Skip to content
Snippets Groups Projects

dependency_scanning

Passed Started by
Dhiraj Bodicherla
@dbodicherla
This job is archived. Only the complete pipeline can be retried.
1Running with gitlab-runner 12.5.0-rc1 (b295d93b)
2 on docker-auto-scale 72989761
3 Using Docker executor with image docker:stable ... 01:41
4Starting service docker:stable-dind ...
5Pulling docker image docker:stable-dind ...
6Using docker image sha256:a4b37e66ffc766b66c4e5001a2774228c080c970cd44152ea43cbde1748160c7 for docker:stable-dind ...
7Waiting for services to be up and running...
8*** WARNING: Service runner-72989761-project-4422333-concurrent-0-docker-0 probably didn't start properly.
9Health check error:
10service "runner-72989761-project-4422333-concurrent-0-docker-0-wait-for-service" timeout
11Health check container logs:
12Service container logs:
132019-12-09T05:16:29.937018533Z time="2019-12-09T05:16:29.936739733Z" level=info msg="Starting up"
142019-12-09T05:16:29.961879085Z time="2019-12-09T05:16:29.960924847Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
152019-12-09T05:16:29.961910100Z time="2019-12-09T05:16:29.961238949Z" level=warning msg="[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]"
162019-12-09T05:16:29.995960466Z time="2019-12-09T05:16:29.995829212Z" level=info msg="libcontainerd: started new containerd process" pid=20
172019-12-09T05:16:29.996116713Z time="2019-12-09T05:16:29.996047860Z" level=info msg="parsed scheme: \"unix\"" module=grpc
182019-12-09T05:16:29.996177014Z time="2019-12-09T05:16:29.996138209Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
192019-12-09T05:16:29.996256706Z time="2019-12-09T05:16:29.996216132Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc
202019-12-09T05:16:29.996325133Z time="2019-12-09T05:16:29.996286436Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
212019-12-09T05:16:30.584968838Z time="2019-12-09T05:16:30.584821128Z" level=info msg="starting containerd" revision=b34a5c8af56e510852c35414db4c1f4fa6172339 version=v1.2.10
222019-12-09T05:16:30.585442103Z time="2019-12-09T05:16:30.585382577Z" level=info msg="loading plugin "io.containerd.content.v1.content"..." type=io.containerd.content.v1
232019-12-09T05:16:30.585627524Z time="2019-12-09T05:16:30.585583247Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.btrfs"..." type=io.containerd.snapshotter.v1
242019-12-09T05:16:30.586137627Z time="2019-12-09T05:16:30.585915936Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.btrfs" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
252019-12-09T05:16:30.586232163Z time="2019-12-09T05:16:30.586196671Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.aufs"..." type=io.containerd.snapshotter.v1
262019-12-09T05:16:30.613843931Z time="2019-12-09T05:16:30.613656444Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.aufs" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1"
272019-12-09T05:16:30.613982966Z time="2019-12-09T05:16:30.613909165Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.native"..." type=io.containerd.snapshotter.v1
282019-12-09T05:16:30.614212316Z time="2019-12-09T05:16:30.614150181Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.overlayfs"..." type=io.containerd.snapshotter.v1
292019-12-09T05:16:30.614487504Z time="2019-12-09T05:16:30.614421599Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1
302019-12-09T05:16:30.615825227Z time="2019-12-09T05:16:30.615696291Z" level=info msg="skip loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1
312019-12-09T05:16:30.615925244Z time="2019-12-09T05:16:30.615884749Z" level=info msg="loading plugin "io.containerd.metadata.v1.bolt"..." type=io.containerd.metadata.v1
322019-12-09T05:16:30.616124657Z time="2019-12-09T05:16:30.616068262Z" level=warning msg="could not use snapshotter btrfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
