feat(redhat): support build info in RHEL (#807)

go.mod

@@ -7,13 +7,13 @@ require (
 	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
-	github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac
+	github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21
 	github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492
-	github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1
+	github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d
 	github.com/caarlos0/env/v6 v6.0.0
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/cheggaaa/pb/v3 v3.0.3
@@ -33,7 +33,7 @@ require (
 	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08
 	github.com/mitchellh/copystructure v1.1.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5
-	github.com/open-policy-agent/opa v0.36.0
+	github.com/open-policy-agent/opa v0.36.1
 	github.com/owenrumney/go-sarif/v2 v2.0.17
 	github.com/spf13/afero v1.6.0
 	github.com/stretchr/objx v0.3.0 // indirect
@@ -41,7 +41,7 @@ require (
 	github.com/testcontainers/testcontainers-go v0.11.1
 	github.com/twitchtv/twirp v8.1.0+incompatible
 	github.com/urfave/cli/v2 v2.3.0
-	go.uber.org/zap v1.19.1
+	go.uber.org/zap v1.20.0
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 	google.golang.org/protobuf v1.27.1
 	gopkg.in/go-playground/validator.v9 v9.31.0 // indirect

go.sum

@@ -79,6 +79,8 @@ github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo
 github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v42.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go v61.2.0+incompatible h1:sSormXkfW0ov1vh6ihTBRQxdfg73fPqkccl50GbR9iM=
+github.com/Azure/azure-sdk-for-go v61.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0=
 github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
@@ -87,28 +89,41 @@ github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW
 github.com/Azure/go-autorest v10.15.5+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest v14.1.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
+github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
 github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
 github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
 github.com/Azure/go-autorest/autorest v0.10.2/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
 github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
+github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
+github.com/Azure/go-autorest/autorest v0.11.24 h1:1fIGgHKqVm54KIPT+q8Zmd1QlVsmHqeUGso5qm2BqqE=
+github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
 github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
 github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
 github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
 github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
 github.com/Azure/go-autorest/autorest/adal v0.8.3/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
 github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
+github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE=
 github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
+github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
+github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.2 h1:R1pgoZkhXuv4+0ky9r3e5pcnRXWcXGIuPXpC/xkc7uI=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.2/go.mod h1:q98IH4qgc3eWM4/WOeR5+YPmBuy8Lq0jNRDwSM0CuFk=
 github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.1 h1:jwcD1wURu0+hKceV04MubZmKLzwEYOCz6q4aOtVZ+Ng=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.1/go.mod h1:JfDgiIO1/RPu6z42AdQTyjOoCM2MFhLqSBDvMEkDgcg=
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
 github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
+github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
 github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
 github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
 github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
@@ -116,11 +131,15 @@ github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQ
 github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI=
 github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
 github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
+github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
+github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
+github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=
 github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU=
+github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Djarvur/go-err113 v0.0.0-20200410182137-af658d038157/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
@@ -224,8 +243,8 @@ github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz
 github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U=
 github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA=
 github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM=
-github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac h1:S1I4lTa44zqA7OUmuZUQdIh8k2H75P6LVhyR3nsuAFA=
+github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21 h1:7nx6j3boy7oawbPvkp2Vma9OvovZWIGvzJw80w1e71E=
-github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac/go.mod h1:ACYDJQPZtSl8Hxqf/CmZEbnX2X5CHHccrfjAyyUvbME=
+github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21/go.mod h1:aU+dKT2D+DLsTEmy/axt19XEIXayz0V9giXCwiypCgQ=
 github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff h1:JCKEV3TgUNh9fn+8hXyIdsF9yErA0rUbCkgt2flRKt4=
 github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff/go.mod h1:8fJ//Ob6/03lxbn4xa1F+G/giVtiVLxnZNpBp5xOxNk=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
@@ -241,8 +260,8 @@ github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbp
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
 github.com/aquasecurity/tfsec v0.63.1 h1:KH63HTcUoab7d3PKtqFO6T8K5AY7bzLw7Kiu+EY9U64=
 github.com/aquasecurity/tfsec v0.63.1/go.mod h1:g5ZWmsfqW1FsCaPb9ux8Pzjcyss/WUB2XuRd5slqvnc=
-github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1 h1:mOaPyX+hVglWFk8TbLA7q01GnqVcf6yPusaQaWnDNjE=
+github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d h1:vwK774PmorLkSsL/K4WUa9Y9Tn/5Ksmolv8UGHh0Wjc=
-github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1/go.mod h1:rnojVJTK+RySsfLW7xMqmQRSjQpm5fEjS+/N4kf3fcc=
+github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d/go.mod h1:BOulYmf+l2bd+Bjo3tTsdnbWCsh5UsJn1MqdiZzmm/Q=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -505,6 +524,7 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
+github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/docker/cli v0.0.0-20190925022749-754388324470/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -710,8 +730,9 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
+github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
@@ -1252,8 +1273,8 @@ github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDs
 github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/open-policy-agent/opa v0.36.0 h1:aNStYrrA8yC74g6ir33EExOUVexWFwfqg9dWjNfw87I=
+github.com/open-policy-agent/opa v0.36.1 h1:FkopbI3Rlor1nAvu78hgbdOLZyRd4vPepeMY4Tcm1Hc=
-github.com/open-policy-agent/opa v0.36.0/go.mod h1:/ZcbCeVlsRFp+n7aAvcTfElCL24b53p9v9QGo2y+0RM=
+github.com/open-policy-agent/opa v0.36.1/go.mod h1:/ZcbCeVlsRFp+n7aAvcTfElCL24b53p9v9QGo2y+0RM=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -1675,7 +1696,7 @@ go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
 go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
@@ -1688,8 +1709,8 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI=
+go.uber.org/zap v1.20.0 h1:N4oPlghZwYG55MlU6LXk/Zp00FVNE9X9wrYO8CEs4lc=
-go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
+go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
 gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI=
 golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4=
@@ -1722,8 +1743,10 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubSAGQ6Ozk6IdxHSzt1mR0EI=
+golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1838,9 +1861,11 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211118161319-6a13c67c3ce4/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs=
+golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -2005,8 +2030,9 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827 h1:A0Qkn7Z/n8zC1xd9LTw17AiKlBRK64tw3ejWQiEqca0=
 golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M=

integration/client_server_test.go

@@ -102,45 +102,44 @@ func TestClientServer(t *testing.T) {
 			},
 			golden: "testdata/ubuntu-1804.json.golden",
 		},
-		// TODO :fix them after support for Red Hat OVALv2
+		{
-		//{
+			name: "centos 7",
-		//	name: "centos 7 integration",
+			args: csArgs{
-		//	args: csArgs{
+				Input: "testdata/fixtures/images/centos-7.tar.gz",
-		//		Input: "testdata/fixtures/images/centos-7.tar.gz",
+			},
-		//	},
+			golden: "testdata/centos-7.json.golden",
-		//	golden: "testdata/centos-7.json.golden",
+		},
-		//},
+		{
-		//{
+			name: "centos 7 with --ignore-unfixed option",
-		//	name: "centos 7 integration with --ignore-unfixed option",
+			args: csArgs{
-		//	args: csArgs{
+				IgnoreUnfixed: true,
-		//		IgnoreUnfixed: true,
+				Input:         "testdata/fixtures/images/centos-7.tar.gz",
-		//		Input:         "testdata/fixtures/images/centos-7.tar.gz",
+			},
-		//	},
+			golden: "testdata/centos-7-ignore-unfixed.json.golden",
-		//	golden: "testdata/centos-7-ignore-unfixed.json.golden",
+		},
-		//},
+		{
-		//{
+			name: "centos 7 with medium severity",
-		//	name: "centos 7 integration with low and high severity",
+			args: csArgs{
-		//	args: csArgs{
+				IgnoreUnfixed: true,
-		//		IgnoreUnfixed: true,
+				Severity:      []string{"MEDIUM"},
-		//		Severity:      []string{"LOW", "HIGH"},
+				Input:         "testdata/fixtures/images/centos-7.tar.gz",
-		//		Input:         "testdata/fixtures/images/centos-7.tar.gz",
+			},
-		//	},
+			golden: "testdata/centos-7-medium.json.golden",
-		//	golden: "testdata/centos-7-low-high.json.golden",
+		},
-		//},
+		{
-		//{
+			name: "centos 6",
-		//	name: "centos 6 integration",
+			args: csArgs{
-		//	args: csArgs{
+				Input: "testdata/fixtures/images/centos-6.tar.gz",
-		//		Input: "testdata/fixtures/images/centos-6.tar.gz",
+			},
-		//	},
+			golden: "testdata/centos-6.json.golden",
-		//	golden: "testdata/centos-6.json.golden",
+		},
-		//},
+		{
-		//{
+			name: "ubi 7",
-		//	name: "ubi 7 integration",
+			args: csArgs{
-		//	args: csArgs{
+				Input: "testdata/fixtures/images/ubi-7.tar.gz",
-		//		Input: "testdata/fixtures/images/ubi-7.tar.gz",
+			},
-		//	},
+			golden: "testdata/ubi-7.json.golden",
-		//	golden: "testdata/ubi-7.json.golden",
+		},
-		//},
 		{
 			name: "almalinux 8",
 			args: csArgs{

