Running with gitlab-runner 13.11.0 (7f7a4bb0)  on gitlab-runners-bigbang-gitlab-runner-gitlab-runner-797d46cxptjg WntjV97x  feature flags: FF_GITLAB_REGISTRY_HELPER_IMAGE:true section_start:1620322927:resolve_secrets Resolving secrets section_end:1620322927:resolve_secrets section_start:1620322927:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runners Using Kubernetes executor with image aquasec/trivy:0.9.0 ... section_end:1620322927:prepare_executor section_start:1620322927:prepare_script Preparing environment Waiting for pod gitlab-runners/runner-wntjv97x-project-2327-concurrent-2l8zf8 to be running, status is Pending Running on runner-wntjv97x-project-2327-concurrent-2l8zf8 via gitlab-runners-bigbang-gitlab-runner-gitlab-runner-797d46cxptjg... section_end:1620322930:prepare_script section_start:1620322930:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/platform-one/big-bang/pipeline-templates/pipeline-templates/.git/ Created fresh repository. Checking out c314f798 as chart-test-lib... Skipping Git submodules setup section_end:1620322931:get_sources section_start:1620322931:step_script Executing "step_script" stage of the job script $ apk add skopeo fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz (1/26) Installing device-mapper-libs (2.02.186-r0) (2/26) Installing libgpg-error (1.36-r2) (3/26) Installing libassuan (2.5.3-r0) (4/26) Installing libffi (3.2.1-r6) (5/26) Installing libblkid (2.34-r1) (6/26) Installing libmount (2.34-r1) (7/26) Installing pcre (8.43-r1) (8/26) Installing glib (2.62.6-r0) (9/26) Installing ncurses-terminfo-base (6.1_p20200118-r4) (10/26) Installing ncurses-libs (6.1_p20200118-r4) (11/26) Installing libgcrypt (1.8.5-r0) (12/26) Installing libsecret (0.19.1-r0) (13/26) Installing pinentry (1.1.0-r2) Executing pinentry-1.1.0-r2.post-install (14/26) Installing gmp (6.1.2-r1) (15/26) Installing nettle (3.5.1-r0) (16/26) Installing p11-kit (0.23.18.1-r1) (17/26) Installing libtasn1 (4.15.0-r0) (18/26) Installing libunistring (0.9.10-r0) (19/26) Installing gnutls (3.6.15-r1) (20/26) Installing libksba (1.3.5-r0) (21/26) Installing libsasl (2.1.27-r5) (22/26) Installing libldap (2.4.48-r3) (23/26) Installing npth (1.6-r0) (24/26) Installing gnupg (2.2.19-r0) (25/26) Installing gpgme (1.13.1-r1) (26/26) Installing skopeo (0.1.40-r1) Executing busybox-1.31.1-r9.trigger OK: 79 MiB in 64 packages $ skopeo copy --screds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD docker://$IMAGE:$CI_COMMIT_SHORT_SHA oci:/image Getting image source signatures Copying blob sha256:540db60ca9383eac9e418f78490994d0af424aab7bf6d0e47ac8ed4e2e9bcbba Copying blob sha256:5a38b3726f4b24fa93b80450be63ad67fd3239c2f3b83695118d7b1a88447d84 Copying blob sha256:e5fa5deb334027202841b051d10e7c7137fa3b63e97734309cedf6b48804df5f Copying blob sha256:09182082685c0a1147c9f22948720af9bb3544411a1b50562d18071cf31b8e21 Copying blob sha256:4562e3055ed2549b93e450d764e41b62a485d16bafb1f1ed6b67fd610444aa44 Copying blob sha256:b4de57a4336a3a0ab0e109ff4c769bce1d354c121fe62fd5f6063c53fd009d61 Copying blob sha256:542e5df0dc5eda03440d4a00ca01ceefa7cb8282a9d7b406fd54dabcdf4197c0 Copying blob sha256:dfa0dd552c6d6f5c06f8c177751a07e19988268ff5548d86d9e22d019896a1bc Copying blob sha256:157555133160524f911a8989507dc7bf73708e123db13fe20a2eac598899c0a4 Copying blob sha256:aeb4a577358999d0550e5424e493d062ef3a11c811c5cf2f26bdfc60ebbf5e42 Copying blob sha256:604a3d7f56ce3b10bcbe18aca23100f716d25a44d8dbec0538500b5bb2c1a4b1 Copying blob sha256:d86dae19006cf8b3a627902c27aad51352a1bce7e47aa8e188f137ca6d3f4180 Copying blob