From 8fdbf227ad72a6acad06e92416a01e48c2475bee Mon Sep 17 00:00:00 2001
From: crozzy <joseph.crosland@gmail.com>
Date: Fri, 15 Nov 2024 14:39:08 -0800
Subject: [PATCH] clair: only run clair-action once and convert output

By adding the convert command to the clair-action cli the clair-scan
task can take advantage and only call the expensive reporting command
once.

Signed-off-by: crozzy <joseph.crosland@gmail.com>
---
 task/clair-scan/0.2/clair-scan.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/task/clair-scan/0.2/clair-scan.yaml b/task/clair-scan/0.2/clair-scan.yaml
index 9ce0299396..aebd879388 100644
--- a/task/clair-scan/0.2/clair-scan.yaml
+++ b/task/clair-scan/0.2/clair-scan.yaml
@@ -111,8 +111,8 @@ spec:
         # we require in the policy rules, so we resort to running clair-action
         # twice to produce both quay and clair formatted output
         clair_report() {
-          { clair-action report --image-ref="$1" --db-path=/tmp/matcher.db --format=quay | tee "clair-result-$2.json"; } && \
-          { clair-action report --image-ref="$1" --db-path=/tmp/matcher.db --format=clair > "clair-report-$2.json"; }
+          { clair-action report --image-ref="$1" --db-path=/tmp/matcher.db --format=clair > "clair-report-$2.json"; } && \
+          { clair-action convert --file-path="clair-report-$2.json" --format=quay | tee "clair-result-$2.json"; }
         }
 
         for sha_file in image-manifest-*.sha; do