Improve implementation around config (#1122 )

* refactor config * fix saas config * feat(config): scanmodule for each server in config.toml * feat(config): enable to specify containersOnly in config.toml * add new keys of config.toml to discover.go * fix summary output, logging
fix(scan): err detecting EOL for alpine Linux (#1124 )
2021-01-13 08:46:27 +09:00 · 2021-01-12 20:10:22 +09:00 · 2021-01-09 07:58:55 +09:00 · 2021-01-07 14:57:49 +09:00 · 2021-01-07 08:02:29 +09:00 · 2021-01-06 15:52:55 +09:00
150 changed files with 14000 additions and 9807 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: kotakanbe
--- a/.github/workflows/golangci.yml
+++ b/.github/workflows/golangci.yml
@@ -0,0 +1,29 @@
+name: golangci-lint
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+  pull_request:
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
+          version: v1.32
+          args: --timeout=10m
+          
+          # Optional: working directory, useful for monorepos
+          # working-directory: somedir
+
+          # Optional: golangci-lint command line arguments.
+          # args: --issues-exit-code=0
+
+          # Optional: show only new issues if it's a pull request. The default value is `false`.
+          # only-new-issues: true
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -0,0 +1,31 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Unshallow
+        run: git fetch --prune --unshallow
+      -
+        name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.15
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,21 @@
+name: Test
+
+on: [pull_request]
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go 1.x
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.15.x
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Test
+      run: make test
--- a/.github/workflows/tidy.yml
+++ b/.github/workflows/tidy.yml
@@ -0,0 +1,22 @@
+name: go-mod-tidy-pr
+
+on:
+  schedule:
+    - cron: "0 0 * * 1" # Weekly build
+
+jobs:
+  go-mod-tidy-pr:
+    name: go-mod-tidy-pr
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run go-mod-tidy-pr
+        uses: sue445/go-mod-tidy-pr@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          git_user_name: kotakanbe
+          git_user_email: kotakanbe@gmail.com
+          go_version: 1.15.6
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,3 @@
-vuls
 .vscode
 *.txt
 *.json
@@ -15,4 +14,4 @@ results/
 !setup/docker/*
 .DS_Store
 dist/
-.idea
+.idea
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,17 @@
+name: golang-ci
+
+linters-settings:
+  errcheck:
+    #exclude: /path/to/file.txt
+
+linters:
+  disable-all: true
+  enable:
+    - goimports
+    - golint
+    - govet
+    - misspell
+    - errcheck
+    - staticcheck
+    - prealloc
+    - ineffassign
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -6,19 +6,105 @@ release:
    owner: future-architect
    name: vuls
 builds:
- goos:
+- id: vuls
+  goos:
  - linux
  goarch:
  - amd64
-  main: .
+  main: ./cmd/vuls/main.go
  flags:
-      - -a
-  ldflags: -s -w -X main.version={{.Version}} -X main.revision={{.Commit}} 
+  - -a
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
  binary: vuls
-archive:
+
+- id: vuls-scanner
+  env:
+  - CGO_ENABLED=0
+  goos:
+  - linux
+  goarch:
+  - 386
+  - amd64
+  - arm
+  - arm64
+  main: ./cmd/scanner/main.go
+  flags:
+  - -a
+  - -tags=scanner
+  ldflags: 
+  - -s -w -X github.com/future-architect/vuls/config.Version={{.Version}} -X github.com/future-architect/vuls/config.Revision={{.Commit}}-{{ .CommitDate }}
+  binary: vuls-scanner
+
+- id: trivy-to-vuls
+  env:
+  - CGO_ENABLED=0
+  goos:
+  - linux
+  goarch:
+  - 386
+  - amd64
+  - arm
+  - arm64
+  main: ./contrib/trivy/cmd/main.go
+  binary: trivy-to-vuls
+
+- id: future-vuls
+  env:
+  - CGO_ENABLED=0
+  goos:
+  - linux
+  goarch:
+  - 386
+  - amd64
+  - arm
+  - arm64
+  flags:
+  - -a
+  - -tags=scanner
+  main: ./contrib/future-vuls/cmd/main.go
+  binary: future-vuls
+
+archives:
+
+- id: vuls
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - vuls
+  format: tar.gz
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+
+- id: vuls-scanner
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - vuls-scanner
+  format: tar.gz
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+
+- id: trivy-to-vuls
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - trivy-to-vuls
+  format: tar.gz
+  files:
+  - LICENSE
+  - NOTICE
+  - README*
+  - CHANGELOG.md
+
+- id: future-vuls
+  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
+  builds:
+  - future-vuls
  format: tar.gz
-  name_template: '{{ .Binary }}_{{.Version}}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{
-    .Arm }}{{ end }}'
  files:
  - LICENSE
  - NOTICE
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +0,0 @@
-language: go
-
-go:
-  - "1.13.x"
-
-after_success:
-  - test -n "$TRAVIS_TAG" && curl -sL https://git.io/goreleaser | bash
--- a/3
+++ b/3
@@ -11,7 +11,7 @@ COPY . $GOPATH/src/$REPOSITORY
 RUN cd $GOPATH/src/$REPOSITORY && make install


-FROM alpine:3.7
+FROM alpine:3.11

 MAINTAINER hikachan sadayuki-matsuno

@@ -21,6 +21,7 @@ ENV WORKDIR /vuls
 RUN apk add --no-cache \
        openssh-client \
        ca-certificates \
+        git \
    && mkdir -p $WORKDIR $LOGDIR

 COPY --from=builder /go/bin/vuls /usr/local/bin/
--- a/26
+++ b/26
@@ -20,19 +20,26 @@ BUILDTIME := $(shell date "+%Y%m%d_%H%M%S")
 LDFLAGS := -X 'github.com/future-architect/vuls/config.Version=$(VERSION)' \
    -X 'github.com/future-architect/vuls/config.Revision=build-$(BUILDTIME)_$(REVISION)'
 GO := GO111MODULE=on go
+CGO_UNABLED := CGO_ENABLED=0 go
 GO_OFF := GO111MODULE=off go


 all: build

-build: main.go pretest fmt
-	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls $<
+build: ./cmd/vuls/main.go pretest fmt
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/vuls

-b: 	main.go pretest fmt
-	$(GO) build -ldflags "$(LDFLAGS)" -o vuls $<
+b: ./cmd/vuls/main.go 
+	$(GO) build -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/vuls

-install: main.go pretest
-	$(GO) install -ldflags "$(LDFLAGS)"
+install: ./cmd/vuls/main.go pretest fmt
+	$(GO) install -ldflags "$(LDFLAGS)" ./cmd/vuls
+
+build-scanner: ./cmd/scanner/main.go pretest fmt
+	$(CGO_UNABLED) build -tags=scanner -a -ldflags "$(LDFLAGS)" -o vuls ./cmd/scanner
+
+install-scanner: ./cmd/scanner/main.go pretest fmt
+	$(CGO_UNABLED) install -tags=scanner -ldflags "$(LDFLAGS)" ./cmd/scanner

 lint:
 	$(GO_OFF) get -u golang.org/x/lint/golint
@@ -66,3 +73,10 @@ cov:
 clean:
 	echo $(PKGS) | xargs go clean || exit;

+# trivy-to-vuls
+build-trivy-to-vuls: pretest fmt
+	$(GO) build -o trivy-to-vuls contrib/trivy/cmd/*.go
+
+# future-vuls
+build-future-vuls: pretest fmt
+	$(GO) build -o future-vuls contrib/future-vuls/cmd/*.go
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@

 ![Vuls-logo](img/vuls_logo.png)

-Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.
+Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go.
 We have a slack team. [Join slack team](http://goo.gl/forms/xm5KFo35tu)
 Twitter: [@vuls_en](https://twitter.com/vuls_en)

@@ -23,20 +23,6 @@ Twitter: [@vuls_en](https://twitter.com/vuls_en)

 ----

-## NEWS
-
-| Version     | Main Feature |  Date |
-|:------------|:---------------------------------|:--------------------|
-| [v0.8.0](https://github.com/future-architect/vuls/releases/tag/v0.8.0) | secret | Coming soon |
-| [v0.7.0](https://github.com/future-architect/vuls/releases/tag/v0.7.0) | WordPress Vulnerability Scan | 2019/Apr/8 |
-| [v0.6.3](https://github.com/future-architect/vuls/releases/tag/v0.6.3) | GitHub Integration | 2019/Feb/20 |
-| [v0.6.2](https://github.com/future-architect/vuls/releases/tag/v0.6.2) | Add US-CERT/JPCERT Alerts as VulnSrc | 2019/Jan/23 |
-| [v0.6.1](https://github.com/future-architect/vuls/releases/tag/v0.6.1) | BugFix | 2018/Nov/16 |
-| [v0.6.0](https://github.com/future-architect/vuls/releases/tag/v0.6.0) | Add ExploitDB as VulnSrc | 2018/Nov/3 |
-| [v0.5.0](https://github.com/future-architect/vuls/releases/tag/v0.5.0) | Scan accuracy improvement | 2018/Aug/27 |
-
----
-
 ## Abstract

 For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden.
@@ -66,36 +52,47 @@ Vuls is a tool created to solve the problems listed above. It has the following

 - Alpine, Amazon Linux, CentOS, Debian, Oracle Linux, Raspbian, RHEL, SUSE Enterprise Linux, and Ubuntu
 - FreeBSD
- Cloud, on-premise, Docker Container and Docker Image
+- Cloud, on-premise, Running Docker Container

 ### High-quality scan

-Vuls uses multiple vulnerability databases
+- Vulnerability Database
+  - [NVD](https://nvd.nist.gov/)
+  - [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)

- [NVD](https://nvd.nist.gov/)
- [JVN(Japanese)](http://jvndb.jvn.jp/apis/myjvn/)
 - OVAL
+  - [Red Hat](https://www.redhat.com/security/data/oval/)
  - [Debian](https://www.debian.org/security/oval/)
-  - [Oracle Linux](https://linux.oracle.com/security/oval/)
-  - [RedHat](https://www.redhat.com/security/data/oval/)
-  - [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
  - [Ubuntu](https://people.canonical.com/~ubuntu-security/oval/)
+  - [SUSE](http://ftp.suse.com/pub/projects/security/oval/)
+  - [Oracle Linux](https://linux.oracle.com/security/oval/)

- [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
- [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/)
- [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
- Commands (yum, zypper, and pkg-audit)
-  - RHSA/ALAS/ELSA/FreeBSD-SA
- [Exploit Database](https://www.exploit-db.com/)
- [US-CERT](https://www.us-cert.gov/ncas/alerts)
- [JPCERT](http://www.jpcert.or.jp/at/2019.html)
- [WPVulnDB](https://wpvulndb.com/api)
- [Node.js Security Working Group](https://github.com/nodejs/security-wg)
- [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db)
- [Safety DB(Python)](https://github.com/pyupio/safety-db)
- [PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories)
- [RustSec Advisory Database](https://github.com/RustSec/advisory-db)
- Changelog
+- Security Advisory
+  - [Alpine-secdb](https://git.alpinelinux.org/cgit/alpine-secdb/)
+  - [Red Hat Security Advisories](https://access.redhat.com/security/security-updates/)
+  - [Debian Security Bug Tracker](https://security-tracker.debian.org/tracker/)
+
+- Commands(yum, zypper, pkg-audit)
+  - RHSA / ALAS / ELSA / FreeBSD-SA
+  - Changelog
+
+- PoC, Exploit
+  - [Exploit Database](https://www.exploit-db.com/)
+  - [Metasploit-Framework modules](https://www.rapid7.com/db/?q=&type=metasploit)
+
+- CERT
+  - [US-CERT](https://www.us-cert.gov/ncas/alerts)
+  - [JPCERT](http://www.jpcert.or.jp/at/2019.html)
+
+- Libraries
+  - [Node.js Security Working Group](https://github.com/nodejs/security-wg)
+  - [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db)
+  - [Safety DB(Python)](https://github.com/pyupio/safety-db)
+  - [PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories)
+  - [RustSec Advisory Database](https://github.com/RustSec/advisory-db)
+
+- WordPress
+  - [wpscan](https://wpscan.com/api)

 ### Scan mode

@@ -134,17 +131,6 @@ Vuls uses multiple vulnerability databases
 - It is possible to acquire the state of the server by connecting via SSH and executing the command.
 - Vuls warns when the scan target server was updated the kernel etc. but not restarting it.

-### **Static** Analysis
-
-Vuls v0.8.0 can scan Docker images using [knqyf263/trivy](https://github.com/knqyf263/trivy).
-Following Registry supported.
-
- ECR
- GCR
- Local Image
-
-For details, see [Scan docker image](https://vuls.io/docs/en/tutorial-scan-docker-image.html)
-
 ### Scan vulnerabilities of non-OS-packages

 - Libraries of programming language
@@ -170,7 +156,7 @@ Vuls has some options to detect the vulnerabilities
 - Auto-generation of configuration file template
  - Auto-detection of servers set using CIDR, generate configuration file template
 - Email and Slack notification is possible (supports Japanese language)
- Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI ([VulsRepo](https://github.com/future-architect/vulsrepo)).
+- Scan result is viewable on accessory software, TUI Viewer in a terminal or Web UI ([VulsRepo](https://github.com/ishiDACo/vulsrepo)).

 ----

@@ -182,7 +168,7 @@ Vuls has some options to detect the vulnerabilities

 ## Document

-For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)
+For more information such as Installation, Tutorial, Usage, visit [vuls.io](https://vuls.io/)  
 [日本語翻訳ドキュメント](https://vuls.io/ja/)

 ----
@@ -193,12 +179,6 @@ kotakanbe ([@kotakanbe](https://twitter.com/kotakanbe)) created vuls and [these

 ----

-## Change Log
-
-Please see [CHANGELOG](https://github.com/future-architect/vuls/blob/master/CHANGELOG.md).
-
----
-
 ## Stargazers over time

 [![Stargazers over time](https://starcharts.herokuapp.com/future-architect/vuls.svg)](https://starcharts.herokuapp.com/future-architect/vuls)
--- a/cache/bolt.go
+++ b/cache/bolt.go
@@ -141,7 +141,7 @@ func (b Bolt) PrettyPrint(meta Meta) error {
 	})
 }

-// GetChangelog get the changelgo of specified packName from the Bucket
+// GetChangelog get the changelog of specified packName from the Bucket
 func (b Bolt) GetChangelog(servername, packName string) (changelog string, err error) {
 	err = b.db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
--- a/cache/bolt_test.go
+++ b/cache/bolt_test.go
@@ -46,7 +46,7 @@ func TestSetupBolt(t *testing.T) {
 		t.Errorf("Failed to open bolt: %s", err)
 	}

-	db.View(func(tx *bolt.Tx) error {
+	_ = db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(metabucket))
 		if bkt == nil {
 			t.Errorf("Meta bucket nof found")
@@ -87,7 +87,7 @@ func TestEnsureBuckets(t *testing.T) {
 	if err != nil {
 		t.Errorf("Failed to open bolt: %s", err)
 	}
-	db.View(func(tx *bolt.Tx) error {
+	_ = db.View(func(tx *bolt.Tx) error {
 		bkt := tx.Bucket([]byte(servername))
 		if bkt == nil {
 			t.Errorf("Meta bucket nof found")
--- a/cmd/scanner/main.go
+++ b/cmd/scanner/main.go
@@ -0,0 +1,36 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+
+	"context"
+
+	"github.com/future-architect/vuls/config"
+	commands "github.com/future-architect/vuls/subcmds"
+	"github.com/google/subcommands"
+)
+
+func main() {
+	subcommands.Register(subcommands.HelpCommand(), "")
+	subcommands.Register(subcommands.FlagsCommand(), "")
+	subcommands.Register(subcommands.CommandsCommand(), "")
+	subcommands.Register(&commands.DiscoverCmd{}, "discover")
+	subcommands.Register(&commands.ScanCmd{}, "scan")
+	subcommands.Register(&commands.HistoryCmd{}, "history")
+	subcommands.Register(&commands.ConfigtestCmd{}, "configtest")
+	subcommands.Register(&commands.SaaSCmd{}, "saas")
+
+	var v = flag.Bool("v", false, "Show version")
+
+	flag.Parse()
+
+	if *v {
+		fmt.Printf("vuls %s %s\n", config.Version, config.Revision)
+		os.Exit(int(subcommands.ExitSuccess))
+	}
+
+	ctx := context.Background()
+	os.Exit(int(subcommands.Execute(ctx)))
+}
--- a/cmd/vuls/main.go
+++ b/cmd/vuls/main.go
@@ -7,8 +7,8 @@ import (

 	"context"

-	"github.com/future-architect/vuls/commands"
 	"github.com/future-architect/vuls/config"
+	commands "github.com/future-architect/vuls/subcmds"
 	"github.com/google/subcommands"
 )

--- a/config/chatworkconf.go
+++ b/config/chatworkconf.go
@@ -0,0 +1,32 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// ChatWorkConf is ChatWork config
+type ChatWorkConf struct {
+	APIToken string `json:"-"`
+	Room     string `json:"-"`
+}
+
+// Validate validates configuration
+func (c *ChatWorkConf) Validate() (errs []error) {
+	if !Conf.ToChatWork {
+		return
+	}
+	if len(c.Room) == 0 {
+		errs = append(errs, xerrors.New("chatWorkConf.room must not be empty"))
+	}
+
+	if len(c.APIToken) == 0 {
+		errs = append(errs, xerrors.New("chatWorkConf.ApiToken must not be empty"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/config.go
+++ b/config/config.go
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -63,7 +63,7 @@ func TestSyslogConfValidate(t *testing.T) {
 	}
 }

-func TestMajorVersion(t *testing.T) {
+func TestDistro_MajorVersion(t *testing.T) {
 	var tests = []struct {
 		in  Distro
 		out int
--- a/config/exploitconf.go
+++ b/config/exploitconf.go
@@ -0,0 +1,53 @@
+package config
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// ExploitConf is exploit config
+type ExploitConf struct {
+	// DB type for exploit dictionary (sqlite3, mysql, postgres or redis)
+	Type string
+
+	// http://exploit-dictionary.com:1324 or DB connection string
+	URL string `json:"-"`
+
+	// /path/to/exploit.sqlite3
+	SQLite3Path string `json:"-"`
+}
+
+func (cnf *ExploitConf) setDefault() {
+	if cnf.Type == "" {
+		cnf.Type = "sqlite3"
+	}
+	if cnf.URL == "" && cnf.SQLite3Path == "" {
+		wd, _ := os.Getwd()
+		cnf.SQLite3Path = filepath.Join(wd, "go-exploitdb.sqlite3")
+	}
+}
+
+const exploitDBType = "EXPLOITDB_TYPE"
+const exploitDBURL = "EXPLOITDB_URL"
+const exploitDBPATH = "EXPLOITDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *ExploitConf) Init() {
+	if os.Getenv(exploitDBType) != "" {
+		cnf.Type = os.Getenv(exploitDBType)
+	}
+	if os.Getenv(exploitDBURL) != "" {
+		cnf.URL = os.Getenv(exploitDBURL)
+	}
+	if os.Getenv(exploitDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(exploitDBPATH)
+	}
+	cnf.setDefault()
+}
+
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *ExploitConf) IsFetchViaHTTP() bool {
+	return Conf.Exploit.Type == "http"
+}
--- a/config/gocvedictconf.go
+++ b/config/gocvedictconf.go
@@ -0,0 +1,53 @@
+package config
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// GoCveDictConf is go-cve-dictionary config
+type GoCveDictConf struct {
+	// DB type of CVE dictionary (sqlite3, mysql, postgres or redis)
+	Type string
+
+	// http://cve-dictionary.com:1323 or DB connection string
+	URL string `json:"-"`
+
+	// /path/to/cve.sqlite3
+	SQLite3Path string `json:"-"`
+}
+
+func (cnf *GoCveDictConf) setDefault() {
+	if cnf.Type == "" {
+		cnf.Type = "sqlite3"
+	}
+	if cnf.URL == "" && cnf.SQLite3Path == "" {
+		wd, _ := os.Getwd()
+		cnf.SQLite3Path = filepath.Join(wd, "cve.sqlite3")
+	}
+}
+
+const cveDBType = "CVEDB_TYPE"
+const cveDBURL = "CVEDB_URL"
+const cveDBPATH = "CVEDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *GoCveDictConf) Init() {
+	if os.Getenv(cveDBType) != "" {
+		cnf.Type = os.Getenv(cveDBType)
+	}
+	if os.Getenv(cveDBURL) != "" {
+		cnf.URL = os.Getenv(cveDBURL)
+	}
+	if os.Getenv(cveDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(cveDBPATH)
+	}
+	cnf.setDefault()
+}
+
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GoCveDictConf) IsFetchViaHTTP() bool {
+	return Conf.CveDict.Type == "http"
+}
--- a/config/gostconf.go
+++ b/config/gostconf.go
@@ -0,0 +1,53 @@
+package config
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// GostConf is gost config
+type GostConf struct {
+	// DB type for gost dictionary (sqlite3, mysql, postgres or redis)
+	Type string
+
+	// http://gost-dictionary.com:1324 or DB connection string
+	URL string `json:"-"`
+
+	// /path/to/gost.sqlite3
+	SQLite3Path string `json:"-"`
+}
+
+func (cnf *GostConf) setDefault() {
+	if cnf.Type == "" {
+		cnf.Type = "sqlite3"
+	}
+	if cnf.URL == "" && cnf.SQLite3Path == "" {
+		wd, _ := os.Getwd()
+		cnf.SQLite3Path = filepath.Join(wd, "gost.sqlite3")
+	}
+}
+
+const gostDBType = "GOSTDB_TYPE"
+const gostDBURL = "GOSTDB_URL"
+const gostDBPATH = "GOSTDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *GostConf) Init() {
+	if os.Getenv(gostDBType) != "" {
+		cnf.Type = os.Getenv(gostDBType)
+	}
+	if os.Getenv(gostDBURL) != "" {
+		cnf.URL = os.Getenv(gostDBURL)
+	}
+	if os.Getenv(gostDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(gostDBPATH)
+	}
+	cnf.setDefault()
+}
+
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GostConf) IsFetchViaHTTP() bool {
+	return Conf.Gost.Type == "http"
+}
--- a/config/govaldictconf.go
+++ b/config/govaldictconf.go
@@ -0,0 +1,54 @@
+package config
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// GovalDictConf is goval-dictionary config
+type GovalDictConf struct {
+
+	// DB type of OVAL dictionary (sqlite3, mysql, postgres or redis)
+	Type string
+
+	// http://goval-dictionary.com:1324 or DB connection string
+	URL string `json:"-"`
+
+	// /path/to/oval.sqlite3
+	SQLite3Path string `json:"-"`
+}
+
+func (cnf *GovalDictConf) setDefault() {
+	if cnf.Type == "" {
+		cnf.Type = "sqlite3"
+	}
+	if cnf.URL == "" && cnf.SQLite3Path == "" {
+		wd, _ := os.Getwd()
+		cnf.SQLite3Path = filepath.Join(wd, "oval.sqlite3")
+	}
+}
+
+const govalType = "OVALDB_TYPE"
+const govalURL = "OVALDB_URL"
+const govalPATH = "OVALDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *GovalDictConf) Init() {
+	if os.Getenv(govalType) != "" {
+		cnf.Type = os.Getenv(govalType)
+	}
+	if os.Getenv(govalURL) != "" {
+		cnf.URL = os.Getenv(govalURL)
+	}
+	if os.Getenv(govalPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(govalPATH)
+	}
+	cnf.setDefault()
+}
+
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *GovalDictConf) IsFetchViaHTTP() bool {
+	return Conf.OvalDict.Type == "http"
+}
--- a/config/httpconf.go
+++ b/config/httpconf.go
@@ -0,0 +1,38 @@
+package config
+
+import (
+	"os"
+
+	"github.com/asaskevich/govalidator"
+)
+
+// HTTPConf is HTTP config
+type HTTPConf struct {
+	URL string `valid:"url" json:"-"`
+}
+
+// Validate validates configuration
+func (c *HTTPConf) Validate() (errs []error) {
+	if !Conf.ToHTTP {
+		return nil
+	}
+
+	if _, err := govalidator.ValidateStruct(c); err != nil {
+		errs = append(errs, err)
+	}
+	return errs
+}
+
+const httpKey = "VULS_HTTP_URL"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (c *HTTPConf) Init(toml HTTPConf) {
+	if os.Getenv(httpKey) != "" {
+		c.URL = os.Getenv(httpKey)
+	}
+	if toml.URL != "" {
+		c.URL = toml.URL
+	}
+}
--- a/config/metasploitconf.go
+++ b/config/metasploitconf.go
@@ -0,0 +1,53 @@
+package config
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// MetasploitConf is metasploit config
+type MetasploitConf struct {
+	// DB type for metasploit dictionary (sqlite3, mysql, postgres or redis)
+	Type string
+
+	// http://metasploit-dictionary.com:1324 or DB connection string
+	URL string `json:"-"`
+
+	// /path/to/metasploit.sqlite3
+	SQLite3Path string `json:"-"`
+}
+
+func (cnf *MetasploitConf) setDefault() {
+	if cnf.Type == "" {
+		cnf.Type = "sqlite3"
+	}
+	if cnf.URL == "" && cnf.SQLite3Path == "" {
+		wd, _ := os.Getwd()
+		cnf.SQLite3Path = filepath.Join(wd, "go-msfdb.sqlite3")
+	}
+}
+
+const metasploitDBType = "METASPLOITDB_TYPE"
+const metasploitDBURL = "METASPLOITDB_URL"
+const metasploitDBPATH = "METASPLOITDB_SQLITE3_PATH"
+
+// Init set options with the following priority.
+// 1. Environment variable
+// 2. config.toml
+func (cnf *MetasploitConf) Init() {
+	if os.Getenv(metasploitDBType) != "" {
+		cnf.Type = os.Getenv(metasploitDBType)
+	}
+	if os.Getenv(metasploitDBURL) != "" {
+		cnf.URL = os.Getenv(metasploitDBURL)
+	}
+	if os.Getenv(metasploitDBPATH) != "" {
+		cnf.SQLite3Path = os.Getenv(metasploitDBPATH)
+	}
+	cnf.setDefault()
+}
+
+// IsFetchViaHTTP returns wether fetch via http
+func (cnf *MetasploitConf) IsFetchViaHTTP() bool {
+	return Conf.Metasploit.Type == "http"
+}
--- a/config/os.go
+++ b/config/os.go
@@ -0,0 +1,248 @@
+package config
+
+import (
+	"fmt"
+	"strings"
+	"time"
+)
+
+const (
+	// RedHat is
+	RedHat = "redhat"
+
+	// Debian is
+	Debian = "debian"
+
+	// Ubuntu is
+	Ubuntu = "ubuntu"
+
+	// CentOS is
+	CentOS = "centos"
+
+	// Fedora is
+	// Fedora = "fedora"
+
+	// Amazon is
+	Amazon = "amazon"
+
+	// Oracle is
+	Oracle = "oracle"
+
+	// FreeBSD is
+	FreeBSD = "freebsd"
+
+	// Raspbian is
+	Raspbian = "raspbian"
+
+	// Windows is
+	Windows = "windows"
+
+	// OpenSUSE is
+	OpenSUSE = "opensuse"
+
+	// OpenSUSELeap is
+	OpenSUSELeap = "opensuse.leap"
+
+	// SUSEEnterpriseServer is
+	SUSEEnterpriseServer = "suse.linux.enterprise.server"
+
+	// SUSEEnterpriseDesktop is
+	SUSEEnterpriseDesktop = "suse.linux.enterprise.desktop"
+
+	// SUSEOpenstackCloud is
+	SUSEOpenstackCloud = "suse.openstack.cloud"
+
+	// Alpine is
+	Alpine = "alpine"
+
+	// ServerTypePseudo is used for ServerInfo.Type, r.Family
+	ServerTypePseudo = "pseudo"
+)
+
+// EOL has End-of-Life information
+type EOL struct {
+	StandardSupportUntil time.Time
+	ExtendedSupportUntil time.Time
+	Ended                bool
+}
+
+// IsStandardSupportEnded checks now is under standard support
+func (e EOL) IsStandardSupportEnded(now time.Time) bool {
+	return e.Ended ||
+		!e.ExtendedSupportUntil.IsZero() && e.StandardSupportUntil.IsZero() ||
+		!e.StandardSupportUntil.IsZero() && now.After(e.StandardSupportUntil)
+}
+
+// IsExtendedSuppportEnded checks now is under extended support
+func (e EOL) IsExtendedSuppportEnded(now time.Time) bool {
+	if e.Ended {
+		return true
+	}
+	if e.StandardSupportUntil.IsZero() && e.ExtendedSupportUntil.IsZero() {
+		return false
+	}
+	return !e.ExtendedSupportUntil.IsZero() && now.After(e.ExtendedSupportUntil) ||
+		e.ExtendedSupportUntil.IsZero() && now.After(e.StandardSupportUntil)
+}
+
+// GetEOL return EOL information for the OS-release passed by args
+// https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/redhat/redhat.go#L20
+func GetEOL(family, release string) (eol EOL, found bool) {
+	switch family {
+	case Amazon:
+		rel := "2"
+		if isAmazonLinux1(release) {
+			rel = "1"
+		}
+		eol, found = map[string]EOL{
+			"1": {StandardSupportUntil: time.Date(2023, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"2": {},
+		}[rel]
+	case RedHat:
+		// https://access.redhat.com/support/policy/updates/errata
+		eol, found = map[string]EOL{
+			"3": {Ended: true},
+			"4": {Ended: true},
+			"5": {Ended: true},
+			"6": {
+				StandardSupportUntil: time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
+			},
+			"7": {
+				StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
+			},
+			"8": {
+				StandardSupportUntil: time.Date(2029, 5, 31, 23, 59, 59, 0, time.UTC),
+			},
+		}[major(release)]
+	case CentOS:
+		// https://en.wikipedia.org/wiki/CentOS#End-of-support_schedule
+		// TODO Stream
+		eol, found = map[string]EOL{
+			"3": {Ended: true},
+			"4": {Ended: true},
+			"5": {Ended: true},
+			"6": {Ended: true},
+			"7": {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"8": {StandardSupportUntil: time.Date(2021, 12, 31, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	case Oracle:
+		eol, found = map[string]EOL{
+			// Source:
+			// https://www.oracle.com/a/ocom/docs/elsp-lifetime-069338.pdf
+			// https://community.oracle.com/docs/DOC-917964
+			"3": {Ended: true},
+			"4": {Ended: true},
+			"5": {Ended: true},
+			"6": {
+				StandardSupportUntil: time.Date(2021, 3, 1, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2024, 3, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"7": {
+				StandardSupportUntil: time.Date(2024, 7, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"8": {
+				StandardSupportUntil: time.Date(2029, 7, 1, 23, 59, 59, 0, time.UTC),
+			},
+		}[major(release)]
+	case Debian:
+		eol, found = map[string]EOL{
+			// https://wiki.debian.org/LTS
+			"6":  {Ended: true},
+			"7":  {Ended: true},
+			"8":  {Ended: true},
+			"9":  {StandardSupportUntil: time.Date(2022, 6, 30, 23, 59, 59, 0, time.UTC)},
+			"10": {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	case Raspbian:
+		// Not found
+		eol, found = map[string]EOL{}[major(release)]
+	case Ubuntu:
+		// https://wiki.ubuntu.com/Releases
+		eol, found = map[string]EOL{
+			"14.10": {Ended: true},
+			"14.04": {
+				ExtendedSupportUntil: time.Date(2022, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"15.04": {Ended: true},
+			"16.10": {Ended: true},
+			"17.04": {Ended: true},
+			"17.10": {Ended: true},
+			"16.04": {
+				StandardSupportUntil: time.Date(2021, 4, 1, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2024, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"18.04": {
+				StandardSupportUntil: time.Date(2023, 4, 1, 23, 59, 59, 0, time.UTC),
+				ExtendedSupportUntil: time.Date(2028, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"18.10": {Ended: true},
+			"19.04": {Ended: true},
+			"19.10": {Ended: true},
+			"20.04": {
+				StandardSupportUntil: time.Date(2025, 4, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"21.04": {
+				StandardSupportUntil: time.Date(2022, 1, 1, 23, 59, 59, 0, time.UTC),
+			},
+			"21.10": {
+				StandardSupportUntil: time.Date(2022, 7, 1, 23, 59, 59, 0, time.UTC),
+			},
+		}[release]
+	case SUSEEnterpriseServer:
+		//TODO
+	case Alpine:
+		// https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/alpine/alpine.go#L19
+		// https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases
+		eol, found = map[string]EOL{
+			"2.0":  {Ended: true},
+			"2.1":  {Ended: true},
+			"2.2":  {Ended: true},
+			"2.3":  {Ended: true},
+			"2.4":  {Ended: true},
+			"2.5":  {Ended: true},
+			"2.6":  {Ended: true},
+			"2.7":  {Ended: true},
+			"3.0":  {Ended: true},
+			"3.1":  {Ended: true},
+			"3.2":  {Ended: true},
+			"3.3":  {Ended: true},
+			"3.4":  {Ended: true},
+			"3.5":  {Ended: true},
+			"3.6":  {Ended: true},
+			"3.7":  {Ended: true},
+			"3.8":  {Ended: true},
+			"3.9":  {Ended: true},
+			"3.10": {StandardSupportUntil: time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC)},
+			"3.11": {StandardSupportUntil: time.Date(2021, 11, 1, 23, 59, 59, 0, time.UTC)},
+			"3.12": {StandardSupportUntil: time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC)},
+		}[majorDotMinor(release)]
+	case FreeBSD:
+		// https://www.freebsd.org/security/
+		eol, found = map[string]EOL{
+			"7":  {Ended: true},
+			"8":  {Ended: true},
+			"9":  {Ended: true},
+			"10": {Ended: true},
+			"11": {StandardSupportUntil: time.Date(2021, 9, 30, 23, 59, 59, 0, time.UTC)},
+			"12": {StandardSupportUntil: time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC)},
+		}[major(release)]
+	}
+	return
+}
+
+func major(osVer string) (majorVersion string) {
+	return strings.Split(osVer, ".")[0]
+}
+
+func majorDotMinor(osVer string) (majorDotMinor string) {
+	ss := strings.SplitN(osVer, ".", 3)
+	if len(ss) == 1 {
+		return osVer
+	}
+	return fmt.Sprintf("%s.%s", ss[0], ss[1])
+}
+
+func isAmazonLinux1(osRelease string) bool {
+	return len(strings.Fields(osRelease)) == 1
+}
--- a/config/os_test.go
+++ b/config/os_test.go
@@ -0,0 +1,373 @@
+package config
+
+import (
+	"testing"
+	"time"
+)
+
+func TestEOL_IsStandardSupportEnded(t *testing.T) {
+	type fields struct {
+		family  string
+		release string
+	}
+	tests := []struct {
+		name     string
+		fields   fields
+		now      time.Time
+		found    bool
+		stdEnded bool
+		extEnded bool
+	}{
+		// Amazon Linux
+		{
+			name:     "amazon linux 1 supported",
+			fields:   fields{family: Amazon, release: "2018.03"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "amazon linux 1 eol on 2023-6-30",
+			fields:   fields{family: Amazon, release: "2018.03"},
+			now:      time.Date(2023, 7, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "amazon linux 2 supported",
+			fields:   fields{family: Amazon, release: "2 (Karoo)"},
+			now:      time.Date(2023, 7, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		//RHEL
+		{
+			name:     "RHEL7 supported",
+			fields:   fields{family: RedHat, release: "7"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "RHEL8 supported",
+			fields:   fields{family: RedHat, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "RHEL6 eol",
+			fields:   fields{family: RedHat, release: "6"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "RHEL9 not found",
+			fields:   fields{family: RedHat, release: "9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		//CentOS
+		{
+			name:     "CentOS 7 supported",
+			fields:   fields{family: CentOS, release: "7"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "CentOS 8 supported",
+			fields:   fields{family: CentOS, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "CentOS 6 eol",
+			fields:   fields{family: CentOS, release: "6"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "CentOS 9 not found",
+			fields:   fields{family: CentOS, release: "9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		//Oracle
+		{
+			name:     "Oracle Linux 7 supported",
+			fields:   fields{family: Oracle, release: "7"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Oracle Linux 8 supported",
+			fields:   fields{family: Oracle, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Oracle Linux 6 eol",
+			fields:   fields{family: Oracle, release: "6"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Oracle Linux 9 not found",
+			fields:   fields{family: Oracle, release: "9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		//Ubuntu
+		{
+			name:     "Ubuntu 18.04 supported",
+			fields:   fields{family: Ubuntu, release: "18.04"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 18.04 ext supported",
+			fields:   fields{family: Ubuntu, release: "18.04"},
+			now:      time.Date(2025, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 16.04 supported",
+			fields:   fields{family: Ubuntu, release: "18.04"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 14.04 eol",
+			fields:   fields{family: Ubuntu, release: "14.04"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 14.10 eol",
+			fields:   fields{family: Ubuntu, release: "14.10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Ubuntu 12.10 not found",
+			fields:   fields{family: Ubuntu, release: "12.10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			found:    false,
+			stdEnded: false,
+			extEnded: false,
+		},
+		{
+			name:     "Ubuntu 21.04 supported",
+			fields:   fields{family: Ubuntu, release: "21.04"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			found:    true,
+			stdEnded: false,
+			extEnded: false,
+		},
+		//Debian
+		{
+			name:     "Debian 9 supported",
+			fields:   fields{family: Debian, release: "9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Debian 10 supported",
+			fields:   fields{family: Debian, release: "10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Debian 8 supported",
+			fields:   fields{family: Debian, release: "8"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Debian 11 supported",
+			fields:   fields{family: Debian, release: "11"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		//alpine
+		{
+			name:     "alpine 3.10 supported",
+			fields:   fields{family: Alpine, release: "3.10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alpine 3.11 supported",
+			fields:   fields{family: Alpine, release: "3.11"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Alpine 3.12 supported",
+			fields:   fields{family: Alpine, release: "3.12"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "Debian 3.9 eol",
+			fields:   fields{family: Alpine, release: "3.9"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "Debian 3.13 not found",
+			fields:   fields{family: Alpine, release: "3.13"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    false,
+		},
+		// freebsd
+		{
+			name:     "freebsd 11 supported",
+			fields:   fields{family: FreeBSD, release: "11"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "freebsd 11 eol on 2021-9-30",
+			fields:   fields{family: FreeBSD, release: "11"},
+			now:      time.Date(2021, 10, 1, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+		{
+			name:     "freebsd 12 supported",
+			fields:   fields{family: FreeBSD, release: "12"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: false,
+			extEnded: false,
+			found:    true,
+		},
+		{
+			name:     "freebsd 10 eol",
+			fields:   fields{family: FreeBSD, release: "10"},
+			now:      time.Date(2021, 1, 6, 23, 59, 59, 0, time.UTC),
+			stdEnded: true,
+			extEnded: true,
+			found:    true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			eol, found := GetEOL(tt.fields.family, tt.fields.release)
+			if found != tt.found {
+				t.Errorf("GetEOL.found = %v, want %v", found, tt.found)
+			}
+			if found {
+				if got := eol.IsStandardSupportEnded(tt.now); got != tt.stdEnded {
+					t.Errorf("EOL.IsStandardSupportEnded() = %v, want %v", got, tt.stdEnded)
+				}
+				if got := eol.IsExtendedSuppportEnded(tt.now); got != tt.extEnded {
+					t.Errorf("EOL.IsExtendedSupportEnded() = %v, want %v", got, tt.extEnded)
+				}
+			}
+		})
+	}
+}
+
+func Test_majorDotMinor(t *testing.T) {
+	type args struct {
+		osVer string
+	}
+	tests := []struct {
+		name              string
+		args              args
+		wantMajorDotMinor string
+	}{
+		{
+			name: "empty",
+			args: args{
+				osVer: "",
+			},
+			wantMajorDotMinor: "",
+		},
+		{
+			name: "major",
+			args: args{
+				osVer: "3",
+			},
+			wantMajorDotMinor: "3",
+		},
+		{
+			name: "major dot minor",
+			args: args{
+				osVer: "3.1",
+			},
+			wantMajorDotMinor: "3.1",
+		},
+		{
+			name: "major dot minor dot release",
+			args: args{
+				osVer: "3.1.4",
+			},
+			wantMajorDotMinor: "3.1",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if gotMajorDotMinor := majorDotMinor(tt.args.osVer); gotMajorDotMinor != tt.wantMajorDotMinor {
+				t.Errorf("majorDotMinor() = %v, want %v", gotMajorDotMinor, tt.wantMajorDotMinor)
+			}
+		})
+	}
+}
--- a/config/saasconf.go
+++ b/config/saasconf.go
@@ -0,0 +1,34 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// SaasConf is FutureVuls config
+type SaasConf struct {
+	GroupID int64  `json:"-"`
+	Token   string `json:"-"`
+	URL     string `json:"-"`
+}
+
+// Validate validates configuration
+func (c *SaasConf) Validate() (errs []error) {
+	if c.GroupID == 0 {
+		errs = append(errs, xerrors.New("GroupID must not be empty"))
+	}
+
+	if len(c.Token) == 0 {
+		errs = append(errs, xerrors.New("Token must not be empty"))
+	}
+
+	if len(c.URL) == 0 {
+		errs = append(errs, xerrors.New("URL must not be empty"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/scanmode.go
+++ b/config/scanmode.go
@@ -0,0 +1,110 @@
+package config
+
+import (
+	"strings"
+
+	"golang.org/x/xerrors"
+)
+
+// ScanMode has a type of scan mode. fast, fast-root, deep and offline
+type ScanMode struct {
+	flag byte
+}
+
+const (
+	// Fast is fast scan mode
+	Fast = byte(1 << iota)
+	// FastRoot is scanmode
+	FastRoot
+	// Deep is scanmode
+	Deep
+	// Offline is scanmode
+	Offline
+
+	fastStr     = "fast"
+	fastRootStr = "fast-root"
+	deepStr     = "deep"
+	offlineStr  = "offline"
+)
+
+// Set mode
+func (s *ScanMode) Set(f byte) {
+	s.flag |= f
+}
+
+// IsFast return whether scan mode is fast
+func (s ScanMode) IsFast() bool {
+	return s.flag&Fast == Fast
+}
+
+// IsFastRoot return whether scan mode is fastroot
+func (s ScanMode) IsFastRoot() bool {
+	return s.flag&FastRoot == FastRoot
+}
+
+// IsDeep return whether scan mode is deep
+func (s ScanMode) IsDeep() bool {
+	return s.flag&Deep == Deep
+}
+
+// IsOffline return whether scan mode is offline
+func (s ScanMode) IsOffline() bool {
+	return s.flag&Offline == Offline
+}
+
+func (s *ScanMode) ensure() error {
+	numTrue := 0
+	for _, b := range []bool{s.IsFast(), s.IsFastRoot(), s.IsDeep()} {
+		if b {
+			numTrue++
+		}
+	}
+	if numTrue == 0 {
+		s.Set(Fast)
+	} else if s.IsDeep() && s.IsOffline() {
+		return xerrors.New("Don't specify both of deep and offline")
+	} else if numTrue != 1 {
+		return xerrors.New("Specify only one of offline, fast, fast-root or deep")
+	}
+	return nil
+}
+
+func (s ScanMode) String() string {
+	ss := ""
+	if s.IsFast() {
+		ss = fastStr
+	} else if s.IsFastRoot() {
+		ss = fastRootStr
+	} else if s.IsDeep() {
+		ss = deepStr
+	}
+	if s.IsOffline() {
+		ss += " " + offlineStr
+	}
+	return ss + " mode"
+}
+
+func setScanMode(server *ServerInfo, d ServerInfo) error {
+	if len(server.ScanMode) == 0 {
+		server.ScanMode = Conf.Default.ScanMode
+	}
+	for _, m := range server.ScanMode {
+		switch strings.ToLower(m) {
+		case fastStr:
+			server.Mode.Set(Fast)
+		case fastRootStr:
+			server.Mode.Set(FastRoot)
+		case deepStr:
+			server.Mode.Set(Deep)
+		case offlineStr:
+			server.Mode.Set(Offline)
+		default:
+			return xerrors.Errorf("scanMode: %s of %s is invalid. Specify -fast, -fast-root, -deep or offline",
+				m, server.ServerName)
+		}
+	}
+	if err := server.Mode.ensure(); err != nil {
+		return xerrors.Errorf("%s in %s", err, server.ServerName)
+	}
+	return nil
+}
--- a/config/scanmodule.go
+++ b/config/scanmodule.go
@@ -0,0 +1,97 @@
+package config
+
+import (
+	"strings"
+
+	"golang.org/x/xerrors"
+)
+
+// ScanModule has a type of scan module
+type ScanModule struct {
+	flag byte
+}
+
+const (
+	// OSPkg is scanmodule
+	OSPkg = byte(1 << iota)
+	// WordPress is scanmodule
+	WordPress
+	// Lockfile is scanmodule
+	Lockfile
+	// Port is scanmodule
+	Port
+
+	osPkgStr     = "ospkg"
+	wordPressStr = "wordpress"
+	lockfileStr  = "lockfile"
+	portStr      = "port"
+)
+
+var allModules = []string{osPkgStr, wordPressStr, lockfileStr, portStr}
+
+// Set module
+func (s *ScanModule) Set(f byte) {
+	s.flag |= f
+}
+
+// IsScanOSPkg return whether scanning os pkg
+func (s ScanModule) IsScanOSPkg() bool {
+	return s.flag&OSPkg == OSPkg
+}
+
+// IsScanWordPress return whether scanning wordpress
+func (s ScanModule) IsScanWordPress() bool {
+	return s.flag&WordPress == WordPress
+}
+
+// IsScanLockFile whether scanning lock file
+func (s ScanModule) IsScanLockFile() bool {
+	return s.flag&Lockfile == Lockfile
+}
+
+// IsScanPort whether scanning listening ports
+func (s ScanModule) IsScanPort() bool {
+	return s.flag&Port == Port
+}
+
+// IsZero return the struct value are all false
+func (s ScanModule) IsZero() bool {
+	return !(s.IsScanOSPkg() || s.IsScanWordPress() || s.IsScanLockFile() || s.IsScanPort())
+}
+
+func (s *ScanModule) ensure() error {
+	if s.IsZero() {
+		s.Set(OSPkg)
+		s.Set(WordPress)
+		s.Set(Lockfile)
+		s.Set(Port)
+	} else if !s.IsScanOSPkg() && s.IsScanPort() {
+		return xerrors.New("When specifying the Port, Specify OSPkg as well")
+	}
+	return nil
+}
+
+func setScanModules(server *ServerInfo, d ServerInfo) error {
+	if len(server.ScanModules) == 0 {
+		server.ScanModules = d.ScanModules
+	}
+	for _, m := range server.ScanModules {
+		switch strings.ToLower(m) {
+		case osPkgStr:
+			server.Module.Set(OSPkg)
+		case wordPressStr:
+			server.Module.Set(WordPress)
+		case lockfileStr:
+			server.Module.Set(Lockfile)
+		case portStr:
+			server.Module.Set(Port)
+		default:
+			return xerrors.Errorf("scanMode: %s of %s is invalid. Specify %s",
+				m, server.ServerName, allModules)
+		}
+	}
+	if err := server.Module.ensure(); err != nil {
+		return xerrors.Errorf("%s in %s", err, server.ServerName)
+	}
+	return nil
+}
--- a/config/scanmodule_test.go
+++ b/config/scanmodule_test.go
@@ -0,0 +1,65 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestScanModule_IsZero(t *testing.T) {
+	tests := []struct {
+		name  string
+		modes []byte
+		want  bool
+	}{
+		{
+			name:  "not zero",
+			modes: []byte{OSPkg},
+			want:  false,
+		},
+		{
+			name:  "zero",
+			modes: []byte{},
+			want:  true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := ScanModule{}
+			for _, b := range tt.modes {
+				s.Set(b)
+			}
+			if got := s.IsZero(); got != tt.want {
+				t.Errorf("ScanModule.IsZero() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestScanModule_validate(t *testing.T) {
+	tests := []struct {
+		name    string
+		modes   []byte
+		wantErr bool
+	}{
+		{
+			name:    "valid",
+			modes:   []byte{},
+			wantErr: false,
+		},
+		{
+			name:    "err",
+			modes:   []byte{WordPress, Lockfile, Port},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := ScanModule{}
+			for _, b := range tt.modes {
+				s.Set(b)
+			}
+			if err := s.ensure(); (err != nil) != tt.wantErr {
+				t.Errorf("ScanModule.validate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
--- a/config/slackconf.go
+++ b/config/slackconf.go
@@ -0,0 +1,51 @@
+package config
+
+import (
+	"strings"
+
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// SlackConf is slack config
+type SlackConf struct {
+	HookURL     string   `valid:"url" json:"-" toml:"hookURL,omitempty"`
+	LegacyToken string   `json:"-" toml:"legacyToken,omitempty"`
+	Channel     string   `json:"-" toml:"channel,omitempty"`
+	IconEmoji   string   `json:"-" toml:"iconEmoji,omitempty"`
+	AuthUser    string   `json:"-" toml:"authUser,omitempty"`
+	NotifyUsers []string `toml:"notifyUsers,omitempty" json:"-"`
+	Text        string   `json:"-"`
+}
+
+// Validate validates configuration
+func (c *SlackConf) Validate() (errs []error) {
+	if !Conf.ToSlack {
+		return
+	}
+
+	if len(c.HookURL) == 0 && len(c.LegacyToken) == 0 {
+		errs = append(errs, xerrors.New("slack.hookURL or slack.LegacyToken must not be empty"))
+	}
+
+	if len(c.Channel) == 0 {
+		errs = append(errs, xerrors.New("slack.channel must not be empty"))
+	} else {
+		if !(strings.HasPrefix(c.Channel, "#") ||
+			c.Channel == "${servername}") {
+			errs = append(errs, xerrors.Errorf(
+				"channel's prefix must be '#', channel: %s", c.Channel))
+		}
+	}
+
+	if len(c.AuthUser) == 0 {
+		errs = append(errs, xerrors.New("slack.authUser must not be empty"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+
+	return
+}
--- a/config/smtpconf.go
+++ b/config/smtpconf.go
@@ -0,0 +1,65 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// SMTPConf is smtp config
+type SMTPConf struct {
+	SMTPAddr      string   `toml:"smtpAddr,omitempty" json:"-"`
+	SMTPPort      string   `toml:"smtpPort,omitempty" valid:"port" json:"-"`
+	User          string   `toml:"user,omitempty" json:"-"`
+	Password      string   `toml:"password,omitempty" json:"-"`
+	From          string   `toml:"from,omitempty" json:"-"`
+	To            []string `toml:"to,omitempty" json:"-"`
+	Cc            []string `toml:"cc,omitempty" json:"-"`
+	SubjectPrefix string   `toml:"subjectPrefix,omitempty" json:"-"`
+}
+
+func checkEmails(emails []string) (errs []error) {
+	for _, addr := range emails {
+		if len(addr) == 0 {
+			return
+		}
+		if ok := govalidator.IsEmail(addr); !ok {
+			errs = append(errs, xerrors.Errorf("Invalid email address. email: %s", addr))
+		}
+	}
+	return
+}
+
+// Validate SMTP configuration
+func (c *SMTPConf) Validate() (errs []error) {
+	if !Conf.ToEmail {
+		return
+	}
+	// Check Emails fromat
+	emails := []string{}
+	emails = append(emails, c.From)
+	emails = append(emails, c.To...)
+	emails = append(emails, c.Cc...)
+
+	if emailErrs := checkEmails(emails); 0 < len(emailErrs) {
+		errs = append(errs, emailErrs...)
+	}
+
+	if len(c.SMTPAddr) == 0 {
+		errs = append(errs, xerrors.New("email.smtpAddr must not be empty"))
+	}
+	if len(c.SMTPPort) == 0 {
+		errs = append(errs, xerrors.New("email.smtpPort must not be empty"))
+	}
+	if len(c.To) == 0 {
+		errs = append(errs, xerrors.New("email.To required at least one address"))
+	}
+	if len(c.From) == 0 {
+		errs = append(errs, xerrors.New("email.From required at least one address"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/syslogconf.go
+++ b/config/syslogconf.go
@@ -0,0 +1,129 @@
+package config
+
+import (
+	"errors"
+	"log/syslog"
+
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// SyslogConf is syslog config
+type SyslogConf struct {
+	Protocol string `json:"-"`
+	Host     string `valid:"host" json:"-"`
+	Port     string `valid:"port" json:"-"`
+	Severity string `json:"-"`
+	Facility string `json:"-"`
+	Tag      string `json:"-"`
+	Verbose  bool   `json:"-"`
+}
+
+// Validate validates configuration
+func (c *SyslogConf) Validate() (errs []error) {
+	if !Conf.ToSyslog {
+		return nil
+	}
+	//  If protocol is empty, it will connect to the local syslog server.
+	if len(c.Protocol) > 0 && c.Protocol != "tcp" && c.Protocol != "udp" {
+		errs = append(errs, errors.New(`syslog.protocol must be "tcp" or "udp"`))
+	}
+
+	// Default port: 514
+	if c.Port == "" {
+		c.Port = "514"
+	}
+
+	if _, err := c.GetSeverity(); err != nil {
+		errs = append(errs, err)
+	}
+
+	if _, err := c.GetFacility(); err != nil {
+		errs = append(errs, err)
+	}
+
+	if _, err := govalidator.ValidateStruct(c); err != nil {
+		errs = append(errs, err)
+	}
+	return errs
+}
+
+// GetSeverity gets severity
+func (c *SyslogConf) GetSeverity() (syslog.Priority, error) {
+	if c.Severity == "" {
+		return syslog.LOG_INFO, nil
+	}
+
+	switch c.Severity {
+	case "emerg":
+		return syslog.LOG_EMERG, nil
+	case "alert":
+		return syslog.LOG_ALERT, nil
+	case "crit":
+		return syslog.LOG_CRIT, nil
+	case "err":
+		return syslog.LOG_ERR, nil
+	case "warning":
+		return syslog.LOG_WARNING, nil
+	case "notice":
+		return syslog.LOG_NOTICE, nil
+	case "info":
+		return syslog.LOG_INFO, nil
+	case "debug":
+		return syslog.LOG_DEBUG, nil
+	default:
+		return -1, xerrors.Errorf("Invalid severity: %s", c.Severity)
+	}
+}
+
+// GetFacility gets facility
+func (c *SyslogConf) GetFacility() (syslog.Priority, error) {
+	if c.Facility == "" {
+		return syslog.LOG_AUTH, nil
+	}
+
+	switch c.Facility {
+	case "kern":
+		return syslog.LOG_KERN, nil
+	case "user":
+		return syslog.LOG_USER, nil
+	case "mail":
+		return syslog.LOG_MAIL, nil
+	case "daemon":
+		return syslog.LOG_DAEMON, nil
+	case "auth":
+		return syslog.LOG_AUTH, nil
+	case "syslog":
+		return syslog.LOG_SYSLOG, nil
+	case "lpr":
+		return syslog.LOG_LPR, nil
+	case "news":
+		return syslog.LOG_NEWS, nil
+	case "uucp":
+		return syslog.LOG_UUCP, nil
+	case "cron":
+		return syslog.LOG_CRON, nil
+	case "authpriv":
+		return syslog.LOG_AUTHPRIV, nil
+	case "ftp":
+		return syslog.LOG_FTP, nil
+	case "local0":
+		return syslog.LOG_LOCAL0, nil
+	case "local1":
+		return syslog.LOG_LOCAL1, nil
+	case "local2":
+		return syslog.LOG_LOCAL2, nil
+	case "local3":
+		return syslog.LOG_LOCAL3, nil
+	case "local4":
+		return syslog.LOG_LOCAL4, nil
+	case "local5":
+		return syslog.LOG_LOCAL5, nil
+	case "local6":
+		return syslog.LOG_LOCAL6, nil
+	case "local7":
+		return syslog.LOG_LOCAL7, nil
+	default:
+		return -1, xerrors.Errorf("Invalid facility: %s", c.Facility)
+	}
+}
--- a/config/telegramconf.go
+++ b/config/telegramconf.go
@@ -0,0 +1,32 @@
+package config
+
+import (
+	"github.com/asaskevich/govalidator"
+	"golang.org/x/xerrors"
+)
+
+// TelegramConf is Telegram config
+type TelegramConf struct {
+	Token  string `json:"-"`
+	ChatID string `json:"-"`
+}
+
+// Validate validates configuration
+func (c *TelegramConf) Validate() (errs []error) {
+	if !Conf.ToTelegram {
+		return
+	}
+	if len(c.ChatID) == 0 {
+		errs = append(errs, xerrors.New("TelegramConf.ChatID must not be empty"))
+	}
+
+	if len(c.Token) == 0 {
+		errs = append(errs, xerrors.New("TelegramConf.Token must not be empty"))
+	}
+
+	_, err := govalidator.ValidateStruct(c)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	return
+}
--- a/config/tomlloader.go
+++ b/config/tomlloader.go
@@ -1,7 +1,6 @@
 package config

