Running with gitlab-runner 13.8.0 (775dd39d)
  on global-shared-gitlab-runner-89dbd4db8-mnp6b RKzCU9YR
section_start:1617723900:resolve_secrets
Resolving secrets
section_end:1617723900:resolve_secrets
section_start:1617723900:prepare_executor
Preparing the "kubernetes" executor
Using Kubernetes namespace: gitlab-runner
WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom
Using Kubernetes executor with image ${GITLAB_INTERNAL_REGISTRY}/ironbank-tools/ironbank-pipeline/ib-pipeline-image:0.1 ...
section_end:1617723900:prepare_executor
section_start:1617723900:prepare_script
Preparing environment
Waiting for pod gitlab-runner/runner-rkzcu9yr-project-5780-concurrent-0kkt2d to be running, status is Pending
Running on runner-rkzcu9yr-project-5780-concurrent-0kkt2d via global-shared-gitlab-runner-89dbd4db8-mnp6b...
section_end:1617723904:prepare_script
section_start:1617723904:get_sources
Getting source from Git repository
Fetching changes with git depth set to 50...
Initialized empty Git repository in /builds/dsop/opensource/trufflehog/truffelhog3/.git/
Created fresh repository.
Checking out 5773dbdf as dep-updates...

Skipping Git submodules setup
section_end:1617723904:get_sources
section_start:1617723904:download_artifacts
Downloading artifacts
Downloading artifacts for hardening_manifest (2622632)...
Downloading artifacts for load scripts (2622630)...
Downloading artifacts from coordinator... ok        id=2622632 responseStatus=200 OK token=aZPLG_cZ
Downloading artifacts from coordinator... ok        id=2622630 responseStatus=200 OK token=F8QDHRGe
Downloading artifacts for wl compare lint (2622633)...
Downloading artifacts from coordinator... ok        id=2622633 responseStatus=200 OK token=HCyWB4CJ
section_end:1617723905:download_artifacts
section_start:1617723905:step_script
Executing "step_script" stage of the job script
$ mkdir -p "${ARTIFACT_DIR}"
$ set +e
$ python3 "${PIPELINE_REPO_DIR}/stages/vat-finding-compare/vat_findings.py"
api set length: 150
db set length: 141
Findings are NOT the same!
There are CVEs from the api that are not returned by the query
There are CVEs from the query that are not returned by the api
Please run the development branch for this project before validating query/api data
Findings from api not in direct query
('CVE-2020-10543', 'anchore_cve', 'perl-interpreter-5.26.3-417.el8_3\nhttps://access.redhat.com/security/cve/CVE-2020-10543', 'perl-interpreter-5.26.3-417.el8_3', None)
('CVE-2020-10543', 'anchore_cve', 'perl-macros-5.26.3-417.el8_3\nhttps://access.redhat.com/security/cve/CVE-2020-10543', 'perl-macros-5.26.3-417.el8_3', None)
('CVE-2021-3426', 'anchore_cve', 'python-3.9.2\nBug Tracker: https://bugs.python.org/issue42988\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1917807\nVendor Specific Solution URL: https://github.com/python/cpython/pull/24285\nOther Solution URL: https://github.com/python/cpython/commit/bcdca322f184e6ccddb9df763fe7d1ad175bd7a4\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3426\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1935913\nBug Tracker: https://github.com/python/cpython/pull/24337\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3426\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.9.4/whatsnew/changelog.html#changelog\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('CVE-2020-10543', 'anchore_cve', 'perl-libs-5.26.3-417.el8_3\nhttps://access.redhat.com/security/cve/CVE-2020-10543', 'perl-libs-5.26.3-417.el8_3', None)
('CVE-2021-3450', 'anchore_cve', 'python-3.9.2\nVendor Specific Advisory URL: https://support2.windriver.com/index.php?page=security-notices&on=view&id=7055\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3450\nMail List Post: https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html\nVendor Specific Advisory URL: https://www.openssl.org/news/secadv/20210325.txt\nVendor Specific Advisory URL: https://www.openssl.org/news/vulnerabilities.html\nBug Tracker: https://github.com/openssl/openssl/issues/14670\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3450\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1941547\nVendor Specific Advisory URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\nVendor Specific Advisory URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35948\nOther Advisory URL: http://jvn.jp/vu/JVNVU92126369/index.html\nVendor Specific Advisory URL: https://security.netapp.com/advisory/ntap-20210326-0006/\nVendor Specific Advisory URL: https://support.f5.com/csp/article/K52171694\nNews Article: https://www.bankinfosecurity.com/openssl-fixes-flaws-that-could-lead-to-server-takedowns-a-16276\nNews Article: https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/\nNews Article: https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/\nVendor Specific Advisory URL: https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Solution URL: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/27/1\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/27/2\nMail List Post: https://seclists.org/oss-sec/2021/q1/266\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/28/3\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/28/4\nOther Advisory URL: https://matrix.org/blog/2021/03/26/synapse-1-30-1-released/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1024.html\nVendor Specific Advisory URL: https://news.cpanel.com/easyapache-4-march-31-release/\nVendor Specific Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific Solution URL: https://security.gentoo.org/glsa/202103-03\nVendor Specific News/Changelog Entry: https://www.tenable.com/security/tns-2021-05\nOther Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('CVE-2020-10878', 'anchore_cve', 'perl-libs-5.26.3-417.el8_3\nhttps://access.redhat.com/security/cve/CVE-2020-10878', 'perl-libs-5.26.3-417.el8_3', None)
('GHSA-8q59-q68h-6hv4', 'anchore_cve', 'PyYAML-5.3.1\nhttps://github.com/advisories/GHSA-8q59-q68h-6hv4', 'PyYAML-5.3.1', '/usr/local/lib/python3.9/site-packages/yaml')
