snyk-container-test ○ success
⏱
Duration: 1m 2s
⏳
Queued: 1s
📁
Stage: test
🖥
Runner: linux-aws-1
Average Duration
52s
This job: 1m 2s
Failure Rate
0.0%
last 30 days
External Links
▶
Job Execution Phases
💡 Tip: Click on any phase bar to jump to that section in the log below
▶
Job Analysis
Job Status: Passed
Status: Job passed successfully
▶
Full Job Log
147 lines
Match - of 0
1
14:27:36
Running with gitlab-runner 18.5.0 (bda84871)
2
14:27:36
on gitlab-runner-linux-1-86d76d468c-d4585 wRxjPbsJX, system ID: r_J8j67beySAjl
3
14:27:36
feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_SCRIPT_SECTIONS:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_TIMESTAMPS:true, FF_GIT_URLS_WITHOUT_TOKENS:true
4
14:27:36
Resolving secrets
5
14:27:36
section_start:1765290456:prepare_executor
6
14:27:36
+Preparing the "kubernetes" executor
7
14:27:36
Using Kubernetes namespace: gitlab-runner
8
14:27:36
Using Kubernetes executor with image registry.scandit.com/dockerfiles/snyk:ubuntu@sha256:b25007848b15bc7878e7301e1bb55c3df623f778624b9dba2a481c7871c6db6c ...
9
14:27:36
Using attach strategy to execute scripts...
10
14:27:36
Using effective pull policy of [Always] for container build
11
14:27:36
Using effective pull policy of [Always] for container helper
12
14:27:36
Using effective pull policy of [Always] for container init-permissions
13
14:27:36
section_end:1765290456:prepare_executor
14
14:27:36
+section_start:1765290456:prepare_script
15
14:27:36
+Preparing environment
16
14:27:36
Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...
17
14:27:36
WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...
18
14:27:36
Subscribing to Kubernetes Pod events...
19
14:27:37
Type Reason Message
20
14:27:37
Normal Scheduled Successfully assigned gitlab-runner/runner-wrxjpbsjx-project-621-concurrent-2-sjigrkuj to ip-10-0-18-218.eu-central-1.compute.internal
21
14:27:38
Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.5.0" already present on machine
22
14:27:38
Normal Created Created container: init-permissions
23
14:27:38
Normal Started Started container init-permissions
24
14:27:55
Normal Pulling Pulling image "498954711405.dkr.ecr.eu-central-1.amazonaws.com/dockerfiles/snyk@sha256:b25007848b15bc7878e7301e1bb55c3df623f778624b9dba2a481c7871c6db6c"
25
14:28:03
Normal Pulled Successfully pulled image "498954711405.dkr.ecr.eu-central-1.amazonaws.com/dockerfiles/snyk@sha256:b25007848b15bc7878e7301e1bb55c3df623f778624b9dba2a481c7871c6db6c" in 8.073s (8.073s including waiting). Image size: 120667410 bytes.
26
14:28:04
Normal Created Created container: build
27
14:28:04
Normal Started Started container build
28
14:28:04
Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.5.0" already present on machine
29
14:28:04
Normal Created Created container: helper
30
14:28:04
Normal Started Started container helper
31
14:28:07
Running on runner-wrxjpbsjx-project-621-concurrent-2-sjigrkuj via gitlab-runner-linux-1-86d76d468c-d4585...
32
14:28:07
33
14:28:07
section_end:1765290487:prepare_script
34
14:28:07
+section_start:1765290487:get_sources
35
14:28:07
+Getting source from Git repository
36
14:28:08
Gitaly correlation ID: 01KC1R5CMFZYBQAFJKFJZQG7F5
37
14:28:08
Fetching changes with git depth set to 50...
38
14:28:08
Initialized empty Git repository in /build/internal/gitlab-templates/.git/
39
14:28:08
Created fresh repository.
40
14:28:09
Checking out 940006cc as detached HEAD (ref is refs/merge-requests/507/merge)...
41
14:28:09
42
14:28:09
Skipping Git submodules setup
43
14:28:09
44
14:28:09
section_end:1765290489:get_sources
45
14:28:09
+section_start:1765290489:step_script
46
14:28:09
+Executing "step_script" stage of the job script
47
14:28:09
section_start:1765290489:section_pre_build_script_0[hide_duration=true,collapsed=true]
$ function cleanup {
48
14:28:09
rv=$?
49
14:28:09
if [ $rv -ne 0 ]; then
50
14:28:09
echo ""
51
14:28:09
echo " Failure Cause Analysis might help, please open this link:"
52
14:28:09
echo " https://failure-cause-analysis.zrh.int.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"
53
14:28:09
echo ""
54
14:28:09
fi
55
14:28:09
echo ""
56
14:28:09
echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"
57
14:28:09
echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"
58
14:28:09
echo ""
59
14:28:09
exit $rv
60
14:28:09
}
61
14:28:09
trap cleanup EXIT
62
14:28:09
echo "INFO: This is the CI job pre_build_script"
63
14:28:09
echo "INFO: It's defined in the backend/infra/aws repo."
