Upgrade to Heimdall 2.4.8, container cleanup
The latest upstream version of Heimdall removes all of the build dependencies from the production container. This should significantly reduce the findings on this container. Additionally, this fixes an issue where the Ironbank version of the container would not start properly due to NPM creating a folder at `/home/node/.config` which was owned by root which was causing errors when running as the Heimdall user. Instead of using the Heimdall user, this container is now using the node user that comes with it.
| Status | Job ID | Name | Coverage | ||||||
|---|---|---|---|---|---|---|---|---|---|
| .Pre | |||||||||
| passed |
#3746334
|
load-scripts |
00:00:09
|
|
|||||
| Preflight | |||||||||
| passed |
#3746336
|
folder-structure |
00:00:05
|
|
|||||
| passed |
#3746337
|
hardening-manifest |
00:00:11
|
|
|||||
| passed |
#3746398
|
trufflehog |
00:00:07
|
|
|||||
| failed |
#3746335
|
trufflehog |
00:00:07
|
|
|||||
| Lint | |||||||||
| passed |
#3746338
|
wl-compare-lint |
00:00:07
|
|
|||||
| Import Artifacts | |||||||||
| passed |
#3746339
|
import-artifacts |
00:02:02
|
|
|||||
| Scan Artifacts | |||||||||
| passed |
#3746340
|
clamav-scan |
00:04:08
|
|
|||||
| Build | |||||||||
| passed |
#3746341
|
build |
00:05:08
|
|
|||||
| Scanning | |||||||||
| passed |
#3746342
|
anchore-scan |
00:08:31
|
|
|||||
| passed |
#3746343
ironbank-dsop-privileged
|
openscap-compliance |
00:02:56
|
|
|||||
| passed |
#3746344
|
twistlock-scan |
00:01:18
|
|
|||||
| Csv Output | |||||||||
| passed |
#3746345
|
csv-output |
00:01:28
|
|
|||||
| Check Cves | |||||||||
| failed |
#3746346
allowed to fail
|
check-cves |
00:00:14
|
|
|||||
| Name | Stage | Failure | ||
|---|---|---|---|---|
|
failed
|
check-cves | Check Cves | ||
|
||||