Running with gitlab-runner 13.8.0 (775dd39d)  on global-shared-gitlab-runner-89dbd4db8-gbfgw 79hzYLUT section_start:1614614787:resolve_secrets Resolving secrets section_end:1614614787:resolve_secrets section_start:1614614787:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runner WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom Using Kubernetes executor with image ${GITLAB_INTERNAL_REGISTRY}/ironbank-tools/ironbank-pipeline/ib-pipeline-image:0.1 ... section_end:1614614787:prepare_executor section_start:1614614787:prepare_script Preparing environment Waiting for pod gitlab-runner/runner-79hzylut-project-178-concurrent-0hdkc5 to be running, status is Pending Waiting for pod gitlab-runner/runner-79hzylut-project-178-concurrent-0hdkc5 to be running, status is Pending ContainersNotReady: "containers with unready status: [build helper]" ContainersNotReady: "containers with unready status: [build helper]" Running on runner-79hzylut-project-178-concurrent-0hdkc5 via global-shared-gitlab-runner-89dbd4db8-gbfgw... section_end:1614614793:prepare_script section_start:1614614793:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/dsop/atlassian/jira-data-center/jira-node/.git/ Created fresh repository. Checking out ce34299b as 8.5.11... Skipping Git submodules setup section_end:1614614793:get_sources section_start:1614614793:download_artifacts Downloading artifacts Downloading artifacts for hardening_manifest (2240317)... Downloading artifacts from coordinator... ok  id=2240317 responseStatus=200 OK token=ZFSd9R2P Downloading artifacts for load scripts (2240314)... Downloading artifacts from coordinator... ok  id=2240314 responseStatus=200 OK token=U29ejVZ7 section_end:1614614794:download_artifacts section_start:1614614794:step_script Executing "step_script" stage of the job script $ if [[ "${CI_COMMIT_BRANCH}" == "master" || "${CI_COMMIT_BRANCH}" == "development" ]] && [[ "${CI_COMMIT_REF_PROTECTED}" != true ]]; then # collapsed multi-line command $ PROJ_PATH=$(echo "${CI_PROJECT_PATH}" | sed -e 's/.*dsop\/\(.*\)/\1/') $ export PROJ_PATH $ pip3 install jsonschema Collecting jsonschema Downloading jsonschema-3.2.0-py2.py3-none-any.whl (56 kB) Collecting attrs>=17.4.0 Downloading attrs-20.3.0-py2.py3-none-any.whl (49 kB) Collecting pyrsistent>=0.14.0 Downloading pyrsistent-0.17.3.tar.gz (106 kB) Requirement already satisfied: six>=1.11.0 in /opt/app-root/lib/python3.6/site-packages (from jsonschema) (1.15.0) Requirement already satisfied: setuptools in /opt/app-root/lib/python3.6/site-packages (from jsonschema) (39.2.0) Collecting importlib-metadata; python_version < "3.8" Downloading importlib_metadata-3.7.0-py3-none-any.whl (11 kB) Collecting typing-extensions>=3.6.4; python_version < "3.8" Downloading typing_extensions-3.7.4.3-py3-none-any.whl (22 kB) Collecting zipp>=0.5 Downloading zipp-3.4.0-py3-none-any.whl (5.2 kB) Building wheels for collected packages: pyrsistent Building wheel for pyrsistent (setup.py): started Building wheel for pyrsistent (setup.py): finished with status 'done' Created wheel for pyrsistent: filename=pyrsistent-0.17.3-cp36-cp36m-linux_x86_64.whl size=55876 sha256=930485a74c13545aab51237f158857f0657b0582889d4e4d6594fed8bc29c55a Stored in directory: /tmp/pip-ephem-wheel-cache-98vw0fmy/wheels/34/13/19/294da8e11bce7e563afee51251b9fa878185e14f4b5caf00cb Successfully built pyrsistent Installing collected packages: attrs, pyrsistent, typing-extensions, zipp, importlib-metadata, jsonschema Successfully installed attrs-20.3.0 importlib-metadata-3.7.0 jsonschema-3.2.0 pyrsistent-0.17.3 typing-extensions-3.7.4.3 zipp-3.4.0 WARNING: You are using pip version 20.2.4; however, version 21.0.1 is available. You should consider upgrading via the '/opt/app-root/bin/python3.6 -m pip install --upgrade pip' command. $ mkdir -p "${ARTIFACT_DIR}" $ set +e $ python3 "${PIPELINE_REPO_DIR}/stages/check-cves/pipeline_wl_compare.py" --lint INFO: Log level set to info INFO: Grabbing CVEs for: atlassian/jira-data-center/jira-node INFO: atlassian/jira-data-center/jira-node INFO: atlassian/jira-data-center/jira-node INFO: Running query to vat api INFO: Fetched data from vat successfully INFO: Validating the VAT response against schema INFO: Log level set to info INFO: Loaded definitions from ci-artifacts/[MASKED]/stages/check-cves/../../schema/vat_findings.swagger.yaml INFO: Defined base schema off of the Container model INFO: CONTAINER APPROVAL STATUS INFO: Conditionally Approved INFO: CONTAINER APPROVAL TEXT INFO: Approved with conditions for 30 days: mitigation is NOT sufficient. Dependencies must be updated for any finding that is high or critical. We cannot know how bad actor will use some of these findings with additional potential 0 day. Company must patch its dependencies. INFO: Grabbing CVEs for: redhat/openjdk/openjdk11 INFO: Grabbing CVEs for: redhat/ubi/ubi8 INFO: Artifact Directory: ci-artifacts/lint INFO: 0 section_end:1614614798:step_script section_start:1614614798:upload_artifacts_on_success Uploading artifacts for successful job ci-artifacts/lint/: found 4 matching files and directories Uploading artifacts... Uploading artifacts as "archive" to coordinator... ok id=2240318 responseStatus=201 Created token=dXC7WLyw Uploading artifacts... variables.env: found 1 matching files and directories Uploading artifacts as "dotenv" to coordinator... ok id=2240318 responseStatus=201 Created token=dXC7WLyw section_end:1614614800:upload_artifacts_on_success section_start:1614614800:cleanup_file_variables Cleaning up file based variables section_end:1614614800:cleanup_file_variables Job succeeded