integration/docker_engine_test.go

@@ -27,167 +27,166 @@ func TestDockerEngine(t *testing.T) {
 		ignoreUnfixed bool
 		severity      []string
 		ignoreIDs     []string
-		testfile       string
+		input         string
-		wantOutputFile string
+		golden        string
-		wantError      string
+		wantErr       string
 	}{
 		{
 			name:     "alpine:3.9",
 			imageTag: "alpine:3.9",
-			wantOutputFile: "testdata/alpine-39.json.golden",
+			input:    "testdata/fixtures/images/alpine-39.tar.gz",
-			testfile:       "testdata/fixtures/images/alpine-39.tar.gz",
+			golden:   "testdata/alpine-39.json.golden",
 		},
 		{
 			name:     "alpine:3.9, with high and critical severity",
 			severity: []string{"HIGH", "CRITICAL"},
 			imageTag: "alpine:3.9",
-			wantOutputFile: "testdata/alpine-39-high-critical.json.golden",
+			input:    "testdata/fixtures/images/alpine-39.tar.gz",
-			testfile:       "testdata/fixtures/images/alpine-39.tar.gz",
+			golden:   "testdata/alpine-39-high-critical.json.golden",
 		},
 		{
 			name:      "alpine:3.9, with .trivyignore",
 			imageTag:  "alpine:3.9",
 			ignoreIDs: []string{"CVE-2019-1549", "CVE-2019-14697"},
-			wantOutputFile: "testdata/alpine-39-ignore-cveids.json.golden",
+			input:     "testdata/fixtures/images/alpine-39.tar.gz",
-			testfile:       "testdata/fixtures/images/alpine-39.tar.gz",
+			golden:    "testdata/alpine-39-ignore-cveids.json.golden",
 		},
 		{
 			name:     "alpine:3.10",
 			imageTag: "alpine:3.10",
-			wantOutputFile: "testdata/alpine-310.json.golden",
+			input:    "testdata/fixtures/images/alpine-310.tar.gz",
-			testfile:       "testdata/fixtures/images/alpine-310.tar.gz",
+			golden:   "testdata/alpine-310.json.golden",
 		},
 		{
 			name:     "amazonlinux:1",
 			imageTag: "amazonlinux:1",
-			wantOutputFile: "testdata/amazon-1.json.golden",
+			input:    "testdata/fixtures/images/amazon-1.tar.gz",
-			testfile:       "testdata/fixtures/images/amazon-1.tar.gz",
+			golden:   "testdata/amazon-1.json.golden",
 		},
 		{
 			name:     "amazonlinux:2",
 			imageTag: "amazonlinux:2",
-			wantOutputFile: "testdata/amazon-2.json.golden",
+			input:    "testdata/fixtures/images/amazon-2.tar.gz",
-			testfile:       "testdata/fixtures/images/amazon-2.tar.gz",
+			golden:   "testdata/amazon-2.json.golden",
 		},
-		// TODO: fix them
-		//{
-		//	name:           "happy path, valid image path, centos:6",
-		//	imageTag:       "centos:6",
-		//	wantOutputFile: "testdata/centos-6.json.golden",
-		//	testfile:       "testdata/fixtures/images/centos-6.tar.gz",
-		//},
-		//{
-		//	name:           "happy path, valid image path, centos:7",
-		//	imageTag:       "centos:7",
-		//	wantOutputFile: "testdata/centos-7.json.golden",
-		//	testfile:       "testdata/fixtures/images/centos-7.tar.gz",
-		//},
-		//{
-		//	name:           "happy path, valid image path, centos:7, with --ignore-unfixed option",
-		//	imageTag:       "centos:7",
-		//	ignoreUnfixed:  true,
-		//	wantOutputFile: "testdata/centos-7-ignore-unfixed.json.golden",
-		//	testfile:       "testdata/fixtures/images/centos-7.tar.gz",
-		//},
-		//{
-		//	name:           "happy path, valid image path, centos:7, with --ignore-unfixed option, with low and high severity",
-		//	imageTag:       "centos:7",
-		//	ignoreUnfixed:  true,
-		//	severity:       []string{"LOW", "HIGH"},
-		//	wantOutputFile: "testdata/centos-7-low-high.json.golden",
-		//	testfile:       "testdata/fixtures/images/centos-7.tar.gz",
-		//},
-		//{
-		//	name:           "happy path, valid image path, registry.redhat.io/ubi7",
-		//	imageTag:       "registry.redhat.io/ubi7",
-		//	wantOutputFile: "testdata/ubi-7.json.golden",
-		//	testfile:       "testdata/fixtures/images/ubi-7.tar.gz",
-		//},
 		{
 			name:     "almalinux 8",
 			imageTag: "almalinux:8",
-			wantOutputFile: "testdata/almalinux-8.json.golden",
+			input:    "testdata/fixtures/images/almalinux-8.tar.gz",
-			testfile:       "testdata/fixtures/images/almalinux-8.tar.gz",
+			golden:   "testdata/almalinux-8.json.golden",
 		},
 		{
 			name:     "rocky linux 8",
 			imageTag: "rockylinux:8",
-			testfile:       "testdata/fixtures/images/rockylinux-8.tar.gz",
+			input:    "testdata/fixtures/images/rockylinux-8.tar.gz",
-			wantOutputFile: "testdata/rockylinux-8.json.golden",
+			golden:   "testdata/rockylinux-8.json.golden",
+		},
+		{
+			name:     "centos 6",
+			imageTag: "centos:6",
+			input:    "testdata/fixtures/images/centos-6.tar.gz",
+			golden:   "testdata/centos-6.json.golden",
+		},
+		{
+			name:     "centos 7",
+			imageTag: "centos:7",
+			input:    "testdata/fixtures/images/centos-7.tar.gz",
+			golden:   "testdata/centos-7.json.golden",
+		},
+		{
+			name:          "centos 7, with --ignore-unfixed option",
+			imageTag:      "centos:7",
+			ignoreUnfixed: true,
+			input:         "testdata/fixtures/images/centos-7.tar.gz",
+			golden:        "testdata/centos-7-ignore-unfixed.json.golden",
+		},
+		{
+			name:          "centos 7, with --ignore-unfixed option, with medium severity",
+			imageTag:      "centos:7",
+			ignoreUnfixed: true,
+			severity:      []string{"MEDIUM"},
+			input:         "testdata/fixtures/images/centos-7.tar.gz",
+			golden:        "testdata/centos-7-medium.json.golden",
+		},
+		{
+			name:     "registry.redhat.io/ubi7",
+			imageTag: "registry.redhat.io/ubi7",
+			input:    "testdata/fixtures/images/ubi-7.tar.gz",
+			golden:   "testdata/ubi-7.json.golden",
 		},
 		{
 			name:     "debian buster/10",
 			imageTag: "debian:buster",
-			wantOutputFile: "testdata/debian-buster.json.golden",
+			input:    "testdata/fixtures/images/debian-buster.tar.gz",
-			testfile:       "testdata/fixtures/images/debian-buster.tar.gz",
+			golden:   "testdata/debian-buster.json.golden",
 		},
 		{
 			name:          "debian buster/10, with --ignore-unfixed option",
 			ignoreUnfixed: true,
 			imageTag:      "debian:buster",
-			wantOutputFile: "testdata/debian-buster-ignore-unfixed.json.golden",
+			input:         "testdata/fixtures/images/debian-buster.tar.gz",
-			testfile:       "testdata/fixtures/images/debian-buster.tar.gz",
+			golden:        "testdata/debian-buster-ignore-unfixed.json.golden",
 		},
 		{
 			name:     "debian stretch/9",
 			imageTag: "debian:stretch",
-			wantOutputFile: "testdata/debian-stretch.json.golden",
+			input:    "testdata/fixtures/images/debian-stretch.tar.gz",
-			testfile:       "testdata/fixtures/images/debian-stretch.tar.gz",
+			golden:   "testdata/debian-stretch.json.golden",
 		},
 		{
 			name:     "distroless base",
 			imageTag: "gcr.io/distroless/base:latest",
-			wantOutputFile: "testdata/distroless-base.json.golden",
+			input:    "testdata/fixtures/images/distroless-base.tar.gz",
-			testfile:       "testdata/fixtures/images/distroless-base.tar.gz",
+			golden:   "testdata/distroless-base.json.golden",
 		},
 		{
 			name:     "distroless python2.7",
 			imageTag: "gcr.io/distroless/python2.7:latest",
-			wantOutputFile: "testdata/distroless-python27.json.golden",
+			input:    "testdata/fixtures/images/distroless-python27.tar.gz",
-			testfile:       "testdata/fixtures/images/distroless-python27.tar.gz",
+			golden:   "testdata/distroless-python27.json.golden",
 		},
 		{
 			name:     "oracle linux 8",
 			imageTag: "oraclelinux:8-slim",
-			wantOutputFile: "testdata/oraclelinux-8-slim.json.golden",
+			input:    "testdata/fixtures/images/oraclelinux-8-slim.tar.gz",
-			testfile:       "testdata/fixtures/images/oraclelinux-8-slim.tar.gz",
+			golden:   "testdata/oraclelinux-8-slim.json.golden",
 		},
 		{
 			name:     "ubuntu 18.04",
 			imageTag: "ubuntu:18.04",
-			wantOutputFile: "testdata/ubuntu-1804.json.golden",
+			input:    "testdata/fixtures/images/ubuntu-1804.tar.gz",
-			testfile:       "testdata/fixtures/images/ubuntu-1804.tar.gz",
+			golden:   "testdata/ubuntu-1804.json.golden",
 		},
 		{
 			name:          "ubuntu 18.04, with --ignore-unfixed option",
 			imageTag:      "ubuntu:18.04",
 			ignoreUnfixed: true,
-			wantOutputFile: "testdata/ubuntu-1804-ignore-unfixed.json.golden",
+			input:         "testdata/fixtures/images/ubuntu-1804.tar.gz",
-			testfile:       "testdata/fixtures/images/ubuntu-1804.tar.gz",
+			golden:        "testdata/ubuntu-1804-ignore-unfixed.json.golden",
 		},
 		{
-			name:           "happy path, valid image path, opensuse leap 15.1",
+			name:     "opensuse leap 15.1",
 			imageTag: "opensuse/leap:latest",
-			wantOutputFile: "testdata/opensuse-leap-151.json.golden",
+			input:    "testdata/fixtures/images/opensuse-leap-151.tar.gz",
-			testfile:       "testdata/fixtures/images/opensuse-leap-151.tar.gz",
+			golden:   "testdata/opensuse-leap-151.json.golden",
 		},
 		{
-			name:           "happy path, valid image path, photon 3.0",
+			name:     "photon 3.0",
 			imageTag: "photon:3.0-20190823",
-			wantOutputFile: "testdata/photon-30.json.golden",
+			input:    "testdata/fixtures/images/photon-30.tar.gz",
-			testfile:       "testdata/fixtures/images/photon-30.tar.gz",
+			golden:   "testdata/photon-30.json.golden",
 		},
 		{
-			name:           "buxybox with Cargo.lock",
+			name:     "busybox with Cargo.lock",
 			imageTag: "busy-cargo:latest",
-			wantOutputFile: "testdata/busybox-with-lockfile.json.golden",
+			input:    "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
-			testfile:       "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
+			golden:   "testdata/busybox-with-lockfile.json.golden",
 		},
 		{
 			name:         "sad path, invalid image",
 			invalidImage: true,
-			testfile:     "badimage:latest",
+			input:        "badimage:latest",
-			wantError:    "unable to inspect the image (index.docker.io/library/badimage:latest)",
+			wantErr:      "unable to inspect the image (index.docker.io/library/badimage:latest)",
 		},
 	}
 
