Pipeline · Ironbank Containers / Hashicorp / vault / vault

Merge branch 'renovate/docker-vault-1.7.0' into 'development'

Update vault:1.7.0 Docker digest to b374bf9

See merge request !39

19 jobs for development in 11 minutes and 7 seconds (queued for 11 minutes and 59 seconds)

e09fd414

Status	Job ID	Name
.Pre
passed	#2574986 ironbank	load scripts	00:00:07 Apr 02, 2021

Preflight
passed	#2574987 ironbank	folder structure	00:00:05 Apr 02, 2021
passed	#2574988 ironbank	hardening_manifest	00:00:11 Apr 02, 2021

Lint
passed	#2574989 ironbank	wl compare lint	00:00:10 Apr 02, 2021

Finding Compare
failed	#2574990 ironbank allowed to fail	vat compare	00:00:07 Apr 02, 2021

Import Artifacts
passed	#2574991 ironbank	import artifacts	00:00:27 Apr 02, 2021

Scan Artifacts
passed	#2574992 ironbank	clamav scan	00:01:01 Apr 02, 2021

Build
passed	#2574993 ironbank-isolated	build	00:01:30 Apr 02, 2021

Scanning
passed	#2574997 ironbank	anchore scan	00:01:50 Apr 02, 2021
passed	#2574994 ironbank	openscap compliance	00:00:57 Apr 02, 2021
passed	#2574995 ironbank	openscap cve	00:03:55 Apr 02, 2021
passed	#2574996 ironbank	twistlock scan	00:00:35 Apr 02, 2021

Csv Output
passed	#2574998 ironbank	csv output	00:00:51 Apr 02, 2021

Check Cves
passed	#2574999 ironbank	check cves	00:00:14 Apr 02, 2021

Documentation
passed	#2575000 ironbank	sign image	00:00:30 Apr 02, 2021
passed	#2575001 ironbank	sign manifest	00:00:20 Apr 02, 2021
passed	#2575002 ironbank	write json documentation	00:00:20 Apr 02, 2021

Publish
passed	#2575003 ironbank	upload to s3	00:01:29 Apr 02, 2021

Vat
passed	#2575004 ironbank	vat	00:00:28 Apr 02, 2021

Name Stage Failure

	Name	Stage	Failure
failed	vat compare	Finding Compare
	('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None) ('CVE-2021-22876', 'twistlock_cve', 'curl 7.1.1 to and including 7.75.0 is vulnerable to an \\"Exposure of Private Personal Information to an Unauthorized Actor\\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.', 'curl-7.61.1-14.el8_3.1', None) ('41cb7cdf04850e33a11f80c42bf660b3', 'anchore_comp', "Dockerfile directive 'HEALTHCHECK' not found, matching condition 'not_exists' check\n Gate: dockerfile\n Trigger: instruction\n Policy ID: DoDDockerfileChecks", None, None) Uploading artifacts for failed job Uploading artifacts... ci-artifacts/compare/: found 2 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2574990 responseStatus=201 Created token=KkCpFxh2 Cleaning up file based variables ERROR: Job failed: command terminated with exit code 4

failed

vat compare

Finding Compare

('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None)
('CVE-2021-22876', 'twistlock_cve', 'curl 7.1.1 to and including 7.75.0 is vulnerable to an \\"Exposure of Private Personal Information to an Unauthorized Actor\\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.', 'curl-7.61.1-14.el8_3.1', None)
('41cb7cdf04850e33a11f80c42bf660b3', 'anchore_comp', "Dockerfile directive 'HEALTHCHECK' not found, matching condition 'not_exists' check\n Gate: dockerfile\n Trigger: instruction\n Policy ID: DoDDockerfileChecks", None, None)
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2574990 responseStatus=201 Created token=KkCpFxh2
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4