 import (
-	"os"
 	"regexp"
 	"strings"

@@ -16,271 +15,213 @@ type TOMLLoader struct {

 // Load load the configuration TOML file specified by path arg.
 func (c TOMLLoader) Load(pathToToml, keyPass string) error {
-	var conf Config
-	if _, err := toml.DecodeFile(pathToToml, &conf); err != nil {
+	if _, err := toml.DecodeFile(pathToToml, &Conf); err != nil {
 		return err
 	}
-	Conf.EMail = conf.EMail
-	Conf.Slack = conf.Slack
-	Conf.Stride = conf.Stride
-	Conf.HipChat = conf.HipChat
-	Conf.ChatWork = conf.ChatWork
-	Conf.Telegram = conf.Telegram
-	Conf.Saas = conf.Saas
-	Conf.Syslog = conf.Syslog
-	Conf.HTTP = conf.HTTP
-	Conf.AWS = conf.AWS
-	Conf.Azure = conf.Azure
-
-	Conf.CveDict = conf.CveDict
-	Conf.OvalDict = conf.OvalDict
-	Conf.Gost = conf.Gost
-	Conf.Exploit = conf.Exploit
-
-	d := conf.Default
-	Conf.Default = d
-	servers := make(map[string]ServerInfo)
-
 	if keyPass != "" {
-		d.KeyPassword = keyPass
+		Conf.Default.KeyPassword = keyPass
 	}

-	i := 0
-	for serverName, v := range conf.Servers {
-		if 0 < len(v.KeyPassword) {
-			return xerrors.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", serverName)
+	Conf.CveDict.Init()
+	Conf.OvalDict.Init()
+	Conf.Gost.Init()
+	Conf.Exploit.Init()
+	Conf.Metasploit.Init()
+
+	index := 0
+	for name, server := range Conf.Servers {
+		server.ServerName = name
+		if 0 < len(server.KeyPassword) {
+			return xerrors.Errorf("[Deprecated] KEYPASSWORD IN CONFIG FILE ARE UNSECURE. REMOVE THEM IMMEDIATELY FOR A SECURITY REASONS. THEY WILL BE REMOVED IN A FUTURE RELEASE: %s", name)
 		}

-		s := ServerInfo{ServerName: serverName}
-		s.Images = make(map[string]Image)
-
-		// image are able to set any server type
-		for name, image := range v.Images {
-			if err := IsValidImage(image); err != nil {
-				return err
-			}
-			s.Images[name] = image
+		if err := setDefaultIfEmpty(&server, Conf.Default); err != nil {
+			return xerrors.Errorf("Failed to set default value to config. server: %s, err: %w", name, err)
 		}

-		if v.Type != ServerTypePseudo {
-			s.Host = v.Host
-			if len(s.Host) == 0 {
-				return xerrors.Errorf("%s is invalid. host is empty", serverName)
-			}
-
-			switch {
-			case v.Port != "":
-				s.Port = v.Port
-			case d.Port != "":
-				s.Port = d.Port
-			default:
-				s.Port = "22"
-			}
-
-			switch {
-			case v.User != "":
-				s.User = v.User
-			case d.User != "":
-				s.User = d.User
-			default:
-				if s.Port != "local" {
-					return xerrors.Errorf("%s is invalid. User is empty", serverName)
-				}
-			}
-
-			s.KeyPath = v.KeyPath
-			if len(s.KeyPath) == 0 {
-				s.KeyPath = d.KeyPath
-			}
-			if s.KeyPath != "" {
-				if _, err := os.Stat(s.KeyPath); err != nil {
-					return xerrors.Errorf(
-						"%s is invalid. keypath: %s not exists", serverName, s.KeyPath)
-				}
-			}
-
-			s.KeyPassword = v.KeyPassword
-			if len(s.KeyPassword) == 0 {
-				s.KeyPassword = d.KeyPassword
-			}
+		if err := setScanMode(&server, Conf.Default); err != nil {
+			return xerrors.Errorf("Failed to set ScanMode: %w", err)
 		}

-		s.ScanMode = v.ScanMode
-		if len(s.ScanMode) == 0 {
-			s.ScanMode = d.ScanMode
-			if len(s.ScanMode) == 0 {
-				s.ScanMode = []string{"fast"}
-			}
-		}
-		for _, m := range s.ScanMode {
-			switch m {
-			case "fast":
-				s.Mode.Set(Fast)
-			case "fast-root":
-				s.Mode.Set(FastRoot)
-			case "deep":
-				s.Mode.Set(Deep)
-			case "offline":
-				s.Mode.Set(Offline)
-			default:
-				return xerrors.Errorf("scanMode: %s of %s is invalie. Specify -fast, -fast-root, -deep or offline", m, serverName)
-			}
-		}
-		if err := s.Mode.validate(); err != nil {
-			return xerrors.Errorf("%s in %s", err, serverName)
+		if err := setScanModules(&server, Conf.Default); err != nil {
+			return xerrors.Errorf("Failed to set ScanModule: %w", err)
 		}

-		s.CpeNames = v.CpeNames
-		if len(s.CpeNames) == 0 {
-			s.CpeNames = d.CpeNames
+		if len(server.CpeNames) == 0 {
+			server.CpeNames = Conf.Default.CpeNames
 		}
-
-		s.Lockfiles = v.Lockfiles
-		if len(s.Lockfiles) == 0 {
-			s.Lockfiles = d.Lockfiles
-		}
-
-		s.FindLock = v.FindLock
-
-		for i, n := range s.CpeNames {
+		for i, n := range server.CpeNames {
 			uri, err := toCpeURI(n)
 			if err != nil {
-				return xerrors.Errorf("Failed to parse CPENames %s in %s, err: %w", n, serverName, err)
+				return xerrors.Errorf("Failed to parse CPENames %s in %s, err: %w", n, name, err)
 			}
-			s.CpeNames[i] = uri
+			server.CpeNames[i] = uri
 		}

-		s.ContainersIncluded = v.ContainersIncluded
-		if len(s.ContainersIncluded) == 0 {
-			s.ContainersIncluded = d.ContainersIncluded
-		}
-
-		s.ContainersExcluded = v.ContainersExcluded
-		if len(s.ContainersExcluded) == 0 {
-			s.ContainersExcluded = d.ContainersExcluded
-		}
-
-		s.ContainerType = v.ContainerType
-		if len(s.ContainerType) == 0 {
-			s.ContainerType = d.ContainerType
-		}
-
-		s.Containers = v.Containers
-		for contName, cont := range s.Containers {
-			cont.IgnoreCves = append(cont.IgnoreCves, d.IgnoreCves...)
-			s.Containers[contName] = cont
-		}
-
-		if len(v.DependencyCheckXMLPath) != 0 || len(d.DependencyCheckXMLPath) != 0 {
-			return xerrors.Errorf("[DEPRECATED] dependencyCheckXMLPath IS DEPRECATED. USE owaspDCXMLPath INSTEAD: %s", serverName)
-		}
-
-		s.OwaspDCXMLPath = v.OwaspDCXMLPath
-		if len(s.OwaspDCXMLPath) == 0 {
-			s.OwaspDCXMLPath = d.OwaspDCXMLPath
-		}
-
-		s.Memo = v.Memo
-		if s.Memo == "" {
-			s.Memo = d.Memo
-		}
-
-		s.IgnoreCves = v.IgnoreCves
-		for _, cve := range d.IgnoreCves {
+		for _, cve := range Conf.Default.IgnoreCves {
 			found := false
-			for _, c := range s.IgnoreCves {
+			for _, c := range server.IgnoreCves {
 				if cve == c {
 					found = true
 					break
 				}
 			}
 			if !found {
-				s.IgnoreCves = append(s.IgnoreCves, cve)
+				server.IgnoreCves = append(server.IgnoreCves, cve)
 			}
 		}

-		s.IgnorePkgsRegexp = v.IgnorePkgsRegexp
-		for _, pkg := range d.IgnorePkgsRegexp {
+		for _, pkg := range Conf.Default.IgnorePkgsRegexp {
 			found := false
-			for _, p := range s.IgnorePkgsRegexp {
+			for _, p := range server.IgnorePkgsRegexp {
 				if pkg == p {
 					found = true
 					break
 				}
 			}
 			if !found {
-				s.IgnorePkgsRegexp = append(s.IgnorePkgsRegexp, pkg)
+				server.IgnorePkgsRegexp = append(server.IgnorePkgsRegexp, pkg)
 			}
 		}
-		for _, reg := range s.IgnorePkgsRegexp {
+		for _, reg := range server.IgnorePkgsRegexp {
 			_, err := regexp.Compile(reg)
 			if err != nil {
-				return xerrors.Errorf("Faild to parse %s in %s. err: %w", reg, serverName, err)
+				return xerrors.Errorf("Failed to parse %s in %s. err: %w", reg, name, err)
 			}
 		}
-		for contName, cont := range s.Containers {
+		for contName, cont := range server.Containers {
 			for _, reg := range cont.IgnorePkgsRegexp {
 				_, err := regexp.Compile(reg)
 				if err != nil {
-					return xerrors.Errorf("Faild to parse %s in %s@%s. err: %w",
-						reg, contName, serverName, err)
+					return xerrors.Errorf("Failed to parse %s in %s@%s. err: %w",
+						reg, contName, name, err)
 				}
 			}
 		}

-		opt := map[string]interface{}{}
-		for k, v := range d.Optional {
-			opt[k] = v
+		for ownerRepo, githubSetting := range server.GitHubRepos {
+			if ss := strings.Split(ownerRepo, "/"); len(ss) != 2 {
+				return xerrors.Errorf("Failed to parse GitHub owner/repo: %s in %s",
+					ownerRepo, name)
+			}
+			if githubSetting.Token == "" {
+				return xerrors.Errorf("GitHub owner/repo: %s in %s token is empty",
+					ownerRepo, name)
+			}
 		}
-		for k, v := range v.Optional {
-			opt[k] = v
-		}
-		s.Optional = opt

-		s.Enablerepo = v.Enablerepo
-		if len(s.Enablerepo) == 0 {
-			s.Enablerepo = d.Enablerepo
+		if len(server.Enablerepo) == 0 {
+			server.Enablerepo = Conf.Default.Enablerepo
 		}
-		if len(s.Enablerepo) != 0 {
-			for _, repo := range s.Enablerepo {
+		if len(server.Enablerepo) != 0 {
+			for _, repo := range server.Enablerepo {
 				switch repo {
 				case "base", "updates":
 					// nop
 				default:
 					return xerrors.Errorf(
-						"For now, enablerepo have to be base or updates: %s, servername: %s",
-						s.Enablerepo, serverName)
+						"For now, enablerepo have to be base or updates: %s",
+						server.Enablerepo)
 				}
 			}
 		}

-		s.GitHubRepos = v.GitHubRepos
-		for ownerRepo, githubSetting := range s.GitHubRepos {
-			if ss := strings.Split(ownerRepo, "/"); len(ss) != 2 {
-				return xerrors.Errorf("Failed to parse GitHub owner/repo: %s in %s",
-					ownerRepo, serverName)
-			}
-			if githubSetting.Token == "" {
-				return xerrors.Errorf("GitHub owner/repo: %s in %s token is empty",
-					ownerRepo, serverName)
+		server.LogMsgAnsiColor = Colors[index%len(Colors)]
+		index++
+
+		Conf.Servers[name] = server
+	}
+	return nil
+}
+
+func setDefaultIfEmpty(server *ServerInfo, d ServerInfo) error {
+	if server.Type != ServerTypePseudo {
+		if len(server.Host) == 0 {
+			return xerrors.Errorf("server.host is empty")
+		}
+
+		if len(server.JumpServer) == 0 {
+			server.JumpServer = Conf.Default.JumpServer
+		}
+
+		if server.Port == "" {
+			if Conf.Default.Port != "" {
+				server.Port = Conf.Default.Port
+			} else {
+				server.Port = "22"
 			}
 		}

-		s.UUIDs = v.UUIDs
-		s.Type = v.Type
+		if server.User == "" {
+			if Conf.Default.User != "" {
+				server.User = Conf.Default.User
+			}
+			if server.Port != "local" {
+				return xerrors.Errorf("server.user is empty")
+			}
+		}

-		s.WordPress.WPVulnDBToken = v.WordPress.WPVulnDBToken
-		s.WordPress.CmdPath = v.WordPress.CmdPath
-		s.WordPress.DocRoot = v.WordPress.DocRoot
-		s.WordPress.OSUser = v.WordPress.OSUser
-		s.WordPress.IgnoreInactive = v.WordPress.IgnoreInactive
+		if server.SSHConfigPath == "" {
+			server.SSHConfigPath = Conf.Default.SSHConfigPath
+		}

-		s.LogMsgAnsiColor = Colors[i%len(Colors)]
-		i++
+		if server.KeyPath == "" {
+			server.KeyPath = Conf.Default.KeyPath
+		}

-		servers[serverName] = s
+		if server.KeyPassword == "" {
+			server.KeyPassword = Conf.Default.KeyPassword
+		}
 	}
-	Conf.Servers = servers
+
+	if len(server.Lockfiles) == 0 {
+		server.Lockfiles = Conf.Default.Lockfiles
+	}
+
+	if len(server.ContainersIncluded) == 0 {
+		server.ContainersIncluded = Conf.Default.ContainersIncluded
+	}
+
+	if len(server.ContainersExcluded) == 0 {
+		server.ContainersExcluded = Conf.Default.ContainersExcluded
+	}
+
+	if server.ContainerType == "" {
+		server.ContainerType = Conf.Default.ContainerType
+	}
+
+	for contName, cont := range server.Containers {
+		cont.IgnoreCves = append(cont.IgnoreCves, Conf.Default.IgnoreCves...)
+		server.Containers[contName] = cont
+	}
+
+	if server.OwaspDCXMLPath == "" {
+		server.OwaspDCXMLPath = Conf.Default.OwaspDCXMLPath
+	}
+
+	if server.Memo == "" {
+		server.Memo = Conf.Default.Memo
+	}
+
+	// TODO set default WordPress
+	if server.WordPress == nil {
+		server.WordPress = &WordPressConf{}
+	}
+	//TODO set nil in config re-generate in saas subcmd
+
+	if len(server.IgnoredJSONKeys) == 0 {
+		server.IgnoredJSONKeys = Conf.Default.IgnoredJSONKeys
+	}
+
+	opt := map[string]interface{}{}
+	for k, v := range Conf.Default.Optional {
+		opt[k] = v
+	}
+	for k, v := range server.Optional {
+		opt[k] = v
+	}
+	server.Optional = opt
+
 	return nil
 }

@@ -298,16 +239,5 @@ func toCpeURI(cpename string) (string, error) {
 		}
 		return naming.BindToURI(wfn), nil
 	}
-	return "", xerrors.Errorf("Unknow CPE format: %s", cpename)
-}
-
-// IsValidImage checks a container configuration
-func IsValidImage(c Image) error {
-	if c.Name == "" {
-		return xerrors.New("Invalid arguments : no image name")
-	}
-	if c.Tag == "" {
-		return xerrors.New("Invalid arguments : no image tag")
-	}
-	return nil
+	return "", xerrors.Errorf("Unknown CPE format: %s", cpename)
 }
--- a/contrib/future-vuls/README.md
+++ b/contrib/future-vuls/README.md
@@ -0,0 +1,38 @@
+# future-vuls
+
+## Main Features
+
+- upload vuls results json to future-vuls
+
+## Installation
+
+```
+git clone https://github.com/future-architect/vuls.git
+make build-future-vuls
+```
+
+## Command Reference
+
+```
+Upload to FutureVuls
+
+Usage:
+  future-vuls upload [flags]
+
+Flags:
+      --config string   config file (default is $HOME/.cobra.yaml)
+  -g, --group-id int    future vuls group id, ENV: VULS_GROUP_ID
+  -h, --help            help for upload
+  -s, --stdin           input from stdin. ENV: VULS_STDIN
+  -t, --token string    future vuls token
+      --url string      future vuls upload url
+      --uuid string     server uuid. ENV: VULS_SERVER_UUID
+```
+
+## Usage
+
+- update results json
+
+```
+ cat results.json | future-vuls upload --stdin --token xxxx --url https://xxxx --group-id 1 --uuid xxxx
+```
--- a/contrib/future-vuls/cmd/main.go
+++ b/contrib/future-vuls/cmd/main.go
@@ -0,0 +1,98 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"os"
+	"strconv"
+
+	"github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/saas"
+	"github.com/spf13/cobra"
+)
+
+var (
+	configFile string
+	stdIn      bool
+	jsonDir    string
+	serverUUID string
+	groupID    int64
+	token      string
+	url        string
+)
+
+func main() {
+	var err error
+	var cmdFvulsUploader = &cobra.Command{
+		Use:   "upload",
+		Short: "Upload to FutureVuls",
+		Long:  `Upload to FutureVuls`,
+		Run: func(cmd *cobra.Command, args []string) {
+			if len(serverUUID) == 0 {
+				serverUUID = os.Getenv("VULS_SERVER_UUID")
+			}
+			if groupID == 0 {
+				envGroupID := os.Getenv("VULS_GROUP_ID")
+				if groupID, err = strconv.ParseInt(envGroupID, 10, 64); err != nil {
+					fmt.Printf("Invalid GroupID: %s\n", envGroupID)
+					return
+				}
+			}
+			if len(url) == 0 {
+				url = os.Getenv("VULS_URL")
+			}
+			if len(token) == 0 {
+				token = os.Getenv("VULS_TOKEN")
+			}
+
+			var scanResultJSON []byte
+			if stdIn {
+				reader := bufio.NewReader(os.Stdin)
+				buf := new(bytes.Buffer)
+				if _, err = buf.ReadFrom(reader); err != nil {
+					return
+				}
+				scanResultJSON = buf.Bytes()
+			} else {
+				fmt.Println("use --stdin option")
+				os.Exit(1)
+				return
+			}
+
+			var scanResult models.ScanResult
+			if err = json.Unmarshal(scanResultJSON, &scanResult); err != nil {
+				fmt.Println("Failed to parse json", err)
+				os.Exit(1)
+				return
+			}
+			scanResult.ServerUUID = serverUUID
+
+			config.Conf.Saas.GroupID = groupID
+			config.Conf.Saas.Token = token
+			config.Conf.Saas.URL = url
+			if err = (saas.Writer{}).Write(scanResult); err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+				return
+			}
+			return
+		},
+	}
+	cmdFvulsUploader.PersistentFlags().StringVar(&serverUUID, "uuid", "", "server uuid. ENV: VULS_SERVER_UUID")
+	cmdFvulsUploader.PersistentFlags().StringVar(&configFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
+	cmdFvulsUploader.PersistentFlags().BoolVarP(&stdIn, "stdin", "s", false, "input from stdin. ENV: VULS_STDIN")
+	// TODO Read JSON file from directory
+	//	cmdFvulsUploader.Flags().StringVarP(&jsonDir, "results-dir", "d", "./", "vuls scan results json dir")
+	cmdFvulsUploader.PersistentFlags().Int64VarP(&groupID, "group-id", "g", 0, "future vuls group id, ENV: VULS_GROUP_ID")
+	cmdFvulsUploader.PersistentFlags().StringVarP(&token, "token", "t", "", "future vuls token")
+	cmdFvulsUploader.PersistentFlags().StringVar(&url, "url", "", "future vuls upload url")
+
+	var rootCmd = &cobra.Command{Use: "future-vuls"}
+	rootCmd.AddCommand(cmdFvulsUploader)
+	if err = rootCmd.Execute(); err != nil {
+		fmt.Println("Failed to execute command", err)
+	}
+}
--- a/contrib/owasp-dependency-check/parser/parser.go
+++ b/contrib/owasp-dependency-check/parser/parser.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"strings"

+	"github.com/knqyf263/go-cpe/naming"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/xerrors"
 )
@@ -15,12 +16,11 @@ type analysis struct {
 }

 type dependency struct {
-	Identifiers []identifier `xml:"identifiers>identifier"`
+	Identifiers []vulnerabilityID `xml:"identifiers>vulnerabilityIds"`
 }

