UNCLASSIFIED

Skip to content

GitLab

Merge branch 'upgrade-gradle-base' into 'development' 

Upgrade gradle base image.

See merge request !4
20 jobs for development in 13 minutes (queued for 13 minutes and 34 seconds)
395fcc42
1 related merge request: !5 Development
Status Job ID Name Coverage
  .Pre
passed #2848650
ironbank
load scripts

00:00:07

 
  Preflight
passed #2848652
ironbank
folder structure

00:00:08

passed #2848653
ironbank
hardening_manifest

00:00:12

passed #2848651
ironbank
trufflehog

00:00:09

 
  Lint
passed #2848654
ironbank
wl compare lint

00:00:11

 
  Finding Compare
failed #2848655
ironbank allowed to fail
vat compare

00:00:08

 
  Import Artifacts
passed #2848656
ironbank
import artifacts

00:00:09

 
  Scan Artifacts
passed #2848657
ironbank
clamav scan

00:00:50

 
  Build
passed #2848658
ironbank-isolated
build

00:02:52

 
  Scanning
passed #2848659
ironbank
anchore scan

00:03:04

passed #2848660
ironbank
openscap compliance

00:01:15

passed #2848661
ironbank
openscap cve

00:04:03

passed #2848662
ironbank
twistlock scan

00:00:39

 
  Csv Output
passed #2848663
ironbank
csv output

00:00:56

 
  Check Cves
passed #2848664
ironbank
check cves

00:00:20

 
  Documentation
passed #2848665
ironbank
sign image

00:00:49

passed #2848666
ironbank
sign manifest

00:00:29

passed #2848667
ironbank
write json documentation

00:00:28

 
  S3 Publish
passed #2848668
ironbank
upload to s3

00:02:06

 
  Vat
passed #2848669
ironbank
vat

00:00:09

 
Name Stage Failure
failed
vat compare Finding Compare 
INFO: ('CVE-2021-23840', 'anchore_cve', 'openssl-1.1.1g-15.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-23840', 'openssl-1.1.1g-15.el8_3', None)
INFO: ('CVE-2020-9548', 'anchore_cve', 'jackson-databind-2.10.2\nGeneric Informational URL: https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\nVendor Specific Solution URL: https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2\nBug Tracker: https://github.com/FasterXML/jackson-databind/issues/2634\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9548\nOther Advisory URL: https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html\nOther Advisory URL: https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E\nGeneric Informational URL: https://www.us-cert.gov/ncas/bulletins/sb20-069\nOther Advisory URL: https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E\nOther Advisory URL: https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6174489\nISS X-Force ID: https://exchange.xforce.ibmcloud.com/vulnerabilities/177104\nVendor Specific Advisory URL: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-109/index.html\nOther Advisory URL: https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6208043\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2067.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2511.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2515.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2512.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2513.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6221336\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6228078\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-2813.html\nOther Advisory URL: https://www.ibm.com/support/pages/node/6243446\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixFMW\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixPVA\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixEM\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixIFLX\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixGLM\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixCGBU\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3192.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3196.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3197.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6256124\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6324739\nOther Advisory URL: https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E\nVendor Specific News/Changelog Entry: https://security.netapp.com/advisory/ntap-20200904-0006/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3637.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3638.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3639.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3642.html\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-3779.html\nVendor Specific Advisory URL: https://www.ibm.com/support/pages/node/6347600\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixRAPP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixCGBU\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixIFLX\nOther Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixINSU\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2020-4366.html\nVendor Specific Advisory URL: https://puppet.com/security/cve/jackson-july-2020-security-fixes/\nVendor Specific Advisory URL: https://jira.atlassian.com/browse/JIRAAUTOSERVER-44\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixSCP\nVendor Specific Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html#AppendixRAPP\nOther Advisory URL: https://www.oracle.com/security-alerts/cpujan2021.html\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35875\nVendor Specific Advisory URL: https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-109/index.html\nGeneric Informational URL: https://us-cert.cisa.gov/ncas/current-activity/2021/01/21/oracle-releases-january-2021-security-bulletin\nVendor Specific Advisory URL: https://www.dell.com/support/kbdoc/en-us/000183617/dsa-2021-047-dell-supportassist-enterprise-security-update-for-multiple-third-party-component-vulnerabilities\n', 'jackson-databind-2.10.2', '/opt/gradle/gradle-6.7.1/lib/plugins/jackson-databind-2.10.2.jar')
INFO: ('CVE-2017-18640', 'anchore_cve', 'snakeyaml-1.17\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18640', 'snakeyaml-1.17', '/opt/gradle/gradle-6.7.1/lib/plugins/snakeyaml-1.17.jar')
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2848655 responseStatus=201 Created token=WQoSCKX8
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4

UNCLASSIFIED