Pipeline · Ironbank Containers / MITRE / SAF / inspec_tools

Simplify renovate.json, better reflect working renovate.json

Takes from https://repo1.dso.mil/dsop/container-hardening-tools/renovate/renovate renovate.json since it seems to be functioning properly at this time.

13 jobs for renovate4baseimage in 37 minutes and 26 seconds (queued for 11 seconds)

fbb15d27

Status	Job ID	Name
.Pre
passed	#3793775	load-scripts	00:00:09 Jun 03, 2021

Preflight
passed	#3793777	folder-structure	00:00:09 Jun 03, 2021
passed	#3793778	hardening-manifest	00:00:08 Jun 03, 2021
passed	#3793776	trufflehog	00:00:09 Jun 03, 2021

Lint
passed	#3793782	wl-compare-lint	00:00:11 Jun 03, 2021

Import Artifacts
passed	#3793794	import-artifacts	00:02:04 Jun 03, 2021

Scan Artifacts
passed	#3793798	clamav-scan	00:03:13 Jun 03, 2021

Build
passed	#3793799	build	00:01:52 Jun 03, 2021

Scanning
passed	#3793800	anchore-scan	00:03:01 Jun 03, 2021
passed	#3793801 ironbank-dsop-privileged	openscap-compliance	00:01:17 Jun 03, 2021
passed	#3793802	twistlock-scan	00:28:52 Jun 03, 2021

Csv Output
passed	#3793803	csv-output	00:00:40 Jun 03, 2021

Check Cves
failed	#3793804 allowed to fail	check-cves	00:00:12 Jun 03, 2021

Name Stage Failure

	Name	Stage	Failure
failed	check-cves	Check Cves
	ERROR: anchore_cve CVE-2020-24977 nokogiri-1.11.3 /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec ERROR: anchore_cve CVE-2021-3517 nokogiri-1.11.3 /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec ERROR: anchore_cve CVE-2021-3518 nokogiri-1.11.3 /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec ERROR: anchore_cve CVE-2021-3537 nokogiri-1.11.3 /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec ERROR: anchore_cve CVE-2021-3541 nokogiri-1.11.3 /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec ERROR: anchore_cve GHSA-7rrm-v45f-jp64 nokogiri-1.11.3 /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec ERROR: twistlock_cve CVE-2020-36327 bundler-2.1.4 None Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1

failed

check-cves

Check Cves

ERROR: anchore_cve                   CVE-2020-24977                nokogiri-1.11.3               /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec    
ERROR: anchore_cve                   CVE-2021-3517                 nokogiri-1.11.3               /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec    
ERROR: anchore_cve                   CVE-2021-3518                 nokogiri-1.11.3               /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec    
ERROR: anchore_cve                   CVE-2021-3537                 nokogiri-1.11.3               /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec    
ERROR: anchore_cve                   CVE-2021-3541                 nokogiri-1.11.3               /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec    
ERROR: anchore_cve                   GHSA-7rrm-v45f-jp64           nokogiri-1.11.3               /usr/local/bundle/specifications/nokogiri-1.11.3-x86_64-linux.gemspec    
ERROR: twistlock_cve                 CVE-2020-36327                bundler-2.1.4                 None                          
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1