Fix reporting for images without CVEs

Signed-off-by: Christian Dupuis <cd@atomist.com>

commands/detect.go

@@ -184,6 +184,9 @@ func renderCommit(image query.Image) string {
 func renderVulnerabilities(image query.Image) string {
 	if len(image.Report) > 0 {
 		report := image.Report[0]
+		if report.Total == -1 {
+			return " no CVE data available "
+		}
 		parts := make([]string, 0)
 		if report.Critical > 0 {
 			parts = append(parts, " C"+strconv.FormatInt(report.Critical, 10))
@@ -201,5 +204,5 @@ func renderVulnerabilities(image query.Image) string {
 			return strings.Join(parts, " ") + " "
 		}
 	}
-	return " no CVE data available "
+	return ""
 }

query/index.go

@@ -85,6 +85,9 @@ func ForBaseImageInIndex(digest digest.Digest, workspace string, apiKey string)
 			CreatedAt:  ii.CreatedAt,
 			Tags:       manifestList[0].Tags,
 			Repository: *repository,
+			Report: []Report{{
+				Total: -1,
+			}},
 		}
 		return &[]Image{image}, nil
 	}

query/query.go

@@ -36,6 +36,7 @@ type ManifestList struct {
 }
 
 type Report struct {
+	Total       int64 `edn:"vulnerability.report/total"`
 	Critical    int64 `edn:"vulnerability.report/critical"`
 	High        int64 `edn:"vulnerability.report/high"`
 	Medium      int64 `edn:"vulnerability.report/medium"`

registry/registry.go

@@ -48,7 +48,7 @@ func DigestForImage(dockerCli command.Cli, image string) ([]digest.Digest, error
 	}
 
 	// check local daemon first
-	img, err := daemon.Image(ref)
+	img, err := daemon.Image(ref, daemon.WithClient(dockerCli.Client()))
 	if err != nil {
 		// image doesn't exist in daemon; try remote
 		index, _ := remote.Index(ref, remote.WithAuthFromKeychain(authn.DefaultKeychain))