future-architect · MaineK00n · Apr 2, 2026 · Apr 14, 2026
diff --git a/config/config.go b/config/config.go
@@ -39,7 +39,6 @@ type Config struct {
 
 	// report
 	CveDict GoCveDictConf `json:"cveDict,omitzero"`
-	Gost    GostConf      `json:"gost,omitzero"`
 	Cti     CtiConf       `json:"cti,omitzero"`
 	Vuls2   Vuls2Conf     `json:"vuls2,omitzero"`
 
@@ -186,7 +185,6 @@ func (c *Config) ValidateOnReport() bool {
 
 	for _, cnf := range []VulnDictInterface{
 		&Conf.CveDict,
-		&Conf.Gost,
 		&Conf.Cti,
 	} {
 		if err := cnf.Validate(); err != nil {

diff --git a/config/tomlloader.go b/config/tomlloader.go
@@ -39,7 +39,6 @@ func (c TOMLLoader) Load(pathToToml string) error {
 
 	for _, cnf := range []VulnDictInterface{
 		&Conf.CveDict,
-		&Conf.Gost,
 		&Conf.Cti,
 	} {
 		cnf.Init()

diff --git a/config/vulnDictConf.go b/config/vulnDictConf.go
@@ -173,33 +173,6 @@ func (cnf *GoCveDictConf) Init() {
 	cnf.DebugSQL = Conf.DebugSQL
 }
 
-// GostConf is gost config
-type GostConf struct {
-	VulnDict
-}
-
-const gostDBType = "GOSTDB_TYPE"
-const gostDBURL = "GOSTDB_URL"
-const gostDBPATH = "GOSTDB_SQLITE3_PATH"
-
-// Init set options with the following priority.
-// 1. Environment variable
-// 2. config.toml
-func (cnf *GostConf) Init() {
-	cnf.Name = "gost"
-	if os.Getenv(gostDBType) != "" {
-		cnf.Type = os.Getenv(gostDBType)
-	}
-	if os.Getenv(gostDBURL) != "" {
-		cnf.URL = os.Getenv(gostDBURL)
-	}
-	if os.Getenv(gostDBPATH) != "" {
-		cnf.SQLite3Path = os.Getenv(gostDBPATH)
-	}
-	cnf.setDefault("gost.sqlite3")
-	cnf.DebugSQL = Conf.DebugSQL
-}
-
 // CtiConf is go-cti config
 type CtiConf struct {
 	VulnDict

diff --git a/detector/detector.go b/detector/detector.go
@@ -17,7 +17,6 @@
 	"github.com/future-architect/vuls/contrib/owasp-dependency-check/parser"
 	"github.com/future-architect/vuls/cwe"
 	"github.com/future-architect/vuls/detector/vuls2"
-	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/reporter"
@@ -50,7 +49,7 @@
 			return nil, xerrors.Errorf("Failed to fill with Library dependency: %w", err)
 		}
 
-		if err := DetectPkgCves(&r, config.Conf.Gost, config.Conf.Vuls2, config.Conf.LogOpts, config.Conf.NoProgress); err != nil {
+		if err := DetectPkgCves(&r, config.Conf.Vuls2, config.Conf.LogOpts, config.Conf.NoProgress); err != nil {
 			return nil, xerrors.Errorf("Failed to detect Pkg CVE: %w", err)
 		}
 
@@ -296,19 +295,16 @@
 }
 
 // DetectPkgCves detects OS pkg cves
-func DetectPkgCves(r *models.ScanResult, gostCnf config.GostConf, vuls2Conf config.Vuls2Conf, logOpts logging.LogOpts, noProgress bool) error {
+func DetectPkgCves(r *models.ScanResult, vuls2Conf config.Vuls2Conf, logOpts logging.LogOpts, noProgress bool) error {
 	if isPkgCvesDetactable(r) {
 		switch r.Family {
 		case constant.RedHat, constant.CentOS, constant.Fedora, constant.Alma, constant.Rocky, constant.Oracle, constant.Amazon,
 			constant.OpenSUSE, constant.OpenSUSELeap, constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop,
-			constant.Debian, constant.Raspbian, constant.Ubuntu, constant.Alpine:
+			constant.Debian, constant.Raspbian, constant.Ubuntu, constant.Alpine,
+			constant.Windows:
 			if err := vuls2.Detect(r, vuls2Conf, noProgress); err != nil {
 				return xerrors.Errorf("Failed to detect CVE with Vuls2: %w", err)
 			}
-		case constant.Windows:
-			if err := detectPkgsCvesWithGost(gostCnf, r, logOpts); err != nil {
-				return xerrors.Errorf("Failed to detect CVE with gost: %w", err)
-			}
 		default:
 			return xerrors.Errorf("Unsupported detection methods for %s", r.Family)
 		}
@@ -344,27 +340,27 @@
 	return nil
 }
 