@@ -203,11 +202,11 @@ func TestDockerEngine(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if !tt.invalidImage {
-				testfile, err := os.Open(tt.testfile)
+				testfile, err := os.Open(tt.input)
 				require.NoError(t, err, tt.name)
 
 				// ensure image doesnt already exists
-				_, _ = cli.ImageRemove(ctx, tt.testfile, types.ImageRemoveOptions{
+				_, _ = cli.ImageRemove(ctx, tt.input, types.ImageRemoveOptions{
 					Force:         true,
 					PruneChildren: true,
 				})
@@ -218,7 +217,7 @@ func TestDockerEngine(t *testing.T) {
 				io.Copy(io.Discard, res.Body)
 
 				// tag our image to something unique
-				err = cli.ImageTag(ctx, tt.imageTag, tt.testfile)
+				err = cli.ImageTag(ctx, tt.imageTag, tt.input)
 				require.NoError(t, err, tt.name)
 			}
 
@@ -244,22 +243,22 @@ func TestDockerEngine(t *testing.T) {
 				assert.NoError(t, err, "failed to write .trivyignore")
 				defer os.Remove(trivyIgnore)
 			}
-			trivyArgs = append(trivyArgs, tt.testfile)
+			trivyArgs = append(trivyArgs, tt.input)
 
 			err = app.Run(trivyArgs)
-			if tt.wantError != "" {
+			if tt.wantErr != "" {
 				require.NotNil(t, err)
-				assert.Contains(t, err.Error(), tt.wantError, tt.name)
+				assert.Contains(t, err.Error(), tt.wantErr, tt.name)
 				return
 			}
 
 			assert.NoError(t, err, tt.name)
 
 			// check for vulnerability output info
-			compareReports(t, tt.wantOutputFile, output)
+			compareReports(t, tt.golden, output)
 
 			// cleanup
-			_, err = cli.ImageRemove(ctx, tt.testfile, types.ImageRemoveOptions{
+			_, err = cli.ImageRemove(ctx, tt.input, types.ImageRemoveOptions{
 				Force:         true,
 				PruneChildren: true,
 			})

integration/standalone_tar_test.go

@@ -124,55 +124,49 @@ func TestTar(t *testing.T) {
 			},
 			golden: "testdata/ubuntu-1804-ignore-unfixed.json.golden",
 		},
-		// TODO: it will be fixed after support for Red Hat OVALv2
+		{
-		//{
+			name: "centos 7",
-		//	name: "centos 7 integration",
+			testArgs: args{
-		//	testArgs: args{
+				Format: "json",
-		//		Version: "dev",
+				Input:  "testdata/fixtures/images/centos-7.tar.gz",
-		//		Format:  "json",
+			},
-		//		Input:   "testdata/fixtures/images/centos-7.tar.gz",
+			golden: "testdata/centos-7.json.golden",
-		//	},
+		},
-		//	golden: "testdata/centos-7.json.golden",
+		{
-		//},
+			name: "centos 7with --ignore-unfixed option",
-		//{
+			testArgs: args{
-		//	name: "centos 7 integration with --ignore-unfixed option",
+				IgnoreUnfixed: true,
-		//	testArgs: args{
+				Format:        "json",
-		//		Version:       "dev",
+				Input:         "testdata/fixtures/images/centos-7.tar.gz",
-		//		IgnoreUnfixed: true,
+			},
-		//		Format:        "json",
+			golden: "testdata/centos-7-ignore-unfixed.json.golden",
-		//		Input:         "testdata/fixtures/images/centos-7.tar.gz",
+		},
-		//	},
+		{
-		//	golden: "testdata/centos-7-ignore-unfixed.json.golden",
+			name: "centos 7 with medium severity",
-		//},
+			testArgs: args{
-		//{
+				IgnoreUnfixed: true,
-		//	name: "centos 7 integration with low and high severity",
+				Severity:      []string{"MEDIUM"},
-		//	testArgs: args{
+				Format:        "json",
-		//		Version:       "dev",
+				Input:         "testdata/fixtures/images/centos-7.tar.gz",
-		//		IgnoreUnfixed: true,
+			},
-		//		Severity:      []string{"LOW", "HIGH"},
+			golden: "testdata/centos-7-medium.json.golden",
-		//		Format:        "json",
+		},
-		//		Input:         "testdata/fixtures/images/centos-7.tar.gz",
+		{
-		//	},
+			name: "centos 6",
-		//	golden: "testdata/centos-7-low-high.json.golden",
+			testArgs: args{
-		//},
+				Format: "json",
-		//{
+				Input:  "testdata/fixtures/images/centos-6.tar.gz",
-		//	name: "centos 6 integration",
+			},
-		//	testArgs: args{
+			golden: "testdata/centos-6.json.golden",
-		//		Version: "dev",
+		},
-		//		Format:  "json",
+		{
-		//		Input:   "testdata/fixtures/images/centos-6.tar.gz",
+			name: "ubi 7",
-		//	},
+			testArgs: args{
-		//	golden: "testdata/centos-6.json.golden",
+				Format: "json",
-		//},
+				Input:  "testdata/fixtures/images/ubi-7.tar.gz",
-		//{
+			},
-		//	name: "ubi 7 integration",
+			golden: "testdata/ubi-7.json.golden",
-		//	testArgs: args{
+		},
-		//		Version: "dev",
-		//		Format:  "json",
-		//		Input:   "testdata/fixtures/images/ubi-7.tar.gz",
-		//	},
-		//	golden: "testdata/ubi-7.json.golden",
-		//},
 		{
 			name: "almalinux 8",
 			testArgs: args{

