diff --git a/Makefile b/Makefile
index 2ee4469b2..7966618cc 100644
--- a/Makefile
+++ b/Makefile
@@ -106,7 +106,7 @@ CLAIRDBVERSION=$(VERSIONTAG)
 MIGRATORVERSION=$(VERSIONTAG)
 REDISVERSION=$(VERSIONTAG)
 NOTARYMIGRATEVERSION=v3.5.4
-CLAIRADAPTERVERSION=c7db8b15
+CLAIRADAPTERVERSION=v1.0.0
 
 # version of chartmuseum
 CHARTMUSEUMVERSION=v0.9.0
@@ -308,8 +308,8 @@ prepare: update_prepare_version
 	@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
 
 build:
-	make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) \
-	 -e REGISTRYVERSION=$(REGISTRYVERSION) -e NGINXVERSION=$(NGINXVERSION) -e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \
+	make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) -e GOBUILDIMAGE=$(GOBUILDIMAGE) \
+	 -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) -e NGINXVERSION=$(NGINXVERSION) -e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \
 	 -e CLAIRVERSION=$(CLAIRVERSION) -e CLAIRADAPTERVERSION=$(CLAIRADAPTERVERSION) -e CLAIRDBVERSION=$(CLAIRDBVERSION) -e VERSIONTAG=$(VERSIONTAG) \
 	 -e BUILDBIN=$(BUILDBIN) -e REDISVERSION=$(REDISVERSION) -e MIGRATORVERSION=$(MIGRATORVERSION) \
 	 -e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \
diff --git a/make/photon/Makefile b/make/photon/Makefile
index 4deb9b647..73be3c706 100644
--- a/make/photon/Makefile
+++ b/make/photon/Makefile
@@ -146,9 +146,14 @@ _build_clair:
 	fi
 
 _build_clair_adapter:
-	# TODO: add support to fetch clair adapter binary from google storage ranther than build from source
 	@if [ "$(CLAIRFLAG)" = "true" ] ; then \
-		cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder $(CLAIRADAPTERVERSION) && cd - ; \
+		if [ "$(BUILDBIN)" != "true" ] ; then \
+			rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && \
+			$(call _extract_archive, https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz, $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \
+			mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \
+		else \
+			cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder $(CLAIRADAPTERVERSION) && cd - ; \
+		fi ; \
 		echo "building clair adapter container for photon..." ; \
 		$(DOCKERBUILD) -f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) -t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(CLAIRADAPTERVERSION)-$(VERSIONTAG) . ; \
 		rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary; \
@@ -219,6 +224,10 @@ _build_migrator:
 		echo "Done."; \
 	fi
 
+define _extract_archive
+	$(WGET) --timeout 30 --no-check-certificate -O- $1 | tar xvz -C $2
+endef
+
 define _get_binary
 	$(WGET) --timeout 30 --no-check-certificate $1 -O $2
 endef
diff --git a/make/photon/clair-adapter/Dockerfile b/make/photon/clair-adapter/Dockerfile
index 1b21ec70d..c3f1a1ded 100644
--- a/make/photon/clair-adapter/Dockerfile
+++ b/make/photon/clair-adapter/Dockerfile
@@ -13,7 +13,7 @@ RUN chown -R 10000:10000 /clair-adapter \
 
 EXPOSE 8080
 
-HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:8080/healthy || exit 1
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:8080/probe/healthy || exit 1
 
 USER clair-adapter
 
diff --git a/make/photon/clair-adapter/builder b/make/photon/clair-adapter/builder
index 82473d855..50acd7c3b 100755
--- a/make/photon/clair-adapter/builder
+++ b/make/photon/clair-adapter/builder
@@ -20,7 +20,7 @@ cur=$PWD
 
 # the temp folder to store distribution source code...
 TEMP=`mktemp -d ${TMPDIR-/tmp}/clair-adapter.XXXXXX`
-git clone https://github.com/danielpacak/harbor-scanner-clair.git $TEMP
+git clone https://github.com/goharbor/harbor-scanner-clair.git $TEMP
 cd $TEMP; git checkout $VERSION; cd -
 
 echo 'build the clair adapter binary bases on the golang:1.12.12'
diff --git a/make/photon/prepare/utils/docker_compose.py b/make/photon/prepare/utils/docker_compose.py
index 05a8f507f..7716b7e39 100644
--- a/make/photon/prepare/utils/docker_compose.py
+++ b/make/photon/prepare/utils/docker_compose.py
@@ -14,7 +14,7 @@ def prepare_docker_compose(configs, with_clair, with_notary, with_chartmuseum):
     REGISTRY_VERSION = versions.get('REGISTRY_VERSION') or 'v2.7.1-patch-2819-2553'
     NOTARY_VERSION = versions.get('NOTARY_VERSION') or 'v0.6.1'
     CLAIR_VERSION = versions.get('CLAIR_VERSION') or 'v2.0.9'
-    CLAIR_ADAPTER_VERSION = versions.get('CLAIR_ADAPTER_VERSION') or ''
+    CLAIR_ADAPTER_VERSION = versions.get('CLAIR_ADAPTER_VERSION') or 'v1.0.0'
     CHARTMUSEUM_VERSION = versions.get('CHARTMUSEUM_VERSION') or 'v0.9.0'
 
