Pipeline · Ironbank Containers / GitLab / Gitlab / gitlab-task-runner

Merge branch 'release-gitlab-13-8-0' into 'development'

Update GitLab to the 13.8.0 Feature Release

See merge request !56

19 jobs for development in 28 minutes and 36 seconds (queued for 26 minutes and 48 seconds)

6dc99c89

Status	Job ID	Name
.Pre
passed	#1730387 ironbank	load scripts	00:00:07 Jan 30, 2021

Preflight
passed	#1730388 ironbank	folder structure	00:00:08 Jan 30, 2021
passed	#1730390 ironbank	hardening_manifest	00:00:11 Jan 30, 2021
failed	#1730389 ironbank allowed to fail	hardening_manifest migration	00:00:08 Jan 30, 2021

Lint
passed	#1730391 ironbank	wl compare lint	00:00:08 Jan 30, 2021

Import Artifacts
passed	#1730392 ironbank	import artifacts	00:00:13 Jan 30, 2021

Scan Artifacts
passed	#1730393 ironbank	clamav scan	00:03:06 Jan 30, 2021

Build
passed	#1730394 ironbank-isolated	build	00:05:46 Jan 30, 2021

Scanning
passed	#1730398 ironbank	anchore scan	00:09:56 Jan 30, 2021
passed	#1730395 ironbank	openscap compliance	00:02:54 Jan 30, 2021
passed	#1730396 ironbank	openscap cve	00:05:07 Jan 30, 2021
passed	#1730397 ironbank	twistlock scan	00:02:46 Jan 30, 2021

Csv Output
passed	#1730399 ironbank	csv output	00:02:31 Jan 30, 2021

Check Cves
failed	#1730400 ironbank allowed to fail	check cves	00:00:12 Jan 30, 2021

Documentation
passed	#1730401 ironbank	sign image	00:01:35 Jan 30, 2021
passed	#1730402 ironbank	sign manifest	00:00:33 Jan 30, 2021
passed	#1730403 ironbank	write json documentation	00:00:34 Jan 30, 2021

