Fix reporting for images without CVEs

Signed-off-by: Christian Dupuis <cd@atomist.com>
2022-10-25 15:06:58 +02:00
parent 81ff63779b
commit 45dec2439e
4 changed files with 9 additions and 2 deletions
--- a/commands/detect.go
+++ b/commands/detect.go
@@ -184,6 +184,9 @@ func renderCommit(image query.Image) string {
 func renderVulnerabilities(image query.Image) string {
 	if len(image.Report) > 0 {
 		report := image.Report[0]
+		if report.Total == -1 {
+			return " no CVE data available "
+		}
 		parts := make([]string, 0)
 		if report.Critical > 0 {
 			parts = append(parts, " C"+strconv.FormatInt(report.Critical, 10))
@@ -201,5 +204,5 @@ func renderVulnerabilities(image query.Image) string {
 			return strings.Join(parts, " ") + " "
 		}
 	}
-	return " no CVE data available "
+	return ""
 }
--- a/query/index.go
+++ b/query/index.go
@@ -85,6 +85,9 @@ func ForBaseImageInIndex(digest digest.Digest, workspace string, apiKey string)
 			CreatedAt:  ii.CreatedAt,
 			Tags:       manifestList[0].Tags,
 			Repository: *repository,
+			Report: []Report{{
+				Total: -1,
+			}},
 		}
 		return &[]Image{image}, nil
 	}
--- a/query/query.go
+++ b/query/query.go
@@ -36,6 +36,7 @@ type ManifestList struct {
 }

 type Report struct {
+	Total       int64 `edn:"vulnerability.report/total"`
 	Critical    int64 `edn:"vulnerability.report/critical"`
 	High        int64 `edn:"vulnerability.report/high"`
 	Medium      int64 `edn:"vulnerability.report/medium"`
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -48,7 +48,7 @@ func DigestForImage(dockerCli command.Cli, image string) ([]digest.Digest, error
 	}

 	// check local daemon first
-	img, err := daemon.Image(ref)
+	img, err := daemon.Image(ref, daemon.WithClient(dockerCli.Client()))
 	if err != nil {
 		// image doesn't exist in daemon; try remote
 		index, _ := remote.Index(ref, remote.WithAuthFromKeychain(authn.DefaultKeychain))