[0KRunning with gitlab-runner 13.8.0 (775dd39d)
[0;m[0K  on global-shared-gitlab-runner-89dbd4db8-mnp6b RKzCU9YR
[0;msection_start:1617746221:resolve_secrets[0K[0K[36;1mResolving secrets[0;m
[0;msection_end:1617746221:resolve_secrets[0Ksection_start:1617746221:prepare_executor[0K[0K[36;1mPreparing the "kubernetes" executor[0;m
[0;m[0KUsing Kubernetes namespace: gitlab-runner
[0;m[0;33mWARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom
[0;m[0KUsing Kubernetes executor with image ${GITLAB_INTERNAL_REGISTRY}/ironbank-tools/ironbank-pipeline/ib-pipeline-image:0.1 ...
[0;msection_end:1617746221:prepare_executor[0Ksection_start:1617746221:prepare_script[0K[0K[36;1mPreparing environment[0;m
[0;mWaiting for pod gitlab-runner/runner-rkzcu9yr-project-5681-concurrent-0tsmqf to be running, status is Pending
Running on runner-rkzcu9yr-project-5681-concurrent-0tsmqf via global-shared-gitlab-runner-89dbd4db8-mnp6b...
section_end:1617746224:prepare_script[0Ksection_start:1617746224:get_sources[0K[0K[36;1mGetting source from Git repository[0;m
[0;m[32;1mFetching changes with git depth set to 50...[0;m
Initialized empty Git repository in /builds/dsop/opensource/jupyter/jupyterhub-k8s-hub/.git/
[32;1mCreated fresh repository.[0;m
[32;1mChecking out e1dbeb2f as removeSecret...[0;m

[32;1mSkipping Git submodules setup[0;m
section_end:1617746225:get_sources[0Ksection_start:1617746225:download_artifacts[0K[0K[36;1mDownloading artifacts[0;m
[0;m[32;1mDownloading artifacts for hardening_manifest (2625250)...[0;m
Downloading artifacts from coordinator... ok      [0;m  id[0;m=2625250 responseStatus[0;m=200 OK token[0;m=fTS1k6c7
[32;1mDownloading artifacts for load scripts (2625248)...[0;m
Downloading artifacts from coordinator... ok      [0;m  id[0;m=2625248 responseStatus[0;m=200 OK token[0;m=eqc3V7wf
[32;1mDownloading artifacts for wl compare lint (2625251)...[0;m
Downloading artifacts from coordinator... ok      [0;m  id[0;m=2625251 responseStatus[0;m=200 OK token[0;m=uUZTzSkg
section_end:1617746225:download_artifacts[0Ksection_start:1617746225:step_script[0K[0K[36;1mExecuting "step_script" stage of the job script[0;m
[0;m[32;1m$ mkdir -p "${ARTIFACT_DIR}"[0;m
[32;1m$ set +e[0;m
[32;1m$ python3 "${PIPELINE_REPO_DIR}/stages/vat-finding-compare/vat_findings.py"[0;m
api set length: 142
db set length: 143
Findings are NOT the same!
There are CVEs from the api that are not returned by the query
There are CVEs from the query that are not returned by the api
Please run the development branch for this project before validating query/api data
Findings from api not in direct query
('CVE-2021-3426', 'anchore_cve', 'python-3.8.8\nBug Tracker: https://bugs.python.org/issue42988\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1917807\nVendor Specific Solution URL: https://github.com/python/cpython/pull/24285\nOther Solution URL: https://github.com/python/cpython/commit/bcdca322f184e6ccddb9df763fe7d1ad175bd7a4\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3426\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1935913\nBug Tracker: https://github.com/python/cpython/pull/24337\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3426\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\n', 'python-3.8.8', '/usr/local/bin/python3.8')
('cffdede1091a44a6e2fdcff691e40261', 'anchore_comp', 'Secret content search analyzer found regexp match in container: file=/usr/local/lib/python3.8/site-packages/tornado/test/test.key regexp=PRIV_KEY=(?i)-+BEGIN(.*)PRIVATE KEY-+\n Gate: secret_scans\n Trigger: content_regex_checks\n Policy ID: DoDFileChecks', None, None)
('CVE-2021-3449', 'anchore_cve', 'python-3.8.8\nVendor Specific Advisory URL: https://support2.windriver.com/index.php?page=security-notices&on=view&id=7055\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3449\nMail List Post: https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html\nVendor Specific Advisory URL: https://www.openssl.org/news/secadv/20210325.txt\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/02b1636fe3db274497304a3e95a4e32ced7e841b\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/39a140597d874e554b736885ac4dea16ac40a87a\nVendor Specific Advisory URL: https://www.openssl.org/news/vulnerabilities.html\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3449\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1941554\nVendor Specific Advisory URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\nVendor Specific Advisory URL: https://ubuntu.com/security/notices/USN-4891-1\nVendor Specific Advisory URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Advisory URL: https://www.debian.org/security/2021/dsa-4875\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35948\nOther Advisory URL: http://jvn.jp/vu/JVNVU92126369/index.html\nVendor Specific Advisory URL: https://forums.opensuse.org/showthread.php/551969-openSUSE-SU-2021-0476-1-important-Security-update-for-openssl-1_1\nVendor Specific Advisory URL: https://security.netapp.com/advisory/ntap-20210326-0006/\nGeneric Exploit URL: https://github.com/terorie/cve-2021-3449\nVendor Specific Advisory URL: https://www.suse.com/support/update/announcement/2021/suse-su-20210954-1/\nVendor Specific Advisory URL: https://www.suse.com/support/update/announcement/2021/suse-su-20210955-1/\nBug Tracker: https://bugzilla.suse.com/show_bug.cgi?id=1183852\nVendor Specific Advisory URL: https://support.f5.com/csp/article/K83623027\nNews Article: https://www.bankinfosecurity.com/openssl-fixes-flaws-that-could-lead-to-server-takedowns-a-16276\nNews Article: https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/\nNews Article: https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/\nVendor Specific Advisory URL: https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Solution URL: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148\nVendor Specific News/Changelog Entry: https://blog.powerdns.com/2021/03/29/third-alpha-release-of-dnsdist-1-6-0/\nVendor