Skip to content
Snippets Groups Projects

sast

Passed Started by
Dhiraj Bodicherla
@dbodicherla
This job is archived. Only the complete pipeline can be retried.
1Running with gitlab-runner 12.5.0-rc1 (b295d93b)
2 on docker-auto-scale fa6cab46
3 Using Docker executor with image docker:stable ... 01:40
4Starting service docker:stable-dind ...
5Pulling docker image docker:stable-dind ...
6Using docker image sha256:a4b37e66ffc766b66c4e5001a2774228c080c970cd44152ea43cbde1748160c7 for docker:stable-dind ...
7Waiting for services to be up and running...
8*** WARNING: Service runner-fa6cab46-project-4422333-concurrent-0-docker-0 probably didn't start properly.
9Health check error:
10service "runner-fa6cab46-project-4422333-concurrent-0-docker-0-wait-for-service" timeout
11Health check container logs:
12Service container logs:
132019-12-09T05:16:30.877752157Z time="2019-12-09T05:16:30.877494954Z" level=info msg="Starting up"
142019-12-09T05:16:30.900708271Z time="2019-12-09T05:16:30.899831232Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
152019-12-09T05:16:30.900749003Z time="2019-12-09T05:16:30.900200763Z" level=warning msg="[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]"
162019-12-09T05:16:31.053274947Z time="2019-12-09T05:16:31.052865367Z" level=info msg="libcontainerd: started new containerd process" pid=19
172019-12-09T05:16:31.053315531Z time="2019-12-09T05:16:31.052914675Z" level=info msg="parsed scheme: \"unix\"" module=grpc
182019-12-09T05:16:31.053320769Z time="2019-12-09T05:16:31.052923982Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
192019-12-09T05:16:31.053324794Z time="2019-12-09T05:16:31.052945842Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc
202019-12-09T05:16:31.053329092Z time="2019-12-09T05:16:31.052963048Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
212019-12-09T05:16:31.936784538Z time="2019-12-09T05:16:31.936649088Z" level=info msg="starting containerd" revision=b34a5c8af56e510852c35414db4c1f4fa6172339 version=v1.2.10
222019-12-09T05:16:31.937259946Z time="2019-12-09T05:16:31.937202510Z" level=info msg="loading plugin "io.containerd.content.v1.content"..." type=io.containerd.content.v1
232019-12-09T05:16:31.937437175Z time="2019-12-09T05:16:31.937389547Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.btrfs"..." type=io.containerd.snapshotter.v1
242019-12-09T05:16:31.937739038Z time="2019-12-09T05:16:31.937687803Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.btrfs" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
252019-12-09T05:16:31.937805446Z time="2019-12-09T05:16:31.937767100Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.aufs"..." type=io.containerd.snapshotter.v1
262019-12-09T05:16:31.947968669Z time="2019-12-09T05:16:31.947847901Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.aufs" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1"
272019-12-09T05:16:31.948109155Z time="2019-12-09T05:16:31.948061598Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.native"..." type=io.containerd.snapshotter.v1
282019-12-09T05:16:31.948306551Z time="2019-12-09T05:16:31.948261665Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.overlayfs"..." type=io.containerd.snapshotter.v1
292019-12-09T05:16:31.948570146Z time="2019-12-09T05:16:31.948515224Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1
302019-12-09T05:16:31.949533286Z time="2019-12-09T05:16:31.949472973Z" level=info msg="skip loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1
312019-12-09T05:16:31.949611065Z time="2019-12-09T05:16:31.949563448Z" level=info msg="loading plugin "io.containerd.metadata.v1.bolt"..." type=io.containerd.metadata.v1
322019-12-09T05:16:31.949749469Z time="2019-12-09T05:16:31.949696430Z" level=warning msg="could not use snapshotter btrfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter"
