverUUID
 		}
 	}
 
@@ -554,21 +686,21 @@ func EnsureUUIDs(configPath string, results models.ScanResults) error {
 	// rename the current config.toml to config.toml.bak
 	info, err := os.Lstat(configPath)
 	if err != nil {
-		return fmt.Errorf("Failed to lstat %s: %s", configPath, err)
+		return xerrors.Errorf("Failed to lstat %s: %w", configPath, err)
 	}
 	realPath := configPath
 	if info.Mode()&os.ModeSymlink == os.ModeSymlink {
 		if realPath, err = os.Readlink(configPath); err != nil {
-			return fmt.Errorf("Failed to Read link %s: %s", configPath, err)
+			return xerrors.Errorf("Failed to Read link %s: %w", configPath, err)
 		}
 	}
 	if err := os.Rename(realPath, realPath+".bak"); err != nil {
-		return fmt.Errorf("Failed to rename %s: %s", configPath, err)
+		return xerrors.Errorf("Failed to rename %s: %w", configPath, err)
 	}
 
 	var buf bytes.Buffer
 	if err := toml.NewEncoder(&buf).Encode(c); err != nil {
-		return fmt.Errorf("Failed to encode to toml: %s", err)
+		return xerrors.Errorf("Failed to encode to toml: %w", err)
 	}
 	str := strings.Replace(buf.String(), "\n  [", "\n\n  [", -1)
 	str = fmt.Sprintf("%s\n\n%s",

report/report_test.go

@@ -1 +1,54 @@
 package report
+
+import (
+	"testing"
+
+	"github.com/future-architect/vuls/config"
+
+	"github.com/future-architect/vuls/models"
+)
+
+const defaultUUID = "11111111-1111-1111-1111-111111111111"
+
+func TestGetOrCreateServerUUID(t *testing.T) {
+
+	cases := map[string]struct {
+		scanResult models.ScanResult
+		server     config.ServerInfo
+		isDefault  bool
+	}{
+		"baseServer": {
+			scanResult: models.ScanResult{
+				ServerName: "hoge",
+			},
+			server: config.ServerInfo{
+				UUIDs: map[string]string{
+					"hoge": defaultUUID,
+				},
+			},
+			isDefault: false,
+		},
+		"onlyContainers": {
+			scanResult: models.ScanResult{
+				ServerName: "hoge",
+			},
+			server: config.ServerInfo{
+				UUIDs: map[string]string{
+					"fuga": defaultUUID,
+				},
+			},
+			isDefault: false,
+		},
+	}
+
+	for testcase, v := range cases {
+		uuid, err := getOrCreateServerUUID(v.scanResult, v.server)
+		if err != nil {
+			t.Errorf("%s", err)
+		}
+		if (uuid == defaultUUID) != v.isDefault {
+			t.Errorf("%s : expected isDefault %t got %s", testcase, v.isDefault, uuid)
+		}
+	}
+
+}

report/s3.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -31,6 +14,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/s3"
+	"golang.org/x/xerrors"
 
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
@@ -75,7 +59,7 @@ func (w S3Writer) Write(rs ...models.ScanResult) (err error) {
 			k := key + ".json"
 			var b []byte
 			if b, err = json.Marshal(r); err != nil {
-				return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+				return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
 			}
 			if err := putObject(svc, k, b); err != nil {
 				return err
@@ -102,7 +86,7 @@ func (w S3Writer) Write(rs ...models.ScanResult) (err error) {
 			k := key + ".xml"
 			var b []byte
 			if b, err = xml.Marshal(r); err != nil {
-				return fmt.Errorf("Failed to Marshal to XML: %s", err)
+				return xerrors.Errorf("Failed to Marshal to XML: %w", err)
 			}
 			allBytes := bytes.Join([][]byte{[]byte(xml.Header + vulsOpenTag), b, []byte(vulsCloseTag)}, []byte{})
 			if err := putObject(svc, k, allBytes); err != nil {
@@ -118,8 +102,8 @@ func CheckIfBucketExists() error {
 	svc := getS3()
 	result, err := svc.ListBuckets(&s3.ListBucketsInput{})
 	if err != nil {
-		return fmt.Errorf(
-			"Failed to list buckets. err: %s, profile: %s, region: %s",
+		return xerrors.Errorf(
+			"Failed to list buckets. err: %w, profile: %s, region: %s",
 			err, c.Conf.AWS.Profile, c.Conf.AWS.Region)
 	}
 
@@ -131,7 +115,7 @@ func CheckIfBucketExists() error {
 		}
 	}
 	if !found {
-		return fmt.Errorf(
+		return xerrors.Errorf(
 			"Failed to find the buckets. profile: %s, region: %s, bucket: %s",
 			c.Conf.AWS.Profile, c.Conf.AWS.Region, c.Conf.AWS.S3Bucket)
 	}
@@ -158,7 +142,7 @@ func putObject(svc *s3.S3, k string, b []byte) error {
 	}
 
 	if _, err := svc.PutObject(putObjectInput); err != nil {
-		return fmt.Errorf("Failed to upload data to %s/%s, %s",
+		return xerrors.Errorf("Failed to upload data to %s/%s, err: %w",
 			c.Conf.AWS.S3Bucket, k, err)
 	}
 	return nil

report/saas.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -24,7 +7,9 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"os"
 	"path"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -35,6 +20,7 @@ import (
 	c "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
+	"golang.org/x/xerrors"
 )
 
 // SaasWriter writes results to SaaS
@@ -48,8 +34,11 @@ type TempCredential struct {
 }
 
 type payload struct {
-	GroupID int    `json:"GroupID"`
-	Token   string `json:"Token"`
+	GroupID      int    `json:"GroupID"`
+	Token        string `json:"Token"`
+	ScannedBy    string `json:"ScannedBy"`
+	ScannedIPv4s string `json:"ScannedIPv4s"`
+	ScannedIPv6s string `json:"ScannedIPv6s"`
 }
 
 // UploadSaas : UploadSaas
@@ -59,14 +48,23 @@ func (w SaasWriter) Write(rs ...models.ScanResult) (err error) {
 		return nil
 	}
 
+	ipv4s, ipv6s, err := util.IP()
+	if err != nil {
+		util.Log.Errorf("Failed to fetch scannedIPs. err: %+v", err)
+	}
+	hostname, _ := os.Hostname()
+
 	payload := payload{
-		GroupID: c.Conf.Saas.GroupID,
-		Token:   c.Conf.Saas.Token,
+		GroupID:      c.Conf.Saas.GroupID,
+		Token:        c.Conf.Saas.Token,
+		ScannedBy:    hostname,
+		ScannedIPv4s: strings.Join(ipv4s, ", "),
+		ScannedIPv6s: strings.Join(ipv6s, ", "),
 	}
 
 	var body []byte
 	if body, err = json.Marshal(payload); err != nil {
-		return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+		return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
 	}
 
 	var req *http.Request
@@ -95,7 +93,7 @@ func (w SaasWriter) Write(rs ...models.ScanResult) (err error) {
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != 200 {
-		return fmt.Errorf("Failed to get Credential. Request JSON : %s,", string(body))
+		return xerrors.Errorf("Failed to get Credential. Request JSON : %s,", string(body))
 	}
 
 	var t []byte
@@ -105,7 +103,7 @@ func (w SaasWriter) Write(rs ...models.ScanResult) (err error) {
 
 	var tempCredential TempCredential
 	if err = json.Unmarshal(t, &tempCredential); err != nil {
-		return fmt.Errorf("Failed to unmarshal saas credential file. err : %s", err)
+		return xerrors.Errorf("Failed to unmarshal saas credential file. err : %s", err)
 	}
 
 	credential := credentials.NewStaticCredentialsFromCreds(credentials.Value{
@@ -119,7 +117,7 @@ func (w SaasWriter) Write(rs ...models.ScanResult) (err error) {
 		Credentials: credential,
 		Region:      aws.String("ap-northeast-1"),
 	}); err != nil {
-		return fmt.Errorf("Failed to new aws session. err : %s", err)
+		return xerrors.Errorf("Failed to new aws session. err: %w", err)
 	}
 
