UNCLASSIFIED

Skip to content

GitLab

Merge branch 'alfontaine-development-patch-76148' into 'development' 

Update README.md

See merge request !16
16 jobs for development in 17 minutes and 40 seconds (queued for 24 seconds)
1d37b081
1 related merge request: !17 Development
Status Job ID Name Coverage
  .Pre
passed #4744326
load-scripts

00:00:09

 
  Preflight
passed #4744328
folder-structure

00:00:09

passed #4744329
hardening-manifest

00:00:11

passed #4744327
trufflehog

00:00:09

 
  Lint
passed #4744330
wl-compare-lint

00:00:13

 
  Import Artifacts
passed #4744331
import-artifacts

00:00:36

 
  Scan Artifacts
passed #4744332
clamav-scan

00:01:56

 
  Build
passed #4744333
build

00:03:17

 
  Scanning
passed #4744334
anchore-scan

00:09:58

passed #4744335
ironbank-dsop-privileged
openscap-compliance

00:01:35

passed #4744336
twistlock-scan

00:06:47

 
  Csv Output
passed #4744337
csv-output

00:00:50

 
  Check Cves
failed #4744338
allowed to fail
check-cves

00:00:19

 
  Documentation
canceled #4744339
documentation

00:00:06

 
  S3 Publish
canceled #4744340
upload-to-s3

 
  Vat
canceled #4744341
vat

 
Name Stage Failure
failed
check-cves Check Cves 
INFO: Vulnerabilities found in scanning stage: 436
INFO: {Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8840', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-83401-0', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82494-6', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-16135', package='libssh-0.9.4-2.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36182', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82220-5', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='PRISMA-2021-0081', package='org.apache.lucene_lucene-core-8.3.0', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-1950', package='org.apache.tika_tika-core-1.22', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-240577', package='elasticsearch-7.5.2', package_path='/opt/atlassian/bitbucket/elasticsearch/lib/elasticsearch-7.5.2.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20231', package='gnutls-3.6.14-8.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-14195', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35938', package='rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21344', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-28657', package='org.apache.tika_tika-core-1.22', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-35491', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-f3j5-rmmp-3fc5', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-11358', package='jquery-1.6.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-f6vf-pq8c-69m4', package='nimbus-jose-jwt-3.10', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0.jar:nimbus-jose-jwt'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3421', package='rpm-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-24750', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='PRISMA-2021-0055', package='commons-codec_commons-codec-1.10', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21347', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-14893', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-17531', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-17541', package='libjpeg-turbo-1.5.3-10.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-16943', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2012-6708', package='jquery-1.7.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2015-9251', package='jquery-2.2.4', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:jquery'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-24370', package='lua-5.3.4-11.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27223', package='jetty-9.2.26.v20180806', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:websocket-client'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11111', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21342', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-16942', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3572', package='python3-pip-wheel-9.0.3-19.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21343', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-35490', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-14062', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2018-10237', package='guava-20.0', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:guava'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27645', package='glibc-2.28-151.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-ff2w-cq2g-wv5f', package='netty-handler-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/plugins/buckler/netty-handler-4.1.43.Final.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-14892', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-14540', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-5mcr-gq6c-3hq2', package='netty-codec-http-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/transport-netty4/netty-codec-http-4.1.43.Final.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36185', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36189', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-239177', package='crowd-4.1.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11620', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-14892', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-7r82-7xv7-xcpj', package='httpclient-4.4.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-plugins-webresource-rest-4.2.3-bitbucket1.jar:httpclient'), Finding(scan_source='anchore_cve', cve_id='GHSA-5949-rw7g-wx7w', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-10010', package='commonmark-0.15.2', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/commonmark-ext-autolink-0.15.2.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-25648', package='nss-util-3.53.1-17.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21351', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11112', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20232', package='gnutls-3.6.14-8.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-5p34-5m6p-p58g', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23840', package='openssl-1.1.1g-15.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35939', package='rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35938', package='rpm-build-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21345', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='GHSA-58pp-9c76-5625', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3421', package='rpm-build-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-2qrg-x229-3v8q', package='log4j-1.2.17', package_path='/opt/atlassian/bitbucket/tools/atlassian-password/atlassian-password-cli.jar:log4j'), Finding(scan_source='anchore_cve', cve_id='VULNDB-93555', package='commons_codec-1.10', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:commons-codec'), Finding(scan_source='anchore_cve', cve_id='GHSA-9vvp-fxw6-jcxr', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-15945', package='lua-5.3.4-11.