332019-12-09T05:16:31.949800612Z time="2019-12-09T05:16:31.949771165Z" level=warning msg="could not use snapshotter aufs in metadata plugin" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1"
342019-12-09T05:16:31.949874971Z time="2019-12-09T05:16:31.949842785Z" level=warning msg="could not use snapshotter zfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin"
352019-12-09T05:16:31.957940864Z time="2019-12-09T05:16:31.957817123Z" level=info msg="loading plugin "io.containerd.differ.v1.walking"..." type=io.containerd.differ.v1
362019-12-09T05:16:31.958083942Z time="2019-12-09T05:16:31.958022635Z" level=info msg="loading plugin "io.containerd.gc.v1.scheduler"..." type=io.containerd.gc.v1
372019-12-09T05:16:31.958198240Z time="2019-12-09T05:16:31.958137675Z" level=info msg="loading plugin "io.containerd.service.v1.containers-service"..." type=io.containerd.service.v1
382019-12-09T05:16:31.958251299Z time="2019-12-09T05:16:31.958225790Z" level=info msg="loading plugin "io.containerd.service.v1.content-service"..." type=io.containerd.service.v1
392019-12-09T05:16:31.958327241Z time="2019-12-09T05:16:31.958295710Z" level=info msg="loading plugin "io.containerd.service.v1.diff-service"..." type=io.containerd.service.v1
402019-12-09T05:16:31.958406516Z time="2019-12-09T05:16:31.958369640Z" level=info msg="loading plugin "io.containerd.service.v1.images-service"..." type=io.containerd.service.v1
412019-12-09T05:16:31.958456672Z time="2019-12-09T05:16:31.958432132Z" level=info msg="loading plugin "io.containerd.service.v1.leases-service"..." type=io.containerd.service.v1
422019-12-09T05:16:31.958529929Z time="2019-12-09T05:16:31.958498867Z" level=info msg="loading plugin "io.containerd.service.v1.namespaces-service"..." type=io.containerd.service.v1
432019-12-09T05:16:31.958606264Z time="2019-12-09T05:16:31.958570366Z" level=info msg="loading plugin "io.containerd.service.v1.snapshots-service"..." type=io.containerd.service.v1
442019-12-09T05:16:31.958656248Z time="2019-12-09T05:16:31.958631932Z" level=info msg="loading plugin "io.containerd.runtime.v1.linux"..." type=io.containerd.runtime.v1
452019-12-09T05:16:31.959018025Z time="2019-12-09T05:16:31.958956612Z" level=info msg="loading plugin "io.containerd.runtime.v2.task"..." type=io.containerd.runtime.v2
462019-12-09T05:16:31.959264549Z time="2019-12-09T05:16:31.959217753Z" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." type=io.containerd.monitor.v1
472019-12-09T05:16:31.961085969Z time="2019-12-09T05:16:31.960995856Z" level=info msg="loading plugin "io.containerd.service.v1.tasks-service"..." type=io.containerd.service.v1
482019-12-09T05:16:31.961222982Z time="2019-12-09T05:16:31.961165930Z" level=info msg="loading plugin "io.containerd.internal.v1.restart"..." type=io.containerd.internal.v1
492019-12-09T05:16:31.961501494Z time="2019-12-09T05:16:31.961442808Z" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." type=io.containerd.grpc.v1
502019-12-09T05:16:31.961594450Z time="2019-12-09T05:16:31.961532163Z" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." type=io.containerd.grpc.v1
512019-12-09T05:16:31.961643439Z time="2019-12-09T05:16:31.961618356Z" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." type=io.containerd.grpc.v1
522019-12-09T05:16:31.961717768Z time="2019-12-09T05:16:31.961686131Z" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." type=io.containerd.grpc.v1
532019-12-09T05:16:31.961804423Z time="2019-12-09T05:16:31.961760282Z" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." type=io.containerd.grpc.v1
542019-12-09T05:16:31.961877416Z time="2019-12-09T05:16:31.961828884Z" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." type=io.containerd.grpc.v1
552019-12-09T05:16:31.961928215Z time="2019-12-09T05:16:31.961897434Z" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." type=io.containerd.grpc.v1
562019-12-09T05:16:31.962006325Z time="2019-12-09T05:16:31.961974944Z" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." type=io.containerd.grpc.v1
