UNCLASSIFIED

Merge branch 'andymaks-development-patch-90282' into 'development'

Update Dockerfile

See merge request !41
19 jobs for development in 27 minutes and 24 seconds (queued for 27 minutes and 38 seconds)
Status Job ID Name Coverage
  .Pre
passed #2649667
ironbank
load scripts

00:00:09

 
  Preflight
passed #2649668
ironbank
folder structure

00:00:22

passed #2649669
ironbank
hardening_manifest

00:00:38

 
  Lint
passed #2649670
ironbank
wl compare lint

00:00:30

 
  Finding Compare
failed #2649671
ironbank allowed to fail
vat compare

00:00:26

 
  Import Artifacts
passed #2649672
ironbank
import artifacts

00:00:22

 
  Scan Artifacts
passed #2649673
ironbank
clamav scan

00:07:03

 
  Build
passed #2649674
ironbank-isolated
build

00:04:43

 
  Scanning
passed #2649678
ironbank
anchore scan

00:04:01

passed #2649675
ironbank
openscap compliance

00:01:54

passed #2649676
ironbank
openscap cve

00:09:02

passed #2649677
ironbank
twistlock scan

00:00:49

 
  Csv Output
passed #2649679
ironbank
csv output

00:00:59

 
  Check Cves
failed #2649680
ironbank allowed to fail
check cves

00:00:43

 
  Documentation
passed #2649681
ironbank
sign image

00:00:44

passed #2649682
ironbank
sign manifest

00:00:24

passed #2649683
ironbank
write json documentation

00:00:29

 
  S3 Publish
passed #2649684
ironbank
upload to s3

00:01:44

 
  Vat
passed #2649685
ironbank
vat

00:00:15

 
Name Stage Failure
failed
check cves Check Cves
ERROR: anchore_cve                   CVE-2021-23841                openssl-1.1.1g-15.el8_3       None                          
ERROR: anchore_cve CVE-2020-13776 systemd-239-41.el8_3.1 None
ERROR: anchore_cve CVE-2020-13776 systemd-libs-239-41.el8_3.1 None
ERROR: anchore_cve CVE-2020-13776 systemd-pam-239-41.el8_3.1 None
ERROR: twistlock_cve CVE-2021-23840 openssl-1.1.1g-15.el8_3 None
ERROR: twistlock_cve CVE-2021-23841 openssl-1.1.1g-15.el8_3 None
ERROR: twistlock_cve CVE-2020-13776 systemd-239-41.el8_3.1 None
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1
failed
vat compare Finding Compare
('CVE-2020-10663', 'twistlock_cve', 'The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.', 'json-2.1.0', None)
('CVE-2020-13776', 'anchore_cve', 'systemd-pam-239-41.el8_3.2\nhttps://access.redhat.com/security/cve/CVE-2020-13776', 'systemd-pam-239-41.el8_3.2', None)
('41cb7cdf04850e33a11f80c42bf660b3', 'anchore_comp', "Dockerfile directive 'HEALTHCHECK' not found, matching condition 'not_exists' check\n Gate: dockerfile\n Trigger: instruction\n Policy ID: DoDDockerfileChecks", None, None)
Uploading artifacts for failed job
ci-artifacts/compare/: found 2 matching files and directories
Uploading artifacts...
Uploading artifacts as "archive" to coordinator... ok
id=2649671 responseStatus=201 Created token=RLaBgEi-
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4