UNCLASSIFIED

Skip to content

GitLab

Update node:10.24 Docker digest to 5e3ebdd

14 jobs for renovate/node in 19 minutes and 33 seconds (queued for 15 seconds)
44a0f7f4
1 related merge request: !17 Update node:10.24 Docker digest to 5e3ebdd
Status Job ID Name Coverage
  .Pre
passed #2644086
ironbank
load scripts

00:00:10

 
  Preflight
passed #2644087
ironbank
folder structure

00:00:06

passed #2644088
ironbank
hardening_manifest

00:00:11

 
  Lint
passed #2644089
ironbank
wl compare lint

00:00:13

 
  Finding Compare
failed #2644090
ironbank allowed to fail
vat compare

00:00:10

 
  Import Artifacts
passed #2644091
ironbank
import artifacts

00:02:04

 
  Scan Artifacts
passed #2644092
ironbank
clamav scan

00:06:05

 
  Build
passed #2644093
ironbank-isolated
build

00:03:18

 
  Scanning
passed #2644097
ironbank
anchore scan

00:03:02

passed #2644094
ironbank
openscap compliance

00:01:03

passed #2644095
ironbank
openscap cve

00:05:35

passed #2644096
ironbank
twistlock scan

00:00:22

 
  Csv Output
passed #2644098
ironbank
csv output

00:01:17

 
  Check Cves
failed #2644099
ironbank allowed to fail
check cves

00:00:25

 
Name Stage Failure
failed
check cves Check Cves 
ERROR: NON-WHITELISTED VULNERABILITIES FOUND
ERROR: Number of non-whitelisted vulnerabilities: 3
ERROR: The following vulnerabilities are not whitelisted:
ERROR: scan_source                   cve_id                        package                       package_path                  
ERROR: anchore_cve                   CVE-2021-27290                ssri-6.0.1                    /usr/local/lib/node_modules/npm/node_modules/ssri/package.json    
ERROR: anchore_cve                   GHSA-vx3p-948g-6vhq           ssri-6.0.1                    /usr/local/lib/node_modules/npm/node_modules/ssri/package.json    
ERROR: twistlock_cve                 CVE-2021-27290                ssri-6.0.1                    None                          
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1
failed
vat compare Finding Compare 
('CVE-2020-13776', 'anchore_cve', 'systemd-239-41.el8_3.2\nhttps://access.redhat.com/security/cve/CVE-2020-13776', 'systemd-239-41.el8_3.2', None)
('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'nettle-3.4.1-2.el8', None)
('CVE-2021-23840', 'anchore_cve', 'openssl-libs-1.1.1g-15.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-23840', 'openssl-libs-1.1.1g-15.el8_3', None)
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2644090 responseStatus=201 Created token=9W9CXDsX
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4

UNCLASSIFIED