64
14:28:09
echo "INFO: These additional Scandit variables are available to you:"
65
14:28:09
echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"
66
14:28:09
echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"
67
14:28:09
echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"
68
14:28:09
if command -v numfmt >/dev/null 2>&1; then
69
14:28:09
echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"
70
14:28:09
else
71
14:28:09
echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"
72
14:28:09
fi
73
14:28:09
__start_time=${EPOCHSECONDS}
74
14:28:09
echo ""
75
14:28:09
echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"
76
14:28:09
echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"
77
14:28:09
echo ""
78
14:28:09
echo "Setting up credentials for Gitlab Python registries"
79
14:28:09
mkdir -p ~
80
14:28:09
echo "machine gitlab.scandit.com" > ~/.netrc
81
14:28:09
echo "login gitlab-ci-token" >> ~/.netrc
82
14:28:09
echo "password ${CI_JOB_TOKEN}" >> ~/.netrc
83
14:28:09
chmod 600 ~/.netrc
84
14:28:09
if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then
85
14:28:09
git config --global --add safe.directory $CI_PROJECT_DIR
86
14:28:09
fi
87
14:28:09
# Sonarqube server is running on the same cluster. Use internal address
88
14:28:09
export SONAR_HOST_URL="http://sonarqube.sonarqube.svc.cluster.local:9000"
89
14:28:09
section_end:1765290489:section_pre_build_script_0
90
14:28:09
INFO: This is the CI job pre_build_script
91
14:28:09
INFO: It's defined in the backend/infra/aws repo.
92
14:28:09
INFO: These additional Scandit variables are available to you:
93
14:28:09
SC_K8S_NODE_NAME: ip-10-0-18-218.eu-central-1.compute.internal
94
14:28:09
SC_K8S_IMAGE_ID:
95
14:28:09
cpu (r/l): 1/4
96
14:28:09
memory (r/l): 1.0GB/16GB
97
14:28:09
98
14:28:09
Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-18-218.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-2-sjigrkuj&var-resolution=15&from=1765290489000&to=now
99
14:28:09
Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-18-218.eu-central-1.compute.internal&var-resolution=15s&from=1765290489000&to=now
100
14:28:09
101
14:28:09
Setting up credentials for Gitlab Python registries
102
14:28:09
$ test -n "${SNYK_TOKEN}" || (echo "No SNYK_TOKEN defined. You have to provide a valid token for accessing Snyk."; false)
103
14:28:09
$ test -n "${IMAGE_URL}" || (echo "No IMAGE_URL defined. You have to provide a valid image for container scanner."; false)
104
14:28:09
$ echo "This job scans the given image for known vulnerabilities and outputs the result in the console."
105
14:28:09
This job scans the given image for known vulnerabilities and outputs the result in the console.
106
14:28:09
$ echo "Running 'snyk container test' on image $IMAGE_URL."
107
14:28:09
Running 'snyk container test' on image registry.scandit.com/internal/gitlab-templates/python:3.12-MR507.
108
14:28:09
$ snyk container test ${IMAGE_URL} --file=${DOCKERFILE_PATH} --exclude-base-image-vulns --exclude-app-vulns --policy-path=${SNYK_POLICY_PATH} --org=${SNYK_ORG} --json-file-output=${OUTPUT_FILE} ${SNYK_EXTRA_PARAMETERS}
109
14:28:35
110
14:28:35
Testing registry.scandit.com/internal/gitlab-templates/python:3.12-MR507...
111
14:28:35
112
14:28:35
Organization: scandit-internal
113
14:28:35
Package manager: deb
114
14:28:35
Target file: Dockerfile.python-3
115
14:28:35
Project name: docker-image|registry.scandit.com/internal/gitlab-templates/python
116
14:28:35
Docker image: registry.scandit.com/internal/gitlab-templates/python:3.12-MR507
117
14:28:35
Platform: linux/amd64
118
14:28:35
Target OS: Debian GNU/Linux 12 (bookworm)
119
14:28:35
Base image: python:3.12-bookworm
120
14:28:35
Licenses: enabled
121
14:28:35
122
14:28:35
✔ Tested 429 dependencies for known issues, no vulnerable paths found.
123
14:28:35
124
14:28:35
125
14:28:35
126
14:28:35
Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-18-218.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-2-sjigrkuj&var-resolution=15&from=1765290489000&to=1765290515000
127
14:28:35
Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-18-218.eu-central-1.compute.internal&var-resolution=15s&from=1765290489000&to=1765290515000
128
14:28:35
129
14:28:35
130
14:28:35
section_end:1765290515:step_script
131
14:28:35
+section_start:1765290515:upload_artifacts_on_success
132
14:28:35
+Uploading artifacts for successful job
133
14:28:36
Uploading artifacts...
134
14:28:36
snyk-container-test.json: found 1 matching artifact files and directories
135
14:28:36
Uploading artifacts as "archive" to coordinator... 201 Created correlation_id=01KC1R77S0NNT1M22SKFG0T29A id=46308204 responseStatus=201 Created token=64_pgG_di
136
14:28:36
Uploading artifacts...
137
14:28:36
snyk-container-test.json: found 1 matching artifact files and directories
138
14:28:37
Uploading artifacts as "container_scanning" to coordinator... 201 Created correlation_id=01KC1R783SA6HY8F8RGQFBDFVA id=46308204 responseStatus=201 Created token=64_pgG_di
139
14:28:37
140
14:28:37
section_end:1765290517:upload_artifacts_on_success
141
14:28:37
+section_start:1765290517:cleanup_file_variables
142
14:28:37
+Cleaning up project directory and file based variables
143
14:28:37
144
14:28:37
section_end:1765290517:cleanup_file_variables
145
14:28:37
+
146
14:28:37
Job succeeded
147