Pipeline · Ironbank Containers / Galvanize / galvanize / java-code-evaluator

updating to gradle 6.8.3

15 jobs for upgrade-gradle-base in 13 minutes and 5 seconds (queued for 24 seconds)

Status	Job ID	Name
.Pre
passed	#2847924 ironbank	load scripts	00:00:10 Apr 20, 2021

Preflight
passed	#2847926 ironbank	folder structure	00:00:10 Apr 20, 2021
passed	#2847927 ironbank	hardening_manifest	00:00:23 Apr 20, 2021
passed	#2847925 ironbank	trufflehog	00:00:13 Apr 20, 2021

Lint
passed	#2847928 ironbank	wl compare lint	00:00:19 Apr 20, 2021

Finding Compare
failed	#2847929 ironbank allowed to fail	vat compare	00:00:46 Apr 20, 2021

Import Artifacts
passed	#2847930 ironbank	import artifacts	00:00:16 Apr 20, 2021

Scan Artifacts
passed	#2847931 ironbank	clamav scan	00:01:10 Apr 20, 2021

Build
passed	#2847932 ironbank-isolated	build	00:03:05 Apr 20, 2021

Scanning
passed	#2847933 ironbank	anchore scan	00:03:08 Apr 20, 2021
passed	#2847934 ironbank	openscap compliance	00:01:56 Apr 20, 2021
passed	#2847935 ironbank	openscap cve	00:05:35 Apr 20, 2021
passed	#2847936 ironbank	twistlock scan	00:00:46 Apr 20, 2021

Csv Output
passed	#2847937 ironbank	csv output	00:00:55 Apr 20, 2021

Check Cves
passed	#2847938 ironbank	check cves	00:00:19 Apr 20, 2021

Name Stage Failure

	Name	Stage	Failure
failed	vat compare	Finding Compare
	INFO: ('CVE-2017-18640', 'anchore_cve', 'snakeyaml-1.17\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18640', 'snakeyaml-1.17', '/opt/gradle/gradle-6.7.1/lib/plugins/snakeyaml-1.17.jar') INFO: ('CVE-2020-9546', 'anchore_cve', 'jackson-databind-2.10.2\nGeneric Informational URL: https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9546\nBug Tracker: https://github.com/FasterXML/jackson-databind/issues/2631\nVendor Specific Solution URL: https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2\nOther Advisory URL: https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html\nOther Advisory URL: https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E\nGeneric Informational URL: https://www.us-cert.gov/ncas/bulletins/sb20-069\nOther Advisory URL: https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6174489\nISS X-Force ID: https://exchange.xforce.ibmcloud.com/vulnerabilities/177102\nOther Advisory URL: https://github.com/advisories/GHSA-5p34-5m6p-p58g\nVendor Specific Advisory URL: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-109/index.html\nOther Advisory URL: https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6208043\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2067.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2511.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2515.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2512.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2513.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6221336\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6228078\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2813.html\nOther Advisory URL: https://www.ibm.com/support/pages/node/6243446\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixRAPP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixFMW\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixPVA\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEM\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixIFLX\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixGLM\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixCGBU\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3192.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3196.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3197.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6255694\nVendor Specific Advisory URL: https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6256124\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6324739\nOther Advisory URL: https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E\nVendor Specific News/Changelog Entry: https://security.netapp.com/advisory/ntap-20200904-0006/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3637.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3638.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3639.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3642.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3779.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6347600\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixRAPP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixCGBU\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixIFLX\nOther Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixINSU\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-4366.html\nVendor Specific Advisory URL: https://jira.atlassian.com/browse/JIRAAUTOSERVER-44\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixSCP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixRAPP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixCGBU\nOther Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35875\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6378366\nVendor Specific Advisory URL: https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-109/index.html\nGeneric Informational URL: https://us-cert.cisa.gov/ncas/current-activity/2021/01/21/oracle-releases-january-2021-security-bulletin\nVendor Specific Advisory URL: https://www.dell.com/support/kbdoc/en-us/000183617/dsa-2021-047-dell-supportassist-enterprise-security-update-for-multiple-third-party-component-vulnerabilities\n', 'jackson-databind-2.10.2', '/opt/gradle/gradle-6.7.1/lib/plugins/jackson-databind-2.10.2.jar') INFO: ('VULNDB-164067', 'anchore_cve', 'plexus-cipher-1.7\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=880279\nVendor Specific Solution URL: https://github.com/sonatype/plexus-cipher/commit/6ab0e38df80beed9ab3227ffab938b21dcdf5505\nBug Tracker: https://issues.jboss.org/browse/AAA-15\nVendor Specific Solution URL: https://github.com/codehaus-plexus/plexus-cipher/commit/6ab0e38df80beed9ab3227ffab938b21dcdf5505\n', 'plexus-cipher-1.7', '/opt/gradle/gradle-6.7.1/lib/plugins/plexus-cipher-1.7.jar') Uploading artifacts for failed job Uploading artifacts... ci-artifacts/compare/: found 2 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2847929 responseStatus=201 Created token=8pmWU2Rf Cleaning up file based variables ERROR: Job failed: command terminated with exit code 4

