diff --git a/plugins/debian/debsecan_ b/plugins/debian/debsecan_
index ab743004..68d402c9 100755
--- a/plugins/debian/debsecan_
+++ b/plugins/debian/debsecan_
@@ -36,6 +36,7 @@ Shell globbing patterns are allowed.
 
 * Nicolas BOUTHORS <nbouthors@nbi.fr> http://nbi.fr/, Inspiration of the moment 10/10/2007
 * Olivier Mehani <shtrom+munin@ssji.net>, 2016
+* Wilco de Boer <deboer.wilco@gmail.com>, 2021
 
 =head1 LICENSE
 
@@ -43,13 +44,13 @@ Public Domain
 
 =head1 MAGIC MARKERS
 
-%# family=auto
-%# capabilities=autoconf
+#%# family=auto
+#%# capabilities=autoconf suggest
 
 =cut
 
 # Auto enable if we have debsecan only
-if [ "$1" = "autoconf" ] ; then
+if [ "$1" = "autoconf" ]; then
   if [ -x /usr/bin/debsecan ]; then
     echo yes
   else
@@ -58,13 +59,25 @@ if [ "$1" = "autoconf" ] ; then
   exit 0
 fi
 
+# Suggest both modes when asked
+if [ "$1" = "suggest" ]; then
+  echo pkg
+  echo cve
+  exit 0
+fi
+
 # Fail if we don't have debsecan
 if [ ! -x /usr/bin/debsecan ]; then
   echo 'error: /usr/bin/debsecan not found' >&2
   exit 1
 fi
 
-SUITE=${suite:-sid}
+# Suite is taken from environment but defaults to `os-release` content
+SUITE=$(
+  . /etc/os-release
+  echo "${suite:-$VERSION_CODENAME}"
+)
+
 FIXEDWARN=${fixed_warning:-1}
 FIXEDCRIT=${fixed_critical:-1000}
 REMOTEWARN=${remote_warning:-1}
@@ -72,119 +85,117 @@ REMOTECRIT=${remote_critical:-10}
 
 MODE=$(echo "$0" | sed 's/.*_//')
 case "${MODE}" in
-	'cve')
-		TITLE_ADD="unique "
-		FIELD=1
-		;;
-	'pkg' | *)
-		TITLE_ADD="package "
-		FIELD=2
-		;;
+  'cve')
+    TITLE_ADD="unique "
+    FIELD=1
+    ;;
+  'pkg' | *)
+    TITLE_ADD="package "
+    FIELD=2
+    ;;
 esac
 
-if [ "$1" = "config" ] ; then
-  cat <<EOF_
-graph_title DebSecan: ${TITLE_ADD}vulnerabilities
-graph_info ${TITLE_ADD}vulnerabilities for ${SUITE}
-graph_args -l 0 --base 1000
-graph_vlabel number of CVE
-graph_category system
-graph_period second
-graph_info This graph show the number of known ${TITLE_ADD}vulnerabilities present on your system. Use debsecan to see details.
-remote.label remote
-remote.colour FF0000
-remote.type GAUGE
-remote.draw AREASTACK
-remote.min 0
-remote.info The number of ${TITLE_ADD}remotely exploitable CVEs with any priority
-remote.warning ${REMOTEWARN}
-remote.critical ${REMOTECRIT}
-high.label high
-high.colour DD2200
-high.type GAUGE
-high.draw AREASTACK
-high.min 0
-high.info The number of ${TITLE_ADD}CVEs marked high priority
-medium.label medium
-medium.colour FFAA00
-medium.type GAUGE
-medium.draw AREASTACK
-medium.min 0
-medium.info The number of ${TITLE_ADD}CVEs marked medium priority
-low.label low
-low.colour 0000FF
-low.type GAUGE
-low.draw AREASTACK
-low.min 0
-low.info The number of ${TITLE_ADD}CVEs marked low priority
-other.label other
-other.colour 00AAFF
-other.type GAUGE
-other.draw AREASTACK
-other.min 0
-other.info The number of ${TITLE_ADD}CVEs with unspecified priority
-fixed.label fixed
-fixed.type GAUGE
-fixed.draw LINE2
-fixed.min 0
-fixed.info The number of ${TITLE_ADD}CVEs fixed by available updates
-fixed.warning ${FIXEDWARN}
-fixed.critical ${FIXEDCRIT}
-EOF_
+if [ "$1" = "config" ]; then
+  cat <<- EOF
+		graph_title DebSecan: ${TITLE_ADD}vulnerabilities
+		graph_info ${TITLE_ADD}vulnerabilities for ${SUITE}
+		graph_args -l 0 --base 1000
+		graph_vlabel number of CVE
+		graph_category system
+		graph_period second
+		graph_info This graph show the number of known ${TITLE_ADD}vulnerabilities present on your system. Use debsecan to see details.
+		remote.label remote
+		remote.colour FF0000
+		remote.type GAUGE
+		remote.draw AREASTACK
+		remote.min 0
+		remote.info The number of ${TITLE_ADD}remotely exploitable CVEs with any priority
+		remote.warning ${REMOTEWARN}
+		remote.critical ${REMOTECRIT}
+		high.label high
+		high.colour DD2200
+		high.type GAUGE
+		high.draw AREASTACK
+		high.min 0
+		high.info The number of ${TITLE_ADD}CVEs marked high priority
+		medium.label medium
+		medium.colour FFAA00
+		medium.type GAUGE
+		medium.draw AREASTACK
+		medium.min 0
+		medium.info The number of ${TITLE_ADD}CVEs marked medium priority
+		low.label low
+		low.colour 0000FF
+		low.type GAUGE
+		low.draw AREASTACK
+		low.min 0
+		low.info The number of ${TITLE_ADD}CVEs marked low priority
+		other.label other
+		other.colour 00AAFF
+		other.type GAUGE
+		other.draw AREASTACK
+		other.min 0
+		other.info The number of ${TITLE_ADD}CVEs with unspecified priority
+		fixed.label fixed
+		fixed.type GAUGE
+		fixed.draw LINE2
+		fixed.min 0
+		fixed.info The number of ${TITLE_ADD}CVEs fixed by available updates
+		fixed.warning ${FIXEDWARN}
+		fixed.critical ${FIXEDCRIT}
+	EOF
   exit 0
 fi
 
