Running with gitlab-runner 13.11.0 (7f7a4bb0)  on gitlab-runners-bigbang-gitlab-runner-gitlab-runner-797d46cxptjg WntjV97x  feature flags: FF_GITLAB_REGISTRY_HELPER_IMAGE:true section_start:1620828793:resolve_secrets Resolving secrets section_end:1620828793:resolve_secrets section_start:1620828793:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runners Using Kubernetes executor with image aquasec/trivy:0.9.0 ... section_end:1620828793:prepare_executor section_start:1620828793:prepare_script Preparing environment Waiting for pod gitlab-runners/runner-wntjv97x-project-2327-concurrent-2st2p2 to be running, status is Pending Running on runner-wntjv97x-project-2327-concurrent-2st2p2 via gitlab-runners-bigbang-gitlab-runner-gitlab-runner-797d46cxptjg... section_end:1620828796:prepare_script section_start:1620828796:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/platform-one/big-bang/pipeline-templates/pipeline-templates/.git/ Created fresh repository. Checking out dee62e9a as feature/install-kustomize-in-local-builder... Skipping Git submodules setup section_end:1620828797:get_sources section_start:1620828797:step_script Executing "step_script" stage of the job script $ apk add skopeo fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz (1/26) Installing device-mapper-libs (2.02.186-r0) (2/26) Installing libgpg-error (1.36-r2) (3/26) Installing libassuan (2.5.3-r0) (4/26) Installing libffi (3.2.1-r6) (5/26) Installing libblkid (2.34-r1) (6/26) Installing libmount (2.34-r1) (7/26) Installing pcre (8.43-r1) (8/26) Installing glib (2.62.6-r0) (9/26) Installing ncurses-terminfo-base (6.1_p20200118-r4) (10/26) Installing ncurses-libs (6.1_p20200118-r4) (11/26) Installing libgcrypt (1.8.5-r0) (12/26) Installing libsecret (0.19.1-r0) (13/26) Installing pinentry (1.1.0-r2) Executing pinentry-1.1.0-r2.post-install (14/26) Installing gmp (6.1.2-r1) (15/26) Installing nettle (3.5.1-r0) (16/26) Installing p11-kit (0.23.18.1-r1) (17/26) Installing libtasn1 (4.15.0-r0) (18/26) Installing libunistring (0.9.10-r0) (19/26) Installing gnutls (3.6.15-r1) (20/26) Installing libksba (1.3.5-r0) (21/26) Installing libsasl (2.1.27-r5) (22/26) Installing libldap (2.4.48-r3) (23/26) Installing npth (1.6-r0) (24/26) Installing gnupg (2.2.19-r0) (25/26) Installing gpgme (1.13.1-r1) (26/26) Installing skopeo (0.1.40-r1) Executing busybox-1.31.1-r9.trigger OK: 79 MiB in 64 packages $ skopeo copy --screds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD docker://$IMAGE:$CI_COMMIT_SHORT_SHA oci:/image Getting image source signatures Copying blob sha256:540db60ca9383eac9e418f78490994d0af424aab7bf6d0e47ac8ed4e2e9bcbba Copying blob sha256:5a38b3726f4b24fa93b80450be63ad67fd3239c2f3b83695118d7b1a88447d84 Copying blob sha256:e5fa5deb334027202841b051d10e7c7137fa3b63e97734309cedf6b48804df5f Copying blob sha256:09182082685c0a1147c9f22948720af9bb3544411a1b50562d18071cf31b8e21 Copying blob sha256:4562e3055ed2549b93e450d764e41b62a485d16bafb1f1ed6b67fd610444aa44 Copying blob sha256:b4de57a4336a3a0ab0e109ff4c769bce1d354c121fe62fd5f6063c53fd009d61 Copying blob sha256:542e5df0dc5eda03440d4a00ca01ceefa7cb8282a9d7b406fd54dabcdf4197c0 Copying blob sha256:ecb5fda48371048b1eb3f5ff1cdb2a6ba87650043a17ff608f25b7b5ba291ef7 Copying blob sha256:31d55e190c10dcb587484668ce246cd53e70407c5736d4160c8f369eeea67d74 Copying blob sha256:684d2252f7cb48046033a6056138e2e87debcf6be21127620dbd3d74bb06dc8c Copying blob sha256:b132a8645fb8b26a6102446b40b2cf873ce4cefe6cc07ff376baf25f2d4a038a Copying blob sha256:425d2358bdbb44f47cf53c5a112183d2bf404fef38063a4e97ec4ae3e2ff8129 Copying blob sha256:ce2677d45c7d7a67102606beb658c6d356424845fcc61b8aefa3c8bc797c0d26 Copying