-type identifier struct {
-	Name string `xml:"name"`
-	Type string `xml:"type,attr"`
+type vulnerabilityID struct {
+	ID string `xml:"id"`
 }

 func appendIfMissing(slice []string, str string) []string {
@@ -55,11 +55,16 @@ func Parse(path string) ([]string, error) {
 	cpes := []string{}
 	for _, d := range anal.Dependencies {
 		for _, ident := range d.Identifiers {
-			if ident.Type == "cpe" {
-				name := strings.TrimPrefix(ident.Name, "(")
-				name = strings.TrimSuffix(name, ")")
-				cpes = appendIfMissing(cpes, name)
+			id := ident.ID // Start with cpe:2.3:
+			// Convert from CPE 2.3 to CPE 2.2
+			if strings.HasPrefix(id, "cpe:2.3:") {
+				wfn, err := naming.UnbindFS(id)
+				if err != nil {
+					return []string{}, err
+				}
+				id = naming.BindToURI(wfn)
 			}
+			cpes = appendIfMissing(cpes, id)
 		}
 	}
 	return cpes, nil
--- a/contrib/trivy/README.md
+++ b/contrib/trivy/README.md
@@ -0,0 +1,35 @@
+# trivy-to-vuls
+
+## Main Features
+
+- convert trivy's results json to vuls's report json
+
+## Installation
+
+```
+git clone https://github.com/future-architect/vuls.git
+make build-trivy-to-vuls
+```
+
+## Command Reference
+
+```
+Parse trivy json to vuls results
+
+Usage:
+  trivy-to-vuls parse [flags]
+
+Flags:
+  -h, --help                          help for parse
+  -s, --stdin                         input from stdin
+  -d, --trivy-json-dir string         trivy json dir (default "./")
+  -f, --trivy-json-file-name string   trivy json file name (default "results.json")
+```
+
+## Usage
+
+- use trivy output
+
+```
+ trivy -q image -f=json python:3.4-alpine | trivy-to-vuls parse --stdin
+```
--- a/contrib/trivy/cmd/main.go
+++ b/contrib/trivy/cmd/main.go
@@ -0,0 +1,78 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/future-architect/vuls/contrib/trivy/parser"
+	"github.com/future-architect/vuls/models"
+	"github.com/spf13/cobra"
+)
+
+var (
+	serverUUID   string
+	stdIn        bool
+	jsonDir      string
+	jsonFileName string
+)
+
+func main() {
+	var err error
+	var cmdTrivyToVuls = &cobra.Command{
+		Use:   "parse",
+		Short: "Parse trivy json to vuls results",
+		Long:  `Parse trivy json to vuls results`,
+		Run: func(cmd *cobra.Command, args []string) {
+			jsonFilePath := filepath.Join(jsonDir, jsonFileName)
+			var trivyJSON []byte
+			if stdIn {
+				reader := bufio.NewReader(os.Stdin)
+				buf := new(bytes.Buffer)
+				if _, err = buf.ReadFrom(reader); err != nil {
+					os.Exit(1)
+					return
+				}
+				trivyJSON = buf.Bytes()
+			} else {
+				if trivyJSON, err = ioutil.ReadFile(jsonFilePath); err != nil {
+					fmt.Println("Failed to read file", err)
+					os.Exit(1)
+					return
+				}
+			}
+
+			scanResult := &models.ScanResult{
+				JSONVersion: models.JSONVersion,
+				ScannedCves: models.VulnInfos{},
+			}
+			if scanResult, err = parser.Parse(trivyJSON, scanResult); err != nil {
+				fmt.Println("Failed to execute command", err)
+				os.Exit(1)
+				return
+			}
+			var resultJSON []byte
+			if resultJSON, err = json.MarshalIndent(scanResult, "", "   "); err != nil {
+				fmt.Println("Failed to create json", err)
+				os.Exit(1)
+				return
+			}
+			fmt.Println(string(resultJSON))
+			return
+		},
+	}
+	cmdTrivyToVuls.Flags().BoolVarP(&stdIn, "stdin", "s", false, "input from stdin")
+	cmdTrivyToVuls.Flags().StringVarP(&jsonDir, "trivy-json-dir", "d", "./", "trivy json dir")
+	cmdTrivyToVuls.Flags().StringVarP(&jsonFileName, "trivy-json-file-name", "f", "results.json", "trivy json file name")
+
+	var rootCmd = &cobra.Command{Use: "trivy-to-vuls"}
+	rootCmd.AddCommand(cmdTrivyToVuls)
+	if err = rootCmd.Execute(); err != nil {
+		fmt.Println("Failed to execute command", err)
+		os.Exit(1)
+	}
+}
--- a/contrib/trivy/parser/parser.go
+++ b/contrib/trivy/parser/parser.go
@@ -0,0 +1,164 @@
+package parser
+
+import (
+	"encoding/json"
+	"sort"
+	"time"
+
+	"github.com/aquasecurity/fanal/analyzer/os"
+	"github.com/aquasecurity/trivy/pkg/report"
+	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/future-architect/vuls/models"
+)
+
+// Parse :
+func Parse(vulnJSON []byte, scanResult *models.ScanResult) (result *models.ScanResult, err error) {
+	var trivyResults report.Results
+	if err = json.Unmarshal(vulnJSON, &trivyResults); err != nil {
+		return nil, err
+	}
+
+	pkgs := models.Packages{}
+	vulnInfos := models.VulnInfos{}
+	uniqueLibraryScannerPaths := map[string]models.LibraryScanner{}
+	for _, trivyResult := range trivyResults {
+		for _, vuln := range trivyResult.Vulnerabilities {
+			if _, ok := vulnInfos[vuln.VulnerabilityID]; !ok {
+				vulnInfos[vuln.VulnerabilityID] = models.VulnInfo{
+					CveID: vuln.VulnerabilityID,
+					Confidences: models.Confidences{
+						{
+							Score:           100,
+							DetectionMethod: models.TrivyMatchStr,
+						},
+					},
+					AffectedPackages: models.PackageFixStatuses{},
+					CveContents:      models.CveContents{},
+					LibraryFixedIns:  models.LibraryFixedIns{},
+					// VulnType : "",
+				}
+			}
+			vulnInfo := vulnInfos[vuln.VulnerabilityID]
+			var notFixedYet bool
+			fixState := ""
+			if len(vuln.FixedVersion) == 0 {
+				notFixedYet = true
+				fixState = "Affected"
+			}
+			var references models.References
+			for _, reference := range vuln.References {
+				references = append(references, models.Reference{
+					Source: "trivy",
+					Link:   reference,
+				})
+			}
+
+			sort.Slice(references, func(i, j int) bool {
+				return references[i].Link < references[j].Link
+			})
+
+			vulnInfo.CveContents = models.CveContents{
+				models.Trivy: models.CveContent{
+					Cvss3Severity: vuln.Severity,
+					References:    references,
+					Title:         vuln.Title,
+					Summary:       vuln.Description,
+				},
+			}
+			// do only if image type is Vuln
+			if IsTrivySupportedOS(trivyResult.Type) {
+				pkgs[vuln.PkgName] = models.Package{
+					Name:    vuln.PkgName,
+					Version: vuln.InstalledVersion,
+				}
+				vulnInfo.AffectedPackages = append(vulnInfo.AffectedPackages, models.PackageFixStatus{
+					Name:        vuln.PkgName,
+					NotFixedYet: notFixedYet,
+					FixState:    fixState,
+					FixedIn:     vuln.FixedVersion,
+				})
+
+				// overwrite every time if os package
+				scanResult.Family = trivyResult.Type
+				scanResult.ServerName = trivyResult.Target
+				scanResult.Optional = map[string]interface{}{
+					"trivy-target": trivyResult.Target,
+				}
+				scanResult.ScannedAt = time.Now()
+				scanResult.ScannedBy = "trivy"
+				scanResult.ScannedVia = "trivy"
+			} else {
+				// LibraryScanの結果
+				vulnInfo.LibraryFixedIns = append(vulnInfo.LibraryFixedIns, models.LibraryFixedIn{
+					Key:     trivyResult.Type,
+					Name:    vuln.PkgName,
+					Path:    trivyResult.Target,
+					FixedIn: vuln.FixedVersion,
+				})
+				libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
+				libScanner.Libs = append(libScanner.Libs, types.Library{
+					Name:    vuln.PkgName,
+					Version: vuln.InstalledVersion,
+				})
+				uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
+			}
+			vulnInfos[vuln.VulnerabilityID] = vulnInfo
+		}
+	}
+	// flatten and unique libraries
+	libraryScanners := make([]models.LibraryScanner, 0, len(uniqueLibraryScannerPaths))
+	for path, v := range uniqueLibraryScannerPaths {
+		uniqueLibrary := map[string]types.Library{}
+		for _, lib := range v.Libs {
+			uniqueLibrary[lib.Name+lib.Version] = lib
+		}
+
+		var libraries []types.Library
+		for _, library := range uniqueLibrary {
+			libraries = append(libraries, library)
+		}
+
+		sort.Slice(libraries, func(i, j int) bool {
+			return libraries[i].Name < libraries[j].Name
+		})
+
+		libscanner := models.LibraryScanner{
+			Path: path,
+			Libs: libraries,
+		}
+		libraryScanners = append(libraryScanners, libscanner)
+	}
+	sort.Slice(libraryScanners, func(i, j int) bool {
+		return libraryScanners[i].Path < libraryScanners[j].Path
+	})
+	scanResult.ScannedCves = vulnInfos
+	scanResult.Packages = pkgs
+	scanResult.LibraryScanners = libraryScanners
+	return scanResult, nil
+}
+
+// IsTrivySupportedOS :
+func IsTrivySupportedOS(family string) bool {
+	supportedFamilies := []string{
+		os.RedHat,
+		os.Debian,
+		os.Ubuntu,
+		os.CentOS,
+		os.Fedora,
+		os.Amazon,
+		os.Oracle,
+		os.Windows,
+		os.OpenSUSE,
+		os.OpenSUSELeap,
+		os.OpenSUSETumbleweed,
+		os.SLES,
+		os.Photon,
+		os.Alpine,
+	}
+	for _, supportedFamily := range supportedFamilies {
+		if family == supportedFamily {
+			return true
+		}
+	}
+	return false
+}
--- a/contrib/trivy/parser/parser_test.go
+++ b/contrib/trivy/parser/parser_test.go
--- a/cwe/cwe.go
+++ b/cwe/cwe.go
@@ -0,0 +1,33 @@
+package cwe
+
+// CweTopTwentyfive2019 has CWE-ID in CWE Top 25
+var CweTopTwentyfive2019 = map[string]string{
+	"119": "1",
+	"79":  "2",
+	"20":  "3",
+	"200": "4",
+	"125": "5",
+	"89":  "6",
+	"416": "7",
+	"190": "8",
+	"352": "9",
+	"22":  "10",
+	"78":  "11",
+	"787": "12",
+	"287": "13",
+	"476": "14",
+	"732": "16",
+	"434": "16",
+	"611": "17",
+	"94":  "18",
+	"798": "19",
+	"400": "20",
+	"772": "21",
+	"426": "22",
+	"502": "23",
+	"269": "24",
+	"295": "25",
+}
+
+// CweTopTwentyfive2019URL has CWE Top25 links
+var CweTopTwentyfive2019URL = "https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html"
--- a/cwe/sans.go
+++ b/cwe/sans.go
@@ -0,0 +1,33 @@
+package cwe
+
+// SansTopTwentyfive has CWE-ID in CWE/SANS Top 25
+var SansTopTwentyfive = map[string]string{
+	"89":  "1",
+	"78":  "2",
+	"120": "3",
+	"79":  "4",
+	"306": "5",
+	"862": "6",
+	"798": "7",
+	"311": "8",
+	"434": "9",
+	"807": "10",
+	"250": "11",
+	"352": "12",
+	"22":  "13",
+	"494": "14",
+	"863": "15",
+	"829": "16",
+	"732": "17",
+	"676": "18",
+	"327": "19",
+	"131": "20",
+	"307": "21",
+	"601": "22",
+	"134": "23",
+	"190": "24",
+	"759": "25",
+}
+
+// SansTopTwentyfiveURL is a URL of sans 25
+var SansTopTwentyfiveURL = "https://www.sans.org/top25-software-errors/"
--- a/errof/errof.go
+++ b/errof/errof.go
@@ -16,6 +16,9 @@ func (e Error) Error() string {
 var (
 	// ErrFailedToAccessGithubAPI is error of github alert's api access
 	ErrFailedToAccessGithubAPI ErrorCode = "ErrFailedToAccessGithubAPI"
+
+	// ErrFailedToAccessWpScan is error of wpscan.com api access
+	ErrFailedToAccessWpScan ErrorCode = "ErrFailedToAccessWpScan"
 )

 // New :
--- a/exploit/exploit.go
+++ b/exploit/exploit.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package exploit

 import (
@@ -44,6 +46,9 @@ func FillWithExploit(driver db.DB, r *models.ScanResult) (nExploitCve int, err e
 			return 0, nil
 		}
 		for cveID, vuln := range r.ScannedCves {
+			if cveID == "" {
+				continue
+			}
 			es := driver.GetExploitByCveID(cveID)
 			if len(es) == 0 {
 				continue
--- a/github/github.go
+++ b/github/github.go
@@ -5,28 +5,29 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"net/http"
 	"time"

 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/errof"
 	"github.com/future-architect/vuls/models"
-	"github.com/future-architect/vuls/util"
-	"github.com/k0kubun/pp"
 	"golang.org/x/oauth2"
 )

-// FillGitHubSecurityAlerts access to owner/repo on GitHub and fetch scurity alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult.
+// DetectGitHubSecurityAlerts access to owner/repo on GitHub and fetch security alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult.
 // https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
-func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error) {
+//TODO move to report
+func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error) {
 	src := oauth2.StaticTokenSource(
 		&oauth2.Token{AccessToken: token},
 	)
 	httpClient := oauth2.NewClient(context.Background(), src)

 	// TODO Use `https://github.com/shurcooL/githubv4` if the tool supports vulnerabilityAlerts Endpoint
+	// Memo : https://developer.github.com/v4/explorer/
 	const jsonfmt = `{"query":
-	"query { repository(owner:\"%s\", name:\"%s\") { url, vulnerabilityAlerts(first: %d, %s) { pageInfo{ endCursor, hasNextPage, startCursor}, edges { node { id, externalIdentifier, externalReference, fixedIn, packageName,  dismissReason, dismissedAt } } } } }"}`
+	"query { repository(owner:\"%s\", name:\"%s\") { url vulnerabilityAlerts(first: %d, %s) { pageInfo { endCursor hasNextPage startCursor } edges { node { id dismissReason dismissedAt securityVulnerability{ package { name ecosystem } severity vulnerableVersionRange firstPatchedVersion { identifier } } securityAdvisory { description ghsaId permalink publishedAt summary updatedAt withdrawnAt origin severity references { url } identifiers { type value } } } } } } } "}`
 	after := ""

 	for {
@@ -43,7 +44,7 @@ func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (
 		// To toggle this preview and access data, need to provide a custom media type in the Accept header:
 		// MEMO: I tried to get the affected version via GitHub API. Bit it seems difficult to determin the affected version if there are multiple dependency files such as package.json.
 		// TODO remove this header if it is no longer preview status in the future.
-		req.Header.Set("Accept", "application/vnd.github.vixen-preview+json")
+		req.Header.Set("Accept", "application/vnd.github.package-deletes-preview+json")
 		req.Header.Set("Content-Type", "application/json")

 		resp, err := httpClient.Do(req)
@@ -51,17 +52,22 @@ func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (
 			return 0, err
 		}
 		defer resp.Body.Close()
-		alerts := SecurityAlerts{}
-		if json.NewDecoder(resp.Body).Decode(&alerts); err != nil {
+
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
 			return 0, err
 		}

-		util.Log.Debugf("%s", pp.Sprint(alerts))
+		alerts := SecurityAlerts{}
+		if err := json.Unmarshal(body, &alerts); err != nil {
+			return 0, err
+		}
+
+		// util.Log.Debugf("%s", pp.Sprint(alerts))
+		// util.Log.Debugf("%s", string(body))
 		if alerts.Data.Repository.URL == "" {
-			return 0, errof.New(
-				errof.ErrFailedToAccessGithubAPI,
-				fmt.Sprintf("Failed to access to GitHub API. Response: %#v", alerts),
-			)
+			return 0, errof.New(errof.ErrFailedToAccessGithubAPI,
+				fmt.Sprintf("Failed to access to GitHub API. Response: %s", string(body)))
 		}

 		for _, v := range alerts.Data.Repository.VulnerabilityAlerts.Edges {
@@ -70,31 +76,45 @@ func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (
 			}

 			pkgName := fmt.Sprintf("%s %s",
-				alerts.Data.Repository.URL, v.Node.PackageName)
+				alerts.Data.Repository.URL, v.Node.SecurityVulnerability.Package.Name)

 			m := models.GitHubSecurityAlert{
 				PackageName:   pkgName,
-				FixedIn:       v.Node.FixedIn,
-				AffectedRange: v.Node.AffectedRange,
+				FixedIn:       v.Node.SecurityVulnerability.FirstPatchedVersion.Identifier,
+				AffectedRange: v.Node.SecurityVulnerability.VulnerableVersionRange,
 				Dismissed:     len(v.Node.DismissReason) != 0,
 				DismissedAt:   v.Node.DismissedAt,
 				DismissReason: v.Node.DismissReason,
 			}

-			cveID := v.Node.ExternalIdentifier
-
-			if val, ok := r.ScannedCves[cveID]; ok {
-				val.GitHubSecurityAlerts = val.GitHubSecurityAlerts.Add(m)
-				r.ScannedCves[cveID] = val
-				nCVEs++
-			} else {
-				v := models.VulnInfo{
-					CveID:                cveID,
-					Confidences:          models.Confidences{models.GitHubMatch},
-					GitHubSecurityAlerts: models.GitHubSecurityAlerts{m},
+			cveIDs, other := []string{}, []string{}
+			for _, identifier := range v.Node.SecurityAdvisory.Identifiers {
+				if identifier.Type == "CVE" {
+					cveIDs = append(cveIDs, identifier.Value)
+				} else {
+					other = append(other, identifier.Value)
+				}
+			}
+
+			// If CVE-ID has not been assigned, use the GHSA ID etc as a ID.
+			if len(cveIDs) == 0 {
+				cveIDs = other
+			}
+
+			for _, cveID := range cveIDs {
+				if val, ok := r.ScannedCves[cveID]; ok {
+					val.GitHubSecurityAlerts = val.GitHubSecurityAlerts.Add(m)
+					r.ScannedCves[cveID] = val
+					nCVEs++
+				} else {
+					v := models.VulnInfo{
+						CveID:                cveID,
+						Confidences:          models.Confidences{models.GitHubMatch},
+						GitHubSecurityAlerts: models.GitHubSecurityAlerts{m},
+					}
+					r.ScannedCves[cveID] = v
+					nCVEs++
 				}
-				r.ScannedCves[cveID] = v
-				nCVEs++
 			}
 		}
 		if !alerts.Data.Repository.VulnerabilityAlerts.PageInfo.HasNextPage {
@@ -109,26 +129,50 @@ func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (
 type SecurityAlerts struct {
 	Data struct {
 		Repository struct {
-			URL                 string `json:"url,omitempty"`
+			URL                 string `json:"url"`
 			VulnerabilityAlerts struct {
 				PageInfo struct {
-					EndCursor   string `json:"endCursor,omitempty"`
-					HasNextPage bool   `json:"hasNextPage,omitempty"`
-					StartCursor string `json:"startCursor,omitempty"`
-				} `json:"pageInfo,omitempty"`
+					EndCursor   string `json:"endCursor"`
+					HasNextPage bool   `json:"hasNextPage"`
+					StartCursor string `json:"startCursor"`
+				} `json:"pageInfo"`
 				Edges []struct {
 					Node struct {
-						ID                 string    `json:"id,omitempty"`
-						ExternalIdentifier string    `json:"externalIdentifier,omitempty"`
-						ExternalReference  string    `json:"externalReference,omitempty"`
-						FixedIn            string    `json:"fixedIn,omitempty"`
-						AffectedRange      string    `json:"affectedRange,omitempty"`
-						PackageName        string    `json:"packageName,omitempty"`
-						DismissReason      string    `json:"dismissReason,omitempty"`
-						DismissedAt        time.Time `json:"dismissedAt,omitempty"`
-					} `json:"node,omitempty"`
-				} `json:"edges,omitempty"`
-			} `json:"vulnerabilityAlerts,omitempty"`
-		} `json:"repository,omitempty"`
-	} `json:"data,omitempty"`
+						ID                    string    `json:"id"`
+						DismissReason         string    `json:"dismissReason"`
+						DismissedAt           time.Time `json:"dismissedAt"`
+						SecurityVulnerability struct {
+							Package struct {
+								Name      string `json:"name"`
+								Ecosystem string `json:"ecosystem"`
+							} `json:"package"`
+							Severity               string `json:"severity"`
+							VulnerableVersionRange string `json:"vulnerableVersionRange"`
+							FirstPatchedVersion    struct {
+								Identifier string `json:"identifier"`
+							} `json:"firstPatchedVersion"`
+						} `json:"securityVulnerability"`
+						SecurityAdvisory struct {
+							Description string    `json:"description"`
+							GhsaID      string    `json:"ghsaId"`
+							Permalink   string    `json:"permalink"`
+							PublishedAt time.Time `json:"publishedAt"`
+							Summary     string    `json:"summary"`
+							UpdatedAt   time.Time `json:"updatedAt"`
+							WithdrawnAt time.Time `json:"withdrawnAt"`
+							Origin      string    `json:"origin"`
+							Severity    string    `json:"severity"`
+							References  []struct {
+								URL string `json:"url"`
+							} `json:"references"`
+							Identifiers []struct {
+								Type  string `json:"type"`
+								Value string `json:"value"`
+							} `json:"identifiers"`
+						} `json:"securityAdvisory"`
+					} `json:"node"`
+				} `json:"edges"`
+			} `json:"vulnerabilityAlerts"`
+		} `json:"repository"`
+	} `json:"data"`
 }
--- a/go.mod
+++ b/go.mod
@@ -1,58 +1,79 @@
 module github.com/future-architect/vuls

-go 1.13
+go 1.15

 replace (
-	github.com/genuinetools/reg => github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00
 	gopkg.in/mattn/go-colorable.v0 => github.com/mattn/go-colorable v0.1.0
 	gopkg.in/mattn/go-isatty.v0 => github.com/mattn/go-isatty v0.0.6
 )

 require (
-	github.com/Azure/azure-sdk-for-go v33.1.0+incompatible
-	github.com/Azure/go-autorest/autorest v0.9.1 // indirect
-	github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go v49.2.0+incompatible
+	github.com/Azure/go-autorest/autorest v0.11.15 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.10 // indirect
 	github.com/BurntSushi/toml v0.3.1
-	github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91
-	github.com/aquasecurity/fanal v0.0.0-20190819081512-f04452b627c6
-	github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b
-	github.com/aquasecurity/trivy v0.1.6
-	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
-	github.com/aws/aws-sdk-go v1.23.17
+	github.com/aquasecurity/fanal v0.0.0-20210106083348-3f85e04a8048
+	github.com/aquasecurity/trivy v0.15.0
+	github.com/aquasecurity/trivy-db v0.0.0-20210106051232-62e6657ad501
+	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef
+	github.com/aws/aws-sdk-go v1.36.22
 	github.com/boltdb/bolt v1.3.1
+	github.com/caarlos0/env/v6 v6.4.0 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible
-	github.com/dnaeon/go-vcr v1.0.1 // indirect
-	github.com/elazarl/goproxy v0.0.0-20190711103511-473e67f1d7d2 // indirect
-	github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2 // indirect
-	github.com/google/subcommands v1.0.1
-	github.com/gosuri/uitable v0.0.3
-	github.com/hashicorp/go-version v1.2.0
-	github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c
-	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c
-	github.com/jroimartin/gocui v0.4.0
-	github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
+	github.com/d4l3k/messagediff v1.2.2-0.20190829033028-7e0a312ae40b
+	github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21
+	github.com/emersion/go-smtp v0.14.0
+	github.com/goccy/go-yaml v1.8.4 // indirect
+	github.com/golang/protobuf v1.4.3 // indirect
+	github.com/google/subcommands v1.2.0
+	github.com/google/wire v0.4.0 // indirect
+	github.com/gosuri/uitable v0.0.4
+	github.com/grokify/html-strip-tags-go v0.0.1 // indirect
+	github.com/hashicorp/go-uuid v1.0.2
+	github.com/hashicorp/go-version v1.2.1
+	github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c
+	github.com/jesseduffield/gocui v0.3.0
 	github.com/k0kubun/pp v3.0.1+incompatible
-	github.com/knqyf263/go-cpe v0.0.0-20180327054844-659663f6eca2
+	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
+	github.com/knqyf263/go-cpe v0.0.0-20201213041631-54f6ab28673f
 	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
 	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
-	github.com/knqyf263/go-version v1.1.1
-	github.com/knqyf263/gost v0.1.2
-	github.com/kotakanbe/go-cve-dictionary v0.4.0
+	github.com/knqyf263/gost v0.1.7
+	github.com/kotakanbe/go-cve-dictionary v0.5.6
 	github.com/kotakanbe/go-pingscanner v0.1.0
-	github.com/kotakanbe/goval-dictionary v0.2.2
+	github.com/kotakanbe/goval-dictionary v0.3.0
 	github.com/kotakanbe/logrus-prefixed-formatter v0.0.0-20180123152602-928f7356cb96
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/magiconair/properties v1.8.4 // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/mozqnet/go-exploitdb v0.0.0-20190426034301-a055cc2c195d
+	github.com/mitchellh/mapstructure v1.4.0 // indirect
+	github.com/mozqnet/go-exploitdb v0.1.2
 	github.com/nlopes/slack v0.6.0
-	github.com/nsf/termbox-go v0.0.0-20190817171036-93860e161317 // indirect
-	github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a
-	github.com/parnurzeal/gorequest v0.2.15
+	github.com/nsf/termbox-go v0.0.0-20201124104050-ed494de23a00 // indirect
+	github.com/olekukonko/tablewriter v0.0.4
+	github.com/parnurzeal/gorequest v0.2.16
+	github.com/pelletier/go-toml v1.8.1 // indirect
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
-	github.com/satori/go.uuid v1.2.0 // indirect
-	github.com/sirupsen/logrus v1.4.2
-	github.com/smartystreets/goconvey v0.0.0-20190731233626-505e41936337 // indirect
-	golang.org/x/crypto v0.0.0-20190909091759-094676da4a83
-	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
-	golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7
+	github.com/sirupsen/logrus v1.7.0
+	github.com/spf13/afero v1.5.1
+	github.com/spf13/cast v1.3.1 // indirect
+	github.com/spf13/cobra v1.1.1
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/viper v1.7.1 // indirect
+	github.com/takuzoo3868/go-msfdb v0.1.3
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.16.0 // indirect
+	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
+	golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 // indirect
+	golang.org/x/net v0.0.0-20201224014010-6772e930b67b // indirect
+	golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5
+	golang.org/x/sys v0.0.0-20210105210732-16f7687f5001 // indirect
+	golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf // indirect
+	golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
+	google.golang.org/appengine v1.6.7 // indirect
+	gopkg.in/ini.v1 v1.62.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210106172901-c476de37821d // indirect
+	honnef.co/go/tools v0.1.0 // indirect
+	k8s.io/utils v0.0.0-20201110183641-67b214c5f920
 )
--- a/go.sum
+++ b/go.sum
--- a/gost/base.go
+++ b/gost/base.go
@@ -0,0 +1,53 @@
+// +build !scanner
+
+package gost
+
+import (
+	"fmt"
+	"net/http"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+	"github.com/parnurzeal/gorequest"
+	"golang.org/x/xerrors"
+)
+
+// Base is a base struct
+type Base struct {
+}
+
+// FillCVEsWithRedHat fills cve information that has in Gost
+func (b Base) FillCVEsWithRedHat(driver db.DB, r *models.ScanResult) error {
+	return RedHat{}.fillCvesWithRedHatAPI(driver, r)
+}
+
+// CheckHTTPHealth do health check
+func (b Base) CheckHTTPHealth() error {
+	if !cnf.Conf.Gost.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %w", url, errs)
+	}
+	return nil
+}
+
+// CheckIfGostFetched checks if oval entries are in DB by family, release.
+func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
+	//TODO
+	return true, nil
+}
+
+// CheckIfGostFresh checks if oval entries are fresh enough
+func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
+	//TODO
+	return true, nil
+}
--- a/gost/debian.go
+++ b/gost/debian.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package gost

 import (
@@ -21,8 +23,23 @@ type packCves struct {
 	cves      []models.CveContent
 }

-// FillWithGost fills cve information that has in Gost
-func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
+func (deb Debian) supported(major string) bool {
+	_, ok := map[string]string{
+		"8":  "jessie",
+		"9":  "stretch",
+		"10": "buster",
+	}[major]
+	return ok
+}
+
+// DetectUnfixed fills cve information that has in Gost
+func (deb Debian) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
+	if !deb.supported(major(r.Release)) {
+		// only logging
+		util.Log.Warnf("Debian %s is not supported yet", r.Release)
+		return 0, nil
+	}
+
 	linuxImage := "linux-image-" + r.RunningKernel.Release
 	// Add linux and set the version of running kernel to search OVAL.
 	if r.Container.ContainerID == "" {
@@ -37,9 +54,17 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (nCVE
 		}
 	}

+	// Debian Security Tracker does not support Package for Raspbian, so skip it.
+	var scanResult models.ScanResult
+	if r.Family != config.Raspbian {
+		scanResult = *r
+	} else {
+		scanResult = r.RemoveRaspbianPackFromResult()
+	}
+
 	packCvesList := []packCves{}
 	if config.Conf.Gost.IsFetchViaHTTP() {
-		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(r.Release), "pkgs")
+		url, _ := util.URLPathJoin(config.Conf.Gost.URL, "debian", major(scanResult.Release), "pkgs")
 		responses, err := getAllUnfixedCvesViaHTTP(r, url)
 		if err != nil {
 			return 0, err
@@ -64,8 +89,8 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (nCVE
 		if driver == nil {
 			return 0, nil
 		}
-		for _, pack := range r.Packages {
-			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+		for _, pack := range scanResult.Packages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
 			cves := []models.CveContent{}
 			for _, cveDeb := range cveDebs {
 				cves = append(cves, *deb.ConvertToModel(&cveDeb))
@@ -78,8 +103,8 @@ func (deb Debian) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (nCVE
 		}

 		// SrcPack
-		for _, pack := range r.SrcPackages {
-			cveDebs := driver.GetUnfixedCvesDebian(major(r.Release), pack.Name)
+		for _, pack := range scanResult.SrcPackages {
+			cveDebs := driver.GetUnfixedCvesDebian(major(scanResult.Release), pack.Name)
 			cves := []models.CveContent{}
 			for _, cveDeb := range cveDebs {
 				cves = append(cves, *deb.ConvertToModel(&cveDeb))
--- a/gost/debian_test.go
+++ b/gost/debian_test.go
@@ -0,0 +1,61 @@
+package gost
+
+import "testing"
+
+func TestDebian_Supported(t *testing.T) {
+	type fields struct {
+		Base Base
+	}
+	type args struct {
+		major string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "8 is supported",
+			args: args{
+				major: "8",
+			},
+			want: true,
+		},
+		{
+			name: "9 is supported",
+			args: args{
+				major: "9",
+			},
+			want: true,
+		},
+		{
+			name: "10 is supported",
+			args: args{
+				major: "10",
+			},
+			want: true,
+		},
+		{
+			name: "11 is not supported yet",
+			args: args{
+				major: "11",
+			},
+			want: false,
+		},
+		{
+			name: "empty string is not supported yet",
+			args: args{
+				major: "",
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			deb := Debian{}
+			if got := deb.supported(tt.args.major); got != tt.want {
+				t.Errorf("Debian.Supported() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/gost/gost.go
+++ b/gost/gost.go
@@ -1,20 +1,17 @@
+// +build !scanner
+
 package gost

 import (
-	"fmt"
-	"net/http"
-	"strings"
-
 	cnf "github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/knqyf263/gost/db"
-	"github.com/parnurzeal/gorequest"
-	"golang.org/x/xerrors"
 )

 // Client is the interface of OVAL client.
 type Client interface {
-	FillWithGost(db.DB, *models.ScanResult, bool) (int, error)
+	DetectUnfixed(db.DB, *models.ScanResult, bool) (int, error)
+	FillCVEsWithRedHat(db.DB, *models.ScanResult) error

 	//TODO implement
 	// CheckHTTPHealth() error
@@ -28,7 +25,7 @@ func NewClient(family string) Client {
 	switch family {
 	case cnf.RedHat, cnf.CentOS:
 		return RedHat{}
-	case cnf.Debian:
+	case cnf.Debian, cnf.Raspbian:
 		return Debian{}
 	case cnf.Windows:
 		return Microsoft{}
@@ -36,52 +33,3 @@ func NewClient(family string) Client {
 		return Pseudo{}
 	}
 }
-
-// Base is a base struct
-type Base struct {
-	family string
-}
-
-// CheckHTTPHealth do health check
-func (b Base) CheckHTTPHealth() error {
-	if !cnf.Conf.Gost.IsFetchViaHTTP() {
-		return nil
-	}
-
-	url := fmt.Sprintf("%s/health", cnf.Conf.Gost.URL)
-	var errs []error
-	var resp *http.Response
-	resp, _, errs = gorequest.New().Get(url).End()
-	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
-	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
-	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
-		return xerrors.Errorf("Failed to connect to gost server. url: %s, errs: %w", url, errs)
-	}
-	return nil
-}
-
-// CheckIfGostFetched checks if oval entries are in DB by family, release.
-func (b Base) CheckIfGostFetched(driver db.DB, osFamily string) (fetched bool, err error) {
-	//TODO
-	return true, nil
-}
-
-// CheckIfGostFresh checks if oval entries are fresh enough
-func (b Base) CheckIfGostFresh(driver db.DB, osFamily string) (ok bool, err error) {
-	//TODO
-	return true, nil
-}
-
-// Pseudo is Gost client except for RedHat family and Debian
-type Pseudo struct {
-	Base
-}
-
-// FillWithGost fills cve information that has in Gost
-func (pse Pseudo) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (int, error) {
-	return 0, nil
-}
-
-func major(osVer string) (majorVersion string) {
-	return strings.Split(osVer, ".")[0]
-}
--- a/gost/microsoft.go
+++ b/gost/microsoft.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package gost

 import (
@@ -13,12 +15,12 @@ type Microsoft struct {
 	Base
 }

-// FillWithGost fills cve information that has in Gost
-func (ms Microsoft) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
+// DetectUnfixed fills cve information that has in Gost
+func (ms Microsoft) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (nCVEs int, err error) {
 	if driver == nil {
 		return 0, nil
 	}
-	var cveIDs []string
+	cveIDs := []string{}
 	for cveID := range r.ScannedCves {
 		cveIDs = append(cveIDs, cveID)
 	}
@@ -26,19 +28,20 @@ func (ms Microsoft) FillWithGost(driver db.DB, r *models.ScanResult, _ bool) (nC
 		if _, ok := r.ScannedCves[cveID]; !ok {
 			continue
 		}
-		cveCont := ms.ConvertToModel(&msCve)
+		cveCont, mitigations := ms.ConvertToModel(&msCve)
 		v, _ := r.ScannedCves[cveID]
 		if v.CveContents == nil {
 			v.CveContents = models.CveContents{}
 		}
 		v.CveContents[models.Microsoft] = *cveCont
+		v.Mitigations = append(v.Mitigations, mitigations...)
 		r.ScannedCves[cveID] = v
 	}
 	return len(cveIDs), nil
 }

 // ConvertToModel converts gost model to vuls model
-func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveContent {
+func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) (*models.CveContent, []models.Mitigation) {
 	v3score := 0.0
 	var v3Vector string
 	for _, scoreSet := range cve.ScoreSets {
@@ -72,7 +75,7 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveCont
 	if 0 < len(cve.Workaround) {
 		option["workaround"] = cve.Workaround
 	}
-	var kbids []string
+	kbids := []string{}
 	for _, kbid := range cve.KBIDs {
 		kbids = append(kbids, kbid.KBID)
 	}
@@ -80,6 +83,18 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveCont
 		option["kbids"] = strings.Join(kbids, ",")
 	}

+	vendorURL := "https://msrc.microsoft.com/update-guide/vulnerability/" + cve.CveID
+	mitigations := []models.Mitigation{}
+	if cve.Mitigation != "" {
+		mitigations = []models.Mitigation{
+			{
+				CveContentType: models.Microsoft,
+				Mitigation:     cve.Mitigation,
+				URL:            vendorURL,
+			},
+		}
+	}
+
 	return &models.CveContent{
 		Type:          models.Microsoft,
 		CveID:         cve.CveID,
@@ -90,10 +105,9 @@ func (ms Microsoft) ConvertToModel(cve *gostmodels.MicrosoftCVE) *models.CveCont
 		Cvss3Severity: v3Severity,
 		References:    refs,
 		CweIDs:        cwe,
-		Mitigation:    cve.Mitigation,
 		Published:     cve.PublishDate,
 		LastModified:  cve.LastUpdateDate,
-		SourceLink:    "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/" + cve.CveID,
+		SourceLink:    vendorURL,
 		Optional:      option,
-	}
+	}, mitigations
 }
--- a/gost/pseudo.go
+++ b/gost/pseudo.go
@@ -0,0 +1,18 @@
+// +build !scanner
+
+package gost
+
+import (
+	"github.com/future-architect/vuls/models"
+	"github.com/knqyf263/gost/db"
+)
+
+// Pseudo is Gost client except for RedHat family and Debian
+type Pseudo struct {
+	Base
+}
+
+// DetectUnfixed fills cve information that has in Gost
+func (pse Pseudo) DetectUnfixed(driver db.DB, r *models.ScanResult, _ bool) (int, error) {
+	return 0, nil
+}
--- a/gost/redhat.go
+++ b/gost/redhat.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package gost

 import (
@@ -17,16 +19,50 @@ type RedHat struct {
 	Base
 }

-// FillWithGost fills cve information that has in Gost
-func (red RedHat) FillWithGost(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
-	if nCVEs, err = red.fillUnfixed(driver, r, ignoreWillNotFix); err != nil {
-		return 0, err
-	}
-	return nCVEs, red.fillFixed(driver, r)
+// DetectUnfixed fills cve information that has in Gost
+func (red RedHat) DetectUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
+	return red.detectUnfixed(driver, r, ignoreWillNotFix)
 }

