Pipeline · Ironbank Containers / Opensource / Docker / Registry V2

Merge branch 'renovate/docker-registry-2.7.1' into 'development'

Update registry:2.7.1 Docker digest to 160c621

See merge request !12

19 jobs for development in 11 minutes and 13 seconds (queued for 12 minutes and 27 seconds)

447a8ed1

Status	Job ID	Name
.Pre
passed	#2574942 ironbank	load scripts	00:00:07 Apr 02, 2021

Preflight
passed	#2574943 ironbank	folder structure	00:00:08 Apr 02, 2021
passed	#2574944 ironbank	hardening_manifest	00:00:11 Apr 02, 2021

Lint
passed	#2574945 ironbank	wl compare lint	00:00:10 Apr 02, 2021

Finding Compare
failed	#2574946 ironbank allowed to fail	vat compare	00:00:07 Apr 02, 2021

Import Artifacts
passed	#2574947 ironbank	import artifacts	00:00:15 Apr 02, 2021

Scan Artifacts
passed	#2574948 ironbank	clamav scan	00:00:29 Apr 02, 2021

Build
passed	#2574949 ironbank-isolated	build	00:01:49 Apr 02, 2021

Scanning
passed	#2574953 ironbank	anchore scan	00:01:56 Apr 02, 2021
passed	#2574950 ironbank	openscap compliance	00:00:51 Apr 02, 2021
passed	#2574951 ironbank	openscap cve	00:04:51 Apr 02, 2021
passed	#2574952 ironbank	twistlock scan	00:00:20 Apr 02, 2021

Csv Output
passed	#2574954 ironbank	csv output	00:00:46 Apr 02, 2021

Check Cves
passed	#2574955 ironbank	check cves	00:00:17 Apr 02, 2021

Documentation
passed	#2574956 ironbank	sign image	00:00:24 Apr 02, 2021
passed	#2574957 ironbank	sign manifest	00:00:20 Apr 02, 2021
passed	#2574958 ironbank	write json documentation	00:00:19 Apr 02, 2021

Publish
passed	#2574959 ironbank	upload to s3	00:01:13 Apr 02, 2021

Vat
passed	#2574960 ironbank	vat	00:00:27 Apr 02, 2021

Name Stage Failure

	Name	Stage	Failure
failed	vat compare	Finding Compare
	('CVE-2021-23840', 'twistlock_cve', 'Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).', 'openssl-1.1.1g-15.el8_3', None) ('CVE-2021-20305', 'anchore_cve', 'gnutls-3.6.14-7.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-20305', 'gnutls-3.6.14-7.el8_3', None) ('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None) Uploading artifacts for failed job Uploading artifacts... ci-artifacts/compare/: found 2 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2574946 responseStatus=201 Created token=MKhCkEZA Cleaning up file based variables ERROR: Job failed: command terminated with exit code 4

failed

vat compare

Finding Compare

('CVE-2021-23840', 'twistlock_cve', 'Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).', 'openssl-1.1.1g-15.el8_3', None)
('CVE-2021-20305', 'anchore_cve', 'gnutls-3.6.14-7.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-20305', 'gnutls-3.6.14-7.el8_3', None)
('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None)
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2574946 responseStatus=201 Created token=MKhCkEZA
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4