Running with gitlab-runner 13.8.0 (775dd39d)
  on global-shared-gitlab-runner-89dbd4db8-mnp6b RKzCU9YR
section_start:1617994499:resolve_secrets
Resolving secrets
section_end:1617994499:resolve_secrets
section_start:1617994499:prepare_executor
Preparing the "kubernetes" executor
Using Kubernetes namespace: gitlab-runner
WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom
Using Kubernetes executor with image ${GITLAB_INTERNAL_REGISTRY}/ironbank-tools/ironbank-pipeline/ib-pipeline-image:0.1 ...
section_end:1617994499:prepare_executor
section_start:1617994499:prepare_script
Preparing environment
Waiting for pod gitlab-runner/runner-rkzcu9yr-project-5780-concurrent-0mtv29 to be running, status is Pending
	ContainersNotReady: "containers with unready status: [build helper]"
	ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-rkzcu9yr-project-5780-concurrent-0mtv29 via global-shared-gitlab-runner-89dbd4db8-mnp6b...
section_end:1617994503:prepare_script
section_start:1617994503:get_sources
Getting source from Git repository
Fetching changes with git depth set to 50...
Initialized empty Git repository in /builds/dsop/opensource/trufflehog/truffelhog3/.git/
Created fresh repository.
Checking out bc1a1e7a as python-update...

Skipping Git submodules setup
section_end:1617994503:get_sources
section_start:1617994503:download_artifacts
Downloading artifacts
Downloading artifacts for hardening_manifest (2666041)...
Downloading artifacts from coordinator... ok        id=2666041 responseStatus=200 OK token=oCVSVGym
Downloading artifacts for load scripts (2666039)...
Downloading artifacts from coordinator... ok        id=2666039 responseStatus=200 OK token=ZafWq-1d
Downloading artifacts for wl compare lint (2666042)...
Downloading artifacts from coordinator... ok        id=2666042 responseStatus=200 OK token=pAkcEexU
section_end:1617994503:download_artifacts
section_start:1617994503:step_script
Executing "step_script" stage of the job script
$ mkdir -p "${ARTIFACT_DIR}"
$ set +e
$ python3 "${PIPELINE_REPO_DIR}/stages/vat-finding-compare/vat_findings.py"
api set length: 142
db set length: 138
Findings are NOT the same!
There are CVEs from the api that are not returned by the query
There are CVEs from the query that are not returned by the api
Please run the development branch for this project before validating query/api data
Findings from api not in direct query
('VULNDB-253222', 'anchore_cve', 'python-3.9.2\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nBug Tracker: https://bugs.python.org/issue43439\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.9.4/whatsnew/changelog.html#changelog\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('CVE-2021-3450', 'anchore_cve', 'python-3.9.2\nVendor Specific News/Changelog Entry: https://downloads.nodesource.com/\nVendor Specific Advisory URL: https://support2.windriver.com/index.php?page=security-notices&on=view&id=7055\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3450\nMail List Post: https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html\nVendor Specific Advisory URL: https://www.openssl.org/news/secadv/20210325.txt\nVendor Specific Advisory URL: https://www.openssl.org/news/vulnerabilities.html\nBug Tracker: https://github.com/openssl/openssl/issues/14670\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3450\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1941547\nVendor Specific Advisory URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\nVendor Specific Advisory URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35948\nOther Advisory URL: http://jvn.jp/vu/JVNVU92126369/index.html\nVendor Specific Advisory URL: https://security.netapp.com/advisory/ntap-20210326-0006/\nVendor Specific Advisory URL: https://support.f5.com/csp/article/K52171694\nNews Article: https://www.bankinfosecurity.com/openssl-fixes-flaws-that-could-lead-to-server-takedowns-a-16276\nNews Article: https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/\nNews Article: https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/\nVendor Specific Advisory URL: https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Solution URL: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/27/1\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/27/2\nMail List Post: https://seclists.org/oss-sec/2021/q1/266\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/28/3\nOther Advisory URL: http://www.openwall.com/lists/oss-security/2021/03/28/4\nOther Advisory URL: https://matrix.org/blog/2021/03/26/synapse-1-30-1-released/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1024.html\nVendor Specific Advisory URL: https://news.cpanel.com/easyapache-4-march-31-release/\nVendor Specific Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific Solution URL: https://security.gentoo.org/glsa/202103-03\nVendor Specific News/Changelog Entry: https://www.tenable.com/security/tns-2021-05\nOther Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific Advisory URL: https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/\nOther Advisory URL: https://www.tenable.com/security/tns-2021-08\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('VULNDB-250117', 'anchore_cve', 'python-3.9.2\nBug Tracker: https://bugs.python.org/issue43285\nVendor Specific Solution URL: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e\nVendor Specific Solution URL: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335\nVendor Specific Solution URL: https://github.com/python/cpython/commit/664d1d16274b47eea6ec92572e1ebf3939a6fa0c\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.9.4/whatsnew/changelog.html#changelog\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('CVE-2021-3426', 'anchore_cve', 'python-3.9.2\nBug Tracker: https://bugs.python.org/issue42988\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1917807\nVendor Specific Solution URL: https://github.com/python/cpython/pull/24285\nOther Solution URL: https://github.com/python/cpython/commit/bcdca322f184e6ccddb9df763fe7d1ad175bd7a4\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3426\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1935913\nBug Tracker: https://github.com/python/cpython/pull/24337\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3426\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.8.9/whatsnew/changelog.html#python-3-8-9\nVendor Specific News/Changelog Entry: https://docs.python.org/release/3.9.4/whatsnew/changelog.html#changelog\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
