Running with gitlab-runner 13.6.0 (8fa89735)  on p1-public-apps-runner-gitlab-runner-567cb455cd-927j7 9syAnSNW section_start:1620914749:resolve_secrets Resolving secrets section_end:1620914749:resolve_secrets section_start:1620914749:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: public-gitlab-runner Using Kubernetes executor with image aquasec/trivy:0.9.0 ... section_end:1620914749:prepare_executor section_start:1620914749:prepare_script Preparing environment Waiting for pod public-gitlab-runner/runner-9syansnw-project-2327-concurrent-2x89nh to be running, status is Pending Running on runner-9syansnw-project-2327-concurrent-2x89nh via p1-public-apps-runner-gitlab-runner-567cb455cd-927j7... section_end:1620914753:prepare_script section_start:1620914753:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/platform-one/big-bang/pipeline-templates/pipeline-templates/.git/ Created fresh repository. Checking out 36d5c881 as kaniko-ib-image... Skipping Git submodules setup section_end:1620914753:get_sources section_start:1620914753:step_script Executing "step_script" stage of the job script $ apk add skopeo fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz (1/26) Installing device-mapper-libs (2.02.186-r0) (2/26) Installing libgpg-error (1.36-r2) (3/26) Installing libassuan (2.5.3-r0) (4/26) Installing libffi (3.2.1-r6) (5/26) Installing libblkid (2.34-r1) (6/26) Installing libmount (2.34-r1) (7/26) Installing pcre (8.43-r1) (8/26) Installing glib (2.62.6-r0) (9/26) Installing ncurses-terminfo-base (6.1_p20200118-r4) (10/26) Installing ncurses-libs (6.1_p20200118-r4) (11/26) Installing libgcrypt (1.8.5-r0) (12/26) Installing libsecret (0.19.1-r0) (13/26) Installing pinentry (1.1.0-r2) Executing pinentry-1.1.0-r2.post-install (14/26) Installing gmp (6.1.2-r1) (15/26) Installing nettle (3.5.1-r0) (16/26) Installing p11-kit (0.23.18.1-r1) (17/26) Installing libtasn1 (4.15.0-r0) (18/26) Installing libunistring (0.9.10-r0) (19/26) Installing gnutls (3.6.15-r1) (20/26) Installing libksba (1.3.5-r0) (21/26) Installing libsasl (2.1.27-r5) (22/26) Installing libldap (2.4.48-r3) (23/26) Installing npth (1.6-r0) (24/26) Installing gnupg (2.2.19-r0) (25/26) Installing gpgme (1.13.1-r1) (26/26) Installing skopeo (0.1.40-r1) Executing busybox-1.31.1-r9.trigger OK: 79 MiB in 64 packages $ skopeo copy --screds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD docker://$IMAGE:$CI_COMMIT_SHORT_SHA oci:/image Getting image source signatures Copying blob sha256:540db60ca9383eac9e418f78490994d0af424aab7bf6d0e47ac8ed4e2e9bcbba Copying blob sha256:5a38b3726f4b24fa93b80450be63ad67fd3239c2f3b83695118d7b1a88447d84 Copying blob sha256:e5fa5deb334027202841b051d10e7c7137fa3b63e97734309cedf6b48804df5f Copying blob sha256:09182082685c0a1147c9f22948720af9bb3544411a1b50562d18071cf31b8e21 Copying blob sha256:4562e3055ed2549b93e450d764e41b62a485d16bafb1f1ed6b67fd610444aa44 Copying blob sha256:b4de57a4336a3a0ab0e109ff4c769bce1d354c121fe62fd5f6063c53fd009d61 Copying blob sha256:542e5df0dc5eda03440d4a00ca01ceefa7cb8282a9d7b406fd54dabcdf4197c0 Copying blob sha256:c6465ec8e72d99c3e4426de1ba8f8d25d1ffb6e91f67f729408fd44845677399 Copying blob sha256:451c8ff1b956660c365ba46d2a4be4db519f61146019a5cf98fb61d14bfdfbc8 Copying blob sha256:aed589cac78de11160f26a6f78300d89f384452195df7e4d6339fd8a4f9dce8c Copying blob sha256:26f3b789d5c7c1aa21a6567bc45cd245479b1fb62009ac8743c8b600cab7a278 Copying blob sha256:7e34920b5a85c321f1b44a9fddfe8dc93b08b6c0eb2f6c322d4b39c04e66a7cc Copying blob sha256:dc1b1ed1f4f0bc32bd143dd5d5a924e3ac49fd90e949eee5606cd3eb23b71f7c Copying blob sha256:5c22feb7b8e4c9af900f8e3aa8bcdddf8bb56e67066ec6405949f7dd13e0bdef