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82395-5', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-20838', package='pcre-8.42-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-210400', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_comp', cve_id='3e5fad1c039f3ecfd1dcdc94d2f1f9a0', package=None, package_path=None), Finding(scan_source='anchore_comp', cve_id='463a9a24225c26f7a5bf3f38908e5cb3', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-11023', package='jquery-2.2.4', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:jquery'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-17195', package='com.nimbusds_nimbus-jose-jwt-3.10', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21346', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11023', package='jquery-1.7.1', package_path=None), Finding(scan_source='anchore_comp', cve_id='e7573262736ef52353cde3bae2617782', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8840', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-129952', package='commons_validator-1.4.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/commons-validator-1.4.1.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-9546', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-35490', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-13956', package='org.apache.httpcomponents_httpclient-4.5.10', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-10010', package='commonmark-0.15.2', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/commonmark-ext-image-attributes-0.15.2.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-10010', package='commonmark-0.15.2', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/commonmark-ext-heading-anchor-0.15.2.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-5mg8-w23w-74h3', package='guava-26.0-jre', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/guava-26.0-jre.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-22898', package='curl-7.61.1-18.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-p43x-xfjf-5jhr', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-7021', package='elasticsearch-7.5.2', package_path='/opt/atlassian/bitbucket/elasticsearch/lib/elasticsearch-7.5.2.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-vwqq-5vrc-xw9h', package='log4j-core-2.11.1', package_path='/opt/atlassian/bitbucket/elasticsearch/lib/log4j-core-2.11.1.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-35491', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3445', package='libdnf-0.55.0-7.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-4hrm-m67v-5cxr', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20266', package='rpm-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20266', package='rpm-build-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-q93h-jc49-78gg', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35942', package='glibc-minimal-langpack-2.28-151.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-10086', package='commons-beanutils_commons-beanutils-1.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36186', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-14893', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-33574', package='glibc-minimal-langpack-2.28-151.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-16943', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-gwp4-hfv6-p7hw', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35937', package='rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-106409', package='commons_beanutils-1.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:commons-beanutils'), Finding(scan_source='anchore_cve', cve_id='GHSA-f256-j965-7f32', package='netty-codec-http2-4.1.34.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/micrometer-registry-statsd-1.3.6.jar:netty-codec-http2'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-10219', package='hibernate_validator-6.0.18.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-rest-module-6.0.7.jar:hibernate-validator'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36180', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21348', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-14540', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-16335', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-23841', package='openssl-1.1.1g-15.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-25648', package='nss-3.53.1-17.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8840', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-14893', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21295', package='io.netty_netty-codec-4.1.34.Final', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-14892', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2018-19360', package='jackson-core-2.9.7', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/hazelcast-3.12.9.jar:jackson-core'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-24616', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='PRISMA-2021-0055', package='commons-codec_commons-codec-1.11', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11022', package='jquery-1.7.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36185', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='oscap_comp', cve_id='CCE-82368-2', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36189', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-7chv-rrw6-w6fc', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='GHSA-f6hm-88x3-mfjv', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11113', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-92947', package='commons_codec-1.4', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/less-transformer-plugin-4.0.0.jar:META-INF/lib/commons-codec-1.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-12400', package='org.apache.santuario_xmlsec-2.0.7', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27223', package='jetty-9.2.26.v20180806', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:websocket-api'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-16135', package='libssh-0.9.4-2.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82168-6', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-mm9x-g8pc-w292', package='netty-handler-4.1.34.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/micrometer-registry-statsd-1.3.6.jar:netty-handler'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-17571', package='log4j-1.2.17', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/analytics-client-6.2.1.jar:log4j'), Finding(scan_source='anchore_comp', cve_id='34de21e516c0ca50a96e5386f163f8bf', package=None, package_path=None), Finding(scan_source='anchore_comp', cve_id='320a97c6816565eedf3545833df99dd0', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82472-2', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3200', package='libsolv-0.7.16-2.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36188', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-7014', package='elasticsearch-7.5.2', package_path='/opt/atlassian/bitbucket/elasticsearch/lib/elasticsearch-7.5.2.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-gww7-p5w4-wrfv', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-288c-cq4h-88gq', package='jackson-databind-2.10.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/analytics-client-6.2.1.