 	svc := s3.New(sess)
@@ -127,7 +125,7 @@ func (w SaasWriter) Write(rs ...models.ScanResult) (err error) {
 		s3Key := renameKeyNameUTC(r.ScannedAt, r.ServerUUID, r.Container)
 		var b []byte
 		if b, err = json.Marshal(r); err != nil {
-			return fmt.Errorf("Failed to Marshal to JSON: %s", err)
+			return xerrors.Errorf("Failed to Marshal to JSON: %w", err)
 		}
 		util.Log.Infof("Uploading...: ServerName: %s, ", r.ServerName)
 		putObjectInput := &s3.PutObjectInput{
@@ -137,10 +135,11 @@ func (w SaasWriter) Write(rs ...models.ScanResult) (err error) {
 		}
 
 		if _, err := svc.PutObject(putObjectInput); err != nil {
-			return fmt.Errorf("Failed to upload data to %s/%s, %s",
+			return xerrors.Errorf("Failed to upload data to %s/%s, err: %w",
 				tempCredential.S3Bucket, s3Key, err)
 		}
 	}
+	util.Log.Infof("done")
 	return nil
 }
 

report/slack.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -30,6 +13,7 @@ import (
 	"github.com/nlopes/slack"
 	"github.com/parnurzeal/gorequest"
 	log "github.com/sirupsen/logrus"
+	"golang.org/x/xerrors"
 )
 
 type field struct {
@@ -39,12 +23,11 @@ type field struct {
 }
 
 type message struct {
-	Text            string             `json:"text"`
-	Username        string             `json:"username"`
-	IconEmoji       string             `json:"icon_emoji"`
-	Channel         string             `json:"channel"`
-	ThreadTimeStamp string             `json:"thread_ts"`
-	Attachments     []slack.Attachment `json:"attachments"`
+	Text        string             `json:"text"`
+	Username    string             `json:"username"`
+	IconEmoji   string             `json:"icon_emoji"`
+	Channel     string             `json:"channel"`
+	Attachments []slack.Attachment `json:"attachments"`
 }
 
 // SlackWriter send report to slack
@@ -60,19 +43,6 @@ func (w SlackWriter) Write(rs ...models.ScanResult) (err error) {
 			channel = fmt.Sprintf("#%s", r.ServerName)
 		}
 
-		if 0 < len(r.Errors) {
-			msg := message{
-				Text:      msgText(r),
-				Username:  conf.AuthUser,
-				IconEmoji: conf.IconEmoji,
-				Channel:   channel,
-			}
-			if err = send(msg); err != nil {
-				return err
-			}
-			continue
-		}
-
 		// A maximum of 100 attachments are allowed on a message.
 		// Split into chunks with 100 elements
 		// https://api.slack.com/methods/chat.postMessage
@@ -87,38 +57,67 @@ func (w SlackWriter) Write(rs ...models.ScanResult) (err error) {
 		}
 		sort.Ints(chunkKeys)
 
+		summary := fmt.Sprintf("%s\n%s",
+			getNotifyUsers(config.Conf.Slack.NotifyUsers),
+			formatOneLineSummary(r))
+
 		// Send slack by API
 		if 0 < len(token) {
 			api := slack.New(token)
-			ParentMsg := slack.PostMessageParameters{
-				//			Text:      msgText(r),
+			msgPrms := slack.PostMessageParameters{
 				Username:  conf.AuthUser,
 				IconEmoji: conf.IconEmoji,
 			}
 
 			var ts string
-			if _, ts, err = api.PostMessage(channel, msgText(r), ParentMsg); err != nil {
+			if _, ts, err = api.PostMessage(
+				channel,
+				slack.MsgOptionText(summary, true),
+				slack.MsgOptionPostMessageParameters(msgPrms),
+			); err != nil {
 				return err
 			}
 
+			if config.Conf.FormatOneLineText || 0 < len(r.Errors) {
+				continue
+			}
+
 			for _, k := range chunkKeys {
 				params := slack.PostMessageParameters{
-					//		Text:            msgText(r),
 					Username:        conf.AuthUser,
 					IconEmoji:       conf.IconEmoji,
-					Attachments:     m[k],
 					ThreadTimestamp: ts,
 				}
-				if _, _, err = api.PostMessage(channel, msgText(r), params); err != nil {
+				if _, _, err = api.PostMessage(
+					channel,
+					slack.MsgOptionText("", false),
+					slack.MsgOptionPostMessageParameters(params),
+					slack.MsgOptionAttachments(m[k]...),
+				); err != nil {
 					return err
 				}
 			}
 		} else {
-			for i, k := range chunkKeys {
-				txt := ""
-				if i == 0 {
-					txt = msgText(r)
-				}
+			msg := message{
+				Text:      summary,
+				Username:  conf.AuthUser,
+				IconEmoji: conf.IconEmoji,
+				Channel:   channel,
+			}
+			if err := send(msg); err != nil {
+				return err
+			}
+
+			if config.Conf.FormatOneLineText || 0 < len(r.Errors) {
+				continue
+			}
+
+			for _, k := range chunkKeys {
+				txt := fmt.Sprintf("%d/%d for %s",
+					k+1,
+					len(chunkKeys),
+					r.FormatServerName())
+
 				msg := message{
 					Text:        txt,
 					Username:    conf.AuthUser,
@@ -149,9 +148,9 @@ func send(msg message) error {
 			if count == retryMax {
 				return nil
 			}
-			return fmt.Errorf(
-				"HTTP POST error: %v, url: %s, resp: %v, body: %s",
-				errs, conf.HookURL, resp, body)
+			return xerrors.Errorf(
+				"HTTP POST error. url: %s, resp: %v, body: %s, err: %w",
+				conf.HookURL, resp, body, errs)
 		}
 		return nil
 	}
@@ -161,68 +160,55 @@ func send(msg message) error {
 	}
 	boff := backoff.NewExponentialBackOff()
 	if err := backoff.RetryNotify(f, boff, notify); err != nil {
-		return fmt.Errorf("HTTP error: %s", err)
+		return xerrors.Errorf("HTTP error: %w", err)
 	}
 	if count == retryMax {
-		return fmt.Errorf("Retry count exceeded")
+		return xerrors.New("Retry count exceeded")
 	}
 	return nil
 }
 
-func msgText(r models.ScanResult) string {
-	notifyUsers := ""
-	if 0 < len(r.ScannedCves) {
-		notifyUsers = getNotifyUsers(config.Conf.Slack.NotifyUsers)
-	}
-	serverInfo := fmt.Sprintf("*%s*", r.ServerInfo())
-
-	if 0 < len(r.Errors) {
-		return fmt.Sprintf("%s\n%s\n%s\n%s\n%s\nError: %s",
-			notifyUsers,
-			serverInfo,
-			r.ScannedCves.FormatCveSummary(),
-			r.ScannedCves.FormatFixedStatus(r.Packages),
-			r.FormatUpdatablePacksSummary(),
-			r.Errors)
-	}
-	return fmt.Sprintf("%s\n%s\n%s\n%s\n%s",
-		notifyUsers,
-		serverInfo,
-		r.ScannedCves.FormatCveSummary(),
-		r.ScannedCves.FormatFixedStatus(r.Packages),
-		r.FormatUpdatablePacksSummary())
-}
-
 func toSlackAttachments(r models.ScanResult) (attaches []slack.Attachment) {
 	vinfos := r.ScannedCves.ToSortedSlice()
 	for _, vinfo := range vinfos {
-		curent := []string{}
+
+		installed, candidate := []string{}, []string{}
 		for _, affected := range vinfo.AffectedPackages {
 			if p, ok := r.Packages[affected.Name]; ok {
-				curent = append(curent,
+				installed = append(installed,
 					fmt.Sprintf("%s-%s", p.Name, p.FormatVer()))
 			} else {
-				curent = append(curent, affected.Name)
+				installed = append(installed, affected.Name)
 			}
-		}
-		for _, n := range vinfo.CpeURIs {
-			curent = append(curent, n)
-		}
 
