Pipeline · Ironbank Containers / SonarSource / sonarqube / sonarqube8-enterprise

Merge branch 'renovate/docker-sonarqube-8.6-enterprise' into 'development'

Update sonarqube:8.6-enterprise Docker digest to ad3e8e1

See merge request !19

19 jobs for development in 53 minutes and 14 seconds (queued for 53 minutes and 10 seconds)

5d4b8037

Status	Job ID	Name
.Pre
passed	#1689039 ironbank	load scripts	00:00:40 Jan 27, 2021

Preflight
passed	#1689040 ironbank	folder structure	00:00:25 Jan 27, 2021
passed	#1689042 ironbank	hardening_manifest	00:01:49 Jan 27, 2021
passed	#1689041 ironbank	hardening_manifest migration	00:00:30 Jan 27, 2021

Lint
passed	#1689043 ironbank	wl compare lint	00:01:05 Jan 27, 2021

Import Artifacts
passed	#1689044 ironbank	import artifacts	00:03:47 Jan 27, 2021

Scan Artifacts
passed	#1689045 ironbank	clamav scan	00:07:51 Jan 27, 2021

Build
passed	#1689046 ironbank-isolated	build	00:05:55 Jan 27, 2021

Scanning
passed	#1689050 ironbank	anchore scan	00:23:47 Jan 27, 2021
passed	#1689047 ironbank	openscap compliance	00:04:53 Jan 27, 2021
passed	#1689048 ironbank	openscap cve	00:13:40 Jan 27, 2021
passed	#1689049 ironbank	twistlock scan	00:01:40 Jan 27, 2021

Csv Output
passed	#1689051 ironbank	csv output	00:01:44 Jan 27, 2021

Check Cves
failed	#1689052 ironbank allowed to fail	check cves	00:00:26 Jan 27, 2021

Documentation
passed	#1689053 ironbank	sign image	00:01:27 Jan 27, 2021
passed	#1689054 ironbank	sign manifest	00:00:43 Jan 27, 2021
passed	#1689055 ironbank	write json documentation	00:01:21 Jan 27, 2021

