dependency_scanning
Passed Started
by
@jivanvl
Jose Ivan Vargas Lopez
This job is archived. Only the complete pipeline can be retried.
1Running with gitlab-runner 12.10.0-rc2 (6c8c540f)2 on docker-auto-scale fa6cab464Using Docker executor with image docker:stable ...5Starting service docker:stable-dind ...6Pulling docker image docker:stable-dind ...7Using docker image sha256:c814ba3a41a3de0a9a23b7d0bb36f64257b12aef5103b4ce1d5f1bfc3033aad3 for docker:stable-dind ...8Waiting for services to be up and running...9*** WARNING: Service runner-fa6cab46-project-4422333-concurrent-0-f80f510465f5ee07-docker-0 probably didn't start properly.10Health check error:11service "runner-fa6cab46-project-4422333-concurrent-0-f80f510465f5ee07-docker-0-wait-for-service" timeout12Health check container logs:13Service container logs:142020-05-11T16:00:06.873287111Z time="2020-05-11T16:00:06.871694431Z" level=info msg="Starting up"152020-05-11T16:00:06.873331595Z time="2020-05-11T16:00:06.872920933Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"162020-05-11T16:00:06.873336178Z time="2020-05-11T16:00:06.873106138Z" level=warning msg="[!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting --tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!]"172020-05-11T16:00:06.877286057Z time="2020-05-11T16:00:06.877103102Z" level=info msg="libcontainerd: started new containerd process" pid=18182020-05-11T16:00:06.877303277Z time="2020-05-11T16:00:06.877145687Z" level=info msg="parsed scheme: \"unix\"" module=grpc192020-05-11T16:00:06.877307204Z time="2020-05-11T16:00:06.877153764Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc202020-05-11T16:00:06.879605478Z time="2020-05-11T16:00:06.877170798Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc212020-05-11T16:00:06.879622920Z time="2020-05-11T16:00:06.878215048Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc222020-05-11T16:00:06.921279151Z time="2020-05-11T16:00:06.920333900Z" level=info msg="starting containerd" revision=7ad184331fa3e55e52b890ea95e65ba581ae3429 version=v1.2.13 232020-05-11T16:00:06.921296464Z time="2020-05-11T16:00:06.920670616Z" level=info msg="loading plugin "io.containerd.content.v1.content"..." type=io.containerd.content.v1 242020-05-11T16:00:06.921300988Z time="2020-05-11T16:00:06.920746835Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.btrfs"..." type=io.containerd.snapshotter.v1 252020-05-11T16:00:06.921304999Z time="2020-05-11T16:00:06.920932461Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.btrfs" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter" 262020-05-11T16:00:06.921311066Z time="2020-05-11T16:00:06.920943825Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.aufs"..." type=io.containerd.snapshotter.v1 272020-05-11T16:00:06.933897632Z time="2020-05-11T16:00:06.932996209Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.aufs" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1" 282020-05-11T16:00:06.933926304Z time="2020-05-11T16:00:06.933021960Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.native"..." type=io.containerd.snapshotter.v1 292020-05-11T16:00:06.933930613Z time="2020-05-11T16:00:06.933126016Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.overlayfs"..." type=io.containerd.snapshotter.v1 302020-05-11T16:00:06.933934354Z time="2020-05-11T16:00:06.933287751Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1 312020-05-11T16:00:06.933938100Z time="2020-05-11T16:00:06.933523362Z" level=info msg="skip loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1 322020-05-11T16:00:06.933941569Z time="2020-05-11T16:00:06.933532455Z" level=info msg="loading plugin "io.containerd.metadata.v1.bolt"..." type=io.containerd.metadata.v1 332020-05-11T16:00:06.933948850Z time="2020-05-11T16:00:06.933573304Z" level=warning msg="could not use snapshotter zfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" 342020-05-11T16:00:06.933952879Z