failed

vat compare

Finding Compare

INFO: ('CVE-2017-18640', 'anchore_cve', 'snakeyaml-1.17\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18640', 'snakeyaml-1.17', '/opt/gradle/gradle-6.7.1/lib/plugins/snakeyaml-1.17.jar')
INFO: ('CVE-2020-9546', 'anchore_cve', 'jackson-databind-2.10.2\nGeneric Informational URL: https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9546\nBug Tracker: https://github.com/FasterXML/jackson-databind/issues/2631\nVendor Specific Solution URL: https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2\nOther Advisory URL: https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html\nOther Advisory URL: https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E\nGeneric Informational URL: https://www.us-cert.gov/ncas/bulletins/sb20-069\nOther Advisory URL: https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6174489\nISS X-Force ID: https://exchange.xforce.ibmcloud.com/vulnerabilities/177102\nOther Advisory URL: https://github.com/advisories/GHSA-5p34-5m6p-p58g\nVendor Specific Advisory URL: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-109/index.html\nOther Advisory URL: https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6208043\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2067.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2511.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2515.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2512.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2513.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6221336\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6228078\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2813.html\nOther Advisory URL: https://www.ibm.com/support/pages/node/6243446\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixRAPP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixFMW\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixPVA\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEM\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixIFLX\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixGLM\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixCGBU\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3192.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3196.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3197.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6255694\nVendor Specific Advisory URL: https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6256124\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6324739\nOther Advisory URL: https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E\nVendor Specific News/Changelog Entry: https://security.netapp.com/advisory/ntap-20200904-0006/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3637.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3638.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3639.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3642.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3779.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6347600\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixRAPP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixCGBU\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixIFLX\nOther Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixINSU\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-4366.html\nVendor Specific Advisory URL: https://jira.atlassian.com/browse/JIRAAUTOSERVER-44\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixSCP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixRAPP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixCGBU\nOther Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35875\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6378366\nVendor Specific Advisory URL: https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-109/index.html\nGeneric Informational URL: https://us-cert.cisa.gov/ncas/current-activity/2021/01/21/oracle-releases-january-2021-security-bulletin\nVendor Specific Advisory URL: https://www.dell.com/support/kbdoc/en-us/000183617/dsa-2021-047-dell-supportassist-enterprise-security-update-for-multiple-third-party-component-vulnerabilities\n', 'jackson-databind-2.10.2', '/opt/gradle/gradle-6.7.1/lib/plugins/jackson-databind-2.10.2.jar')
INFO: ('VULNDB-164067', 'anchore_cve', 'plexus-cipher-1.7\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=880279\nVendor Specific Solution URL: https://github.com/sonatype/plexus-cipher/commit/6ab0e38df80beed9ab3227ffab938b21dcdf5505\nBug Tracker: https://issues.jboss.org/browse/AAA-15\nVendor Specific Solution URL: https://github.com/codehaus-plexus/plexus-cipher/commit/6ab0e38df80beed9ab3227ffab938b21dcdf5505\n', 'plexus-cipher-1.7', '/opt/gradle/gradle-6.7.1/lib/plugins/plexus-cipher-1.7.jar')
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2847929 responseStatus=201 Created token=8pmWU2Rf
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4