sha256:9d124e6a8434b2258aba304f1676af12f06d04867ba23ec7025e58159d8c909e Copying blob sha256:8f05349c9373c1be56d66baa4d7b80b6ccfdab75beb204f1161a90a5a380d896 Copying blob sha256:e5e015c86bc508e14ffde41213db62e90fb15e28d567a204f8c8b72fc5081656 Copying blob sha256:e5ee56be0ee0fb9f042e1a993cb58b8ead6481ab6d5714884172887a6d210abe Copying blob sha256:dda4b5e5c157e1926e3a4e7828e8fe7fb509c987e78ab17ff853a51752714ee1 Copying blob sha256:cce03c8cd9393751c0a67a1207b09e459782bfcd166a7e6ee704571c711c84f7 Copying blob sha256:cc5d3d08fd5c9bd1eafed7569b94a6e65140b02e9c61d8fb19ce98dbe0fb78b1 Copying blob sha256:11ccbf1b28dba6eff1b5199240ae81f1c6417c2cf62fd6df53559548d55f216f Copying blob sha256:f6257a0120cb5e6728e78d64d1c871faca205f7b287d9ec3726c98f8a97b2e5f Copying blob sha256:37574494e2fd4ef23e19d85fd40beee608b5addcaf6543a93d615be78293f6e5 Copying blob sha256:d326ca5994aa47602e067a312ae553b2570215e86dc0d6f3f447568a16766b98 Copying blob sha256:7c15157e4b0569ed6a57f5f7cbd45f0bb9e25fa1f78f5ed6f0e602797da4f3c2 Copying blob sha256:784f1a92b8695389088b8d766c1b31cdd2f91094f505528c59e85d933f279e19 Copying blob sha256:b710dcc0c45f1e32e81b3d114e663cf7f724b7a1bdbfecfbf2a38614eb2ac116 Copying blob sha256:85e6e3e1e340b2c78f676f9a61897a49a13a0aa3059b1c901e9b69594a0664ae Copying blob sha256:f10015a55bfdd6854edf92b734a42298a02399ef3ec8d2864cdf493873da015f Copying blob sha256:3356802786ba54e182e533cf59fd6b89ae6dc151a588f1f8cd59df910c11af31 Copying config sha256:adb876984a459079e890f8bd4754e09e3862f2b13a041efd2164d900549193cd Writing manifest to image destination Storing signatures $ trivy --no-progress --input /image 2021-05-06T17:42:23.417Z INFO Need to update DB 2021-05-06T17:42:23.417Z INFO Downloading DB... 2021-05-06T17:42:26.784Z WARN This OS version is not on the EOL list: alpine 3.13 2021-05-06T17:42:26.784Z INFO Detecting Alpine vulnerabilities... 2021-05-06T17:42:26.785Z WARN This OS version is no longer supported by the distribution: alpine 3.13.5 2021-05-06T17:42:26.785Z WARN The vulnerability detection may be insufficient because security updates are not provided /image (alpine 3.13.5) ====================== Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------+ | musl | CVE-2020-28928 | MEDIUM | 1.2.2-r0 | 1.2.2_pre2-r0 | In musl libc through 1.2.1, | | | | | | | wcsnrtombs mishandles | | | | | | | particular combinations of | | | | | | | destination buffer... | +---------+------------------+----------+-------------------+---------------+--------------------------------+ $ trivy --no-progress -f json -o gl-container-scanning-report.json --input /image 2021-05-06T17:42:26.798Z WARN This OS version is not on the EOL list: alpine 3.13 2021-05-06T17:42:26.798Z INFO Detecting Alpine vulnerabilities... 2021-05-06T17:42:26.799Z WARN This OS version is no longer supported by the distribution: alpine 3.13.5 2021-05-06T17:42:26.799Z WARN The vulnerability detection may be insufficient because security updates are not provided $ echo "This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans" This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans section_end:1620322946:step_script section_start:1620322946:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... gl-container-scanning-report.json: found 1 matching files and directories Uploading artifacts as "container_scanning" to coordinator... ok id=3153202 responseStatus=201 Created token=wMSrtSEq section_end:1620322947:upload_artifacts_on_success section_start:1620322947:cleanup_file_variables Cleaning up file based variables section_end:1620322947:cleanup_file_variables Job succeeded