diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 24070b43958d778167fee52cb866f05ab6a2433e..e4250454abe39621258bc6649c975d6fbeccf6e8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,11 +12,15 @@ vulnerability-scan:
   stage: "test"
   script:
     - "ci-tools/vulnerability-scan security-report.json"
+    - "ci-tools/vulnix-to-clair <security-report.json >clair-security-report.json"
   artifacts:
+    reports:
+      container_scanning: "clair-security-report.json"
     paths:
       - "security-report.json"
     expose_as: "security report"
 
+
 system-tests:
   stage: "test"
   timeout: "3 hours"
diff --git a/ci-tools/vulnix-to-clair b/ci-tools/vulnix-to-clair
new file mode 100755
index 0000000000000000000000000000000000000000..1ee6b8e3f1530c7310be400a5136a3ccf32e2871
--- /dev/null
+++ b/ci-tools/vulnix-to-clair
@@ -0,0 +1,97 @@
+#!/usr/bin/env python3
+
+# Input is like:
+# [
+#  {
+#   "name": "avahi-0.7",
+#   "pname": "avahi",
+#   "version": "0.7",
+#   "derivation": "/nix/store/p06dfxm12cbnzp4v0s28s97qwyirkqcy-avahi-0.7.drv",
+#   "affected_by": [
+#    "CVE-2021-26720"
+#   ],
+#   "whitelisted": [],
+#   "cvssv3_basescore": {
+#    "CVE-2021-26720": 7.8
+#   }
+#  },
+# ]
+#
+# Output is like:
+#
+# {
+#     "image": "image",
+#     "vulnerabilities": [
+#         {
+#             "featurename": "apt",
+#             "featureversion": "1.4.8",
+#             "vulnerability": "CVE-2019-3462",
+#             "namespace": "debian:9",
+#             "description": "TEST",
+#             "link": "https://security-tracker.debian.org/tracker/CVE-2019-3462",
+#             "severity": "Critical",
+#             "fixedby": "1.4.9"
+#         },
+#         {
+#             "featurename": "libxslt",
+#             "featureversion": "1.1.29-2.1",
+#             "vulnerability": "CVE-2017-16997",
+#             "namespace": "debian:9",
+#             "description": "TEST",
+#             "link": "https://security-tracker.debian.org/tracker/CVE-2017-16997",
+#             "severity": "Critical",
+#             "fixedby": "2.24-11+deb9u4"
+#         }
+#     ]
+# }
+
+from json import load, dump
+from sys import stdin, stdout
+
+def main():
+    report = load(stdin)
+    dump(clair_format(report), stdout)
+
+def clair_format(vulnerabilities):
+    return {
+        "image": "<none>",
+        "vulnerabilities": list(
+            clair_vulnerability(vulnix_vulnerability, affected_by)
+            for vulnix_vulnerability
+            in vulnerabilities
+            for affected_by
+            in vulnix_vulnerability["affected_by"]
+        ),
+    }
+
+def clair_vulnerability(vulnix_vuln, affected_by):
+    basescore = vulnix_vuln["cvssv3_basescore"][affected_by]
+    adjusted = int(round(basescore))
+    return {
+        "featurename": vulnix_vuln["pname"],
+        "featureversion": vulnix_vuln["version"],
+        "vulnerability": affected_by,
+        "namespace": vulnix_vuln["derivation"],
+        "description": "",
+        "link": "https://nvd.nist.gov/vuln/detail/{}".format(affected_by),
+        "severity": SEVERITIES[adjusted],
+        "fixedby": "",
+    }
+
+# Approximations only
+SEVERITIES = [
+    "Low",
+    "Low",
+    "Low",
+    "Low",
+    "Medium",
+    "Medium",
+    "High",
+    "High",
+    "High",
+    "Critical",
+    "Critical"
+]
+
+if __name__ == '__main__':
+    main()