Publish
passed	#1689056 ironbank	upload to s3	00:03:15 Jan 27, 2021

Vat
passed	#1689057 ironbank	vat	00:01:15 Jan 27, 2021

Name Stage Failure

	Name	Stage	Failure
failed	check cves	Check Cves
	INFO: {'tl_CVE-2020-25649-com.fasterxml.jackson.core_jackson-databind-2.10.4', 'anchorecve_CVE-2020-8022-tomcat-8.5.60', 'oscapcomp_CCE-82360-9', 'anchorecve_CVE-2020-27618-glibc-common-2.28-127.el8', 'anchorecve_VULNDB-233710-tomcat-9.0.33', 'anchorecve_CVE-2020-29362-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-35512-dbus-libs-1.12.8-11.el8', 'anchorecve_VULNDB-232731-tomcat-9.0.33', 'tl_CVE-2021-3156-sudo-1.8.29-6.el8', 'tl_CVE-2020-8285-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82395-5', 'anchorecve_CVE-2020-35512-dbus-common-1.12.8-11.el8', 'anchorecve_CVE-2020-13776-systemd-pam-239-41.el8_3.1', 'anchorecve_CVE-2020-25649-jackson-databind-2.10.4', 'anchorecve_CVE-2020-24977-libxml2-2.9.7-8.el8', 'oscapcomp_CCE-82472-2', 'anchorecve_CVE-2020-8927-brotli-1.0.6-2.el8', 'tl_CVE-2020-13776-systemd-239-41.el8_3.1', 'anchorecve_VULNDB-239195-commons-io-2.7', 'tl_CVE-2020-8927-brotli-1.0.6-2.el8', 'anchorecve_VULNDB-204607-logback-1.2.3', 'anchorecve_CVE-2019-25013-glibc-minimal-langpack-2.28-127.el8', 'anchorecve_VULNDB-247072-elasticsearch-7.9.3', 'anchorecve_CVE-2020-15358-sqlite-libs-3.26.0-11.el8', 'anchorecve_CVE-2020-26116-platform-python-3.6.8-31.el8', 'anchorecve_CVE-2020-8285-libcurl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2019-25013-glibc-common-2.28-127.el8', 'anchorecve_VULNDB-230143-tomcat-9.0.33', 'anchorecve_CVE-2020-27619-python3-libs-3.6.8-31.el8', 'anchorecve_VULNDB-233709-tomcat-9.0.33', 'anchorecve_CVE-2019-25013-glibc-2.28-127.el8', 'anchorecve_CVE-2020-13434-sqlite-libs-3.26.0-11.el8', 'anchorecve_CVE-2020-28196-krb5-libs-1.18.2-5.el8', 'anchorecve_CVE-2020-13776-systemd-libs-239-41.el8_3.1', 'oscapcomp_CCE-82959-8', 'anchorecve_CVE-2020-10663-json-1.1.1', 'anchorecve_CVE-2020-8286-libcurl-7.61.1-14.el8_3.1', 'tl_CVE-2020-8908-com.google.guava_guava-26.0-jre', 'anchorecve_CVE-2020-24370-lua-libs-5.3.4-11.el8', 'anchorecve_VULNDB-243918-tomcat-9.0.33', 'anchorecve_CVE-2020-8022-tomcat-9.0.33', 'anchorecve_VULNDB-193303-jackson-core-2.9.7', 'oscapcomp_CCE-82267-6', 'tl_CVE-2020-9488-org.apache.logging.log4j_log4j-api-2.11.1', 'tl_CVE-2021-23239-sudo-1.8.29-6.el8', 'tl_CVE-2020-8908-com.google.guava_guava-28.2-jre', 'tl_CVE-2020-8286-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82473-0', 'oscapcomp_CCE-82168-6', 'anchorecve_CVE-2020-8284-libcurl-7.61.1-14.el8_3.1', 'anchorecve_VULNDB-141255-spring_framework-5.2.9', 'anchorecve_VULNDB-247056-tomcat-9.0.33', 'anchorecve_CVE-2020-35512-dbus-daemon-1.12.8-11.el8', 