I’m trying to use Clair to find vulnerabilities in containers using Azure DevOps.
I have found this code on GitHub but it doesn’t seem to be working.

name: $(BuildDefinitionName)_$(date:yyyyMMdd)_$(BuildID)$(rev:.r)

resources:
- repo: self

variables:
  image_name: nginx
  image_tag: latest
  clair_db: arminc/clair-db:latest
  clair_scan: arminc/clair-local-scan:v2.1.7_5125fde67edee46cb058a3feee7164af9645e07d

jobs:

- job: ClairScanContainerImage
  displayName: Scan container image by ClairV2

  steps:

  - script: |
      mkdir -p report
      
      # Start the Clair database
      docker run -d --name clair-db $(clair_db)
      
      # Start Clair
      docker run -p 6060:6060 --link clair-db:postgres -d --name clair $(clair_scan)
      
      # Fetch the host IP address
      MY_IP=$(hostname -I | awk '{print $1}')
      
      # Ensure Clair has started
      sleep 30
      
      # Get the Clair container IP
      CLAIR_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' clair)
      
      # Run the Clair scan
      clair-scanner --ip $MY_IP --clair http://$CLAIR_IP:6060 -t High --reportAll=false $(image_name):$(image_tag) | tee ./report/clair-image-scan-report.txt

      # Clean up
      docker stop clair
      docker rm clair
      docker stop clair-db
      docker rm clair-db
      docker image rm $(clair_db)
    displayName: "Image scan by Clair"
    continueOnError: true

  - publish: ./report
    artifact: ImageScans
    displayName: Publish Clair Scan Report
    condition: always()

It produces an artifact but it’s just an empty file because

/home/user/myagent/_work/_temp/5b24bebd-0036-4cc4-8694-41fe82fb4ab5.sh: line 21: clair-scanner: command not found