-// isPkgCvesDetactable checks whether CVEs is detactable with gost and vuls2 from the result
+// isPkgCvesDetactable checks whether CVEs is detactable with vuls2 from the result
 func isPkgCvesDetactable(r *models.ScanResult) bool {
 	switch r.Family {
 	case constant.FreeBSD, constant.MacOSX, constant.MacOSXServer, constant.MacOS, constant.MacOSServer, constant.ServerTypePseudo:
-		logging.Log.Infof("%s type. Skip gost and vuls2 detection", r.Family)
+		logging.Log.Infof("%s type. Skip vuls2 detection", r.Family)
 		return false
 	case constant.Windows:
 		return true
 	default:
 		if r.ScannedVia == "trivy" {
-			logging.Log.Infof("r.ScannedVia is trivy. Skip gost and vuls2 detection")
+			logging.Log.Infof("r.ScannedVia is trivy. Skip vuls2 detection")
 			return false
 		}
 
 		if r.Release == "" {
-			logging.Log.Infof("r.Release is empty. Skip gost and vuls2 detection")
+			logging.Log.Infof("r.Release is empty. Skip vuls2 detection")
 			return false
 		}
 
 		if len(r.Packages)+len(r.SrcPackages) == 0 {
-			logging.Log.Infof("Number of packages is 0. Skip gost and vuls2 detection")
+			logging.Log.Infof("Number of packages is 0. Skip vuls2 detection")
 			return false
 		}
 		return true
@@ -480,27 +476,6 @@
 	return dict
 }
 
-func detectPkgsCvesWithGost(cnf config.GostConf, r *models.ScanResult, logOpts logging.LogOpts) error {
-	client, err := gost.NewGostClient(cnf, r.Family, logOpts)
-	if err != nil {
-		return xerrors.Errorf("Failed to new a gost client: %w", err)
-	}
-	defer func() {
-		if err := client.CloseDB(); err != nil {
-			logging.Log.Errorf("Failed to close the gost DB. err: %+v", err)
-		}
-	}()
-
-	nCVEs, err := client.DetectCVEs(r, true)
-	if err != nil {
-		return xerrors.Errorf("Failed to detect CVEs with gost: %w", err)
-	}
-
-	logging.Log.Infof("%s: %d CVEs are detected with gost", r.FormatServerName(), nCVEs)
-
-	return nil
-}
-
 // DetectCpeURIsCves detects CVEs of given CPE-URIs
 func DetectCpeURIsCves(r *models.ScanResult, cpes []Cpe, cnf config.GoCveDictConf, logOpts logging.LogOpts) error {
 	client, err := newGoCveDictClient(&cnf, logOpts)

diff --git a/detector/util.go b/detector/util.go
@@ -15,7 +15,6 @@ import (
 
 	"github.com/future-architect/vuls/config"
 	"github.com/future-architect/vuls/constant"
-	"github.com/future-architect/vuls/gost"
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"golang.org/x/xerrors"
@@ -134,7 +133,6 @@ func getPlusDiffCves(previous, current models.ScanResult) models.VulnInfos {
 
 				// TODO commented out because  a bug of diff logic when multiple oval defs found for a certain CVE-ID and same updated_at
 				// if these OVAL defs have different affected packages, this logic detects as updated.
-				// This logic will be uncommented after integration with gost https://github.com/vulsio/gost
 				// } else if isCveFixed(v, previous) {
 				// updated[v.CveID] = v
 				// logging.Log.Debugf("fixed: %s", v.CveID)
@@ -266,7 +264,7 @@ func loadOneServerScanResult(jsonFile string) (*models.ScanResult, error) {
 }
 
 // ValidateDBs checks if the databases are accessible and can be closed properly
-func ValidateDBs(cveConf config.GoCveDictConf, gostConf config.GostConf, ctiConf config.CtiConf, logOpts logging.LogOpts) error {
+func ValidateDBs(cveConf config.GoCveDictConf, ctiConf config.CtiConf, logOpts logging.LogOpts) error {
 	cvec, err := newGoCveDictClient(&cveConf, logOpts)
 	if err != nil {
 		return xerrors.Errorf("Failed to new CVE client. err: %w", err)
@@ -275,14 +273,6 @@ func ValidateDBs(cveConf config.GoCveDictConf, gostConf config.GostConf, ctiConf
 		return xerrors.Errorf("Failed to close CVE DB. err: %w", err)
 	}
 