'anchorecve_CVE-2020-26116-python3-libs-3.6.8-31.el8', 'anchorecve_CVE-2020-8231-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-29361-p11-kit-trust-0.23.14-5.el8_0', 'oscapcomp_CCE-82979-6', 'anchorecve_CVE-2020-35512-dbus-1.12.8-11.el8', 'oscapcomp_CCE-80935-0', 'anchorecve_CVE-2020-27619-platform-python-3.6.8-31.el8', 'anchorecve_CVE-2020-8285-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-24977-python3-libxml2-2.9.7-8.el8', 'anchorecve_CVE-2020-8908-guava-10.0.1', 'anchorecve_CVE-2021-23239-sudo-1.8.29-6.el8', 'tl_CVE-2020-29362-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-16135-libssh-0.9.4-2.el8', 'anchorecve_CVE-2020-27618-glibc-minimal-langpack-2.28-127.el8', 'oscapcomp_CCE-80938-4', 'anchorecve_GHSA-vwqq-5vrc-xw9h-log4j-core-2.11.1', 'tl_CVE-2020-8908-com.google.guava_guava-10.0.1', 'oscapcomp_CCE-82220-5', 'oscapcomp_CCE-82494-6', 'tl_CVE-2020-29363-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-29363-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-13776-systemd-239-41.el8_3.1', 'tl_CVE-2021-23240-sudo-1.8.29-6.el8', 'anchorecve_CVE-2020-16135-libssh-config-0.9.4-2.el8', 'anchorecve_CVE-2020-8231-libcurl-7.61.1-14.el8_3.1', 'tl_CVE-2019-25013-glibc-2.28-127.el8', 'oscapcomp_CCE-82985-3', 'tl_CVE-2020-8908-com.google.guava_guava-28.0-jre', 'tl_CVE-2020-9488-org.apache.logging.log4j_log4j-api-2.8.2', 'anchorecve_VULNDB-193302-jackson-core-2.9.7', 'tl_CVE-2020-8284-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-8286-curl-7.61.1-14.el8_3.1', 'tl_CVE-2020-29361-p11-kit-0.23.14-5.el8_0', 'anchorecve_VULNDB-240258-tomcat-9.0.33', 'anchorecve_VULNDB-193304-jackson-core-2.9.7', 'anchorecve_CVE-2021-23240-sudo-1.8.29-6.el8', 'tl_CVE-2020-8231-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82474-8', 'anchorecve_VULNDB-190269-jersey-2.26', 'anchorecve_CVE-2020-13956-httpclient-4.5', 'anchorecve_CVE-2020-35512-dbus-tools-1.12.8-11.el8', 'tl_CVE-2020-8908-com.google.guava_guava-29.0-jre', 'anchorecve_CVE-2020-29363-p11-kit-trust-0.23.14-5.el8_0', 'anchorecve_CVE-2020-27618-glibc-2.28-127.el8', 'anchorecve_CVE-2020-8284-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82368-2', 'anchorecve_CVE-2020-24370-lua-5.3.4-11.el8', 'oscapcomp_CCE-82949-9', 'anchorecve_CVE-2020-29361-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-29362-p11-kit-trust-0.23.14-5.el8_0'} ERROR: NON-WHITELISTED VULNERABILITIES FOUND ERROR: Number of non-whitelisted vulnerabilities: 3 ERROR: The following vulnerabilities are not whitelisted: ERROR: Anchore CVE - VULNDB-247056-tomcat-9.0.33 ERROR: Anchore CVE - VULNDB-247072-elasticsearch-7.9.3 ERROR: Twistlock CVE - CVE-2021-3156-sudo-1.8.29-6.el8 Cleaning up file based variables ERROR: Job failed: command terminated with exit code 1

