Running with gitlab-runner 13.12.0 (7a6612da)  on dsop-shared-gitlab-runner-5fcd8977b8-m6qmr JrExJ6yx  feature flags: FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY:false section_start:1631125733:resolve_secrets Resolving secrets section_end:1631125733:resolve_secrets section_start:1631125733:prepare_executor Preparing the "kubernetes" executor "ServiceAccount" overwritten with "vat" Using Kubernetes namespace: gitlab-runner-ironbank-dsop Using Kubernetes executor with image registry1.dso.mil/ironbank/ironbank-pipelines/pipeline-runner:0.3 ... Using attach strategy to execute scripts... section_end:1631125733:prepare_executor section_start:1631125733:prepare_script Preparing environment Waiting for pod gitlab-runner-ironbank-dsop/runner-jrexj6yx-project-870-concurrent-0jbq52 to be running, status is Pending Waiting for pod gitlab-runner-ironbank-dsop/runner-jrexj6yx-project-870-concurrent-0jbq52 to be running, status is Pending ContainersNotReady: "containers with unready status: [build helper istio-proxy]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" Running on runner-jrexj6yx-project-870-concurrent-0jbq52 via dsop-shared-gitlab-runner-5fcd8977b8-m6qmr... section_end:1631125739:prepare_script section_start:1631125739:get_sources Getting source from Git repository $ until [ $(curl --fail --silent --output /dev/stderr --write-out "%{http_code}" localhost:15020/healthz/ready) -eq 200 ]; do echo Waiting for Sidecar; sleep 3 ; done ; echo Sidecar available; Sidecar available Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/JrExJ6yx/0/dsop/opensource/fluent/fluent-bit/.git/ Created fresh repository. Checking out 2563bba6 as development... Skipping Git submodules setup section_end:1631125740:get_sources section_start:1631125740:download_artifacts Downloading artifacts Downloading artifacts for anchore-scan (6325032)... Downloading artifacts from coordinator... ok  id=6325032 responseStatus=200 OK token=fyUzFQcb WARNING: ci-artifacts/scan-results/anchore/: lchown ci-artifacts/scan-results/anchore/: operation not permitted (suppressing repeats) Downloading artifacts for build (6325030)... Downloading artifacts from coordinator... ok  id=6325030 responseStatus=200 OK token=8wfqEERJ WARNING: ci-artifacts/build/: lchown ci-artifacts/build/: operation not permitted (suppressing repeats) Downloading artifacts for hardening-manifest (6325026)... Downloading artifacts from coordinator... ok  id=6325026 responseStatus=200 OK token=yKZMySQx WARNING: ci-artifacts/preflight/: lchown ci-artifacts/preflight/: operation not permitted (suppressing repeats) Downloading artifacts for load-scripts (6325023)... Downloading artifacts from coordinator... ok  id=6325023 responseStatus=200 OK token=81ndSbsj WARNING: ci-artifacts/[MASKED]/: lchown ci-artifacts/[MASKED]/: operation not permitted (suppressing repeats) Downloading artifacts for openscap-compliance (6325033)... Downloading artifacts from coordinator... ok  id=6325033 responseStatus=200 OK token=AL6eP6Fa WARNING: ci-artifacts/scan-results/openscap/: lchown ci-artifacts/scan-results/openscap/: operation not permitted (suppressing repeats) Downloading artifacts for twistlock-scan (6325034)... Downloading artifacts from coordinator... ok  id=6325034 responseStatus=200 OK token=ZBX8VUYz WARNING: ci-artifacts/scan-results/twistlock/: lchown ci-artifacts/scan-results/twistlock/: operation not permitted (suppressing repeats) Downloading artifacts for wl-compare-lint (6325027)... Downloading artifacts from coordinator... ok  id=6325027 responseStatus=200 OK token=WRtAJCz- WARNING: ci-artifacts/lint/: lchown ci-artifacts/lint/: operation not permitted (suppressing repeats) section_end:1631125741:download_artifacts section_start:1631125741:step_script Executing "step_script" stage of the job script $ "${PIPELINE_REPO_DIR}/stages/vat/vat-run-api.sh" INFO: Log level set to info INFO: Gathering list of all justifications... INFO: API