 ALL=$(debsecan --suite "${SUITE}" 2> /dev/null)
-REMOTE=$(echo "$ALL" | grep -w 'remotely')
-NONREMOTE=$(echo "$ALL" | grep -wv 'remotely')
+REMOTE=$(printf '%s' "$ALL" | grep -w 'remotely')
+NONREMOTE=$(printf '%s' "$ALL" | grep -wv 'remotely')
 
-HIGH=$(echo "${NONREMOTE}" | grep -w 'high urgency')
-MEDIUM=$(echo "${NONREMOTE}" | grep -w 'medium urgency')
-LOW=$(echo "${NONREMOTE}" | grep -w 'low urgency')
-OTHER=$(echo "${NONREMOTE}" | grep -wv 'urgency')
-FIXED=$(echo "${ALL}" | grep -w '(fixed')
+HIGH=$(printf '%s' "${NONREMOTE}" | grep -w 'high urgency')
+MEDIUM=$(printf '%s' "${NONREMOTE}" | grep -w 'medium urgency')
+LOW=$(printf '%s' "${NONREMOTE}" | grep -w 'low urgency')
+OTHER=$(printf '%s' "${NONREMOTE}" | grep -wv 'urgency')
+FIXED=$(printf '%s' "${ALL}" | grep -w '(fixed')
 
 # Arguments: Field offset to aggregate by
 count_entries() {
-	CUT_FIELD="${1}"
-	cut -f "${CUT_FIELD}" -d " "| sort | uniq -c
+  CUT_FIELD="${1}"
+  cut -f "${CUT_FIELD}" -d " " | sort | uniq -c
 }
 
 case "${MODE}" in
-	'cve')
-		remote_count=$(echo "${REMOTE}" | count_entries "${FIELD}" | wc -l)
-		high_count=$(echo "${HIGH}" | count_entries "${FIELD}" | wc -l)
-		medium_count=$(echo "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
-		low_count=$(echo "${LOW}" | count_entries "${FIELD}" | wc -l)
-		other_count=$(echo "${OTHER}" | count_entries "${FIELD}" | wc -l)
-		fixed_count=$(echo "${FIXED}" | count_entries "${FIELD}" | wc -l)
-		;;
-	'pkg' | *)
-		remote_count=$(echo "${REMOTE}" | wc -l)
-		high_count=$(echo "${HIGH}" | wc -l)
-		medium_count=$(echo "${MEDIUM}" | wc -l)
-		low_count=$(echo "${LOW}" | wc -l)
-		other_count=$(echo "${OTHER}" | wc -l)
-		fixed_count=$(echo "${FIXED}" | wc -l)
-		;;
+  'cve')
+    remote_count=$(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | wc -l)
+    high_count=$(printf '%s' "${HIGH}" | count_entries "${FIELD}" | wc -l)
+    medium_count=$(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | wc -l)
+    low_count=$(printf '%s' "${LOW}" | count_entries "${FIELD}" | wc -l)
+    other_count=$(printf '%s' "${OTHER}" | count_entries "${FIELD}" | wc -l)
+    fixed_count=$(printf '%s' "${FIXED}" | count_entries "${FIELD}" | wc -l)
+    ;;
+  'pkg' | *)
+    remote_count=$(printf '%s' "${REMOTE}" | wc -l)
+    high_count=$(printf '%s' "${HIGH}" | wc -l)
+    medium_count=$(printf '%s' "${MEDIUM}" | wc -l)
+    low_count=$(printf '%s' "${LOW}" | wc -l)
+    other_count=$(printf '%s' "${OTHER}" | wc -l)
+    fixed_count=$(printf '%s' "${FIXED}" | wc -l)
+    ;;
 esac
 
 # Reformat the output of the cut|sort|uniq... to a more human-friendly "item (count)" format
 CVECOUNTRE='s/^ *\([0-9]\+\) \+\([^ ]\+\)/\2 (\1)/'
 
-# shellcheck disable=SC2005 disable=SC2046
-# The nested $(echo ...)s are needed to yet the newlines
-cat <<EOF
-remote.value $remote_count
-remote.extinfo $(echo $(echo "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
-high.value $high_count
-high.extinfo $(echo $(echo "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
-medium.value $medium_count
-medium.extinfo $(echo $(echo "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
-low.value $low_count
-low.extinfo $(echo $(echo "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
-other.value $other_count
-other.extinfo $(echo $(echo "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
-fixed.value $fixed_count
-fixed.extinfo $(echo $(echo "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}"))
+cat <<- EOF
+	remote.value $remote_count
+	remote.extinfo $(printf '%s' "${REMOTE}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	high.value $high_count
+	high.extinfo $(printf '%s' "${HIGH}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	medium.value $medium_count
+	medium.extinfo $(printf '%s' "${MEDIUM}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	low.value $low_count
+	low.extinfo $(printf '%s' "${LOW}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	other.value $other_count
+	other.extinfo $(printf '%s' "${OTHER}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
+	fixed.value $fixed_count
+	fixed.extinfo $(printf '%s' "${FIXED}" | count_entries "${FIELD}" | sort -nr | sed "${CVECOUNTRE}" | xargs)
 EOF