integration/testdata/centos-7-medium.json.golden

@@ -0,0 +1,149 @@
+{
+  "SchemaVersion": 2,
+  "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
+  "ArtifactType": "container_image",
+  "Metadata": {
+    "OS": {
+      "Family": "centos",
+      "Name": "7.6.1810"
+    },
+    "ImageID": "sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1",
+    "DiffIDs": [
+      "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854"
+    ],
+    "ImageConfig": {
+      "architecture": "amd64",
+      "container": "958baf5225f586da9c70a21e911a0a875402dd22d83133d78b3b3aa6130e7892",
+      "created": "2019-03-14T21:19:53.361167852Z",
+      "docker_version": "18.06.1-ce",
+      "history": [
+        {
+          "created": "2019-03-14T21:19:52.66982152Z",
+          "created_by": "/bin/sh -c #(nop) ADD file:074f2c974463ab38cf3532134e8ba2c91c9e346457713f2e8b8e2ac0ee9fd83d in / "
+        },
+        {
+          "created": "2019-03-14T21:19:53.099141434Z",
+          "created_by": "/bin/sh -c #(nop)  LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20190305",
+          "empty_layer": true
+        },
+        {
+          "created": "2019-03-14T21:19:53.361167852Z",
+          "created_by": "/bin/sh -c #(nop)  CMD [\"/bin/bash\"]",
+          "empty_layer": true
+        }
+      ],
+      "os": "linux",
+      "rootfs": {
+        "type": "layers",
+        "diff_ids": [
+          "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854"
+        ]
+      },
+      "config": {
+        "Cmd": [
+          "/bin/bash"
+        ],
+        "Env": [
+          "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "Image": "sha256:294e8d8145287e70f07328cc09d840fad8980b801223321b983442f097aff0d8",
+        "Labels": {
+          "org.label-schema.build-date": "20190305",
+          "org.label-schema.license": "GPLv2",
+          "org.label-schema.name": "CentOS Base Image",
+          "org.label-schema.schema-version": "1.0",
+          "org.label-schema.vendor": "CentOS"
+        },
+        "ArgsEscaped": true
+      }
+    }
+  },
+  "Results": [
+    {
+      "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)",
+      "Class": "os-pkgs",
+      "Type": "centos",
+      "Vulnerabilities": [
+        {
+          "VulnerabilityID": "CVE-2019-1559",
+          "VendorIDs": [
+            "RHSA-2019:2304"
+          ],
+          "PkgName": "openssl-libs",
+          "InstalledVersion": "1:1.0.2k-16.el7",
+          "FixedVersion": "1:1.0.2k-19.el7",
+          "Layer": {
+            "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854"
+          },
+          "SeveritySource": "redhat",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559",
+          "Title": "openssl: 0-byte record padding oracle",
+          "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
+          "Severity": "MEDIUM",
+          "CweIDs": [
+            "CWE-203"
+          ],
+          "CVSS": {
+            "nvd": {
+              "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+              "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+              "V2Score": 4.3,
+              "V3Score": 5.9
+            },
+            "redhat": {
+              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+              "V3Score": 5.9
+            }
+          },
+          "References": [
+            "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html",
+            "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html",
+            "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html",
+            "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html",
+            "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html",
+            "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html",
+            "http://www.securityfocus.com/bid/107174",
+            "https://access.redhat.com/errata/RHSA-2019:2304",
+            "https://access.redhat.com/errata/RHSA-2019:2437",
+            "https://access.redhat.com/errata/RHSA-2019:2439",
+            "https://access.redhat.com/errata/RHSA-2019:2471",
+            "https://access.redhat.com/errata/RHSA-2019:3929",
+            "https://access.redhat.com/errata/RHSA-2019:3931",
+            "https://access.redhat.com/security/cve/CVE-2019-1559",
+            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559",
+            "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
+            "https://github.com/RUB-NDS/TLS-Padding-Oracles",
+            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
+            "https://linux.oracle.com/cve/CVE-2019-1559.html",
+            "https://linux.oracle.com/errata/ELSA-2019-2471.html",
+            "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html",
+            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/",
+            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/",
+            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/",
+            "https://security.gentoo.org/glsa/201903-10",
+            "https://security.netapp.com/advisory/ntap-20190301-0001/",
+            "https://security.netapp.com/advisory/ntap-20190301-0002/",
+            "https://security.netapp.com/advisory/ntap-20190423-0002/",
+            "https://support.f5.com/csp/article/K18549143",
+            "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
+            "https://ubuntu.com/security/notices/USN-3899-1",
+            "https://ubuntu.com/security/notices/USN-4376-2",
+            "https://usn.ubuntu.com/3899-1/",
+            "https://usn.ubuntu.com/4376-2/",
+            "https://www.debian.org/security/2019/dsa-4400",
+            "https://www.openssl.org/news/secadv/20190226.txt",
+            "https://www.oracle.com/security-alerts/cpujan2020.html",
+            "https://www.oracle.com/security-alerts/cpujan2021.html",
+            "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
+            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
+            "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
+            "https://www.tenable.com/security/tns-2019-02",
+            "https://www.tenable.com/security/tns-2019-03"
+          ],
+          "PublishedDate": "2019-02-27T23:29:00Z",
+          "LastModifiedDate": "2021-01-20T15:15:00Z"
+        }
+      ]
+    }
+  ]
+}

integration/testdata/debian-buster.json.golden

@@ -81,6 +81,7 @@
           },
           "References": [
             "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
+            "https://access.redhat.com/security/cve/CVE-2019-18276",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
             "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
             "https://linux.oracle.com/cve/CVE-2019-18276.html",

integration/testdata/debian-stretch.json.golden

@@ -81,6 +81,7 @@
           },
           "References": [
             "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
+            "https://access.redhat.com/security/cve/CVE-2019-18276",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
             "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
             "https://linux.oracle.com/cve/CVE-2019-18276.html",

integration/testdata/fixtures/db/cpe.yaml

@@ -0,0 +1,21 @@
+- bucket: Red Hat CPE
+  pairs:
+    - bucket: repository
+      pairs:
+        - key: "rhel-6-server-rpms"
+          value:
+            - 857
+        - key: "rhel-7-server-rpms"
+          value:
+            - 869
+    - bucket: nvr
+      pairs:
+        - key: "ubi7-container-7.7-140-x86_64"
+          value:
+            - 869
+    - bucket: cpe
+      pairs:
+        - key: "857"
+          value: "cpe:/o:redhat:enterprise_linux:6::server"
+        - key: "869"
+          value: "cpe:/o:redhat:enterprise_linux:7::server"