('CVE-2020-10878', 'anchore_cve', 'perl-interpreter-5.26.3-417.el8_3\nhttps://access.redhat.com/security/cve/CVE-2020-10878', 'perl-interpreter-5.26.3-417.el8_3', None)
('VULNDB-253222', 'anchore_cve', 'python-3.9.2\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nBug Tracker: https://bugs.python.org/issue43439\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.9.4/whatsnew/changelog.html#changelog\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('CVE-2020-28493', 'twistlock_cve', 'This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.', 'jinja2-2.11.1', None)
('CVE-2020-10878', 'anchore_cve', 'perl-macros-5.26.3-417.el8_3\nhttps://access.redhat.com/security/cve/CVE-2020-10878', 'perl-macros-5.26.3-417.el8_3', None)
('VULNDB-250117', 'anchore_cve', 'python-3.9.2\nBug Tracker: https://bugs.python.org/issue43285\nVendor Specific Solution URL: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e\nVendor Specific Solution URL: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335\nVendor Specific Solution URL: https://github.com/python/cpython/commit/664d1d16274b47eea6ec92572e1ebf3939a6fa0c\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.9.4/whatsnew/changelog.html#changelog\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('CVE-2021-3449', 'anchore_cve', 'python-3.9.2\nVendor Specific Advisory URL: https://support2.windriver.com/index.php?page=security-notices&on=view&id=7055\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3449\nMail List Post: https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html\nVendor Specific Advisory URL: https://www.openssl.org/news/secadv/20210325.txt\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/02b1636fe3db274497304a3e95a4e32ced7e841b\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/39a140597d874e554b736885ac4dea16ac40a87a\nVendor Specific Advisory URL: https://www.openssl.org/news/vulnerabilities.html\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3449\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1941554\nVendor Specific Advisory URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\nVendor Specific Advisory URL: https://ubuntu.com/security/notices/USN-4891-1\nVendor Specific Advisory URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Advisory URL: https://www.debian.org/security/2021/dsa-4875\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35948\nOther Advisory URL: http://jvn.jp/vu/JVNVU92126369/index.html\nVendor Specific Advisory URL: https://forums.opensuse.org/showthread.php/551969-openSUSE-SU-2021-0476-1-important-Security-update-for-openssl-1_1\nVendor Specific Advisory URL: https://security.netapp.com/advisory/ntap-20210326-0006/\nGeneric Exploit URL: https://github.com/terorie/cve-2021-3449\nVendor Specific Advisory URL: https://www.suse.com/support/update/announcement/2021/suse-su-20210954-1/\nVendor Specific Advisory URL: https://www.suse.com/support/update/announcement/2021/suse-su-20210955-1/\nBug Tracker: https://bugzilla.suse.com/show_bug.cgi?id=1183852\nVendor Specific Advisory URL: https://support.f5.com/csp/article/K83623027\nNews Article: https://www.bankinfosecurity.com/openssl-fixes-flaws-that-could-lead-to-server-takedowns-a-16276\nNews Article: https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/\nNews Article: https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/\nVendor Specific Advisory URL: https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Solution URL: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148\nVendor Specific News/Changelog Entry: https://blog.powerdns.com/2021/03/29/third-alpha-release-of-dnsdist-1-6-0/\nVendor Specific News/Changelog Entry: https://dnsdist.org/changelog.html#change-1.6.0-alpha3\nOther Advisory URL: https://matrix.org/blog/2021/03/26/synapse-1-30-1-released/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1024.html\nVendor Specific Advisory URL: https://networks.unify.com/security/advisories/OBSO-2103-01.pdf\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/27/1\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/27/2\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/28/3\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/28/4\nVendor Specific Advisory URL: https://news.cpanel.com/easyapache-4-march-31-release/\nVendor Specific Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific Advisory URL: https://www.tenable.com/security/tns-2021-06\nVendor Specific Solution URL: https://security.gentoo.org/glsa/202103-03\nVendor Specific News/Changelog Entry: https://www.tenable.com/security/tns-2021-05\nOther Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1063.html\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('CVE-2020-14343', 'twistlock_cve', 'A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.', 'pyyaml-5.3.1', None)
Findings from direct query not in api
('CVE-2021-3449', 'anchore_cve', 'openssl-libs-1.1.1g-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-3449', 'openssl-libs-1.1.1g-12.el8_3', None)
('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None)
('CVE-2021-23841', 'anchore_cve', 'openssl-libs-1.1.1g-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-23841', 'openssl-libs-1.1.1g-12.el8_3', None)
('CVE-2021-23840', 'anchore_cve', 'openssl-libs-1.1.1g-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-23840', 'openssl-libs-1.1.1g-12.el8_3', None)
('CVE-2021-3450', 'anchore_cve', 'openssl-libs-1.1.1g-12.el8_3\nhttps://access.redhat.com/security/cve/CVE-2021-3450', 'openssl-libs-1.1.1g-12.el8_3', None)
section_end:1617723907:step_script
section_start:1617723907:upload_artifacts_on_failure
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2622634 responseStatus=201 Created token=LsgH5wZ8
section_end:1617723908:upload_artifacts_on_failure
section_start:1617723908:cleanup_file_variables
Cleaning up file based variables
section_end:1617723908:cleanup_file_variables
ERROR: Job failed: command terminated with exit code 4