Detect the OS Get installed packages Debian/Ubuntu: dpkg-query Amazon/RHEL/CentOS: rpm FreeBSD: pkg Check upgradable packages Debian/Ubuntu: apt-get upgrade --dry-run foreach upgradable packages Parse changelog and get CVE IDs Debian/Ubuntu: aptitude changelog end loop Select the CVE detail information Get CVE IDs by using package manager Amazon/RHEL: yum plugin security FreeBSD: pkg audit CVE DB (NVD / JVN) Write results to JSON files Reporting Get all changelogs of updatable packages at once CentOS: yum update --changelog Parse changelogs and get CVE IDs Debian Ubuntu Amazon RHEL FreeBSD CentOS