Running with gitlab-runner 13.8.0 (775dd39d)  on global-shared-gitlab-runner-89dbd4db8-gbfgw 79hzYLUT section_start:1614621056:resolve_secrets Resolving secrets section_end:1614621056:resolve_secrets section_start:1614621056:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runner WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom Using Kubernetes executor with image ${GITLAB_INTERNAL_REGISTRY}/ironbank-tools/ironbank-pipeline/ib-pipeline-image:0.1 ... section_end:1614621056:prepare_executor section_start:1614621056:prepare_script Preparing environment Waiting for pod gitlab-runner/runner-79hzylut-project-181-concurrent-0s4kkm to be running, status is Pending Running on runner-79hzylut-project-181-concurrent-0s4kkm via global-shared-gitlab-runner-89dbd4db8-gbfgw... section_end:1614621060:prepare_script section_start:1614621060:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/dsop/atlassian/confluence-data-center/confluence-node/.git/ Created fresh repository. Checking out 9a28be2e as hardening_manifest... Skipping Git submodules setup section_end:1614621060:get_sources section_start:1614621060:download_artifacts Downloading artifacts Downloading artifacts for hardening_manifest (2241131)... Downloading artifacts from coordinator... ok  id=2241131 responseStatus=200 OK token=gtJW1XxF Downloading artifacts for load scripts (2241128)... Downloading artifacts from coordinator... ok  id=2241128 responseStatus=200 OK token=Tbt5smZW section_end:1614621060:download_artifacts section_start:1614621060:step_script Executing "step_script" stage of the job script $ if [[ "${CI_COMMIT_BRANCH}" == "master" || "${CI_COMMIT_BRANCH}" == "development" ]] && [[ "${CI_COMMIT_REF_PROTECTED}" != true ]]; then # collapsed multi-line command $ PROJ_PATH=$(echo "${CI_PROJECT_PATH}" | sed -e 's/.*dsop\/\(.*\)/\1/') $ export PROJ_PATH $ pip3 install jsonschema Collecting jsonschema Downloading jsonschema-3.2.0-py2.py3-none-any.whl (56 kB) Collecting attrs>=17.4.0 Downloading attrs-20.3.0-py2.py3-none-any.whl (49 kB) Collecting pyrsistent>=0.14.0 Downloading pyrsistent-0.17.3.tar.gz (106 kB) Requirement already satisfied: setuptools in /opt/app-root/lib/python3.6/site-packages (from jsonschema) (39.2.0) Requirement already satisfied: six>=1.11.0 in /opt/app-root/lib/python3.6/site-packages (from jsonschema) (1.15.0) Collecting importlib-metadata; python_version < "3.8" Downloading importlib_metadata-3.7.0-py3-none-any.whl (11 kB) Collecting zipp>=0.5 Downloading zipp-3.4.0-py3-none-any.whl (5.2 kB) Collecting typing-extensions>=3.6.4; python_version < "3.8" Downloading typing_extensions-3.7.4.3-py3-none-any.whl (22 kB) Building wheels for collected packages: pyrsistent Building wheel for pyrsistent (setup.py): started Building wheel for pyrsistent (setup.py): finished with status 'done' Created wheel for pyrsistent: filename=pyrsistent-0.17.3-cp36-cp36m-linux_x86_64.whl size=55876 sha256=a8d9d5874427f5ae2312be6cfc7bb75fac486400f4e9cdf8b4e4de4592cf4a7b Stored in directory: /tmp/pip-ephem-wheel-cache-6leovxz8/wheels/34/13/19/294da8e11bce7e563afee51251b9fa878185e14f4b5caf00cb Successfully built pyrsistent Installing collected packages: attrs, pyrsistent, zipp, typing-extensions, importlib-metadata, jsonschema Successfully installed attrs-20.3.0 importlib-metadata-3.7.0 jsonschema-3.2.0 pyrsistent-0.17.3 typing-extensions-3.7.4.3 zipp-3.4.0 $ mkdir -p "${ARTIFACT_DIR}" $ set +e WARNING: You are using pip version 20.2.4; however, version 21.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.6 -m pip install --upgrade pip' command. $ python3 "${PIPELINE_REPO_DIR}/stages/check-cves/pipeline_wl_compare.py" --lint INFO: Log level set to info INFO: Grabbing CVEs for: atlassian/confluence-data-center/confluence-node INFO: atlassian/confluence-data-center/confluence-node INFO: atlassian/confluence-data-center/confluence-node INFO: Running query to vat api INFO: Fetched data from vat successfully INFO: Validating the VAT response against schema INFO: Log level set to info INFO: Loaded definitions from ci-artifacts/[MASKED]/stages/check-cves/../../schema/vat_findings.swagger.yaml INFO: Defined base schema off of the Container model INFO: CONTAINER APPROVAL STATUS INFO: Pending INFO: CONTAINER APPROVAL TEXT INFO: Approved with conditions for 30 days: mitigation is NOT sufficient. Dependencies must be updated for any finding that is high or critical. We cannot know how bad actor will use some of these findings with additional potential 0 day. Company must patch its dependencies. WARNING: IMAGE_APPROVAL_STATUS=notapproved INFO: Grabbing CVEs for: redhat/openjdk/openjdk11 INFO: Grabbing CVEs for: redhat/ubi/ubi8 INFO: Artifact Directory: ci-artifacts/lint INFO: 0 section_end:1614621064:step_script section_start:1614621064:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... ci-artifacts/lint/: found 4 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2241132 responseStatus=201 Created token=hxdCTdsW Uploading artifacts... variables.env: found 1 matching files and directories Uploading artifacts as "dotenv" to coordinator... ok id=2241132 responseStatus=201 Created token=hxdCTdsW section_end:1614621065:upload_artifacts_on_success section_start:1614621065:cleanup_file_variables Cleaning up file based variables section_end:1614621065:cleanup_file_variables Job succeeded