time="2020-05-11T16:00:06.933580644Z" level=warning msg="could not use snapshotter btrfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter" 352020-05-11T16:00:06.933956615Z time="2020-05-11T16:00:06.933586160Z" level=warning msg="could not use snapshotter aufs in metadata plugin" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1" 362020-05-11T16:00:06.946304904Z time="2020-05-11T16:00:06.943017942Z" level=info msg="loading plugin "io.containerd.differ.v1.walking"..." type=io.containerd.differ.v1 372020-05-11T16:00:06.946331978Z time="2020-05-11T16:00:06.943048532Z" level=info msg="loading plugin "io.containerd.gc.v1.scheduler"..." type=io.containerd.gc.v1 382020-05-11T16:00:06.946336263Z time="2020-05-11T16:00:06.943075247Z" level=info msg="loading plugin "io.containerd.service.v1.containers-service"..." type=io.containerd.service.v1 392020-05-11T16:00:06.946340218Z time="2020-05-11T16:00:06.943088593Z" level=info msg="loading plugin "io.containerd.service.v1.content-service"..." type=io.containerd.service.v1 402020-05-11T16:00:06.946343644Z time="2020-05-11T16:00:06.943099068Z" level=info msg="loading plugin "io.containerd.service.v1.diff-service"..." type=io.containerd.service.v1 412020-05-11T16:00:06.946347145Z time="2020-05-11T16:00:06.943109858Z" level=info msg="loading plugin "io.containerd.service.v1.images-service"..." type=io.containerd.service.v1 422020-05-11T16:00:06.946350500Z time="2020-05-11T16:00:06.943121204Z" level=info msg="loading plugin "io.containerd.service.v1.leases-service"..." type=io.containerd.service.v1 432020-05-11T16:00:06.946353746Z time="2020-05-11T16:00:06.943131938Z" level=info msg="loading plugin "io.containerd.service.v1.namespaces-service"..." type=io.containerd.service.v1 442020-05-11T16:00:06.946357024Z time="2020-05-11T16:00:06.943142494Z" level=info msg="loading plugin "io.containerd.service.v1.snapshots-service"..." type=io.containerd.service.v1 452020-05-11T16:00:06.946360165Z time="2020-05-11T16:00:06.943154903Z" level=info msg="loading plugin "io.containerd.runtime.v1.linux"..." type=io.containerd.runtime.v1 462020-05-11T16:00:06.946363357Z time="2020-05-11T16:00:06.943370081Z" level=info msg="loading plugin "io.containerd.runtime.v2.task"..." type=io.containerd.runtime.v2 472020-05-11T16:00:06.946367645Z time="2020-05-11T16:00:06.943469146Z" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." type=io.containerd.monitor.v1 482020-05-11T16:00:06.946370910Z time="2020-05-11T16:00:06.943793026Z" level=info msg="loading plugin "io.containerd.service.v1.tasks-service"..." type=io.containerd.service.v1 492020-05-11T16:00:06.946374238Z time="2020-05-11T16:00:06.943819518Z" level=info msg="loading plugin "io.containerd.internal.v1.restart"..." type=io.containerd.internal.v1 502020-05-11T16:00:06.946393596Z time="2020-05-11T16:00:06.943854476Z" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." type=io.containerd.grpc.v1 512020-05-11T16:00:06.946397322Z time="2020-05-11T16:00:06.943866481Z" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." type=io.containerd.grpc.v1 522020-05-11T16:00:06.946400612Z time="2020-05-11T16:00:06.943876574Z" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." type=io.containerd.grpc.v1 532020-05-11T16:00:06.946403702Z time="2020-05-11T16:00:06.943899858Z" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." type=io.containerd.grpc.v1 542020-05-11T16:00:06.946406794Z time="2020-05-11T16:00:06.943909908Z" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." type=io.containerd.grpc.v1 552020-05-11T16:00:06.946409931Z time="2020-05-11T16:00:06.943919554Z" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." type=io.containerd.grpc.v1 562020-05-11T16:00:06.946413086Z time="2020-05-11T16:00:06.943928745Z" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." type=io.containerd.grpc.v1 572020-05-11T16:00:06.946416151Z time="2020-05-11T16:00:06.943938086Z" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." type=io.containerd.grpc.v1 