-func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
-	var cveIDs []string
+func (red RedHat) detectUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
+	if config.Conf.Gost.IsFetchViaHTTP() {
+		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
+			"redhat", major(r.Release), "pkgs")
+		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
+		if err != nil {
+			return 0, err
+		}
+		for _, res := range responses {
+			// CVE-ID: RedhatCVE
+			cves := map[string]gostmodels.RedhatCVE{}
+			if err := json.Unmarshal([]byte(res.json), &cves); err != nil {
+				return 0, err
+			}
+			for _, cve := range cves {
+				if newly := red.setUnfixedCveToScanResult(&cve, r); newly {
+					nCVEs++
+				}
+			}
+		}
+	} else {
+		if driver == nil {
+			return 0, nil
+		}
+		for _, pack := range r.Packages {
+			// CVE-ID: RedhatCVE
+			cves := driver.GetUnfixedCvesRedhat(major(r.Release), pack.Name, ignoreWillNotFix)
+			for _, cve := range cves {
+				if newly := red.setUnfixedCveToScanResult(&cve, r); newly {
+					nCVEs++
+				}
+			}
+		}
+	}
+	return nCVEs, nil
+}
+
+func (red RedHat) fillCvesWithRedHatAPI(driver db.DB, r *models.ScanResult) error {
+	cveIDs := []string{}
 	for cveID, vuln := range r.ScannedCves {
 		if _, ok := vuln.CveContents[models.RedHatAPI]; ok {
 			continue
@@ -49,129 +85,68 @@ func (red RedHat) fillFixed(driver db.DB, r *models.ScanResult) error {
 			if redCve.ID == 0 {
 				continue
 			}
-			cveCont := red.ConvertToModel(&redCve)
-			v, ok := r.ScannedCves[res.request.cveID]
-			if ok {
-				if v.CveContents == nil {
-					v.CveContents = models.NewCveContents(*cveCont)
-				} else {
-					v.CveContents[models.RedHatAPI] = *cveCont
-				}
-			} else {
-				v = models.VulnInfo{
-					CveID:       cveCont.CveID,
-					CveContents: models.NewCveContents(*cveCont),
-					Confidences: models.Confidences{models.RedHatAPIMatch},
-				}
-			}
-			r.ScannedCves[res.request.cveID] = v
+			red.setFixedCveToScanResult(&redCve, r)
 		}
 	} else {
 		if driver == nil {
 			return nil
 		}
-		for cveID, redCve := range driver.GetRedhatMulti(cveIDs) {
-			if redCve.ID == 0 {
+		for _, redCve := range driver.GetRedhatMulti(cveIDs) {
+			if len(redCve.Name) == 0 {
 				continue
 			}
-			cveCont := red.ConvertToModel(&redCve)
-			v, ok := r.ScannedCves[cveID]
-			if ok {
-				if v.CveContents == nil {
-					v.CveContents = models.NewCveContents(*cveCont)
-				} else {
-					v.CveContents[models.RedHatAPI] = *cveCont
-				}
-			} else {
-				v = models.VulnInfo{
-					CveID:       cveCont.CveID,
-					CveContents: models.NewCveContents(*cveCont),
-					Confidences: models.Confidences{models.RedHatAPIMatch},
-				}
-			}
-			r.ScannedCves[cveID] = v
+			red.setFixedCveToScanResult(&redCve, r)
 		}
 	}

 	return nil
 }

-func (red RedHat) fillUnfixed(driver db.DB, r *models.ScanResult, ignoreWillNotFix bool) (nCVEs int, err error) {
-	if config.Conf.Gost.IsFetchViaHTTP() {
-		prefix, _ := util.URLPathJoin(config.Conf.Gost.URL,
-			"redhat", major(r.Release), "pkgs")
-		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
-		if err != nil {
-			return 0, err
-		}
-		for _, res := range responses {
-			// CVE-ID: RedhatCVE
-			cves := map[string]gostmodels.RedhatCVE{}
-			if err := json.Unmarshal([]byte(res.json), &cves); err != nil {
-				return 0, err
-			}
-
-			for _, cve := range cves {
-				cveCont := red.ConvertToModel(&cve)
-				v, ok := r.ScannedCves[cve.Name]
-				if ok {
-					if v.CveContents == nil {
-						v.CveContents = models.NewCveContents(*cveCont)
-					} else {
-						v.CveContents[models.RedHatAPI] = *cveCont
-					}
-				} else {
-					v = models.VulnInfo{
-						CveID:       cveCont.CveID,
-						CveContents: models.NewCveContents(*cveCont),
-						Confidences: models.Confidences{models.RedHatAPIMatch},
-					}
-					nCVEs++
-				}
-				pkgStats := red.mergePackageStates(v,
-					cve.PackageState, r.Packages, r.Release)
-				if 0 < len(pkgStats) {
-					v.AffectedPackages = pkgStats
-					r.ScannedCves[cve.Name] = v
-				}
-			}
+func (red RedHat) setFixedCveToScanResult(cve *gostmodels.RedhatCVE, r *models.ScanResult) {
+	cveCont, mitigations := red.ConvertToModel(cve)
+	v, ok := r.ScannedCves[cveCont.CveID]
+	if ok {
+		if v.CveContents == nil {
+			v.CveContents = models.NewCveContents(*cveCont)
+		} else {
+			v.CveContents[models.RedHatAPI] = *cveCont
 		}
 	} else {
-		if driver == nil {
-			return 0, nil
-		}
-		for _, pack := range r.Packages {
-			// CVE-ID: RedhatCVE
-			cves := map[string]gostmodels.RedhatCVE{}
-			cves = driver.GetUnfixedCvesRedhat(major(r.Release), pack.Name, ignoreWillNotFix)
-			for _, cve := range cves {
-				cveCont := red.ConvertToModel(&cve)
-				v, ok := r.ScannedCves[cve.Name]
-				if ok {
-					if v.CveContents == nil {
-						v.CveContents = models.NewCveContents(*cveCont)
-					} else {
-						v.CveContents[models.RedHatAPI] = *cveCont
-					}
-				} else {
-					v = models.VulnInfo{
-						CveID:       cveCont.CveID,
-						CveContents: models.NewCveContents(*cveCont),
-						Confidences: models.Confidences{models.RedHatAPIMatch},
-					}
-					nCVEs++
-				}
-
-				pkgStats := red.mergePackageStates(v,
-					cve.PackageState, r.Packages, r.Release)
-				if 0 < len(pkgStats) {
-					v.AffectedPackages = pkgStats
-					r.ScannedCves[cve.Name] = v
-				}
-			}
+		v = models.VulnInfo{
+			CveID:       cveCont.CveID,
+			CveContents: models.NewCveContents(*cveCont),
+			Confidences: models.Confidences{models.RedHatAPIMatch},
 		}
 	}
-	return nCVEs, nil
+	v.Mitigations = append(v.Mitigations, mitigations...)
+	r.ScannedCves[cveCont.CveID] = v
+}
+
+func (red RedHat) setUnfixedCveToScanResult(cve *gostmodels.RedhatCVE, r *models.ScanResult) (newly bool) {
+	cveCont, mitigations := red.ConvertToModel(cve)
+	v, ok := r.ScannedCves[cve.Name]
+	if ok {
+		if v.CveContents == nil {
+			v.CveContents = models.NewCveContents(*cveCont)
+		} else {
+			v.CveContents[models.RedHatAPI] = *cveCont
+		}
+	} else {
+		v = models.VulnInfo{
+			CveID:       cveCont.CveID,
+			CveContents: models.NewCveContents(*cveCont),
+			Confidences: models.Confidences{models.RedHatAPIMatch},
+		}
+		newly = true
+	}
+	v.Mitigations = append(v.Mitigations, mitigations...)
+	pkgStats := red.mergePackageStates(v,
+		cve.PackageState, r.Packages, r.Release)
+	if 0 < len(pkgStats) {
+		v.AffectedPackages = pkgStats
+		r.ScannedCves[cve.Name] = v
+	}
+	return
 }

 func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPackageState, installed models.Packages, release string) (pkgStats models.PackageFixStatuses) {
@@ -222,7 +197,7 @@ func (red RedHat) parseCwe(str string) (cwes []string) {
 }

 // ConvertToModel converts gost model to vuls model
-func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
+func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) (*models.CveContent, []models.Mitigation) {
 	cwes := red.parseCwe(cve.Cwe)

 	details := []string{}
@@ -248,11 +223,23 @@ func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
 		v3severity = cve.ThreatSeverity
 	}

-	var refs []models.Reference
+	refs := []models.Reference{}
 	for _, r := range cve.References {
 		refs = append(refs, models.Reference{Link: r.Reference})
 	}

+	vendorURL := "https://access.redhat.com/security/cve/" + cve.Name
+	mitigations := []models.Mitigation{}
+	if cve.Mitigation != "" {
+		mitigations = []models.Mitigation{
+			{
+				CveContentType: models.RedHatAPI,
+				Mitigation:     cve.Mitigation,
+				URL:            vendorURL,
+			},
+		}
+	}
+
 	return &models.CveContent{
 		Type:          models.RedHatAPI,
 		CveID:         cve.Name,
@@ -266,8 +253,7 @@ func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
 		Cvss3Severity: v3severity,
 		References:    refs,
 		CweIDs:        cwes,
-		Mitigation:    cve.Mitigation,
 		Published:     cve.PublicDate,
-		SourceLink:    "https://access.redhat.com/security/cve/" + cve.Name,
-	}
+		SourceLink:    vendorURL,
+	}, mitigations
 }
--- a/gost/util.go
+++ b/gost/util.go
@@ -2,6 +2,7 @@ package gost

 import (
 	"net/http"
+	"strings"
 	"time"

 	"github.com/cenkalti/backoff"
@@ -181,3 +182,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er
 		json:    body,
 	}
 }
+
+func major(osVer string) (majorVersion string) {
+	return strings.Split(osVer, ".")[0]
+}
--- a/img/hello-vuls-tui.png
+++ b/img/hello-vuls-tui.png
--- a/img/vuls-architecture-localscan.graphml
+++ b/img/vuls-architecture-localscan.graphml
--- a/img/vuls-architecture-localscan.png
+++ b/img/vuls-architecture-localscan.png
--- a/img/vuls-architecture.graphml
+++ b/img/vuls-architecture.graphml
--- a/img/vuls-architecture.png
+++ b/img/vuls-architecture.png
--- a/img/vuls-motivation.graphml
+++ b/img/vuls-motivation.graphml
--- a/img/vuls-scan-flow-fast.graphml
+++ b/img/vuls-scan-flow-fast.graphml
@@ -1,414 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
-  <!--Created by yEd 3.17-->
-  <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
-  <key for="port" id="d1" yfiles.type="portgraphics"/>
-  <key for="port" id="d2" yfiles.type="portgeometry"/>
-  <key for="port" id="d3" yfiles.type="portuserdata"/>
-  <key attr.name="url" attr.type="string" for="node" id="d4"/>
-  <key attr.name="description" attr.type="string" for="node" id="d5"/>
-  <key for="node" id="d6" yfiles.type="nodegraphics"/>
-  <key for="graphml" id="d7" yfiles.type="resources"/>
-  <key attr.name="url" attr.type="string" for="edge" id="d8"/>
-  <key attr.name="description" attr.type="string" for="edge" id="d9"/>
-  <key for="edge" id="d10" yfiles.type="edgegraphics"/>
-  <graph edgedefault="directed" id="G">
-    <data key="d0"/>
-    <node id="n0">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="0.0"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="83.482421875" x="92.2587890625" y="18.93359375">Detect the OS<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n1">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.decision">
-          <y:Geometry height="40.0" width="80.0" x="403.6849206349206" y="206.44247787610618"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="38.0" y="18.0">
-            <y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n2">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="90.44247787610618" width="268.0" x="309.6849206349206" y="86.0"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="right" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="88.796875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="0.8228014380530908">Get installed packages
-Alpine: apk
-Debian/Ubuntu: dpkg-query
-Amazon/RHEL/CentOS: rpm
-SUSE: zypper
-FreeBSD: pkg<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n3">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="630.0546766682629"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="152.634765625" x="57.6826171875" y="18.93359375">Write results to JSON files<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n4">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="287.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="232.744140625" x="17.6279296875" y="4.80078125">Get CVE IDs by using package manager
-Amazon: yum plugin security
-FreeBSD: pkg audit<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n5">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="750.4705298628534"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="42.595703125" x="112.7021484375" y="18.93359375">Report<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n6" yfiles.foldertype="group">
-      <data key="d4"/>
-      <data key="d6">
-        <y:ProxyAutoBoundsNode>
-          <y:Realizers active="0">
-            <y:GroupNode>
-              <y:Geometry height="116.89483989807195" width="333.6788874841973" x="234.29467728596296" y="709.1901021013174"/>
-              <y:Fill color="#F5F5F5" transparent="false"/>
-              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="333.6788874841973" x="0.0" y="0.0">Vulnerability Database</y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-              <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
-              <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
-              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
-            </y:GroupNode>
-            <y:GroupNode>
-              <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
-              <y:Fill color="#F5F5F5" transparent="false"/>
-              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 1</y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-              <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
-              <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
-              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
-            </y:GroupNode>
-          </y:Realizers>
-        </y:ProxyAutoBoundsNode>
-      </data>
-      <graph edgedefault="directed" id="n6:">
-        <node id="n6::n0">
-          <data key="d6">
-            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
-              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="416.1341210280616" y="745.8561177263174"/>
-              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="117.970703125" x="9.434370308549205" y="23.548005886535975">CVE DB (NVD / JVN)<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-            </y:GenericNode>
-          </data>
-        </node>
-        <node id="n6::n1">
-          <data key="d6">
-            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
-              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="249.29467728596296" y="745.8561177263174"/>
-              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.533203125" x="40.653120308549205" y="23.548005886535975">OVAL DB<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-            </y:GenericNode>
-          </data>
-        </node>
-      </graph>
-    </node>
-    <node id="n7">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="27.144753476611868" y="287.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="260.83984375" x="3.580078125" y="11.8671875">Check upgradable packages
-Debian/Ubuntu: apt-get upgrade --dry-run<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n8">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.loopLimit">
-          <y:Geometry height="51.10998735777497" width="137.19216182048035" x="92.54867256637169" y="376.28592169721867"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="131.751953125" x="2.7201043477401754" y="9.422181178887513">foreach 
-upgradable  packages<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="5.551115123125783E-16" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n9">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="27.144753476611868" y="459.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="213.619140625" x="27.1904296875" y="11.8671875">Parse changelog and get  CVE IDs
-Debian/Ubuntu: aptitude changelog<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n10">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.loopLimitEnd">
-          <y:Geometry height="50.0" width="137.0" x="92.64475347661187" y="545.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.24609375" x="40.876953125" y="15.93359375">end loop<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <edge id="e0" source="n2" target="n1">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="45.22123893805309" tx="0.0" ty="-20.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e1" source="n1" target="n4">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="40.0" sy="0.0" tx="0.0" ty="-28.0">
-            <y:Point x="743.3698412698412" y="226.44247787610618"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="183.35883739927397" y="2.000003510871693">Amazon
-FreeBSD<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="right" ratio="0.7796030035582084" segment="0"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e2" source="n0" target="n2">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-45.22123893805309"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e3" source="n5" target="n6">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="10.8330078125"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e4" source="n1" target="n3">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="-123.36984126984123" ty="0.0">
-            <y:Point x="443.6849206349206" y="658.0546766682629"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="102.9296875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="77.078125" x="-97.68364242524859" y="5.005267793098369">Alpine Linux
-CentOS
-RHEL
-Ubuntu
-Debian
-Oracle Linux
-Suse<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="59.14459455430983" distanceToCenter="true" position="right" ratio="0.0" segment="0"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e5" source="n4" target="n3">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e6" source="n7" target="n8">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.554993678887485"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e7" source="n8" target="n9">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="25.554993678887485" tx="0.0" ty="-28.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e8" source="n9" target="n10">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e9" source="n3" target="n5">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e10" source="n1" target="n7">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
-            <y:Point x="161.14475347661187" y="226.44247787610618"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="56.98046875" x="-196.80057112212188" y="20.933597260871807">Raspbian<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="left" ratio="0.6447921222409765" segment="0"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e11" source="n10" target="n3">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="-125.78842258255952" ty="0.0">
-            <y:Point x="161.14475347661187" y="658.0546766682629"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-  </graph>
-  <data key="d7">
-    <y:Resources/>
-  </data>
-</graphml>
--- a/img/vuls-scan-flow-fast.png
+++ b/img/vuls-scan-flow-fast.png
--- a/img/vuls-scan-flow.graphml
+++ b/img/vuls-scan-flow.graphml
@@ -1,515 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
-  <!--Created by yEd 3.17-->
-  <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
-  <key for="port" id="d1" yfiles.type="portgraphics"/>
-  <key for="port" id="d2" yfiles.type="portgeometry"/>
-  <key for="port" id="d3" yfiles.type="portuserdata"/>
-  <key attr.name="url" attr.type="string" for="node" id="d4"/>
-  <key attr.name="description" attr.type="string" for="node" id="d5"/>
-  <key for="node" id="d6" yfiles.type="nodegraphics"/>
-  <key for="graphml" id="d7" yfiles.type="resources"/>
-  <key attr.name="url" attr.type="string" for="edge" id="d8"/>
-  <key attr.name="description" attr.type="string" for="edge" id="d9"/>
-  <key for="edge" id="d10" yfiles.type="edgegraphics"/>
-  <graph edgedefault="directed" id="G">
-    <data key="d0"/>
-    <node id="n0">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="0.0"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="83.482421875" x="92.2587890625" y="18.93359375">Detect the OS<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n1">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.decision">
-          <y:Geometry height="40.0" width="80.0" x="403.6849206349206" y="206.44247787610618"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="38.0" y="18.0">
-            <y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n2">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="90.44247787610618" width="268.0" x="309.6849206349206" y="86.0"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="right" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="88.796875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="170.763671875" x="48.61816406250006" y="0.8228014380530908">Get installed packages
-Alpine Linux: apk
-Debian/Ubuntu: dpkg-query
-Amazon/RHEL/CentOS: rpm
-FreeBSD: pkg
-SUSE: zypper<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n3">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="10.0" y="287.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="260.83984375" x="3.580078125" y="11.8671875">Check upgradable packages
-Debian/Ubuntu: apt-get upgrade --dry-run<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n4">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.loopLimit">
-          <y:Geometry height="51.10998735777497" width="137.19216182048035" x="75.40391908975982" y="376.28592169721867"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="131.751953125" x="2.7201043477401754" y="9.422181178887513">foreach 
-upgradable  packages<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="5.551115123125783E-16" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n5">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="10.0" y="459.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="213.619140625" x="27.1904296875" y="11.8671875">Parse changelog and get  CVE IDs
-Debian/Ubuntu: aptitude changelog<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n6">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.loopLimitEnd">
-          <y:Geometry height="50.0" width="137.0" x="75.5" y="545.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.24609375" x="40.876953125" y="15.93359375">end loop<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n7">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="625.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="152.634765625" x="57.6826171875" y="18.93359375">Write results to JSON files<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="0.0" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n8">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="287.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="232.744140625" x="17.6279296875" y="4.80078125">Get CVE IDs by using package manager
-Amazon/RHEL: yum plugin security
-FreeBSD: pkg audit<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n9">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="716.4553275126422"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="42.595703125" x="112.7021484375" y="18.93359375">Report<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n10">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="309.6849206349206" y="371.39590905499364"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="293.06640625" x="-12.533203124999943" y="11.8671875">Get all changelogs of updatable packages at once
-yum changelog<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n11">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="309.68492063492056" y="459.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="205.52734375" x="31.236328125000057" y="18.93359375">Parse changelogs and get CVE IDs <y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.5" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.1619001116071429" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n12">
-      <data key="d6">
-        <y:GenericNode configuration="com.yworks.flowchart.process">
-          <y:Geometry height="56.0" width="268.0" x="609.3698412698412" y="373.8409153761062"/>
-          <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="293.06640625" x="-12.533203124999886" y="11.8671875">Get all changelogs of updatable packages at once
-Amazon / RHEL: yum changelog<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.220446049250313E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-        </y:GenericNode>
-      </data>
-    </node>
-    <node id="n13" yfiles.foldertype="group">
-      <data key="d4"/>
-      <data key="d6">
-        <y:ProxyAutoBoundsNode>
-          <y:Realizers active="0">
-            <y:GroupNode>
-              <y:Geometry height="116.89483989807195" width="333.6788874841973" x="229.74083438685204" y="675.1748997511062"/>
-              <y:Fill color="#F5F5F5" transparent="false"/>
-              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="333.6788874841973" x="0.0" y="0.0">Vulnerability Database</y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-              <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
-              <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
-              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
-            </y:GroupNode>
-            <y:GroupNode>
-              <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
-              <y:Fill color="#F5F5F5" transparent="false"/>
-              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 1</y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-              <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
-              <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
-              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
-            </y:GroupNode>
-          </y:Realizers>
-        </y:ProxyAutoBoundsNode>
-      </data>
-      <graph edgedefault="directed" id="n13:">
-        <node id="n13::n0">
-          <data key="d6">
-            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
-              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="411.5802781289507" y="711.8409153761062"/>
-              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="117.970703125" x="9.434370308549205" y="23.548005886535975">CVE DB (NVD / JVN)<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-            </y:GenericNode>
-          </data>
-        </node>
-        <node id="n13::n1">
-          <data key="d6">
-            <y:GenericNode configuration="com.yworks.flowchart.dataBase">
-              <y:Geometry height="65.22882427307195" width="136.83944374209864" x="244.74083438685204" y="711.8409153761062"/>
-              <y:Fill color="#E8EEF7" color2="#B7C9E3" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="55.533203125" x="40.653120308549205" y="23.548005886535975">OVAL DB<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="-8.326672684688674E-16" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-            </y:GenericNode>
-          </data>
-        </node>
-      </graph>
-    </node>
-    <edge id="e0" source="n2" target="n1">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="45.22123893805309" tx="0.0" ty="-20.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e1" source="n1" target="n3">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="-40.0" sy="0.0" tx="0.0" ty="-28.0">
-            <y:Point x="144.0" y="226.44247787610618"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="56.98046875" x="-257.65322875976574" y="2.0000035108718635">Debian
-Ubuntu
-Raspbian<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="1.9999999999998863" distanceToCenter="false" position="left" ratio="0.8652035780364729" segment="0"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e2" source="n3" target="n4">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.554993678887485"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e3" source="n4" target="n5">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="25.554993678887485" tx="0.0" ty="-28.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e4" source="n5" target="n6">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-25.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e5" source="n6" target="n7">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="68.5" sy="0.0" tx="0.0" ty="-28.0">
-            <y:Point x="743.3698412698412" y="570.8409153761062"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e6" source="n1" target="n8">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="40.0" sy="0.0" tx="0.0" ty="-28.0">
-            <y:Point x="743.3698412698412" y="226.44247787610618"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="46.3984375" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="51.806640625" x="200.87829463898197" y="4.000003510871693">Amazon
-RHEL
-FreeBSD<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="6.999999999999886" distanceToCenter="false" position="right" ratio="0.8192728556300707" segment="-1"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e7" source="n0" target="n2">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-45.22123893805309"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e8" source="n7" target="n9">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-28.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e9" source="n1" target="n10">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="20.0" tx="0.0" ty="-28.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:EdgeLabel alignment="center" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="46.708984375" x="-53.35447755843876" y="5.000003510871807">CentOS<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="right" ratio="0.0" segment="0"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e10" source="n10" target="n11">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="28.0" tx="0.0" ty="-28.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e11" source="n11" target="n7">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="-24.34091537610618">
-            <y:Point x="743.3698412698412" y="487.8409153761062"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e12" source="n8" target="n12">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e13" source="n12" target="n7">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e14" source="n9" target="n13">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="10.8330078125"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e15" source="n1" target="n7">
-      <data key="d9"/>
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
-            <y:Point x="999.0" y="226.44247787610618"/>
-            <y:Point x="999.0" y="570.8409153761062"/>
-            <y:Point x="743.3698412698412" y="570.8409153761062"/>
-          </y:Path>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:EdgeLabel alignment="right" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="32.265625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="76.8203125" x="422.923942251054" y="13.867191010871807">Alpine Linux
-SUSE<y:LabelModel>
-              <y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="right" ratio="0.8856709076027529" segment="0"/>
-            </y:ModelParameter>
-            <y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/>
-          </y:EdgeLabel>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-  </graph>
-  <data key="d7">
-    <y:Resources/>
-  </data>
-</graphml>
--- a/img/vuls-scan-flow.png
+++ b/img/vuls-scan-flow.png
--- a/img/vuls-slack-ja.png
+++ b/img/vuls-slack-ja.png
--- a/img/vuls-usecase-elb-rails-rds-all.graphml
+++ b/img/vuls-usecase-elb-rails-rds-all.graphml
@@ -1,265 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
-  <!--Created by yEd 3.14.2-->
-  <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
-  <key for="port" id="d1" yfiles.type="portgraphics"/>
-  <key for="port" id="d2" yfiles.type="portgeometry"/>
-  <key for="port" id="d3" yfiles.type="portuserdata"/>
-  <key attr.name="url" attr.type="string" for="node" id="d4"/>
-  <key attr.name="description" attr.type="string" for="node" id="d5"/>
-  <key for="node" id="d6" yfiles.type="nodegraphics"/>
-  <key for="graphml" id="d7" yfiles.type="resources"/>
-  <key attr.name="url" attr.type="string" for="edge" id="d8"/>
-  <key attr.name="description" attr.type="string" for="edge" id="d9"/>
-  <key for="edge" id="d10" yfiles.type="edgegraphics"/>
-  <graph edgedefault="directed" id="G">
-    <data key="d0"/>
-    <node id="n0">
-      <data key="d6">
-        <y:ShapeNode>
-          <y:Geometry height="50.0" width="73.25" x="478.6165008544913" y="1358.206868489578"/>
-          <y:Fill color="#C0C0C0" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="28.87890625" x="22.185546875" y="15.93359375">Vuls<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-          <y:Shape type="roundrectangle"/>
-        </y:ShapeNode>
-      </data>
-    </node>
-    <node id="n1">
-      <data key="d6">
-        <y:ShapeNode>
-          <y:Geometry height="50.0" width="73.25" x="711.9623756408686" y="1043.7241210937468"/>
-          <y:Fill color="#C0C0C0" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="38.623046875" x="17.3134765625" y="15.93359375">Nginx<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-          <y:Shape type="roundrectangle"/>
-        </y:ShapeNode>
-      </data>
-    </node>
-    <node id="n2">
-      <data key="d6">
-        <y:ShapeNode>
-          <y:Geometry height="50.0" width="73.25" x="711.9623756408686" y="1287.206868489578"/>
-          <y:Fill color="#C0C0C0" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="42.7890625" x="15.23046875" y="15.93359375">MySQL<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-          <y:Shape type="roundrectangle"/>
-        </y:ShapeNode>
-      </data>
-    </node>
-    <node id="n3" yfiles.foldertype="group">
-      <data key="d4"/>
-      <data key="d6">
-        <y:ProxyAutoBoundsNode>
-          <y:Realizers active="0">
-            <y:GroupNode>
-              <y:Geometry height="101.666015625" width="291.7208747863772" x="602.72693824768" y="1146.2994791666624"/>
-              <y:Fill color="#F5F5F5" transparent="false"/>
-              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="291.7208747863772" x="0.0" y="0.0">Web/App</y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-              <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
-              <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
-              <y:BorderInsets bottom="0" bottomF="0.0" left="23" leftF="23.0" right="0" rightF="0.0" top="0" topF="0.0"/>
-            </y:GroupNode>
-            <y:GroupNode>
-              <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
-              <y:Fill color="#F5F5F5" transparent="false"/>
-              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 5</y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-              <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
-              <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
-              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
-            </y:GroupNode>
-          </y:Realizers>
-        </y:ProxyAutoBoundsNode>
-      </data>
-      <graph edgedefault="directed" id="n3:">
-        <node id="n3::n0">
-          <data key="d6">
-            <y:ShapeNode>
-              <y:Geometry height="50.0" width="73.25" x="640.72693824768" y="1182.9654947916624"/>
-              <y:Fill color="#C0C0C0" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="31.26953125" x="20.990234375" y="15.93359375">Rails<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-            </y:ShapeNode>
-          </data>
-        </node>
-        <node id="n3::n1">
-          <data key="d6">
-            <y:ShapeNode>
-              <y:Geometry height="50.0" width="73.25" x="723.4623756408686" y="1182.9654947916624"/>
-              <y:Fill color="#C0C0C0" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="31.26953125" x="20.990234375" y="15.93359375">Rails<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-            </y:ShapeNode>
-          </data>
-        </node>
-        <node id="n3::n2">
-          <data key="d6">
-            <y:ShapeNode>
-              <y:Geometry height="50.0" width="73.25" x="806.1978130340572" y="1182.9654947916624"/>
-              <y:Fill color="#C0C0C0" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="31.26953125" x="20.990234375" y="15.93359375">Rails<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-            </y:ShapeNode>
-          </data>
-        </node>
-      </graph>
-    </node>
-    <node id="n4">
-      <data key="d6">
-        <y:ShapeNode>
-          <y:Geometry height="50.0" width="73.25" x="821.1978130340572" y="1287.206868489578"/>
-          <y:Fill color="#C0C0C0" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="35.412109375" x="18.9189453125" y="15.93359375">Redis<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-          <y:Shape type="roundrectangle"/>
-        </y:ShapeNode>
-      </data>
-    </node>
-    <edge id="e0" source="n3" target="n1">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e1" source="n3" target="n2">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e2" source="n0" target="n3::n0">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="dashed" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e3" source="n0" target="n3::n1">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="dashed" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e4" source="n0" target="n3::n2">
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="dashed" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e5" source="n3" target="n4">
-      <data key="d9"/>
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e6" source="n0" target="n4">
-      <data key="d9"/>
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="dashed" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e7" source="n0" target="n1">
-      <data key="d9"/>
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="dashed" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e8" source="n0" target="n2">
-      <data key="d9"/>
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="dashed" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-  </graph>
-  <data key="d7">
-    <y:Resources/>
-  </data>
-</graphml>
--- a/img/vuls-usecase-elb-rails-rds-all.png
+++ b/img/vuls-usecase-elb-rails-rds-all.png
--- a/img/vuls-usecase-elb-rails-rds-single.graphml
+++ b/img/vuls-usecase-elb-rails-rds-single.graphml
@@ -1,194 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
-  <!--Created by yEd 3.14.2-->
-  <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
-  <key for="port" id="d1" yfiles.type="portgraphics"/>
-  <key for="port" id="d2" yfiles.type="portgeometry"/>
-  <key for="port" id="d3" yfiles.type="portuserdata"/>
-  <key attr.name="url" attr.type="string" for="node" id="d4"/>
-  <key attr.name="description" attr.type="string" for="node" id="d5"/>
-  <key for="node" id="d6" yfiles.type="nodegraphics"/>
-  <key for="graphml" id="d7" yfiles.type="resources"/>
-  <key attr.name="url" attr.type="string" for="edge" id="d8"/>
-  <key attr.name="description" attr.type="string" for="edge" id="d9"/>
-  <key for="edge" id="d10" yfiles.type="edgegraphics"/>
-  <graph edgedefault="directed" id="G">
-    <data key="d0"/>
-    <node id="n0">
-      <data key="d5"/>
-      <data key="d6">
-        <y:ShapeNode>
-          <y:Geometry height="50.0" width="73.25" x="508.30825042724564" y="1132.4827473958312"/>
-          <y:Fill color="#C0C0C0" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="28.87890625" x="22.185546875" y="15.93359375">Vuls<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-          <y:Shape type="roundrectangle"/>
-        </y:ShapeNode>
-      </data>
-    </node>
-    <node id="n1">
-      <data key="d5"/>
-      <data key="d6">
-        <y:ShapeNode>
-          <y:Geometry height="50.0" width="73.25" x="749.6541252136229" y="993.2413736979156"/>
-          <y:Fill color="#C0C0C0" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="23.8046875" x="24.72265625" y="15.93359375">ELB<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-          <y:Shape type="roundrectangle"/>
-        </y:ShapeNode>
-      </data>
-    </node>
-    <node id="n2">
-      <data key="d5"/>
-      <data key="d6">
-        <y:ShapeNode>
-          <y:Geometry height="50.0" width="73.25" x="749.6541252136229" y="1236.7241210937468"/>
-          <y:Fill color="#C0C0C0" transparent="false"/>
-          <y:BorderStyle color="#000000" type="line" width="1.0"/>
-          <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="27.0390625" x="23.10546875" y="15.93359375">RDS<y:LabelModel>
-              <y:SmartNodeLabelModel distance="4.0"/>
-            </y:LabelModel>
-            <y:ModelParameter>
-              <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-            </y:ModelParameter>
-          </y:NodeLabel>
-          <y:Shape type="roundrectangle"/>
-        </y:ShapeNode>
-      </data>
-    </node>
-    <node id="n3" yfiles.foldertype="group">
-      <data key="d4"/>
-      <data key="d5"/>
-      <data key="d6">
-        <y:ProxyAutoBoundsNode>
-          <y:Realizers active="0">
-            <y:GroupNode>
-              <y:Geometry height="101.666015625" width="291.7208747863772" x="640.4186878204343" y="1095.8167317708312"/>
-              <y:Fill color="#F5F5F5" transparent="false"/>
-              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="291.7208747863772" x="0.0" y="0.0">Web/App</y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-              <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
-              <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
-              <y:BorderInsets bottom="0" bottomF="0.0" left="23" leftF="23.0" right="0" rightF="0.0" top="0" topF="0.0"/>
-            </y:GroupNode>
-            <y:GroupNode>
-              <y:Geometry height="50.0" width="50.0" x="0.0" y="60.0"/>
-              <y:Fill color="#F5F5F5" transparent="false"/>
-              <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
-              <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="21.666015625" modelName="internal" modelPosition="t" textColor="#000000" visible="true" width="63.75830078125" x="-6.879150390625" y="0.0">Folder 5</y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-              <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
-              <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
-              <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
-            </y:GroupNode>
-          </y:Realizers>
-        </y:ProxyAutoBoundsNode>
-      </data>
-      <graph edgedefault="directed" id="n3:">
-        <node id="n3::n0">
-          <data key="d5"/>
-          <data key="d6">
-            <y:ShapeNode>
-              <y:Geometry height="50.0" width="73.25" x="678.4186878204343" y="1132.4827473958312"/>
-              <y:Fill color="#C0C0C0" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="31.26953125" x="20.990234375" y="15.93359375">Rails<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-            </y:ShapeNode>
-          </data>
-        </node>
-        <node id="n3::n1">
-          <data key="d5"/>
-          <data key="d6">
-            <y:ShapeNode>
-              <y:Geometry height="50.0" width="73.25" x="761.1541252136229" y="1132.4827473958312"/>
-              <y:Fill color="#C0C0C0" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="31.26953125" x="20.990234375" y="15.93359375">Rails<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-            </y:ShapeNode>
-          </data>
-        </node>
-        <node id="n3::n2">
-          <data key="d5"/>
-          <data key="d6">
-            <y:ShapeNode>
-              <y:Geometry height="50.0" width="73.25" x="843.8895626068115" y="1132.4827473958312"/>
-              <y:Fill color="#C0C0C0" transparent="false"/>
-              <y:BorderStyle color="#000000" type="line" width="1.0"/>
-              <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.1328125" modelName="custom" textColor="#000000" visible="true" width="31.26953125" x="20.990234375" y="15.93359375">Rails<y:LabelModel>
-                  <y:SmartNodeLabelModel distance="4.0"/>
-                </y:LabelModel>
-                <y:ModelParameter>
-                  <y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
-                </y:ModelParameter>
-              </y:NodeLabel>
-              <y:Shape type="roundrectangle"/>
-            </y:ShapeNode>
-          </data>
-        </node>
-      </graph>
-    </node>
-    <edge id="e0" source="n3" target="n1">
-      <data key="d9"/>
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e1" source="n3" target="n2">
-      <data key="d9"/>
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="none"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-    <edge id="e2" source="n0" target="n3::n0">
-      <data key="d9"/>
-      <data key="d10">
-        <y:PolyLineEdge>
-          <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
-          <y:LineStyle color="#000000" type="line" width="1.0"/>
-          <y:Arrows source="none" target="standard"/>
-          <y:BendStyle smoothed="false"/>
-        </y:PolyLineEdge>
-      </data>
-    </edge>
-  </graph>
-  <data key="d7">
-    <y:Resources/>
-  </data>
-</graphml>
--- a/img/vuls-usecase-elb-rails-rds-single.png
+++ b/img/vuls-usecase-elb-rails-rds-single.png
--- a/libmanager/libManager.go
+++ b/libmanager/libManager.go
@@ -1,33 +1,112 @@
 package libmanager

 import (
-	"github.com/aquasecurity/trivy/pkg/db"
-	"github.com/aquasecurity/trivy/pkg/log"
+	"context"

+	db2 "github.com/aquasecurity/trivy-db/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/github"
+	"github.com/aquasecurity/trivy/pkg/indicator"
+	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/spf13/afero"
+	"golang.org/x/xerrors"
+	"k8s.io/utils/clock"
+
+	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
+	"github.com/future-architect/vuls/util"
 )

-// FillLibrary fills LibraryScanner informations
-func FillLibrary(r *models.ScanResult) (totalCnt int, err error) {
+// DetectLibsCves fills LibraryScanner information
+func DetectLibsCves(r *models.ScanResult) (err error) {
+	totalCnt := 0
+	if len(r.LibraryScanners) == 0 {
+		return
+	}
+
 	// initialize trivy's logger and db
 	err = log.InitLogger(false, false)
 	if err != nil {
-		return 0, err
+		return err
 	}
-	if err := db.Init(); err != nil {
-		return 0, err
+
+	util.Log.Info("Updating library db...")
+	if err := downloadDB(config.Version, config.Conf.TrivyCacheDBDir, config.Conf.NoProgress, false, false); err != nil {
+		return err
 	}
+
+	if err := db2.Init(config.Conf.TrivyCacheDBDir); err != nil {
+		return err
+	}
+	defer db2.Close()
+
 	for _, lib := range r.LibraryScanners {
 		vinfos, err := lib.Scan()
 		if err != nil {
-			return 0, err
+			return err
 		}
 		for _, vinfo := range vinfos {
-			r.ScannedCves[vinfo.CveID] = vinfo
+			vinfo.Confidences.AppendIfMissing(models.TrivyMatch)
+			if v, ok := r.ScannedCves[vinfo.CveID]; !ok {
+				r.ScannedCves[vinfo.CveID] = vinfo
+			} else {
+				v.LibraryFixedIns = append(v.LibraryFixedIns, vinfo.LibraryFixedIns...)
+				r.ScannedCves[vinfo.CveID] = v
+			}
 		}
 		totalCnt += len(vinfos)
 	}
-	db.Close()

-	return totalCnt, nil
+	util.Log.Infof("%s: %d CVEs are detected with Library",
+		r.FormatServerName(), totalCnt)
+
+	return nil
+}
+
+func downloadDB(appVersion, cacheDir string, quiet, light, skipUpdate bool) error {
+	client := initializeDBClient(cacheDir, quiet)
+	ctx := context.Background()
+	needsUpdate, err := client.NeedsUpdate(appVersion, light, skipUpdate)
+	if err != nil {
+		return xerrors.Errorf("database error: %w", err)
+	}
+
+	if needsUpdate {
+		util.Log.Info("Need to update DB")
+		util.Log.Info("Downloading DB...")
+		if err := client.Download(ctx, cacheDir, light); err != nil {
+			return xerrors.Errorf("failed to download vulnerability DB: %w", err)
+		}
+		if err = client.UpdateMetadata(cacheDir); err != nil {
+			return xerrors.Errorf("unable to update database metadata: %w", err)
+		}
+	}
+
+	// for debug
+	if err := showDBInfo(cacheDir); err != nil {
+		return xerrors.Errorf("failed to show database info: %w", err)
+	}
+	return nil
+}
+
+func initializeDBClient(cacheDir string, quiet bool) db.Client {
+	config := db2.Config{}
+	client := github.NewClient()
+	progressBar := indicator.NewProgressBar(quiet)
+	realClock := clock.RealClock{}
+	fs := afero.NewOsFs()
+	metadata := db.NewMetadata(fs, cacheDir)
+	dbClient := db.NewClient(config, client, progressBar, realClock, metadata)
+	return dbClient
+}
+
+func showDBInfo(cacheDir string) error {
+	m := db.NewMetadata(afero.NewOsFs(), cacheDir)
+	metadata, err := m.Get()
+	if err != nil {
+		return xerrors.Errorf("something wrong with DB: %w", err)
+	}
+	util.Log.Debugf("DB Schema: %d, Type: %d, UpdatedAt: %s, NextUpdate: %s",
+		metadata.Version, metadata.Type, metadata.UpdatedAt, metadata.NextUpdate)
+	return nil
 }
--- a/models/cvecontents.go
+++ b/models/cvecontents.go
@@ -3,7 +3,7 @@ package models
 import (
 	"time"

-	"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
+	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 )