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-20330', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_comp', cve_id='698044205a9c4a6d48b7937e66a6bf4f', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-11022', package='jquery-2.2.4', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:jquery'), Finding(scan_source='anchore_cve', cve_id='GHSA-ff2w-cq2g-wv5f', package='netty-handler-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/transport-netty4/netty-handler-4.1.43.Final.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-17571', package='log4j_log4j-1.2.17', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-22876', package='libcurl-7.61.1-18.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27223', package='jetty-9.2.26.v20180806', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jetty-io'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-9546', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_comp', cve_id='3456a263793066e9b5063ada6e47917d', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36182', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-35490', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-gjmw-vf9h-g25v', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-7r82-7xv7-xcpj', package='httpclient-4.5.10', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/reindex/httpclient-4.5.10.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-mm9x-g8pc-w292', package='netty-handler-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/plugins/buckler/netty-handler-4.1.43.Final.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3572', package='platform-python-pip-9.0.3-19.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35939', package='python3-rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20095', package='python3-babel-2.5.1-5.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-v528-7hrm-frqp', package='json-smart-2.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-universal-plugin-manager-plugin-4.2.10.jar:json-smart'), Finding(scan_source='anchore_cve', cve_id='GHSA-q93h-jc49-78gg', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='VULNDB-210727', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20266', package='rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-20444', package='io.netty_netty-codec-4.1.34.Final', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-9547', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-13956', package='org.apache.httpcomponents_httpclient-4.4.1', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-20445', package='io.netty_netty-codec-4.1.43.Final', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36179', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-qmqc-x3r4-6v39', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-10001', package='cups-libs-2.2.6-38.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21295', package='io.netty_netty-codec-4.1.43.Final', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-93555', package='commons_codec-1.11', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-plugins-webresource-rest-4.2.3-bitbucket1.jar:commons-codec'), Finding(scan_source='twistlock_cve', cve_id='CVE-2015-9251', package='jquery-1.7.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21349', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21350', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21341', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-33574', package='glibc-common-2.28-151.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36183', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-16335', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-11358', package='jquery-2.2.4', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:jquery'), Finding(scan_source='anchore_cve', cve_id='GHSA-56p8-3fh9-4cvq', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='GHSA-26vr-8j45-3r4w', package='jetty-io-9.2.26.v20180806', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jetty-io'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-14155', package='pcre-8.42-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-fmmc-742q-jg75', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8908', package='com.google.guava_guava-20.0', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27645', package='glibc-minimal-langpack-2.28-151.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-16943', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3580', package='nettle-3.4.1-4.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-85cw-hj65-qqv9', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-10969', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35938', package='rpm-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-c265-37vj-cwcc', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_comp', cve_id='bcd159901fe47efddae5c095b4b0d7fd', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-mx7p-6679-8g3q', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21344', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-2qrg-x229-3v8q', package='log4j-1.2.17', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/analytics-client-6.2.1.jar:log4j'), Finding(scan_source='oscap_comp', cve_id='CCE-82267-6', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-p2v9-g2qv-p635', package='netty-handler-4.1.34.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/micrometer-registry-statsd-1.3.6.jar:netty-handler'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-3445', package='libdnf-0.55.0-7.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-wm47-8v5p-wjpj', package='netty-codec-http2-4.1.34.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/micrometer-registry-statsd-1.3.6.jar:netty-codec-http2'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-29425', package='commons_io-2.6', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:commons-io'), Finding(scan_source='anchore_cve', cve_id='GHSA-5mcr-gq6c-3hq2', package='netty-codec-http-4.1.34.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/micrometer-registry-statsd-1.3.6.jar:netty-codec-http'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-28153', package='glib2-2.56.4-10.el8_4', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21409', package='io.netty_netty-codec-4.1.34.Final', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-28491', package='com.fasterxml.jackson.dataformat_jackson-dataformat-cbor-2.8.10', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-14155', package='pcre-8.42-4.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-9547', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21349', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-cqqj-4p63-rrmm', package='netty-handler-4.1.34.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/micrometer-registry-statsd-1.3.6.jar:netty-handler'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-24616', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35937', package='python3-rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-10010', package='commonmark-0.15.2', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/commonmark-ext-gfm-tables-0.15.2.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-10673', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-33560', package='libgcrypt-1.8.5-4.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-9548', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-20330', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-fqwf-pjwf-7vqv', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-9488', package='log4j-1.2.17', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/analytics-client-6.2.1.jar:log4j'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-22898', package='curl-7.61.1-18.