332019-12-09T05:16:30.616195811Z time="2019-12-09T05:16:30.616140489Z" level=warning msg="could not use snapshotter aufs in metadata plugin" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1"
342019-12-09T05:16:30.616265433Z time="2019-12-09T05:16:30.616217304Z" level=warning msg="could not use snapshotter zfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin"
352019-12-09T05:16:30.629601427Z time="2019-12-09T05:16:30.629414268Z" level=info msg="loading plugin "io.containerd.differ.v1.walking"..." type=io.containerd.differ.v1
362019-12-09T05:16:30.629728060Z time="2019-12-09T05:16:30.629658547Z" level=info msg="loading plugin "io.containerd.gc.v1.scheduler"..." type=io.containerd.gc.v1
372019-12-09T05:16:30.629869147Z time="2019-12-09T05:16:30.629815678Z" level=info msg="loading plugin "io.containerd.service.v1.containers-service"..." type=io.containerd.service.v1
382019-12-09T05:16:30.629956512Z time="2019-12-09T05:16:30.629897526Z" level=info msg="loading plugin "io.containerd.service.v1.content-service"..." type=io.containerd.service.v1
392019-12-09T05:16:30.630059758Z time="2019-12-09T05:16:30.629998526Z" level=info msg="loading plugin "io.containerd.service.v1.diff-service"..." type=io.containerd.service.v1
402019-12-09T05:16:30.630142292Z time="2019-12-09T05:16:30.630081997Z" level=info msg="loading plugin "io.containerd.service.v1.images-service"..." type=io.containerd.service.v1
412019-12-09T05:16:30.630197680Z time="2019-12-09T05:16:30.630162978Z" level=info msg="loading plugin "io.containerd.service.v1.leases-service"..." type=io.containerd.service.v1
422019-12-09T05:16:30.630273736Z time="2019-12-09T05:16:30.630239176Z" level=info msg="loading plugin "io.containerd.service.v1.namespaces-service"..." type=io.containerd.service.v1
432019-12-09T05:16:30.630353692Z time="2019-12-09T05:16:30.630309539Z" level=info msg="loading plugin "io.containerd.service.v1.snapshots-service"..." type=io.containerd.service.v1
442019-12-09T05:16:30.630423275Z time="2019-12-09T05:16:30.630374592Z" level=info msg="loading plugin "io.containerd.runtime.v1.linux"..." type=io.containerd.runtime.v1
452019-12-09T05:16:30.631676671Z time="2019-12-09T05:16:30.631573814Z" level=info msg="loading plugin "io.containerd.runtime.v2.task"..." type=io.containerd.runtime.v2
462019-12-09T05:16:30.631933952Z time="2019-12-09T05:16:30.631875828Z" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." type=io.containerd.monitor.v1
472019-12-09T05:16:30.633658175Z time="2019-12-09T05:16:30.633566932Z" level=info msg="loading plugin "io.containerd.service.v1.tasks-service"..." type=io.containerd.service.v1
482019-12-09T05:16:30.633803876Z time="2019-12-09T05:16:30.633729030Z" level=info msg="loading plugin "io.containerd.internal.v1.restart"..." type=io.containerd.internal.v1
492019-12-09T05:16:30.633961649Z time="2019-12-09T05:16:30.633905499Z" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." type=io.containerd.grpc.v1
502019-12-09T05:16:30.634089672Z time="2019-12-09T05:16:30.634035105Z" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." type=io.containerd.grpc.v1
512019-12-09T05:16:30.634160331Z time="2019-12-09T05:16:30.634110313Z" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." type=io.containerd.grpc.v1
522019-12-09T05:16:30.634215442Z time="2019-12-09T05:16:30.634180998Z" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." type=io.containerd.grpc.v1
532019-12-09T05:16:30.634291226Z time="2019-12-09T05:16:30.634257012Z" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." type=io.containerd.grpc.v1
542019-12-09T05:16:30.634380055Z time="2019-12-09T05:16:30.634332987Z" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." type=io.containerd.grpc.v1
552019-12-09T05:16:30.634447651Z time="2019-12-09T05:16:30.634399154Z" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." type=io.containerd.grpc.v1