-		new := []string{}
-		for _, affected := range vinfo.AffectedPackages {
 			if p, ok := r.Packages[affected.Name]; ok {
 				if affected.NotFixedYet {
-					new = append(new, "Not Fixed Yet")
+					candidate = append(candidate, "Not Fixed Yet")
 				} else {
-					new = append(new, p.FormatNewVer())
+					candidate = append(candidate, p.FormatNewVer())
 				}
 			} else {
-				new = append(new, "?")
+				candidate = append(candidate, "?")
 			}
 		}
-		for range vinfo.CpeURIs {
-			new = append(new, "?")
+
+		for _, n := range vinfo.CpeURIs {
+			installed = append(installed, n)
+			candidate = append(candidate, "?")
+		}
+		for _, n := range vinfo.GitHubSecurityAlerts {
+			installed = append(installed, n.PackageName)
+			candidate = append(candidate, "?")
+		}
+
+		for _, wp := range vinfo.WpPackageFixStats {
+			if p, ok := r.WordPressPackages.Find(wp.Name); ok {
+				installed = append(installed, fmt.Sprintf("%s-%s", wp.Name, p.Version))
+				candidate = append(candidate, wp.FixedIn)
+			} else {
+				installed = append(installed, wp.Name)
+				candidate = append(candidate, "?")
+			}
 		}
 
 		a := slack.Attachment{
@@ -234,12 +220,12 @@ func toSlackAttachments(r models.ScanResult) (attaches []slack.Attachment) {
 				{
 					// Title: "Current Package/CPE",
 					Title: "Installed",
-					Value: strings.Join(curent, "\n"),
+					Value: strings.Join(installed, "\n"),
 					Short: true,
 				},
 				{
 					Title: "Candidate",
-					Value: strings.Join(new, "\n"),
+					Value: strings.Join(candidate, "\n"),
 					Short: true,
 				},
 			},
@@ -257,7 +243,7 @@ func cvssColor(cvssScore float64) string {
 		return "danger"
 	case 4 <= cvssScore && cvssScore < 7:
 		return "warning"
-	case cvssScore < 0:
+	case cvssScore == 0:
 		return "#C0C0C0"
 	default:
 		return "good"
@@ -343,14 +329,24 @@ func attachmentText(vinfo models.VulnInfo, osFamily string, cweDict map[string]m
 func cweIDs(vinfo models.VulnInfo, osFamily string, cweDict models.CweDict) string {
 	links := []string{}
 	for _, c := range vinfo.CveContents.UniqCweIDs(osFamily) {
-		name, url, top10Rank, top10URL := cweDict.Get(c.Value, osFamily)
+		name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL := cweDict.Get(c.Value, osFamily)
 		line := ""
 		if top10Rank != "" {
 			line = fmt.Sprintf("<%s|[OWASP Top %s]>",
 				top10URL, top10Rank)
 		}
-		links = append(links, fmt.Sprintf("%s <%s|%s>: %s",
-			line, url, c.Value, name))
+		if cweTop25Rank != "" {
+			line = fmt.Sprintf("<%s|[CWE Top %s]>",
+				cweTop25URL, cweTop25Rank)
+		}
+		if sansTop25Rank != "" {
+			line = fmt.Sprintf("<%s|[CWE/SANS Top %s]>",
+				sansTop25URL, sansTop25Rank)
+		}
+		if top10Rank == "" && cweTop25Rank == "" && sansTop25Rank == "" {
+			links = append(links, fmt.Sprintf("%s <%s|%s>: %s",
+				line, url, c.Value, name))
+		}
 	}
 	return strings.Join(links, "\n")
 }

report/stdout.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (

report/stride_test.go

@@ -1 +0,0 @@
-package report

report/syslog.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2018  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -22,8 +5,7 @@ import (
 	"strings"
 
 	syslog "github.com/RackSec/srslog"
-
-	"github.com/pkg/errors"
+	"golang.org/x/xerrors"
 
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
@@ -40,7 +22,7 @@ func (w SyslogWriter) Write(rs ...models.ScanResult) (err error) {
 
 	sysLog, err := syslog.Dial(conf.Protocol, raddr, severity|facility, conf.Tag)
 	if err != nil {
-		return errors.Wrap(err, "Failed to initialize syslog client")
+		return xerrors.Errorf("Failed to initialize syslog client: %w", err)
 	}
 
 	for _, r := range rs {

report/syslog_test.go

@@ -22,15 +22,15 @@ func TestSyslogWriterEncodeSyslog(t *testing.T) {
 				IPv4Addrs:  []string{"192.168.0.1", "10.0.2.15"},
 				ScannedCves: models.VulnInfos{
 					"CVE-2017-0001": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{
-							models.PackageStatus{Name: "pkg1"},
-							models.PackageStatus{Name: "pkg2"},
+						AffectedPackages: models.PackageFixStatuses{
+							models.PackageFixStatus{Name: "pkg1"},
+							models.PackageFixStatus{Name: "pkg2"},
 						},
 					},
 					"CVE-2017-0002": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{
-							models.PackageStatus{Name: "pkg3"},
-							models.PackageStatus{Name: "pkg4"},
+						AffectedPackages: models.PackageFixStatuses{
+							models.PackageFixStatus{Name: "pkg3"},
+							models.PackageFixStatus{Name: "pkg4"},
 						},
 						CveContents: models.CveContents{
 							models.NvdXML: models.CveContent{
@@ -57,8 +57,8 @@ func TestSyslogWriterEncodeSyslog(t *testing.T) {
 				IPv6Addrs:  []string{"2001:0DB8::1"},
 				ScannedCves: models.VulnInfos{
 					"CVE-2017-0003": models.VulnInfo{
-						AffectedPackages: models.PackageStatuses{
-							models.PackageStatus{Name: "pkg5"},
+						AffectedPackages: models.PackageFixStatuses{
+							models.PackageFixStatus{Name: "pkg5"},
 						},
 						CveContents: models.CveContents{
 							models.RedHat: models.CveContent{

report/telegram.go

@@ -0,0 +1,78 @@
+package report
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"golang.org/x/xerrors"
+)
+
+// TelegramWriter sends report to Telegram
+type TelegramWriter struct{}
+
+func (w TelegramWriter) Write(rs ...models.ScanResult) (err error) {
+	conf := config.Conf.Telegram
+	for _, r := range rs {
+		msgs := []string{fmt.Sprintf("*%s*\n%s\n%s\n%s",
+			r.ServerInfo(),
+			r.ScannedCves.FormatCveSummary(),
+			r.ScannedCves.FormatFixedStatus(r.Packages),
+			r.FormatUpdatablePacksSummary())}
+		for _, vinfo := range r.ScannedCves {
+			maxCvss := vinfo.MaxCvssScore()
+			severity := strings.ToUpper(maxCvss.Value.Severity)
+			if severity == "" {
+				severity = "?"
+			}
+			msgs = append(msgs, fmt.Sprintf(`[%s](https://nvd.nist.gov/vuln/detail/%s) _%s %s %s_\n%s`,
+				vinfo.CveID,
+				vinfo.CveID,
+				strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
+				severity,
+				maxCvss.Value.Vector,
+				vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value))
+			if len(msgs) == 5 {
+				if err = sendMessage(conf.ChatID, conf.Token, strings.Join(msgs, "\n\n")); err != nil {
+					return err
+				}
+				msgs = []string{}
+			}
+		}
+		if len(msgs) != 0 {
+			if err = sendMessage(conf.ChatID, conf.Token, strings.Join(msgs, "\n\n")); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func sendMessage(chatID, token, message string) error {
+	uri := fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage", token)
+	payload := `{"text": "` + strings.Replace(message, `"`, `\"`, -1) + `", "chat_id": "` + chatID + `", "parse_mode": "Markdown" }`
+	req, err := http.NewRequest("POST", uri, bytes.NewBuffer([]byte(payload)))
+	req.Header.Add("Content-Type", "application/json")
+	if err != nil {
+		return err
+	}
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if checkResponse(resp) != nil && err != nil {
+		fmt.Println(err)
+		return err
+	}
+	defer resp.Body.Close()
+	return nil
+}
+
+func checkResponse(r *http.Response) error {
+	if c := r.StatusCode; 200 <= c && c <= 299 {
+		return nil
+	}
+	return xerrors.Errorf("API call to %s failed: %s", r.Request.URL.String(), r.Status)
+}

report/tui.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -26,12 +9,14 @@ import (
 	"text/template"
 	"time"
 