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82474-8', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-qpfq-ph7r-qv6f', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3445', package='python3-libdnf-0.55.0-7.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20190', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_comp', cve_id='639f6f1177735759703e928c14714a59', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-34428', package='org.eclipse.jetty_jetty-io-9.2.26.v20180806', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36186', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-v3xw-c963-f5hc', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-rmrm-75hp-phr2', package='hibernate-validator-6.0.19.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/hibernate-validator-6.0.19.Final.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36188', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21348', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_comp', cve_id='c4ad80832b361f81df2a31e5b6b09864', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-22876', package='curl-7.61.1-18.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-210400', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21351', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-f3j5-rmmp-3fc5', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23841', package='openssl-libs-1.1.1g-15.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11023', package='jquery-1.6.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-cf6r-3wgc-h863', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-rmrm-75hp-phr2', package='hibernate-validator-6.0.18.Final', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-rest-module-6.0.7.jar:hibernate-validator'), Finding(scan_source='anchore_cve', cve_id='GHSA-6fpp-rgj9-8rwc', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-hrcp-8f3q-4w2c', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-3200', package='libsolv-0.7.16-2.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-10672', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21345', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-p2v9-g2qv-p635', package='netty-handler-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/plugins/buckler/netty-handler-4.1.43.Final.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-6phf-73q6-gh87', package='commons-beanutils-1.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:commons-beanutils'), Finding(scan_source='anchore_cve', cve_id='GHSA-hvv8-336g-rx3m', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='GHSA-j823-4qch-3rgm', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-758m-v56v-grj4', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-16869', package='io.netty_netty-codec-4.1.34.Final', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-cmfg-87vq-g5g4', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-mph4-vhrx-mv67', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-cqqj-4p63-rrmm', package='netty-handler-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/plugins/buckler/netty-handler-4.1.43.Final.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-288c-cq4h-88gq', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-5949-rw7g-wx7w', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2018-19361', package='jackson-core-2.9.7', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/hazelcast-3.12.9.jar:jackson-core'), Finding(scan_source='anchore_comp', cve_id='abb121e9621abdd452f65844954cf1c1', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-59jw-jqf4-3wq3', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2016-10707', package='jquery-2.2.4', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:jquery'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-9548', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36179', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21409', package='io.netty_netty-codec-4.1.43.Final', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35939', package='rpm-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-5mg8-w23w-74h3', package='guava-20.0', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:guava'), Finding(scan_source='twistlock_cve', cve_id='CVE-2018-10237', package='com.google.guava_guava-20.0', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-4w82-r329-3q67', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35942', package='glibc-2.28-151.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-h822-r4r5-v8jg', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-33574', package='glibc-2.28-151.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-14060', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35939', package='rpm-build-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-35491', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='PRISMA-2021-0055', package='commons-codec_commons-codec-1.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-hwpc-8xqv-jvj4', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11022', package='jquery-1.6.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-mc6h-4qgp-37qh', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-288c-cq4h-88gq', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-35728', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36184', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2017-18640', package='org.yaml_snakeyaml-1.17', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-24750', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3421', package='rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-c2q3-4qrh-fm48', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36240', package='crowd-4.1.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21347', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='GHSA-p43x-xfjf-5jhr', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-17267', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='oscap_comp', cve_id='CCE-80938-4', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82985-3', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21343', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-7656', package='jquery-1.7.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-rf6r-2c4q-2vwg', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-4w82-r329-3q67', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-28493', package='python3-jinja2-2.10.1-2.el8_0', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-43gc-mjxg-gvrq', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-10010', package='commonmark-0.15.2', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/commonmark-ext-gfm-strikethrough-0.15.2.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-27xj-rqx5-2255', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36187', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23840', package='openssl-libs-1.1.1g-15.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21290', package='io.netty_netty-codec-4.1.34.Final', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36181', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-35491', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-28169', package='org.eclipse.jetty_jetty-io-9.2.26.v20180806', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35942', package='glibc-common-2.28-151.