integration/testdata/fixtures/db/redhat.yaml

@@ -0,0 +1,73 @@
+- bucket: Red Hat
+  pairs:
+    - bucket: bash
+      pairs:
+        - key: CVE-2019-18276
+          value:
+            Entries:
+              - Affected:
+                  - 596
+                  - 597
+                  - 598
+                  - 601
+                  - 602
+                  - 869
+                  - 870
+                  - 924
+                Cves:
+                  - Severity: 1.0
+    - bucket: openssl
+      pairs:
+        - key: RHSA-2019:2304
+          value:
+            Entries:
+              - Affected:
+                  - 859
+                  - 860
+                  - 862
+                  - 869
+                Cves:
+                  - ID: CVE-2018-0734
+                    Severity: 1.0
+                  - ID: CVE-2019-1559
+                    Severity: 2.0
+                FixedVersion: 1:1.0.2k-19.el7
+        - key: RHSA-2019:2471
+          value:
+            Entries:
+              - Affected:
+                  - 855
+                  - 857
+                  - 858
+                  - 924
+                Cves:
+                  - ID: CVE-2019-1559
+                    Severity: 2.0
+                FixedVersion: 0:1.0.1e-58.el6_10
+    - bucket: openssl-libs
+      pairs:
+        - key: RHSA-2019:2304
+          value:
+            Entries:
+              - Affected:
+                  - 859
+                  - 860
+                  - 862
+                  - 869
+                Cves:
+                  - ID: CVE-2018-0734
+                    Severity: 1.0
+                  - ID: CVE-2019-1559
+                    Severity: 2.0
+                FixedVersion: 1:1.0.2k-19.el7
+    - bucket: glibc
+      pairs:
+        - key: CVE-2020-29573
+          value:
+            Entries:
+              - Affected:
+                  - 596
+                  - 857
+                  - 858
+                Cves:
+                  - Severity: 2.0

integration/testdata/fixtures/db/vulnerability.yaml

@@ -39,6 +39,67 @@
         photon: 2.0
         redhat: 1.0
         ubuntu: 1.0
+  - key: CVE-2018-0734
+    value:
+      CVSS:
+        nvd:
+          V2Score: 4.3
+          V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
+          V3Score: 5.9
+          V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
+        redhat:
+          V3Score: 5.1
+          V3Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
+      CweIDs:
+      - CWE-327
+      Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
+      LastModifiedDate: 2020-08-24T17:37:00Z
+      PublishedDate: 2018-10-30T12:29:00Z
+      References:
+      - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
+      - http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
+      - http://www.securityfocus.com/bid/105758
+      - https://access.redhat.com/errata/RHSA-2019:2304
+      - https://access.redhat.com/errata/RHSA-2019:3700
+      - https://access.redhat.com/errata/RHSA-2019:3932
+      - https://access.redhat.com/errata/RHSA-2019:3933
+      - https://access.redhat.com/errata/RHSA-2019:3935
+      - https://access.redhat.com/security/cve/CVE-2018-0734
+      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
+      - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac
+      - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
+      - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
+      - https://linux.oracle.com/cve/CVE-2018-0734.html
+      - https://linux.oracle.com/errata/ELSA-2019-3700.html
+      - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
+      - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
+      - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
+      - https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
+      - https://security.netapp.com/advisory/ntap-20181105-0002/
+      - https://security.netapp.com/advisory/ntap-20190118-0002/
+      - https://security.netapp.com/advisory/ntap-20190423-0002/
+      - https://ubuntu.com/security/notices/USN-3840-1
+      - https://usn.ubuntu.com/3840-1/
+      - https://www.debian.org/security/2018/dsa-4348
+      - https://www.debian.org/security/2018/dsa-4355
+      - https://www.openssl.org/news/secadv/20181030.txt
+      - https://www.oracle.com/security-alerts/cpuapr2020.html
+      - https://www.oracle.com/security-alerts/cpujan2020.html
+      - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
+      - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
+      - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
+      - https://www.tenable.com/security/tns-2018-16
+      - https://www.tenable.com/security/tns-2018-17
+      Severity: MEDIUM
+      Title: "openssl: timing side channel attack in the DSA signature algorithm"
+      VendorSeverity:
+        amazon: 2.0
+        arch-linux: 1.0
+        nvd: 2.0
+        oracle-oval: 1.0
+        photon: 2.0
+        redhat: 1.0
+        ubuntu: 1.0
   - key: CVE-2019-10744
     value:
       CVSS:
@@ -331,6 +392,75 @@
         photon: 2.0
         redhat: 1.0
         ubuntu: 1.0
+  - key: CVE-2019-1559
+    value:
+      CVSS:
+        nvd:
+          V2Score: 4.3
+          V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
+          V3Score: 5.9
+          V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
+        redhat:
+          V3Score: 5.9
+          V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
+      CweIDs:
+      - CWE-203
+      Description: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
+      LastModifiedDate: 2021-01-20T15:15:00Z
+      PublishedDate: 2019-02-27T23:29:00Z
+      References:
+      - http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
+      - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html
+      - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html
+      - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html
+      - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html
+      - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html
+      - http://www.securityfocus.com/bid/107174
+      - https://access.redhat.com/errata/RHSA-2019:2304
+      - https://access.redhat.com/errata/RHSA-2019:2437
+      - https://access.redhat.com/errata/RHSA-2019:2439
+      - https://access.redhat.com/errata/RHSA-2019:2471
+      - https://access.redhat.com/errata/RHSA-2019:3929
+      - https://access.redhat.com/errata/RHSA-2019:3931
+      - https://access.redhat.com/security/cve/CVE-2019-1559
+      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559
+      - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
+      - https://github.com/RUB-NDS/TLS-Padding-Oracles
+      - https://kc.mcafee.com/corporate/index?page=content&id=SB10282
+      - https://linux.oracle.com/cve/CVE-2019-1559.html
+      - https://linux.oracle.com/errata/ELSA-2019-2471.html
+      - https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html
+      - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
+      - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
+      - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
+      - https://security.gentoo.org/glsa/201903-10
+      - https://security.netapp.com/advisory/ntap-20190301-0001/
+      - https://security.netapp.com/advisory/ntap-20190301-0002/
+      - https://security.netapp.com/advisory/ntap-20190423-0002/
+      - https://support.f5.com/csp/article/K18549143
+      - https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS
+      - https://ubuntu.com/security/notices/USN-3899-1
+      - https://ubuntu.com/security/notices/USN-4376-2
+      - https://usn.ubuntu.com/3899-1/
+      - https://usn.ubuntu.com/4376-2/
+      - https://www.debian.org/security/2019/dsa-4400
+      - https://www.openssl.org/news/secadv/20190226.txt
+      - https://www.oracle.com/security-alerts/cpujan2020.html
+      - https://www.oracle.com/security-alerts/cpujan2021.html
+      - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
+      - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
+      - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
+      - https://www.tenable.com/security/tns-2019-02
+      - https://www.tenable.com/security/tns-2019-03
+      Severity: MEDIUM
+      Title: "openssl: 0-byte record padding oracle"
+      VendorSeverity:
+        amazon: 2.0
+        arch-linux: 2.0
+        nvd: 2.0
+        oracle-oval: 2.0
+        redhat: 2.0
+        ubuntu: 2.0
   - key: CVE-2019-1563
     value:
       CVSS:
@@ -449,6 +579,7 @@
       PublishedDate: 2019-11-28T01:15:00Z
       References:
       - http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
+      - https://access.redhat.com/security/cve/CVE-2019-18276
       - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
       - https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
       - https://linux.oracle.com/cve/CVE-2019-18276.html
@@ -670,6 +801,38 @@
         nvd: 2.0
         redhat: 2.0
         ubuntu: 2.0
+  - key: CVE-2020-29573
+    value:
+      CVSS:
+        nvd:
+          V2Score: 5.0
+          V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
+          V3Score: 7.5
+          V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+        redhat:
+          V3Score: 7.5
+          V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+      CweIDs:
+      - CWE-787
+      Description: "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference."
+      LastModifiedDate: 2021-01-26T18:15:00Z
+      PublishedDate: 2020-12-06T00:15:00Z
+      References:
+      - https://access.redhat.com/security/cve/CVE-2020-29573
+      - https://linux.oracle.com/cve/CVE-2020-29573.html
+      - https://linux.oracle.com/errata/ELSA-2021-0348.html
+      - https://security.gentoo.org/glsa/202101-20
+      - https://security.netapp.com/advisory/ntap-20210122-0004/
+      - https://sourceware.org/bugzilla/show_bug.cgi?id=26649
+      - https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
+      Severity: HIGH
+      Title: "glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern"
+      VendorSeverity:
+        arch-linux: 2.0
+        nvd: 3.0
+        oracle-oval: 2.0
+        photon: 3.0
+        redhat: 2.0
   - key: CVE-2020-8165
     value:
       CVSS:

integration/testdata/photon-30.json.golden

@@ -92,6 +92,7 @@
           },
           "References": [
             "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
+            "https://access.redhat.com/security/cve/CVE-2019-18276",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
             "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
             "https://linux.oracle.com/cve/CVE-2019-18276.html",

integration/testdata/ubuntu-1804.json.golden

@@ -99,6 +99,7 @@
           },
           "References": [
             "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
+            "https://access.redhat.com/security/cve/CVE-2019-18276",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
             "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
             "https://linux.oracle.com/cve/CVE-2019-18276.html",

pkg/detector/ospkg/redhat/redhat.go

@@ -1,6 +1,8 @@
 package redhat
 
 import (
+	"fmt"
+	"sort"
 	"strings"
 	"time"
 
@@ -10,13 +12,30 @@ import (
 
 	"github.com/aquasecurity/fanal/analyzer/os"
 	ftypes "github.com/aquasecurity/fanal/types"
-	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/redhat"
+	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	ustrings "github.com/aquasecurity/trivy-db/pkg/utils/strings"
+	redhat "github.com/aquasecurity/trivy-db/pkg/vulnsrc/redhat-oval"
+	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/scanner/utils"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 var (
+	defaultContentSets = map[string][]string{
+		"6": {
+			"rhel-6-server-rpms",
+			"rhel-6-server-extras-rpms",
+		},
+		"7": {
+			"rhel-7-server-rpms",
+			"rhel-7-server-extras-rpms",
+		},
+		"8": {
+			"rhel-8-for-x86_64-baseos-rpms",
+			"rhel-8-for-x86_64-appstream-rpms",
+		},
+	}
 	redhatEOLDates = map[string]time.Time{
 		"4": time.Date(2017, 5, 31, 23, 59, 59, 0, time.UTC),
 		"5": time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
@@ -77,19 +96,39 @@ func (s *Scanner) Detect(osVer string, pkgs []ftypes.Package) ([]types.DetectedV
 	if strings.Count(osVer, ".") > 0 {
 		osVer = osVer[:strings.Index(osVer, ".")]
 	}
-	log.Logger.Debugf("redhat: os version: %s", osVer)
+	log.Logger.Debugf("Red Hat: os version: %s", osVer)
-	log.Logger.Debugf("redhat: the number of packages: %d", len(pkgs))
+	log.Logger.Debugf("Red Hat: the number of packages: %d", len(pkgs))
 
 	var vulns []types.DetectedVulnerability
 	for _, pkg := range pkgs {
-		if !s.isFromSupportedVendor(pkg) {
+		if !isFromSupportedVendor(pkg) {
 			log.Logger.Debugf("Skipping %s: unsupported vendor", pkg.Name)
 			continue
 		}
 
-		// For Red Hat Security Data API containing only source package names
+		detectedVulns, err := s.detect(osVer, pkg)
-		pkgName := addModularNamespace(pkg.SrcName, pkg.Modularitylabel)
+		if err != nil {
-		advisories, err := s.vs.Get(osVer, pkgName)
+			return nil, xerrors.Errorf("redhat vulnerability detection error: %w", err)
+		}
+		vulns = append(vulns, detectedVulns...)
+	}
+	return vulns, nil
+}
+
+func (s *Scanner) detect(osVer string, pkg ftypes.Package) ([]types.DetectedVulnerability, error) {
+	// For Red Hat OVAL v2 containing only binary package names
+	pkgName := addModularNamespace(pkg.Name, pkg.Modularitylabel)
+
+	var contentSets []string
+	var nvr string
+	if pkg.BuildInfo == nil {
+		contentSets = defaultContentSets[osVer]
+	} else {
+		contentSets = pkg.BuildInfo.ContentSets
+		nvr = fmt.Sprintf("%s-%s", pkg.BuildInfo.Nvr, pkg.BuildInfo.Arch)
+	}
+
+	advisories, err := s.vs.Get(pkgName, contentSets, []string{nvr})
 	if err != nil {
 		return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err)
 	}
@@ -97,41 +136,58 @@ func (s *Scanner) Detect(osVer string, pkgs []ftypes.Package) ([]types.DetectedV
 	installed := utils.FormatVersion(pkg)
 	installedVersion := version.NewVersion(installed)
 
+	uniqVulns := map[string]types.DetectedVulnerability{}
 	for _, adv := range advisories {
-			if adv.FixedVersion != "" {
+		vulnID := adv.VulnerabilityID
-				continue
-			}
 		vuln := types.DetectedVulnerability{
-				VulnerabilityID:  adv.VulnerabilityID,
+			VulnerabilityID:  vulnID,
 			PkgName:          pkg.Name,
-				InstalledVersion: installed,
+			InstalledVersion: utils.FormatVersion(pkg),
 			Layer:            pkg.Layer,
+			SeveritySource:   vulnerability.RedHat,
+			Vulnerability: dbTypes.Vulnerability{
+				Severity: adv.Severity.String(),
+			},
 			Custom: adv.Custom,
 		}
-			vulns = append(vulns, vuln)
+
+		// unpatched vulnerabilities
+		if adv.FixedVersion == "" {
+			uniqVulns[vulnID] = vuln
+			continue
 		}
 
-		// For Red Hat OVAL v2 containing only binary package names
+		// patched vulnerabilities
-		pkgName = addModularNamespace(pkg.Name, pkg.Modularitylabel)
-		advisories, err = s.vs.Get(osVer, pkgName)
-		if err != nil {
-			return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err)
-		}
-
-		for _, adv := range advisories {
 		fixedVersion := version.NewVersion(adv.FixedVersion)
 		if installedVersion.LessThan(fixedVersion) {
-				vuln := types.DetectedVulnerability{
+			vuln.VendorIDs = adv.VendorIDs
-					VulnerabilityID:  adv.VulnerabilityID,
+			vuln.FixedVersion = fixedVersion.String()
-					PkgName:          pkg.Name,
+
-					InstalledVersion: installed,
+			if v, ok := uniqVulns[vulnID]; ok {
-					FixedVersion:     fixedVersion.String(),
+				// In case two advisories resolve the same CVE-ID.
-					Layer:            pkg.Layer,
+				// e.g. The first fix might be incomplete.
+				v.VendorIDs = ustrings.Unique(append(v.VendorIDs, vuln.VendorIDs...))
+
+				// The newer fixed version should be taken.
+				if version.NewVersion(v.FixedVersion).LessThan(fixedVersion) {
+					v.FixedVersion = vuln.FixedVersion
 				}
+				uniqVulns[vulnID] = v
+			} else {
+				uniqVulns[vulnID] = vuln
+			}
+		}
+	}
+
+	var vulns []types.DetectedVulnerability
+	for _, vuln := range uniqVulns {
 		vulns = append(vulns, vuln)
 	}
-		}
+
-	}
+	sort.Slice(vulns, func(i, j int) bool {
+		return vulns[i].VulnerabilityID < vulns[j].VulnerabilityID
+	})
+
 	return vulns, nil
 }
 
@@ -156,9 +212,9 @@ func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
 	return s.clock.Now().Before(eolDate)
 }
 
-func (s *Scanner) isFromSupportedVendor(pkg ftypes.Package) bool {
+func isFromSupportedVendor(pkg ftypes.Package) bool {
-	for _, s := range excludedVendorsSuffix {
+	for _, suffix := range excludedVendorsSuffix {
-		if strings.HasSuffix(pkg.Release, s) {
+		if strings.HasSuffix(pkg.Release, suffix) {
 			return false
 		}
 	}

pkg/detector/ospkg/redhat/redhat_test.go

@@ -1,23 +1,28 @@
 package redhat_test
 
 import (
-	"sort"
+	"os"
 	"testing"
 	"time"
 