562019-12-09T05:16:30.634500366Z time="2019-12-09T05:16:30.634466481Z" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." type=io.containerd.grpc.v1
572019-12-09T05:16:30.634585052Z time="2019-12-09T05:16:30.634538519Z" level=info msg="loading plugin "io.containerd.internal.v1.opt"..." type=io.containerd.internal.v1
582019-12-09T05:16:30.635880797Z time="2019-12-09T05:16:30.635799246Z" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." type=io.containerd.grpc.v1
592019-12-09T05:16:30.635998062Z time="2019-12-09T05:16:30.635936760Z" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." type=io.containerd.grpc.v1
602019-12-09T05:16:30.636082133Z time="2019-12-09T05:16:30.636021939Z" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." type=io.containerd.grpc.v1
612019-12-09T05:16:30.636156559Z time="2019-12-09T05:16:30.636110606Z" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1
622019-12-09T05:16:30.637610820Z time="2019-12-09T05:16:30.637528476Z" level=info msg=serving... address="/var/run/docker/containerd/containerd-debug.sock"
632019-12-09T05:16:30.637813493Z time="2019-12-09T05:16:30.637734809Z" level=info msg=serving... address="/var/run/docker/containerd/containerd.sock"
642019-12-09T05:16:30.637907548Z time="2019-12-09T05:16:30.637843784Z" level=info msg="containerd successfully booted in 0.053707s"
652019-12-09T05:16:30.668209935Z time="2019-12-09T05:16:30.668063137Z" level=info msg="Setting the storage driver from the $DOCKER_DRIVER environment variable (overlay2)"
662019-12-09T05:16:30.668583824Z time="2019-12-09T05:16:30.668506039Z" level=info msg="parsed scheme: \"unix\"" module=grpc
672019-12-09T05:16:30.668678704Z time="2019-12-09T05:16:30.668608946Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
682019-12-09T05:16:30.668785616Z time="2019-12-09T05:16:30.668706177Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc
692019-12-09T05:16:30.668878868Z time="2019-12-09T05:16:30.668815498Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
702019-12-09T05:16:30.717448166Z time="2019-12-09T05:16:30.717261117Z" level=info msg="parsed scheme: \"unix\"" module=grpc
712019-12-09T05:16:30.717561677Z time="2019-12-09T05:16:30.717485709Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
722019-12-09T05:16:30.717686269Z time="2019-12-09T05:16:30.717599234Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc
732019-12-09T05:16:30.717769945Z time="2019-12-09T05:16:30.717702922Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
742019-12-09T05:16:30.776149046Z time="2019-12-09T05:16:30.775941141Z" level=info msg="Loading containers: start."
752019-12-09T05:16:30.790647038Z time="2019-12-09T05:16:30.790449824Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: ip: can't find device 'bridge'\nbridge 167936 1 br_netfilter\nstp 16384 1 bridge\nllc 16384 2 bridge,stp\nip: can't find device 'br_netfilter'\nbr_netfilter 24576 0 \nbridge 167936 1 br_netfilter\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1"
762019-12-09T05:16:30.993078190Z time="2019-12-09T05:16:30.992907927Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.18.0.0/16. Daemon option --bip can be used to set a preferred IP address"
772019-12-09T05:16:31.066817074Z time="2019-12-09T05:16:31.066653140Z" level=info msg="Loading containers: done."
782019-12-09T05:16:31.267339806Z time="2019-12-09T05:16:31.267168580Z" level=info msg="Docker daemon" commit=633a0ea838 graphdriver(s)=overlay2 version=19.03.5
792019-12-09T05:16:31.267673947Z time="2019-12-09T05:16:31.267592745Z" level=info msg="Daemon has completed initialization"
802019-12-09T05:16:31.343600972Z time="2019-12-09T05:16:31.342318009Z" level=info msg="API listen on [::]:2375"
812019-12-09T05:16:31.343862965Z time="2019-12-09T05:16:31.343729136Z" level=info msg="API listen on /var/run/docker.sock"
82*********
83Pulling docker image docker:stable ...