     rendering_variables = {
diff --git a/make/photon/registry/builder b/make/photon/registry/builder
index eaacc1ba2..2a0333875 100755
--- a/make/photon/registry/builder
+++ b/make/photon/registry/builder
@@ -19,7 +19,7 @@ cd `dirname $0`
 cur=$PWD
 
 # the temp folder to store distribution source code...
-TEMP=`mktemp -d /$TMPDIR/distribution.XXXXXX`
+TEMP=`mktemp -d ${TMPDIR-/tmp}/distribution.XXXXXX`
 git clone -b $VERSION https://github.com/docker/distribution.git $TEMP
 
 # add patch 2879
@@ -35,7 +35,7 @@ docker build -f $TEMP/Dockerfile.binary -t registry-golang $TEMP
 
 echo 'copy the registry binary to local...'
 ID=$(docker create registry-golang)
-docker cp $ID:/go/src/github.com/docker/distribution/bin binary
+docker cp $ID:/go/src/github.com/docker/distribution/bin/registry binary/registry
 
 docker rm -f $ID
 docker rmi -f registry-golang
diff --git a/src/core/main.go b/src/core/main.go
index 244fe0c29..2d32c2d57 100755
--- a/src/core/main.go
+++ b/src/core/main.go
@@ -219,11 +219,12 @@ func main() {
 
 		// TODO: change to be internal adapter
 		reg := &scanner.Registration{
-			Name:        "Clair",
-			Description: "The clair scanner adapter",
-			URL:         config.ClairAdapterEndpoint(),
-			Disabled:    false,
-			IsDefault:   true,
+			Name:            "Clair",
+			Description:     "The clair scanner adapter",
+			URL:             config.ClairAdapterEndpoint(),
+			IsDefault:       true,
+			UseInternalAddr: true,
+			Immutable:       true,
 		}
 
 		if err := scan.EnsureScanner(reg); err != nil {
diff --git a/src/pkg/scan/api/scan/base_controller.go b/src/pkg/scan/api/scan/base_controller.go
index 96271521f..e33f2b54d 100644
--- a/src/pkg/scan/api/scan/base_controller.go
+++ b/src/pkg/scan/api/scan/base_controller.go
@@ -378,7 +378,7 @@ func (bc *basicController) makeBasicAuthorization(pid int64, repository string,
 	resource := rbac.NewProjectNamespace(pid).Resource(rbac.ResourceRepository)
 	access := []*rbac.Policy{{
 		Resource: resource,
-		Action:   rbac.ActionPull,
+		Action:   rbac.ActionScannerPull,
 	}}
 
 	robotReq := &model.RobotCreate{
@@ -481,7 +481,7 @@ func makeBearerAuthorization(repository string, username string) (string, error)
 		{
 			Type:    "repository",
 			Name:    repository,
-			Actions: []string{"pull"},
+			Actions: []string{rbac.ActionPull.String(), rbac.ActionScannerPull.String()},
 		},
 	}
 
diff --git a/src/pkg/scan/api/scan/base_controller_test.go b/src/pkg/scan/api/scan/base_controller_test.go
index c256c4b23..acd901f39 100644
--- a/src/pkg/scan/api/scan/base_controller_test.go
+++ b/src/pkg/scan/api/scan/base_controller_test.go
@@ -161,7 +161,7 @@ func (suite *ControllerTestSuite) SetupSuite() {
 	resource := fmt.Sprintf("/project/%d/repository", suite.artifact.NamespaceID)
 	access := []*rbac.Policy{{
 		Resource: rbac.Resource(resource),
-		Action:   "pull",
+		Action:   rbac.ActionScannerPull,
 	}}
 
 	rname := "the-uuid-123"
diff --git a/tests/hostcfg.sh b/tests/hostcfg.sh
index ac8bc8966..35ac78131 100755
--- a/tests/hostcfg.sh
+++ b/tests/hostcfg.sh
@@ -7,7 +7,3 @@ sudo sed "s/reg.mydomain.com/$IP/" -i make/harbor.yml
 echo "https:" >> make/harbor.yml
 echo "  certificate: /data/cert/server.crt" >> make/harbor.yml
 echo "  private_key: /data/cert/server.key" >> make/harbor.yml
-
-# TODO: remove it when scanner adapter support internal access of harbor
-echo "storage_service:" >> make/harbor.yml
-echo "  ca_bundle: /data/cert/server.crt" >> make/harbor.yml