Detect the OS Get installed packages Alpine: apk Debian/Ubuntu: dpkg-query Amazon/RHEL/CentOS: rpm SUSE: zypper FreeBSD: pkg Write results to JSON files Get CVE IDs by using package manager Amazon: yum plugin security FreeBSD: pkg audit Report Vulnerability Database Folder 1 CVE DB (NVD / JVN) OVAL DB Check upgradable packages Debian/Ubuntu: apt-get upgrade --dry-run foreach upgradable packages Parse changelog and get CVE IDs Debian/Ubuntu: aptitude changelog end loop Amazon FreeBSD Alpine Linux CentOS RHEL Ubuntu Debian Oracle Linux Suse Raspbian