582020-05-11T16:00:06.946419265Z time="2020-05-11T16:00:06.943949379Z" level=info msg="loading plugin "io.containerd.internal.v1.opt"..." type=io.containerd.internal.v1 592020-05-11T16:00:06.946422411Z time="2020-05-11T16:00:06.944199407Z" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." type=io.containerd.grpc.v1 602020-05-11T16:00:06.946425588Z time="2020-05-11T16:00:06.944215238Z" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." type=io.containerd.grpc.v1 612020-05-11T16:00:06.946428670Z time="2020-05-11T16:00:06.944226929Z" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." type=io.containerd.grpc.v1 622020-05-11T16:00:06.946431765Z time="2020-05-11T16:00:06.944238184Z" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1 632020-05-11T16:00:06.946434968Z time="2020-05-11T16:00:06.944464566Z" level=info msg=serving... address="/var/run/docker/containerd/containerd-debug.sock" 642020-05-11T16:00:06.946438204Z time="2020-05-11T16:00:06.944532135Z" level=info msg=serving... address="/var/run/docker/containerd/containerd.sock" 652020-05-11T16:00:06.946441278Z time="2020-05-11T16:00:06.944541263Z" level=info msg="containerd successfully booted in 0.025783s" 662020-05-11T16:00:06.971353691Z time="2020-05-11T16:00:06.969095433Z" level=info msg="Setting the storage driver from the $DOCKER_DRIVER environment variable (overlay2)"672020-05-11T16:00:06.971370031Z time="2020-05-11T16:00:06.969343342Z" level=info msg="parsed scheme: \"unix\"" module=grpc682020-05-11T16:00:06.971374089Z time="2020-05-11T16:00:06.969357751Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc692020-05-11T16:00:06.971385283Z time="2020-05-11T16:00:06.969374064Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc702020-05-11T16:00:06.971393599Z time="2020-05-11T16:00:06.969383204Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc712020-05-11T16:00:06.973257328Z time="2020-05-11T16:00:06.971168012Z" level=info msg="parsed scheme: \"unix\"" module=grpc722020-05-11T16:00:06.973272579Z time="2020-05-11T16:00:06.972219986Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc732020-05-11T16:00:06.973276466Z time="2020-05-11T16:00:06.972240450Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 <nil>}] <nil>}" module=grpc742020-05-11T16:00:06.973280734Z time="2020-05-11T16:00:06.972250741Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc752020-05-11T16:00:07.034771136Z time="2020-05-11T16:00:07.033297235Z" level=info msg="Loading containers: start."762020-05-11T16:00:07.064292464Z time="2020-05-11T16:00:07.064018812Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: ip: can't find device 'bridge'\nbridge 167936 1 br_netfilter\nstp 16384 1 bridge\nllc 16384 2 bridge,stp\nip: can't find device 'br_netfilter'\nbr_netfilter 24576 0 \nbridge 167936 1 br_netfilter\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1"772020-05-11T16:00:07.184548592Z time="2020-05-11T16:00:07.175880708Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.18.0.0/16. Daemon option --bip can be used to set a preferred IP address"782020-05-11T16:00:07.260301264Z time="2020-05-11T16:00:07.259118295Z" level=info msg="Loading containers: done."792020-05-11T16:00:07.284050550Z time="2020-05-11T16:00:07.283619176Z" level=info msg="Docker daemon" commit=afacb8b7f0 graphdriver(s)=overlay2 version=19.03.8802020-05-11T16:00:07.284109116Z time="2020-05-11T16:00:07.283771189Z" level=info msg="Daemon has completed initialization"812020-05-11T16:00:07.320382311Z time="2020-05-11T16:00:07.320076236Z" level=info msg="API listen on [::]:2375"822020-05-11T16:00:07.320411570Z time="2020-05-11T16:00:07.320159550Z" level=info msg="API listen on /var/run/docker.sock"83*********84Pulling docker image docker:stable ...85Using docker image sha256:5cfd4d13e0a8e4b9681447772c9df4864ac5d935abced4535f2ff670a73f2939 for docker:stable ...87Running on runner-fa6cab46-project-4422333-concurrent-0 