Running with gitlab-runner 13.12.0 (7a6612da)  on dsop-shared-gitlab-runner-5fcd8977b8-m6qmr JrExJ6yx  feature flags: FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY:false section_start:1631042026:resolve_secrets Resolving secrets section_end:1631042026:resolve_secrets section_start:1631042026:prepare_executor Preparing the "kubernetes" executor "ServiceAccount" overwritten with "vat" Using Kubernetes namespace: gitlab-runner-ironbank-dsop Using Kubernetes executor with image registry1.dso.mil/ironbank/ironbank-pipelines/pipeline-runner:0.3 ... Using attach strategy to execute scripts... section_end:1631042026:prepare_executor section_start:1631042026:prepare_script Preparing environment Waiting for pod gitlab-runner-ironbank-dsop/runner-jrexj6yx-project-7823-concurrent-0494pn to be running, status is Pending Waiting for pod gitlab-runner-ironbank-dsop/runner-jrexj6yx-project-7823-concurrent-0494pn to be running, status is Pending ContainersNotReady: "containers with unready status: [build helper istio-proxy]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" Running on runner-jrexj6yx-project-7823-concurrent-0494pn via dsop-shared-gitlab-runner-5fcd8977b8-m6qmr... section_end:1631042032:prepare_script section_start:1631042032:get_sources Getting source from Git repository $ until [ $(curl --fail --silent --output /dev/stderr --write-out "%{http_code}" localhost:15020/healthz/ready) -eq 200 ]; do echo Waiting for Sidecar; sleep 3 ; done ; echo Sidecar available; Sidecar available Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/JrExJ6yx/0/dsop/opensource/kubernetes-sigs/sig-storage/snapshot-controller/.git/ Created fresh repository. Checking out 9a998443 as development... Skipping Git submodules setup section_end:1631042032:get_sources section_start:1631042032:download_artifacts Downloading artifacts Downloading artifacts for anchore-scan (6304366)... Downloading artifacts from coordinator... ok  id=6304366 responseStatus=200 OK token=Sf_G3Mnn WARNING: ci-artifacts/scan-results/anchore/: lchown ci-artifacts/scan-results/anchore/: operation not permitted (suppressing repeats) Downloading artifacts for build (6304364)... Downloading artifacts from coordinator... ok  id=6304364 responseStatus=200 OK token=qDmxFp-f WARNING: ci-artifacts/build/: lchown ci-artifacts/build/: operation not permitted (suppressing repeats) Downloading artifacts for hardening-manifest (6304360)... Downloading artifacts from coordinator... ok  id=6304360 responseStatus=200 OK token=_6c2nsZH WARNING: ci-artifacts/preflight/: lchown ci-artifacts/preflight/: operation not permitted (suppressing repeats) Downloading artifacts for load-scripts (6304357)... Downloading artifacts from coordinator... ok  id=6304357 responseStatus=200 OK token=nj1Ha3Eo WARNING: ci-artifacts/[MASKED]/: lchown ci-artifacts/[MASKED]/: operation not permitted (suppressing repeats) Downloading artifacts for twistlock-scan (6304367)... Downloading artifacts from coordinator... ok  id=6304367 responseStatus=200 OK token=jamg698t WARNING: ci-artifacts/scan-results/twistlock/: lchown ci-artifacts/scan-results/twistlock/: operation not permitted (suppressing repeats) Downloading artifacts for wl-compare-lint (6304361)... Downloading artifacts from coordinator... ok  id=6304361 responseStatus=200 OK token=eAWSnxA1 WARNING: ci-artifacts/lint/: lchown ci-artifacts/lint/: operation not permitted (suppressing repeats) section_end:1631042033:download_artifacts section_start:1631042033:step_script Executing "step_script" stage of the job script $ "${PIPELINE_REPO_DIR}/stages/vat/vat-run-api.sh" INFO: Log level set to info INFO: Gathering list of all justifications... INFO: API Response: {"imageName":"opensource/kubernetes-sigs/sig-storage/snapshot-controller","imageTag":"v3.0.3","vatUrl":"https://vat.dso.mil/vat/container/15559","accreditation":"Onboarding","containerState":"Pending Approval","findings":[{"identifier":"4f9abc83a7a1c95e222b659e0fab27fa","source":"anchore_comp","description":"SUID or SGID found set on file /var/local. Mode: 0o42775\n Gate: files\n Trigger: suid_or_guid_set\n Policy ID: DoDFileChecks","findingsState":"approved","contributor":{"state":"has_justification","date":"2020-09-22T19:38:08.000Z","justification":"The SUID bit prevents users from deleting/modifying files that do not belong to them in /var/local.","user":{"name":"melissari_sean","email":"melissari_sean@bah.com","role":"container_contributor"}},"reviewer":{"state":"reviewed","date":"2020-09-22T19:45:05.000Z","comment":"This finding is approved.","designator":"True Positive","falsePositive":false,"user":{"name":"andymaks7","email":"andre.maksymowicz@centauricorp.com","role":"findings_approver"}},"approver":{"state":"approved","date":"2020-09-24T17:27:07.000Z","comment":"Approved","user":{"name":"nicosnt","email":"nicolas.m.chaillan.civ@mail.mil","role":"container_approver"}}}],"digest":"5604cccad85dd215a5259d0d912464991782ffcb278db2a8439fda086c5c05c8"} INFO: POST Response: 201 section_end:1631042034:step_script section_start:1631042034:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... ci-artifacts/vat_request.json: found 1 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=6304373 responseStatus=201 Created token=tFz9yXps section_end:1631042035:upload_artifacts_on_success section_start:1631042035:cleanup_file_variables Cleaning up file based variables section_end:1631042035:cleanup_file_variables Job succeeded