Running with gitlab-runner 13.8.0 (775dd39d)  on dsop-shared-gitlab-runner-f887cbcbd-srgz6 E82_g8RG section_start:1627952749:resolve_secrets Resolving secrets section_end:1627952749:resolve_secrets section_start:1627952749:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runner-ironbank-dsop WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom Using Kubernetes executor with image registry1.dso.mil/ironbank/ironbank-pipelines/pipeline-runner:0.3 ... section_end:1627952750:prepare_executor section_start:1627952750:prepare_script Preparing environment Waiting for pod gitlab-runner-ironbank-dsop/runner-e82g8rg-project-5680-concurrent-0sws96 to be running, status is Pending Waiting for pod gitlab-runner-ironbank-dsop/runner-e82g8rg-project-5680-concurrent-0sws96 to be running, status is Pending ContainersNotReady: "containers with unready status: [build helper istio-proxy]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" Running on runner-e82g8rg-project-5680-concurrent-0sws96 via dsop-shared-gitlab-runner-f887cbcbd-srgz6... section_end:1627952756:prepare_script section_start:1627952756:get_sources Getting source from Git repository $ until [ $(curl --fail --silent --output /dev/stderr --write-out "%{http_code}" localhost:15020/healthz/ready) -eq 200 ]; do echo Waiting for Sidecar; sleep 3 ; done ; echo Sidecar available; Sidecar available Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/dsop/opensource/jupyter/jupyterhub-configurable-http-proxy/.git/ Created fresh repository. Checking out 022a9cc6 as renovate/registry1.dso.mil-ironbank-opensource-nodejs-nodejs14-14.x... Skipping object checkout, Git LFS is not installed. Skipping Git submodules setup section_end:1627952756:get_sources section_start:1627952756:download_artifacts Downloading artifacts Downloading artifacts for hardening-manifest (5332830)... Downloading artifacts from coordinator... ok  id=5332830 responseStatus=200 OK token=eKCt1Qmc WARNING: ci-artifacts/preflight/: lchown ci-artifacts/preflight/: operation not permitted (suppressing repeats) Downloading artifacts for load-scripts (5332827)... Downloading artifacts from coordinator... ok  id=5332827 responseStatus=200 OK token=hC2i6sGb WARNING: ci-artifacts/[MASKED]/: lchown ci-artifacts/[MASKED]/: operation not permitted (suppressing repeats) section_end:1627952756:download_artifacts section_start:1627952756:step_script Executing "step_script" stage of the job script $ if [[ "${CI_COMMIT_BRANCH}" == "master" || "${CI_COMMIT_BRANCH}" == "development" ]] && [[ "${CI_COMMIT_REF_PROTECTED}" != true ]]; then # collapsed multi-line command $ mkdir -p "${ARTIFACT_DIR}" $ set +e $ python3 "${PIPELINE_REPO_DIR}/stages/check-cves/pipeline_wl_compare.py" --lint INFO: Log level set to info INFO: Retrieving findings for opensource/jupyterhub/configurable-http-proxy:4.5.0 INFO: Running query to vat api INFO: Fetched data from vat successfully INFO: Validating the VAT response against schema INFO: Log level set to info INFO: Loaded definitions from /builds/dsop/opensource/jupyter/jupyterhub-configurable-http-proxy/ci-artifacts/[MASKED]/stages/check-cves/../../schema/vat_findings.swagger.yaml INFO: Defined base schema off of the Container model WARNING: Error validating the VAT schema 'inheritsFrom' is a required property Failed validating 'required' in schema['properties']['findings']['items']: {'description': 'Findings description', 'properties': {'approver': {'$ref': '#/definitions/FindingsApprover', 'description': 'This object will only ' 'exist if there is a ' 'reviewer. May be missing ' 'if there is no approval ' 'action.'