failed

check cves

Check Cves

INFO: {'tl_CVE-2020-25649-com.fasterxml.jackson.core_jackson-databind-2.10.4', 'anchorecve_CVE-2020-8022-tomcat-8.5.60', 'oscapcomp_CCE-82360-9', 'anchorecve_CVE-2020-27618-glibc-common-2.28-127.el8', 'anchorecve_VULNDB-233710-tomcat-9.0.33', 'anchorecve_CVE-2020-29362-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-35512-dbus-libs-1.12.8-11.el8', 'anchorecve_VULNDB-232731-tomcat-9.0.33', 'tl_CVE-2021-3156-sudo-1.8.29-6.el8', 'tl_CVE-2020-8285-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82395-5', 'anchorecve_CVE-2020-35512-dbus-common-1.12.8-11.el8', 'anchorecve_CVE-2020-13776-systemd-pam-239-41.el8_3.1', 'anchorecve_CVE-2020-25649-jackson-databind-2.10.4', 'anchorecve_CVE-2020-24977-libxml2-2.9.7-8.el8', 'oscapcomp_CCE-82472-2', 'anchorecve_CVE-2020-8927-brotli-1.0.6-2.el8', 'tl_CVE-2020-13776-systemd-239-41.el8_3.1', 'anchorecve_VULNDB-239195-commons-io-2.7', 'tl_CVE-2020-8927-brotli-1.0.6-2.el8', 'anchorecve_VULNDB-204607-logback-1.2.3', 'anchorecve_CVE-2019-25013-glibc-minimal-langpack-2.28-127.el8', 'anchorecve_VULNDB-247072-elasticsearch-7.9.3', 'anchorecve_CVE-2020-15358-sqlite-libs-3.26.0-11.el8', 'anchorecve_CVE-2020-26116-platform-python-3.6.8-31.el8', 'anchorecve_CVE-2020-8285-libcurl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2019-25013-glibc-common-2.28-127.el8', 'anchorecve_VULNDB-230143-tomcat-9.0.33', 'anchorecve_CVE-2020-27619-python3-libs-3.6.8-31.el8', 'anchorecve_VULNDB-233709-tomcat-9.0.33', 'anchorecve_CVE-2019-25013-glibc-2.28-127.el8', 'anchorecve_CVE-2020-13434-sqlite-libs-3.26.0-11.el8', 'anchorecve_CVE-2020-28196-krb5-libs-1.18.2-5.el8', 'anchorecve_CVE-2020-13776-systemd-libs-239-41.el8_3.1', 'oscapcomp_CCE-82959-8', 'anchorecve_CVE-2020-10663-json-1.1.1', 'anchorecve_CVE-2020-8286-libcurl-7.61.1-14.el8_3.1', 'tl_CVE-2020-8908-com.google.guava_guava-26.0-jre', 'anchorecve_CVE-2020-24370-lua-libs-5.3.4-11.el8', 'anchorecve_VULNDB-243918-tomcat-9.0.33', 'anchorecve_CVE-2020-8022-tomcat-9.0.33', 'anchorecve_VULNDB-193303-jackson-core-2.9.7', 'oscapcomp_CCE-82267-6', 'tl_CVE-2020-9488-org.apache.logging.log4j_log4j-api-2.11.1', 'tl_CVE-2021-23239-sudo-1.8.29-6.el8', 'tl_CVE-2020-8908-com.google.guava_guava-28.2-jre', 'tl_CVE-2020-8286-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82473-0', 'oscapcomp_CCE-82168-6', 'anchorecve_CVE-2020-8284-libcurl-7.61.1-14.el8_3.1', 'anchorecve_VULNDB-141255-spring_framework-5.2.9', 'anchorecve_VULNDB-247056-tomcat-9.0.33', 'anchorecve_CVE-2020-35512-dbus-daemon-1.12.8-11.el8', 'anchorecve_CVE-2020-26116-python3-libs-3.6.8-31.el8', 'anchorecve_CVE-2020-8231-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-29361-p11-kit-trust-0.23.14-5.el8_0', 'oscapcomp_CCE-82979-6', 'anchorecve_CVE-2020-35512-dbus-1.12.8-11.el8', 'oscapcomp_CCE-80935-0', 'anchorecve_CVE-2020-27619-platform-python-3.6.8-31.el8', 'anchorecve_CVE-2020-8285-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-24977-python3-libxml2-2.9.7-8.el8', 'anchorecve_CVE-2020-8908-guava-10.0.1', 'anchorecve_CVE-2021-23239-sudo-1.8.29-6.el8', 'tl_CVE-2020-29362-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-16135-libssh-0.9.4-2.el8', 'anchorecve_CVE-2020-27618-glibc-minimal-langpack-2.28-127.el8', 'oscapcomp_CCE-80938-4', 'anchorecve_GHSA-vwqq-5vrc-xw9h-log4j-core-2.11.1', 'tl_CVE-2020-8908-com.google.guava_guava-10.0.1', 'oscapcomp_CCE-82220-5', 'oscapcomp_CCE-82494-6', 'tl_CVE-2020-29363-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-29363-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-13776-systemd-239-41.el8_3.1', 'tl_CVE-2021-23240-sudo-1.8.29-6.el8', 'anchorecve_CVE-2020-16135-libssh-config-0.9.4-2.el8', 'anchorecve_CVE-2020-8231-libcurl-7.61.1-14.el8_3.1', 'tl_CVE-2019-25013-glibc-2.28-127.el8', 'oscapcomp_CCE-82985-3', 'tl_CVE-2020-8908-com.google.guava_guava-28.0-jre', 'tl_CVE-2020-9488-org.apache.logging.log4j_log4j-api-2.8.2', 'anchorecve_VULNDB-193302-jackson-core-2.9.7', 'tl_CVE-2020-8284-curl-7.61.1-14.el8_3.1', 'anchorecve_CVE-2020-8286-curl-7.61.1-14.el8_3.1', 'tl_CVE-2020-29361-p11-kit-0.23.14-5.el8_0', 'anchorecve_VULNDB-240258-tomcat-9.0.33', 'anchorecve_VULNDB-193304-jackson-core-2.9.7', 'anchorecve_CVE-2021-23240-sudo-1.8.29-6.el8', 'tl_CVE-2020-8231-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82474-8', 'anchorecve_VULNDB-190269-jersey-2.26', 'anchorecve_CVE-2020-13956-httpclient-4.5', 'anchorecve_CVE-2020-35512-dbus-tools-1.12.8-11.el8', 'tl_CVE-2020-8908-com.google.guava_guava-29.0-jre', 'anchorecve_CVE-2020-29363-p11-kit-trust-0.23.14-5.el8_0', 'anchorecve_CVE-2020-27618-glibc-2.28-127.el8', 'anchorecve_CVE-2020-8284-curl-7.61.1-14.el8_3.1', 'oscapcomp_CCE-82368-2', 'anchorecve_CVE-2020-24370-lua-5.3.4-11.el8', 'oscapcomp_CCE-82949-9', 'anchorecve_CVE-2020-29361-p11-kit-0.23.14-5.el8_0', 'anchorecve_CVE-2020-29362-p11-kit-trust-0.23.14-5.el8_0'}
ERROR: NON-WHITELISTED VULNERABILITIES FOUND
ERROR: Number of non-whitelisted vulnerabilities: 3
ERROR: The following vulnerabilities are not whitelisted:
ERROR: Anchore CVE - VULNDB-247056-tomcat-9.0.33
ERROR: Anchore CVE - VULNDB-247072-elasticsearch-7.9.3
ERROR: Twistlock CVE - CVE-2021-3156-sudo-1.8.29-6.el8
Cleaning up file based variables
ERROR: Job failed: command terminated with exit code 1