Running with gitlab-runner 13.11.0 (7f7a4bb0)  on gitlab-runners-bigbang-gitlab-runner-gitlab-runner-797d46cxptjg WntjV97x  feature flags: FF_GITLAB_REGISTRY_HELPER_IMAGE:true section_start:1619637179:resolve_secrets Resolving secrets section_end:1619637179:resolve_secrets section_start:1619637179:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runners Using Kubernetes executor with image aquasec/trivy:0.9.0 ... section_end:1619637179:prepare_executor section_start:1619637179:prepare_script Preparing environment Waiting for pod gitlab-runners/runner-wntjv97x-project-2327-concurrent-1x9g5g to be running, status is Pending Running on runner-wntjv97x-project-2327-concurrent-1x9g5g via gitlab-runners-bigbang-gitlab-runner-gitlab-runner-797d46cxptjg... section_end:1619637182:prepare_script section_start:1619637182:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/platform-one/big-bang/pipeline-templates/pipeline-templates/.git/ Created fresh repository. Checking out 4303f0ed as private-reg-change... Skipping Git submodules setup section_end:1619637183:get_sources section_start:1619637183:step_script Executing "step_script" stage of the job script $ apk add skopeo fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz (1/26) Installing device-mapper-libs (2.02.186-r0) (2/26) Installing libgpg-error (1.36-r2) (3/26) Installing libassuan (2.5.3-r0) (4/26) Installing libffi (3.2.1-r6) (5/26) Installing libblkid (2.34-r1) (6/26) Installing libmount (2.34-r1) (7/26) Installing pcre (8.43-r1) (8/26) Installing glib (2.62.6-r0) (9/26) Installing ncurses-terminfo-base (6.1_p20200118-r4) (10/26) Installing ncurses-libs (6.1_p20200118-r4) (11/26) Installing libgcrypt (1.8.5-r0) (12/26) Installing libsecret (0.19.1-r0) (13/26) Installing pinentry (1.1.0-r2) Executing pinentry-1.1.0-r2.post-install (14/26) Installing gmp (6.1.2-r1) (15/26) Installing nettle (3.5.1-r0) (16/26) Installing p11-kit (0.23.18.1-r1) (17/26) Installing libtasn1 (4.15.0-r0) (18/26) Installing libunistring (0.9.10-r0) (19/26) Installing gnutls (3.6.15-r1) (20/26) Installing libksba (1.3.5-r0) (21/26) Installing libsasl (2.1.27-r5) (22/26) Installing libldap (2.4.48-r3) (23/26) Installing npth (1.6-r0) (24/26) Installing gnupg (2.2.19-r0) (25/26) Installing gpgme (1.13.1-r1) (26/26) Installing skopeo (0.1.40-r1) Executing busybox-1.31.1-r9.trigger OK: 79 MiB in 64 packages $ skopeo copy --screds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD docker://$IMAGE:$CI_COMMIT_SHORT_SHA oci:/image Getting image source signatures Copying blob sha256:540db60ca9383eac9e418f78490994d0af424aab7bf6d0e47ac8ed4e2e9bcbba Copying blob sha256:5a38b3726f4b24fa93b80450be63ad67fd3239c2f3b83695118d7b1a88447d84 Copying blob sha256:e5fa5deb334027202841b051d10e7c7137fa3b63e97734309cedf6b48804df5f Copying blob sha256:09182082685c0a1147c9f22948720af9bb3544411a1b50562d18071cf31b8e21 Copying blob sha256:4562e3055ed2549b93e450d764e41b62a485d16bafb1f1ed6b67fd610444aa44 Copying blob sha256:b4de57a4336a3a0ab0e109ff4c769bce1d354c121fe62fd5f6063c53fd009d61 Copying blob sha256:542e5df0dc5eda03440d4a00ca01ceefa7cb8282a9d7b406fd54dabcdf4197c0 Copying blob sha256:cf84e1e6f078635349b907365456eea3753064d4071ef159f8762dbc1fbd7ea9 Copying blob sha256:b2f4d3c0f6981c6ae6aff1d4e87ee04bcbd06090cea6f8d7718e676ecaf82e97 Copying blob sha256:f5e23cc4a32b94faa2afea817f79c52e8a18bcddf3abea33c48728c6983be822 Copying blob sha256:7cf35c20b826bcb7c09f1621984e5f400bf8a1efb94a26e7e68167952ab478a3 Copying blob sha256:c28c4d29fab6496cac9e3c9e6316d573aea804262111a7a99919a92b2c8c41c5 Copying blob