572019-12-09T05:16:31.962107433Z time="2019-12-09T05:16:31.962063661Z" level=info msg="loading plugin "io.containerd.internal.v1.opt"..." type=io.containerd.internal.v1
582019-12-09T05:16:31.963029541Z time="2019-12-09T05:16:31.962964670Z" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." type=io.containerd.grpc.v1
592019-12-09T05:16:31.963143267Z time="2019-12-09T05:16:31.963092833Z" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." type=io.containerd.grpc.v1
602019-12-09T05:16:31.963213398Z time="2019-12-09T05:16:31.963163703Z" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." type=io.containerd.grpc.v1
612019-12-09T05:16:31.963265337Z time="2019-12-09T05:16:31.963233176Z" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1
622019-12-09T05:16:31.964331428Z time="2019-12-09T05:16:31.964265166Z" level=info msg=serving... address="/var/run/docker/containerd/containerd-debug.sock"
632019-12-09T05:16:31.964502285Z time="2019-12-09T05:16:31.964445455Z" level=info msg=serving... address="/var/run/docker/containerd/containerd.sock"
642019-12-09T05:16:31.964575460Z time="2019-12-09T05:16:31.964526839Z" level=info msg="containerd successfully booted in 0.028498s"
652019-12-09T05:16:32.050440778Z time="2019-12-09T05:16:32.050306240Z" level=info msg="Setting the storage driver from the $DOCKER_DRIVER environment variable (overlay2)"
662019-12-09T05:16:32.050818023Z time="2019-12-09T05:16:32.050742831Z" level=info msg="parsed scheme: \"unix\"" module=grpc
672019-12-09T05:16:32.050933365Z time="2019-12-09T05:16:32.050849645Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
682019-12-09T05:16:32.051021550Z time="2019-12-09T05:16:32.050961520Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc
692019-12-09T05:16:32.051124184Z time="2019-12-09T05:16:32.051084632Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
702019-12-09T05:16:32.065962765Z time="2019-12-09T05:16:32.065812952Z" level=info msg="parsed scheme: \"unix\"" module=grpc
712019-12-09T05:16:32.066119641Z time="2019-12-09T05:16:32.066059446Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
722019-12-09T05:16:32.066234483Z time="2019-12-09T05:16:32.066149382Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc
732019-12-09T05:16:32.066304567Z time="2019-12-09T05:16:32.066251943Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
742019-12-09T05:16:32.137119473Z time="2019-12-09T05:16:32.136945842Z" level=info msg="Loading containers: start."
752019-12-09T05:16:32.204790453Z time="2019-12-09T05:16:32.204610101Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: ip: can't find device 'bridge'\nbridge 167936 1 br_netfilter\nstp 16384 1 bridge\nllc 16384 2 bridge,stp\nip: can't find device 'br_netfilter'\nbr_netfilter 24576 0 \nbridge 167936 1 br_netfilter\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1"
762019-12-09T05:16:32.466188049Z time="2019-12-09T05:16:32.466013538Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.18.0.0/16. Daemon option --bip can be used to set a preferred IP address"
772019-12-09T05:16:32.543741119Z time="2019-12-09T05:16:32.543594486Z" level=info msg="Loading containers: done."
782019-12-09T05:16:32.802924353Z time="2019-12-09T05:16:32.802779992Z" level=info msg="Docker daemon" commit=633a0ea838 graphdriver(s)=overlay2 version=19.03.5
792019-12-09T05:16:32.803254121Z time="2019-12-09T05:16:32.803160805Z" level=info msg="Daemon has completed initialization"
802019-12-09T05:16:32.923099405Z time="2019-12-09T05:16:32.921884137Z" level=info msg="API listen on [::]:2375"
812019-12-09T05:16:32.923286023Z time="2019-12-09T05:16:32.923207618Z" level=info msg="API listen on /var/run/docker.sock"
82*********
83Pulling docker image docker:stable ...
84Using docker image sha256:52f7c6fb16b9e24691d5b200d81b2db1c3dae95d2a744ac5db72b858db6f70ef for docker:stable ...
