Update Command#
You can display the commands or Ansible Playbooks required to resolve vulnerabilities.
The update command is a task-level feature, so you can view it by selecting a task. You can access the update command from the task list or task details.
Display Conditions#
The update command is displayed for tasks that meet all of the following conditions.
| Item | Condition |
|---|---|
| Patch Availability | ✓ (Available) |
| Patch Status | Not Applied |
| Package Availability Status | fixed (fixable) |
| Package Type | Other than cpe, library, or WordPress |
| Server Type | See Supported Server Types below |
| OS | OS supported for each server type |
The update command will not be displayed for servers whose OS is registered as pseudo.
Supported Server Types#
The update command supports the following server types.
Supported OS for Physical Servers#
The following OS are supported.
- Amazon Linux
- Red Hat Enterprise Linux (RHEL)
- CentOS
- Debian
- Ubuntu
- Oracle Linux
- Fedora
- AlmaLinux
- Rocky Linux
- openSUSE
- openSUSE Leap
- SUSE Linux Enterprise Server (SLES)
- SUSE Linux Enterprise Desktop (SLED)
Supported OS for Inspector Integration#
For instances integrated with Inspector (with the SSM agent installed), the actual OS information is registered. Therefore, the update command can be used for tasks created for vulnerabilities detected by Inspector. The following OS are supported.
- Amazon Linux
- Red Hat Enterprise Linux (RHEL)
- CentOS
- Debian
- Ubuntu
- Oracle Linux
- Fedora
- AlmaLinux
- Rocky Linux
- SUSE Linux Enterprise Server (SLES)
Additionally, since the SSM agent is installed, SSM updates are also supported.
For details, please refer to "SSM Integration".
Task List#
After selecting tasks where Patch Availability is ✓, click the "Update Commands" button to display the dialog. If multiple tasks are selected, the commands to resolve the vulnerabilities for the selected tasks will be aggregated on a per-server basis and displayed in the dialog.

For servers registered with the OS as pseudo
Since OS information is not included, the update command will not be displayed even if a patch is available (✓).

Task Details#
When there is an updatable package, the "Update Commands" button is displayed below the relevant package.

Contents of the Update Command Dialog#

This section explains the contents displayed in the dialog.
Pre-Update Tasks#
This section provides commands to check the dependencies of the target packages and the processes that will be affected by the update.
Update Task#
This section displays the commands to run on the target server to resolve the selected vulnerabilities.
Post-Update Tasks#
This section displays commands to check the status of the applied update.
Vuls Scan#
When you manually run the Vuls scanner on the actual server, the latest configuration information is collected and uploaded to FutureVuls. FutureVuls will recognize that the package has been updated, automatically change the status of the resolved vulnerability tasks to "PATCH_APPLIED", and close the tasks.
Commands for Rollback#
This section displays commands for rolling back the update. Run these if a problem occurs during the update and you want to roll back the package update.
Ansible Playbook#
An Ansible Playbook equivalent of the update command is also available.
You need to edit the hosts section yourself.

If you want to run the Ansible Playbook without a hosts file, please refer to "this link".
You can also download the Ansible Playbook using the download button.
Displaying Ansible Playbook for Multiple Selections#
If you select multiple tasks and display the Ansible Playbook, multiple playbooks will be generated.

Clicking the download button at the top of the screen will also download a master playbook that runs all the playbooks, which is useful for simultaneous execution.
The content of the master playbook is as follows.
---
# Generated by FutureVuls
# created at 2025/07/09
- hosts: {enter target host}
tasks:
- include: ip-10-100-4-95_ap-northeast-1_compute_internal_CVE-2024-35870.yml
- include: ip-10-100-4-95_ap-northeast-1_compute_internal_CVE-2024-35963.yml
You also need to edit the hosts section before running this.