 // CveContents has CveContent
@@ -42,15 +42,23 @@ func (v CveContents) Except(exceptCtypes ...CveContentType) (values CveContents)
 	return
 }

-// SourceLinks returns link of source
-func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveContentStr) {
-	if lang == "ja" {
-		if cont, found := v[Jvn]; found && 0 < len(cont.SourceLink) {
-			values = append(values, CveContentStr{Jvn, cont.SourceLink})
+// PrimarySrcURLs returns link of source
+func (v CveContents) PrimarySrcURLs(lang, myFamily, cveID string) (values []CveContentStr) {
+	if cveID == "" {
+		return
+	}
+
+	if cont, found := v[Nvd]; found {
+		for _, r := range cont.References {
+			for _, t := range r.Tags {
+				if t == "Vendor Advisory" {
+					values = append(values, CveContentStr{Nvd, r.Link})
+				}
+			}
 		}
 	}

-	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order := CveContentTypes{Nvd, NewCveContentType(myFamily)}
 	for _, ctype := range order {
 		if cont, found := v[ctype]; found {
 			if cont.SourceLink == "" {
@@ -60,6 +68,12 @@ func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveCont
 		}
 	}

+	if lang == "ja" {
+		if cont, found := v[Jvn]; found && 0 < len(cont.SourceLink) {
+			values = append(values, CveContentStr{Jvn, cont.SourceLink})
+		}
+	}
+
 	if len(values) == 0 {
 		return []CveContentStr{{
 			Type:  Nvd,
@@ -69,6 +83,22 @@ func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveCont
 	return values
 }

+// PatchURLs returns link of patch
+func (v CveContents) PatchURLs() (urls []string) {
+	cont, found := v[Nvd]
+	if !found {
+		return
+	}
+	for _, r := range cont.References {
+		for _, t := range r.Tags {
+			if t == "Patch" {
+				urls = append(urls, r.Link)
+			}
+		}
+	}
+	return
+}
+
 /*
 // Severities returns Severities
 func (v CveContents) Severities(myFamily string) (values []CveContentStr) {
@@ -184,7 +214,6 @@ type CveContent struct {
 	CweIDs        []string          `json:"cweIDs,omitempty"`
 	Published     time.Time         `json:"published"`
 	LastModified  time.Time         `json:"lastModified"`
-	Mitigation    string            `json:"mitigation"` // RedHat API
 	Optional      map[string]string `json:"optional,omitempty"`
 }

@@ -199,8 +228,6 @@ type CveContentType string
 // NewCveContentType create CveContentType
 func NewCveContentType(name string) CveContentType {
 	switch name {
-	case "nvdxml":
-		return NvdXML
 	case "nvd":
 		return Nvd
 	case "jvn":
@@ -220,29 +247,18 @@ func NewCveContentType(name string) CveContentType {
 	case "microsoft":
 		return Microsoft
 	case "wordpress":
-		return WPVulnDB
+		return WpScan
 	case "amazon":
 		return Amazon
-	case vulnerability.NodejsSecurityWg:
-		return NodeSec
-	case vulnerability.PythonSafetyDB:
-		return PythonSec
-	case vulnerability.RustSec:
-		return RustSec
-	case vulnerability.PhpSecurityAdvisories:
-		return PhpSec
-	case vulnerability.RubySec:
-		return RubySec
+	case "trivy":
+		return Trivy
 	default:
 		return Unknown
 	}
 }

 const (
-	// NvdXML is NvdXML
-	NvdXML CveContentType = "nvdxml"
-
-	// Nvd is Nvd
+	// Nvd is Nvd JSON
 	Nvd CveContentType = "nvd"

 	// Jvn is Jvn
@@ -254,7 +270,7 @@ const (
 	// RedHatAPI is RedHat
 	RedHatAPI CveContentType = "redhat_api"

-	// DebianSecurityTracker is Debian Secury tracker
+	// DebianSecurityTracker is Debian Security tracker
 	DebianSecurityTracker CveContentType = "debian_security_tracker"

 	// Debian is Debian
@@ -275,23 +291,11 @@ const (
 	// Microsoft is Microsoft
 	Microsoft CveContentType = "microsoft"

-	// WPVulnDB is WordPress
-	WPVulnDB CveContentType = "wpvulndb"
+	// WpScan is WordPress
+	WpScan CveContentType = "wpscan"

-	// NodeSec : for JS
-	NodeSec CveContentType = "node"
-
-	// PythonSec : for PHP
-	PythonSec CveContentType = "python"
-
-	// PhpSec : for PHP
-	PhpSec CveContentType = "php"
-
-	// RubySec : for Ruby
-	RubySec CveContentType = "ruby"
-
-	// RustSec : for Rust
-	RustSec CveContentType = "rust"
+	// Trivy is Trivy
+	Trivy CveContentType = "trivy"

 	// Unknown is Unknown
 	Unknown CveContentType = "unknown"
@@ -303,7 +307,6 @@ type CveContentTypes []CveContentType
 // AllCveContetTypes has all of CveContentTypes
 var AllCveContetTypes = CveContentTypes{
 	Nvd,
-	NvdXML,
 	Jvn,
 	RedHat,
 	RedHatAPI,
@@ -312,12 +315,8 @@ var AllCveContetTypes = CveContentTypes{
 	Amazon,
 	SUSE,
 	DebianSecurityTracker,
-	WPVulnDB,
-	NodeSec,
-	PythonSec,
-	PhpSec,
-	RubySec,
-	RustSec,
+	WpScan,
+	Trivy,
 }

 // Except returns CveContentTypes except for given args
@@ -348,7 +347,8 @@ type References []Reference

 // Reference has a related link of the CVE
 type Reference struct {
-	Source string `json:"source"`
-	Link   string `json:"link"`
-	RefID  string `json:"refID"`
+	Link   string   `json:"link,omitempty"`
+	Source string   `json:"source,omitempty"`
+	RefID  string   `json:"refID,omitempty"`
+	Tags   []string `json:"tags,omitempty"`
 }
--- a/models/cvecontents_test.go
+++ b/models/cvecontents_test.go
@@ -52,25 +52,43 @@ func TestSourceLinks(t *testing.T) {
 						Type:       RedHat,
 						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
 					},
-					NvdXML: {
-						Type:       NvdXML,
+					Nvd: {
+						Type: Nvd,
+						References: []Reference{
+							{
+								Link:   "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E",
+								Source: "",
+								RefID:  "",
+								Tags:   []string{"Vendor Advisory"},
+							},
+							{
+								Link:   "http://yahoo.com",
+								Source: "",
+								RefID:  "",
+								Tags:   []string{"Vendor"},
+							},
+						},
 						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 					},
 				},
 			},
 			out: []CveContentStr{
 				{
-					Type:  Jvn,
-					Value: "https://jvn.jp/vu/JVNVU93610402/",
+					Type:  Nvd,
+					Value: "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E",
 				},
 				{
-					Type:  NvdXML,
+					Type:  Nvd,
 					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
 				},
 				{
 					Type:  RedHat,
 					Value: "https://access.redhat.com/security/cve/CVE-2017-6074",
 				},
+				{
+					Type:  Jvn,
+					Value: "https://jvn.jp/vu/JVNVU93610402/",
+				},
 			},
 		},
 		// lang: en
@@ -87,17 +105,9 @@ func TestSourceLinks(t *testing.T) {
 						Type:       RedHat,
 						SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
 					},
-					NvdXML: {
-						Type:       NvdXML,
-						SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
-					},
 				},
 			},
 			out: []CveContentStr{
-				{
-					Type:  NvdXML,
-					Value: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
-				},
 				{
 					Type:  RedHat,
 					Value: "https://access.redhat.com/security/cve/CVE-2017-6074",
@@ -120,71 +130,9 @@ func TestSourceLinks(t *testing.T) {
 		},
 	}
 	for i, tt := range tests {
-		actual := tt.in.cont.SourceLinks(tt.in.lang, "redhat", tt.in.cveID)
+		actual := tt.in.cont.PrimarySrcURLs(tt.in.lang, "redhat", tt.in.cveID)
 		if !reflect.DeepEqual(tt.out, actual) {
 			t.Errorf("\n[%d] expected: %v\n  actual: %v\n", i, tt.out, actual)
 		}
 	}
 }
-
-func TestVendorLink(t *testing.T) {
-	type in struct {
-		family string
-		vinfo  VulnInfo
-	}
-	var tests = []struct {
-		in  in
-		out map[string]string
-	}{
-		{
-			in: in{
-				family: "redhat",
-				vinfo: VulnInfo{
-					CveID: "CVE-2017-6074",
-					CveContents: CveContents{
-						Jvn: {
-							Type:       Jvn,
-							SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
-						},
-						RedHat: {
-							Type:       RedHat,
-							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
-						},
-						NvdXML: {
-							Type:       NvdXML,
-							SourceLink: "https://nvd.nist.gov/vuln/detail/CVE-2017-6074",
-						},
-					},
-				},
-			},
-			out: map[string]string{
-				"RHEL-CVE": "https://access.redhat.com/security/cve/CVE-2017-6074",
-			},
-		},
-		{
-			in: in{
-				family: "ubuntu",
-				vinfo: VulnInfo{
-					CveID: "CVE-2017-6074",
-					CveContents: CveContents{
-						RedHat: {
-							Type:       Ubuntu,
-							SourceLink: "https://access.redhat.com/security/cve/CVE-2017-6074",
-						},
-					},
-				},
-			},
-			out: map[string]string{
-				"Ubuntu-CVE": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074",
-			},
-		},
-	}
-	for _, tt := range tests {
-		actual := tt.in.vinfo.VendorLinks(tt.in.family)
-		for k := range tt.out {
-			if tt.out[k] != actual[k] {
-				t.Errorf("\nexpected: %s\n  actual: %s\n", tt.out[k], actual[k])
-			}
-		}
-	}
-}
--- a/models/library.go
+++ b/models/library.go
@@ -3,15 +3,40 @@ package models
 import (
 	"path/filepath"

-	"github.com/aquasecurity/trivy/pkg/scanner/library"
-	"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
+	"github.com/aquasecurity/trivy-db/pkg/db"
+	trivyDBTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/detector/library"
+
+	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/future-architect/vuls/util"
 	"golang.org/x/xerrors"
-
-	"github.com/aquasecurity/go-dep-parser/pkg/types"
-	"github.com/knqyf263/go-version"
+	// "github.com/aquasecurity/go-dep-parser/pkg/types"
 )

+// LibraryScanners is an array of LibraryScanner
+type LibraryScanners []LibraryScanner
+
+// Find : find by name
+func (lss LibraryScanners) Find(path, name string) map[string]types.Library {
+	filtered := map[string]types.Library{}
+	for _, ls := range lss {
+		for _, lib := range ls.Libs {
+			if ls.Path == path && lib.Name == name {
+				filtered[ls.Path] = lib
+				break
+			}
+		}
+	}
+	return filtered
+}
+
+func (lss LibraryScanners) Total() (total int) {
+	for _, lib := range lss {
+		total += len(lib.Libs)
+	}
+	return
+}
+
 // LibraryScanner has libraries information
 type LibraryScanner struct {
 	Path string
@@ -20,29 +45,19 @@ type LibraryScanner struct {

 // Scan : scan target library
 func (s LibraryScanner) Scan() ([]VulnInfo, error) {
-	scanner := library.NewScanner(filepath.Base(string(s.Path)))
-	if scanner == nil {
-		return nil, xerrors.New("unknown file type")
-	}
-
-	util.Log.Info("Updating library db...")
-	err := scanner.UpdateDB()
+	scanner, err := library.DriverFactory{}.NewDriver(filepath.Base(string(s.Path)))
 	if err != nil {
-		return nil, xerrors.Errorf("failed to update %s advisories: %w", scanner.Type(), err)
+		return nil, xerrors.Errorf("Failed to new a library driver: %w", err)
 	}
-
-	var vulnerabilities []VulnInfo
+	var vulnerabilities = []VulnInfo{}
 	for _, pkg := range s.Libs {
-		v, err := version.NewVersion(pkg.Version)
-		if err != nil {
-			util.Log.Debugf("new version cant detected %s@%s", pkg.Name, pkg.Version)
-			continue
-		}
-
-		tvulns, err := scanner.Detect(pkg.Name, v)
+		tvulns, err := scanner.Detect(pkg.Name, pkg.Version)
 		if err != nil {
 			return nil, xerrors.Errorf("failed to detect %s vulnerabilities: %w", scanner.Type(), err)
 		}
+		if len(tvulns) == 0 {
+			continue
+		}

 		vulns := s.convertFanalToVuln(tvulns)
 		vulnerabilities = append(vulnerabilities, vulns...)
@@ -51,68 +66,55 @@ func (s LibraryScanner) Scan() ([]VulnInfo, error) {
 	return vulnerabilities, nil
 }

-func (s LibraryScanner) convertFanalToVuln(tvulns []vulnerability.DetectedVulnerability) (vulns []VulnInfo) {
+func (s LibraryScanner) convertFanalToVuln(tvulns []types.DetectedVulnerability) (vulns []VulnInfo) {
 	for _, tvuln := range tvulns {
-		vinfo, _ := s.getVulnDetail(tvuln)
+		vinfo, err := s.getVulnDetail(tvuln)
+		if err != nil {
+			util.Log.Debugf("failed to getVulnDetail. err: %s, tvuln: %#v", err, tvuln)
+			continue
+		}
 		vulns = append(vulns, vinfo)
 	}
 	return vulns
 }

-func (s LibraryScanner) getVulnDetail(tvuln vulnerability.DetectedVulnerability) (vinfo VulnInfo, err error) {
-	details, err := vulnerability.Get(tvuln.VulnerabilityID)
+func (s LibraryScanner) getVulnDetail(tvuln types.DetectedVulnerability) (vinfo VulnInfo, err error) {
+	vul, err := db.Config{}.GetVulnerability(tvuln.VulnerabilityID)
 	if err != nil {
 		return vinfo, err
-	} else if len(details) == 0 {
-		return vinfo, xerrors.Errorf("Unknown vulnID : %s", tvuln.VulnerabilityID)
 	}
-	vinfo.CveID = tvuln.VulnerabilityID
-	vinfo.CveContents = getCveContents(details)
-	if tvuln.FixedVersion != "" {

+	vinfo.CveID = tvuln.VulnerabilityID
+	vinfo.CveContents = getCveContents(tvuln.VulnerabilityID, vul)
+	if tvuln.FixedVersion != "" {
 		vinfo.LibraryFixedIns = []LibraryFixedIn{
 			{
 				Key:     s.GetLibraryKey(),
 				Name:    tvuln.PkgName,
 				FixedIn: tvuln.FixedVersion,
+				Path:    s.Path,
 			},
 		}
 	}
 	return vinfo, nil
 }

-func getCveContents(details map[string]vulnerability.Vulnerability) (contents map[CveContentType]CveContent) {
+func getCveContents(cveID string, vul trivyDBTypes.Vulnerability) (contents map[CveContentType]CveContent) {
 	contents = map[CveContentType]CveContent{}
-	for source, detail := range details {
-		refs := []Reference{}
-		for _, refURL := range detail.References {
-			refs = append(refs, Reference{Source: refURL, Link: refURL})
-		}
-
-		content := CveContent{
-			Type:          NewCveContentType(source),
-			CveID:         detail.ID,
-			Title:         detail.Title,
-			Summary:       detail.Description,
-			Cvss3Score:    detail.CvssScoreV3,
-			Cvss3Severity: string(detail.SeverityV3),
-			Cvss2Score:    detail.CvssScore,
-			Cvss2Severity: string(detail.Severity),
-			References:    refs,
-
-			//SourceLink    string            `json:"sourceLink"`
-			//Cvss2Vector   string            `json:"cvss2Vector"`
-			//Cvss3Vector   string            `json:"cvss3Vector"`
-			//Cvss3Severity string            `json:"cvss3Severity"`
-			//Cpes          []Cpe             `json:"cpes,omitempty"`
-			//CweIDs        []string          `json:"cweIDs,omitempty"`
-			//Published     time.Time         `json:"published"`
-			//LastModified  time.Time         `json:"lastModified"`
-			//Mitigation    string            `json:"mitigation"` // RedHat API
-			//Optional      map[string]string `json:"optional,omitempty"`
-		}
-		contents[NewCveContentType(source)] = content
+	refs := []Reference{}
+	for _, refURL := range vul.References {
+		refs = append(refs, Reference{Source: "trivy", Link: refURL})
 	}
+
+	content := CveContent{
+		Type:          Trivy,
+		CveID:         cveID,
+		Title:         vul.Title,
+		Summary:       vul.Description,
+		Cvss3Severity: string(vul.Severity),
+		References:    refs,
+	}
+	contents[Trivy] = content
 	return contents
 }

@@ -122,7 +124,7 @@ var LibraryMap = map[string]string{
 	"yarn.lock":         "node",
 	"Gemfile.lock":      "ruby",
 	"Cargo.lock":        "rust",
-	"composer.json":     "php",
+	"composer.lock":     "php",
 	"Pipfile.lock":      "python",
 	"poetry.lock":       "python",
 }
@@ -138,4 +140,5 @@ type LibraryFixedIn struct {
 	Key     string `json:"key,omitempty"`
 	Name    string `json:"name,omitempty"`
 	FixedIn string `json:"fixedIn,omitempty"`
+	Path    string `json:"path,omitempty"`
 }
--- a/models/library_test.go
+++ b/models/library_test.go
@@ -1,52 +1,96 @@
 package models

 import (
+	"reflect"
 	"testing"

-	godeptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
-	"github.com/aquasecurity/trivy/pkg/db"
-	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/types"
 )

-func TestScan(t *testing.T) {
-	var tests = []struct {
+func TestLibraryScanners_Find(t *testing.T) {
+	type args struct {
 		path string
-		pkgs []godeptypes.Library
+		name string
+	}
+	tests := []struct {
+		name string
+		lss  LibraryScanners
+		args args
+		want map[string]types.Library
 	}{
 		{
-			path: "app/package-lock.json",
-			pkgs: []godeptypes.Library{
+			name: "single file",
+			lss: LibraryScanners{
 				{
-					Name:    "jquery",
-					Version: "2.2.4",
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
 				},
-				{
-					Name:    "@babel/traverse",
-					Version: "7.4.4",
+			},
+			args: args{"/pathA", "libA"},
+			want: map[string]types.Library{
+				"/pathA": {
+					Name:    "libA",
+					Version: "1.0.0",
 				},
 			},
 		},
+		{
+			name: "multi file",
+			lss: LibraryScanners{
+				{
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
+				},
+				{
+					Path: "/pathB",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.5",
+						},
+					},
+				},
+			},
+			args: args{"/pathA", "libA"},
+			want: map[string]types.Library{
+				"/pathA": {
+					Name:    "libA",
+					Version: "1.0.0",
+				},
+			},
+		},
+		{
+			name: "miss",
+			lss: LibraryScanners{
+				{
+					Path: "/pathA",
+					Libs: []types.Library{
+						{
+							Name:    "libA",
+							Version: "1.0.0",
+						},
+					},
+				},
+			},
+			args: args{"/pathA", "libB"},
+			want: map[string]types.Library{},
+		},
 	}
-
-	if err := log.InitLogger(false, false); err != nil {
-		t.Errorf("trivy logger failed")
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.lss.Find(tt.args.path, tt.args.name); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("LibraryScanners.Find() = %v, want %v", got, tt.want)
+			}
+		})
 	}
-
-	if err := db.Init(); err != nil {
-		t.Errorf("trivy db.Init failed")
-	}
-	for _, v := range tests {
-		lib := LibraryScanner{
-			Path: v.path,
-			Libs: v.pkgs,
-		}
-		actual, err := lib.Scan()
-		if err != nil {
-			t.Errorf("error occurred")
-		}
-		if len(actual) == 0 {
-			t.Errorf("no vuln found : actual: %v\n", actual)
-		}
-	}
-	db.Close()
 }
--- a/models/packages.go
+++ b/models/packages.go
@@ -3,6 +3,7 @@ package models
 import (
 	"bytes"
 	"fmt"
+	"regexp"
 	"strings"

 	"golang.org/x/xerrors"
@@ -120,18 +121,23 @@ func (p Package) FormatNewVer() string {
 }

 // FormatVersionFromTo formats installed and new package version
-func (p Package) FormatVersionFromTo(notFixedYet bool, status string) string {
+func (p Package) FormatVersionFromTo(stat PackageFixStatus) string {
 	to := p.FormatNewVer()
-	if notFixedYet {
-		if status != "" {
-			to = status
+	if stat.NotFixedYet {
+		if stat.FixState != "" {
+			to = stat.FixState
 		} else {
 			to = "Not Fixed Yet"
 		}
 	} else if p.NewVersion == "" {
 		to = "Unknown"
 	}
-	return fmt.Sprintf("%s-%s -> %s", p.Name, p.FormatVer(), to)
+	var fixedIn string
+	if stat.FixedIn != "" {
+		fixedIn = fmt.Sprintf(" (FixedIn: %s)", stat.FixedIn)
+	}
+	return fmt.Sprintf("%s-%s -> %s%s",
+		p.Name, p.FormatVer(), to, fixedIn)
 }

 // FormatChangelog formats the changelog
@@ -168,9 +174,44 @@ type Changelog struct {

 // AffectedProcess keep a processes information affected by software update
 type AffectedProcess struct {
-	PID         string   `json:"pid,omitempty"`
-	Name        string   `json:"name,omitempty"`
-	ListenPorts []string `json:"listenPorts,omitempty"`
+	PID             string     `json:"pid,omitempty"`
+	Name            string     `json:"name,omitempty"`
+	ListenPorts     []string   `json:"listenPorts,omitempty"`
+	ListenPortStats []PortStat `json:"listenPortStats,omitempty"`
+}
+
+// PortStat has the result of parsing the port information to the address and port.
+type PortStat struct {
+	BindAddress     string   `json:"bindAddress"`
+	Port            string   `json:"port"`
+	PortReachableTo []string `json:"portReachableTo"`
+}
+
+// NewPortStat create a PortStat from ipPort str
+func NewPortStat(ipPort string) (*PortStat, error) {
+	if ipPort == "" {
+		return &PortStat{}, nil
+	}
+	sep := strings.LastIndex(ipPort, ":")
+	if sep == -1 {
+		return nil, xerrors.Errorf("Failed to parse IP:Port: %s", ipPort)
+	}
+	return &PortStat{
+		BindAddress: ipPort[:sep],
+		Port:        ipPort[sep+1:],
+	}, nil
+}
+
+// HasReachablePort checks if Package.AffectedProcs has PortReachableTo
+func (p Package) HasReachablePort() bool {
+	for _, ap := range p.AffectedProcs {
+		for _, lp := range ap.ListenPortStats {
+			if len(lp.PortReachableTo) > 0 {
+				return true
+			}
+		}
+	}
+	return false
 }

 // NeedRestartProcess keep a processes information affected by software update
@@ -222,3 +263,28 @@ func (s SrcPackages) FindByBinName(name string) (*SrcPackage, bool) {
 	}
 	return nil, false
 }
+
+// raspiPackNamePattern is a regular expression pattern to detect the Raspberry Pi specific package from the package name.
+// e.g. libraspberrypi-dev, rpi-eeprom, python3-rpi.gpio, pi-bluetooth
+var raspiPackNamePattern = regexp.MustCompile(`(.*raspberry.*|^rpi.*|.*-rpi.*|^pi-.*)`)
+
+// raspiPackNamePattern is a regular expression pattern to detect the Raspberry Pi specific package from the version.
+// e.g. ffmpeg 7:4.1.4-1+rpt7~deb10u1, vlc 3.0.10-0+deb10u1+rpt2
+var raspiPackVersionPattern = regexp.MustCompile(`.+\+rp(t|i)\d+`)
+
+// raspiPackNameList is a package name array of Raspberry Pi specific packages that are difficult to detect with regular expressions.
+var raspiPackNameList = []string{"piclone", "pipanel", "pishutdown", "piwiz", "pixflat-icons"}
+
+// IsRaspbianPackage judges whether it is a package related to Raspberry Pi from the package name and version
+func IsRaspbianPackage(name, version string) bool {
+	if raspiPackNamePattern.MatchString(name) || raspiPackVersionPattern.MatchString(version) {
+		return true
+	}
+	for _, n := range raspiPackNameList {
+		if n == name {
+			return true
+		}
+	}
+
+	return false
+}
--- a/models/packages_test.go
+++ b/models/packages_test.go
@@ -175,3 +175,256 @@ func TestFindByBinName(t *testing.T) {
 		}
 	}
 }
+
+func TestPackage_FormatVersionFromTo(t *testing.T) {
+	type fields struct {
+		Name             string
+		Version          string
+		Release          string
+		NewVersion       string
+		NewRelease       string
+		Arch             string
+		Repository       string
+		Changelog        Changelog
+		AffectedProcs    []AffectedProcess
+		NeedRestartProcs []NeedRestartProcess
+	}
+	type args struct {
+		stat PackageFixStatus
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   string
+	}{
+		{
+			name: "fixed",
+			fields: fields{
+				Name:       "packA",
+				Version:    "1.0.0",
+				Release:    "a",
+				NewVersion: "1.0.1",
+				NewRelease: "b",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: false,
+					FixedIn:     "1.0.1-b",
+				},
+			},
+			want: "packA-1.0.0-a -> 1.0.1-b (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+				},
+			},
+			want: "packA-1.0.0-a -> Not Fixed Yet",
+		},
+		{
+			name: "nfy",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: false,
+					FixedIn:     "1.0.1-b",
+				},
+			},
+			want: "packA-1.0.0-a -> Unknown (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy2",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+					FixedIn:     "1.0.1-b",
+					FixState:    "open",
+				},
+			},
+			want: "packA-1.0.0-a -> open (FixedIn: 1.0.1-b)",
+		},
+		{
+			name: "nfy3",
+			fields: fields{
+				Name:    "packA",
+				Version: "1.0.0",
+				Release: "a",
+			},
+			args: args{
+				stat: PackageFixStatus{
+					NotFixedYet: true,
+					FixedIn:     "1.0.1-b",
+					FixState:    "open",
+				},
+			},
+			want: "packA-1.0.0-a -> open (FixedIn: 1.0.1-b)",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := Package{
+				Name:             tt.fields.Name,
+				Version:          tt.fields.Version,
+				Release:          tt.fields.Release,
+				NewVersion:       tt.fields.NewVersion,
+				NewRelease:       tt.fields.NewRelease,
+				Arch:             tt.fields.Arch,
+				Repository:       tt.fields.Repository,
+				Changelog:        tt.fields.Changelog,
+				AffectedProcs:    tt.fields.AffectedProcs,
+				NeedRestartProcs: tt.fields.NeedRestartProcs,
+			}
+			if got := p.FormatVersionFromTo(tt.args.stat); got != tt.want {
+				t.Errorf("Package.FormatVersionFromTo() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_IsRaspbianPackage(t *testing.T) {
+	type args struct {
+		name string
+		ver  string
+	}
+	tests := []struct {
+		name   string
+		in     []args
+		expect []bool
+	}{
+		{
+			name: "nameRegExp",
+			in: []args{
+				{
+					name: "libraspberrypi-dev",
+					ver:  "1.20200811-1",
+				},
+				{
+					name: "rpi-eeprom",
+					ver:  "7.10-1",
+				},
+				{
+					name: "python3-rpi.gpio",
+					ver:  "0.7.0-0.1~bpo10+1",
+				},
+				{
+					name: "arping",
+					ver:  "2.19-6",
+				},
+				{
+					name: "pi-bluetooth",
+					ver:  "0.1.14",
+				},
+			},
+			expect: []bool{true, true, true, false, true, false},
+		},
+		{
+			name: "verRegExp",
+			in: []args{
+				{
+					name: "ffmpeg",
+					ver:  "7:4.1.6-1~deb10u1+rpt1",
+				},
+				{
+					name: "gcc",
+					ver:  "4:8.3.0-1+rpi2",
+				},
+			},
+			expect: []bool{true, true},
+		},
+		{
+			name: "nameList",
+			in: []args{
+				{
+					name: "piclone",
+					ver:  "0.16",
+				},
+			},
+			expect: []bool{true},
+		},
+		{
+			name: "debianPackage",
+			in: []args{
+				{
+					name: "apt",
+					ver:  "1.8.2.1",
+				},
+			},
+			expect: []bool{false},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			for i, p := range tt.in {
+				ret := IsRaspbianPackage(p.name, p.ver)
+				if !reflect.DeepEqual(ret, tt.expect[i]) {
+					t.Errorf("[%s->%s] expected: %t, actual: %t, in: %#v", tt.name, tt.in[i].name, tt.expect[i], ret, tt.in[i])
+				}
+			}
+		})
+	}
+}
+
+func Test_parseListenPorts(t *testing.T) {
+	tests := []struct {
+		name   string
+		args   string
+		expect PortStat
+	}{{
+		name: "empty",
+		args: "",
+		expect: PortStat{
+			BindAddress: "",
+			Port:        "",
+		},
+	}, {
+		name: "normal",
+		args: "127.0.0.1:22",
+		expect: PortStat{
+			BindAddress: "127.0.0.1",
+			Port:        "22",
+		},
+	}, {
+		name: "asterisk",
+		args: "*:22",
+		expect: PortStat{
+			BindAddress: "*",
+			Port:        "22",
+		},
+	}, {
+		name: "ipv6_loopback",
+		args: "[::1]:22",
+		expect: PortStat{
+			BindAddress: "[::1]",
+			Port:        "22",
+		},
+	}}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			listenPort, err := NewPortStat(tt.args)
+			if err != nil {
+				t.Errorf("unexpected error occurred: %s", err)
+			} else if !reflect.DeepEqual(*listenPort, tt.expect) {
+				t.Errorf("base.parseListenPorts() = %v, want %v", *listenPort, tt.expect)
+			}
+		})
+	}
+}
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -3,6 +3,7 @@ package models
 import (
 	"bytes"
 	"fmt"
+	"reflect"
 	"regexp"
 	"strings"
 	"time"
@@ -24,7 +25,6 @@ type ScanResult struct {
 	Family           string                `json:"family"`
 	Release          string                `json:"release"`
 	Container        Container             `json:"container"`
-	Image            Image                 `json:"image"`
 	Platform         Platform              `json:"platform"`
 	IPv4Addrs        []string              `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
 	IPv6Addrs        []string              `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast)
@@ -48,8 +48,9 @@ type ScanResult struct {
 	RunningKernel     Kernel                 `json:"runningKernel"`
 	Packages          Packages               `json:"packages"`
 	SrcPackages       SrcPackages            `json:",omitempty"`
-	WordPressPackages *WordPressPackages     `json:",omitempty"`
-	LibraryScanners   []LibraryScanner       `json:"libScanners"`
+	EnabledDnfModules []string               `json:"enabledDnfModules,omitempty"` // for dnf modules
+	WordPressPackages WordPressPackages      `json:",omitempty"`
+	LibraryScanners   LibraryScanners        `json:"libraries,omitempty"`
 	CweDict           CweDict                `json:"cweDict,omitempty"`
 	Optional          map[string]interface{} `json:",omitempty"`
 	Config            struct {
@@ -62,7 +63,7 @@ type ScanResult struct {
 type CweDict map[string]CweDictEntry

 // Get the name, url, top10URL for the specified cweID, lang
-func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string) {
+func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL, cweTop25Rank, cweTop25URL, sansTop25Rank, sansTop25URL string) {
 	cweNum := strings.TrimPrefix(cweID, "CWE-")
 	switch config.Conf.Lang {
 	case "ja":
@@ -70,6 +71,14 @@ func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string)
 			top10Rank = dict.OwaspTopTen2017
 			top10URL = cwe.OwaspTopTen2017GitHubURLJa[dict.OwaspTopTen2017]
 		}
+		if dict, ok := c[cweNum]; ok && dict.CweTopTwentyfive2019 != "" {
+			cweTop25Rank = dict.CweTopTwentyfive2019
+			cweTop25URL = cwe.CweTopTwentyfive2019URL
+		}
+		if dict, ok := c[cweNum]; ok && dict.SansTopTwentyfive != "" {
+			sansTop25Rank = dict.SansTopTwentyfive
+			sansTop25URL = cwe.SansTopTwentyfiveURL
+		}
 		if dict, ok := cwe.CweDictJa[cweNum]; ok {
 			name = dict.Name
 			url = fmt.Sprintf("http://jvndb.jvn.jp/ja/cwe/%s.html", cweID)
@@ -84,6 +93,14 @@ func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string)
 			top10Rank = dict.OwaspTopTen2017
 			top10URL = cwe.OwaspTopTen2017GitHubURLEn[dict.OwaspTopTen2017]
 		}
+		if dict, ok := c[cweNum]; ok && dict.CweTopTwentyfive2019 != "" {
+			cweTop25Rank = dict.CweTopTwentyfive2019
+			cweTop25URL = cwe.CweTopTwentyfive2019URL
+		}
+		if dict, ok := c[cweNum]; ok && dict.SansTopTwentyfive != "" {
+			sansTop25Rank = dict.SansTopTwentyfive
+			sansTop25URL = cwe.SansTopTwentyfiveURL
+		}
 		url = fmt.Sprintf("https://cwe.mitre.org/data/definitions/%s.html", cweID)
 		if dict, ok := cwe.CweDictEn[cweNum]; ok {
 			name = dict.Name
@@ -94,9 +111,11 @@ func (c CweDict) Get(cweID, lang string) (name, url, top10Rank, top10URL string)

 // CweDictEntry is a entry of CWE
 type CweDictEntry struct {
-	En              *cwe.Cwe `json:"en,omitempty"`
-	Ja              *cwe.Cwe `json:"ja,omitempty"`
-	OwaspTopTen2017 string   `json:"owaspTopTen2017"`
+	En                   *cwe.Cwe `json:"en,omitempty"`
+	Ja                   *cwe.Cwe `json:"ja,omitempty"`
+	OwaspTopTen2017      string   `json:"owaspTopTen2017"`
+	CweTopTwentyfive2019 string   `json:"cweTopTwentyfive2019"`
+	SansTopTwentyfive    string   `json:"sansTopTwentyfive"`
 }

 // Kernel has the Release, version and whether need restart
@@ -126,11 +145,12 @@ func (r ScanResult) FilterByCvssOver(over float64) ScanResult {

 // FilterIgnoreCves is filter function.
 func (r ScanResult) FilterIgnoreCves() ScanResult {
-
 	ignoreCves := []string{}
 	if len(r.Container.Name) == 0 {
+		//TODO pass by args
 		ignoreCves = config.Conf.Servers[r.ServerName].IgnoreCves
 	} else {
+		//TODO pass by args
 		if s, ok := config.Conf.Servers[r.ServerName]; ok {
 			if con, ok := s.Containers[r.Container.Name]; ok {
 				ignoreCves = con.IgnoreCves
@@ -157,8 +177,8 @@ func (r ScanResult) FilterIgnoreCves() ScanResult {
 }

 // FilterUnfixed is filter function.
-func (r ScanResult) FilterUnfixed() ScanResult {
-	if !config.Conf.IgnoreUnfixed {
+func (r ScanResult) FilterUnfixed(ignoreUnfixed bool) ScanResult {
+	if !ignoreUnfixed {
 		return r
 	}
 	filtered := r.ScannedCves.Find(func(v VulnInfo) bool {
@@ -178,8 +198,9 @@ func (r ScanResult) FilterUnfixed() ScanResult {

 // FilterIgnorePkgs is filter function.
 func (r ScanResult) FilterIgnorePkgs() ScanResult {
-	ignorePkgsRegexps := []string{}
+	var ignorePkgsRegexps []string
 	if len(r.Container.Name) == 0 {
+		//TODO pass by args
 		ignorePkgsRegexps = config.Conf.Servers[r.ServerName].IgnorePkgsRegexp
 	} else {
 		if s, ok := config.Conf.Servers[r.ServerName]; ok {
@@ -199,7 +220,7 @@ func (r ScanResult) FilterIgnorePkgs() ScanResult {
 	for _, pkgRegexp := range ignorePkgsRegexps {
 		re, err := regexp.Compile(pkgRegexp)
 		if err != nil {
-			util.Log.Errorf("Faild to parse %s. err: %+v", pkgRegexp, err)
+			util.Log.Errorf("Failed to parse %s. err: %+v", pkgRegexp, err)
 			continue
 		} else {
 			regexps = append(regexps, re)
@@ -232,8 +253,8 @@ func (r ScanResult) FilterIgnorePkgs() ScanResult {
 }

 // FilterInactiveWordPressLibs is filter function.
-func (r ScanResult) FilterInactiveWordPressLibs() ScanResult {
-	if !config.Conf.Servers[r.ServerName].WordPress.IgnoreInactive {
+func (r ScanResult) FilterInactiveWordPressLibs(detectInactive bool) ScanResult {
+	if detectInactive {
 		return r
 	}

@@ -255,7 +276,7 @@ func (r ScanResult) FilterInactiveWordPressLibs() ScanResult {
 	return r
 }

-// ReportFileName returns the filename on localhost without extention
+// ReportFileName returns the filename on localhost without extension
 func (r ScanResult) ReportFileName() (name string) {
 	if len(r.Container.ContainerID) == 0 {
 		return fmt.Sprintf("%s", r.ServerName)
@@ -263,7 +284,7 @@ func (r ScanResult) ReportFileName() (name string) {
 	return fmt.Sprintf("%s@%s", r.Container.Name, r.ServerName)
 }

-// ReportKeyName returns the name of key on S3, Azure-Blob without extention
+// ReportKeyName returns the name of key on S3, Azure-Blob without extension
 func (r ScanResult) ReportKeyName() (name string) {
 	timestr := r.ScannedAt.Format(time.RFC3339)
 	if len(r.Container.ContainerID) == 0 {
@@ -322,22 +343,30 @@ func (r ScanResult) FormatServerName() (name string) {
 	return
 }

-// FormatTextReportHeadedr returns header of text report
-func (r ScanResult) FormatTextReportHeadedr() string {
+// FormatTextReportHeader returns header of text report
+func (r ScanResult) FormatTextReportHeader() string {
 	var buf bytes.Buffer
 	for i := 0; i < len(r.ServerInfo()); i++ {
 		buf.WriteString("=")
 	}

-	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s\n",
+	pkgs := r.FormatUpdatablePacksSummary()
+	if 0 < len(r.WordPressPackages) {
+		pkgs = fmt.Sprintf("%s, %d WordPress pkgs", pkgs, len(r.WordPressPackages))
+	}
+	if 0 < len(r.LibraryScanners) {
+		pkgs = fmt.Sprintf("%s, %d libs", pkgs, r.LibraryScanners.Total())
+	}
+
+	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s, %s\n%s\n",
 		r.ServerInfo(),
 		buf.String(),
 		r.ScannedCves.FormatCveSummary(),
 		r.ScannedCves.FormatFixedStatus(r.Packages),
-		r.FormatUpdatablePacksSummary(),
 		r.FormatExploitCveSummary(),
+		r.FormatMetasploitCveSummary(),
 		r.FormatAlertSummary(),
-	)
+		pkgs)
 }

 // FormatUpdatablePacksSummary returns a summary of updatable packages
@@ -368,10 +397,21 @@ func (r ScanResult) FormatExploitCveSummary() string {
 			nExploitCve++
 		}
 	}
-	return fmt.Sprintf("%d exploits", nExploitCve)
+	return fmt.Sprintf("%d poc", nExploitCve)
 }

