snyk-container-test ○ success
⏱
Duration: 1m 17s
⏳
Queued: 2s
📁
Stage: test
🖥
Runner: linux-aws-1
Average Duration
52s
This job: 1m 17s
Failure Rate
0.0%
last 30 days
External Links
▶
Job Execution Phases
💡 Tip: Click on any phase bar to jump to that section in the log below
▶
Job Analysis
Job Status: Passed
Status: Job passed successfully
▶
Full Job Log
169 lines
Match - of 0
1
22:38:25
Running with gitlab-runner 18.9.0 (07e534ba)
2
22:38:25
on gitlab-runner-linux-1-746bdd58fd-8bbzm wRxjPbsJX, system ID: r_DxKhvxXkpe6K
3
22:38:25
feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_USE_DYNAMIC_TRACE_FORCE_SEND_INTERVAL:true, FF_SCRIPT_SECTIONS:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_GIT_URLS_WITHOUT_TOKENS:true, FF_WAIT_FOR_POD_TO_BE_REACHABLE:true, FF_USE_FLEETING_ACQUIRE_HEARTBEATS:true, FF_USE_JOB_ROUTER:true
4
22:38:25
Resolving secrets
5
22:38:25
section_start:1778020705:prepare_executor
6
22:38:25
+Preparing the "kubernetes" executor
7
22:38:25
Using Kubernetes namespace: gitlab-runner
8
22:38:25
Using Kubernetes executor with image registry.scandit.com/dockerfiles/snyk:ubuntu@sha256:c488e3de6b1d5adc01d19a85bd9753c1a3ae142e5e13d97e0bdb4d6659dfd958 ...
9
22:38:25
Using attach strategy to execute scripts...
10
22:38:25
Using effective pull policy of [Always] for container build
11
22:38:25
Using effective pull policy of [Always] for container helper
12
22:38:25
Using effective pull policy of [Always] for container init-permissions
13
22:38:25
section_end:1778020705:prepare_executor
14
22:38:25
+section_start:1778020705:prepare_script
15
22:38:25
+Preparing environment
16
22:38:25
Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...
17
22:38:25
WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...
18
22:38:26
Subscribing to Kubernetes Pod events...
19
22:38:26
Type Reason Message
20
22:38:26
Warning FailedScheduling 0/31 nodes are available: 1 node(s) had untolerated taint {scandit.io/clickhouse: production}, 1 node(s) had untolerated taint {scandit.io/clickhouse: staging}, 1 node(s) had untolerated taint {scandit.io/sonarqube: dedicated}, 21 node(s) didn't match Pod's node affinity/selector, 7 Insufficient cpu. preemption: 0/31 nodes are available: 24 Preemption is not helpful for scheduling, 7 No preemption victims found for incoming pod.
21
22:38:28
Warning FailedScheduling 0/31 nodes are available: 1 node(s) had untolerated taint {scandit.io/clickhouse: production}, 1 node(s) had untolerated taint {scandit.io/clickhouse: staging}, 1 node(s) had untolerated taint {scandit.io/sonarqube: dedicated}, 21 node(s) didn't match Pod's node affinity/selector, 7 Insufficient cpu. preemption: 0/31 nodes are available: 24 Preemption is not helpful for scheduling, 7 No preemption victims found for incoming pod.
22
22:38:28
Warning FailedScheduling 0/31 nodes are available: 1 node(s) had untolerated taint {scandit.io/clickhouse: production}, 1 node(s) had untolerated taint {scandit.io/clickhouse: staging}, 1 node(s) had untolerated taint {scandit.io/sonarqube: dedicated}, 21 node(s) didn't match Pod's node affinity/selector, 7 Insufficient cpu. preemption: 0/31 nodes are available: 24 Preemption is not helpful for scheduling, 7 No preemption victims found for incoming pod.
23
22:38:28
Warning FailedScheduling 0/31 nodes are available: 1 node(s) had untolerated taint {scandit.io/clickhouse: production}, 1 node(s) had untolerated taint {scandit.io/clickhouse: staging}, 1 node(s) had untolerated taint {scandit.io/sonarqube: dedicated}, 21 node(s) didn't match Pod's node affinity/selector, 7 Insufficient cpu. preemption: 0/31 nodes are available: 24 Preemption is not helpful for scheduling, 7 No preemption victims found for incoming pod.