-	"github.com/aquasecurity/trivy-db/pkg/db"
+	"github.com/stretchr/testify/require"
-	"github.com/aquasecurity/trivy/pkg/dbtest"
-	"github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat"
-
 	fake "k8s.io/utils/clock/testing"
 
 	ftypes "github.com/aquasecurity/fanal/types"
-
+	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
+	"github.com/aquasecurity/trivy/pkg/dbtest"
+	"github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat"
+	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
+func TestMain(m *testing.M) {
+	log.InitLogger(false, false)
+	os.Exit(m.Run())
+}
+
 func TestScanner_Detect(t *testing.T) {
 	type args struct {
 		osVer string
@@ -28,11 +33,14 @@ func TestScanner_Detect(t *testing.T) {
 		fixtures []string
 		args     args
 		want     []types.DetectedVulnerability
-		wantErr  string
+		wantErr  bool
 	}{
 		{
-			name:     "happy path: src pkg name is different from bin pkg name",
+			name: "happy path",
-			fixtures: []string{"testdata/fixtures/redhat.yaml"},
+			fixtures: []string{
+				"testdata/fixtures/redhat.yaml",
+				"testdata/fixtures/cpe.yaml",
+			},
 			args: args{
 				osVer: "7.6",
 				pkgs: []ftypes.Package{
@@ -49,6 +57,9 @@ func TestScanner_Detect(t *testing.T) {
 						Layer: ftypes.Layer{
 							DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
 						},
+						BuildInfo: &ftypes.BuildInfo{
+							ContentSets: []string{"rhel-7-server-rpms"},
+						},
 					},
 				},
 			},
@@ -57,23 +68,24 @@ func TestScanner_Detect(t *testing.T) {
 					VulnerabilityID:  "CVE-2017-5953",
 					PkgName:          "vim-minimal",
 					InstalledVersion: "2:7.4.160-5.el7",
-					Layer: ftypes.Layer{
+					SeveritySource:   vulnerability.RedHat,
-						DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
+					Vulnerability: dbTypes.Vulnerability{
+						Severity: dbTypes.SeverityLow.String(),
 					},
-				},
-				{
-					VulnerabilityID:  "CVE-2017-6350",
-					PkgName:          "vim-minimal",
-					InstalledVersion: "2:7.4.160-5.el7",
 					Layer: ftypes.Layer{
 						DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
 					},
 				},
 				{
 					VulnerabilityID:  "CVE-2019-12735",
+					VendorIDs:        []string{"RHSA-2019:1619"},
 					PkgName:          "vim-minimal",
 					InstalledVersion: "2:7.4.160-5.el7",
 					FixedVersion:     "2:7.4.160-6.el7_6",
+					SeveritySource:   vulnerability.RedHat,
+					Vulnerability: dbTypes.Vulnerability{
+						Severity: dbTypes.SeverityHigh.String(),
+					},
 					Layer: ftypes.Layer{
 						DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
 					},
@@ -81,10 +93,13 @@ func TestScanner_Detect(t *testing.T) {
 			},
 		},
 		{
-			name:     "happy path: src pkg name is the same as bin pkg name",
+			name: "happy path: multiple RHSA-IDs",
-			fixtures: []string{"testdata/fixtures/redhat.yaml"},
+			fixtures: []string{
+				"testdata/fixtures/redhat.yaml",
+				"testdata/fixtures/cpe.yaml",
+			},
 			args: args{
-				osVer: "7.3",
+				osVer: "7.5",
 				pkgs: []ftypes.Package{
 					{
 						Name:       "nss",
@@ -96,57 +111,117 @@ func TestScanner_Detect(t *testing.T) {
 						SrcVersion: "3.36.0",
 						SrcRelease: "7.4.160",
 						SrcEpoch:   0,
+						Layer: ftypes.Layer{
+							DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
+						},
+						BuildInfo: &ftypes.BuildInfo{
+							ContentSets: []string{"rhel-7-server-rpms"},
+						},
 					},
 				},
 			},
 			want: []types.DetectedVulnerability{
 				{
-					VulnerabilityID:  "CVE-2015-2808",
+					VulnerabilityID:  "CVE-2019-17007",
+					VendorIDs:        []string{"RHSA-2021:0876"},
 					PkgName:          "nss",
 					InstalledVersion: "3.36.0-7.1.el7_6",
+					FixedVersion:     "3.36.0-9.el7_6",
+					SeveritySource:   vulnerability.RedHat,
+					Vulnerability: dbTypes.Vulnerability{
+						Severity: dbTypes.SeverityMedium.String(),
+					},
+					Layer: ftypes.Layer{
+						DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
+					},
 				},
 				{
-					VulnerabilityID:  "CVE-2016-2183",
+					VulnerabilityID:  "CVE-2020-12403",
+					VendorIDs:        []string{"RHSA-2021:0538", "RHSA-2021:0876"},
 					PkgName:          "nss",
 					InstalledVersion: "3.36.0-7.1.el7_6",
+					FixedVersion:     "3.53.1-17.el7_3",
+					SeveritySource:   vulnerability.RedHat,
+					Vulnerability: dbTypes.Vulnerability{
+						Severity: dbTypes.SeverityHigh.String(),
+					},
+					Layer: ftypes.Layer{
+						DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
 					},
-				{
-					VulnerabilityID:  "CVE-2018-12404",
-					PkgName:          "nss",
-					InstalledVersion: "3.36.0-7.1.el7_6",
-					FixedVersion:     "3.44.0-4.el7",
 				},
 			},
 		},
 		{
-			name:     "happy path: modular packages",
+			name: "no build info",
-			fixtures: []string{"testdata/fixtures/redhat.yaml"},
+			fixtures: []string{
+				"testdata/fixtures/redhat.yaml",
+				"testdata/fixtures/cpe.yaml",
+			},
+			args: args{
+				osVer: "8.3",
+				pkgs: []ftypes.Package{
+					{
+						Name:    "vim-minimal",
+						Version: "7.4.160",
+						Release: "5.el8",
+						Epoch:   2,
+						Arch:    "x86_64",
+					},
+				},
+			},
+			want: []types.DetectedVulnerability{
+				{
+					VulnerabilityID:  "CVE-2019-12735",
+					VendorIDs:        []string{"RHSA-2019:1619"},
+					PkgName:          "vim-minimal",
+					InstalledVersion: "2:7.4.160-5.el8",
+					FixedVersion:     "2:7.4.160-7.el8_7",
+					SeveritySource:   vulnerability.RedHat,
+					Vulnerability: dbTypes.Vulnerability{
+						Severity: dbTypes.SeverityMedium.String(),
+					},
+				},
+			},
+		},
+		{
+			name: "modular packages",
+			fixtures: []string{
+				"testdata/fixtures/redhat.yaml",
+				"testdata/fixtures/cpe.yaml",
+			},
 			args: args{
 				osVer: "8.3",
 				pkgs: []ftypes.Package{
 					{
 						Name:            "php",
-						Version:         "7.2.24",
+						Version:         "7.2.10",
 						Release:         "1.module_el8.2.0+313+b04d0a66",
 						Arch:            "x86_64",
-						Epoch:           0,
 						SrcName:         "php",
-						SrcVersion:      "7.2.24",
+						SrcVersion:      "7.2.10",
 						SrcRelease:      "1.module_el8.2.0+313+b04d0a66",
-						SrcEpoch:        0,
 						Modularitylabel: "php:7.2:8020020200507003613:2c7ca891",
 						Layer: ftypes.Layer{
 							DiffID: "sha256:3e968ecc016e1b9aa19023798229bf2d25c813d1bf092533f38b056aff820524",
 						},
+						BuildInfo: &ftypes.BuildInfo{
+							Nvr:  "ubi8-init-container-8.0-7",
+							Arch: "x86_64",
+						},
 					},
 				},
 			},
 			want: []types.DetectedVulnerability{
 				{
 					VulnerabilityID:  "CVE-2019-11043",
+					VendorIDs:        []string{"RHSA-2020:0322"},
 					PkgName:          "php",
-					InstalledVersion: "7.2.24-1.module_el8.2.0+313+b04d0a66",
+					InstalledVersion: "7.2.10-1.module_el8.2.0+313+b04d0a66",
-					FixedVersion:     "7.3.5-5.module+el8.1.0+4560+e0eee7d6",
+					FixedVersion:     "7.2.11-1.1.module+el8.0.0+4664+17bd8d65",
+					SeveritySource:   vulnerability.RedHat,
+					Vulnerability: dbTypes.Vulnerability{
+						Severity: dbTypes.SeverityCritical.String(),
+					},
 					Layer: ftypes.Layer{
 						DiffID: "sha256:3e968ecc016e1b9aa19023798229bf2d25c813d1bf092533f38b056aff820524",
 					},
@@ -154,8 +229,7 @@ func TestScanner_Detect(t *testing.T) {
 			},
 		},
 		{
-			name:     "happy path: packages from remi repository are skipped",
+			name: "packages from remi repository are skipped",
-			fixtures: []string{"testdata/fixtures/redhat.yaml"},
 			args: args{
 				osVer: "7.6",
 				pkgs: []ftypes.Package{
@@ -164,13 +238,8 @@ func TestScanner_Detect(t *testing.T) {
 						Version: "7.3.23",
 						Release: "1.el7.remi",
 						Arch:    "x86_64",
-						Epoch:      0,
+						BuildInfo: &ftypes.BuildInfo{
-						SrcName:    "php",
+							ContentSets: []string{"rhel-7-server-rpms"},
-						SrcVersion: "7.3.23",
-						SrcRelease: "1.el7.remi",
-						SrcEpoch:   0,
-						Layer: ftypes.Layer{
-							DiffID: "sha256:c27b3cf4d516baf5932d5df3a573c6a571ddace3ee2a577492292d2e849c112b",
 						},
 					},
 				},
@@ -178,38 +247,35 @@ func TestScanner_Detect(t *testing.T) {
 			want: []types.DetectedVulnerability(nil),
 		},
 		{
-			name:     "invalid bucket",
+			name: "broken value",
-			fixtures: []string{"testdata/fixtures/invalid.yaml"},
+			fixtures: []string{
+				"testdata/fixtures/invalid-type.yaml",
+				"testdata/fixtures/cpe.yaml",
+			},
 			args: args{
-				osVer: "6",
+				osVer: "7",
 				pkgs: []ftypes.Package{
 					{
-						Name:       "jq",
+						Name:    "nss",
 						Version: "3.36.0",
-						SrcName:    "jq",
+						Release: "7.1.el7_6",
-						SrcVersion: "3.36.0",
+						Arch:    "x86_64",
+						BuildInfo: &ftypes.BuildInfo{
+							ContentSets: []string{"rhel-7-server-rpms"},
 						},
 					},
 				},
-			wantErr: "failed to get Red Hat advisories",
+			},
+			wantErr: true,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			_ = dbtest.InitDB(t, tt.fixtures)
+			dbtest.InitDB(t, tt.fixtures)
-			defer db.Close()
 