}, 'contributor': {'$ref': '#/definitions/FindingsContributor', 'description': 'This object will be ' 'missing if there is no ' 'justification text'}, 'description': {'type': 'string'}, 'findingsState': {'$ref': '#/definitions/FindingStateEnum'}, 'identifier': {'$ref': '#/definitions/PrintableCharactersWithoutNewlinesOrSlashes', 'description': 'Finding identifier ' '(vulnerability ID or ' 'policy violation ID)'}, 'inheritsFrom': {'description': 'A non-empty array ' 'implies the finding ' 'is inherited. Array ' 'of ubi/ubi8:8.2 etc ' 'ordered from oldest ' 'parent image (first) ' 'to immediate parent ' '(last). Finding will ' 'be present in the ' 'first element of the ' 'array.', 'items': {'$ref': '#/definitions/DockerNameAndTagRegex'}, 'type': 'array'}, 'package': {'type': 'string'}, 'packagePath': {'type': 'string'}, 'reviewer': {'$ref': '#/definitions/FindingsReviewer', 'description': 'This object will only ' 'exist if there is a ' 'contributor. Will be ' 'missing until the ' 'reviewer has performed an ' 'action.'}, 'source': {'$ref': '#/definitions/ScanSourceEnum'}}, 'required': ['identifier', 'source', 'description', 'findingsState', 'inheritsFrom'], 'type': 'object'} On instance['findings'][0]: {'approver': {'comment': 'Approved with conditions. RH must fix ' 'CVE-2019-25013 within 30 days.', 'date': '2021-01-27T22:52:42.000Z', 'state': 'approved', 'user': {'email': 'nicolas.m.chaillan.civ@mail.mil', 'name': 'nicosnt', 'role': 'container_approver'}}, 'contributor': {'date': '2020-11-10T15:00:28.000Z', 'justification': 'Required for su functionality.', 'state': 'has_justification', 'user': {'email': 'alan.fontaine@centauricorp.com', 'name': 'alfontaine', 'role': 'findings_approver'}}, 'description': 'SUID or SGID found set on file /usr/bin/su. Mode: ' '0o104755\n' ' Gate: files\n' ' Trigger: suid_or_guid_set\n' ' Policy ID: DoDFileChecks', 'findingsState': 'approved', 'identifier': '320a97c6816565eedf3545833df99dd0', 'reviewer': {'comment': 'Approved, imported from spreadsheet.', 'date': '2020-11-10T15:00:28.000Z', 'falsePositive': False, 'state': 'reviewed', 'user': {'email': 'alan.fontaine@centauricorp.com', 'name': 'alfontaine', 'role': 'findings_approver'}}, 'source': 'anchore_comp'} INFO: CONTAINER APPROVAL STATUS INFO: Approved INFO: CONTAINER APPROVAL TEXT INFO: Auto Approval derived from previous version opensource/jupyterhub/configurable-http-proxy:4.4.0 INFO: skopeo inspect --authfile prod_pull_auth.json docker://registry1.dso.mil/ironbank/opensource/nodejs/nodejs14:14.17.4 INFO: Getting opensource/nodejs/nodejs14 hardening_manifest.yaml from master INFO: Retrieving findings for opensource/nodejs/nodejs14:14.17.4 INFO: skopeo inspect --authfile prod_pull_auth.json docker://registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.4 INFO: Getting redhat/ubi/ubi8 hardening_manifest.yaml from master INFO: Retrieving findings for redhat/ubi/ubi8:8.4 INFO: Artifact Directory: ci-artifacts/lint section_end:1627952759:step_script section_start:1627952759:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... ci-artifacts/lint/: found 4 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=5332831 responseStatus=201 Created token=NGRPgsSz Uploading artifacts... variables.env: found 1 matching files and directories Uploading artifacts as "dotenv" to coordinator... ok id=5332831 responseStatus=201 Created token=NGRPgsSz section_end:1627952760:upload_artifacts_on_success section_start:1627952760:cleanup_file_variables Cleaning up file based variables section_end:1627952760:cleanup_file_variables Job succeeded