Detect the OS Get installed packages Debian/Ubuntu: dpkg-query Amazon/RHEL/CentOS: rpm FreeBSD: pkg Get upgradable packages Debian/Ubuntu: apt-get upgrade --dry-run foreach upgradable packages Parse changelog and get CVE IDs Debian/Ubuntu: aptitude changelog end loop Select the CVE detail information Get CVE IDs by using package manager Amazon/RHEL: yum plugin security FreeBSD: pkg audit Vuls DB CVE DB (NVD / JVN) Insert results into DB Reporting Get all changelogs by using package manager CentOS: yum update --changelog Parse changelogs and get CVE IDs Debian Ubuntu Amazon RHEL FreeBSD CentOS