 			s := redhat.NewScanner()
 			got, err := s.Detect(tt.args.osVer, tt.args.pkgs)
-			if tt.wantErr != "" {
+			require.Equal(t, tt.wantErr, err != nil, err)
-				require.Error(t, err)
-				assert.Contains(t, err.Error(), tt.wantErr)
-				return
-			}
-			sort.Slice(got, func(i, j int) bool {
-				return got[i].VulnerabilityID < got[j].VulnerabilityID
-			})
-			assert.NoError(t, err)
 			assert.Equal(t, tt.want, got)
 		})
 	}

pkg/detector/ospkg/redhat/testdata/fixtures/cpe.yaml

@@ -0,0 +1,32 @@
+- bucket: Red Hat CPE
+  pairs:
+    - bucket: repository
+      pairs:
+        - key: "rhel-8-for-x86_64-baseos-rpms"
+          value:
+            - 2
+            - 4
+        - key: "3scale-amp-2-rpms-for-rhel-8-x86_64-debug-rpms"
+          value:
+            - 4
+        - key: "rhel-7-server-rpms"
+          value:
+            - 0
+    - bucket: nvr
+      pairs:
+        - key: "ubi8-init-container-8.0-7-x86_64"
+          value:
+            - 2
+            - 3
+    - bucket: cpe
+      pairs:
+        - key: "0"
+          value: "cpe:/o:redhat:enterprise_linux:7::server"
+        - key: "1"
+          value: "cpe:/o:redhat:enterprise_linux:7::client"
+        - key: "2"
+          value: "cpe:/a:redhat:enterprise_linux:8"
+        - key: "3"
+          value: "cpe:/a:redhat:enterprise_linux:8::appstream"
+        - key: "4"
+          value: "cpe:/o:redhat:enterprise_linux:8::baseos"

pkg/detector/ospkg/redhat/testdata/fixtures/invalid-type.yaml

@@ -0,0 +1,7 @@
+- bucket: Red Hat
+  pairs:
+    - bucket: nss
+      pairs:
+        - key: RHSA-2021:0538
+          value:
+            Entries: broken

pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml

@@ -1,38 +1,77 @@
-- bucket: Red Hat Enterprise Linux 7
+- bucket: Red Hat
   pairs:
-    - bucket: php
-      pairs:
-        - key: CVE-2011-4718
-          value:
-            FixedVersion: ""
-    - bucket: vim
-      pairs:
-        - key: CVE-2017-5953
-          value:
-            FixedVersion: ""
-        - key: CVE-2017-6350
-          value:
-            FixedVersion: ""
     - bucket: vim-minimal
       pairs:
-        - key: CVE-2019-12735
+        - key: RHSA-2019:1619
           value:
-            FixedVersion: "2:7.4.160-6.el7_6"
+            Entries:
+              - FixedVersion: 2:7.4.160-6.el7_6
+                Affected:
+                  - 0
+                  - 1
+                Cves:
+                  - ID: CVE-2019-12735
+                    Severity: 3
+              - FixedVersion: 2:7.4.160-7.el8_7
+                Affected:
+                  - 2
+                  - 3
+                Cves:
+                  - ID: CVE-2019-12735
+                    Severity: 2
+        - key: CVE-2017-5953
+          value:
+            Entries:
+              - FixedVersion: ""
+                Affected:
+                  - 0
+                  - 1
+                Cves:
+                  - Severity: 1
     - bucket: nss
       pairs:
-        - key: CVE-2015-2808
+        - key: RHSA-2021:0538
           value:
-            FixedVersion: ""
+            Entries:
-        - key: CVE-2016-2183
+              - FixedVersion: 0:3.53.1-17.el7_3
+                Affected:
+                  - 0
+                  - 1
+                Cves:
+                  - ID: CVE-2020-12403
+                    Severity: 3
+        - key: RHSA-2021:0876
           value:
-            FixedVersion: ""
+            Entries:
-        - key: CVE-2018-12404
+              - FixedVersion: 0:3.36.0-9.el7_6
-          value:
+                Affected:
-            FixedVersion: "3.44.0-4.el7"
+                  - 0
-- bucket: Red Hat Enterprise Linux 8
+                  - 1
-  pairs:
+                Cves:
+                  - ID: CVE-2019-17007
+                    Severity: 2
+                  - ID: CVE-2020-12403
+                    Severity: 3
     - bucket: "php:7.2::php"
       pairs:
-        - key: CVE-2019-11043
+        - key: RHSA-2020:0322
           value:
-            FixedVersion: "7.3.5-5.module+el8.1.0+4560+e0eee7d6"
+            Entries:
+              - FixedVersion: "0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65"
+                Affected:
+                  - 2
+                  - 3
+                Cves:
+                  - ID: CVE-2019-11043
+                    Severity: 4
+    - bucket: php
+      pairs:
+        - key: CVE-2006-4023
+          value:
+            Entries:
+              - FixedVersion: """
+                Affected:
+                  - 0
+                  - 1
+                Cves:
+                  - Severity: 1

pkg/scanner/local/scan.go

@@ -11,9 +11,7 @@ import (
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/fanal/analyzer"
-	_ "github.com/aquasecurity/fanal/analyzer/all"
 	"github.com/aquasecurity/fanal/applier"
-	_ "github.com/aquasecurity/fanal/hook/all"
 	ftypes "github.com/aquasecurity/fanal/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/detector/library"
@@ -22,6 +20,9 @@ import (
 	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/utils"
+
+	_ "github.com/aquasecurity/fanal/analyzer/all"
+	_ "github.com/aquasecurity/fanal/hook/all"
 )
 
 var (