UNCLASSIFIED

Skip to content

GitLab

This is a pinned version and shouldn't be renovated.

14 jobs for remove-renovate in 9 minutes and 56 seconds (queued for 5 seconds)
b7f4fc55
1 related merge request: !16 This is a pinned version and shouldn't be renovated.
Status Job ID Name Coverage
  .Pre
passed #2780420
ironbank
load scripts

00:00:07

 
  Preflight
passed #2780421
ironbank
folder structure

00:00:05

passed #2780422
ironbank
hardening_manifest

00:00:10

 
  Lint
passed #2780423
ironbank
wl compare lint

00:00:10

 
  Finding Compare
failed #2780424
ironbank allowed to fail
vat compare

00:00:07

 
  Import Artifacts
passed #2780425
ironbank
import artifacts

00:00:47

 
  Scan Artifacts
passed #2780426
ironbank
clamav scan

00:01:12

 
  Build
passed #2780427
ironbank-isolated
build

00:02:09

 
  Scanning
passed #2780431
ironbank
anchore scan

00:02:23

passed #2780428
ironbank
openscap compliance

00:01:00

passed #2780429
ironbank
openscap cve

00:04:01

passed #2780430
ironbank
twistlock scan

00:00:22

 
  Csv Output
passed #2780432
ironbank
csv output

00:00:53

 
  Check Cves
failed #2780433
ironbank allowed to fail
check cves

00:00:14

 
Name Stage Failure
failed
check cves Check Cves 
ERROR: NON-WHITELISTED VULNERABILITIES FOUND
ERROR: Number of non-whitelisted vulnerabilities: 3
ERROR: The following vulnerabilities are not whitelisted:
ERROR: scan_source                   cve_id                        package                       package_path                  
ERROR: oscap_cve                     CVE-2021-20305                gnutls                        None                          
ERROR: oscap_cve                     RHSA-2021:1206                gnutls                        None                          
ERROR: twistlock_cve                 CVE-2021-21409                io.netty_netty-3.7.0.Final    None                          
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1
failed
vat compare Finding Compare 
INFO: ('CVE-2020-35512', 'anchore_cve', 'dbus-daemon-1.12.8-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2020-35512', 'dbus-daemon-1.12.8-12.el8_3', None)
INFO: ('CVE-2020-35512', 'anchore_cve', 'dbus-common-1.12.8-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2020-35512', 'dbus-common-1.12.8-12.el8_3', None)
INFO: ('CVE-2021-23841', 'twistlock_cve', 'The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).', 'openssl-1.1.1g-15.el8_3', None)
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2780424 responseStatus=201 Created token=qicoLxyv
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4

UNCLASSIFIED