From b1ef884c82dca8b9764fb7156707d90e04467fee Mon Sep 17 00:00:00 2001
From: Frank Jogeleit <frank.jogeleit@web.de>
Date: Tue, 18 Mar 2025 19:20:41 +0100
Subject: [PATCH] fix: engine response for ivpol background scanning (#12436)

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
---
 pkg/controllers/report/utils/scanner.go | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/pkg/controllers/report/utils/scanner.go b/pkg/controllers/report/utils/scanner.go
index a25c7d6ef1..e95931d7be 100644
--- a/pkg/controllers/report/utils/scanner.go
+++ b/pkg/controllers/report/utils/scanner.go
@@ -238,15 +238,16 @@ func (s *scanner) ScanResource(
 				nil,
 			)
 			engineResponse, _, err := engine.HandleMutating(ctx, request)
-			if len(engineResponse.Policies) > 1 {
-				response := engineapi.EngineResponse{
-					Resource: resource,
-					PolicyResponse: engineapi.PolicyResponse{
-						Rules: []engineapi.RuleResponse{engineResponse.Policies[0].Result},
-					},
-				}.WithPolicy(ivpols[i])
-				results[&ivpols[i]] = ScanResult{&response, err}
+			response := engineapi.EngineResponse{
+				Resource:       resource,
+				PolicyResponse: engineapi.PolicyResponse{},
+			}.WithPolicy(ivpols[i])
+
+			if len(engineResponse.Policies) >= 1 {
+				response.PolicyResponse.Rules = []engineapi.RuleResponse{engineResponse.Policies[0].Result}
 			}
+
+			results[&ivpols[i]] = ScanResult{&response, err}
 		}
 	}
 	// evaluate validating admission policies