Specific News/Changelog Entry: https://dnsdist.org/changelog.html#change-1.6.0-alpha3\nOther Advisory URL: https://matrix.org/blog/2021/03/26/synapse-1-30-1-released/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1024.html\nVendor Specific Advisory URL: https://networks.unify.com/security/advisories/OBSO-2103-01.pdf\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/27/1\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/27/2\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/28/3\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/28/4\nVendor Specific Advisory URL: https://news.cpanel.com/easyapache-4-march-31-release/\nVendor Specific Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific Advisory URL: https://www.tenable.com/security/tns-2021-06\nVendor Specific Solution URL: https://security.gentoo.org/glsa/202103-03\nVendor Specific News/Changelog Entry: https://www.tenable.com/security/tns-2021-05\nOther Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\n', 'python-3.8.8', '/usr/local/bin/python3.8')
('PRISMA-2021-0041', 'twistlock_cve', 'There is no support for PKCE implementation in the oauthlib client. Client-side PKCE for OAuth2 RFC 7636 is required for applications to have secure communication with the authorization server. OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack.', 'oauthlib-3.1.0', None)
('CVE-2021-3450', 'anchore_cve', 'python-3.8.8\nVendor Specific Advisory URL: https://support2.windriver.com/index.php?page=security-notices&on=view&id=7055\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3450\nMail List Post: https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html\nVendor Specific Advisory URL: https://www.openssl.org/news/secadv/20210325.txt\nVendor Specific Advisory URL: https://www.openssl.org/news/vulnerabilities.html\nBug Tracker: https://github.com/openssl/openssl/issues/14670\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3450\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1941547\nVendor Specific Advisory URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\nVendor Specific Advisory URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35948\nOther Advisory URL: http://jvn.jp/vu/JVNVU92126369/index.html\nVendor Specific Advisory URL: https://security.netapp.com/advisory/ntap-20210326-0006/\nVendor Specific Advisory URL: https://support.f5.com/csp/article/K52171694\nNews Article: https://www.bankinfosecurity.com/openssl-fixes-flaws-that-could-lead-to-server-takedowns-a-16276\nNews Article: https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/\nNews Article: https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/\nVendor Specific Advisory URL: https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Solution URL: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/27/1\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/27/2\nMail List Post: https://seclists.org/oss-sec/2021/q1/266\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/28/3\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/28/4\nOther Advisory URL: https://matrix.org/blog/2021/03/26/synapse-1-30-1-released/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1024.html\nVendor Specific Advisory URL: https://news.cpanel.com/easyapache-4-march-31-release/\nVendor Specific Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific Solution URL: https://security.gentoo.org/glsa/202103-03\nVendor Specific News/Changelog Entry: https://www.tenable.com/security/tns-2021-05\nOther Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\n', 'python-3.8.8', '/usr/local/bin/python3.8')
('VULNDB-253222', 'anchore_cve', 'python-3.8.8\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nBug Tracker: https://bugs.python.org/issue43439\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\n', 'python-3.8.8', '/usr/local/bin/python3.8')
('CVE-2020-25658', 'twistlock_cve', 'It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.', 'rsa-4.7.2', None)
Findings from direct query not in api
('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None)
('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'gnutls-3.6.14-7.el8_3', None)
('CVE-2021-3449', 'anchore_cve', 'openssl-libs-1.1.1g-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-3449', 'openssl-libs-1.1.1g-12.el8_3', None)
('VULNDB-250117', 'anchore_cve', 'python-3.8.8\nBug Tracker: https://bugs.python.org/issue43285\nVendor Specific Solution URL: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e\nVendor Specific Solution URL: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335\nVendor Specific Solution URL: https://github.com/python/cpython/commit/664d1d16274b47eea6ec92572e1ebf3939a6fa0c\n', 'python-3.8.8', '/usr/local/bin/python3.8')
('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'nettle-3.4.1-2.el8', None)
('CVE-2021-23840', 'anchore_cve', 'openssl-libs-1.1.1g-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-23840', 'openssl-libs-1.1.1g-12.el8_3', None)
('CVE-2021-3450', 'anchore_cve', 'openssl-libs-1.1.1g-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-3450', 'openssl-libs-1.1.1g-12.el8_3', None)
('CVE-2021-23841', 'anchore_cve', 'openssl-libs-1.1.1g-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-23841', 'openssl-libs-1.1.1g-12.el8_3', None)
section_end:1617746226:step_script[0Ksection_start:1617746226:upload_artifacts_on_failure[0K[0K[36;1mUploading artifacts for failed job[0;m
[0;m[32;1mUploading artifacts...[0;m
ci-artifacts/compare/: found 2 matching files and directories[0;m 
Uploading artifacts as "archive" to coordinator... ok[0;m  id[0;m=2625252 responseStatus[0;m=201 Created token[0;m=FSuQa3BR
section_end:1617746227:upload_artifacts_on_failure[0Ksection_start:1617746227:cleanup_file_variables[0K[0K[36;1mCleaning up file based variables[0;m
[0;msection_end:1617746227:cleanup_file_variables[0K[31;1mERROR: Job failed: command terminated with exit code 4
[0;m