From fea8b37971daafd439910830cda2c6ac8c45efd9 Mon Sep 17 00:00:00 2001
From: Frank Jogeleit <frank.jogeleit@web.de>
Date: Tue, 18 Mar 2025 13:43:10 +0100
Subject: [PATCH] fix: check if response includes a policy for ivpol (#12433)

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
---
 pkg/controllers/report/utils/scanner.go | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/pkg/controllers/report/utils/scanner.go b/pkg/controllers/report/utils/scanner.go
index 39fad70b80..c5e7cf297e 100644
--- a/pkg/controllers/report/utils/scanner.go
+++ b/pkg/controllers/report/utils/scanner.go
@@ -238,14 +238,15 @@ func (s *scanner) ScanResource(
 				nil,
 			)
 			engineResponse, _, err := engine.HandleMutating(ctx, request)
-			response := engineapi.EngineResponse{
-				Resource: resource,
-				PolicyResponse: engineapi.PolicyResponse{
-					// TODO: policies at index 0
-					Rules: []engineapi.RuleResponse{engineResponse.Policies[0].Result},
-				},
-			}.WithPolicy(vpols[i])
-			results[&vpols[i]] = ScanResult{&response, err}
+			if len(engineResponse.Policies) > 1 {
+				response := engineapi.EngineResponse{
+					Resource: resource,
+					PolicyResponse: engineapi.PolicyResponse{
+						Rules: []engineapi.RuleResponse{engineResponse.Policies[0].Result},
+					},
+				}.WithPolicy(vpols[i])
+				results[&vpols[i]] = ScanResult{&response, err}
+			}
 		}
 	}
 	// evaluate validating admission policies