Publish
passed	#1730404 ironbank	upload to s3	00:04:15 Jan 30, 2021

Vat
passed	#1730405 ironbank	vat	00:00:28 Jan 30, 2021

	Name	Stage
failed	check cves	Check Cves
	INFO: Whitelisted vulnerabilities: {'anchorecomp_c2e44319ae5b3b040044d8ae116d1c2f', 'tl_CVE-2020-14349-postgres-12.3', 'anchorecomp_c4ad80832b361f81df2a31e5b6b09864', 'oscapcomp_CCE-82360-9', 'tl_CVE-2020-8285-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-7020-elasticsearch-6.8.2', 'anchorecve_CVE-2020-8285-libcurl-7.61.1-14.el8_3.1', 'tl_CVE-2020-8231-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-8231-libcurl-7.61.1-14.el8_3.1', 'anchorecve_GHSA-ww4x-rwq6-qpgf-omniauth-1.9.0', 'tl_CVE-2020-25694-postgres-12.3', 'anchorecve_VULNDB-223365-python-3.8.4', 'oscapcomp_CCE-82368-2', 'tl_CVE-2020-13776-systemd-239-41.el8_3.1', 'anchorecve_CVE-2020-24977-libxml2-2.9.7-8.el8', 'anchorecve_CVE-2020-8284-curl-7.61.1-14.el8_3.1', 'tl_CVE-2020-25613-webrick-1.6.0', 'oscapcomp_CCE-82949-9', 'tl_CVE-2020-8286-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2019-3881-bundler-1.17.3', 'anchorecve_CVE-2020-26116-platform-python-3.6.8-31.el8', 'anchorecomp_1413583a8bbe8e1db3f676da804a4bea', 'anchorecomp_34de21e516c0ca50a96e5386f163f8bf', 'anchorecve_CVE-2020-29362-p11-kit-trust-0.23.14-5.el8_0', 'anchorecve_CVE-2020-35512-dbus-libs-1.12.8-11.el8', 'anchorecve_CVE-2019-25013-glibc-common-2.28-127.el8', 'tl_CVE-2020-25695-postgres-12.3', 'anchorecve_CVE-2020-27618-glibc-2.28-127.el8', 'anchorecomp_639f6f1177735759703e928c14714a59', 'anchorecve_CVE-2019-25013-glibc-2.28-127.el8', 'oscapcomp_CCE-82494-6', 'anchorecve_CVE-2020-15358-sqlite-libs-3.26.0-11.el8', 'anchorecve_CVE-2020-27619-platform-python-3.6.8-31.el8', 'anchorecve_CVE-2020-24977-python3-libxml2-2.9.7-8.el8', 'anchorecve_CVE-2020-8285-curl-7.61.1-14.el8_3.1', 'anchorecomp_e7573262736ef52353cde3bae2617782', 'anchorecve_CVE-2020-13776-systemd-libs-239-41.el8_3.1', 'anchorecomp_320a97c6816565eedf3545833df99dd0', 'anchorecve_CVE-2015-9357-akismet-3.0.0', 'anchorecve_VULNDB-239538-webrick-1.6.0', 'oscapcomp_CCE-82959-8', 'anchorecve_CVE-2020-29363-p11-kit-trust-0.23.14-5.el8_0', 'anchorecve_CVE-2020-35512-dbus-1.12.8-11.el8', 'anchorecve_CVE-2020-35512-dbus-tools-1.12.8-11.el8', 'anchorecve_CVE-2020-13434-sqlite-libs-3.26.0-11.el8', 'anchorecomp_698044205a9c4a6d48b7937e66a6bf4f', 'anchorecomp_bcd159901fe47efddae5c095b4b0d7fd', 'anchorecve_CVE-2019-25013-glibc-minimal-langpack-2.28-127.el8', 'tl_CVE-2020-14350-postgres-12.3', 'anchorecve_VULNDB-216326-elasticsearch-6.8.2', 'anchorecve_CVE-2020-8284-libcurl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82214-8', 'anchorecve_CVE-2020-15523-python-3.8.4', 'oscapcomp_CCE-82472-2', 'anchorecomp_463a9a24225c26f7a5bf3f38908e5cb3', 'anchorecve_VULNDB-226240-elasticsearch-6.8.2', 'anchorecve_CVE-2020-8927-brotli-1.0.6-2.el8', 'anchorecomp_addbb93c22e9b0988b8b40392a4538cb', 'tl_CVE-2019-25013-glibc-2.28-127.el8', 'tl_CVE-2020-25696-postgres-12.3', 'anchorecve_CVE-2020-28196-krb5-libs-1.18.2-5.el8', 'oscapcomp_CCE-80938-4', 'anchorecve_CVE-2020-27618-glibc-common-2.28-127.el8', 'anchorecve_CVE-2020-29363-p11-kit-0.23.14-5.el8_0', 'oscapcomp_CCE-82985-3', 'oscapcomp_CCE-82267-6', 'oscapcomp_CCE-82473-0', 