Running with gitlab-runner 13.2.0 (353dd94e)  on global-shared-gitlab-runner-8dd6b4777-87gcx dPJcxnQf section_start:1601420254:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runner Using Kubernetes executor with image ${GITLAB_INTERNAL_REGISTRY}/ironbank-tools/ironbank-pipeline/jenkins-oscap-agent:1.1 ... section_end:1601420254:prepare_executor section_start:1601420254:prepare_script Preparing environment Waiting for pod gitlab-runner/runner-dpjcxnqf-project-701-concurrent-3p6pq7 to be running, status is Pending Running on runner-dpjcxnqf-project-701-concurrent-3p6pq7 via global-shared-gitlab-runner-8dd6b4777-87gcx... section_end:1601420257:prepare_script section_start:1601420257:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/dsop/coder-enterprise/coder-enterprise/timescale/.git/ Created fresh repository. Checking out 0ebbd133 as development... Skipping Git submodules setup section_end:1601420257:get_sources section_start:1601420257:download_artifacts Downloading artifacts Downloading artifacts for build (340711)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340711 responseStatus=200 OK token=oRfc9vPo Downloading artifacts for load scripts (340705)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340705 responseStatus=200 OK token=N1hQkL92 section_end:1601420262:download_artifacts section_start:1601420262:step_script Executing "step_script" stage of the job script $ mkdir -p "${ANCHORE_SCANS}" $ pip3 install --user --upgrade anchorecli WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead. The directory '/home/jenkins/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. The directory '/home/jenkins/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag. Collecting anchorecli Downloading https://files.pythonhosted.org/packages/00/88/17e411c3f632eac8af2a0ea18834525c97fa8ef7fe80151d98c11da5f721/anchorecli-0.8.1.tar.gz Collecting Click==7.0 (from anchorecli) Downloading https://files.pythonhosted.org/packages/fa/37/45185cb5abbc30d7257104c434fe0b07e5a195a6847506c074527aa599ec/Click-7.0-py2.py3-none-any.whl (81kB) Collecting prettytable==0.7.2 (from anchorecli) Downloading https://files.pythonhosted.org/packages/ef/30/4b0746848746ed5941f052479e7c23d2b56d174b82f4fd34a25e389831f5/prettytable-0.7.2.tar.bz2 Requirement already up-to-date: python-dateutil==2.8.1 in /usr/local/lib/python3.6/site-packages (from anchorecli) Collecting PyYAML==5.3.1 (from anchorecli) Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB) Requirement already up-to-date: requests==2.23.0 in /usr/local/lib/python3.6/site-packages (from anchorecli) Requirement already up-to-date: six==1.14.0 in /usr/local/lib/python3.6/site-packages (from anchorecli) Requirement already up-to-date: urllib3==1.25.8 in /usr/local/lib/python3.6/site-packages (from anchorecli) Collecting idna<3,>=2.5 (from requests==2.23.0->anchorecli) Downloading https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl (58kB) Requirement already up-to-date: chardet<4,>=3.0.2 in /usr/local/lib/python3.6/site-packages (from requests==2.23.0->anchorecli) Collecting certifi>=2017.4.17 (from requests==2.23.0->anchorecli) Downloading https://files.pythonhosted.org/packages/5e/c4/6c4fe722df5343c33226f0b4e0bb042e4dc13483228b4718baf286f86d87/certifi-2020.6.20-py2.py3-none-any.whl (156kB) Installing collected packages: Click, prettytable, PyYAML, anchorecli, idna, certifi Running setup.py install for prettytable: started Running setup.py install for prettytable: finished with status 'done' Running setup.py install for PyYAML: started Running setup.py install for PyYAML: finished with status 'done' Running setup.py install for anchorecli: started Running setup.py install for anchorecli: finished with status 'done' Successfully installed Click-7.0 PyYAML-5.3.1 anchorecli-0.8.1 certifi-2020.6.20 idna-2.10 prettytable-0.7.2 $ export ANCHORE_CLI_PATH=$(python3 -m site --user-base)/bin $ export ANCHORE_CLI_URL=${anchore_server_address} $ export ANCHORE_CLI_USER=${anchore_username} $ export ANCHORE_CLI_PASS=${anchore_password} $ export ANCHORE_DEBUG=${anchore_debug} $ export ANCHORE_SCAN_DIRECTORY=${ANCHORE_SCANS} $ export IMAGE_NAME="${REGISTRY1_URL}/ironbank-staging/${IM_NAME}:${IMG_VERSION}-${CI_PIPELINE_ID}" $ export IMAGE_ID=${IMAGE_ID} $ ${ANCHORE_CLI_PATH}/anchore-cli image