+	"golang.org/x/xerrors"
+
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
 	"github.com/google/subcommands"
 	"github.com/gosuri/uitable"
-	"github.com/jroimartin/gocui"
+	"github.com/jesseduffield/gocui"
 )
 
 var scanResults models.ScanResults
@@ -51,16 +36,17 @@ func RunTui(results models.ScanResults) subcommands.ExitStatus {
 		return scanResults[i].ServerName < scanResults[j].ServerName
 	})
 
-	g, err := gocui.NewGui(gocui.OutputNormal)
+	g := gocui.NewGui()
+	err := g.Init()
 	if err != nil {
-		util.Log.Errorf("%s", err)
+		util.Log.Errorf("%+v", err)
 		return subcommands.ExitFailure
 	}
 	defer g.Close()
 
-	g.SetManagerFunc(layout)
+	g.SetLayout(layout)
 	if err := keybindings(g); err != nil {
-		util.Log.Errorf("%s", err)
+		util.Log.Errorf("%+v", err)
 		return subcommands.ExitFailure
 	}
 	g.SelBgColor = gocui.ColorGreen
@@ -69,7 +55,7 @@ func RunTui(results models.ScanResults) subcommands.ExitStatus {
 
 	if err := g.MainLoop(); err != nil {
 		g.Close()
-		util.Log.Errorf("%s", err)
+		util.Log.Errorf("%+v", err)
 		os.Exit(1)
 	}
 	return subcommands.ExitSuccess
@@ -183,19 +169,19 @@ func nextView(g *gocui.Gui, v *gocui.View) error {
 	var err error
 
 	if v == nil {
-		_, err = g.SetCurrentView("side")
+		err = g.SetCurrentView("side")
 	}
 	switch v.Name() {
 	case "side":
-		_, err = g.SetCurrentView("summary")
+		err = g.SetCurrentView("summary")
 	case "summary":
-		_, err = g.SetCurrentView("detail")
+		err = g.SetCurrentView("detail")
 	case "detail":
-		_, err = g.SetCurrentView("changelog")
+		err = g.SetCurrentView("changelog")
 	case "changelog":
-		_, err = g.SetCurrentView("side")
+		err = g.SetCurrentView("side")
 	default:
-		_, err = g.SetCurrentView("summary")
+		err = g.SetCurrentView("summary")
 	}
 	return err
 }
@@ -204,19 +190,19 @@ func previousView(g *gocui.Gui, v *gocui.View) error {
 	var err error
 
 	if v == nil {
-		_, err = g.SetCurrentView("side")
+		err = g.SetCurrentView("side")
 	}
 	switch v.Name() {
 	case "side":
-		_, err = g.SetCurrentView("side")
+		err = g.SetCurrentView("side")
 	case "summary":
-		_, err = g.SetCurrentView("side")
+		err = g.SetCurrentView("side")
 	case "detail":
-		_, err = g.SetCurrentView("summary")
+		err = g.SetCurrentView("summary")
 	case "changelog":
-		_, err = g.SetCurrentView("detail")
+		err = g.SetCurrentView("detail")
 	default:
-		_, err = g.SetCurrentView("side")
+		err = g.SetCurrentView("side")
 	}
 	return err
 }
@@ -399,7 +385,7 @@ func cursorPageUp(g *gocui.Gui, v *gocui.View) error {
 func previousSummary(g *gocui.Gui, v *gocui.View) error {
 	if v != nil {
 		// cursor to summary
-		if _, err := g.SetCurrentView("summary"); err != nil {
+		if err := g.SetCurrentView("summary"); err != nil {
 			return err
 		}
 		// move next line
@@ -407,7 +393,7 @@ func previousSummary(g *gocui.Gui, v *gocui.View) error {
 			return err
 		}
 		// cursor to detail
-		if _, err := g.SetCurrentView("detail"); err != nil {
+		if err := g.SetCurrentView("detail"); err != nil {
 			return err
 		}
 	}
@@ -417,7 +403,7 @@ func previousSummary(g *gocui.Gui, v *gocui.View) error {
 func nextSummary(g *gocui.Gui, v *gocui.View) error {
 	if v != nil {
 		// cursor to summary
-		if _, err := g.SetCurrentView("summary"); err != nil {
+		if err := g.SetCurrentView("summary"); err != nil {
 			return err
 		}
 		// move next line
@@ -425,7 +411,7 @@ func nextSummary(g *gocui.Gui, v *gocui.View) error {
 			return err
 		}
 		// cursor to detail
-		if _, err := g.SetCurrentView("detail"); err != nil {
+		if err := g.SetCurrentView("detail"); err != nil {
 			return err
 		}
 	}
@@ -499,7 +485,7 @@ func getLine(g *gocui.Gui, v *gocui.View) error {
 			return err
 		}
 		fmt.Fprintln(v, l)
-		if _, err := g.SetCurrentView("msg"); err != nil {
+		if err := g.SetCurrentView("msg"); err != nil {
 			return err
 		}
 	}
@@ -522,7 +508,7 @@ func showMsg(g *gocui.Gui, v *gocui.View) error {
 			return err
 		}
 		fmt.Fprintln(v, l)
-		if _, err := g.SetCurrentView("msg"); err != nil {
+		if err := g.SetCurrentView("msg"); err != nil {
 			return err
 		}
 	}
@@ -533,7 +519,7 @@ func delMsg(g *gocui.Gui, v *gocui.View) error {
 	if err := g.DeleteView("msg"); err != nil {
 		return err
 	}
-	_, err := g.SetCurrentView("summary")
+	err := g.SetCurrentView("summary")
 	return err
 }
 
@@ -579,11 +565,11 @@ func setSideLayout(g *gocui.Gui) error {
 			fmt.Fprintln(v, result.ServerInfoTui())
 		}
 		if len(scanResults) == 0 {
-			return fmt.Errorf("No scan results")
+			return xerrors.New("No scan results")
 		}
 		currentScanResult = scanResults[0]
 		vinfos = scanResults[0].ScannedCves.ToSortedSlice()
-		if _, err := g.SetCurrentView("side"); err != nil {
+		if err := g.SetCurrentView("side"); err != nil {
 			return err
 		}
 	}
@@ -632,17 +618,27 @@ func summaryLines(r models.ScanResult) string {
 			cvssScore = fmt.Sprintf("| %4.1f", max)
 		}
 
