Running with gitlab-runner 13.8.0 (775dd39d)  on dsop-shared-gitlab-runner-f887cbcbd-srgz6 E82_g8RG section_start:1628718161:resolve_secrets Resolving secrets section_end:1628718161:resolve_secrets section_start:1628718161:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runner-ironbank-dsop WARNING: Pulling GitLab Runner helper image from Docker Hub. Helper image is migrating to registry.gitlab.com, for more information see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#migrating-helper-image-to-registrygitlabcom Using Kubernetes executor with image registry1.dso.mil/ironbank/ironbank-pipelines/pipeline-runner:0.3 ... section_end:1628718162:prepare_executor section_start:1628718162:prepare_script Preparing environment Waiting for pod gitlab-runner-ironbank-dsop/runner-e82g8rg-project-7112-concurrent-0gqc2k to be running, status is Pending Waiting for pod gitlab-runner-ironbank-dsop/runner-e82g8rg-project-7112-concurrent-0gqc2k to be running, status is Pending ContainersNotReady: "containers with unready status: [build helper istio-proxy]" ContainersNotReady: "containers with unready status: [build helper istio-proxy]" Running on runner-e82g8rg-project-7112-concurrent-0gqc2k via dsop-shared-gitlab-runner-f887cbcbd-srgz6... section_end:1628718168:prepare_script section_start:1628718168:get_sources Getting source from Git repository $ until [ $(curl --fail --silent --output /dev/stderr --write-out "%{http_code}" localhost:15020/healthz/ready) -eq 200 ]; do echo Waiting for Sidecar; sleep 3 ; done ; echo Sidecar available; Sidecar available Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/dsop/splunk/splunk/splunk/.git/ Created fresh repository. Checking out 722607a4 as splunk-8-2-1... Skipping object checkout, Git LFS is not installed. Skipping Git submodules setup section_end:1628718168:get_sources section_start:1628718168:download_artifacts Downloading artifacts Downloading artifacts for hardening-manifest (5575321)... Downloading artifacts from coordinator... ok  id=5575321 responseStatus=200 OK token=kzgWQkpv WARNING: ci-artifacts/preflight/: lchown ci-artifacts/preflight/: operation not permitted (suppressing repeats) Downloading artifacts for load-scripts (5575318)... Downloading artifacts from coordinator... ok  id=5575318 responseStatus=200 OK token=WnjVeSAe WARNING: ci-artifacts/[MASKED]/: lchown ci-artifacts/[MASKED]/: operation not permitted (suppressing repeats) section_end:1628718169:download_artifacts section_start:1628718169:step_script Executing "step_script" stage of the job script $ if [[ "${CI_COMMIT_BRANCH}" == "master" || "${CI_COMMIT_BRANCH}" == "development" ]] && [[ "${CI_COMMIT_REF_PROTECTED}" != true ]]; then # collapsed multi-line command $ mkdir -p "${ARTIFACT_DIR}" $ set +e $ python3 "${PIPELINE_REPO_DIR}/stages/check-cves/pipeline_wl_compare.py" --lint INFO: Log level set to info INFO: Retrieving findings for splunk/splunk/splunk:8.2.0 INFO: Running query to vat api INFO: Fetched data from vat successfully INFO: Validating the VAT response against schema INFO: Log level set to info INFO: Loaded definitions from /builds/dsop/splunk/splunk/splunk/ci-artifacts/[MASKED]/stages/check-cves/../../schema/vat_findings.swagger.yaml INFO: Defined base schema off of the Container model WARNING: Error validating the VAT schema 'inheritsFrom' is a required property Failed validating 'required' in schema['properties']['findings']['items']: {'description': 'Findings description', 'properties': {'approver': {'$ref': '#/definitions/FindingsApprover', 'description': 'This object will only ' 'exist if there is a ' 'reviewer. May be missing ' 'if there is no approval ' 'action.'}, 'contributor': {'$ref': '#/definitions/FindingsContributor', 'description': 'This object will be ' 'missing if there is no ' 'justification text'}, 'description': {'type': 'string'}, 'findingsState': {'$ref': '#/definitions/FindingStateEnum'}, 'identifier': {'$ref': '#/definitions/PrintableCharactersWithoutNewlinesOrSlashes', 'description': 'Finding identifier ' '(vulnerability ID or ' 'policy violation ID)'}, 'inheritsFrom': {'description': 'A non-empty array ' 'implies the finding ' 'is inherited. Array ' 'of ubi/ubi8:8.2 etc ' 'ordered from oldest ' 'parent image (first) ' 'to immediate parent ' '(last). Finding will ' 'be present in the ' 'first element of the ' 'array.', 'items': {'$ref': '#/definitions/DockerNameAndTagRegex'}, 'type': 'array'}, 'package': {'type': 'string'}, 'packagePath': {'type': 'string'}, 'reviewer': {'$ref': '#/definitions/FindingsReviewer', 'description': 'This object will only ' 'exist if there is a ' 'contributor. Will be ' 'missing until the ' 'reviewer has performed an ' 'action.'}, 'source': {'$ref': '#/definitions/ScanSourceEnum'}}, 'required': ['identifier', 'source', 'description', 'findingsState', 'inheritsFrom'], 'type': 'object'} On instance['findings'][0]: {'contributor': {'date': '2021-07-08T20:06:18.000Z', 'justification': '\xa0Splunk Enterprise uses these ' 'certificates for testing during ' 'install, an update, or a ' 'configuration change. Splunk does ' 'not use those secrets during the ' "application's regular operation, " 'and those secrets are not ' 'exploitable.\xa0', 'state': 'needs_review', 'user': {'email': 'bpluta@splunk.com', 'name': 'bpluta', 'role': 'vendor_contributor'}}, 'description': 'Secret content search analyzer found regexp match in ' 'container: ' 'file=/opt/splunk/lib/python3.7/site-packages/future/backports/test/keycert2.pem ' 'regexp=PRIV_KEY=(?i)-+BEGIN(.*)PRIVATE KEY-+\n' ' Gate: secret_scans\n' ' Trigger: content_regex_checks\n' ' Policy ID: DoDFileChecks', 'findingsState': 'needs_review', 'identifier': '06bd5f4c86fdb79c86ccdf94101fb25a', 'source': 'anchore_comp'} INFO: CONTAINER APPROVAL STATUS INFO: Under Review INFO: CONTAINER APPROVAL TEXT INFO: None WARNING: IMAGE_APPROVAL_STATUS=notapproved INFO: skopeo inspect --authfile prod_pull_auth.json docker://registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal:8.4 INFO: Getting redhat/ubi/ubi8-minimal hardening_manifest.yaml from master INFO: Retrieving findings for redhat/ubi/ubi8-minimal:8.4 INFO: Artifact Directory: ci-artifacts/lint section_end:1628718170:step_script section_start:1628718170:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... ci-artifacts/lint/: found 4 matching files and directories Uploading artifacts as "archive" to coordinator... ok id=5575322 responseStatus=201 Created token=tuasY_mY Uploading artifacts... variables.env: found 1 matching files and directories Uploading artifacts as "dotenv" to coordinator... ok id=5575322 responseStatus=201 Created token=tuasY_mY section_end:1628718171:upload_artifacts_on_success section_start:1628718171:cleanup_file_variables Cleaning up file based variables section_end:1628718171:cleanup_file_variables Job succeeded