blob sha256:1d44fc1ef362d743f905f7bbd6c611654d1df1176f757a4916a842a693e2b2c3 Copying blob sha256:89604ec81cda353f33b8fae7fb3e728cbc404e5c07251c03f385630f045af64f Copying blob sha256:0c1e557dc8fc9227e79cc2e74a2b6050e6986da5b40e2f3793eed663b64c2379 Copying blob sha256:315047296824bbb6e525f5e165ca40f27f58cae9819421732e120fb009d8dee2 Copying blob sha256:b56230ae1fe835f84f14d4c1f053dad6e1e51f4b296d5a32b916586b92c37842 Copying blob sha256:734bed8ccc93a78f1324bca57807e9117c8b1e57e44aa19835a07ab1f9bdafdb Copying blob sha256:fd8507a36e9a99a9105c927575bb97e0e1ab3fc39cf8f894467aa167f8976e39 Copying blob sha256:92dbffc31bb9bb8cafaf8aa172edb99572f9daca50a4daad1c4d32e62a32c12d Copying blob sha256:d4bdf995fb0c30be762af6740ad192dec0fe5ff59410da53831060108a1212ed Copying blob sha256:a508f6b5cce70765461f5226837f59d8227575e6146400e138f7e449b4e93cff Copying blob sha256:419b36ede5423442f70bf7335773a085e7bbd7444e2866943e37a807f4477c89 Copying blob sha256:211415a511ae1eb8df3dbe0fe54b526ecd18f84058262a68397616786dce67d8 Copying blob sha256:af2b864c79bd0b5f2c51f4c9e0825e8696fc9825ce16e7cf6b4d2193c6b11649 Copying blob sha256:907c1b845f6bbd9a9d6486ee698639b8654edbcced65887a34a83f6744446492 Copying blob sha256:5f648469401c548c46968fb947b491c3a0853ad3e5c3222e8f0163e94d682bfa Copying blob sha256:0b33f99ea7702af40e2b51ea00afb6837e7274a0a38b99e1d1f98c18a9be1ca0 Copying blob sha256:0c183b7c6e21f30e42351b2d0e288818f0e0682bad59269545df19b7791ea5c9 Copying blob sha256:841180a12dc438cd39638bd3f12f464280fbf929b915022042205cc34f12b1eb Copying config sha256:41e8a484dfba2bf38d2fa77bd30f06079f5acaeca89e39a01142db966cfef1d6 Writing manifest to image destination Storing signatures $ trivy --no-progress --input /image 2021-05-12T14:13:30.017Z INFO Need to update DB 2021-05-12T14:13:30.017Z INFO Downloading DB... 2021-05-12T14:13:33.558Z WARN This OS version is not on the EOL list: alpine 3.13 2021-05-12T14:13:33.558Z INFO Detecting Alpine vulnerabilities... 2021-05-12T14:13:33.559Z WARN This OS version is no longer supported by the distribution: alpine 3.13.5 2021-05-12T14:13:33.559Z WARN The vulnerability detection may be insufficient because security updates are not provided /image (alpine 3.13.5) ====================== Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------+ | musl | CVE-2020-28928 | MEDIUM | 1.2.2-r0 | 1.2.2_pre2-r0 | In musl libc through 1.2.1, | | | | | | | wcsnrtombs mishandles | | | | | | | particular combinations of | | | | | | | destination buffer... | +---------+------------------+----------+-------------------+---------------+--------------------------------+ $ trivy --no-progress -f json -o gl-container-scanning-report.json --input /image 2021-05-12T14:13:33.572Z WARN This OS version is not on the EOL list: alpine 3.13 2021-05-12T14:13:33.572Z INFO Detecting Alpine vulnerabilities... 2021-05-12T14:13:33.573Z WARN This OS version is no longer supported by the distribution: alpine 3.13.5 2021-05-12T14:13:33.573Z WARN The vulnerability detection may be insufficient because security updates are not provided $ echo "This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans" This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans section_end:1620828813:step_script section_start:1620828813:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... gl-container-scanning-report.json: found 1 matching files and directories Uploading artifacts as "container_scanning" to coordinator... ok id=3281225 responseStatus=201 Created token=jUFASaL5 section_end:1620828814:upload_artifacts_on_success section_start:1620828814:cleanup_file_variables Cleaning up file based variables section_end:1620828814:cleanup_file_variables Job succeeded