Lack of information on reports for images with no vulnerabilities found

[pauloeliasjr]

Hi,

I'm using clairctl to create reports from the Clair image analysis, also performed using clairctl. The report issued for a compromised image is information-rich, showing the number of vulnerabilities found and describing each one of it. However, reposrts issued for "clean images" does not show information like "no vulnerabilities found".

Bad Report:

Good Report:

I'm missing the "Total: 0 Vulnerabilities: 0" on the bad report.
Is this expected or am I doing something wrong?

PS: Using 2.0.1

Thanks!
Paulo

[tieyi0404]

Clair need to sync the security data from the NVD and parse those meta data save into postgres DB.
If you postgres DB is null. the report will show "no vulnerabilities found".

[pauloeliasjr]

Hi @tieyi0404

I don't think this is the problem. I use the same database to perform analysis on other images. My point here is not the lack of vulnerabilities OR the scanning quallity, but the absense of "Total: 0 Vulnerabilities" text on the report for a scanned image with no issues.

The lack of this piece of information make report interpretation unclear as I'm able to see only image SHA and the repository/image name.

This is what I'm expecting:

Thanks!
Paulo

[srikanthgali87]

I Am also having same issue. any updates?