84Using docker image sha256:52f7c6fb16b9e24691d5b200d81b2db1c3dae95d2a744ac5db72b858db6f70ef for docker:stable ...
85 Running on runner-72989761-project-4422333-concurrent-0 via runner-72989761-stg-srm-1575868519-47c4dc56... 00:01
86 Fetching changes with git depth set to 50... 00:02
87Initialized empty Git repository in /builds/gitlab-org/monitor/monitor-sandbox/.git/
88Created fresh repository.
89From https://staging.gitlab.com/gitlab-org/monitor/monitor-sandbox
90 * [new ref] refs/pipelines/12691041 -> refs/pipelines/12691041
91 * [new branch] master -> origin/master
92Checking out fe5c9d47 as master...
93Skipping Git submodules setup
94 $ export DS_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')} 00:39
95$ if ! docker info &>/dev/null; then # collapsed multi-line command
96$ function propagate_env_vars() { # collapsed multi-line command
97$ docker run \ # collapsed multi-line command
98Unable to find image 'registry.gitlab.com/gitlab-org/security-products/dependency-scanning:12-6-stable' locally
9912-6-stable: Pulling from gitlab-org/security-products/dependency-scanning
1006c23a00b1a9b: Pulling fs layer
1016c23a00b1a9b: Verifying Checksum
1026c23a00b1a9b: Download complete
1036c23a00b1a9b: Pull complete
104Digest: sha256:396ac8102ac418b2108cbe30b4e8c131d23e69f799c5f1e94199d459d521f4ef
105Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/dependency-scanning:12-6-stable
1062019/12/09 05:17:09 Copy project directory to containers
1072019/12/09 05:17:09 [bundler-audit] Detect project using plugin
1082019/12/09 05:17:09 [bundler-audit] Project not compatible
1092019/12/09 05:17:09 [retire.js] Detect project using plugin
1102019/12/09 05:17:09 [retire.js] Project is compatible
1112019/12/09 05:17:09 [retire.js] Starting analyzer...
1122: Pulling from gitlab-org/security-products/analyzers/retire.js
113e7c96db7181b: Pulling fs layer
1140119aca44649: Pulling fs layer
11540df19605a18: Pulling fs layer
11682194b8b4a64: Pulling fs layer
1173f8eebd75473: Pulling fs layer
118ce34450465a3: Pulling fs layer
1190fcd52cbb8bb: Pulling fs layer
120cdf1a3cf27a9: Pulling fs layer
1213bec502c4637: Pulling fs layer
12282194b8b4a64: Waiting
1233f8eebd75473: Waiting
124ce34450465a3: Waiting
1250fcd52cbb8bb: Waiting
126cdf1a3cf27a9: Waiting
1273bec502c4637: Waiting
128e7c96db7181b: Verifying Checksum
129e7c96db7181b: Download complete
13040df19605a18: Verifying Checksum
13140df19605a18: Download complete
13282194b8b4a64: Verifying Checksum
13382194b8b4a64: Download complete
1340119aca44649: Verifying Checksum
1350119aca44649: Download complete
1360fcd52cbb8bb: Verifying Checksum
1370fcd52cbb8bb: Download complete
138ce34450465a3: Verifying Checksum
139ce34450465a3: Download complete
1403f8eebd75473: Verifying Checksum
1413f8eebd75473: Download complete
142e7c96db7181b: Pull complete
143cdf1a3cf27a9: Verifying Checksum
144cdf1a3cf27a9: Download complete
1453bec502c4637: Verifying Checksum
1463bec502c4637: Download complete
1470119aca44649: Pull complete
14840df19605a18: Pull complete
14982194b8b4a64: Pull complete
1503f8eebd75473: Pull complete
151ce34450465a3: Pull complete
1520fcd52cbb8bb: Pull complete
153cdf1a3cf27a9: Pull complete
1543bec502c4637: Pull complete
155Digest: sha256:43629ccef9a6762392c0ec871f6956df453bab3ac3aa05454d7ccbeb43827d7c
156Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/retire.js:2
157Found project in /tmp/app
158Using python 3
159Installing dependencies...
