Pipeline · Ironbank Containers / SonarSource / sonarqube / sonarqube8-community

Merge branch 'renovate/sonarqube-8.9-community' into 'development'

Update sonarqube:8.9-community Docker digest to 7850dd0

See merge request !67

21 jobs for development in 17 minutes and 53 seconds (queued for 51 minutes and 23 seconds)

621fc8d3

Status	Job ID	Name
.Pre
passed	#6109704	load-scripts	00:00:14 Aug 31, 2021

Preflight
passed	#6109706	folder-structure	00:00:12 Aug 31, 2021
passed	#6109707	hardening-manifest	00:00:16 Aug 31, 2021
passed	#6109705	trufflehog	00:00:10 Aug 31, 2021

Lint
passed	#6109708	wl-compare-lint	00:00:19 Aug 31, 2021

Import Artifacts
passed	#6109709	import-artifacts	00:01:09 Aug 31, 2021

Scan Artifacts
passed	#6109710	clamav-scan	00:03:02 Aug 31, 2021

Build
passed	#6110660	build	00:02:41 Aug 31, 2021
failed	#6110619	build	00:01:23 Aug 31, 2021
failed	#6110618	build	00:01:24 Aug 31, 2021
failed	#6109711	build	00:00:24 Aug 31, 2021

Post Build
passed	#6109712	create-tar	00:01:05 Aug 31, 2021

Scanning
passed	#6109713	anchore-scan	00:07:00 Aug 31, 2021
passed	#6109714 ironbank-dsop-privileged	openscap-compliance	00:01:25 Aug 31, 2021
passed	#6109715	twistlock-scan	00:00:41 Aug 31, 2021

Csv Output
passed	#6109716	csv-output	00:00:31 Aug 31, 2021

Check Cves
failed	#6109717 allowed to fail	check-cves	00:00:14 Aug 31, 2021

Documentation
passed	#6109718	ib-manifest	00:00:11 Aug 31, 2021
passed	#6109719	write-json-docs	00:00:11 Aug 31, 2021

S3 Publish
passed	#6109720	upload-to-s3	00:00:24 Aug 31, 2021

Vat
passed	#6109721	vat	00:00:29 Aug 31, 2021

Name Stage Failure

	Name	Stage	Failure
failed	check-cves	Check Cves
	ERROR: Number of non-whitelisted vulnerabilities: 4 ERROR: The following vulnerabilities are not whitelisted: ERROR: scan_source cve_id package package_path ERROR: anchore_cve CVE-2021-35515 commons_compress-1.20 /opt/sonarqube/lib/extensions/sonar-javascript-plugin-7.4.4.15624.jar:commons-compress ERROR: anchore_cve CVE-2021-35516 commons_compress-1.20 /opt/sonarqube/lib/extensions/sonar-javascript-plugin-7.4.4.15624.jar:commons-compress ERROR: anchore_cve CVE-2021-35517 commons_compress-1.20 /opt/sonarqube/lib/extensions/sonar-javascript-plugin-7.4.4.15624.jar:commons-compress ERROR: anchore_cve CVE-2021-36090 commons_compress-1.20 /opt/sonarqube/lib/extensions/sonar-javascript-plugin-7.4.4.15624.jar:commons-compress Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1

failed

check-cves

Check Cves

ERROR: Number of non-whitelisted vulnerabilities: 4
ERROR: The following vulnerabilities are not whitelisted:
ERROR: scan_source                   cve_id                        package                       package_path                  
ERROR: anchore_cve                   CVE-2021-35515                commons_compress-1.20         /opt/sonarqube/lib/extensions/sonar-javascript-plugin-7.4.4.15624.jar:commons-compress    
ERROR: anchore_cve                   CVE-2021-35516                commons_compress-1.20         /opt/sonarqube/lib/extensions/sonar-javascript-plugin-7.4.4.15624.jar:commons-compress    
ERROR: anchore_cve                   CVE-2021-35517                commons_compress-1.20         /opt/sonarqube/lib/extensions/sonar-javascript-plugin-7.4.4.15624.jar:commons-compress    
ERROR: anchore_cve                   CVE-2021-36090                commons_compress-1.20         /opt/sonarqube/lib/extensions/sonar-javascript-plugin-7.4.4.15624.jar:commons-compress    
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1