-// FormatAlertSummary returns a summary of XCERT alerts
+// FormatMetasploitCveSummary returns a summary of exploit cve
+func (r ScanResult) FormatMetasploitCveSummary() string {
+	nMetasploitCve := 0
+	for _, vuln := range r.ScannedCves {
+		if 0 < len(vuln.Metasploits) {
+			nMetasploitCve++
+		}
+	}
+	return fmt.Sprintf("%d exploits", nMetasploitCve)
+}
+
+// FormatAlertSummary returns a summary of CERT alerts
 func (r ScanResult) FormatAlertSummary() string {
 	jaCnt := 0
 	enCnt := 0
@@ -387,7 +427,12 @@ func (r ScanResult) FormatAlertSummary() string {
 }

 func (r ScanResult) isDisplayUpdatableNum() bool {
+	if r.Family == config.FreeBSD {
+		return false
+	}
+
 	var mode config.ScanMode
+	//TODO pass by args
 	s, _ := config.Conf.Servers[r.ServerName]
 	mode = s.Mode

@@ -417,18 +462,11 @@ func (r ScanResult) IsContainer() bool {
 	return 0 < len(r.Container.ContainerID)
 }

-// IsImage returns whether this ServerInfo is about container
-func (r ScanResult) IsImage() bool {
-	return 0 < len(r.Image.Name)
-}
-
 // IsDeepScanMode checks if the scan mode is deep scan mode.
 func (r ScanResult) IsDeepScanMode() bool {
 	for _, s := range r.Config.Scan.Servers {
-		for _, m := range s.ScanMode {
-			if m == "deep" {
-				return true
-			}
+		if ok := s.Mode.IsDeep(); ok {
+			return true
 		}
 	}
 	return false
@@ -443,14 +481,56 @@ type Container struct {
 	UUID        string `json:"uuid"`
 }

-// Image has Container information
-type Image struct {
-	Name string `json:"name"`
-	Tag  string `json:"tag"`
-}
-
 // Platform has platform information
 type Platform struct {
 	Name       string `json:"name"` // aws or azure or gcp or other...
 	InstanceID string `json:"instanceID"`
 }
+
+// RemoveRaspbianPackFromResult is for Raspberry Pi and removes the Raspberry Pi dedicated package from ScanResult.
+func (r ScanResult) RemoveRaspbianPackFromResult() ScanResult {
+	if r.Family != config.Raspbian {
+		return r
+	}
+
+	result := r
+	packs := make(Packages)
+	for _, pack := range r.Packages {
+		if !IsRaspbianPackage(pack.Name, pack.Version) {
+			packs[pack.Name] = pack
+		}
+	}
+	srcPacks := make(SrcPackages)
+	for _, pack := range r.SrcPackages {
+		if !IsRaspbianPackage(pack.Name, pack.Version) {
+			srcPacks[pack.Name] = pack
+
+		}
+	}
+
+	result.Packages = packs
+	result.SrcPackages = srcPacks
+
+	return result
+}
+
+// ClearFields clears a given fields of ScanResult
+func (r ScanResult) ClearFields(targetTagNames []string) ScanResult {
+	if len(targetTagNames) == 0 {
+		return r
+	}
+	target := map[string]bool{}
+	for _, n := range targetTagNames {
+		target[strings.ToLower(n)] = true
+	}
+	t := reflect.ValueOf(r).Type()
+	for i := 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+		jsonValue := strings.Split(f.Tag.Get("json"), ",")[0]
+		if ok := target[strings.ToLower(jsonValue)]; ok {
+			vv := reflect.New(f.Type).Elem().Interface()
+			reflect.ValueOf(&r).Elem().FieldByName(f.Name).Set(reflect.ValueOf(vv))
+		}
+	}
+	return r
+}
--- a/models/scanresults_test.go
+++ b/models/scanresults_test.go
@@ -27,7 +27,7 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0001",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         NvdXML,
+									Type:         Nvd,
 									CveID:        "CVE-2017-0001",
 									Cvss2Score:   7.1,
 									LastModified: time.Time{},
@@ -38,7 +38,7 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0002",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         NvdXML,
+									Type:         Nvd,
 									CveID:        "CVE-2017-0002",
 									Cvss2Score:   6.9,
 									LastModified: time.Time{},
@@ -49,7 +49,7 @@ func TestFilterByCvssOver(t *testing.T) {
 							CveID: "CVE-2017-0003",
 							CveContents: NewCveContents(
 								CveContent{
-									Type:         NvdXML,
+									Type:         Nvd,
 									CveID:        "CVE-2017-0003",
 									Cvss2Score:   6.9,
 									LastModified: time.Time{},
@@ -71,7 +71,7 @@ func TestFilterByCvssOver(t *testing.T) {
 						CveID: "CVE-2017-0001",
 						CveContents: NewCveContents(
 							CveContent{
-								Type:         NvdXML,
+								Type:         Nvd,
 								CveID:        "CVE-2017-0001",
 								Cvss2Score:   7.1,
 								LastModified: time.Time{},
@@ -82,7 +82,7 @@ func TestFilterByCvssOver(t *testing.T) {
 						CveID: "CVE-2017-0003",
 						CveContents: NewCveContents(
 							CveContent{
-								Type:         NvdXML,
+								Type:         Nvd,
 								CveID:        "CVE-2017-0003",
 								Cvss2Score:   6.9,
 								LastModified: time.Time{},
@@ -392,8 +392,7 @@ func TestFilterUnfixed(t *testing.T) {
 		},
 	}
 	for i, tt := range tests {
-		config.Conf.IgnoreUnfixed = true
-		actual := tt.in.FilterUnfixed()
+		actual := tt.in.FilterUnfixed(true)
 		if !reflect.DeepEqual(tt.out.ScannedCves, actual.ScannedCves) {
 			o := pp.Sprintf("%v", tt.out.ScannedCves)
 			a := pp.Sprintf("%v", actual.ScannedCves)
@@ -688,7 +687,7 @@ func TestIsDisplayUpdatableNum(t *testing.T) {
 		{
 			mode:     []byte{config.Fast},
 			family:   config.FreeBSD,
-			expected: true,
+			expected: false,
 		},
 		{
 			mode:     []byte{config.Fast},
--- a/models/utils.go
+++ b/models/utils.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package models

 import (
@@ -6,60 +8,18 @@ import (
 	cvedict "github.com/kotakanbe/go-cve-dictionary/models"
 )

-// ConvertNvdXMLToModel convert NVD to CveContent
-func ConvertNvdXMLToModel(cveID string, nvd *cvedict.NvdXML) *CveContent {
-	if nvd == nil {
-		return nil
-	}
-	var cpes []Cpe
-	for _, c := range nvd.Cpes {
-		cpes = append(cpes, Cpe{
-			FormattedString: c.FormattedString,
-			URI:             c.URI,
-		})
-	}
-
-	var refs []Reference
-	for _, r := range nvd.References {
-		refs = append(refs, Reference{
-			Link:   r.Link,
-			Source: r.Source,
-		})
-	}
-
-	cweIDs := []string{}
-	for _, cid := range nvd.Cwes {
-		cweIDs = append(cweIDs, cid.CweID)
-	}
-
-	return &CveContent{
-		Type:          Nvd,
-		CveID:         cveID,
-		Summary:       nvd.Summary,
-		Cvss2Score:    nvd.Cvss2.BaseScore,
-		Cvss2Vector:   nvd.Cvss2.VectorString,
-		Cvss2Severity: nvd.Cvss2.Severity,
-		SourceLink:    "https://nvd.nist.gov/vuln/detail/" + cveID,
-		// Cpes:          cpes,
-		CweIDs:       cweIDs,
-		References:   refs,
-		Published:    nvd.PublishedDate,
-		LastModified: nvd.LastModifiedDate,
-	}
-}
-
 // ConvertJvnToModel convert JVN to CveContent
 func ConvertJvnToModel(cveID string, jvn *cvedict.Jvn) *CveContent {
 	if jvn == nil {
 		return nil
 	}
-	var cpes []Cpe
-	for _, c := range jvn.Cpes {
-		cpes = append(cpes, Cpe{
-			FormattedString: c.FormattedString,
-			URI:             c.URI,
-		})
-	}
+	// var cpes = []Cpe{}
+	// for _, c := range jvn.Cpes {
+	// 	cpes = append(cpes, Cpe{
+	// 		FormattedString: c.FormattedString,
+	// 		URI:             c.URI,
+	// 	})
+	// }

 	refs := []Reference{}
 	for _, r := range jvn.References {
@@ -89,24 +49,45 @@ func ConvertJvnToModel(cveID string, jvn *cvedict.Jvn) *CveContent {
 }

 // ConvertNvdJSONToModel convert NVD to CveContent
-func ConvertNvdJSONToModel(cveID string, nvd *cvedict.NvdJSON) *CveContent {
+func ConvertNvdJSONToModel(cveID string, nvd *cvedict.NvdJSON) (*CveContent, []Exploit, []Mitigation) {
 	if nvd == nil {
-		return nil
-	}
-	var cpes []Cpe
-	for _, c := range nvd.Cpes {
-		cpes = append(cpes, Cpe{
-			FormattedString: c.FormattedString,
-			URI:             c.URI,
-		})
+		return nil, nil, nil
 	}
+	// var cpes = []Cpe{}
+	// for _, c := range nvd.Cpes {
+	// 	cpes = append(cpes, Cpe{
+	// 		FormattedString: c.FormattedString,
+	// 		URI:             c.URI,
+	// 	})
+	// }

-	var refs []Reference
+	refs := []Reference{}
+	exploits := []Exploit{}
+	mitigations := []Mitigation{}
 	for _, r := range nvd.References {
+		var tags []string
+		if 0 < len(r.Tags) {
+			tags = strings.Split(r.Tags, ",")
+		}
 		refs = append(refs, Reference{
 			Link:   r.Link,
 			Source: r.Source,
+			Tags:   tags,
 		})
+		if strings.Contains(r.Tags, "Exploit") {
+			exploits = append(exploits, Exploit{
+				//TODO Add const to here
+				// https://github.com/vulsio/go-exploitdb/blob/master/models/exploit.go#L13-L18
+				ExploitType: "nvd",
+				URL:         r.Link,
+			})
+		}
+		if strings.Contains(r.Tags, "Mitigation") {
+			mitigations = append(mitigations, Mitigation{
+				CveContentType: Nvd,
+				URL:            r.Link,
+			})
+		}
 	}

 	cweIDs := []string{}
@@ -135,5 +116,5 @@ func ConvertNvdJSONToModel(cveID string, nvd *cvedict.NvdJSON) *CveContent {
 		References:   refs,
 		Published:    nvd.PublishedDate,
 		LastModified: nvd.LastModifiedDate,
-	}
+	}, exploits, mitigations
 }
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -134,11 +134,12 @@ func (ps PackageFixStatuses) Sort() {
 	return
 }

-// PackageFixStatus has name and other status abount the package
+// PackageFixStatus has name and other status about the package
 type PackageFixStatus struct {
-	Name        string `json:"name"`
-	NotFixedYet bool   `json:"notFixedYet"`
-	FixState    string `json:"fixState"`
+	Name        string `json:"name,omitempty"`
+	NotFixedYet bool   `json:"notFixedYet,omitempty"`
+	FixState    string `json:"fixState,omitempty"`
+	FixedIn     string `json:"fixedIn,omitempty"`
 }

 // VulnInfo has a vulnerability information and unsecure packages
@@ -146,9 +147,11 @@ type VulnInfo struct {
 	CveID                string               `json:"cveID,omitempty"`
 	Confidences          Confidences          `json:"confidences,omitempty"`
 	AffectedPackages     PackageFixStatuses   `json:"affectedPackages,omitempty"`
-	DistroAdvisories     DistroAdvisories     `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
+	DistroAdvisories     DistroAdvisories     `json:"distroAdvisories,omitempty"` // for Amazon, RHEL, FreeBSD
 	CveContents          CveContents          `json:"cveContents,omitempty"`
 	Exploits             []Exploit            `json:"exploits,omitempty"`
+	Metasploits          []Metasploit         `json:"metasploits,omitempty"`
+	Mitigations          []Mitigation         `json:"mitigations,omitempty"`
 	AlertDict            AlertDict            `json:"alertDict,omitempty"`
 	CpeURIs              []string             `json:"cpeURIs,omitempty"` // CpeURIs related to this CVE defined in config.toml
 	GitHubSecurityAlerts GitHubSecurityAlerts `json:"gitHubSecurityAlerts,omitempty"`
@@ -158,7 +161,7 @@ type VulnInfo struct {
 	VulnType string `json:"vulnType,omitempty"`
 }

-// Alert has XCERT alert information
+// Alert has CERT alert information
 type Alert struct {
 	URL   string `json:"url,omitempty"`
 	Title string `json:"title,omitempty"`
@@ -199,6 +202,14 @@ type GitHubSecurityAlert struct {
 // LibraryFixedIns is a list of Library's FixedIn
 type LibraryFixedIns []LibraryFixedIn

+// Names return a slice of names
+func (lfs LibraryFixedIns) Names() (names []string) {
+	for _, lf := range lfs {
+		names = append(names, lf.Name)
+	}
+	return names
+}
+
 // WpPackageFixStats is a list of WpPackageFixStatus
 type WpPackageFixStats []WpPackageFixStatus

@@ -223,7 +234,7 @@ func (g WpPackages) Add(pkg WpPackage) WpPackages {
 	return append(g, pkg)
 }

-// Titles returns tilte (TUI)
+// Titles returns title (TUI)
 func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) {
 	if lang == "ja" {
 		if cont, found := v.CveContents[Jvn]; found && 0 < len(cont.Title) {
@@ -236,7 +247,7 @@ func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr) {
 		values = append(values, CveContentStr{RedHatAPI, cont.Title})
 	}

-	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order := CveContentTypes{Trivy, Nvd, NewCveContentType(myFamily)}
 	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
 	for _, ctype := range order {
 		// Only JVN has meaningful title. so return first 100 char of summary
@@ -276,7 +287,7 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
 		}
 	}

-	order := CveContentTypes{Nvd, NvdXML, NewCveContentType(myFamily)}
+	order := CveContentTypes{Trivy, NewCveContentType(myFamily), Nvd}
 	order = append(order, AllCveContetTypes.Except(append(order, Jvn)...)...)
 	for _, ctype := range order {
 		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Summary) {
@@ -295,7 +306,7 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
 		})
 	}

-	if v, ok := v.CveContents[WPVulnDB]; ok {
+	if v, ok := v.CveContents[WpScan]; ok {
 		values = append(values, CveContentStr{
 			Type:  "WPVDB",
 			Value: v.Title,
@@ -312,30 +323,9 @@ func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr) {
 	return
 }

-// Mitigations returns mitigations
-func (v VulnInfo) Mitigations(myFamily string) (values []CveContentStr) {
-	order := CveContentTypes{RedHatAPI}
-	for _, ctype := range order {
-		if cont, found := v.CveContents[ctype]; found && 0 < len(cont.Mitigation) {
-			values = append(values, CveContentStr{
-				Type:  ctype,
-				Value: cont.Mitigation,
-			})
-		}
-	}
-
-	if len(values) == 0 {
-		return []CveContentStr{{
-			Type:  Unknown,
-			Value: "-",
-		}}
-	}
-	return
-}
-
 // Cvss2Scores returns CVSS V2 Scores
 func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss) {
-	order := []CveContentType{Nvd, NvdXML, RedHatAPI, RedHat, Jvn}
+	order := []CveContentType{Nvd, RedHatAPI, RedHat, Jvn}
 	if myFamily != config.RedHat && myFamily != config.CentOS {
 		order = append(order, NewCveContentType(myFamily))
 	}
@@ -414,6 +404,18 @@ func (v VulnInfo) Cvss3Scores() (values []CveContentCvss) {
 			})
 		}
 	}
+
+	if cont, found := v.CveContents[Trivy]; found && cont.Cvss3Severity != "" {
+		values = append(values, CveContentCvss{
+			Type: Trivy,
+			Value: Cvss{
+				Type:     CVSS3,
+				Score:    severityToV2ScoreRoughly(cont.Cvss3Severity),
+				Severity: strings.ToUpper(cont.Cvss3Severity),
+			},
+		})
+	}
+
 	return
 }

@@ -461,7 +463,7 @@ func (v VulnInfo) MaxCvssScore() CveContentCvss {

 // MaxCvss2Score returns Max CVSS V2 Score
 func (v VulnInfo) MaxCvss2Score() CveContentCvss {
-	order := []CveContentType{Nvd, NvdXML, RedHat, RedHatAPI, Jvn}
+	order := []CveContentType{Nvd, RedHat, RedHatAPI, Jvn}
 	max := 0.0
 	value := CveContentCvss{
 		Type:  Unknown,
@@ -487,7 +489,7 @@ func (v VulnInfo) MaxCvss2Score() CveContentCvss {
 	}

 	// If CVSS score isn't on NVD, RedHat and JVN, use OVAL and advisory Severity.
-	// Convert severity to cvss srore roughly, then returns max severity.
+	// Convert severity to cvss score roughly, then returns max severity.
 	// Only Ubuntu, RedHat and Oracle have severity data in OVAL.
 	order = []CveContentType{Ubuntu, RedHat, Oracle}
 	for _, ctype := range order {
@@ -534,16 +536,17 @@ func (v VulnInfo) MaxCvss2Score() CveContentCvss {
 func (v VulnInfo) AttackVector() string {
 	for _, cnt := range v.CveContents {
 		if strings.HasPrefix(cnt.Cvss2Vector, "AV:N") ||
-			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:N") {
-			return "N"
+			strings.Contains(cnt.Cvss3Vector, "AV:N") {
+			return "AV:N"
 		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:A") ||
-			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:A") {
-			return "A"
+			strings.Contains(cnt.Cvss3Vector, "AV:A") {
+			return "AV:A"
 		} else if strings.HasPrefix(cnt.Cvss2Vector, "AV:L") ||
-			strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:L") {
-			return "L"
-		} else if strings.HasPrefix(cnt.Cvss3Vector, "CVSS:3.0/AV:P") {
-			return "P"
+			strings.Contains(cnt.Cvss3Vector, "AV:L") {
+			return "AV:L"
+		} else if strings.Contains(cnt.Cvss3Vector, "AV:P") {
+			// no AV:P in CVSS v2
+			return "AV:P"
 		}
 	}
 	if cont, found := v.CveContents[DebianSecurityTracker]; found {
@@ -565,6 +568,13 @@ func (v VulnInfo) PatchStatus(packs Packages) string {
 			return "unfixed"
 		}

+		// Fast and offline mode can not get the candidate version.
+		// Vuls can be considered as 'fixed' if not-fixed-yet==true and
+		// the fixed-in-version (information in the oval) is not an empty.
+		if p.FixedIn != "" {
+			continue
+		}
+
 		// fast, offline mode doesn't have new version
 		if pack, ok := packs[p.Name]; ok {
 			if pack.NewVersion == "" {
@@ -585,10 +595,10 @@ type CveContentCvss struct {
 type CvssType string

 const (
-	// CVSS2 means CVSS vesion2
+	// CVSS2 means CVSS version2
 	CVSS2 CvssType = "2"

-	// CVSS3 means CVSS vesion3
+	// CVSS3 means CVSS version3
 	CVSS3 CvssType = "3"
 )

@@ -615,15 +625,6 @@ func (c Cvss) Format() string {
 	return ""
 }

-func cvss2ScoreToSeverity(score float64) string {
-	if 7.0 <= score {
-		return "HIGH"
-	} else if 4.0 <= score {
-		return "MEDIUM"
-	}
-	return "LOW"
-}
-
 // Amazon Linux Security Advisory
 // Critical, Important, Medium, Low
 // https://alas.aws.amazon.com/
@@ -659,70 +660,6 @@ func (v VulnInfo) FormatMaxCvssScore() string {
 		max.Type)
 }

-// Cvss2CalcURL returns CVSS v2 caluclator's URL
-func (v VulnInfo) Cvss2CalcURL() string {
-	return "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=" + v.CveID
-}
-
-// Cvss3CalcURL returns CVSS v3 caluclator's URL
-func (v VulnInfo) Cvss3CalcURL() string {
-	return "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=" + v.CveID
-}
-
-// VendorLinks returns links of vendor support's URL
-func (v VulnInfo) VendorLinks(family string) map[string]string {
-	links := map[string]string{}
-	if strings.HasPrefix(v.CveID, "WPVDBID") {
-		links["WPVulnDB"] = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s",
-			strings.TrimPrefix(v.CveID, "WPVDBID-"))
-		return links
-	}
-
-	switch family {
-	case config.RedHat, config.CentOS:
-		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
-		for _, advisory := range v.DistroAdvisories {
-			aidURL := strings.Replace(advisory.AdvisoryID, ":", "-", -1)
-			links[advisory.AdvisoryID] = fmt.Sprintf("https://rhn.redhat.com/errata/%s.html", aidURL)
-		}
-		return links
-	case config.Oracle:
-		links["Oracle-CVE"] = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", v.CveID)
-		for _, advisory := range v.DistroAdvisories {
-			links[advisory.AdvisoryID] =
-				fmt.Sprintf("https://linux.oracle.com/errata/%s.html", advisory.AdvisoryID)
-		}
-		return links
-	case config.Amazon:
-		links["RHEL-CVE"] = "https://access.redhat.com/security/cve/" + v.CveID
-		for _, advisory := range v.DistroAdvisories {
-			if strings.HasPrefix(advisory.AdvisoryID, "ALAS2") {
-				links[advisory.AdvisoryID] =
-					fmt.Sprintf("https://alas.aws.amazon.com/AL2/%s.html",
-						strings.Replace(advisory.AdvisoryID, "ALAS2", "ALAS", -1))
-			} else {
-				links[advisory.AdvisoryID] =
-					fmt.Sprintf("https://alas.aws.amazon.com/%s.html", advisory.AdvisoryID)
-			}
-		}
-		return links
-	case config.Ubuntu:
-		links["Ubuntu-CVE"] = "http://people.ubuntu.com/~ubuntu-security/cve/" + v.CveID
-		return links
-	case config.Debian:
-		links["Debian-CVE"] = "https://security-tracker.debian.org/tracker/" + v.CveID
-	case config.SUSEEnterpriseServer:
-		links["SUSE-CVE"] = "https://www.suse.com/security/cve/" + v.CveID
-	case config.FreeBSD:
-		for _, advisory := range v.DistroAdvisories {
-			links["FreeBSD-VuXML"] = fmt.Sprintf("https://vuxml.freebsd.org/freebsd/%s.html", advisory.AdvisoryID)
-
-		}
-		return links
-	}
-	return links
-}
-
 // DistroAdvisories is a list of DistroAdvisory
 type DistroAdvisories []DistroAdvisory

@@ -771,7 +708,22 @@ type Exploit struct {
 	BinaryURL    *string                   `json:"binaryURL,omitempty"`
 }

-// AlertDict has target cve's JPCERT and USCERT alert data
+// Metasploit :
+type Metasploit struct {
+	Name        string   `json:"name"`
+	Title       string   `json:"title"`
+	Description string   `json:"description,omitempty"`
+	URLs        []string `json:",omitempty"`
+}
+
+// Mitigation has a link and content
+type Mitigation struct {
+	CveContentType CveContentType `json:"cveContentType,omitempty"`
+	Mitigation     string         `json:"mitigation,omitempty"`
+	URL            string         `json:"url,omitempty"`
+}
+
+// AlertDict has target cve JPCERT and USCERT alert data
 type AlertDict struct {
 	Ja []Alert `json:"ja"`
 	En []Alert `json:"en"`
@@ -792,7 +744,7 @@ func (a AlertDict) FormatSource() string {
 // Confidences is a list of Confidence
 type Confidences []Confidence

-// AppendIfMissing appends confidence to the list if missiong
+// AppendIfMissing appends confidence to the list if missing
 func (cs *Confidences) AppendIfMissing(confidence Confidence) {
 	for _, c := range *cs {
 		if c.DetectionMethod == confidence.DetectionMethod {
@@ -810,7 +762,7 @@ func (cs Confidences) SortByConfident() Confidences {
 	return cs
 }

-// Confidence is a ranking how confident the CVE-ID was deteted correctly
+// Confidence is a ranking how confident the CVE-ID was detected correctly
 // Score: 0 - 100
 type Confidence struct {
 	Score           int             `json:"score"`
@@ -846,6 +798,9 @@ const (
 	// DebianSecurityTrackerMatchStr is a String representation of DebianSecurityTrackerMatch
 	DebianSecurityTrackerMatchStr = "DebianSecurityTrackerMatch"

+	// TrivyMatchStr is a String representation of Trivy
+	TrivyMatchStr = "TrivyMatch"
+
 	// ChangelogExactMatchStr is a String representation of ChangelogExactMatch
 	ChangelogExactMatchStr = "ChangelogExactMatch"

@@ -855,8 +810,8 @@ const (
 	// GitHubMatchStr is a String representation of GitHubMatch
 	GitHubMatchStr = "GitHubMatch"

-	// WPVulnDBMatchStr is a String representation of WordPress VulnDB scanning
-	WPVulnDBMatchStr = "WPVulnDBMatch"
+	// WpScanMatchStr is a String representation of WordPress VulnDB scanning
+	WpScanMatchStr = "WpScanMatch"

 	// FailedToGetChangelog is a String representation of FailedToGetChangelog
 	FailedToGetChangelog = "FailedToGetChangelog"
@@ -866,33 +821,36 @@ const (
 )

 var (
-	// CpeNameMatch is a ranking how confident the CVE-ID was deteted correctly
+	// CpeNameMatch is a ranking how confident the CVE-ID was detected correctly
 	CpeNameMatch = Confidence{100, CpeNameMatchStr, 1}

-	// YumUpdateSecurityMatch is a ranking how confident the CVE-ID was deteted correctly
+	// YumUpdateSecurityMatch is a ranking how confident the CVE-ID was detected correctly
 	YumUpdateSecurityMatch = Confidence{100, YumUpdateSecurityMatchStr, 2}

-	// PkgAuditMatch is a ranking how confident the CVE-ID was deteted correctly
+	// PkgAuditMatch is a ranking how confident the CVE-ID was detected correctly
 	PkgAuditMatch = Confidence{100, PkgAuditMatchStr, 2}

-	// OvalMatch is a ranking how confident the CVE-ID was deteted correctly
+	// OvalMatch is a ranking how confident the CVE-ID was detected correctly
 	OvalMatch = Confidence{100, OvalMatchStr, 0}

-	// RedHatAPIMatch ranking how confident the CVE-ID was deteted correctly
+	// RedHatAPIMatch ranking how confident the CVE-ID was detected correctly
 	RedHatAPIMatch = Confidence{100, RedHatAPIStr, 0}

-	// DebianSecurityTrackerMatch ranking how confident the CVE-ID was deteted correctly
+	// DebianSecurityTrackerMatch ranking how confident the CVE-ID was detected correctly
 	DebianSecurityTrackerMatch = Confidence{100, DebianSecurityTrackerMatchStr, 0}

-	// ChangelogExactMatch is a ranking how confident the CVE-ID was deteted correctly
+	// TrivyMatch ranking how confident the CVE-ID was detected correctly
+	TrivyMatch = Confidence{100, TrivyMatchStr, 0}
+
+	// ChangelogExactMatch is a ranking how confident the CVE-ID was detected correctly
 	ChangelogExactMatch = Confidence{95, ChangelogExactMatchStr, 3}

-	// ChangelogLenientMatch is a ranking how confident the CVE-ID was deteted correctly
+	// ChangelogLenientMatch is a ranking how confident the CVE-ID was detected correctly
 	ChangelogLenientMatch = Confidence{50, ChangelogLenientMatchStr, 4}

-	// GitHubMatch is a ranking how confident the CVE-ID was deteted correctly
+	// GitHubMatch is a ranking how confident the CVE-ID was detected correctly
 	GitHubMatch = Confidence{97, GitHubMatchStr, 2}

-	// WPVulnDBMatch is a ranking how confident the CVE-ID was deteted correctly
-	WPVulnDBMatch = Confidence{100, WPVulnDBMatchStr, 0}
+	// WpScanMatch is a ranking how confident the CVE-ID was detected correctly
+	WpScanMatch = Confidence{100, WpScanMatchStr, 0}
 )
--- a/models/vulninfos_test.go
+++ b/models/vulninfos_test.go
@@ -28,10 +28,10 @@ func TestTitles(t *testing.T) {
 							Type:    RedHat,
 							Summary: "Summary RedHat",
 						},
-						NvdXML: {
-							Type:    NvdXML,
+						Nvd: {
+							Type:    Nvd,
 							Summary: "Summary NVD",
-							// Severity is NIOT included in NVD
+							// Severity is NOT included in NVD
 						},
 					},
 				},
@@ -42,7 +42,7 @@ func TestTitles(t *testing.T) {
 					Value: "Title1",
 				},
 				{
-					Type:  NvdXML,
+					Type:  Nvd,
 					Value: "Summary NVD",
 				},
 				{
@@ -65,17 +65,17 @@ func TestTitles(t *testing.T) {
 							Type:    RedHat,
 							Summary: "Summary RedHat",
 						},
-						NvdXML: {
-							Type:    NvdXML,
+						Nvd: {
+							Type:    Nvd,
 							Summary: "Summary NVD",
-							// Severity is NIOT included in NVD
+							// Severity is NOT included in NVD
 						},
 					},
 				},
 			},
 			out: []CveContentStr{
 				{
-					Type:  NvdXML,
+					Type:  Nvd,
 					Value: "Summary NVD",
 				},
 				{
@@ -130,10 +130,10 @@ func TestSummaries(t *testing.T) {
 							Type:    RedHat,
 							Summary: "Summary RedHat",
 						},
-						NvdXML: {
-							Type:    NvdXML,
+						Nvd: {
+							Type:    Nvd,
 							Summary: "Summary NVD",
-							// Severity is NIOT included in NVD
+							// Severity is NOT included in NVD
 						},
 					},
 				},
@@ -143,14 +143,14 @@ func TestSummaries(t *testing.T) {
 					Type:  Jvn,
 					Value: "Title JVN\nSummary JVN",
 				},
-				{
-					Type:  NvdXML,
-					Value: "Summary NVD",
-				},
 				{
 					Type:  RedHat,
 					Value: "Summary RedHat",
 				},
+				{
+					Type:  Nvd,
+					Value: "Summary NVD",
+				},
 			},
 		},
 		// lang: en
@@ -168,23 +168,23 @@ func TestSummaries(t *testing.T) {
 							Type:    RedHat,
 							Summary: "Summary RedHat",
 						},
-						NvdXML: {
-							Type:    NvdXML,
+						Nvd: {
+							Type:    Nvd,
 							Summary: "Summary NVD",
-							// Severity is NIOT included in NVD
+							// Severity is NOT included in NVD
 						},
 					},
 				},
 			},
 			out: []CveContentStr{
-				{
-					Type:  NvdXML,
-					Value: "Summary NVD",
-				},
 				{
 					Type:  RedHat,
 					Value: "Summary RedHat",
 				},
+				{
+					Type:  Nvd,
+					Value: "Summary NVD",
+				},
 			},
 		},
 		// lang: empty
@@ -219,8 +219,8 @@ func TestCountGroupBySeverity(t *testing.T) {
 				"CVE-2017-0002": {
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -232,8 +232,8 @@ func TestCountGroupBySeverity(t *testing.T) {
 				"CVE-2017-0003": {
 					CveID: "CVE-2017-0003",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 2.0,
 						},
 					},
@@ -241,8 +241,8 @@ func TestCountGroupBySeverity(t *testing.T) {
 				"CVE-2017-0004": {
 					CveID: "CVE-2017-0004",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 5.0,
 						},
 					},
@@ -280,8 +280,8 @@ func TestToSortedSlice(t *testing.T) {
 				"CVE-2017-0002": {
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -293,8 +293,8 @@ func TestToSortedSlice(t *testing.T) {
 				"CVE-2017-0001": {
 					CveID: "CVE-2017-0001",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 7.0,
 						},
 						RedHat: {
@@ -308,8 +308,8 @@ func TestToSortedSlice(t *testing.T) {
 				{
 					CveID: "CVE-2017-0001",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 7.0,
 						},
 						RedHat: {
@@ -321,8 +321,8 @@ func TestToSortedSlice(t *testing.T) {
 				{
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -339,8 +339,8 @@ func TestToSortedSlice(t *testing.T) {
 				"CVE-2017-0002": {
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -372,8 +372,8 @@ func TestToSortedSlice(t *testing.T) {
 				{
 					CveID: "CVE-2017-0002",
 					CveContents: CveContents{
-						NvdXML: {
-							Type:       NvdXML,
+						Nvd: {
+							Type:       Nvd,
 							Cvss2Score: 6.0,
 						},
 						RedHat: {
@@ -456,8 +456,8 @@ func TestCvss2Scores(t *testing.T) {
 						Cvss2Score:    8.0,
 						Cvss2Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 					},
-					NvdXML: {
-						Type:          NvdXML,
+					Nvd: {
+						Type:          Nvd,
 						Cvss2Score:    8.1,
 						Cvss2Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 						Cvss2Severity: "HIGH",
@@ -466,7 +466,7 @@ func TestCvss2Scores(t *testing.T) {
 			},
 			out: []CveContentCvss{
 				{
-					Type: NvdXML,
+					Type: Nvd,
 					Value: Cvss{
 						Type:     CVSS2,
 						Score:    8.1,
@@ -528,11 +528,11 @@ func TestMaxCvss2Scores(t *testing.T) {
 						Cvss2Score:    8.0,
 						Cvss2Vector:   "AV:N/AC:L/Au:N/C:N/I:N/A:P",
 					},
-					NvdXML: {
-						Type:        NvdXML,
+					Nvd: {
+						Type:        Nvd,
 						Cvss2Score:  8.1,
 						Cvss2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
-						// Severity is NIOT included in NVD
+						// Severity is NOT included in NVD
 					},
 				},
 			},
@@ -602,8 +602,8 @@ func TestCvss3Scores(t *testing.T) {
 						Cvss3Score:    8.0,
 						Cvss3Vector:   "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 					},
-					NvdXML: {
-						Type:          NvdXML,
+					Nvd: {
+						Type:          Nvd,
 						Cvss2Score:    8.1,
 						Cvss2Vector:   "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 						Cvss2Severity: "HIGH",
@@ -611,6 +611,13 @@ func TestCvss3Scores(t *testing.T) {
 				},
 			},
 			out: []CveContentCvss{
+				{
+					Type: Nvd,
+					Value: Cvss{
+						Type:  CVSS3,
+						Score: 0.0,
+					},
+				},
 				{
 					Type: RedHat,
 					Value: Cvss{
@@ -692,8 +699,8 @@ func TestMaxCvssScores(t *testing.T) {
 		{
 			in: VulnInfo{
 				CveContents: CveContents{
-					NvdXML: {
-						Type:       NvdXML,
+					Nvd: {
+						Type:       Nvd,
 						Cvss3Score: 7.0,
 					},
 					RedHat: {
@@ -755,15 +762,15 @@ func TestMaxCvssScores(t *testing.T) {
 						Type:          Ubuntu,
 						Cvss2Severity: "MEDIUM",
 					},
-					NvdXML: {
-						Type:          NvdXML,
+					Nvd: {
+						Type:          Nvd,
 						Cvss2Score:    7.0,
 						Cvss2Severity: "HIGH",
 					},
 				},
 			},
 			out: CveContentCvss{
-				Type: NvdXML,
+				Type: Nvd,
 				Value: Cvss{
 					Type:     CVSS2,
 					Score:    7.0,
@@ -798,8 +805,8 @@ func TestMaxCvssScores(t *testing.T) {
 						Type:          Ubuntu,
 						Cvss2Severity: "MEDIUM",
 					},
-					NvdXML: {
-						Type:          NvdXML,
+					Nvd: {
+						Type:          Nvd,
 						Cvss2Score:    4.0,
 						Cvss2Severity: "MEDIUM",
 					},
@@ -811,7 +818,7 @@ func TestMaxCvssScores(t *testing.T) {
 				},
 			},
 			out: CveContentCvss{
-				Type: NvdXML,
+				Type: Nvd,
 				Value: Cvss{
 					Type:     CVSS2,
 					Score:    4,
@@ -857,10 +864,10 @@ func TestFormatMaxCvssScore(t *testing.T) {
 						Cvss2Severity: "HIGH",
 						Cvss3Score:    8.0,
 					},
-					NvdXML: {
-						Type:       NvdXML,
+					Nvd: {
+						Type:       Nvd,
 						Cvss2Score: 8.1,
-						// Severity is NIOT included in NVD
+						// Severity is NOT included in NVD
 					},
 				},
 			},
@@ -881,8 +888,8 @@ func TestFormatMaxCvssScore(t *testing.T) {
 						Cvss3Severity: "HIGH",
 						Cvss3Score:    9.9,
 					},
-					NvdXML: {
-						Type:       NvdXML,
+					Nvd: {
+						Type:       Nvd,
 						Cvss2Score: 8.1,
 					},
 				},
@@ -922,7 +929,7 @@ func TestSortPackageStatues(t *testing.T) {
 	}
 }

-func TestStorePackageStatueses(t *testing.T) {
+func TestStorePackageStatuses(t *testing.T) {
 	var tests = []struct {
 		pkgstats PackageFixStatuses
 		in       PackageFixStatus
@@ -985,7 +992,7 @@ func TestAppendIfMissing(t *testing.T) {
 	}
 }