-		packname := vinfo.AffectedPackages.FormatTuiSummary()
-		packname += strings.Join(vinfo.CpeURIs, ", ")
+		pkgNames := vinfo.AffectedPackages.Names()
+		pkgNames = append(pkgNames, vinfo.CpeURIs...)
+		pkgNames = append(pkgNames, vinfo.GitHubSecurityAlerts.Names()...)
+		pkgNames = append(pkgNames, vinfo.WpPackageFixStats.Names()...)
+		pkgNames = append(pkgNames, vinfo.LibraryFixedIns.Names()...)
+
+		exploits := ""
+		if 0 < len(vinfo.Exploits) {
+			exploits = "POC"
+		}
 
 		var cols []string
 		cols = []string{
 			fmt.Sprintf(indexFormat, i+1),
 			vinfo.CveID,
 			cvssScore + " |",
-			fmt.Sprintf("%8s |", vinfo.AttackVector()),
+			fmt.Sprintf("%4s |", vinfo.AttackVector()),
+			fmt.Sprintf("%3s |", exploits),
+			fmt.Sprintf("%6s |", vinfo.AlertDict.FormatSource()),
 			fmt.Sprintf("%7s |", vinfo.PatchStatus(r.Packages)),
-			packname,
+			strings.Join(pkgNames, ", "),
 		}
 		icols := make([]interface{}, len(cols))
 		for j := range cols {
@@ -712,18 +708,17 @@ func setChangelogLayout(g *gocui.Gui) error {
 				var line string
 				if pack.Repository != "" {
 					line = fmt.Sprintf("* %s (%s)",
-						pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState),
+						pack.FormatVersionFromTo(affected),
 						pack.Repository)
 				} else {
-					line = fmt.Sprintf("* %s",
-						pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState),
-					)
+					line = fmt.Sprintf("* %s", pack.FormatVersionFromTo(affected))
 				}
 				lines = append(lines, line)
 
 				if len(pack.AffectedProcs) != 0 {
 					for _, p := range pack.AffectedProcs {
-						lines = append(lines, fmt.Sprintf("  * PID: %s %s", p.PID, p.Name))
+						lines = append(lines, fmt.Sprintf("  * PID: %s %s Port: %s",
+							p.PID, p.Name, p.ListenPorts))
 					}
 				} else {
 					// lines = append(lines, fmt.Sprintf("  * No affected process"))
@@ -735,6 +730,37 @@ func setChangelogLayout(g *gocui.Gui) error {
 			lines = append(lines, "* "+uri)
 		}
 
+		for _, alert := range vinfo.GitHubSecurityAlerts {
+			lines = append(lines, "* "+alert.PackageName)
+		}
+
+		r := currentScanResult
+		// check wordpress fixedin
+		if r.WordPressPackages != nil {
+			for _, wp := range vinfo.WpPackageFixStats {
+				if p, ok := r.WordPressPackages.Find(wp.Name); ok {
+					if p.Type == models.WPCore {
+						lines = append(lines, fmt.Sprintf("* %s-%s, FixedIn: %s",
+							wp.Name, p.Version, wp.FixedIn))
+					} else {
+						lines = append(lines,
+							fmt.Sprintf("* %s-%s, Update: %s, FixedIn: %s, %s",
+								wp.Name, p.Version, p.Update, wp.FixedIn, p.Status))
+					}
+				} else {
+					lines = append(lines, fmt.Sprintf("* %s", wp.Name))
+				}
+			}
+		}
+
+		for _, l := range vinfo.LibraryFixedIns {
+			libs := r.LibraryScanners.Find(l.Name)
+			for path, lib := range libs {
+				lines = append(lines, fmt.Sprintf("%s-%s, FixedIn: %s (%s)",
+					lib.Name, lib.Version, l.FixedIn, path))
+			}
+		}
+
 		for _, adv := range vinfo.DistroAdvisories {
 			lines = append(lines, "\n",
 				"Advisories",
@@ -753,6 +779,30 @@ func setChangelogLayout(g *gocui.Gui) error {
 			}
 		}
 
+		if len(vinfo.AlertDict.En) > 0 {
+			lines = append(lines, "\n",
+				"USCERT Alert",
+				"=============",
+			)
+			for _, alert := range vinfo.AlertDict.En {
+				lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
+			}
+		}
+
+		if len(vinfo.AlertDict.Ja) > 0 {
+			lines = append(lines, "\n",
+				"JPCERT Alert",
+				"=============",
+			)
+			for _, alert := range vinfo.AlertDict.Ja {
+				if config.Conf.Lang == "ja" {
+					lines = append(lines, fmt.Sprintf("* [%s](%s)", alert.Title, alert.URL))
+				} else {
+					lines = append(lines, fmt.Sprintf("* [JPCERT](%s)", alert.URL))
+				}
+			}
+		}
+
 		if currentScanResult.IsDeepScanMode() {
 			lines = append(lines, "\n",
 				"ChangeLogs",
@@ -785,6 +835,7 @@ type dataForTmpl struct {
 	Mitigation       string
 	Confidences      models.Confidences
 	Cwes             []models.CweDictEntry
+	Alerts           []models.Alert
 	Links            []string
 	References       []models.Reference
 	Packages         []string
@@ -809,23 +860,35 @@ func detailLines() (string, error) {
 	}
 
 	vinfo := vinfos[currentVinfo]
-	links := []string{vinfo.CveContents.SourceLinks(
-		config.Conf.Lang, r.Family, vinfo.CveID)[0].Value,
-		vinfo.Cvss2CalcURL(),
-		vinfo.Cvss3CalcURL()}
+	links := []string{}
+	if strings.HasPrefix(vinfo.CveID, "CVE-") {
+		links = append(links, vinfo.CveContents.SourceLinks(
+			config.Conf.Lang, r.Family, vinfo.CveID)[0].Value,
+			vinfo.Cvss2CalcURL(),
+			vinfo.Cvss3CalcURL())
+	}
 	for _, url := range vinfo.VendorLinks(r.Family) {
 		links = append(links, url)
 	}
 
-	refs := []models.Reference{}
+	refsMap := map[string]models.Reference{}
 	for _, rr := range vinfo.CveContents.References(r.Family) {
 		for _, ref := range rr.Value {
 			if ref.Source == "" {
 				ref.Source = "-"
 			}
-			refs = append(refs, ref)
+			refsMap[ref.Link] = ref
 		}
 	}
+	if cont, found := vinfo.CveContents[models.Trivy]; found {
+		for _, ref := range cont.References {
+			refsMap[ref.Link] = ref
+		}
+	}
+	refs := []models.Reference{}
+	for _, v := range refsMap {
+		refs = append(refs, v)
+	}
 
 	summary := vinfo.Summaries(r.Lang, r.Family)[0]
 	mitigation := vinfo.Mitigations(r.Family)[0]

report/util.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (
@@ -35,6 +18,7 @@ import (
 	"github.com/future-architect/vuls/util"
 	"github.com/gosuri/uitable"
 	"github.com/olekukonko/tablewriter"
+	"golang.org/x/xerrors"
 )
 
 const maxColWidth = 100
@@ -43,6 +27,8 @@ func formatScanSummary(rs ...models.ScanResult) string {
 	table := uitable.New()
 	table.MaxColWidth = maxColWidth
 	table.Wrap = true
+
+	warnMsgs := []string{}
 	for _, r := range rs {
 		var cols []interface{}
 		if len(r.Errors) == 0 {
@@ -50,25 +36,32 @@ func formatScanSummary(rs ...models.ScanResult) string {
 				r.FormatServerName(),
 				fmt.Sprintf("%s%s", r.Family, r.Release),
 				r.FormatUpdatablePacksSummary(),
-				r.FormatExploitCveSummary(),
 			}
 		} else {
 			cols = []interface{}{
 				r.FormatServerName(),
 				"Error",
 				"",
-				"Run with --debug to view the details",
+				"Use configtest subcommand or scan with --debug to view the details",
 			}
 		}
 		table.AddRow(cols...)
+
+		if len(r.Warnings) != 0 {
+			warnMsgs = append(warnMsgs, fmt.Sprintf("Warning for %s: %s",
+				r.FormatServerName(), r.Warnings))
+		}
 	}
-	return fmt.Sprintf("%s\n", table)
+	return fmt.Sprintf("%s\n\n%s", table, strings.Join(
+		warnMsgs, "\n\n"))
 }
 