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82880-6', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-gww7-p5w4-wrfv', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-2p3x-qw9c-25hh', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36181', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8840', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-28153', package='glib2-2.56.4-10.el8_4', package_path=None), Finding(scan_source='anchore_comp', cve_id='addbb93c22e9b0988b8b40392a4538cb', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-14893', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-35490', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-17267', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-10172', package='data mapper for jackson json processor_jackson-mapper-asl-1.9.13', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-10969', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-106409', package='commons_validator-1.4.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/commons-validator-1.4.1.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35937', package='rpm-build-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-239177', package='crowd-4.1.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:embedded-crowd-admin'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-21346', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3445', package='python3-hawkey-0.55.0-7.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2017-9735', package='org.eclipse.jetty_jetty-io-9.2.26.v20180806', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-5ww9-j83m-q7qx', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-20444', package='io.netty_netty-codec-4.1.43.Final', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82214-8', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-gwrp-pvrq-jmwv', package='commons-io-2.6', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:commons-io'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21290', package='io.netty_netty-codec-4.1.43.Final', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-11358', package='jquery-1.7.1', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82979-6', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-24032', package='libzstd-1.4.4-1.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-16942', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-10968', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-17541', package='libjpeg-turbo-1.5.3-10.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20231', package='gnutls-3.6.14-8.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2015-9251', package='jquery-1.6.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-gjmw-vf9h-g25v', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-10010', package='commonmark-0.15.2', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/commonmark-0.15.2.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-1951', package='tika-1.22', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/tika-core-1.22.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35937', package='rpm-libs-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3572', package='python3-pip-9.0.3-19.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-mvr2-9pj6-7w5j', package='guava-20.0', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:guava'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-20838', package='pcre-8.42-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-p2v9-g2qv-p635', package='netty-handler-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/transport-netty4/netty-handler-4.1.43.Final.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-33560', package='libgcrypt-1.8.5-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20266', package='rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-9488', package='org.apache.logging.log4j_log4j-api-2.11.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27645', package='glibc-common-2.28-151.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-cqqj-4p63-rrmm', package='netty-handler-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/transport-netty4/netty-handler-4.1.43.Final.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-28491', package='com.fasterxml.jackson.dataformat_jackson-dataformat-cbor-2.8.11', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21342', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3426', package='platform-python-3.6.8-37.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-93555', package='commons_codec-1.11', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/reindex/commons-codec-1.11.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-15094', package='httpclient-4.4.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-plugins-webresource-rest-4.2.3-bitbucket1.jar:httpclient'), Finding(scan_source='oscap_comp', cve_id='CCE-82949-9', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11619', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-7020', package='elasticsearch-7.5.2', package_path='/opt/atlassian/bitbucket/elasticsearch/lib/elasticsearch-7.5.2.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21341', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-v528-7hrm-frqp', package='json-smart-1.3.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0.jar:json-smart'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20232', package='gnutls-3.6.14-8.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27223', package='jetty-9.2.26.v20180806', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:websocket-common'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-16943', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-23840', package='openssl-1.1.1g-15.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-74cv-f58x-f9wf', package='xstream-1.4.15', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/plugin-bitbucket-1.32.7.jar:xstream'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-7019', package='elasticsearch-7.5.2', package_path='/opt/atlassian/bitbucket/elasticsearch/lib/elasticsearch-7.5.2.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-25648', package='nss-softokn-3.53.1-17.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-9488', package='log4j_log4j-1.2.17', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-h4rc-386g-6m85', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-16942', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-rvwf-54qp-4r6v', package='snakeyaml-1.17', package_path='/opt/atlassian/bitbucket/elasticsearch/lib/snakeyaml-1.17.jar'), Finding(scan_source='oscap_comp', cve_id='CCE-80935-0', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-14061', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_comp', cve_id='c2e44319ae5b3b040044d8ae116d1c2f', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-9488', package='log4j-1.2.17', package_path='/opt/atlassian/bitbucket/tools/atlassian-password/atlassian-password-cli.jar:log4j'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-1951', package='org.apache.tika_tika-core-1.22', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-27218', package='glib2-2.56.4-10.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-22898', package='libcurl-7.61.1-18.