Copying blob sha256:7744b2b78b8764d61a8590387df53adb988af656bc110f271564097eb31b4ff5 Copying blob sha256:d9aa03e01fecbc2436713df627dbeb35c60ea8971ad29e2785d2b63d0d68ac64 Copying blob sha256:57ae1e042a2da9e34e7b0d7a9a8dd6415a300a8ea0ff89064399b64cb9f10384 Copying blob sha256:effc55d80578120be035d76140465a8ba38c9d97008d7e14d6d63ce1732a3f95 Copying blob sha256:e60150e2ba9ab32abbc4f6d1e7bd7dcc6b5eaf13e1c44cafe99501a209345ce7 Copying blob sha256:18e7b721d43f288891ceba5c73a20cef78b3b39b5570a94e2742f9e375a59dc8 Copying blob sha256:63c84fa11a485e5ac77c993f93a9625cf75081e973cda214426dd1044cade478 Copying blob sha256:36ec76aeebd3d2c82433e40a05463c4ea84384c0f0ad270c5b1459a195fadc80 Copying blob sha256:923001fe1b1d1f84ca7ddac2c0125132411cab7ea426f32ea770ec484ef176ca Copying blob sha256:5473bbfd20e289a92e870c3d1ad7176e2075eb86616c845a816c194f68195892 Copying blob sha256:87bbb9fdbb2aa8295ff4b61a79be2ed214233bc5babcdc9f807fa83c666c0468 Copying blob sha256:5ece071fec26e1d374034ee3d5cc9b521be9e2491b77f4a841192ccb64458d66 Copying blob sha256:978edb8e3536b992b77b61103efa907b527cb118347f72b995773da0317f2b6d Copying blob sha256:dfd7eb4804614d9127126459c99166fd52d8ae8691c5c5e8820e728019086a76 Copying blob sha256:c13ced4a2c4f8f1bd683f1c6e7e7d2d14a57623ece0d79384fad1937f519f76b Copying config sha256:229b15a32f7bba6de5344d3307451c4406da25868eae35be193a152e4e67f0e2 Writing manifest to image destination Storing signatures $ trivy --no-progress --input /image 2021-05-13T14:06:07.273Z INFO Need to update DB 2021-05-13T14:06:07.273Z INFO Downloading DB... 2021-05-13T14:06:11.517Z WARN This OS version is not on the EOL list: alpine 3.13 2021-05-13T14:06:11.517Z INFO Detecting Alpine vulnerabilities... 2021-05-13T14:06:11.519Z WARN This OS version is no longer supported by the distribution: alpine 3.13.5 2021-05-13T14:06:11.519Z WARN The vulnerability detection may be insufficient because security updates are not provided /image (alpine 3.13.5) ====================== Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) +---------+------------------+----------+-------------------+---------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------+------------------+----------+-------------------+---------------+--------------------------------+ | musl | CVE-2020-28928 | MEDIUM | 1.2.2-r0 | 1.2.2_pre2-r0 | In musl libc through 1.2.1, | | | | | | | wcsnrtombs mishandles | | | | | | | particular combinations of | | | | | | | destination buffer... | +---------+------------------+----------+-------------------+---------------+--------------------------------+ $ trivy --no-progress -f json -o gl-container-scanning-report.json --input /image 2021-05-13T14:06:11.537Z WARN This OS version is not on the EOL list: alpine 3.13 2021-05-13T14:06:11.537Z INFO Detecting Alpine vulnerabilities... 2021-05-13T14:06:11.539Z WARN This OS version is no longer supported by the distribution: alpine 3.13.5 2021-05-13T14:06:11.539Z WARN The vulnerability detection may be insufficient because security updates are not provided $ echo "This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans" This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans section_end:1620914771:step_script section_start:1620914771:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... gl-container-scanning-report.json: found 1 matching files and directories Uploading artifacts as "container_scanning" to coordinator... ok id=3306839 responseStatus=201 Created token=4vY65pos section_end:1620914772:upload_artifacts_on_success section_start:1620914772:cleanup_file_variables Cleaning up file based variables section_end:1620914772:cleanup_file_variables Job succeeded