add ${IMAGE_NAME} Image Digest: sha256:55045e9180beef0976a0f8ca4c6fb5031604a81deb74464b2f0d0618304d489c Parent Digest: sha256:55045e9180beef0976a0f8ca4c6fb5031604a81deb74464b2f0d0618304d489c Analysis Status: not_analyzed Image Type: docker Analyzed At: None Image ID: 43c3c64e138035c2a60252ec1aebaa26ab4c5780d3be5b52d165554f78f9b016 Dockerfile Mode: None Distro: None Distro Version: None Size: None Architecture: None Layer Count: None Full Tag: [MASKED]/coder-enterprise/coder-enterprise/timescale:1.11.0-44875 Tag Detected At: 2020-09-29T22:57:47Z $ ${ANCHORE_CLI_PATH}/anchore-cli image wait --timeout ${anchore_timeout} ${IMAGE_NAME} Status: not_analyzed Waiting 5.0 seconds for next retry. Total timeout remaining: 2399 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2393 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2388 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2382 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2377 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2371 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2366 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2360 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2355 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2349 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2344 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2338 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2333 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2327 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2322 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2316 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2311 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2305 Status: analyzing Waiting 5.0 seconds for next retry. Total timeout remaining: 2300 Image Digest: sha256:55045e9180beef0976a0f8ca4c6fb5031604a81deb74464b2f0d0618304d489c Parent Digest: sha256:55045e9180beef0976a0f8ca4c6fb5031604a81deb74464b2f0d0618304d489c Analysis Status: analyzed Image Type: docker Analyzed At: 2020-09-29T22:59:28Z Image ID: 43c3c64e138035c2a60252ec1aebaa26ab4c5780d3be5b52d165554f78f9b016 Dockerfile Mode: Guessed Distro: rhel Distro Version: 7.8 Size: 345876480 Architecture: amd64 Layer Count: 4 Full Tag: [MASKED]/coder-enterprise/coder-enterprise/timescale:1.11.0-44875 Tag Detected At: 2020-09-29T22:57:47Z $ python3 ${PIPELINE_REPO_DIR}/stages/scanning/anchore_scan.py Getting vulnerability results DEBUG: Fetching [MASKED]images/by_id/43c3c64e138035c2a60252ec1aebaa26ab4c5780d3be5b52d165554f78f9b016/vuln/all DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-222554 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-217762 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-200148 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-137890 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-108369 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-101383 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-101385 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-181184 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Fetching [MASKED]query/vulnerabilities?id=VULNDB-101497 DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Writing to ci-artifacts/scan-results/anchore/anchore_security.json Getting compliance results DEBUG: Fetching [MASKED]images/by_id/43c3c64e138035c2a60252ec1aebaa26ab4c5780d3be5b52d165554f78f9b016/check?tag=[MASKED]/coder-enterprise/coder-enterprise/timescale:1.11.0-44875&detail=true DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Writing to ci-artifacts/scan-results/anchore/anchore_api_gates_full.json DEBUG: Writing to ci-artifacts/scan-results/anchore/anchore_gates.json Getting Anchore version DEBUG: Fetching [MASKED]version DEBUG: Got response from Anchore. Testing if valid json DEBUG: Json is valid DEBUG: Writing to ci-artifacts/scan-results/anchore/anchore-version.txt section_end:1601420378:step_script section_start:1601420378:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... ci-artifacts/scan-results/anchore/: found 5 matching files and directories Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Uploading artifacts as "archive" to coordinator... ok id=340715 responseStatus=201 Created token=v2ixENma section_end:1601420379:upload_artifacts_on_success Job succeeded