via runner-fa6cab46-stg-srm-1589212744-0bb874df...89$ eval "$CI_PRE_CLONE_SCRIPT"90Fetching changes with git depth set to 50...91Initialized empty Git repository in /builds/gitlab-org/monitor/monitor-sandbox/.git/92Created fresh repository.94 * [new ref] refs/pipelines/12771359 -> refs/pipelines/1277135995 * [new branch] master -> origin/master96Checking out f7838a70 as master...97Skipping Git submodules setup101$ if ! docker info &>/dev/null; then # collapsed multi-line command102$ function propagate_env_vars() { # collapsed multi-line command103$ docker run \ # collapsed multi-line command104Unable to find image 'registry.gitlab.com/gitlab-org/security-products/dependency-scanning:2' locally1052: Pulling from gitlab-org/security-products/dependency-scanning106ce82f9486b57: Pulling fs layer107ce82f9486b57: Verifying Checksum108ce82f9486b57: Download complete109ce82f9486b57: Pull complete110Digest: sha256:29914ecaaa6a0387b7d0a679a6f5ee1cbe28211c3279cbdfaef6e1ace4b41516111Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/dependency-scanning:21122020/05/11 16:00:49 Copy project directory to containers1132020/05/11 16:00:49 [bundler-audit] Detect project using plugin1142020/05/11 16:00:49 [bundler-audit] Project not compatible1152020/05/11 16:00:49 [retire.js] Detect project using plugin1162020/05/11 16:00:49 [retire.js] Project is compatible1172020/05/11 16:00:49 [retire.js] Downloading analyzer...118.............................................................1192020/05/11 16:00:59 [retire.js] Starting analyzer...120Found project in /tmp/app121Using python 3122Installing dependencies...123added 159 packages from 617 contributors and audited 303 packages in 5.929s124found 9 vulnerabilities (2 low, 1 moderate, 6 high)125 run `npm audit fix` to fix them, or `npm audit` for details1262020/05/11 16:01:14 [gemnasium] Detect project using plugin1272020/05/11 16:01:14 [gemnasium] Project is compatible1282020/05/11 16:01:14 [gemnasium] Downloading analyzer...129.....................2020/05/11 16:01:19 [gemnasium] Starting analyzer...130.131Found project in /tmp/app132Fetching origin134 c54314cf..0eb3a3e9 master -> origin/master135 * [new branch] adbcurate/gem_doorkeeper_CVE_2020_10187_yml -> origin/adbcurate/gem_doorkeeper_CVE_2020_10187_yml136 * [new branch] adbcurate/go_gopkg_in_macaron_v1_CVE_2020_12666_yml -> origin/adbcurate/go_gopkg_in_macaron_v1_CVE_2020_12666_yml137 * [new branch] adbcurate/maven_org_apache_syncope_syncope_CVE_2020_1959_yml -> origin/adbcurate/maven_org_apache_syncope_syncope_CVE_2020_1959_yml138 * [new branch] adbcurate/maven_org_jenkins_ci_plugins_ec2_CVE_2020_2186_yml -> origin/adbcurate/maven_org_jenkins_ci_plugins_ec2_CVE_2020_2186_yml139 * [new branch] adbcurate/maven_org_tensorflow_parentpom_CVE_2018_21233_yml -> origin/adbcurate/maven_org_tensorflow_parentpom_CVE_2018_21233_yml140 * [new branch] adbcurate/packagist_dolibarr_dolibarr_CVE_2020_12669_yml -> origin/adbcurate/packagist_dolibarr_dolibarr_CVE_2020_12669_yml141 * [new branch] adbcurate/packagist_nilsteampassnet_teampass_CVE_2020_11671_yml -> origin/adbcurate/packagist_nilsteampassnet_teampass_CVE_2020_11671_yml142 * [new branch] adbcurate/pypi_tensorflow_CVE_2018_21233_yml -> origin/adbcurate/pypi_tensorflow_CVE_2018_21233_yml143 * [new tag] v1.0.0 -> v1.0.0144 * [new tag] v1.0.47 -> v1.0.47145 * [new tag] v1.0.48 -> v1.0.48146 * [new tag] version_latest -> version_latest147 * [new tag] v1.0.1 -> v1.0.1148 * [new tag] v1.0.10 -> v1.0.10149 * [new tag] v1.0.11 -> v1.0.11150 * [new tag] v1.0.12 -> v1.0.12151 * [new tag] v1.0.13 -> v1.0.13152 * [new tag] v1.0.14 -> v1.0.14153 * [new tag] v1.0.15 -> v1.0.15154 * [new tag] v1.0.16 -> v1.0.16155 * [new tag] v1.0.17 -> v1.0.17156 * [new tag] v1.0.18 -> v1.0.18157 * [new tag] v1.0.19 -> v1.0.19158 * [new tag] v1.0.2 -> v1.0.2159 * [new tag] v1.0.20 -> v1.0.20160 * [new tag] v1.0.21 -> v1.0.21161 * [new tag] v1.0.22 -> v1.0.22162 * [new tag] v1.0.23 -> v1.0.23163 * [new tag] v1.0.24 -> v1.0.24164 * [new tag] v1.0.25 -> v1.0.25165 * [new tag] v1.0.26 -> v1.0.26166 * [new tag] v1.0.27 -> v1.0.27167 * [new tag] v1.0.28 -> v1.0.28168 * [new tag] v1.0.29 -> v1.0.29169 * [new tag] v1.0.3 -> v1.0.3170 * [new tag] v1.0.30 -> v1.0.30171 * [new tag] v1.0.31 -> v1.0.31172 * [new tag] v1.0.32 -> v1.0.32173 * [new tag] v1.0.33 -> v1.0.33174 * [new tag] v1.0.34 -> v1.0.34175 * [new tag] v1.0.35 -> v1.0.35176 * [new tag] v1.0.36 -> v1.0.36177 * [new tag] v1.0.37 -> v1.0.37178 * [new tag] v1.0.38 -> v1.0.38179 * [new tag] v1.0.39 -> v1.0.39180 * [new tag] v1.0.4 -> v1.0.4181 * [new tag] v1.0.40 -> v1.0.40182 * [new tag] v1.0.41 -> v1.0.41183 * [new tag] v1.0.42 -> v1.0.42184 * [new tag] v1.0.43 -> v1.0.43185 * [new tag] v1.0.44 -> v1.0.44186 * [new tag] v1.0.45 -> v1.0.45187 * [new tag] v1.0.46 -> v1.0.46188 * [new tag] v1.0.5 -> v1.0.5189 * [new tag] v1.0.6 -> v1.0.6190 * [new tag] v1.0.7 -> v1.0.7191 * [new tag] v1.0.8 -> v1.0.8192 * [new tag] v1.0.9 -> v1.0.9193Already on 'master'194Your branch is behind 'origin/master' by 129 commits, and can be fast-forwarded.195 (use "git pull" to update your local branch)1962020/05/11 16:01:23 Cannot auto-remediate dependency file, not supported: package-lock.json1972020/05/11 16:01:23 [gemnasium-maven] Detect project using plugin1982020/05/11 16:01:23 [gemnasium-maven] Project not compatible1992020/05/11 16:01:23 [gemnasium-python] Detect project using plugin2002020/05/11 16:01:23 [gemnasium-python] Project not compatible201+----------------------------------------------------------------------------------------+202| Severity | Tool | Identifier |203+----------------------------------------------------------------------------------------+204| Critical | Gemnasium | CVE-2019-10744 |205| |206| Improper Input Validation in lodash |207| Solution: Upgrade to version 4.17.12 or above. |208| In package-lock.json |209+----------------------------------------------------------------------------------------+210| Critical | Gemnasium | CVE-2018-16487 |211| |212| Uncontrolled Resource Consumption in lodash |213| Solution: Upgrade to version 4.17.11 or above. |214| In package-lock.json |215+----------------------------------------------------------------------------------------+216| Critical | Gemnasium | CVE-2020-7598 |217| |218| Improper Input Validation in minimist |219| Solution: Upgrade to version 1.2.2 or above. |220| In package-lock.json |221+----------------------------------------------------------------------------------------+222| Critical | Gemnasium | CVE-2019-5413 |223| |224| Command Injection in morgan |225| Solution: Upgrade to version 1.9.1 or above. |226| In package-lock.json |227+----------------------------------------------------------------------------------------+228| High | Gemnasium | CVE-2019-20149 |229| |230| Type checking vulnerability in kind-of |231| Solution: Upgrade to version 6.0.3 or above. |232| In package-lock.json |233+----------------------------------------------------------------------------------------+234| Medium | Gemnasium | CVE-2019-1010266 |235| |236| Uncontrolled Resource Consumption in lodash |237| Solution: Upgrade to version 4.17.11 or above. |238| In package-lock.json |239+----------------------------------------------------------------------------------------+240| Medium | Retire.js | |241| |242| Code Injection in morgan |243| In package.json |244+----------------------------------------------------------------------------------------+245| Low | Retire.js | |246| |247| Prototype pollution attack in lodash |248| In package.json |249+----------------------------------------------------------------------------------------+253Uploading artifacts...254gl-dependency-scanning-report.json: found 1 matching files 255Uploading artifacts to coordinator... ok id=37208310 responseStatus=201 Created token=SiMad5ZP256Job succeeded