85 Running on runner-fa6cab46-project-4422333-concurrent-0 via runner-fa6cab46-stg-srm-1575868520-56d69b39... 00:01
86 Fetching changes with git depth set to 50... 00:03
87Initialized empty Git repository in /builds/gitlab-org/monitor/monitor-sandbox/.git/
88Created fresh repository.
89From https://staging.gitlab.com/gitlab-org/monitor/monitor-sandbox
90 * [new ref] refs/pipelines/12691041 -> refs/pipelines/12691041
91 * [new branch] master -> origin/master
92Checking out fe5c9d47 as master...
93Skipping Git submodules setup
94 $ export SAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')} 00:32
95$ if ! docker info &>/dev/null; then # collapsed multi-line command
96$ printenv | grep -E '^(DOCKER_|CI|GITLAB_|FF_|HOME|PWD|OLDPWD|PATH|SHLVL|HOSTNAME)' | cut -d'=' -f1 | \ # collapsed multi-line command
97$ docker run \ # collapsed multi-line command
98Unable to find image 'registry.gitlab.com/gitlab-org/security-products/sast:12-6-stable' locally
9912-6-stable: Pulling from gitlab-org/security-products/sast
1006187fa46ead1: Pulling fs layer
1016187fa46ead1: Verifying Checksum
1026187fa46ead1: Download complete
1036187fa46ead1: Pull complete
104Digest: sha256:7cb55dd35db31e9c3c603e5d18430d2bf99cbf593235d55087c956fa537a448b
105Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/sast:12-6-stable
1062019/12/09 05:17:12 Copy project directory to containers
1072019/12/09 05:17:12 [bandit] Detect project using plugin
1082019/12/09 05:17:12 [bandit] Project not compatible
1092019/12/09 05:17:12 [brakeman] Detect project using plugin
1102019/12/09 05:17:12 [brakeman] Project not compatible
1112019/12/09 05:17:12 [gosec] Detect project using plugin
1122019/12/09 05:17:12 [gosec] Project not compatible
1132019/12/09 05:17:12 [spotbugs] Detect project using plugin
1142019/12/09 05:17:12 [spotbugs] Project not compatible
1152019/12/09 05:17:12 [flawfinder] Detect project using plugin
1162019/12/09 05:17:12 [flawfinder] Project not compatible
1172019/12/09 05:17:12 [phpcs-security-audit] Detect project using plugin
1182019/12/09 05:17:12 [phpcs-security-audit] Project not compatible
1192019/12/09 05:17:12 [security-code-scan] Detect project using plugin
1202019/12/09 05:17:12 [security-code-scan] Project not compatible
1212019/12/09 05:17:12 [nodejs-scan] Detect project using plugin
1222019/12/09 05:17:12 [nodejs-scan] Project is compatible
1232019/12/09 05:17:12 [nodejs-scan] Starting analyzer...
1242: Pulling from gitlab-org/security-products/analyzers/nodejs-scan
125a073c86ecf9e: Pulling fs layer
1260e28711eb56d: Pulling fs layer
127e460dd483fdd: Pulling fs layer
12885ef67b3af78: Pulling fs layer
129d0d5f67eed39: Pulling fs layer
1302ff5cc335a21: Pulling fs layer
13185ef67b3af78: Waiting
132d0d5f67eed39: Waiting
1332ff5cc335a21: Waiting
134a073c86ecf9e: Verifying Checksum
135a073c86ecf9e: Download complete
136e460dd483fdd: Verifying Checksum
137e460dd483fdd: Download complete
13885ef67b3af78: Verifying Checksum
13985ef67b3af78: Download complete
140d0d5f67eed39: Verifying Checksum
141d0d5f67eed39: Download complete
1420e28711eb56d: Verifying Checksum
1430e28711eb56d: Download complete
144a073c86ecf9e: Pull complete
1452ff5cc335a21: Verifying Checksum
1462ff5cc335a21: Download complete
1470e28711eb56d: Pull complete
148e460dd483fdd: Pull complete
14985ef67b3af78: Pull complete
150d0d5f67eed39: Pull complete
1512ff5cc335a21: Pull complete
152Digest: sha256:c3a3e79d8e913303edc899f91eac980707e1bf901a013215e4f4a55518e336a0
153Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan:2
154Found project in /tmp/app
15530 rules loaded
156in/app.js -> out/in/app.js
157in/routes/index.js -> out/in/routes/index.js
158in/routes/users.js -> out/in/routes/users.js
1592019/12/09 05:17:19 [eslint] Detect project using plugin
1602019/12/09 05:17:19 [eslint] Project is compatible
1612019/12/09 05:17:19 [eslint] Starting analyzer...