 func formatOneLineSummary(rs ...models.ScanResult) string {
 	table := uitable.New()
 	table.MaxColWidth = maxColWidth
 	table.Wrap = true
+
+	warnMsgs := []string{}
 	for _, r := range rs {
 		var cols []interface{}
 		if len(r.Errors) == 0 {
@@ -78,33 +71,49 @@ func formatOneLineSummary(rs ...models.ScanResult) string {
 				r.ScannedCves.FormatFixedStatus(r.Packages),
 				r.FormatUpdatablePacksSummary(),
 				r.FormatExploitCveSummary(),
+				r.FormatAlertSummary(),
 			}
 		} else {
 			cols = []interface{}{
 				r.FormatServerName(),
-				"Error: Scan with --debug to view the details",
+				"Use configtest subcommand or scan with --debug to view the details",
 				"",
 			}
 		}
 		table.AddRow(cols...)
+
+		if len(r.Warnings) != 0 {
+			warnMsgs = append(warnMsgs, fmt.Sprintf("Warning for %s: %s",
+				r.FormatServerName(), r.Warnings))
+		}
 	}
-	return fmt.Sprintf("%s\n", table)
+	// We don't want warning message to the summary file
+	if config.Conf.Quiet {
+		return fmt.Sprintf("%s\n", table)
+	}
+	return fmt.Sprintf("%s\n\n%s", table, strings.Join(
+		warnMsgs, "\n\n"))
 }
 
 func formatList(r models.ScanResult) string {
 	header := r.FormatTextReportHeadedr()
 	if len(r.Errors) != 0 {
 		return fmt.Sprintf(
-			"%s\nError: Scan with --debug to view the details\n%s\n\n",
+			"%s\nError: Use configtest subcommand or scan with --debug to view the details\n%s\n\n",
 			header, r.Errors)
 	}
+	if len(r.Warnings) != 0 {
+		header += fmt.Sprintf(
+			"\nWarning: Some warnings occurred.\n%s\n\n",
+			r.Warnings)
+	}
 
 	if len(r.ScannedCves) == 0 {
 		return fmt.Sprintf(`
 %s
 No CVE-IDs are found in updatable packages.
 %s
-	 `, header, r.FormatUpdatablePacksSummary())
+`, header, r.FormatUpdatablePacksSummary())
 	}
 
 	data := [][]string{}
@@ -116,16 +125,28 @@ No CVE-IDs are found in updatable packages.
 		// packname := vinfo.AffectedPackages.FormatTuiSummary()
 		// packname += strings.Join(vinfo.CpeURIs, ", ")
 
+		exploits := ""
+		if 0 < len(vinfo.Exploits) {
+			exploits = "POC"
+		}
+
+		link := ""
+		if strings.HasPrefix(vinfo.CveID, "CVE-") {
+			link = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID)
+		} else if strings.HasPrefix(vinfo.CveID, "WPVDBID-") {
+			link = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
+		}
+
 		data = append(data, []string{
 			vinfo.CveID,
 			fmt.Sprintf("%4.1f", max),
+			fmt.Sprintf("%5s", vinfo.AttackVector()),
 			// fmt.Sprintf("%4.1f", v2max),
 			// fmt.Sprintf("%4.1f", v3max),
-			fmt.Sprintf("%8s", vinfo.AttackVector()),
+			exploits,
+			vinfo.AlertDict.FormatSource(),
 			fmt.Sprintf("%7s", vinfo.PatchStatus(r.Packages)),
-			// packname,
-			fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID),
-			fmt.Sprintf("%t", 0 < len(vinfo.Exploits)),
+			link,
 		})
 	}
 
@@ -134,13 +155,13 @@ No CVE-IDs are found in updatable packages.
 	table.SetHeader([]string{
 		"CVE-ID",
 		"CVSS",
+		"Attack",
 		// "v3",
 		// "v2",
-		"Attack",
+		"PoC",
+		"CERT",
 		"Fixed",
-		// "Pkg",
 		"NVD",
-		"Exploit",
 	})
 	table.SetBorder(true)
 	table.AppendBulk(data)
@@ -152,16 +173,22 @@ func formatFullPlainText(r models.ScanResult) (lines string) {
 	header := r.FormatTextReportHeadedr()
 	if len(r.Errors) != 0 {
 		return fmt.Sprintf(
-			"%s\nError: Scan with --debug to view the details\n%s\n\n",
+			"%s\nError: Use configtest subcommand or scan with --debug to view the details\n%s\n\n",
 			header, r.Errors)
 	}
 
+	if len(r.Warnings) != 0 {
+		header += fmt.Sprintf(
+			"\nWarning: Some warnings occurred.\n%s\n\n",
+			r.Warnings)
+	}
+
 	if len(r.ScannedCves) == 0 {
 		return fmt.Sprintf(`
 %s
 No CVE-IDs are found in updatable packages.
 %s
-	 `, header, r.FormatUpdatablePacksSummary())
+`, header, r.FormatUpdatablePacksSummary())
 	}
 
 	lines = header + "\n"
@@ -190,14 +217,28 @@ No CVE-IDs are found in updatable packages.
 		}
 
 		cweURLs, top10URLs := []string{}, []string{}
+		cweTop25URLs, sansTop25URLs := []string{}, []string{}
 		for _, v := range vuln.CveContents.UniqCweIDs(r.Family) {
-			name, url, top10Rank, top10URL := r.CweDict.Get(v.Value, r.Lang)
+			name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL := r.CweDict.Get(v.Value, r.Lang)
 			if top10Rank != "" {
 				data = append(data, []string{"CWE",
 					fmt.Sprintf("[OWASP Top%s] %s: %s (%s)",
 						top10Rank, v.Value, name, v.Type)})
 				top10URLs = append(top10URLs, top10URL)
-			} else {
+			}
+			if cweTop25Rank != "" {
+				data = append(data, []string{"CWE",
+					fmt.Sprintf("[CWE Top%s] %s: %s (%s)",
+						cweTop25Rank, v.Value, name, v.Type)})
+				cweTop25URLs = append(cweTop25URLs, cweTop25URL)
+			}
+			if sansTop25Rank != "" {
+				data = append(data, []string{"CWE",
+					fmt.Sprintf("[CWE/SANS Top%s]  %s: %s (%s)",
+						sansTop25Rank, v.Value, name, v.Type)})
+				sansTop25URLs = append(sansTop25URLs, sansTop25URL)
+			}
+			if top10Rank == "" && cweTop25Rank == "" && sansTop25Rank == "" {
 				data = append(data, []string{"CWE", fmt.Sprintf("%s: %s (%s)",
 					v.Value, name, v.Type)})
 			}
@@ -210,19 +251,17 @@ No CVE-IDs are found in updatable packages.
 				var line string
 				if pack.Repository != "" {
 					line = fmt.Sprintf("%s (%s)",
-						pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState),
+						pack.FormatVersionFromTo(affected),
 						pack.Repository)
 				} else {
-					line = fmt.Sprintf("%s",
-						pack.FormatVersionFromTo(affected.NotFixedYet, affected.FixState),
-					)
+					line = pack.FormatVersionFromTo(affected)
 				}
 				data = append(data, []string{"Affected Pkg", line})
 
 				if len(pack.AffectedProcs) != 0 {
 					for _, p := range pack.AffectedProcs {
 						data = append(data, []string{"",
-							fmt.Sprintf("  - PID: %s %s", p.PID, p.Name)})
+							fmt.Sprintf("  - PID: %s %s, Port: %s", p.PID, p.Name, p.ListenPorts)})
 					}
 				}
 			}
@@ -232,19 +271,50 @@ No CVE-IDs are found in updatable packages.
 			data = append(data, []string{"CPE", name})
 		}
 
+		for _, alert := range vuln.GitHubSecurityAlerts {
+			data = append(data, []string{"GitHub", alert.PackageName})
+		}
+
+		for _, wp := range vuln.WpPackageFixStats {
+			if p, ok := r.WordPressPackages.Find(wp.Name); ok {
+				if p.Type == models.WPCore {
+					data = append(data, []string{"WordPress",
+						fmt.Sprintf("%s-%s, FixedIn: %s", wp.Name, p.Version, wp.FixedIn)})
+				} else {
+					data = append(data, []string{"WordPress",
+						fmt.Sprintf("%s-%s, Update: %s, FixedIn: %s, %s",
+							wp.Name, p.Version, p.Update, wp.FixedIn, p.Status)})
+				}
+			} else {
+				data = append(data, []string{"WordPress",
+					fmt.Sprintf("%s", wp.Name)})
+			}
+		}
+
+		for _, l := range vuln.LibraryFixedIns {
+			libs := r.LibraryScanners.Find(l.Name)
+			for path, lib := range libs {
+				data = append(data, []string{l.Key,
+					fmt.Sprintf("%s-%s, FixedIn: %s (%s)",
+						lib.Name, lib.Version, l.FixedIn, path)})
+			}
+		}
+
 		for _, confidence := range vuln.Confidences {
 			data = append(data, []string{"Confidence", confidence.String()})
 		}
 
