UNCLASSIFIED

Skip to content

GitLab

remove vendor keys

14 jobs for key-fix in 26 minutes and 48 seconds (queued for 3 seconds)
07f9bb5d
1 related merge request: !15 remove vendor keys
Status Job ID Name Coverage
  .Pre
passed #2666893
ironbank
load scripts

00:00:07

 
  Preflight
passed #2666894
ironbank
folder structure

00:00:08

passed #2666895
ironbank
hardening_manifest

00:00:11

 
  Lint
passed #2666896
ironbank
wl compare lint

00:00:11

 
  Finding Compare
failed #2666897
ironbank allowed to fail
vat compare

00:00:09

 
  Import Artifacts
passed #2666898
ironbank
import artifacts

00:00:30

 
  Scan Artifacts
passed #2666899
ironbank
clamav scan

00:17:15

 
  Build
passed #2666900
ironbank-isolated
build

00:02:53

 
  Scanning
passed #2666904
ironbank
anchore scan

00:02:33

passed #2666901
ironbank
openscap compliance

00:01:04

passed #2666902
ironbank
openscap cve

00:04:04

passed #2666903
ironbank
twistlock scan

00:00:32

 
  Csv Output
passed #2666905
ironbank
csv output

00:01:07

 
  Check Cves
failed #2666906
ironbank allowed to fail
check cves

00:00:17

 
Name Stage Failure
failed
check cves Check Cves 
INFO: {Finding(scan_source='oscap_comp', cve_id='CCE-82473-0', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82267-6', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20305', package='gnutls-3.6.14-7.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23336', package='platform-python-devel-3.6.8-31.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80784-2', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82214-8', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-22876', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82959-8', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-27219', package='glib2-2.56.4-8.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3326', package='glibc-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_comp', cve_id='639f6f1177735759703e928c14714a59', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3426', package='platform-python-devel-3.6.8-31.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-25013', package='glibc-common-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3426', package='platform-python-3.6.8-31.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-19246', package='oniguruma-6.8.2-2.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82494-6', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27619', package='python3-libs-3.6.8-31.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3445', package='libdnf-0.48.0-5.el8', package_path=None), Finding(scan_source='anchore_comp', cve_id='addbb93c22e9b0988b8b40392a4538cb', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23336', package='platform-python-3.6.8-31.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82168-6', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8927', package='brotli-1.0.6-2.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82360-9', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20231', package='gnutls-3.6.14-7.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-25013', package='glibc-2.28-127.el8_3.2', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-27618', package='glibc-2.28-127.el8_3.2', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82472-2', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8927', package='brotli-1.0.6-2.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-28153', package='glib2-2.56.4-8.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3177', package='python3-libs-3.6.8-31.el8', package_path=None), Finding(scan_source='anchore_comp', cve_id='c2e44319ae5b3b040044d8ae116d1c2f', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-13776', package='systemd-libs-239-41.el8_3.2', package_path=None), Finding(scan_source='anchore_comp', cve_id='abb121e9621abdd452f65844954cf1c1', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-13776', package='systemd-239-41.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20266', package='rpm-libs-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20305', package='gnutls-3.6.14-7.el8_3', package_path=None), Finding(scan_source='anchore_comp', cve_id='3e5fad1c039f3ecfd1dcdc94d2f1f9a0', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27645', package='glibc-common-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_comp', cve_id='34de21e516c0ca50a96e5386f163f8bf', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82220-5', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-28196', package='krb5-libs-1.18.2-5.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8285', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-3326', package='glibc-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27219', package='glib2-2.56.4-8.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3421', package='rpm-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20266', package='python3-rpm-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_comp', cve_id='463a9a24225c26f7a5bf3f38908e5cb3', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3421', package='rpm-libs-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3326', package='glibc-common-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3177', package='platform-python-devel-3.6.8-31.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-29363', package='p11-kit-trust-0.23.14-5.el8_0', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-22876', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27218', package='glib2-2.56.4-8.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3421', package='python3-rpm-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_comp', cve_id='c4ad80832b361f81df2a31e5b6b09864', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8231', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20231', package='gnutls-3.6.14-7.el8_3', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8284', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-25658', package='rsa-4.7.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-16135', package='libssh-0.9.4-2.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-27218', package='glib2-2.56.4-8.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-16135', package='libssh-config-0.9.4-2.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20271', package='rpm-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27645', package='glibc-minimal-langpack-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3326', package='glibc-minimal-langpack-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27618', package='glibc-minimal-langpack-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-22876', package='libcurl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-24977', package='python3-libxml2-2.9.7-8.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8286', package='libcurl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20266', package='rpm-build-libs-4.14.3-4.