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-25649', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-7r82-7xv7-xcpj', package='httpclient-4.5.6', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:httpclient'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36183', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-21350', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2016-10750', package='hazelcast-3.0.2', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/atlassian-hazelcast-extras-osgi-3.0.2.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-35938', package='python3-rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-v528-7hrm-frqp', package='json-smart-2.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-authentication-plugin-4.2.1.jar:json-smart'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11612', package='io.netty_netty-codec-4.1.34.Final', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-fqwf-pjwf-7vqv', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3421', package='python3-rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82473-0', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-3421', package='rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-9546', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-17267', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-5mcr-gq6c-3hq2', package='netty-codec-http-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/plugins/buckler/netty-codec-http-4.1.43.Final.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-16135', package='libssh-config-0.9.4-2.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-10969', package='com.fasterxml.jackson.core_jackson-databind-2.8.11.4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-fmmc-742q-jg75', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36184', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27218', package='glib2-2.56.4-10.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-7009', package='elasticsearch-7.5.2', package_path='/opt/atlassian/bitbucket/elasticsearch/lib/elasticsearch-7.5.2.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-5mg8-w23w-74h3', package='guava-26.0-jre', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/guava-26.0-jre.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-22876', package='curl-7.61.1-18.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-13956', package='org.apache.httpcomponents_httpclient-4.5.6', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23841', package='openssl-1.1.1g-15.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-29505', package='com.thoughtworks.xstream_xstream-1.4.15', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-17531', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-93555', package='httpclient-4.5.10', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/reindex/httpclient-4.5.10.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2019-20330', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='oscap_comp', cve_id='CCE-82360-9', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-mm9x-g8pc-w292', package='netty-handler-4.1.43.Final', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/transport-netty4/netty-handler-4.1.43.Final.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27223', package='jetty-9.2.26.v20180806', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jetty-util'), Finding(scan_source='anchore_cve', cve_id='GHSA-cf6r-3wgc-h863', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-24370', package='lua-libs-5.3.4-11.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82959-8', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8908', package='com.google.guava_guava-26.0-jre', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36187', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2018-19362', package='jackson-core-2.9.7', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/hazelcast-3.12.9.jar:jackson-core'), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-20445', package='io.netty_netty-codec-4.1.34.Final', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-1950', package='tika-1.22', package_path='/opt/atlassian/bitbucket/app/WEB-INF/lib/tika-core-1.22.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-95cm-88f5-f2c7', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20266', package='python3-rpm-4.14.3-14.el8_4', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-v528-7hrm-frqp', package='json-smart-2.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/jwt-plugin-3.2.0.jar:json-smart'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-25648', package='nss-3.53.1-17.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-mx7p-6679-8g3q', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-29425', package='commons-io_commons-io-2.6', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-17531', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='GHSA-4q98-wr72-h35w', package='xmlsec-2.0.7', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/atlassian-authentication-plugin-4.2.1.jar:xmlsec'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-36240', package='crowd-4.1.1', package_path='/opt/atlassian/bitbucket/app/WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-4.1.1.jar:embedded-crowd-admin'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-35728', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-25648', package='nss-sysinit-3.53.1-17.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-7656', package='jquery-1.6.1', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-36180', package='com.fasterxml.jackson.core_jackson-databind-2.9.9.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='VULNDB-210727', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='anchore_cve', cve_id='GHSA-85cw-hj65-qqv9', package='jackson-databind-2.9.9.3', package_path='/opt/atlassian/bitbucket/app/WEB-INF/mesh/bitbucket-mesh-app.jar:BOOT-INF/lib/signalfx-java-0.2.0.jar:jackson-databind'), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-25649', package='com.fasterxml.jackson.core_jackson-databind-2.10.3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3426', package='python3-libs-3.6.8-37.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='GHSA-h822-r4r5-v8jg', package='jackson-databind-2.8.11.4', package_path='/opt/atlassian/bitbucket/elasticsearch/modules/ingest-geoip/jackson-databind-2.8.11.4.jar'), Finding(scan_source='anchore_cve', cve_id='CVE-2020-25648', package='nss-softokn-freebl-3.53.1-17.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-11612', package='io.netty_netty-codec-4.1.43.Final', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-17571', package='log4j-1.2.17', package_path='/opt/atlassian/bitbucket/tools/atlassian-password/atlassian-password-cli.jar:log4j'), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-33574', package='glibc-2.28-151.el8', package_path=None)}
ERROR: NON-WHITELISTED VULNERABILITIES FOUND
ERROR: Number of non-whitelisted vulnerabilities: 1
ERROR: The following vulnerabilities are not whitelisted:
ERROR: scan_source                   cve_id                        package                       package_path                  
ERROR: twistlock_cve                 CVE-2021-34428                org.eclipse.jetty_jetty-io-9.2.26.v20180806    None                          
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1

UNCLASSIFIED