('CVE-2021-3449', 'anchore_cve', 'python-3.9.2\nVendor Specific News/Changelog Entry: https://downloads.nodesource.com/\nVendor Specific Advisory URL: https://support2.windriver.com/index.php?page=security-notices&on=view&id=7055\nCVE ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3449\nMail List Post: https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html\nVendor Specific Advisory URL: https://www.openssl.org/news/secadv/20210325.txt\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/02b1636fe3db274497304a3e95a4e32ced7e841b\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/39a140597d874e554b736885ac4dea16ac40a87a\nVendor Specific Advisory URL: https://www.openssl.org/news/vulnerabilities.html\nVendor Specific Solution URL: https://github.com/openssl/openssl/commit/2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\nVendor Specific Advisory URL: https://access.redhat.com/security/cve/cve-2021-3449\nBug Tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1941554\nVendor Specific Advisory URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\nVendor Specific Advisory URL: https://ubuntu.com/security/notices/USN-4891-1\nVendor Specific Advisory URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Advisory URL: https://www.debian.org/security/2021/dsa-4875\nOther Advisory URL: https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35948\nOther Advisory URL: http://jvn.jp/vu/JVNVU92126369/index.html\nVendor Specific Advisory URL: https://forums.opensuse.org/showthread.php/551969-openSUSE-SU-2021-0476-1-important-Security-update-for-openssl-1_1\nVendor Specific Advisory URL: https://security.netapp.com/advisory/ntap-20210326-0006/\nGeneric Exploit URL: https://github.com/terorie/cve-2021-3449\nVendor Specific Advisory URL: https://www.suse.com/support/update/announcement/2021/suse-su-20210954-1/\nVendor Specific Advisory URL: https://www.suse.com/support/update/announcement/2021/suse-su-20210955-1/\nBug Tracker: https://bugzilla.suse.com/show_bug.cgi?id=1183852\nVendor Specific Advisory URL: https://support.f5.com/csp/article/K83623027\nNews Article: https://www.bankinfosecurity.com/openssl-fixes-flaws-that-could-lead-to-server-takedowns-a-16276\nNews Article: https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/\nNews Article: https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/\nVendor Specific Advisory URL: https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc\nVendor Specific Solution URL: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148\nVendor Specific News/Changelog Entry: https://blog.powerdns.com/2021/03/29/third-alpha-release-of-dnsdist-1-6-0/\nVendor Specific News/Changelog Entry: https://dnsdist.org/changelog.html#change-1.6.0-alpha3\nOther Advisory URL: https://matrix.org/blog/2021/03/26/synapse-1-30-1-released/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1024.html\nVendor Specific Advisory URL: https://networks.unify.com/security/advisories/OBSO-2103-01.pdf\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/27/1\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/27/2\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/28/3\nMail List Post: http://www.openwall.com/lists/oss-security/2021/03/28/4\nVendor Specific Advisory URL: https://news.cpanel.com/easyapache-4-march-31-release/\nVendor Specific Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific Advisory URL: https://www.tenable.com/security/tns-2021-06\nVendor Specific Solution URL: https://security.gentoo.org/glsa/202103-03\nVendor Specific News/Changelog Entry: https://www.tenable.com/security/tns-2021-05\nOther Advisory URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-393/\nVendor Specific News/Changelog Entry: https://www.python.org/downloads/release/python-389/\nVendor Specific News/Changelog Entry: https://pythoninsider.blogspot.com/2021/04/python-394-hotfix-is-now-available.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PythonInsider+%28Python+Insider%29\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1063.html\nVendor Specific Advisory URL: https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/\nRedHat RHSA: http://rhn.redhat.com/errata/RHSA-2021-1131.html\nVendor Specific Advisory URL: https://support.broadcom.com/security-advisory/content/security-advisories/OpenSSL-Vulnerabilities-Mar-2021/SYMSA17849\n', 'python-3.9.2', '/usr/local/lib/libpython3.9.so.1.0')
Findings from direct query not in api
('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None)
section_end:1617994504:step_script
section_start:1617994504:upload_artifacts_on_failure
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2666043 responseStatus=201 Created token=fMSSsj-k
section_end:1617994505:upload_artifacts_on_failure
section_start:1617994505:cleanup_file_variables
Cleaning up file based variables
section_end:1617994505:cleanup_file_variables
ERROR: Job failed: command terminated with exit code 4