Pipeline · Ironbank Containers / Opensource / prometheus / prometheus

Merge branch 'renovate/docker-prom-prometheus-2.x' into 'development'

Update prom/prometheus Docker tag to v2.26.0

See merge request !38

20 jobs for development in 12 minutes and 6 seconds (queued for 14 minutes and 24 seconds)

a970e076

Status	Job ID	Name
.Pre
passed	#2850483 ironbank	load scripts	00:00:07 Apr 20, 2021

Preflight
passed	#2850485 ironbank	folder structure	00:00:05 Apr 20, 2021
passed	#2850486 ironbank	hardening_manifest	00:00:11 Apr 20, 2021
passed	#2850484 ironbank	trufflehog	00:00:06 Apr 20, 2021

Lint
passed	#2850487 ironbank	wl compare lint	00:00:12 Apr 20, 2021

Finding Compare
failed	#2850488 ironbank allowed to fail	vat compare	00:00:10 Apr 20, 2021

Import Artifacts
passed	#2850489 ironbank	import artifacts	00:00:32 Apr 20, 2021

Scan Artifacts
passed	#2850490 ironbank	clamav scan	00:01:10 Apr 20, 2021

Build
passed	#2850491 ironbank-isolated	build	00:02:05 Apr 20, 2021

Scanning
passed	#2850492 ironbank	anchore scan	00:01:54 Apr 20, 2021
passed	#2850493 ironbank	openscap compliance	00:01:02 Apr 20, 2021
passed	#2850494 ironbank	openscap cve	00:04:11 Apr 20, 2021
passed	#2850495 ironbank	twistlock scan	00:00:32 Apr 20, 2021

Csv Output
passed	#2850496 ironbank	csv output	00:00:51 Apr 20, 2021

Check Cves
passed	#2850497 ironbank	check cves	00:00:15 Apr 20, 2021

Documentation
passed	#2850498 ironbank	sign image	00:00:31 Apr 20, 2021
passed	#2850499 ironbank	sign manifest	00:00:21 Apr 20, 2021
passed	#2850500 ironbank	write json documentation	00:00:24 Apr 20, 2021

S3 Publish
passed	#2850501 ironbank	upload to s3	00:01:33 Apr 20, 2021

Vat
passed	#2850502 ironbank	vat	00:00:09 Apr 20, 2021

Name Stage Failure

	Name	Stage	Failure
failed	vat compare	Finding Compare
	INFO: ('CVE-2021-20231', 'anchore_cve', 'gnutls-3.6.14-7.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-20231', 'gnutls-3.6.14-7.el8_3', None) INFO: ('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'nettle-3.4.1-2.el8', None) INFO: ('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'gnutls-3.6.14-7.el8_3', None) Uploading artifacts for failed job Uploading artifacts... ci-artifacts/compare/: found 2 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=2850488 responseStatus=201 Created token=NZKWLVxp Cleaning up file based variables ERROR: Job failed: command terminated with exit code 4

failed

vat compare

Finding Compare

INFO: ('CVE-2021-20231', 'anchore_cve', 'gnutls-3.6.14-7.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-20231', 'gnutls-3.6.14-7.el8_3', None)
INFO: ('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'nettle-3.4.1-2.el8', None)
INFO: ('CVE-2021-20305', 'twistlock_cve', 'A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.', 'gnutls-3.6.14-7.el8_3', None)
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2850488 responseStatus=201 Created token=NZKWLVxp
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4