Undisplay the number of CVEs at the end of 'scan --package-list-only'

report/cve_client.go

@@ -147,7 +147,7 @@ func (api cvedictClient) FetchCveDetailsFromCveDB(cveIDs []string) (cveDetails [
 		return []*cve.CveDetail{}, fmt.Errorf("Failed to New DB. err: %s", err)
 	}
 
-	util.Log.Infof("Opening DB (%s).", driver.Name())
+	util.Log.Debugf("Opening DB (%s).", driver.Name())
 	if err := driver.OpenDB(
 		cveconfig.Conf.DBType,
 		cveconfig.Conf.DBPath,
@@ -281,7 +281,7 @@ func (api cvedictClient) FetchCveDetailsByCpeNameFromDB(cpeName string) (cveDeta
 		return []*cve.CveDetail{}, fmt.Errorf("Failed to New DB. err: %s", err)
 	}
 
-	log.Infof("Opening DB (%s).", driver.Name())
+	util.Log.Debugf("Opening DB (%s).", driver.Name())
 	if err = driver.OpenDB(
 		cveconfig.Conf.DBType,
 		cveconfig.Conf.DBPath,

report/report.go

@@ -173,7 +173,7 @@ func fillWithOval(r *models.ScanResult) (err error) {
 		return err
 	}
 	if !ok {
-		util.Log.Warnf("OVAL is emtpy: %s-%s. It's recommended to use OVAL to improve scanning accuracy. To fetch OVAL database, see https://github.com/kotakanbe/goval-dictionary#usage", r.Family, r.Release)
+		util.Log.Warnf("OVAL entries of %s-%s are not found. It's recommended to use OVAL to improve scanning accuracy. To fetch OVAL, see https://github.com/kotakanbe/goval-dictionary#usage , Then report with --ovaldb-path or --ovaldb-url flag", r.Family, r.Release)
 		return nil
 	}
 

report/util.go

@@ -43,10 +43,16 @@ func formatScanSummary(rs ...models.ScanResult) string {
 	for _, r := range rs {
 		var cols []interface{}
 		if len(r.Errors) == 0 {
+			var cves string
+			if config.Conf.PackageListOnly {
+				cves = fmt.Sprintf("- CVEs")
+			} else {
+				cves = fmt.Sprintf("%d CVEs", len(r.ScannedCves))
+			}
 			cols = []interface{}{
 				r.FormatServerName(),
 				fmt.Sprintf("%s%s", r.Family, r.Release),
-				fmt.Sprintf("%d CVEs", len(r.ScannedCves)),
+				cves,
 				r.Packages.FormatUpdatablePacksSummary(),
 			}
 		} else {