-		links := vuln.CveContents.SourceLinks(
-			config.Conf.Lang, r.Family, vuln.CveID)
-		data = append(data, []string{"Source", links[0].Value})
+		if strings.HasPrefix(vuln.CveID, "CVE-") {
+			links := vuln.CveContents.SourceLinks(
+				config.Conf.Lang, r.Family, vuln.CveID)
+			data = append(data, []string{"Source", links[0].Value})
 
-		if 0 < len(vuln.Cvss2Scores(r.Family)) {
-			data = append(data, []string{"CVSSv2 Calc", vuln.Cvss2CalcURL()})
-		}
-		if 0 < len(vuln.Cvss3Scores()) {
-			data = append(data, []string{"CVSSv3 Calc", vuln.Cvss3CalcURL()})
+			if 0 < len(vuln.Cvss2Scores(r.Family)) {
+				data = append(data, []string{"CVSSv2 Calc", vuln.Cvss2CalcURL()})
+			}
+			if 0 < len(vuln.Cvss3Scores()) {
+				data = append(data, []string{"CVSSv3 Calc", vuln.Cvss3CalcURL()})
+			}
 		}
 
 		vlinks := vuln.VendorLinks(r.Family)
@@ -260,6 +330,20 @@ No CVE-IDs are found in updatable packages.
 		for _, url := range top10URLs {
 			data = append(data, []string{"OWASP Top10", url})
 		}
+		if len(cweTop25URLs) != 0 {
+			data = append(data, []string{"CWE Top25", cweTop25URLs[0]})
+		}
+		if len(sansTop25URLs) != 0 {
+			data = append(data, []string{"SANS/CWE Top25", sansTop25URLs[0]})
+		}
+
+		for _, alert := range vuln.AlertDict.Ja {
+			data = append(data, []string{"JPCERT Alert", alert.URL})
+		}
+
+		for _, alert := range vuln.AlertDict.En {
+			data = append(data, []string{"USCERT Alert", alert.URL})
+		}
 
 		// for _, rr := range vuln.CveContents.References(r.Family) {
 		// for _, ref := range rr.Value {
@@ -273,7 +357,7 @@ No CVE-IDs are found in updatable packages.
 		table.SetHeaderAlignment(tablewriter.ALIGN_LEFT)
 		table.SetHeader([]string{
 			vuln.CveID,
-			"",
+			vuln.PatchStatus(r.Packages),
 		})
 		table.SetBorder(true)
 		table.AppendBulk(data)
@@ -303,6 +387,16 @@ func formatChangelogs(r models.ScanResult) string {
 	}
 	return strings.Join(buf, "\n")
 }
+func ovalSupported(r *models.ScanResult) bool {
+	switch r.Family {
+	case
+		config.Amazon,
+		config.FreeBSD,
+		config.Raspbian:
+		return false
+	}
+	return true
+}
 
 func needToRefreshCve(r models.ScanResult) bool {
 	if r.Lang != config.Conf.Lang {
@@ -324,7 +418,7 @@ func overwriteJSONFile(dir string, r models.ScanResult) error {
 	config.Conf.Diff = false
 	w := LocalFileWriter{CurrentDir: dir}
 	if err := w.Write(r); err != nil {
-		return fmt.Errorf("Failed to write summary report: %s", err)
+		return xerrors.Errorf("Failed to write summary report: %w", err)
 	}
 	config.Conf.FormatJSON = before
 	config.Conf.Diff = beforeDiff
@@ -346,7 +440,7 @@ func loadPrevious(currs models.ScanResults) (prevs models.ScanResults, err error
 			path := filepath.Join(dir, filename)
 			r, err := loadOneServerScanResult(path)
 			if err != nil {
-				util.Log.Errorf("%s", err)
+				util.Log.Errorf("%+v", err)
 				continue
 			}
 			if r.Family == result.Family && r.Release == result.Release {
@@ -492,7 +586,7 @@ var jsonDirPattern = regexp.MustCompile(
 func ListValidJSONDirs() (dirs []string, err error) {
 	var dirInfo []os.FileInfo
 	if dirInfo, err = ioutil.ReadDir(config.Conf.ResultsDir); err != nil {
-		err = fmt.Errorf("Failed to read %s: %s",
+		err = xerrors.Errorf("Failed to read %s: %w",
 			config.Conf.ResultsDir, err)
 		return
 	}
@@ -530,20 +624,20 @@ func JSONDir(args []string) (string, error) {
 			}
 		}
 
-		return "", fmt.Errorf("Invalid path: %s", path)
+		return "", xerrors.Errorf("Invalid path: %s", path)
 	}
 
 	// PIPE
 	if config.Conf.Pipe {
 		bytes, err := ioutil.ReadAll(os.Stdin)
 		if err != nil {
-			return "", fmt.Errorf("Failed to read stdin: %s", err)
+			return "", xerrors.Errorf("Failed to read stdin: %w", err)
 		}
 		fields := strings.Fields(string(bytes))
 		if 0 < len(fields) {
 			return filepath.Join(config.Conf.ResultsDir, fields[0]), nil
 		}
-		return "", fmt.Errorf("Stdin is invalid: %s", string(bytes))
+		return "", xerrors.Errorf("Stdin is invalid: %s", string(bytes))
 	}
 
 	// returns latest dir when no args or no PIPE
@@ -551,7 +645,7 @@ func JSONDir(args []string) (string, error) {
 		return "", err
 	}
 	if len(dirs) == 0 {
-		return "", fmt.Errorf("No results under %s",
+		return "", xerrors.Errorf("No results under %s",
 			config.Conf.ResultsDir)
 	}
 	return dirs[0], nil
@@ -561,7 +655,7 @@ func JSONDir(args []string) (string, error) {
 func LoadScanResults(jsonDir string) (results models.ScanResults, err error) {
 	var files []os.FileInfo
 	if files, err = ioutil.ReadDir(jsonDir); err != nil {
-		return nil, fmt.Errorf("Failed to read %s: %s", jsonDir, err)
+		return nil, xerrors.Errorf("Failed to read %s: %w", jsonDir, err)
 	}
 	for _, f := range files {
 		if filepath.Ext(f.Name()) != ".json" || strings.HasSuffix(f.Name(), "_diff.json") {
@@ -576,7 +670,7 @@ func LoadScanResults(jsonDir string) (results models.ScanResults, err error) {
 		results = append(results, *r)
 	}
 	if len(results) == 0 {
-		return nil, fmt.Errorf("There is no json file under %s", jsonDir)
+		return nil, xerrors.Errorf("There is no json file under %s", jsonDir)
 	}
 	return
 }
@@ -588,11 +682,11 @@ func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) {
 		err  error
 	)
 	if data, err = ioutil.ReadFile(jsonFile); err != nil {
-		return nil, fmt.Errorf("Failed to read %s: %s", jsonFile, err)
+		return nil, xerrors.Errorf("Failed to read %s: %w", jsonFile, err)
 	}
 	result := &models.ScanResult{}
 	if err := json.Unmarshal(data, result); err != nil {
-		return nil, fmt.Errorf("Failed to parse %s: %s", jsonFile, err)
+		return nil, xerrors.Errorf("Failed to parse %s: %w", jsonFile, err)
 	}
 	return result, nil
 }

