Pipeline · Ironbank Containers / SonarSource / sonarqube / sonarqube8-community

You need to sign in or sign up before continuing.

Update sonarqube:8.9-community Docker digest to 7850dd0

14 jobs for renovate/sonarqube-8.9-community in 31 minutes and 23 seconds (queued for 1 minute and 31 seconds)

Status	Job ID	Name
.Pre
passed	#5942998	load-scripts	00:00:20 Aug 26, 2021

Preflight
passed	#5943000	folder-structure	00:00:12 Aug 26, 2021
passed	#5943001	hardening-manifest	00:00:23 Aug 26, 2021
passed	#5942999	trufflehog	00:00:32 Aug 26, 2021

Lint
passed	#5943002	wl-compare-lint	00:00:23 Aug 26, 2021

Import Artifacts
passed	#5943003	import-artifacts	00:02:11 Aug 26, 2021

Scan Artifacts
passed	#5943004	clamav-scan	00:04:41 Aug 26, 2021

Build
passed	#5943005	build	00:09:48 Aug 26, 2021

Post Build
passed	#5943006	create-tar	00:03:56 Aug 26, 2021

Scanning
passed	#5943007	anchore-scan	00:07:16 Aug 26, 2021
passed	#5943008 ironbank-dsop-privileged	openscap-compliance	00:03:18 Aug 26, 2021
passed	#5943009	twistlock-scan	00:07:38 Aug 26, 2021

Csv Output
passed	#5943010	csv-output	00:01:20 Aug 26, 2021

Check Cves
failed	#5943011 allowed to fail	check-cves	00:00:26 Aug 26, 2021

Name Stage Failure

	Name	Stage	Failure
failed	check-cves	Check Cves
	ERROR: The following vulnerabilities are not whitelisted: ERROR: scan_source cve_id package package_path ERROR: anchore_cve GHSA-5mg8-w23w-74h3 guava-28.2-jre /opt/sonarqube/lib/scanner/sonar-scanner-engine-shaded-8.9.2.46101-all.jar:guava ERROR: anchore_cve GHSA-5mg8-w23w-74h3 guava-28.2-jre /opt/sonarqube/lib/sonar-application-8.9.2.46101.jar:guava ERROR: anchore_cve CVE-2020-13697 nanohttpd-2.3.1 /opt/sonarqube/lib/sonar-application-8.9.2.46101.jar:nanohttpd ERROR: anchore_cve CVE-2021-0555 protobuf-3.11.4 /opt/sonarqube/lib/scanner/sonar-scanner-engine-shaded-8.9.2.46101-all.jar:protobuf-java ERROR: anchore_cve CVE-2021-0555 protobuf-3.11.4 /opt/sonarqube/lib/sonar-application-8.9.2.46101.jar:protobuf-java Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1

failed

check-cves

Check Cves

ERROR: The following vulnerabilities are not whitelisted:
ERROR: scan_source                   cve_id                        package                       package_path                  
ERROR: anchore_cve                   GHSA-5mg8-w23w-74h3           guava-28.2-jre                /opt/sonarqube/lib/scanner/sonar-scanner-engine-shaded-8.9.2.46101-all.jar:guava    
ERROR: anchore_cve                   GHSA-5mg8-w23w-74h3           guava-28.2-jre                /opt/sonarqube/lib/sonar-application-8.9.2.46101.jar:guava    
ERROR: anchore_cve                   CVE-2020-13697                nanohttpd-2.3.1               /opt/sonarqube/lib/sonar-application-8.9.2.46101.jar:nanohttpd    
ERROR: anchore_cve                   CVE-2021-0555                 protobuf-3.11.4               /opt/sonarqube/lib/scanner/sonar-scanner-engine-shaded-8.9.2.46101-all.jar:protobuf-java    
ERROR: anchore_cve                   CVE-2021-0555                 protobuf-3.11.4               /opt/sonarqube/lib/sonar-application-8.9.2.46101.jar:protobuf-java    
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1