Pipeline · Ironbank Containers / GitLab / Gitlab / gitlab-task-runner

Merge branch 'alfontaine-development-patch-04807' into 'development'

Update Dockerfile

See merge request !67

29 jobs for development in 27 minutes and 19 seconds (queued for 32 minutes and 37 seconds)

a9832cf6

Status	Job ID	Name
.Pre
passed	#2650068 ironbank	load scripts	00:00:18 Apr 08, 2021

Preflight
passed	#2650069 ironbank	folder structure	00:00:11 Apr 08, 2021
passed	#2650070 ironbank	hardening_manifest	00:00:18 Apr 08, 2021

Lint
passed	#2650071 ironbank	wl compare lint	00:00:15 Apr 08, 2021

Finding Compare
failed	#2650203 ironbank allowed to fail	vat compare	00:00:08 Apr 08, 2021
failed	#2650153 ironbank allowed to fail	vat compare	00:00:08 Apr 08, 2021
failed	#2650072 ironbank allowed to fail	vat compare	00:00:11 Apr 08, 2021

Import Artifacts
passed	#2650073 ironbank	import artifacts	00:00:19 Apr 08, 2021

Scan Artifacts
passed	#2650074 ironbank	clamav scan	00:02:55 Apr 08, 2021

Build
passed	#2650075 ironbank-isolated	build	00:06:05 Apr 08, 2021

Scanning
passed	#2650207 ironbank	anchore scan	00:07:26 Apr 08, 2021
passed	#2650204 ironbank	openscap compliance	00:02:54 Apr 08, 2021
passed	#2650205 ironbank	openscap cve	00:05:58 Apr 08, 2021
passed	#2650206 ironbank	twistlock scan	00:01:16 Apr 08, 2021
failed	#2650157 ironbank	anchore scan	00:00:11 Apr 08, 2021
failed	#2650079 ironbank	anchore scan	00:00:12 Apr 08, 2021
failed	#2650154 ironbank	openscap compliance	00:00:07 Apr 08, 2021
failed	#2650076 ironbank	openscap compliance	00:00:07 Apr 08, 2021
failed	#2650155 ironbank	openscap cve	00:00:07 Apr 08, 2021
failed	#2650077 ironbank	openscap cve	00:00:07 Apr 08, 2021
failed	#2650078 ironbank	twistlock scan	00:00:10 Apr 08, 2021
failed	#2650156 ironbank	twistlock scan	00:00:10 Apr 08, 2021

Csv Output
passed	#2650080 ironbank	csv output	00:02:49 Apr 08, 2021

Check Cves
failed	#2650081 ironbank allowed to fail	check cves	00:00:17 Apr 08, 2021

Documentation
passed	#2650082 ironbank	sign image	00:01:42 Apr 08, 2021
passed	#2650083 ironbank	sign manifest	00:00:36 Apr 08, 2021
passed	#2650084 ironbank	write json documentation	00:00:35 Apr 08, 2021

S3 Publish
passed	#2650085 ironbank	upload to s3	00:04:30 Apr 08, 2021

Vat
passed	#2650086 ironbank	vat	00:00:09 Apr 08, 2021

	Name	Stage
failed	check cves	Check Cves
	`ERROR: The following vulnerabilities are not whitelisted: ERROR: scan_source cve_id package package_path ERROR: anchore_cve CVE-2021-23840 openssl-1.1.1g-15.el8_3 None ERROR: anchore_cve CVE-2021-23841 openssl-1.1.1g-15.el8_3 None ERROR: twistlock_cve CVE-2021-23840 openssl-1.1.1g-15.el8_3 None ERROR: twistlock_cve CVE-2021-23841 openssl-1.1.1g-15.el8_3 None ERROR: twistlock_cve CVE-2020-25658 rsa-4.7.2 None Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1`
failed	vat compare	Finding Compare
	('CVE-2020-25613', 'twistlock_cve', 'An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.', 'webrick-1.6.0', None) ('b2505d515c1cbb5547e1039d0707596b', 'anchore_comp', "Dockerfile directive 'ADD' check 'exists' matched against '' for line 'gitlab-ruby.tar.gz /'\n Gate: dockerfile\n Trigger: instruction\n Policy ID: DoDDockerfileChecks", None, None) ('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None) Uploading artifacts for failed job Uploading artifacts... ci-artifacts/compare/: found 2 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2650203 responseStatus=201 Created token=y3UMAmCv Cleaning up file based variables ERROR: Job failed: command terminated with exit code 4