Response: WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer  upstream in version 3.6.14 on 6/28/21. RH has not patched.","user":{"name":"andymaks7","email":"andre.maksymowicz@centauricorp.com","role":"findings_approver"}},"reviewer":{"state":"reviewed","date":"2021-08-26T14:23:38.000Z","comment":"This finding was reviewed.","designator":"True Positive","falsePositive":false,"user":{"name":"andymaks7","email":"andre.maksymowicz@centauricorp.com","role":"findings_approver"}},"approver":{"state":"approved","date":"2021-08-26T14:24:02.000Z","comment":"This finding is approved.","user":{"name":"riveraj","email":"riveralatorre_jose@bah.com","role":"findings_approver"}}},{"identifier":"CVE-2021-3737","source":"anchore_cve","description":"none","package":"python3-libs-3.6.8-37.el8","findingsState":"approved","contributor":{"state":"needs_review","date":"2021-08-26T14:23:26.000Z","justification":"Patched upstream in version 3.6.14 on 6/28/21. RH has not patched.","user":{"name":"andymaks7","email":"andre.maksymowicz@centauricorp.com","role":"findings_approver"}},"reviewer":{"state":"reviewed","date":"2021-08-26T14:23:38.000Z","comment":"This finding was reviewed.","designator":"True Positive","falsePositive":false,"user":{"name":"andymaks7","email":"andre.maksymowicz@centauricorp.com","role":"findings_approver"}},"approver":{"state":"approved","date":"2021-08-26T14:24:02.000Z","comment":"This finding is approved.","user":{"name":"riveraj","email":"riveralatorre_jose@bah.com","role":"findings_approver"}}},{"identifier":"CVE-2021-37750","source":"anchore_cve","description":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.","package":"krb5-libs-1.18.2-8.el8","findingsState":"approved","contributor":{"state":"reviewed","date":"2021-08-27T13:49:53.000Z","justification":"Reported 8/23/21, fixed in krb 1.18.5. RedHat has not patched.","user":{"name":"hstev09","email":"hunter.stevens@centauricorp.com","role":"findings_approver"}},"reviewer":{"state":"reviewed","date":"2021-08-27T13:49:53.000Z","comment":"This finding was reviewed.","designator":"True Positive","falsePositive":false,"user":{"name":"hstev09","email":"hunter.stevens@centauricorp.com","role":"findings_approver"}},"approver":{"state":"approved","date":"2021-08-27T13:50:39.000Z","comment":"This finding is approved.","user":{"name":"riveraj","email":"riveralatorre_jose@bah.com","role":"findings_approver"}}},{"identifier":"e7573262736ef52353cde3bae2617782","source":"anchore_comp","description":"SUID or SGID found set on file /usr/bin/umount. Mode: 0o104755\n Gate: files\n Trigger: suid_or_guid_set\n Policy ID: DoDFileChecks","findingsState":"approved","contributor":{"state":"has_justification","date":"2020-11-10T15:00:28.000Z","justification":"Required for umount functionality.","user":{"name":"alfontaine","email":"alan.fontaine@centauricorp.com","role":"findings_approver"}},"reviewer":{"state":"reviewed","date":"2020-11-10T15:00:28.000Z","comment":"Approved, imported from spreadsheet.","designator":"True Positive","falsePositive":false,"user":{"name":"alfontaine","email":"alan.fontaine@centauricorp.com","role":"findings_approver"}},"approver":{"state":"approved","date":"2021-01-27T22:52:42.000Z","comment":"Approved with conditions. RH must fix CVE-2019-25013 within 30 days.","user":{"name":"nicosnt","email":"nicolas.m.chaillan.civ@mail.mil","role":"container_approver"}}}],"digest":"fa3b3bd36145c2cc479264755c21880764d6aed373cac8616da51eddd831ede3"} INFO: POST Response: 201 section_end:1631125745:step_script section_start:1631125745:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... ci-artifacts/vat_request.json: found 1 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=6325040 responseStatus=201 Created token=5wbz4JWQ section_end:1631125746:upload_artifacts_on_success section_start:1631125746:cleanup_file_variables Cleaning up file based variables section_end:1631125746:cleanup_file_variables Job succeeded