report/util_test.go

@@ -192,13 +192,13 @@ func TestDiff(t *testing.T) {
 					ScannedCves: models.VulnInfos{
 						"CVE-2012-6702": {
 							CveID:            "CVE-2012-6702",
-							AffectedPackages: models.PackageStatuses{{Name: "libexpat1"}},
+							AffectedPackages: models.PackageFixStatuses{{Name: "libexpat1"}},
 							DistroAdvisories: []models.DistroAdvisory{},
 							CpeURIs:          []string{},
 						},
 						"CVE-2014-9761": {
 							CveID:            "CVE-2014-9761",
-							AffectedPackages: models.PackageStatuses{{Name: "libc-bin"}},
+							AffectedPackages: models.PackageFixStatuses{{Name: "libc-bin"}},
 							DistroAdvisories: []models.DistroAdvisory{},
 							CpeURIs:          []string{},
 						},
@@ -217,13 +217,13 @@ func TestDiff(t *testing.T) {
 					ScannedCves: models.VulnInfos{
 						"CVE-2012-6702": {
 							CveID:            "CVE-2012-6702",
-							AffectedPackages: models.PackageStatuses{{Name: "libexpat1"}},
+							AffectedPackages: models.PackageFixStatuses{{Name: "libexpat1"}},
 							DistroAdvisories: []models.DistroAdvisory{},
 							CpeURIs:          []string{},
 						},
 						"CVE-2014-9761": {
 							CveID:            "CVE-2014-9761",
-							AffectedPackages: models.PackageStatuses{{Name: "libc-bin"}},
+							AffectedPackages: models.PackageFixStatuses{{Name: "libc-bin"}},
 							DistroAdvisories: []models.DistroAdvisory{},
 							CpeURIs:          []string{},
 						},
@@ -254,7 +254,7 @@ func TestDiff(t *testing.T) {
 					ScannedCves: models.VulnInfos{
 						"CVE-2016-6662": {
 							CveID:            "CVE-2016-6662",
-							AffectedPackages: models.PackageStatuses{{Name: "mysql-libs"}},
+							AffectedPackages: models.PackageFixStatuses{{Name: "mysql-libs"}},
 							DistroAdvisories: []models.DistroAdvisory{},
 							CpeURIs:          []string{},
 						},
@@ -292,7 +292,7 @@ func TestDiff(t *testing.T) {
 				ScannedCves: models.VulnInfos{
 					"CVE-2016-6662": {
 						CveID:            "CVE-2016-6662",
-						AffectedPackages: models.PackageStatuses{{Name: "mysql-libs"}},
+						AffectedPackages: models.PackageFixStatuses{{Name: "mysql-libs"}},
 						DistroAdvisories: []models.DistroAdvisory{},
 						CpeURIs:          []string{},
 					},
@@ -348,7 +348,7 @@ func TestIsCveFixed(t *testing.T) {
 			in: In{
 				v: models.VulnInfo{
 					CveID: "CVE-2016-6662",
-					AffectedPackages: models.PackageStatuses{
+					AffectedPackages: models.PackageFixStatuses{
 						{
 							Name:        "mysql-libs",
 							NotFixedYet: false,
@@ -366,7 +366,7 @@ func TestIsCveFixed(t *testing.T) {
 					ScannedCves: models.VulnInfos{
 						"CVE-2016-6662": {
 							CveID: "CVE-2016-6662",
-							AffectedPackages: models.PackageStatuses{
+							AffectedPackages: models.PackageFixStatuses{
 								{
 									Name:        "mysql-libs",
 									NotFixedYet: true,
@@ -389,7 +389,7 @@ func TestIsCveFixed(t *testing.T) {
 			in: In{
 				v: models.VulnInfo{
 					CveID: "CVE-2016-6662",
-					AffectedPackages: models.PackageStatuses{
+					AffectedPackages: models.PackageFixStatuses{
 						{
 							Name:        "mysql-libs",
 							NotFixedYet: true,
@@ -407,7 +407,7 @@ func TestIsCveFixed(t *testing.T) {
 					ScannedCves: models.VulnInfos{
 						"CVE-2016-6662": {
 							CveID: "CVE-2016-6662",
-							AffectedPackages: models.PackageStatuses{
+							AffectedPackages: models.PackageFixStatuses{
 								{
 									Name:        "mysql-libs",
 									NotFixedYet: true,

report/writer.go

@@ -1,20 +1,3 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package report
 
 import (

scan/alpine.go

@@ -1,30 +1,13 @@
-/* Vuls - Vulnerability Scanner
-Copyright (C) 2016  Future Corporation , Japan.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
 package scan
 
 import (
 	"bufio"
-	"fmt"
 	"strings"
 
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
+	"golang.org/x/xerrors"
 )
 
 // inherit OsTypeInterface
@@ -65,9 +48,6 @@ func detectAlpine(c config.ServerInfo) (itsMe bool, os osTypeInterface) {
 }
 
 func (o *alpine) checkScanMode() error {
-	if o.getServerInfo().Mode.IsOffline() {
-		return fmt.Errorf("Remove offline scan mode, Alpine needs internet connection")
-	}
 	return nil
 }
 
@@ -82,9 +62,12 @@ func (o *alpine) checkIfSudoNoPasswd() error {
 }
 
 func (o *alpine) apkUpdate() error {
+	if o.getServerInfo().Mode.IsOffline() {
+		return nil
+	}
 	r := o.exec("apk update", noSudo)
 	if !r.isSuccess() {
-		return fmt.Errorf("Failed to SSH: %s", r)
+		return xerrors.Errorf("Failed to SSH: %s", r)
 	}
 	return nil
 }
@@ -92,7 +75,8 @@ func (o *alpine) apkUpdate() error {
 func (o *alpine) preCure() error {
 	o.log.Infof("Scanning in %s", o.getServerInfo().Mode)
 	if err := o.detectIPAddr(); err != nil {
-		o.log.Debugf("Failed to detect IP addresses: %s", err)
+		o.log.Warnf("Failed to detect IP addresses: %s", err)
+		o.warns = append(o.warns, err)
 	}
 	// Ignore this error as it just failed to detect the IP addresses
 	return nil
@@ -130,11 +114,14 @@ func (o *alpine) scanPackages() error {
 
 	updatable, err := o.scanUpdatablePackages()
 	if err != nil {
-		o.log.Errorf("Failed to scan installed packages: %s", err)
-		return err
+		err = xerrors.Errorf("Failed to scan updatable packages: %w", err)
+		o.log.Warnf("err: %+v", err)
+		o.warns = append(o.warns, err)
+		// Only warning this error
+	} else {
+		installed.MergeNewVersion(updatable)
 	}
 
-	installed.MergeNewVersion(updatable)
 	o.Packages = installed
 	return nil
 }
@@ -143,7 +130,7 @@ func (o *alpine) scanInstalledPackages() (models.Packages, error) {
 	cmd := util.PrependProxyEnv("apk info -v")
 	r := o.exec(cmd, noSudo)
 	if !r.isSuccess() {
-		return nil, fmt.Errorf("Failed to SSH: %s", r)
+		return nil, xerrors.Errorf("Failed to SSH: %s", r)
 	}
 	return o.parseApkInfo(r.Stdout)
 }
@@ -160,7 +147,7 @@ func (o *alpine) parseApkInfo(stdout string) (models.Packages, error) {
 		line := scanner.Text()
 		ss := strings.Split(line, "-")
 		if len(ss) < 3 {
-			return nil, fmt.Errorf("Failed to parse apk info -v: %s", line)
+			return nil, xerrors.Errorf("Failed to parse apk info -v: %s", line)
 		}
 		name := strings.Join(ss[:len(ss)-2], "-")
 		packs[name] = models.Package{
@@ -175,7 +162,7 @@ func (o *alpine) scanUpdatablePackages() (models.Packages, error) {
 	cmd := util.PrependProxyEnv("apk version")
 	r := o.exec(cmd, noSudo)
 	if !r.isSuccess() {
-		return nil, fmt.Errorf("Failed to SSH: %s", r)
+		return nil, xerrors.Errorf("Failed to SSH: %s", r)
 	}
 	return o.parseApkVersion(r.Stdout)
 }