1622: Pulling from gitlab-org/security-products/analyzers/eslint
163e7c96db7181b: Pulling fs layer
1640119aca44649: Pulling fs layer
16540df19605a18: Pulling fs layer
16682194b8b4a64: Pulling fs layer
1676ceedd14dfad: Pulling fs layer
1688df0151cad82: Pulling fs layer
169b0c1380b0752: Pulling fs layer
17082194b8b4a64: Waiting
1716ceedd14dfad: Waiting
1728df0151cad82: Waiting
173b0c1380b0752: Waiting
17440df19605a18: Verifying Checksum
17540df19605a18: Download complete
176e7c96db7181b: Verifying Checksum
177e7c96db7181b: Download complete
17882194b8b4a64: Verifying Checksum
17982194b8b4a64: Download complete
1800119aca44649: Verifying Checksum
1816ceedd14dfad: Verifying Checksum
1826ceedd14dfad: Download complete
1830119aca44649: Download complete
184b0c1380b0752: Verifying Checksum
185b0c1380b0752: Download complete
186e7c96db7181b: Pull complete
1878df0151cad82: Verifying Checksum
1888df0151cad82: Download complete
1890119aca44649: Pull complete
19040df19605a18: Pull complete
19182194b8b4a64: Pull complete
1926ceedd14dfad: Pull complete
1938df0151cad82: Pull complete
194b0c1380b0752: Pull complete
195Digest: sha256:39bea8f52c65ace395d3bec972f23120d411c87507181634f32a32e3181b717e
196Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/eslint:2
197Found project in /tmp/app
1982019/12/09 05:17:28 [tslint] Detect project using plugin
1992019/12/09 05:17:28 [tslint] Project not compatible
2002019/12/09 05:17:28 [secrets] Detect project using plugin
2012019/12/09 05:17:28 [secrets] Project is compatible
2022019/12/09 05:17:28 [secrets] Starting analyzer...
2032: Pulling from gitlab-org/security-products/analyzers/secrets
204bdf0201b3a05: Pulling fs layer
2052b95ad226aea: Pulling fs layer
2065b39a804479c: Pulling fs layer
207df2fe20a49c1: Pulling fs layer
208df2fe20a49c1: Waiting
209bdf0201b3a05: Verifying Checksum
210bdf0201b3a05: Download complete
211df2fe20a49c1: Verifying Checksum
212df2fe20a49c1: Download complete
2135b39a804479c: Verifying Checksum
2145b39a804479c: Download complete
2152b95ad226aea: Verifying Checksum
2162b95ad226aea: Download complete
217bdf0201b3a05: Pull complete
2182b95ad226aea: Pull complete
2195b39a804479c: Pull complete
220df2fe20a49c1: Pull complete
221Digest: sha256:f66cf0d899ed3666abdd3da7341adc7e6f5f552dbf992cf4fd8ef5b0ed59c0be
222Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/secrets:2
2232019/12/09 05:17:38 [sobelow] Detect project using plugin
2242019/12/09 05:17:38 [sobelow] Project not compatible
2252019/12/09 05:17:38 [pmd-apex] Detect project using plugin
2262019/12/09 05:17:38 [pmd-apex] Project not compatible
2272019/12/09 05:17:38 [kubesec] Detect project using plugin
2282019/12/09 05:17:38 [kubesec] Project not compatible
229+----------------------------------------------------------------------------------------+
230| Severity | Tool | Location |
231+----------------------------------------------------------------------------------------+
232 Uploading artifacts... 00:03
233gl-sast-report.json: found 1 matching files
234Uploading artifacts to coordinator... ok id=36929285 responseStatus=201 Created token=b7GJ5tWX
235Job succeeded