Running with gitlab-runner 13.12.0 (7a6612da)  on dsop-shared-gitlab-runner-5fcd8977b8-m6qmr JrExJ6yx  feature flags: FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY:false section_start:1631106681:resolve_secrets Resolving secrets section_end:1631106681:resolve_secrets section_start:1631106681:prepare_executor Preparing the "kubernetes" executor "ServiceAccount" overwritten with "vat" Using Kubernetes namespace: gitlab-runner-ironbank-dsop Using Kubernetes executor with image registry1.dso.mil/ironbank/ironbank-pipelines/pipeline-runner:0.3 ... Using attach strategy to execute scripts... section_end:1631106681:prepare_executor section_start:1631106681:prepare_script Preparing environment Waiting for pod gitlab-runner-ironbank-dsop/runner-jrexj6yx-project-5092-concurrent-0gbpww to be running, status is Pending Waiting for pod gitlab-runner-ironbank-dsop/runner-jrexj6yx-project-5092-concurrent-0gbpww to be running, status is Pending ContainersNotInitialized: "containers with incomplete status: [istio-init]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" Running on runner-jrexj6yx-project-5092-concurrent-0gbpww via dsop-shared-gitlab-runner-5fcd8977b8-m6qmr... section_end:1631106688:prepare_script section_start:1631106688:get_sources Getting source from Git repository $ until [ $(curl --fail --silent --output /dev/stderr --write-out "%{http_code}" localhost:15020/healthz/ready) -eq 200 ]; do echo Waiting for Sidecar; sleep 3 ; done ; echo Sidecar available; Waiting for Sidecar Sidecar available Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/JrExJ6yx/0/dsop/opensource/gdal/gdal/.git/ Created fresh repository. Checking out 3c19912b as development... Skipping Git submodules setup section_end:1631106697:get_sources section_start:1631106697:download_artifacts Downloading artifacts Downloading artifacts for anchore-scan (6317632)... Downloading artifacts from coordinator... ok  id=6317632 responseStatus=200 OK token=6XawJgNG WARNING: ci-artifacts/scan-results/anchore/: lchown ci-artifacts/scan-results/anchore/: operation not permitted (suppressing repeats) Downloading artifacts for build (6317630)... Downloading artifacts from coordinator... ok  id=6317630 responseStatus=200 OK token=scFwwvcR WARNING: ci-artifacts/build/: lchown ci-artifacts/build/: operation not permitted (suppressing repeats) Downloading artifacts for hardening-manifest (6317626)... Downloading artifacts from coordinator... ok  id=6317626 responseStatus=200 OK token=PGrT5uk9 WARNING: ci-artifacts/preflight/: lchown ci-artifacts/preflight/: operation not permitted (suppressing repeats) Downloading artifacts for load-scripts (6317623)... Downloading artifacts from coordinator... ok  id=6317623 responseStatus=200 OK token=-zivpM1P WARNING: ci-artifacts/[MASKED]/: lchown ci-artifacts/[MASKED]/: operation not permitted (suppressing repeats) Downloading artifacts for openscap-compliance (6317633)... Downloading artifacts from coordinator... ok  id=6317633 responseStatus=200 OK token=C5KoM8yv WARNING: ci-artifacts/scan-results/openscap/: lchown ci-artifacts/scan-results/openscap/: operation not permitted (suppressing repeats) Downloading artifacts for twistlock-scan (6317634)... Downloading artifacts from coordinator... ok  id=6317634 responseStatus=200 OK token=8vNoQ2zS WARNING: ci-artifacts/scan-results/twistlock/: lchown ci-artifacts/scan-results/twistlock/: operation not permitted (suppressing repeats) Downloading artifacts for wl-compare-lint (6317627)... Downloading artifacts from coordinator... ok  id=6317627 responseStatus=200 OK token=hXTjbfZW WARNING: ci-artifacts/lint/: lchown ci-artifacts/lint/: operation not permitted (suppressing repeats) section_end:1631106699:download_artifacts section_start:1631106699:step_script Executing "step_script" stage of the job script $ "${PIPELINE_REPO_DIR}/stages/vat/vat-run-api.sh" INFO: Log level set to info INFO: Gathering list of all justifications... INFO: API Response: WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer WARNING: Error writing log line to trace: transform: short internal buffer  to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).","package":"openssl-libs-1.1.1g-15.el8_3","findingsState":"needs_justification"},{"identifier":"CVE-2021-3733","source":"anchore_cve","description":"none","package":"platform-python-3.6.8-37.el8","findingsState":"needs_justification"},{"identifier":"CVE-2021-3733","source":"anchore_cve","description":"none","package":"python3-libs-3.6.8-37.el8","findingsState":"needs_justification"},{"identifier":"CVE-2021-3737","source":"anchore_cve","description":"none","package":"platform-python-3.6.8-37.el8","findingsState":"needs_justification"},{"identifier":"CVE-2021-3737","source":"anchore_cve","description":"none","package":"python3-libs-3.6.8-37.el8","findingsState":"needs_justification"},{"identifier":"CVE-2021-37750","source":"anchore_cve","description":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.","package":"krb5-libs-1.18.2-8.el8","findingsState":"needs_justification"},{"identifier":"e7573262736ef52353cde3bae2617782","source":"anchore_comp","description":"SUID or SGID found set on file /usr/bin/umount. Mode: 0o104755\n Gate: files\n Trigger: suid_or_guid_set\n Policy ID: DoDFileChecks","findingsState":"approved","contributor":{"state":"has_justification","date":"2020-11-10T15:00:28.000Z","justification":"Required for umount functionality.","user":{"name":"alfontaine","email":"alan.fontaine@centauricorp.com","role":"findings_approver"}},"reviewer":{"state":"reviewed","date":"2020-11-10T15:00:28.000Z","comment":"Approved, imported from spreadsheet.","designator":"True Positive","falsePositive":false,"user":{"name":"alfontaine","email":"alan.fontaine@centauricorp.com","role":"findings_approver"}},"approver":{"state":"approved","date":"2021-01-27T22:52:42.000Z","comment":"Approved with conditions. RH must fix CVE-2019-25013 within 30 days.","user":{"name":"nicosnt","email":"nicolas.m.chaillan.civ@mail.mil","role":"container_approver"}}}],"digest":"a0d43bdb1b251b46215a77f1b9266aeb3343d7a862040b00daa057c2761ef732"} INFO: POST Response: 201 section_end:1631106704:step_script section_start:1631106704:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... ci-artifacts/vat_request.json: found 1 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=6317640 responseStatus=201 Created token=NkHcGVzK section_end:1631106706:upload_artifacts_on_success section_start:1631106706:cleanup_file_variables Cleaning up file based variables section_end:1631106706:cleanup_file_variables Job succeeded