-	gostc, err := gost.NewGostClient(gostConf, constant.ServerTypePseudo, logOpts)
-	if err != nil {
-		return xerrors.Errorf("Failed to new gost client. err: %w", err)
-	}
-	if err := gostc.CloseDB(); err != nil {
-		return xerrors.Errorf("Failed to close gost DB. err: %w", err)
-	}
-
 	ctic, err := newGoCTIDBClient(&ctiConf, logOpts)
 	if err != nil {
 		return xerrors.Errorf("Failed to new CTI client. err: %w", err)

diff --git a/detector/vuls2/vendor.go b/detector/vuls2/vendor.go
@@ -51,6 +51,8 @@ func preConvertBinaryVersion(family, version string) string {
 
 func toVuls2Family(vuls0Family, vuls0Release string) string {
 	switch vuls0Family {
+	case constant.Windows:
+		return ecosystemTypes.EcosystemTypeMicrosoft
 	case constant.Raspbian:
 		return ecosystemTypes.EcosystemTypeDebian
 	case constant.SUSEEnterpriseServer, constant.SUSEEnterpriseDesktop:
@@ -598,6 +600,12 @@ func advisoryReference(e ecosystemTypes.Ecosystem, s sourceTypes.SourceID, da mo
 			Source: "SUSE",
 			RefID:  da.AdvisoryID,
 		}, nil
+	case ecosystemTypes.EcosystemTypeMicrosoft:
+		return models.Reference{
+			Link:   fmt.Sprintf("https://msrc.microsoft.com/update-guide/vulnerability/%s", da.AdvisoryID),
+			Source: "MICROSOFT",
+			RefID:  da.AdvisoryID,
+		}, nil
 	default:
 		return models.Reference{}, xerrors.Errorf("unsupported family: %s", et)
 	}
@@ -621,6 +629,8 @@ func cveContentSourceLink(ccType models.CveContentType, v vulnerabilityTypes.Vul
 		return fmt.Sprintf("https://security.alpinelinux.org/vuln/%s", v.Content.ID)
 	case models.Nvd:
 		return fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", v.Content.ID)
+	case models.Microsoft:
+		return fmt.Sprintf("https://msrc.microsoft.com/update-guide/vulnerability/%s", v.Content.ID)
 	default:
 		return ""
 	}
@@ -752,6 +762,22 @@ func compareSourceID(e ecosystemTypes.Ecosystem, a, b sourceTypes.SourceID) int
 			}
 		}
 		return cmp.Compare(preferenceFn(a), preferenceFn(b))
+	case ecosystemTypes.EcosystemTypeMicrosoft:
+		preferenceFn := func(sourceID sourceTypes.SourceID) int {
+			switch sourceID {
+			case sourceTypes.MicrosoftCVRF:
+				return 5
+			case sourceTypes.MicrosoftCSAF:
+				return 4
+			case sourceTypes.MicrosoftBulletin:
+				return 3
+			case sourceTypes.MicrosoftWSUSSCN2, sourceTypes.MicrosoftMSUC:
+				return 2
+			default:
+				return 1
+			}
+		}
+		return cmp.Compare(preferenceFn(a), preferenceFn(b))
 	default:
 		return 0
 	}
@@ -849,6 +875,8 @@ func toCveContentType(e ecosystemTypes.Ecosystem, s sourceTypes.SourceID) models
 		}
 	case ecosystemTypes.EcosystemTypeSUSELinuxEnterprise, ecosystemTypes.EcosystemTypeOpenSUSE, ecosystemTypes.EcosystemTypeOpenSUSELeap, ecosystemTypes.EcosystemTypeOpenSUSETumbleweed:
 		return models.SUSE
+	case ecosystemTypes.EcosystemTypeMicrosoft:
+		return models.Microsoft
 	default:
 		return models.NewCveContentType(et)
 	}
@@ -999,6 +1027,8 @@ func toVuls0Confidence(e ecosystemTypes.Ecosystem, s sourceTypes.SourceID) model
 		default:
 			return models.OvalMatch
 		}
+	case ecosystemTypes.EcosystemTypeMicrosoft:
+		return models.WindowsUpdateSearch
 	default:
 		return models.Confidence{
 			Score:           0,