sha256:92e011439dfd0be7a26eb7b372cd343bd5783d784a85f53baa3a21964c7c33c5 Copying blob sha256:3c538e61888a3683540ebbb15816f3d90a703f404f81d8ba0eb280d99abcc0b5 Copying blob sha256:9d351d90a0ba8be52b4df72064f5450fac8cf47283e4e2f214f656ca53111618 Copying blob sha256:ca8be19861b5041e77fa57d802f6f3916e8113a943dd4678f3534f19b042734a Copying blob sha256:477aa69123d18b331937fcb623b3fd330ea1607360425f32491e7c10bf78350b Copying blob sha256:f7ee9074febcde19d14e2d7a90ea4c1919e5cd2119c104087013ec3a6a4a2285 Copying blob sha256:bd298cbe252e05bcfb8aa0277cd61821b664c76a2500c273d4af83316d3c4cea Copying blob sha256:c5139c7dc91c6b4589848732c01a70fb82d36d6cc88560a70ebb072ba43dfb40 Copying blob sha256:8fc87fbe20cc6bf54f2166d50254a5b505f2341a7b54adbf0d0e48364ec72ab9 Copying blob sha256:851ce4a14aad1f038e40816846b53b991ec00476b4d7889ca8b6f7a240e5d32c Copying blob sha256:dcb6faf5853845bdf3c45d7fea133142d20b4ec4bf1172fa8658ff4446b5ad9b Copying blob sha256:f92572957e632f5d73239e6c021d14b2b7ffcfe0bcf86a9f092267fdbf54ccb9 Copying blob sha256:a775a2f52faa1565df40a4625a3a46e5e4d4fc6048d3382934471a8b6fb12715 Copying blob sha256:dea5c53a19362763524104f9b9ddeaa6f67dee03f07a7545bcaadea2232cef0a Copying blob sha256:a26f4572080bfa60341c32388247e4dfbd08456c7a521269e6bbecb62a44f42e Copying blob sha256:89feaf14cedbdf974a29b42610376c1584745f89ad4f9407b349ce08eb2cfd23 Copying blob sha256:2d0716a602646179194d65bf16e300d91850bd817cec06391e29817b5e11449d Copying config sha256:51502f48ed032a51232e232a226368bff40fd5473a7101e98e4856a9914800f2 Writing manifest to image destination Storing signatures $ trivy --no-progress --input /image 2021-04-28T19:13:14.949Z INFO Need to update DB 2021-04-28T19:13:14.949Z INFO Downloading DB... 2021-04-28T19:13:18.198Z WARN This OS version is not on the EOL list: alpine 3.13 2021-04-28T19:13:18.198Z INFO Detecting Alpine vulnerabilities... 2021-04-28T19:13:18.199Z WARN This OS version is no longer supported by the distribution: alpine 3.13.5 2021-04-28T19:13:18.199Z WARN The vulnerability detection may be insufficient because security updates are not provided /image (alpine 3.13.5) ====================== Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------+ | musl | CVE-2020-28928 | MEDIUM | 1.2.2-r0 | 1.2.2_pre2-r0 | In musl libc through 1.2.1, | | | | | | | wcsnrtombs mishandles | | | | | | | particular combinations of | | | | | | | destination buffer... | +---------+------------------+----------+-------------------+---------------+--------------------------------+ $ trivy --no-progress -f json -o gl-container-scanning-report.json --input /image 2021-04-28T19:13:18.212Z WARN This OS version is not on the EOL list: alpine 3.13 2021-04-28T19:13:18.212Z INFO Detecting Alpine vulnerabilities... 2021-04-28T19:13:18.213Z WARN This OS version is no longer supported by the distribution: alpine 3.13.5 2021-04-28T19:13:18.213Z WARN The vulnerability detection may be insufficient because security updates are not provided $ echo "This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans" This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans section_end:1619637198:step_script section_start:1619637198:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... gl-container-scanning-report.json: found 1 matching files and directories Uploading artifacts as "container_scanning" to coordinator... ok id=2994279 responseStatus=201 Created token=TKRezLi9 section_end:1619637198:upload_artifacts_on_success section_start:1619637198:cleanup_file_variables Cleaning up file based variables section_end:1619637198:cleanup_file_variables Job succeeded