Pipeline · Ironbank Containers / Red Hat / UBI / ubi7-minimal

Merge branch 'hardening_manifest' into 'development'

Migrate to hardening_manifest.yaml

See merge request !13

18 jobs for development in 7 minutes and 7 seconds (queued for 9 minutes and 4 seconds)

67271192

Status	Job ID	Name
.Pre
passed	#6494070	load-scripts	00:00:10 Sep 15, 2021

Preflight
passed	#6494072	folder-structure	00:00:10 Sep 15, 2021
passed	#6494073	hardening-manifest	00:00:15 Sep 15, 2021
passed	#6494071	trufflehog	00:00:10 Sep 15, 2021

Lint
passed	#6494074	wl-compare-lint	00:00:11 Sep 15, 2021

Import Artifacts
passed	#6494075	import-artifacts	00:00:22 Sep 15, 2021

Scan Artifacts
passed	#6494076	clamav-scan	00:00:51 Sep 15, 2021

Build
passed	#6494077	build	00:01:56 Sep 15, 2021

Post Build
passed	#6494078	create-tar	00:00:17 Sep 15, 2021

Scanning
passed	#6494079	anchore-scan	00:01:37 Sep 15, 2021
passed	#6494080 ironbank-dsop-privileged	openscap-compliance	00:01:14 Sep 15, 2021
passed	#6494081	twistlock-scan	00:00:22 Sep 15, 2021

Csv Output
passed	#6494082	csv-output	00:00:17 Sep 15, 2021

Check Cves
failed	#6494083 allowed to fail	check-cves	00:00:11 Sep 15, 2021

Documentation
passed	#6494084	ib-manifest	00:00:14 Sep 15, 2021
passed	#6494085	write-json-docs	00:00:11 Sep 15, 2021

S3 Publish
passed	#6494086	upload-to-s3	00:00:25 Sep 15, 2021

Vat
passed	#6494087	vat	00:00:12 Sep 15, 2021

Name Stage Failure

	Name	Stage	Failure
failed	check-cves	Check Cves
	INFO: {Finding(scan_source='oscap_comp', cve_id='CCE-80535-8', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-36084', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80533-3', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80521-8', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-37750', package='krb5-libs-1.15.1-50.el7', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-36085', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80529-1', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-36086', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-36084', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='anchore_comp', cve_id='41cb7cdf04850e33a11f80c42bf660b3', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80134-0', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-36086', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-27285-6', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80171-2', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20271', package='rpm-4.11.3-45.el7', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-36087', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80526-7', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-36087', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80530-9', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80522-6', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80523-4', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80532-5', package=None, package_path=None), Finding(scan_source='anchore_comp', cve_id='cbff271f45d32e78dcc1979dbca9c14d', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80536-6', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80534-1', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23840', package='openssl-libs-1.0.2k-21.el7_9', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80438-5', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80527-5', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23841', package='openssl-libs-1.0.2k-21.el7_9', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3712', package='openssl-libs-1.0.2k-21.el7_9', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80525-9', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80524-2', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80531-7', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-36085', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20271', package='rpm-libs-4.11.3-45.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-27209-6', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80368-4', package=None, package_path=None)} ERROR: NON-WHITELISTED VULNERABILITIES FOUND ERROR: Number of non-whitelisted vulnerabilities: 2 ERROR: The following vulnerabilities are not whitelisted: ERROR: scan_source cve_id package package_path ERROR: anchore_cve CVE-2021-20271 rpm-4.11.3-45.el7 None ERROR: anchore_cve CVE-2021-20271 rpm-libs-4.11.3-45.el7 None Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1

failed

check-cves

Check Cves

INFO: {Finding(scan_source='oscap_comp', cve_id='CCE-80535-8', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-36084', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80533-3', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80521-8', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-37750', package='krb5-libs-1.15.1-50.el7', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-36085', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80529-1', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-36086', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-36084', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='anchore_comp', cve_id='41cb7cdf04850e33a11f80c42bf660b3', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80134-0', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-36086', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-27285-6', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80171-2', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20271', package='rpm-4.11.3-45.el7', package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-36087', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80526-7', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-36087', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80530-9', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80522-6', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80523-4', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80532-5', package=None, package_path=None), Finding(scan_source='anchore_comp', cve_id='cbff271f45d32e78dcc1979dbca9c14d', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80536-6', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80534-1', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23840', package='openssl-libs-1.0.2k-21.el7_9', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80438-5', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80527-5', package=None, package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-23841', package='openssl-libs-1.0.2k-21.el7_9', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-3712', package='openssl-libs-1.0.2k-21.el7_9', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80525-9', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80524-2', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80531-7', package=None, package_path=None), Finding(scan_source='twistlock_cve', cve_id='CVE-2021-36085', package='libsepol-2.5-10.el7', package_path=None), Finding(scan_source='anchore_cve', cve_id='CVE-2021-20271', package='rpm-libs-4.11.3-45.el7', package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-27209-6', package=None, package_path=None), Finding(scan_source='oscap_comp', cve_id='CCE-80368-4', package=None, package_path=None)}
ERROR: NON-WHITELISTED VULNERABILITIES FOUND
ERROR: Number of non-whitelisted vulnerabilities: 2
ERROR: The following vulnerabilities are not whitelisted:
ERROR: scan_source                   cve_id                        package                       package_path                  
ERROR: anchore_cve                   CVE-2021-20271                rpm-4.11.3-45.el7             None                          
ERROR: anchore_cve                   CVE-2021-20271                rpm-libs-4.11.3-45.el7        None                          
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1