'anchorecomp_abb121e9621abdd452f65844954cf1c1', 'anchorecve_CVE-2020-29361-p11-kit-trust-0.23.14-5.el8_0', 'anchorecve_CVE-2020-29361-p11-kit-0.23.14-5.el8_0', 'tl_CVE-2020-25739-gon-6.2.0', 'anchorecve_CVE-2020-16135-libssh-0.9.4-2.el8', 'anchorecve_CVE-2008-4318-observer-0.1.0', 'anchorecve_CVE-2020-35512-dbus-daemon-1.12.8-11.el8', 'anchorecve_CVE-2020-8286-curl-7.61.1-14.el8_3.1', 'anchorecomp_3456a263793066e9b5063ada6e47917d', 'anchorecomp_41cb7cdf04850e33a11f80c42bf660b3', 'anchorecve_CVE-2020-29362-p11-kit-0.23.14-5.el8_0', 'anchorecve_VULNDB-234350-python-3.8.4', 'oscapcomp_CCE-82168-6', 'anchorecve_CVE-2020-35512-dbus-common-1.12.8-11.el8', 'anchorecve_CVE-2020-27618-glibc-minimal-langpack-2.28-127.el8', 'anchorecve_CVE-2020-24370-lua-libs-5.3.4-11.el8', 'anchorecve_CVE-2020-13776-systemd-239-41.el8_3.1', 'tl_CVE-2020-29362-p11-kit-0.23.14-5.el8_0', 'oscapcomp_CCE-82395-5', 'anchorecve_VULNDB-239700-python-3.8.4', 'anchorecve_CVE-2020-13776-systemd-pam-239-41.el8_3.1', 'anchorecve_CVE-2020-16135-libssh-config-0.9.4-2.el8', 'tl_CVE-2015-9284-omniauth-1.9.0', 'tl_CVE-2020-29361-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-27619-python3-libs-3.6.8-31.el8', 'oscapcomp_CCE-80935-0', 'oscapcomp_CCE-82474-8', 'oscapcomp_CCE-82220-5', 'anchorecve_CVE-2020-26116-python3-libs-3.6.8-31.el8', 'tl_CVE-2020-8284-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-8231-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-8286-libcurl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82979-6', 'anchorecomp_3e5fad1c039f3ecfd1dcdc94d2f1f9a0', 'tl_CVE-2020-29363-p11-kit-0.23.14-5.el8_0', 'anchorecomp_68e630cef4a8533b139875aa5fc54da5', 'tl_CVE-2020-8927-brotli-1.0.6-2.el8'} INFO: Vulnerabilities found in scanning stage: 88 INFO: {'tl_CVE-2020-14349-postgres-12.3', 'oscapcomp_CCE-82360-9', 'tl_CVE-2020-8285-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-7020-elasticsearch-6.8.2', 'anchorecve_CVE-2020-8285-libcurl-7.61.1-14.el8_3.1', 'tl_CVE-2020-8231-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-8231-libcurl-7.61.1-14.el8_3.1', 'anchorecve_GHSA-ww4x-rwq6-qpgf-omniauth-1.9.0', 'tl_CVE-2020-25694-postgres-12.3', 'anchorecve_VULNDB-223365-python-3.8.4', 'oscapcomp_CCE-82368-2', 'tl_CVE-2020-13776-systemd-239-41.el8_3.1', 'anchorecve_CVE-2020-24977-libxml2-2.9.7-8.el8', 'anchorecve_CVE-2020-8284-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82949-9', 'tl_CVE-2020-8286-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2019-3881-bundler-1.17.3', 'anchorecve_CVE-2020-26116-platform-python-3.6.8-31.el8', 'anchorecve_CVE-2020-29362-p11-kit-trust-0.23.14-5.el8_0', 'anchorecve_CVE-2020-35512-dbus-libs-1.12.8-11.el8', 'tl_CVE-2020-25695-postgres-12.3', 'anchorecve_CVE-2019-25013-glibc-common-2.28-127.el8', 'anchorecve_CVE-2020-27618-glibc-2.28-127.el8', 'anchorecve_CVE-2019-25013-glibc-2.28-127.el8', 'oscapcomp_CCE-82494-6', 'anchorecve_CVE-2020-15358-sqlite-libs-3.26.0-11.el8', 'anchorecve_CVE-2020-27619-platform-python-3.6.8-31.el8', 'anchorecve_CVE-2020-8285-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-24977-python3-libxml2-2.9.7-8.el8', 'anchorecve_CVE-2020-13776-systemd-libs-239-41.el8_3.1', 'anchorecve_CVE-2015-9357-akismet-3.0.0', 'anchorecve_VULNDB-239538-webrick-1.6.0', 