160added 159 packages from 617 contributors and audited 303 packages in 5.875s
161found 8 vulnerabilities (1 low, 1 moderate, 6 high)
162 run `npm audit fix` to fix them, or `npm audit` for details
1632019/12/09 05:17:34 [gemnasium] Detect project using plugin
1642019/12/09 05:17:34 [gemnasium] Project is compatible
1652019/12/09 05:17:34 [gemnasium] Starting analyzer...
1662: Pulling from gitlab-org/security-products/analyzers/gemnasium
167e7c96db7181b: Already exists
1680119aca44649: Already exists
16940df19605a18: Already exists
17082194b8b4a64: Already exists
1713362bd7971bd: Pulling fs layer
1722a7031a0c0d0: Pulling fs layer
173adba3bb11d69: Pulling fs layer
1743362bd7971bd: Verifying Checksum
1753362bd7971bd: Download complete
176adba3bb11d69: Verifying Checksum
177adba3bb11d69: Download complete
1783362bd7971bd: Pull complete
1792a7031a0c0d0: Verifying Checksum
1802a7031a0c0d0: Download complete
1812a7031a0c0d0: Pull complete
182adba3bb11d69: Pull complete
183Digest: sha256:62b8d7fec097d2738758f0a8093de778b1ddc25b7b5fd654d534b162acb463dc
184Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium:2
185Found project in /tmp/app
186From https://gitlab.com/gitlab-org/security-products/gemnasium-db
187 * branch master -> FETCH_HEAD
188 28ddfe81..c4e94603 master -> origin/master
189HEAD is now at c4e94603 Merge branch 'adbcurate/CVE-2014-0149.yml' into 'master'
1902019/12/09 05:17:43 Cannot auto-remediate dependency file, not supported: package-lock.json
1912019/12/09 05:17:44 [gemnasium-maven] Detect project using plugin
1922019/12/09 05:17:44 [gemnasium-maven] Project not compatible
1932019/12/09 05:17:44 [gemnasium-python] Detect project using plugin
1942019/12/09 05:17:44 [gemnasium-python] Project not compatible
195+----------------------------------------------------------------------------------------+
196| Severity | Tool | Identifier |
197+----------------------------------------------------------------------------------------+
198| Medium | Retire.js | |
199| |
200| Code Injection in morgan |
201| In package.json |
202+----------------------------------------------------------------------------------------+
203| Low | Retire.js | |
204| |
205| Prototype pollution attack in lodash |
206| In package.json |
207+----------------------------------------------------------------------------------------+
208| Unknown | Gemnasium | CVE-2019-1010266 |
209| |
210| Uncontrolled Resource Consumption in lodash |
211| Solution: Upgrade to version 4.17.11 or above. |
212| In package-lock.json |
213+----------------------------------------------------------------------------------------+
214| Unknown | Gemnasium | CVE-2019-10744 |
215| |
216| Improper Input Validation in lodash |
217| Solution: Upgrade to version 4.17.12 or above. |
218| In package-lock.json |
219+----------------------------------------------------------------------------------------+
220| Unknown | Gemnasium | CVE-2019-5413 |
221| |
222| Command Injection in morgan |
223| Solution: Upgrade to version 1.9.1 or above. |
224| In package-lock.json |
225+----------------------------------------------------------------------------------------+
226 Uploading artifacts... 00:02
227gl-dependency-scanning-report.json: found 1 matching files
228Uploading artifacts to coordinator... ok id=36929283 responseStatus=201 Created token=pjpitALz
229Job succeeded