Running with gitlab-runner 13.8.0 (775dd39d)  on dsop-shared-gitlab-runner-f887cbcbd-srgz6 E82_g8RG section_start:1628558173:resolve_secrets Resolving secrets section_end:1628558173:resolve_secrets section_start:1628558173:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runner-ironbank-dsop WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom Using Kubernetes executor with image registry1.dso.mil/ironbank/ironbank-pipelines/pipeline-runner:0.3 ... section_end:1628558173:prepare_executor section_start:1628558173:prepare_script Preparing environment Waiting for pod gitlab-runner-ironbank-dsop/runner-e82g8rg-project-1828-concurrent-0pq7f8 to be running, status is Pending Waiting for pod gitlab-runner-ironbank-dsop/runner-e82g8rg-project-1828-concurrent-0pq7f8 to be running, status is Pending ContainersNotInitialized: "containers with incomplete status: [istio-init]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" Waiting for pod gitlab-runner-ironbank-dsop/runner-e82g8rg-project-1828-concurrent-0pq7f8 to be running, status is Pending ContainersNotReady: "containers with unready status: [build helper istio-proxy]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" Running on runner-e82g8rg-project-1828-concurrent-0pq7f8 via dsop-shared-gitlab-runner-f887cbcbd-srgz6... section_end:1628558182:prepare_script section_start:1628558182:get_sources Getting source from Git repository $ until [ $(curl --fail --silent --output /dev/stderr --write-out "%{http_code}" localhost:15020/healthz/ready) -eq 200 ]; do echo Waiting for Sidecar; sleep 3 ; done ; echo Sidecar available; Sidecar available Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/dsop/opensource/python/python36/.git/ Created fresh repository. Checking out 80a41b79 as renovate/wheel-0.x... Skipping object checkout, Git LFS is not installed. Skipping Git submodules setup section_end:1628558183:get_sources section_start:1628558183:download_artifacts Downloading artifacts Downloading artifacts for hardening-manifest (5519728)... Downloading artifacts from coordinator... ok  id=5519728 responseStatus=200 OK token=Hjrw6_4w WARNING: ci-artifacts/preflight/: lchown ci-artifacts/preflight/: operation not permitted (suppressing repeats) Downloading artifacts for load-scripts (5519725)... Downloading artifacts from coordinator... ok  id=5519725 responseStatus=200 OK token=a3ecs53j WARNING: ci-artifacts/[MASKED]/: lchown ci-artifacts/[MASKED]/: operation not permitted (suppressing repeats) section_end:1628558184:download_artifacts section_start:1628558184:step_script Executing "step_script" stage of the job script $ if [[ "${CI_COMMIT_BRANCH}" == "master" || "${CI_COMMIT_BRANCH}" == "development" ]] && [[ "${CI_COMMIT_REF_PROTECTED}" != true ]]; then # collapsed multi-line command $ mkdir -p "${ARTIFACT_DIR}" $ set +e $ python3 "${PIPELINE_REPO_DIR}/stages/check-cves/pipeline_wl_compare.py" --lint INFO: Log level set to info INFO: Retrieving findings for opensource/python/python36:3.6 INFO: Running query to vat api INFO: Fetched data from vat successfully INFO: Validating the VAT response against schema INFO: Log level set to info INFO: Loaded definitions from /builds/dsop/opensource/python/python36/ci-artifacts/[MASKED]/stages/check-cves/../../schema/vat_findings.swagger.yaml INFO: Defined base schema off of the Container model WARNING: Error validating the VAT schema 'inheritsFrom' is a required property Failed validating 'required' in schema['properties']['findings']['items']: {'description': 'Findings description', 'properties': {'approver': {'$ref': '#/definitions/FindingsApprover', 'description': 'This object will only ' 'exist if there is a ' 'reviewer. May be missing ' 'if there is no approval ' 'action.'}, 'contributor': {'$ref': '#/definitions/FindingsContributor', 'description': 'This object will be ' 'missing if there is no ' 'justification text'}, 'description': {'type': 'string'}, 'findingsState': {'$ref': '#/definitions/FindingStateEnum'}, 'identifier': {'$ref': '#/definitions/PrintableCharactersWithoutNewlinesOrSlashes', 'description': 'Finding identifier ' '(vulnerability ID or ' 'policy violation ID)'}, 'inheritsFrom': {'description': 'A non-empty array ' 'implies the finding ' 'is inherited. Array ' 'of ubi/ubi8:8.2 etc ' 'ordered from oldest ' 'parent image (first) ' 'to immediate parent ' '(last). Finding will ' 'be present in the ' 'first element of the ' 'array.', 'items': {'$ref': '#/definitions/DockerNameAndTagRegex'}, 'type': 'array'}, 'package': {'type': 'string'}, 'packagePath': {'type': 'string'}, 'reviewer': {'$ref': '#/definitions/FindingsReviewer', 'description': 'This object will only ' 'exist if there is a ' 'contributor. Will be ' 'missing until the ' 'reviewer has performed an ' 'action.'}, 'source': {'$ref': '#/definitions/ScanSourceEnum'}}, 'required': ['identifier', 'source', 'description', 'findingsState', 'inheritsFrom'], 'type': 'object'} On instance['findings'][0]: {'approver': {'comment': 'Approved with conditions. RH must fix ' 'CVE-2019-25013 within 30 days.', 'date': '2021-01-27T22:52:42.000Z', 'state': 'approved', 'user': {'email': 'nicolas.m.chaillan.civ@mail.mil', 'name': 'nicosnt', 'role': 'container_approver'}}, 'contributor': {'date': '2020-11-10T15:00:28.000Z', 'justification': 'Required for su functionality.', 'state': 'has_justification', 'user': {'email': 'alan.fontaine@centauricorp.com', 'name': 'alfontaine', 'role': 'findings_approver'}}, 'description': 'SUID or SGID found set on file /usr/bin/su. Mode: ' '0o104755\n' ' Gate: files\n' ' Trigger: suid_or_guid_set\n' ' Policy ID: DoDFileChecks', 'findingsState': 'approved', 'identifier': '320a97c6816565eedf3545833df99dd0', 'reviewer': {'comment': 'Approved, imported from spreadsheet.', 'date': '2020-11-10T15:00:28.000Z', 'falsePositive': False, 'state': 'reviewed', 'user': {'email': 'alan.fontaine@centauricorp.com', 'name': 'alfontaine', 'role': 'findings_approver'}}, 'source': 'anchore_comp'} INFO: CONTAINER APPROVAL STATUS INFO: Approved INFO: CONTAINER APPROVAL TEXT INFO: Approved INFO: skopeo inspect --authfile prod_pull_auth.json docker://registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.4 INFO: Getting redhat/ubi/ubi8 hardening_manifest.yaml from master INFO: Retrieving findings for redhat/ubi/ubi8:8.4 INFO: Artifact Directory: ci-artifacts/lint section_end:1628558185:step_script section_start:1628558185:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... ci-artifacts/lint/: found 4 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=5519729 responseStatus=201 Created token=3eiqcvzt Uploading artifacts... variables.env: found 1 matching files and directories Uploading artifacts as "dotenv" to coordinator... ok id=5519729 responseStatus=201 Created token=3eiqcvzt section_end:1628558187:upload_artifacts_on_success section_start:1628558187:cleanup_file_variables Cleaning up file based variables section_end:1628558187:cleanup_file_variables Job succeeded