'oscapcomp_CCE-82959-8', 'anchorecve_CVE-2020-29363-p11-kit-trust-0.23.14-5.el8_0', 'anchorecve_CVE-2020-35512-dbus-1.12.8-11.el8', 'anchorecve_CVE-2020-35512-dbus-tools-1.12.8-11.el8', 'anchorecve_CVE-2020-13434-sqlite-libs-3.26.0-11.el8', 'anchorecve_CVE-2019-25013-glibc-minimal-langpack-2.28-127.el8', 'tl_CVE-2020-14350-postgres-12.3', 'anchorecve_VULNDB-216326-elasticsearch-6.8.2', 'anchorecve_CVE-2020-8284-libcurl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82214-8', 'anchorecve_CVE-2021-3177-python-3.8.4', 'anchorecve_CVE-2020-15523-python-3.8.4', 'oscapcomp_CCE-82472-2', 'anchorecve_VULNDB-226240-elasticsearch-6.8.2', 'anchorecve_CVE-2020-8927-brotli-1.0.6-2.el8', 'tl_CVE-2019-25013-glibc-2.28-127.el8', 'tl_CVE-2020-25696-postgres-12.3', 'anchorecve_CVE-2020-28196-krb5-libs-1.18.2-5.el8', 'oscapcomp_CCE-80938-4', 'anchorecve_CVE-2020-27618-glibc-common-2.28-127.el8', 'anchorecve_CVE-2020-29363-p11-kit-0.23.14-5.el8_0', 'oscapcomp_CCE-82985-3', 'oscapcomp_CCE-82267-6', 'oscapcomp_CCE-82473-0', 'anchorecve_CVE-2020-29361-p11-kit-trust-0.23.14-5.el8_0', 'anchorecve_CVE-2020-29361-p11-kit-0.23.14-5.el8_0', 'tl_CVE-2020-25739-gon-6.2.0', 'anchorecve_CVE-2020-16135-libssh-0.9.4-2.el8', 'anchorecve_CVE-2020-35512-dbus-daemon-1.12.8-11.el8', 'anchorecve_CVE-2008-4318-observer-0.1.0', 'anchorecve_CVE-2020-8286-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-29362-p11-kit-0.23.14-5.el8_0', 'anchorecve_VULNDB-234350-python-3.8.4', 'oscapcomp_CCE-82168-6', 'anchorecve_CVE-2020-35512-dbus-common-1.12.8-11.el8', 'anchorecve_CVE-2020-27618-glibc-minimal-langpack-2.28-127.el8', 'anchorecve_CVE-2020-24370-lua-libs-5.3.4-11.el8', 'anchorecve_CVE-2020-13776-systemd-239-41.el8_3.1', 'tl_CVE-2020-29362-p11-kit-0.23.14-5.el8_0', 'oscapcomp_CCE-82395-5', 'anchorecve_VULNDB-239700-python-3.8.4', 'anchorecve_CVE-2020-13776-systemd-pam-239-41.el8_3.1', 'anchorecve_CVE-2020-16135-libssh-config-0.9.4-2.el8', 'tl_CVE-2015-9284-omniauth-1.9.0', 'tl_CVE-2020-29361-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-27619-python3-libs-3.6.8-31.el8', 'oscapcomp_CCE-80935-0', 'oscapcomp_CCE-82474-8', 'oscapcomp_CCE-82220-5', 'anchorecve_CVE-2020-26116-python3-libs-3.6.8-31.el8', 'tl_CVE-2020-8284-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-8231-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-8286-libcurl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82979-6', 'tl_CVE-2020-29363-p11-kit-0.23.14-5.el8_0', 'tl_CVE-2020-8927-brotli-1.0.6-2.el8'} ERROR: NON-WHITELISTED VULNERABILITIES FOUND ERROR: Number of non-whitelisted vulnerabilities: 1 ERROR: The following vulnerabilities are not whitelisted: ERROR: Anchore CVE - CVE-2021-3177-python-3.8.4 Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1
failed	hardening_manifest migration	Preflight
	`Skipping Git submodules setup Downloading artifacts Downloading artifacts for load scripts (1730387)... Downloading artifacts from coordinator... ok id=1730387 responseStatus=200 OK token=CUHyCgoy Executing "step_script" stage of the job script $ if ! [[ -f hardening_manifest.yaml ]]; then # collapsed multi-line command LABEL found in Dockerfile, move all LABELs to the hardening_manifest.yaml file Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1`