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-29363', package='p11-kit-0.23.14-5.el8_0', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82979-6', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8285', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-24977', package='libxml2-2.9.7-8.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8284', package='libcurl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-29361', package='p11-kit-0.23.14-5.el8_0', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82395-5', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3177', package='platform-python-3.6.8-31.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82985-3', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8285', package='libcurl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_comp', cve_id='e7573262736ef52353cde3bae2617782', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-13776', package='systemd-pam-239-41.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27618', package='glibc-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8284', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20232', package='gnutls-3.6.14-7.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20271', package='rpm-libs-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_comp', cve_id='320a97c6816565eedf3545833df99dd0', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-27645', package='glibc-2.28-127.el8_3.2', package_path=None), Finding(scan_source='anchore_comp', cve_id='bcd159901fe47efddae5c095b4b0d7fd', package=None, package_path=None), Finding(scan_source='anchore_comp', cve_id='3456a263793066e9b5063ada6e47917d', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82949-9', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80938-4', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-13434', package='sqlite-libs-3.26.0-11.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27619', package='platform-python-3.6.8-31.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-29362', package='p11-kit-0.23.14-5.el8_0', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20266', package='rpm-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23336', package='python3-libs-3.6.8-31.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-29363', package='p11-kit-0.23.14-5.el8_0', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-29362', package='p11-kit-0.23.14-5.el8_0', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80935-0', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3445', package='python3-hawkey-0.48.0-5.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82474-8', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20232', package='gnutls-3.6.14-7.el8_3', package_path=None), Finding(scan_source='anchore_comp', cve_id='698044205a9c4a6d48b7937e66a6bf4f', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-29361', package='p11-kit-0.23.14-5.el8_0', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2019-25013', package='glibc-2.28-127.el8_3.2', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82368-2', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-15358', package='sqlite-libs-3.26.0-11.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23840', package='openssl-libs-1.1.1g-15.el8_3', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20305', package='nettle-3.4.1-2.el8', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-83401-0', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27619', package='platform-python-devel-3.6.8-31.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-13776', package='systemd-239-41.el8_3.2', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8286', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20271', package='rpm-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3421', package='rpm-build-libs-4.14.3-4.el8', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-20305', package='nettle-3.4.1-2.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-27618', package='glibc-common-2.28-127.el8_3.2', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2020-8231', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8286', package='curl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-28153', package='glib2-2.56.4-8.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3426', package='python3-libs-3.6.8-31.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23841', package='openssl-libs-1.1.1g-15.el8_3', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-82880-6', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-8231', package='libcurl-7.61.1-14.el8_3.1', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-24370', package='lua-libs-5.3.4-11.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3445', package='python3-libdnf-0.48.0-5.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-29362', package='p11-kit-trust-0.23.14-5.el8_0', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20271', package='python3-rpm-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2020-29361', package='p11-kit-trust-0.23.14-5.el8_0', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20271', package='rpm-build-libs-4.14.3-4.el8', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2019-25013', package='glibc-minimal-langpack-2.28-127.el8_3.2', package_path=None)}
ERROR: NON-WHITELISTED VULNERABILITIES FOUND
ERROR: Number of non-whitelisted vulnerabilities: 2
ERROR: The following vulnerabilities are not whitelisted:
ERROR: scan_source                   cve_id                        package                       package_path                  
ERROR: twistlock_cve                 CVE-2019-19246                oniguruma-6.8.2-2.el8         None                          
ERROR: twistlock_cve                 CVE-2020-25658                rsa-4.7.2                     None                          
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1
failed
vat compare Finding Compare 
('cbff271f45d32e78dcc1979dbca9c14d', 'anchore_comp', 'User root found as effective user, which is explicity not allowed\n Gate: dockerfile\n Trigger: effective_user\n Policy ID: DoDEffectiveUserChecks', None, None)
('CVE-2020-13776', 'twistlock_cve', 'systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.', 'systemd-239-41.el8_3.2', None)
('41cb7cdf04850e33a11f80c42bf660b3', 'anchore_comp', "Dockerfile directive 'HEALTHCHECK' not found, matching condition 'not_exists' check\n Gate: dockerfile\n Trigger: instruction\n Policy ID: DoDDockerfileChecks", None, None)
Uploading artifacts for failed job
Uploading artifacts...
ci-artifacts/compare/: found 2 matching files and directories 
Uploading artifacts as "archive" to coordinator... ok  id=2666897 responseStatus=201 Created token=Lo45vzYe
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 4

UNCLASSIFIED