-func TestSortByConfiden(t *testing.T) {
+func TestSortByConfident(t *testing.T) {
 	var tests = []struct {
 		in  Confidences
 		out Confidences
@@ -1080,3 +1087,86 @@ func TestDistroAdvisories_AppendIfMissing(t *testing.T) {
 		})
 	}
 }
+
+func TestVulnInfo_AttackVector(t *testing.T) {
+	type fields struct {
+		CveContents CveContents
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   string
+	}{
+		{
+			name: "2.0:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+		{
+			name: "2.0:A",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:A/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:A",
+		},
+		{
+			name: "2.0:L",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+					},
+				),
+			},
+			want: "AV:L",
+		},
+
+		{
+			name: "3.0:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss3Vector: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+		{
+			name: "3.1:N",
+			fields: fields{
+				CveContents: NewCveContents(
+					CveContent{
+						Type:        "foo",
+						Cvss3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+					},
+				),
+			},
+			want: "AV:N",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			v := VulnInfo{
+				CveContents: tt.fields.CveContents,
+			}
+			if got := v.AttackVector(); got != tt.want {
+				t.Errorf("VulnInfo.AttackVector() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/msf/empty.go
+++ b/msf/empty.go
@@ -0,0 +1 @@
+package msf
--- a/msf/msf.go
+++ b/msf/msf.go
@@ -0,0 +1,75 @@
+// +build !scanner
+
+package msf
+
+import (
+	"fmt"
+	"net/http"
+
+	cnf "github.com/future-architect/vuls/config"
+	"github.com/future-architect/vuls/models"
+	"github.com/parnurzeal/gorequest"
+	"github.com/takuzoo3868/go-msfdb/db"
+	metasploitmodels "github.com/takuzoo3868/go-msfdb/models"
+	"golang.org/x/xerrors"
+)
+
+// FillWithMetasploit fills metasploit module information that has in module
+func FillWithMetasploit(driver db.DB, r *models.ScanResult) (nMetasploitCve int, err error) {
+	if driver == nil {
+		return 0, nil
+	}
+	for cveID, vuln := range r.ScannedCves {
+		if cveID == "" {
+			continue
+		}
+		ms := driver.GetModuleByCveID(cveID)
+		if len(ms) == 0 {
+			continue
+		}
+		modules := ConvertToModels(ms)
+		vuln.Metasploits = modules
+		r.ScannedCves[cveID] = vuln
+		nMetasploitCve++
+	}
+
+	return nMetasploitCve, nil
+}
+
+// ConvertToModels converts gost model to vuls model
+func ConvertToModels(ms []*metasploitmodels.Metasploit) (modules []models.Metasploit) {
+	for _, m := range ms {
+		var links []string
+		if 0 < len(m.References) {
+			for _, u := range m.References {
+				links = append(links, u.Link)
+			}
+		}
+		module := models.Metasploit{
+			Name:        m.Name,
+			Title:       m.Title,
+			Description: m.Description,
+			URLs:        links,
+		}
+		modules = append(modules, module)
+	}
+	return modules
+}
+
+// CheckHTTPHealth do health check
+func CheckHTTPHealth() error {
+	if !cnf.Conf.Metasploit.IsFetchViaHTTP() {
+		return nil
+	}
+
+	url := fmt.Sprintf("%s/health", cnf.Conf.Metasploit.URL)
+	var errs []error
+	var resp *http.Response
+	resp, _, errs = gorequest.New().Get(url).End()
+	//  resp, _, errs = gorequest.New().SetDebug(config.Conf.Debug).Get(url).End()
+	//  resp, _, errs = gorequest.New().Proxy(api.httpProxy).Get(url).End()
+	if 0 < len(errs) || resp == nil || resp.StatusCode != 200 {
+		return xerrors.Errorf("Failed to connect to metasploit server. url: %s, errs: %w", url, errs)
+	}
+	return nil
+}
--- a/oval/alpine.go
+++ b/oval/alpine.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package oval

 import (
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -1,7 +1,10 @@
+// +build !scanner
+
 package oval

 import (
 	"fmt"
+	"strings"

 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
@@ -37,22 +40,39 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
 				defPacks.def.Debian.CveID)
 			cveContents = models.CveContents{}
 		}
-		vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+		if r.Family != config.Raspbian {
+			vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+		} else {
+			if len(vinfo.Confidences) == 0 {
+				vinfo.Confidences.AppendIfMissing(models.OvalMatch)
+			}
+		}
 		cveContents[ctype] = ovalContent
 		vinfo.CveContents = cveContents
 	}

-	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
+	// uniq(vinfo.PackNames + defPacks.binpkgStat)
 	for _, pack := range vinfo.AffectedPackages {
-		defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+		defPacks.binpkgFixstat[pack.Name] = fixStat{
+			notFixedYet: pack.NotFixedYet,
+			fixedIn:     pack.FixedIn,
+			isSrcPack:   false,
+		}
 	}

-	// update notFixedYet of SrcPackage
-	for binName := range defPacks.actuallyAffectedPackNames {
+	// Update package status of source packages.
+	// In the case of Debian based Linux, sometimes source package name is defined as affected package in OVAL.
+	// To display binary package name showed in apt-get, need to convert source name to binary name.
+	for binName := range defPacks.binpkgFixstat {
 		if srcPack, ok := r.SrcPackages.FindByBinName(binName); ok {
 			for _, p := range defPacks.def.AffectedPacks {
 				if p.Name == srcPack.Name {
-					defPacks.actuallyAffectedPackNames[binName] = p.NotFixedYet
+					defPacks.binpkgFixstat[binName] = fixStat{
+						notFixedYet: p.NotFixedYet,
+						fixedIn:     p.Version,
+						isSrcPack:   true,
+						srcPackName: srcPack.Name,
+					}
 				}
 			}
 		}
@@ -64,7 +84,7 @@ func (o DebianBase) update(r *models.ScanResult, defPacks defPacks) {
 }

 func (o DebianBase) convertToModel(def *ovalmodels.Definition) *models.CveContent {
-	var refs []models.Reference
+	refs := []models.Reference{}
 	for _, r := range def.References {
 		refs = append(refs, models.Reference{
 			Link:   r.RefURL,
@@ -120,12 +140,28 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err

 	var relatedDefs ovalResult
 	if config.Conf.OvalDict.IsFetchViaHTTP() {
-		if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
-			return 0, err
+		if r.Family != config.Raspbian {
+			if relatedDefs, err = getDefsByPackNameViaHTTP(r); err != nil {
+				return 0, err
+			}
+		} else {
+			// OVAL does not support Package for Raspbian, so skip it.
+			result := r.RemoveRaspbianPackFromResult()
+			if relatedDefs, err = getDefsByPackNameViaHTTP(&result); err != nil {
+				return 0, err
+			}
 		}
 	} else {
-		if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
-			return 0, err
+		if r.Family != config.Raspbian {
+			if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, r); err != nil {
+				return 0, err
+			}
+		} else {
+			// OVAL does not support Package for Raspbian, so skip it.
+			result := r.RemoveRaspbianPackFromResult()
+			if relatedDefs, err = getDefsByPackNameFromOvalDB(driver, &result); err != nil {
+				return 0, err
+			}
 		}
 	}

@@ -134,9 +170,9 @@ func (o Debian) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 	for _, defPacks := range relatedDefs.entries {
 		// Remove "linux" added above for oval search
 		// linux is not a real package name (key of affected packages in OVAL)
-		if notFixedYet, ok := defPacks.actuallyAffectedPackNames["linux"]; ok {
-			defPacks.actuallyAffectedPackNames[linuxImage] = notFixedYet
-			delete(defPacks.actuallyAffectedPackNames, "linux")
+		if notFixedYet, ok := defPacks.binpkgFixstat["linux"]; ok {
+			defPacks.binpkgFixstat[linuxImage] = notFixedYet
+			delete(defPacks.binpkgFixstat, "linux")
 			for i, p := range defPacks.def.AffectedPacks {
 				if p.Name == "linux" {
 					p.Name = linuxImage
@@ -175,64 +211,138 @@ func NewUbuntu() Ubuntu {

 // FillWithOval returns scan result after updating CVE info by OVAL
 func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err error) {
-	switch major(r.Release) {
+	switch util.Major(r.Release) {
 	case "14":
 		kernelNamesInOval := []string{
-			"linux",
 			"linux-aws",
 			"linux-azure",
-			"linux-firmware",
-			"linux-lts-utopic",
-			"linux-lts-vivid",
-			"linux-lts-wily",
 			"linux-lts-xenial",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-azure",
+			"linux-meta-lts-xenial",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-lts-xenial",
+			"linux",
 		}
 		return o.fillWithOval(driver, r, kernelNamesInOval)
 	case "16":
 		kernelNamesInOval := []string{
-			"linux-image-aws",
-			"linux-image-aws-hwe",
-			"linux-image-azure",
-			"linux-image-extra-virtual",
-			"linux-image-extra-virtual-lts-utopic",
-			"linux-image-extra-virtual-lts-vivid",
-			"linux-image-extra-virtual-lts-wily",
-			"linux-image-extra-virtual-lts-xenial",
-			"linux-image-gcp",
-			"linux-image-generic-lpae",
-			"linux-image-generic-lpae-hwe-16.04",
-			"linux-image-generic-lpae-lts-utopic",
-			"linux-image-generic-lpae-lts-vivid",
-			"linux-image-generic-lpae-lts-wily",
-			"linux-image-generic-lpae-lts-xenial",
-			"linux-image-generic-lts-utopic",
-			"linux-image-generic-lts-vivid",
-			"linux-image-generic-lts-wily",
-			"linux-image-generic-lts-xenial",
-			"linux-image-gke",
-			"linux-image-hwe-generic-trusty",
-			"linux-image-hwe-virtual-trusty",
-			"linux-image-kvm",
-			"linux-image-lowlatency",
-			"linux-image-lowlatency-lts-utopic",
-			"linux-image-lowlatency-lts-vivid",
-			"linux-image-lowlatency-lts-wily",
+			"linux-aws",
+			"linux-aws-hwe",
+			"linux-azure",
+			"linux-euclid",
+			"linux-flo",
+			"linux-gcp",
+			"linux-gke",
+			"linux-goldfish",
+			"linux-hwe",
+			"linux-kvm",
+			"linux-mako",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-aws-hwe",
+			"linux-meta-azure",
+			"linux-meta-gcp",
+			"linux-meta-hwe",
+			"linux-meta-kvm",
+			"linux-meta-oracle",
+			"linux-meta-raspi2",
+			"linux-meta-snapdragon",
+			"linux-oem",
+			"linux-oracle",
+			"linux-raspi2",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-gcp",
+			"linux-signed-hwe",
+			"linux-signed-oracle",
+			"linux-snapdragon",
+			"linux",
 		}
 		return o.fillWithOval(driver, r, kernelNamesInOval)
 	case "18":
 		kernelNamesInOval := []string{
-			"linux-image-aws",
-			"linux-image-azure",
-			"linux-image-extra-virtual",
-			"linux-image-gcp",
-			"linux-image-generic-lpae",
-			"linux-image-kvm",
-			"linux-image-lowlatency",
-			"linux-image-oem",
-			"linux-image-oracle",
-			"linux-image-raspi2",
-			"linux-image-snapdragon",
-			"linux-image-virtual",
+			"linux-aws",
+			"linux-aws-5.0",
+			"linux-azure",
+			"linux-gcp",
+			"linux-gcp-5.3",
+			"linux-gke-4.15",
+			"linux-gke-5.0",
+			"linux-gke-5.3",
+			"linux-hwe",
+			"linux-kvm",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-aws-5.0",
+			"linux-meta-azure",
+			"linux-meta-gcp",
+			"linux-meta-gcp-5.3",
+			"linux-meta-gke-4.15",
+			"linux-meta-gke-5.0",
+			"linux-meta-gke-5.3",
+			"linux-meta-hwe",
+			"linux-meta-kvm",
+			"linux-meta-oem",
+			"linux-meta-oem-osp1",
+			"linux-meta-oracle",
+			"linux-meta-oracle-5.0",
+			"linux-meta-oracle-5.3",
+			"linux-meta-raspi2",
+			"linux-meta-raspi2-5.3",
+			"linux-meta-snapdragon",
+			"linux-oem",
+			"linux-oem-osp1",
+			"linux-oracle",
+			"linux-oracle-5.0",
+			"linux-oracle-5.3",
+			"linux-raspi2",
+			"linux-raspi2-5.3",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-gcp",
+			"linux-signed-gcp-5.3",
+			"linux-signed-gke-4.15",
+			"linux-signed-gke-5.0",
+			"linux-signed-gke-5.3",
+			"linux-signed-hwe",
+			"linux-signed-oem",
+			"linux-signed-oem-osp1",
+			"linux-signed-oracle",
+			"linux-signed-oracle-5.0",
+			"linux-signed-oracle-5.3",
+			"linux-snapdragon",
+			"linux",
+		}
+		return o.fillWithOval(driver, r, kernelNamesInOval)
+	case "20":
+		kernelNamesInOval := []string{
+			"linux-aws",
+			"linux-azure",
+			"linux-gcp",
+			"linux-kvm",
+			"linux-meta",
+			"linux-meta-aws",
+			"linux-meta-azure",
+			"linux-meta-gcp",
+			"linux-meta-kvm",
+			"linux-meta-oem-5.6",
+			"linux-meta-oracle",
+			"linux-meta-raspi",
+			"linux-meta-riscv",
+			"linux-oem-5.6",
+			"linux-oracle",
+			"linux-raspi",
+			"linux-raspi2",
+			"linux-riscv",
+			"linux-signed",
+			"linux-signed-azure",
+			"linux-signed-gcp",
+			"linux-signed-oem-5.6",
+			"linux-signed-oracle",
+			"linux",
 		}
 		return o.fillWithOval(driver, r, kernelNamesInOval)
 	}
@@ -240,18 +350,18 @@ func (o Ubuntu) FillWithOval(driver db.DB, r *models.ScanResult) (nCVEs int, err
 }

 func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOval []string) (nCVEs int, err error) {
-	// kernel names in OVAL except for linux-image-generic
 	linuxImage := "linux-image-" + r.RunningKernel.Release
 	runningKernelVersion := ""
 	kernelPkgInOVAL := ""
-	isOVALKernelPkgAdded := true
+	isOVALKernelPkgAdded := false
 	unusedKernels := []models.Package{}
+	copiedSourcePkgs := models.SrcPackages{}

 	if r.Container.ContainerID == "" {
 		if v, ok := r.Packages[linuxImage]; ok {
 			runningKernelVersion = v.Version
 		} else {
-			util.Log.Warnf("Unable to detect vulns of running kernel because the version of the runnning kernel is unknown. server: %s",
+			util.Log.Warnf("Unable to detect vulns of running kernel because the version of the running kernel is unknown. server: %s",
 				r.ServerName)
 		}

@@ -270,17 +380,31 @@ func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOv
 			}
 		}

-		if kernelPkgInOVAL == "" {
-			if r.Release == "14" {
-				kernelPkgInOVAL = "linux"
-			} else if _, ok := r.Packages["linux-image-generic"]; !ok {
-				util.Log.Warnf("The OVAL name of the running kernel image %s is not found. So vulns of linux-image-generic wll be detected. server: %s",
-					r.RunningKernel.Version, r.ServerName)
-				kernelPkgInOVAL = "linux-image-generic"
-			} else {
-				isOVALKernelPkgAdded = false
+		// Remove linux-* in order to detect only vulnerabilities in the running kernel.
+		for n := range r.Packages {
+			if n != kernelPkgInOVAL && strings.HasPrefix(n, "linux-") {
+				unusedKernels = append(unusedKernels, r.Packages[n])
+				delete(r.Packages, n)
 			}
 		}
+		for srcPackName, srcPack := range r.SrcPackages {
+			copiedSourcePkgs[srcPackName] = srcPack
+			targetBinaryNames := []string{}
+			for _, n := range srcPack.BinaryNames {
+				if n == kernelPkgInOVAL || !strings.HasPrefix(n, "linux-") {
+					targetBinaryNames = append(targetBinaryNames, n)
+				}
+			}
+			srcPack.BinaryNames = targetBinaryNames
+			r.SrcPackages[srcPackName] = srcPack
+		}
+
+		if kernelPkgInOVAL == "" {
+			util.Log.Warnf("The OVAL name of the running kernel image %+v is not found. So vulns of `linux` wll be detected. server: %s",
+				r.RunningKernel, r.ServerName)
+			kernelPkgInOVAL = "linux"
+			isOVALKernelPkgAdded = true
+		}

 		if runningKernelVersion != "" {
 			r.Packages[kernelPkgInOVAL] = models.Package{
@@ -307,13 +431,14 @@ func (o Ubuntu) fillWithOval(driver db.DB, r *models.ScanResult, kernelNamesInOv
 	for _, p := range unusedKernels {
 		r.Packages[p.Name] = p
 	}
+	r.SrcPackages = copiedSourcePkgs

 	for _, defPacks := range relatedDefs.entries {
-		// Remove "linux" added above to search for oval
+		// Remove "linux" added above for searching oval
 		// "linux" is not a real package name (key of affected packages in OVAL)
-		if nfy, ok := defPacks.actuallyAffectedPackNames[kernelPkgInOVAL]; isOVALKernelPkgAdded && ok {
-			defPacks.actuallyAffectedPackNames[linuxImage] = nfy
-			delete(defPacks.actuallyAffectedPackNames, kernelPkgInOVAL)
+		if nfy, ok := defPacks.binpkgFixstat[kernelPkgInOVAL]; isOVALKernelPkgAdded && ok {
+			defPacks.binpkgFixstat[linuxImage] = nfy
+			delete(defPacks.binpkgFixstat, kernelPkgInOVAL)
 			for i, p := range defPacks.def.AffectedPacks {
 				if p.Name == kernelPkgInOVAL {
 					p.Name = linuxImage
--- a/oval/debian_test.go
+++ b/oval/debian_test.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package oval

 import (
@@ -33,8 +35,11 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 						CveID: "CVE-2000-1000",
 					},
 				},
-				actuallyAffectedPackNames: map[string]bool{
-					"packB": true,
+				binpkgFixstat: map[string]fixStat{
+					"packB": {
+						notFixedYet: true,
+						fixedIn:     "1.0.0",
+					},
 				},
 			},
 			out: models.ScanResult{
@@ -42,7 +47,7 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 					"CVE-2000-1000": models.VulnInfo{
 						AffectedPackages: models.PackageFixStatuses{
 							{Name: "packA"},
-							{Name: "packB", NotFixedYet: true},
+							{Name: "packB", NotFixedYet: true, FixedIn: "1.0.0"},
 							{Name: "packC"},
 						},
 					},
@@ -57,7 +62,7 @@ func TestPackNamesOfUpdateDebian(t *testing.T) {
 		e := tt.out.ScannedCves["CVE-2000-1000"].AffectedPackages
 		a := tt.in.ScannedCves["CVE-2000-1000"].AffectedPackages
 		if !reflect.DeepEqual(a, e) {
-			t.Errorf("[%d] expected: %v\n  actual: %v\n", i, e, a)
+			t.Errorf("[%d] expected: %#v\n  actual: %#v\n", i, e, a)
 		}
 	}
 }
--- a/oval/empty.go
+++ b/oval/empty.go
@@ -0,0 +1 @@
+package oval
--- a/oval/oval.go
+++ b/oval/oval.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package oval

 import (
@@ -65,7 +67,7 @@ func (b Base) CheckIfOvalFetched(driver db.DB, osFamily, release string) (fetche
 	}
 	count := 0
 	if err := json.Unmarshal([]byte(body), &count); err != nil {
-		return false, xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
+		return false, xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
 	}
 	return 0 < count, nil
 }
@@ -83,7 +85,7 @@ func (b Base) CheckIfOvalFresh(driver db.DB, osFamily, release string) (ok bool,
 		}

 		if err := json.Unmarshal([]byte(body), &lastModified); err != nil {
-			return false, xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
+			return false, xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
 		}
 	}

--- a/oval/redhat.go
+++ b/oval/redhat.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package oval

 import (
@@ -100,7 +102,7 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)
 			cveContents := vinfo.CveContents
 			if v, ok := vinfo.CveContents[ctype]; ok {
 				if v.LastModified.After(ovalContent.LastModified) {
-					util.Log.Debugf("%s, OvalID: %d ignroed: ",
+					util.Log.Debugf("%s, OvalID: %d ignored: ",
 						cve.CveID, defPacks.def.ID)
 				} else {
 					util.Log.Debugf("%s OVAL will be overwritten", cve.CveID)
@@ -120,10 +122,16 @@ func (o RedHatBase) update(r *models.ScanResult, defPacks defPacks) (nCVEs int)

 		// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
 		for _, pack := range vinfo.AffectedPackages {
-			if nfy, ok := defPacks.actuallyAffectedPackNames[pack.Name]; !ok {
-				defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
-			} else if nfy {
-				defPacks.actuallyAffectedPackNames[pack.Name] = true
+			if stat, ok := defPacks.binpkgFixstat[pack.Name]; !ok {
+				defPacks.binpkgFixstat[pack.Name] = fixStat{
+					notFixedYet: pack.NotFixedYet,
+					fixedIn:     pack.FixedIn,
+				}
+			} else if stat.notFixedYet {
+				defPacks.binpkgFixstat[pack.Name] = fixStat{
+					notFixedYet: true,
+					fixedIn:     pack.FixedIn,
+				}
 			}
 		}
 		vinfo.AffectedPackages = defPacks.toPackStatuses()
@@ -219,12 +227,17 @@ func (o RedHatBase) parseCvss2(scoreVector string) (score float64, vector string
 // 5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
 func (o RedHatBase) parseCvss3(scoreVector string) (score float64, vector string) {
 	var err error
-	ss := strings.Split(scoreVector, "/CVSS:3.0/")
-	if 1 < len(ss) {
-		if score, err = strconv.ParseFloat(ss[0], 64); err != nil {
-			return 0, ""
+	for _, s := range []string{
+		"/CVSS:3.0/",
+		"/CVSS:3.1/",
+	} {
+		ss := strings.Split(scoreVector, s)
+		if 1 < len(ss) {
+			if score, err = strconv.ParseFloat(ss[0], 64); err != nil {
+				return 0, ""
+			}
+			return score, strings.TrimPrefix(s, "/") + ss[1]
 		}
-		return score, fmt.Sprintf("CVSS:3.0/%s", ss[1])
 	}
 	return 0, ""
 }
--- a/oval/redhat_test.go
+++ b/oval/redhat_test.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package oval

 import (
@@ -59,6 +61,13 @@ func TestParseCvss3(t *testing.T) {
 				vector: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
 			},
 		},
+		{
+			in: "6.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+			out: out{
+				score:  6.1,
+				vector: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+			},
+		},
 		{
 			in: "",
 			out: out{
@@ -103,8 +112,11 @@ func TestPackNamesOfUpdate(t *testing.T) {
 						},
 					},
 				},
-				actuallyAffectedPackNames: map[string]bool{
-					"packB": true,
+				binpkgFixstat: map[string]fixStat{
+					"packB": {
+						notFixedYet: true,
+						fixedIn:     "1.0.0",
+					},
 				},
 			},
 			out: models.ScanResult{
--- a/oval/suse.go
+++ b/oval/suse.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package oval

 import (
@@ -75,7 +77,10 @@ func (o SUSE) update(r *models.ScanResult, defPacks defPacks) {

 	// uniq(vinfo.PackNames + defPacks.actuallyAffectedPackNames)
 	for _, pack := range vinfo.AffectedPackages {
-		defPacks.actuallyAffectedPackNames[pack.Name] = pack.NotFixedYet
+		defPacks.binpkgFixstat[pack.Name] = fixStat{
+			notFixedYet: pack.NotFixedYet,
+			fixedIn:     pack.FixedIn,
+		}
 	}
 	vinfo.AffectedPackages = defPacks.toPackStatuses()
 	vinfo.AffectedPackages.Sort()
@@ -83,7 +88,7 @@ func (o SUSE) update(r *models.ScanResult, defPacks defPacks) {
 }

 func (o SUSE) convertToModel(def *ovalmodels.Definition) *models.CveContent {
-	var refs []models.Reference
+	refs := []models.Reference{}
 	for _, r := range def.References {
 		refs = append(refs, models.Reference{
 			Link:   r.RefURL,
--- a/oval/util.go
+++ b/oval/util.go
@@ -1,16 +1,18 @@
+// +build !scanner
+
 package oval

 import (
 	"encoding/json"
 	"net/http"
 	"regexp"
-	"strings"
 	"time"

 	"github.com/cenkalti/backoff"
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
+	apkver "github.com/knqyf263/go-apk-version"
 	debver "github.com/knqyf263/go-deb-version"
 	rpmver "github.com/knqyf263/go-rpm-version"
 	"github.com/kotakanbe/goval-dictionary/db"
@@ -27,32 +29,42 @@ type defPacks struct {
 	def ovalmodels.Definition

 	// BinaryPackageName : NotFixedYet
-	actuallyAffectedPackNames map[string]bool
+	binpkgFixstat map[string]fixStat
+}
+
+type fixStat struct {
+	notFixedYet bool
+	fixedIn     string
+	isSrcPack   bool
+	srcPackName string
 }

 func (e defPacks) toPackStatuses() (ps models.PackageFixStatuses) {
-	for name, notFixedYet := range e.actuallyAffectedPackNames {
+	for name, stat := range e.binpkgFixstat {
 		ps = append(ps, models.PackageFixStatus{
 			Name:        name,
-			NotFixedYet: notFixedYet,
+			NotFixedYet: stat.notFixedYet,
+			FixedIn:     stat.fixedIn,
 		})
 	}
 	return
 }

-func (e *ovalResult) upsert(def ovalmodels.Definition, packName string, notFixedYet bool) (upserted bool) {
+func (e *ovalResult) upsert(def ovalmodels.Definition, packName string, fstat fixStat) (upserted bool) {
 	// alpine's entry is empty since Alpine secdb is not OVAL format
 	if def.DefinitionID != "" {
 		for i, entry := range e.entries {
 			if entry.def.DefinitionID == def.DefinitionID {
-				e.entries[i].actuallyAffectedPackNames[packName] = notFixedYet
+				e.entries[i].binpkgFixstat[packName] = fstat
 				return true
 			}
 		}
 	}
 	e.entries = append(e.entries, defPacks{
-		def:                       def,
-		actuallyAffectedPackNames: map[string]bool{packName: notFixedYet},
+		def: def,
+		binpkgFixstat: map[string]fixStat{
+			packName: fstat,
+		},
 	})

 	return false
@@ -65,6 +77,7 @@ type request struct {
 	arch              string
 	binaryPackNames   []string
 	isSrcPack         bool
+	modularityLabel   string // RHEL 8 or later only
 }

 type response struct {
@@ -134,17 +147,27 @@ func getDefsByPackNameViaHTTP(r *models.ScanResult) (
 		select {
 		case res := <-resChan:
 			for _, def := range res.defs {
-				affected, notFixedYet := isOvalDefAffected(def, res.request, r.Family, r.RunningKernel)
+				affected, notFixedYet, fixedIn := isOvalDefAffected(def, res.request, r.Family, r.RunningKernel, r.EnabledDnfModules)
 				if !affected {
 					continue
 				}

 				if res.request.isSrcPack {
 					for _, n := range res.request.binaryPackNames {
-						relatedDefs.upsert(def, n, false)
+						fs := fixStat{
+							srcPackName: res.request.packName,
+							isSrcPack:   true,
+							notFixedYet: notFixedYet,
+							fixedIn:     fixedIn,
+						}
+						relatedDefs.upsert(def, n, fs)
 					}
 				} else {
-					relatedDefs.upsert(def, res.request.packName, notFixedYet)
+					fs := fixStat{
+						notFixedYet: notFixedYet,
+						fixedIn:     fixedIn,
+					}
+					relatedDefs.upsert(def, res.request.packName, fs)
 				}
 			}
 		case err := <-errChan:
@@ -191,7 +214,7 @@ func httpGet(url string, req request, resChan chan<- response, errChan chan<- er

 	defs := []ovalmodels.Definition{}
 	if err := json.Unmarshal([]byte(body), &defs); err != nil {
-		errChan <- xerrors.Errorf("Failed to Unmarshall. body: %s, err: %w", body, err)
+		errChan <- xerrors.Errorf("Failed to Unmarshal. body: %s, err: %w", body, err)
 		return
 	}
 	resChan <- response{
@@ -227,46 +250,60 @@ func getDefsByPackNameFromOvalDB(driver db.DB, r *models.ScanResult) (relatedDef
 			return relatedDefs, xerrors.Errorf("Failed to get %s OVAL info by package: %#v, err: %w", r.Family, req, err)
 		}
 		for _, def := range definitions {
-			affected, notFixedYet := isOvalDefAffected(def, req, r.Family, r.RunningKernel)
+			affected, notFixedYet, fixedIn := isOvalDefAffected(def, req, r.Family, r.RunningKernel, r.EnabledDnfModules)
 			if !affected {
 				continue
 			}

 			if req.isSrcPack {
-				for _, n := range req.binaryPackNames {
-					relatedDefs.upsert(def, n, false)
+				for _, binName := range req.binaryPackNames {
+					fs := fixStat{
+						notFixedYet: false,
+						isSrcPack:   true,
+						fixedIn:     fixedIn,
+						srcPackName: req.packName,
+					}
+					relatedDefs.upsert(def, binName, fs)
 				}
 			} else {
-				relatedDefs.upsert(def, req.packName, notFixedYet)
+				fs := fixStat{
+					notFixedYet: notFixedYet,
+					fixedIn:     fixedIn,
+				}
+				relatedDefs.upsert(def, req.packName, fs)
 			}
 		}
 	}
 	return
 }

-func major(version string) string {
-	ss := strings.SplitN(version, ":", 2)
-	ver := ""
-	if len(ss) == 1 {
-		ver = ss[0]
-	} else {
-		ver = ss[1]
-	}
-	return ver[0:strings.Index(ver, ".")]
-}
-
-func isOvalDefAffected(def ovalmodels.Definition, req request, family string, running models.Kernel) (affected, notFixedYet bool) {
+func isOvalDefAffected(def ovalmodels.Definition, req request, family string, running models.Kernel, enabledMods []string) (affected, notFixedYet bool, fixedIn string) {
 	for _, ovalPack := range def.AffectedPacks {
 		if req.packName != ovalPack.Name {
 			continue
 		}

+		isModularityLabelEmptyOrSame := false
+		if ovalPack.ModularityLabel != "" {
+			for _, mod := range enabledMods {
+				if mod == ovalPack.ModularityLabel {
+					isModularityLabelEmptyOrSame = true
+					break
+				}
+			}
+		} else {
+			isModularityLabelEmptyOrSame = true
+		}
+		if !isModularityLabelEmptyOrSame {
+			continue
+		}
+
 		if running.Release != "" {
 			switch family {
 			case config.RedHat, config.CentOS:
 				// For kernel related packages, ignore OVAL information with different major versions
 				if _, ok := kernelRelatedPackNames[ovalPack.Name]; ok {
-					if major(ovalPack.Version) != major(running.Release) {
+					if util.Major(ovalPack.Version) != util.Major(running.Release) {
 						continue
 					}
 				}
@@ -274,7 +311,7 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family string, ru
 		}

 		if ovalPack.NotFixedYet {
-			return true, true
+			return true, true, ovalPack.Version
 		}

 		// Compare between the installed version vs the version in OVAL
@@ -282,29 +319,35 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family string, ru
 		if err != nil {
 			util.Log.Debugf("Failed to parse versions: %s, Ver: %#v, OVAL: %#v, DefID: %s",
 				err, req.versionRelease, ovalPack, def.DefinitionID)
-			return false, false
+			return false, false, ovalPack.Version
 		}
 		if less {
+			if req.isSrcPack {
+				// Unable to judge whether fixed or not-fixed of src package(Ubuntu, Debian)
+				return true, false, ovalPack.Version
+			}
+
 			// If the version of installed is less than in OVAL
 			switch family {
 			case config.RedHat,
 				config.Amazon,
 				config.SUSEEnterpriseServer,
 				config.Debian,
-				config.Ubuntu:
+				config.Ubuntu,
+				config.Raspbian:
 				// Use fixed state in OVAL for these distros.
-				return true, false
+				return true, false, ovalPack.Version
 			}

 			// But CentOS can't judge whether fixed or unfixed.
-			// Because fixed state in RHEL's OVAL is different.
+			// Because fixed state in RHEL OVAL is different.
 			// So, it have to be judged version comparison.

 			// `offline` or `fast` scan mode can't get a updatable version.
 			// In these mode, the blow field was set empty.
 			// Vuls can not judge fixed or unfixed.
 			if req.newVersionRelease == "" {
-				return true, false
+				return true, false, ovalPack.Version
 			}

 			// compare version: newVer vs oval
@@ -312,26 +355,35 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family string, ru
 			if err != nil {
 				util.Log.Debugf("Failed to parse versions: %s, NewVer: %#v, OVAL: %#v, DefID: %s",
 					err, req.newVersionRelease, ovalPack, def.DefinitionID)
-				return false, false
+				return false, false, ovalPack.Version
 			}
-			return true, less
+			return true, less, ovalPack.Version
 		}
 	}
-	return false, false
+	return false, false, ""
 }

-var centosVerPattern = regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`)
-var esVerPattern = regexp.MustCompile(`\.el(\d+)(?:_\d+)?`)
-
-func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, error) {
+func lessThan(family, newVer string, packInOVAL ovalmodels.Package) (bool, error) {
 	switch family {
 	case config.Debian,
-		config.Ubuntu:
-		vera, err := debver.NewVersion(versionRelease)
+		config.Ubuntu,
+		config.Raspbian:
+		vera, err := debver.NewVersion(newVer)
 		if err != nil {
 			return false, err
 		}
-		verb, err := debver.NewVersion(packB.Version)
+		verb, err := debver.NewVersion(packInOVAL.Version)
+		if err != nil {
+			return false, err
+		}
+		return vera.LessThan(verb), nil
+
+	case config.Alpine:
+		vera, err := apkver.NewVersion(newVer)
+		if err != nil {
+			return false, err
+		}
+		verb, err := apkver.NewVersion(packInOVAL.Version)
 		if err != nil {
 			return false, err
 		}
@@ -339,16 +391,15 @@ func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, er

 	case config.Oracle,
 		config.SUSEEnterpriseServer,
-		config.Alpine,
 		config.Amazon:
-		vera := rpmver.NewVersion(versionRelease)
-		verb := rpmver.NewVersion(packB.Version)
+		vera := rpmver.NewVersion(newVer)
+		verb := rpmver.NewVersion(packInOVAL.Version)
 		return vera.LessThan(verb), nil

 	case config.RedHat,
 		config.CentOS:
-		vera := rpmver.NewVersion(centosVerPattern.ReplaceAllString(versionRelease, ".el$1"))
-		verb := rpmver.NewVersion(esVerPattern.ReplaceAllString(packB.Version, ".el$1"))
+		vera := rpmver.NewVersion(centOSVersionToRHEL(newVer))
+		verb := rpmver.NewVersion(packInOVAL.Version)
 		return vera.LessThan(verb), nil

 	default:
@@ -356,3 +407,9 @@ func lessThan(family, versionRelease string, packB ovalmodels.Package) (bool, er
 	}
 	return false, xerrors.Errorf("Package version comparison not supported: %s", family)
 }
+
+var centosVerPattern = regexp.MustCompile(`\.[es]l(\d+)(?:_\d+)?(?:\.centos)?`)
+
+func centOSVersionToRHEL(ver string) string {
+	return centosVerPattern.ReplaceAllString(ver, ".el$1")
+}
--- a/oval/util_test.go
+++ b/oval/util_test.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package oval

 import (
@@ -12,12 +14,12 @@ import (

 func TestUpsert(t *testing.T) {
 	var tests = []struct {
-		res         ovalResult
-		def         ovalmodels.Definition
-		packName    string
-		notFixedYet bool
-		upserted    bool
-		out         ovalResult
+		res      ovalResult
+		def      ovalmodels.Definition
+		packName string
+		fixStat  fixStat
+		upsert   bool
+		out      ovalResult
 	}{
 		//insert
 		{
@@ -25,17 +27,23 @@ func TestUpsert(t *testing.T) {
 			def: ovalmodels.Definition{
 				DefinitionID: "1111",
 			},
-			packName:    "pack1",
-			notFixedYet: true,
-			upserted:    false,
+			packName: "pack1",
+			fixStat: fixStat{
+				notFixedYet: true,
+				fixedIn:     "1.0.0",
+			},
+			upsert: false,
 			out: ovalResult{
 				[]defPacks{
 					{
 						def: ovalmodels.Definition{
 							DefinitionID: "1111",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack1": true,
+						binpkgFixstat: map[string]fixStat{
+							"pack1": {
+								notFixedYet: true,
+								fixedIn:     "1.0.0",
+							},
 						},
 					},
 				},
@@ -49,16 +57,22 @@ func TestUpsert(t *testing.T) {
 						def: ovalmodels.Definition{
 							DefinitionID: "1111",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack1": true,
+						binpkgFixstat: map[string]fixStat{
+							"pack1": {
+								notFixedYet: true,
+								fixedIn:     "1.0.0",
+							},
 						},
 					},
 					{
 						def: ovalmodels.Definition{
 							DefinitionID: "2222",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack3": true,
+						binpkgFixstat: map[string]fixStat{
+							"pack3": {
+								notFixedYet: true,
+								fixedIn:     "2.0.0",
+							},
 						},
 					},
 				},
@@ -66,26 +80,38 @@ func TestUpsert(t *testing.T) {
 			def: ovalmodels.Definition{
 				DefinitionID: "1111",
 			},
-			packName:    "pack2",
-			notFixedYet: false,
-			upserted:    true,
+			packName: "pack2",
+			fixStat: fixStat{
+				notFixedYet: false,
+				fixedIn:     "3.0.0",
+			},
+			upsert: true,
 			out: ovalResult{
 				[]defPacks{
 					{
 						def: ovalmodels.Definition{
 							DefinitionID: "1111",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack1": true,
-							"pack2": false,
+						binpkgFixstat: map[string]fixStat{
+							"pack1": {
+								notFixedYet: true,
+								fixedIn:     "1.0.0",
+							},
+							"pack2": {
+								notFixedYet: false,
+								fixedIn:     "3.0.0",
+							},
 						},
 					},
 					{
 						def: ovalmodels.Definition{
 							DefinitionID: "2222",
 						},
-						actuallyAffectedPackNames: map[string]bool{
-							"pack3": true,
+						binpkgFixstat: map[string]fixStat{
+							"pack3": {
+								notFixedYet: true,
+								fixedIn:     "2.0.0",
+							},
 						},
 					},
 				},
@@ -93,9 +119,9 @@ func TestUpsert(t *testing.T) {
 		},
 	}
 	for i, tt := range tests {
-		upserted := tt.res.upsert(tt.def, tt.packName, tt.notFixedYet)
-		if tt.upserted != upserted {
-			t.Errorf("[%d]\nexpected: %t\n  actual: %t\n", i, tt.upserted, upserted)
+		upsert := tt.res.upsert(tt.def, tt.packName, tt.fixStat)
+		if tt.upsert != upsert {
+			t.Errorf("[%d]\nexpected: %t\n  actual: %t\n", i, tt.upsert, upsert)
 		}
 		if !reflect.DeepEqual(tt.out, tt.res) {
 			t.Errorf("[%d]\nexpected: %v\n  actual: %v\n", i, tt.out, tt.res)
@@ -121,17 +147,27 @@ func TestDefpacksToPackStatuses(t *testing.T) {
 							{
 								Name:        "a",
 								NotFixedYet: true,
+								Version:     "1.0.0",
 							},
 							{
 								Name:        "b",
 								NotFixedYet: false,
+								Version:     "2.0.0",
 							},
 						},
 					},
-					actuallyAffectedPackNames: map[string]bool{
-						"a": true,
-						"b": true,
-						"c": true,
+					binpkgFixstat: map[string]fixStat{
+						"a": {
+							notFixedYet: true,
+							fixedIn:     "1.0.0",
+							isSrcPack:   false,
+						},
+						"b": {
+							notFixedYet: true,
+							fixedIn:     "1.0.0",
+							isSrcPack:   true,
+							srcPackName: "lib-b",
+						},
 					},
 				},
 			},
@@ -139,14 +175,12 @@ func TestDefpacksToPackStatuses(t *testing.T) {
 				{
 					Name:        "a",
 					NotFixedYet: true,
+					FixedIn:     "1.0.0",
 				},
 				{
 					Name:        "b",
 					NotFixedYet: true,
-				},
-				{
-					Name:        "c",
-					NotFixedYet: true,
+					FixedIn:     "1.0.0",
 				},
 			},
 		},
@@ -168,11 +202,13 @@ func TestIsOvalDefAffected(t *testing.T) {
 		req    request
 		family string
 		kernel models.Kernel
+		mods   []string
 	}
 	var tests = []struct {
 		in          in
 		affected    bool
 		notFixedYet bool
+		fixedIn     string
 	}{
 		// 0. Ubuntu ovalpack.NotFixedYet == true
 		{
@@ -187,6 +223,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 						{
 							Name:        "b",
 							NotFixedYet: true,
+							Version:     "1.0.0",
 						},
 					},
 				},
@@ -196,6 +233,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: true,
+			fixedIn:     "1.0.0",
 		},
 		// 1. Ubuntu
 		//   ovalpack.NotFixedYet == false
@@ -226,6 +264,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "1.0.0-1",
 		},
 		// 2. Ubuntu
 		//   ovalpack.NotFixedYet == false
@@ -285,6 +324,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 				},
 			},
 			affected:    true,
+			fixedIn:     "1.0.0-3",
 			notFixedYet: false,
 		},
 		// 4. Ubuntu
@@ -318,6 +358,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "1.0.0-2",
 		},
 		// 5 RedHat
 		{
@@ -345,6 +386,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 6 RedHat
 		{
@@ -372,6 +414,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 7 RedHat
 		{
@@ -451,6 +494,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 10 RedHat
 		{
@@ -478,6 +522,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 11 RedHat
 		{
@@ -504,6 +549,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 12 RedHat
 		{
@@ -583,6 +629,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 15
 		{
@@ -662,6 +709,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: true,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 18
 		{
@@ -689,6 +737,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 19
 		{
@@ -716,6 +765,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		// 20
 		{
@@ -794,6 +844,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		{
 			in: in{
@@ -870,6 +921,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: true,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		{
 			in: in{
@@ -896,6 +948,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		{
 			in: in{
@@ -922,6 +975,7 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "0:1.2.3-45.el6_7.8",
 		},
 		{
 			in: in{
@@ -1021,37 +1075,128 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected:    true,
 			notFixedYet: false,
+			fixedIn:     "3.1.0",
+		},
+		// dnf module
+		{
+			in: in{
+				family: config.RedHat,
+				def: ovalmodels.Definition{
+					AffectedPacks: []ovalmodels.Package{
+						{
+							Name:            "nginx",
+							Version:         "1.16.1-1.module+el8.3.0+8844+e5e7039f.1",
+							NotFixedYet:     false,
+							ModularityLabel: "nginx:1.16",
+						},
+					},
+				},
+				req: request{
+					packName:       "nginx",
+					versionRelease: "1.16.0-1.module+el8.3.0+8844+e5e7039f.1",
+				},
+				mods: []string{
+					"nginx:1.16",
+				},
+			},
+			affected:    true,
+			notFixedYet: false,
+			fixedIn:     "1.16.1-1.module+el8.3.0+8844+e5e7039f.1",
+		},
+		// dnf module 2
+		{
+			in: in{
+				family: config.RedHat,
+				def: ovalmodels.Definition{
+					AffectedPacks: []ovalmodels.Package{
+						{
+							Name:            "nginx",
+							Version:         "1.16.1-1.module+el8.3.0+8844+e5e7039f.1",
+							NotFixedYet:     false,
+							ModularityLabel: "nginx:1.16",
+						},
+					},
+				},
+				req: request{
+					packName:       "nginx",
+					versionRelease: "1.16.2-1.module+el8.3.0+8844+e5e7039f.1",
+				},
+				mods: []string{
+					"nginx:1.16",
+				},
+			},
+			affected:    false,
+			notFixedYet: false,
+		},
+		// dnf module 3
+		{
+			in: in{
+				family: config.RedHat,
+				def: ovalmodels.Definition{
+					AffectedPacks: []ovalmodels.Package{
+						{
+							Name:            "nginx",
+							Version:         "1.16.1-1.module+el8.3.0+8844+e5e7039f.1",
+							NotFixedYet:     false,
+							ModularityLabel: "nginx:1.16",
+						},
+					},
+				},
+				req: request{
+					packName:       "nginx",
+					versionRelease: "1.16.0-1.module+el8.3.0+8844+e5e7039f.1",
+				},
+				mods: []string{
+					"nginx:1.14",
+				},
+			},
+			affected:    false,
+			notFixedYet: false,
 		},
 	}
 	for i, tt := range tests {
-		affected, notFixedYet := isOvalDefAffected(tt.in.def, tt.in.req, tt.in.family, tt.in.kernel)
+		affected, notFixedYet, fixedIn := isOvalDefAffected(tt.in.def, tt.in.req, tt.in.family, tt.in.kernel, tt.in.mods)
 		if tt.affected != affected {
 			t.Errorf("[%d] affected\nexpected: %v\n  actual: %v\n", i, tt.affected, affected)
 		}
 		if tt.notFixedYet != notFixedYet {
 			t.Errorf("[%d] notfixedyet\nexpected: %v\n  actual: %v\n", i, tt.notFixedYet, notFixedYet)
 		}
-	}
-}
-
-func TestMajor(t *testing.T) {
-	var tests = []struct {
-		in       string
-		expected string
-	}{
-		{
-			in:       "4.1",
-			expected: "4",
-		},
-		{
-			in:       "0:4.1",
-			expected: "4",
-		},
-	}
-	for i, tt := range tests {
-		a := major(tt.in)
-		if tt.expected != a {
-			t.Errorf("[%d]\nexpected: %s\n  actual: %s\n", i, tt.expected, a)
+		if tt.fixedIn != fixedIn {
+			t.Errorf("[%d] fixedIn\nexpected: %v\n  actual: %v\n", i, tt.fixedIn, fixedIn)
 		}
 	}
 }
+
+func Test_centOSVersionToRHEL(t *testing.T) {
+	type args struct {
+		ver string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "remove centos.",
+			args: args{
+				ver: "grub2-tools-2.02-0.80.el7.centos.x86_64",
+			},
+			want: "grub2-tools-2.02-0.80.el7.x86_64",
+		},
+		{
+			name: "noop",
+			args: args{
+				ver: "grub2-tools-2.02-0.80.el7.x86_64",
+			},
+			want: "grub2-tools-2.02-0.80.el7.x86_64",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := centOSVersionToRHEL(tt.args.ver); got != tt.want {
+				t.Errorf("centOSVersionToRHEL() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/report/cve_client.go
+++ b/report/cve_client.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package report

 import (
--- a/report/db_client.go
+++ b/report/db_client.go
@@ -1,3 +1,5 @@
+// +build !scanner
+
 package report

 import (
@@ -9,24 +11,27 @@ import (
 	cvedb "github.com/kotakanbe/go-cve-dictionary/db"
 	ovaldb "github.com/kotakanbe/goval-dictionary/db"
 	exploitdb "github.com/mozqnet/go-exploitdb/db"
+	metasploitdb "github.com/takuzoo3868/go-msfdb/db"
 	"golang.org/x/xerrors"
 )

-// DBClient is a dictionarie's db client for reporting
+// DBClient is DB client for reporting
 type DBClient struct {
-	CveDB     cvedb.DB
-	OvalDB    ovaldb.DB
-	GostDB    gostdb.DB
-	ExploitDB exploitdb.DB
+	CveDB        cvedb.DB
+	OvalDB       ovaldb.DB
+	GostDB       gostdb.DB
+	ExploitDB    exploitdb.DB
+	MetasploitDB metasploitdb.DB
 }

 // DBClientConf has a configuration of Vulnerability DBs
 type DBClientConf struct {
-	CveDictCnf  config.GoCveDictConf
-	OvalDictCnf config.GovalDictConf
-	GostCnf     config.GostConf
-	ExploitCnf  config.ExploitConf
-	DebugSQL    bool
+	CveDictCnf    config.GoCveDictConf
+	OvalDictCnf   config.GovalDictConf
+	GostCnf       config.GostConf
+	ExploitCnf    config.ExploitConf
+	MetasploitCnf config.MetasploitConf
+	DebugSQL      bool
 }

 // NewDBClient returns db clients
@@ -66,11 +71,21 @@ func NewDBClient(cnf DBClientConf) (dbclient *DBClient, locked bool, err error)
 			cnf.ExploitCnf.SQLite3Path, err)
 	}

+	metasploitdb, locked, err := NewMetasploitDB(cnf)
+	if locked {
+		return nil, true, xerrors.Errorf("metasploitDB is locked: %s",
+			cnf.MetasploitCnf.SQLite3Path)
+	} else if err != nil {
+		util.Log.Warnf("Unable to use metasploitDB: %s, err: %s",
+			cnf.MetasploitCnf.SQLite3Path, err)
+	}
+
 	return &DBClient{
-		CveDB:     cveDriver,
-		OvalDB:    ovaldb,
-		GostDB:    gostdb,
-		ExploitDB: exploitdb,
+		CveDB:        cveDriver,
+		OvalDB:       ovaldb,
+		GostDB:       gostdb,
+		ExploitDB:    exploitdb,
+		MetasploitDB: metasploitdb,
 	}, false, nil
 }

@@ -177,6 +192,32 @@ func NewExploitDB(cnf DBClientConf) (driver exploitdb.DB, locked bool, err error
 	return driver, false, nil
 }

+// NewMetasploitDB returns db client for Metasploit
+func NewMetasploitDB(cnf DBClientConf) (driver metasploitdb.DB, locked bool, err error) {
+	if config.Conf.Metasploit.IsFetchViaHTTP() {
+		return nil, false, nil
+	}
+	path := cnf.MetasploitCnf.URL
+	if cnf.MetasploitCnf.Type == "sqlite3" {
+		path = cnf.MetasploitCnf.SQLite3Path
+
+		if _, err := os.Stat(path); os.IsNotExist(err) {
+			util.Log.Warnf("--msfdb-path=%s file not found. Fetch go-msfdb before reporting if you want to display metasploit modules of detected CVE-IDs. For details, see `https://github.com/takuzoo3868/go-msfdb`", path)
+			return nil, false, nil
+		}
+	}
+
+	util.Log.Debugf("Open metasploit db (%s): %s", cnf.MetasploitCnf.Type, path)
+	if driver, locked, err = metasploitdb.NewDB(cnf.MetasploitCnf.Type, path, cnf.DebugSQL, false); err != nil {
+		if locked {
+			util.Log.Errorf("metasploitDB is locked. err: %+v", err)
+			return nil, true, err
+		}
+		return nil, false, err
+	}
+	return driver, false, nil
+}
+
 // CloseDB close dbs
 func (d DBClient) CloseDB() {
 	if d.CveDB != nil {
--- a/report/email.go
+++ b/report/email.go
@@ -1,13 +1,15 @@
 package report

 import (
+	"crypto/tls"
 	"fmt"
 	"net"
 	"net/mail"
-	"net/smtp"
 	"strings"
 	"time"

+	sasl "github.com/emersion/go-sasl"
+	smtp "github.com/emersion/go-smtp"
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/models"
 	"golang.org/x/xerrors"
@@ -20,7 +22,6 @@ func (w EMailWriter) Write(rs ...models.ScanResult) (err error) {
 	conf := config.Conf
 	var message string
 	sender := NewEMailSender()
-
 	m := map[string]int{}
 	for _, r := range rs {
 		if conf.FormatOneEMail {
@@ -54,14 +55,15 @@ func (w EMailWriter) Write(rs ...models.ScanResult) (err error) {
 			}
 		}
 	}
-	summary := ""
+	var summary string
 	if config.Conf.IgnoreUnscoredCves {
 		summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d)",
 			m["High"]+m["Medium"]+m["Low"], m["High"], m["Medium"], m["Low"])
+	} else {
+		summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d ?:%d)",
+			m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
+			m["High"], m["Medium"], m["Low"], m["Unknown"])
 	}
-	summary = fmt.Sprintf("Total: %d (High:%d Medium:%d Low:%d ?:%d)",
-		m["High"]+m["Medium"]+m["Low"]+m["Unknown"],
-		m["High"], m["Medium"], m["Low"], m["Unknown"])
 	origmessage := message
 	if conf.FormatOneEMail {
 		message = fmt.Sprintf("One Line Summary\r\n================\r\n%s", formatOneLineSummary(rs...))
@@ -83,7 +85,75 @@ type EMailSender interface {

 type emailSender struct {
 	conf config.SMTPConf
-	send func(string, smtp.Auth, string, []string, []byte) error
+}
+
+func (e *emailSender) sendMail(smtpServerAddr, message string) (err error) {
+	var c *smtp.Client
+	var auth sasl.Client
+	emailConf := e.conf
+	//TLS Config
+	tlsConfig := &tls.Config{
+		ServerName: emailConf.SMTPAddr,
+	}
+	switch emailConf.SMTPPort {
+	case "465":
+		//New TLS connection
+		c, err = smtp.DialTLS(smtpServerAddr, tlsConfig)
+		if err != nil {
+			return xerrors.Errorf("Failed to create TLS connection to SMTP server: %w", err)
+		}
+	default:
+		c, err = smtp.Dial(smtpServerAddr)
+		if err != nil {
+			return xerrors.Errorf("Failed to create connection to SMTP server: %w", err)
+		}
+	}
+	defer c.Close()
+
+	if err = c.Hello("localhost"); err != nil {
+		return xerrors.Errorf("Failed to send Hello command: %w", err)
+	}
+
+	if ok, _ := c.Extension("STARTTLS"); ok {
+		if err := c.StartTLS(tlsConfig); err != nil {
+			return xerrors.Errorf("Failed to STARTTLS: %w", err)
+		}
+	}
+
+	if ok, param := c.Extension("AUTH"); ok {
+		authList := strings.Split(param, " ")
+		auth = e.newSaslClient(authList)
+	}
+
+	if err = c.Auth(auth); err != nil {
+		return xerrors.Errorf("Failed to authenticate: %w", err)
+	}
+	if err = c.Mail(emailConf.From, nil); err != nil {
+		return xerrors.Errorf("Failed to send Mail command: %w", err)
+	}
+	for _, to := range emailConf.To {
+		if err = c.Rcpt(to); err != nil {
+			return xerrors.Errorf("Failed to send Rcpt command: %w", err)
+		}
+	}
+
+	w, err := c.Data()
+	if err != nil {
+		return xerrors.Errorf("Failed to send Data command: %w", err)
+	}
+	_, err = w.Write([]byte(message))
+	if err != nil {
+		return xerrors.Errorf("Failed to write EMail message: %w", err)
+	}
+	err = w.Close()
+	if err != nil {
+		return xerrors.Errorf("Failed to close Writer: %w", err)
+	}
+	err = c.Quit()
+	if err != nil {
+		return xerrors.Errorf("Failed to close connection: %w", err)
+	}
+	return nil
 }

 func (e *emailSender) Send(subject, body string) (err error) {
@@ -112,30 +182,13 @@ func (e *emailSender) Send(subject, body string) (err error) {
 	smtpServer := net.JoinHostPort(emailConf.SMTPAddr, emailConf.SMTPPort)

 	if emailConf.User != "" && emailConf.Password != "" {
-		err = e.send(
-			smtpServer,
-			smtp.PlainAuth(
-				"",
-				emailConf.User,
-				emailConf.Password,
-				emailConf.SMTPAddr,
-			),
-			emailConf.From,
-			mailAddresses,
-			[]byte(message),
-		)
+		err = e.sendMail(smtpServer, message)
 		if err != nil {
 			return xerrors.Errorf("Failed to send emails: %w", err)
 		}
 		return nil
 	}
-	err = e.send(
-		smtpServer,
-		nil,
-		emailConf.From,
-		mailAddresses,
-		[]byte(message),
-	)
+	err = e.sendMail(smtpServer, message)
 	if err != nil {
 		return xerrors.Errorf("Failed to send emails: %w", err)
 	}
@@ -144,5 +197,19 @@ func (e *emailSender) Send(subject, body string) (err error) {

 // NewEMailSender creates emailSender
 func NewEMailSender() EMailSender {
-	return &emailSender{config.Conf.EMail, smtp.SendMail}
+	return &emailSender{config.Conf.EMail}
+}
+
+func (e *emailSender) newSaslClient(authList []string) sasl.Client {
+	for _, v := range authList {
+		switch v {
+		case "PLAIN":
+			auth := sasl.NewPlainClient("", e.conf.User, e.conf.Password)
+			return auth
+		case "LOGIN":
+			auth := sasl.NewLoginClient(e.conf.User, e.conf.Password)
+			return auth
+		}
+	}
+	return nil
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Kota Kanbe	0b55f94828	Improve implementation around config (#1122 ) * refactor config * fix saas config * feat(config): scanmodule for each server in config.toml * feat(config): enable to specify containersOnly in config.toml * add new keys of config.toml to discover.go * fix summary output, logging	2021-01-13 08:46:27 +09:00
Kota Kanbe	a67052f48c	fix(scan): err detecting EOL for alpine Linux (#1124 )	2021-01-12 20:10:22 +09:00
Kota Kanbe	6eff6a9329	feat(report): display EOL information to scan summary (#1120 ) * feat(report): display EOL information to scan summary * detect Amazon linux EOL	2021-01-09 07:58:55 +09:00
Kota Kanbe	69d32d4511	feat(report): add a err code to wpscan.com API error (#1119 )	2021-01-07 14:57:49 +09:00
Kota Kanbe	d7a613b710	chore: go mod update (#1118 )	2021-01-07 08:02:29 +09:00
sadayuki-matsuno	669c019287	fix(cvecontent) Fixed not to split empty string (#1117 )	2021-01-06 15:52:55 +09:00
Shigechika AIKAWA	fcc4901a10	fix(scan): Failed to parse CentOS Stream (#1098 )	2021-01-06 14:57:19 +09:00
Kota Kanbe	4359503484	fix(redhat): possibility of false positives on RHEL (#1115 )	2021-01-06 13:33:08 +09:00
Kota Kanbe	b13f93a2d3	feat(scan): support dnf modules (#1114 ) * feat(scan): support dnf modules * change dnf module list --installed to --enabled * chore: refactor * feat(report): detect logic for dnf modularity label * fix func name * chore: update go mods	2021-01-06 11:36:41 +09:00
Kota Kanbe	8405e0fad6	refactor(gost): Duplicate code into function (#1110 ) * refactor(gost): Duplicate code into function * fix	2020-12-30 08:33:30 +09:00
Kota Kanbe	aceb3f1826	fix(scan): add an error case for `rpm -qa` (#1109 )	2020-12-30 08:05:14 +09:00
Kota Kanbe	a206675f3e	fix(wordpress): remove cache because not permitted. (#1107 )	2020-12-29 07:25:58 +09:00
Kota Kanbe	f4253d74ae	fix(wordpress): wpscan.com unmarshal error (#1106 ) * refactor(report): remove Integration.apply * add an err check * fix(wordpress): wpscan.com unmarshal error * fix warnings	2020-12-29 07:11:04 +09:00
Kota Kanbe	aaea15e516	refactor(report): remove Integration.apply (#1105 ) * refactor(report): remove Integration.apply * add an err check	2020-12-29 06:59:48 +09:00
Kota Kanbe	83d1f80959	chore(report): remove stride and hipchat support (#1104 )	2020-12-26 08:52:45 +09:00
Kota Kanbe	a33cff8f13	fix(reprot): use SQLite3 in current dir if not specified (#1103 )	2020-12-26 08:24:17 +09:00
Kota Kanbe	8679759f60	chore: fix typo (#1102 )	2020-12-26 08:23:02 +09:00
Kota Kanbe	53deaee3d7	refactor(config): remove DependencyCheckXMLPath in config.toml (#1100 )	2020-12-25 06:38:00 +09:00
Kota Kanbe	5a14a58fe4	refactor(nvdxml): Remove codes related to NVD xml(deprecated) (#1099 )	2020-12-25 06:16:14 +09:00
Kota Kanbe	fb1fbf8f95	feat(report): Add NVD as a source for mitigations, primarySrc URL and Patch URL (#1097 ) * feat(report): Add NVD as a src for mitigations. * feat(report): display "Vendor Advisory" URL in NVD * feat(report): display patch urls in report, tui	2020-12-24 08:37:10 +09:00
Kota Kanbe	cfbf779f9b	feat(exploit): add exploit link in NVD as a source (#1096 ) Added Refs information with NVD's Expoit tag as an information source for Exploit.	2020-12-16 07:10:18 +09:00
Kota Kanbe	d576b6c6c1	refactor(report): around FillCveInfo (#1095 ) * refactor(report): around FillCveInfo * refacotr(report): around FillCveInfo	2020-12-15 15:48:23 +09:00
Kota Kanbe	514eb71482	fix(server): make config loading same as scan (#1091 ) * fix(server): make config loading same as scan * also remove from report, tui	2020-12-15 04:33:14 +09:00
Kota Kanbe	43ed904db1	fix(deps): update dependencies (#1094 ) * fix(dpes): update dependencies * update go ver * update go ver * update go * update go	2020-12-15 04:32:23 +09:00
Kota Kanbe	0a440ca629	fix(saas): add saas subcmd (#1093 )	2020-12-11 16:19:36 +09:00
Kota Kanbe	eff1dbf95b	feat(scanner): vuls-scanner binary on release archive (#1092 )	2020-12-11 11:05:48 +09:00
Kota Kanbe	9a32a94806	refactor: fix build warnings (#1090 )	2020-12-11 06:45:39 +09:00
Shigechika AIKAWA	2534098509	fix(report): wpvulndb poor versioning(#1088 ) (#1089 )	2020-12-11 05:53:41 +09:00
sadayuki-matsuno	9497365758	update pkg (#1087 )	2020-12-04 15:57:02 +09:00
Kota Kanbe	101c44c9c0	Change .goreleaser to build binaries for arm, 386, amd64 at release. (#1082 ) * fix go-releaser * add vuls-scanner	2020-11-28 06:39:52 +09:00
Kota Kanbe	ffd745c004	fix a compile error #1083 (#1084 )	2020-11-27 15:14:04 +09:00
Kota Kanbe	5fea4eaef8	feat(nocgo): enable to build with CGO_ENABLED=0 (#1080 )	2020-11-27 09:55:09 +09:00
Kota Kanbe	1f610043cf	feat(scan): IgnoredJSONKyes to clear values in result json #1071 (#1078 )	2020-11-20 10:36:36 +09:00
Kota Kanbe	3f8de02683	fix(portscan): to keep backward compatibility before v0.13.0 (#1076 )	2020-11-19 16:54:36 +09:00
Kota Kanbe	d02535d053	fix(debian): false negative of kernel cves with rdb backend (#1075 ) * fix(debian): false negative of kernel cves with rdb backend * update golangci.yml * add --timeout=10m to golangci.yml	2020-11-18 10:32:37 +09:00
Kota Kanbe	75fceff5f7	refactor(report): format-csv (#1072 )	2020-11-05 21:10:35 +09:00
gy741	ebd3834a35	add(report) -format-csv option (#1034 )	2020-11-05 20:56:19 +09:00
Kota Kanbe	93059b74c3	feat(report): IgnoredJSONKyes to clear values in result json (#1071 ) * feat(report): IgnoredJSONKyes to clear values in result json * fix(report): marshal indent in JSON everytime	2020-11-05 20:13:09 +09:00
Kota Kanbe	2fc3462d35	fix(libscan): update trivy deps (#1070 )	2020-11-05 15:38:12 +09:00
Kota Kanbe	f78dab50cb	fix(fast-root): affectedProcs, ports bug (#1067 )	2020-10-31 14:21:11 +09:00
Norihiro NAKAOKA	edb324c3d9	fix(portscan): ignore loopback address on remote scan (#1062 ) * change ignore loop back address on remote scan * fix test case * change append simple * fix format * set golangci-lint timeout * Revert "set golangci-lint timeout" This reverts commit `56b1c7089a`.	2020-10-23 16:40:03 +09:00
Norihiro NAKAOKA	83bcca6e66	experimental: add smart(fast, minimum ports, silently) TCP port scanner (#1060 ) * add struct ListenPorts * change parse to models.ListenPorts from string * change support models.ListenPorts in TUI * add scanPort template , detectScanDest * add Test_detectScanDest * change impl scanPorts template * fix build error * change collect scan success address * add Test_matchListenPorts * add Test_updatePortStatus * change display port scan result on tui * change display scan emoji on report * Revert "change display scan emoji on report" This reverts commit `e281882cc6`. * add continue * change display format * change no use loop label * remove comment code * change display * fix padding * change refactoring var , fn name * fix var name * fix var name * change eye icon * change icon * delete unuse mod	2020-10-19 17:47:20 +09:00
Kota Kanbe	a124518d78	fix: hard-coded version #1057 (#1059 )	2020-10-16 20:42:31 +09:00
Alexander Stein	94bf630e29	Expand negative grep match for any error for lib scans. (#1056 ) Many thanks 👍 Sure, that's better. Note: FreeBSD find: `find: /var/run/ppp: Permission denied`	2020-10-12 11:30:11 +09:00
shopper	31bb33fd90	ignore apk warning (#1052 )	2020-10-12 10:40:01 +09:00
Kota Kanbe	4b680b9960	fix(scan-freebsd): also get installed with `pkg info` #1042 (#1051 ) * fix(scan-freebsd): also get installed with `pkg info` #1042 * fix test	2020-09-12 05:08:41 +09:00
Kota Kanbe	8a8ab8cb18	feat(libscan): enable to scan vulns of libs with pseudo #1035 (#1050 )	2020-09-11 13:09:59 +09:00
Kota Kanbe	8146f5fd1b	update readme (#1049 )	2020-09-11 10:26:57 +09:00
shopper	425c585e47	Support for smtp LOGIN authentication (#1048 ) * finished to implement new mail client * delete email_test.go	2020-09-04 15:45:29 +09:00
Kota Kanbe	4f1578b2d6	[WIP]fix(scan): collect a `running` version of kernel-devel (#1044 ) * fix(scan): collect a running kernel-devel version * refactor	2020-09-01 14:37:40 +09:00
Norihiro NAKAOKA	7969b343b0	Raspberry Pi OS(Raspbian) scanning using OVAL DB (#1019 ) * change: never refer to ChangeLog * change raspberry pi os use debian oval at report * change do not use r.Family * change gost do not use r.Family * change use r.Family because family has a large impact * change replace MaineK00n/goval-dictionary@raspberrypi-oval * note Raspbian Scan Policy * add Raspbian Changelog support policy * change grep Package for Raspbian at fast-scan mode * add changelog preprocessing for Raspbian * add take note of TODO * change Changelog fetch part to function * change error handling * change solve one TODO * change make ChangelogDir once * add comment * fix oval support Amazon Linux :refs #824 * change to useScannedCves from ovalSupproted * change confidence for Raspbian * change skip package for raspbian in OVAL DB * change separate raspbian implementation from util * change error, log format * change print format * change log format(delete newline) * change support changelog.(Debian.)gz * Revert "change support changelog.(Debian.)gz" This reverts commit `2265a72c67`. * change test chnage.(Debian.)gz * change support raspbian package(raspberry) * change error format * fix regexp pattern * fix typo * fix changelog cache * change rename function name * add TestParseChangelog * change changelog lenient match for raspbian * fix test case * change clog dir support symbolic link, clog save dir name append suffix * change remove more package for raspberry pi * fix error handling * change module update * change refactoring around identifying raspbian package * update go module * update scan image * update scan image * change clarify scan mode * change raspiPackNamePattern and add test case	2020-08-25 14:11:34 +09:00
Kota Kanbe	58cf1f4c8e	refactor(typo): fix typos (#1041 )	2020-08-24 16:34:32 +09:00
Norihiro NAKAOKA	a5b87af862	delete unnecessary images (#1036 ) * delete unnecessary images * Revert "delete unnecessary images" This reverts commit `0967e1c522`. * delete unnecessary images	2020-08-21 17:07:20 +09:00
Kota Kanbe	a0e592b934	fix(report): fix segfault while uploading to s3 (#1033 )	2020-08-07 10:31:43 +09:00
Kota Kanbe	7eccc538bb	fix(msfdb): udpate go-msfdb-deps (#1032 )	2020-08-06 16:54:14 +09:00
Kota Kanbe	59daa8570a	fix(gost): suppress err logging when unsupported debian (#1031 )	2020-08-05 20:05:50 +09:00
Kota Kanbe	3f52d318bc	fix(log): suppress err msg if no access priv to logfile (#1029 )	2020-07-31 16:55:12 +09:00
takuzoo	11a7a0c934	Display metasploit module information for each detected CVE-IDs (#1011 ) * add metasploit * fix go deps * fix msf report * fix msfdb server port number * delete non-unique msfdb url from fulltext report * fix(report): validate msfdb config on report (#1) * fix(msfdb): update deps (go-msfdb) * version up go-msfdb v0.1.0 Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>	2020-07-03 14:05:07 +09:00
sadayuki-matsuno	89f49b0e29	Fix trivy parser test (#1014 ) * fix trivy parser test * fixed parser data	2020-06-24 17:14:43 +09:00
Kota Kanbe	72457cbf8e	bump up version	2020-06-24 10:57:39 +09:00
Kota Kanbe	c11ba27509	fix(libscan): include a lockfile path of libs (#1012 )	2020-06-24 10:46:00 +09:00
segatomo	8a611f9ba6	add diff-mode info (#1008 )	2020-06-19 16:07:14 +09:00
Kota Kanbe	4a73875e4d	bump up version (#1007 )	2020-06-17 12:21:26 +09:00
shopper	d9d5e612ff	Support ProxyJump option when using ssh command (#1004 ) * Add proxyjump func * Run go mod tidy * Run make fmt	2020-06-17 12:15:12 +09:00
Kota Kanbe	4d8599e4fc	update deps (#1006 ) see https://github.com/knqyf263/go-apk-version/pull/1	2020-06-16 07:48:07 +09:00
Norihiro NAKAOKA	59c7061d29	Fix SSH failure due to .ssh/config owner (#1005 ) * use -F option, success configtest and scan * add sshConfigPath in config.toml * Use sshConfigPath in config.toml when using ssh -F * change -ssh-config to deprecated * fix typo * add sshConfigPath in tomltemplate	2020-06-16 05:48:31 +09:00
segatomo	996557c667	support alpine3.11 (#1002 )	2020-06-12 13:42:11 +09:00
ahulab	519fb19a77	Added ReportedAt time for server mode reports (#996 ) - Fixes #928	2020-06-11 11:42:04 +09:00
kazuminn	36456cb151	feat(wordpress): Cache WpVulnDB (#989 ) * add wpVulnCache * fix bug * add test * fmt * fix bug * refactor * fix bug	2020-06-05 16:08:28 +09:00
sadayuki-matsuno	4ae87cc36c	Fix releaser (#988 ) * fix releaser * fix releaser * fix releaser * fix releaser * add 32 bit releaser and add exit code in cmd * delete 32 bit releaser * fix	2020-06-05 15:04:06 +09:00
shopper	b37df89fb1	Support SMTPS when using report -to-email (#991 ) * Add smtps func * Add SMTPS implementation * fix error message	2020-06-05 14:42:01 +09:00
sadayuki-matsuno	d18e7a751d	add trivy parser (#981 ) * add trivy parser * fix test * format * add title and summary * add trivy parse command * add uploader * set args by env * add README * add err check * fix * fix * fix * fix test * update trivy * refactor * delete require uuid * delete uuid from trivy parser Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>	2020-05-29 18:06:45 +09:00
kazuminn	8d5ea98e50	add -wp-ignore-inactive flag which ignores inactive plugin or themes (#974 ) * command * config * ignore inactive * fix * add test * fmt * add unset test * rename * add test * refactor * fix * refactor * refactor * fix golangci-lint error	2020-05-29 15:27:47 +09:00
Kota Kanbe	835dc08049	fix .golangci.yml	2020-05-27 20:33:57 +09:00
Kota Kanbe	62c9409fe9	add a github actions config (#985 ) * add a github actions config * fix(log): Don't create a log dir when testing * remove a meaningless test case * Thanks for everything, Mr, Travys. * add golangci * add goreleaser.yml * add tidy.yml * add golang-ci * fix many lint warnings	2020-05-27 20:11:24 +09:00
Kota Kanbe	2374f578ed	Bump up version	2020-05-26 09:32:10 +09:00
shopper	34e2f033d8	add kernelnames ubuntu20.04 (#982 )	2020-05-22 12:19:07 +09:00
kazuminn	420825cacc	remove append (#978 )	2020-05-20 13:55:07 +09:00
Kota Kanbe	466ec93d8e	bump up version	2020-05-08 17:15:25 +09:00
Kota Kanbe	3f5bb6ab29	fix(scan): alpine detection #965 (#966 ) * fix(scan): alpine detection #965 * use knqyf263/go-apk-version	2020-05-08 16:12:01 +09:00
Kota Kanbe	ebe5f858c8	update trivy, and unsupport image scanning feature (#971 ) * update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * fix(uuid): change uuid lib to go-uuid #929 (#969) * update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * unique ref links in TUI * download trivy DB only when lock file is specified in config.toml Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>	2020-05-08 15:24:39 +09:00
Kota Kanbe	9dd025437b	fix(uuid): change uuid lib to go-uuid #929 (#969 )	2020-05-06 14:14:07 +09:00
Wagde Zabit	c0ebac305a	composer.lock insteaad of composer.json (#973 ) Co-authored-by: Wagde Zabit <wagde@orcasecurity.io>	2020-05-01 15:20:33 +09:00
Kota Kanbe	1f23ab7ba4	Bump up version	2020-04-28 14:27:46 +09:00
Kota Kanbe	ea3b63998d	fix(report): GitHub Security Alerts Integration (#970 )	2020-04-28 14:26:37 +09:00
Kota Kanbe	3093426458	fix(logging): panic if no write permission #949 (#968 )	2020-04-27 17:37:30 +09:00
Kota Kanbe	37716feac7	refactor(lint): fix lint warnings (#967 )	2020-04-27 17:02:27 +09:00
Kota Kanbe	56b12c38d2	fix(config): not working with empty config #962 (#963 )	2020-04-23 10:50:35 +09:00
Kota Kanbe	749ead5d4a	update go mod (#960 )	2020-04-20 21:33:11 +09:00
Kota Kanbe	3be50ab8da	bump up version	2020-04-19 09:06:01 +09:00
Kota Kanbe	649f4a6991	fix(report): kernel vulns detection BUG in Ubuntu (#958 ) * fix(report): kernel vulns detection in Ubuntu * fix(ubuntu): remove linux-* to detect only running kernel vulns	2020-04-19 09:04:08 +09:00
Kota Kanbe	0ff7641471	feat(report): display "fixed" when updatable even in fast mode (#957 )	2020-04-13 18:20:32 +09:00
Kota Kanbe	1679bfae20	Update FUNDING.yml	2020-04-10 21:25:10 +09:00
Kota Kanbe	45aa364436	Update FUNDING.yml	2020-04-10 21:24:24 +09:00
Kota Kanbe	778516c4d9	Create FUNDING.yml	2020-04-10 21:21:30 +09:00
Kota Kanbe	464d523c42	Display fixed-in version for each package in report (#801 ) * refactor(model): PackageFixStatus.Name to BinName * refacotr(oval): change var name * feat(report): Add FixedIn in JSON * refactor(tui): chage args * display fixedin in report * refactor(model): change fileld name * remove unused field of PackageFixStatus	2020-04-08 21:26:34 +09:00
Kota Kanbe	0f6a1987d4	fix(configtest): yum-utils instead of dnf-utils on RHEL8, Cent8 (#948 )	2020-04-06 19:40:05 +09:00
Shigechika AIKAWA	20c6247ce5	fix CentOS8 configtest always failed (#947 )	2020-04-06 15:47:08 +09:00
gy741	a10dd67e0f	Fix typo in models/scanresults.go (#942 )	2020-04-06 15:00:43 +09:00
segatomo	5729ad6026	Add CWE Top25 and SANS Top25 (#925 ) * add top25 rank * add CweTop25 and SansTop25 * fix report * add cwetop25 and sanstop25 url * fix condition branch * fix condition branch	2020-03-03 17:33:06 +09:00
Tomoya Amachi	9aa0d87a21	feat : scan with image digest (#939 )	2020-03-03 16:51:06 +09:00
ishiDACo	fe3f1b9924	Update OWASP Dependency Check parser for dependency-check.2.2.xsd schema (#936 )	2020-02-27 10:08:26 +09:00
Kota Kanbe	00e52a88fa	Update README.md	2020-02-01 09:27:17 +09:00
Kota Kanbe	5811dffe7a	fix(report): Support CVSS 3.1 for Red Hat OVAL #930 (#932 )	2020-01-30 22:48:04 +09:00
sadayuki-matsuno	7278982af4	update fanal (#931 )	2020-01-30 20:40:49 +09:00
nyao	c17b4154ec	fix(config): fix double checking ResultsDir Path (#927 )	2019-12-12 09:29:12 +09:00
Kota Kanbe	d6e74cce08	bump up version (#923 )	2019-11-26 09:54:30 +09:00
Kota Kanbe	3f80749241	Merge branch 'master' of github.com:future-architect/vuls	2019-11-26 09:44:10 +09:00
Kota Kanbe	7f72b6ac69	Warn no ip (#922 ) * fix(scan): ignore wp-cli stderr messages (#825) (#915) * fix(scan): warn if unable to get ip address on the scan tareget server * fix test case	2019-11-26 09:40:38 +09:00
Kota Kanbe	03e7b90b9f	Merge branch 'master' of github.com:future-architect/vuls	2019-11-26 08:53:03 +09:00
Kota Kanbe	7936b3533b	Fill Red Hat CVE data for all distros (#920 ) * fix(scan): ignore wp-cli stderr messages (#825) (#915) * refactor * feat(report): fill Red Hat CVE data for all distros * fix lint err * fix cve judgment (#921)	2019-11-25 17:01:18 +09:00
Shigechika AIKAWA	bd7e61d7cc	fix(scan): ignore wp-cli stderr messages (#825 ) (#915 )	2019-11-22 20:58:24 +09:00
Shigechika AIKAWA	69214e0c22	fix(scan): ignore wp-cli stderr messages (#825 ) (#915 )	2019-11-01 10:01:50 +09:00
Wagde Zabit	45bff26558	Consider grep return value 1 as success (#907 ) * Allow Offline scanning on Alpine * Consider grep return value 1 as success	2019-09-18 23:26:37 +09:00
Kota Kanbe	b2e429ccc6	fix(log): add .log extension to vuls logfile (#910 )	2019-09-18 23:21:06 +09:00
Kota Kanbe	76363c227b	fix(report): enable to report when the sshkey not exist (#909 )	2019-09-18 22:40:36 +09:00
Kota Kanbe	d5a3e5c2c5	fix(report): fix cert key in result json ja to jp (#908 )	2019-09-18 19:30:32 +09:00
Kota Kanbe	2b02807ef0	fix(report): ignore exploits of no-cve-id vulns (#906 )	2019-09-13 12:49:57 +09:00
Kota Kanbe	be659ae094	fix(docker): add git to image (#905 )	2019-09-13 01:10:27 +09:00
Kota Kanbe	b2c105adbc	fix(tui): enable to exec tui mode without cve.sqlite3 (#904 )	2019-09-12 18:35:21 +09:00
Kota Kanbe	c61f462948	fix(report): show POC, CERT in tui and format-list. use vendor summary over NVD (#902 ) * fix(report): show POC, CERT in tui and format-list. show vendor summary * fix test case	2019-09-10 10:00:17 +09:00