24
22:38:28
Normal Scheduled Successfully assigned gitlab-runner/runner-wrxjpbsjx-project-621-concurrent-7-3ap4thc2 to ip-10-0-27-85.eu-central-1.compute.internal
25
22:38:35
Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine
26
22:38:41
Normal Created Created container: init-permissions
27
22:38:43
Normal Started Started container init-permissions
28
22:39:01
Normal Pulled Container image "498954711405.dkr.ecr.eu-central-1.amazonaws.com/dockerfiles/snyk@sha256:c488e3de6b1d5adc01d19a85bd9753c1a3ae142e5e13d97e0bdb4d6659dfd958" already present on machine
29
22:39:03
Normal Created Created container: build
30
22:39:03
Normal Started Started container build
31
22:39:03
Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine
32
22:39:05
Normal Created Created container: helper
33
22:39:06
Normal Started Started container helper
34
22:39:08
Running on runner-wrxjpbsjx-project-621-concurrent-7-3ap4thc2 via gitlab-runner-linux-1-746bdd58fd-8bbzm...
35
22:39:08
36
22:39:08
section_end:1778020748:prepare_script
37
22:39:08
+section_start:1778020748:get_sources
38
22:39:08
+Getting source from Git repository
39
22:39:09
Gitaly correlation ID: 01KQX4NRV2J6WJCZNPSJ9EZK5V
40
22:39:09
Fetching changes with git depth set to 50...
41
22:39:09
Initialized empty Git repository in /build/internal/gitlab-templates/.git/
42
22:39:09
Created fresh repository.
43
22:39:10
Checking out 22f5b5c3 as detached HEAD (ref is refs/merge-requests/639/merge)...
44
22:39:11
45
22:39:11
Skipping Git submodules setup
46
22:39:11
47
22:39:11
section_end:1778020751:get_sources
48
22:39:11
+section_start:1778020751:step_script
49
22:39:11
+Executing "step_script" stage of the job script
50
22:39:11
section_start:1778020751:section_pre_build_script_0[hide_duration=true,collapsed=true]
$ function cleanup {
51
22:39:11
rv=$?
52
22:39:11
if [ $rv -ne 0 ]; then
53
22:39:11
echo ""
54
22:39:11
echo " Failure Cause Analysis might help, please open this link:"
55
22:39:11
echo " https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"
56
22:39:11
echo ""
57
22:39:11
fi
58
22:39:11
echo ""
59
22:39:11
echo "Scout Analysis: https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"
60
22:39:11
echo ""
61
22:39:11
echo ""
62
22:39:11
echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"
63
22:39:11
echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"
64
22:39:11
echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=${EPOCHSECONDS}000"
65
22:39:11
echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"
66
22:39:11
echo ""
67
22:39:11
exit $rv
68
22:39:11
}
69
22:39:11
trap cleanup EXIT
70
22:39:11
echo "INFO: This is the CI job pre_build_script"
71
22:39:11
echo "INFO: It's defined in the backend/infra/aws repo."
72
22:39:11
echo "INFO: These additional Scandit variables are available to you:"
73
22:39:11
echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"
74
22:39:11
echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"
75
22:39:11
echo " SC_K8S_KYVERNO_PATCHES: |"
76
22:39:11
echo "$SC_K8S_KYVERNO_PATCHES" | sed 's/^/ /'
77
22:39:11
echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"
78
22:39:11
if command -v numfmt >/dev/null 2>&1; then
79
22:39:11
echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"
80
22:39:11
else
81
22:39:11
echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"
82
22:39:11
fi
83
22:39:11
__start_time=${EPOCHSECONDS}
84
22:39:11
echo ""
85
22:39:11
echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"
86
22:39:11
echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"
87
22:39:11
echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=now"
88
22:39:11
echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"
89
22:39:11
echo ""
90
22:39:11
echo "Setting up credentials for Gitlab Python registries"
91
22:39:11
mkdir -p ~
92
22:39:11
echo "machine gitlab.scandit.com" > ~/.netrc
93
22:39:11
echo "login gitlab-ci-token" >> ~/.netrc
94
22:39:11
echo "password ${CI_JOB_TOKEN}" >> ~/.netrc
95
22:39:11
chmod 600 ~/.netrc
96
22:39:11
if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then
97
22:39:11
git config --global --add safe.directory $CI_PROJECT_DIR
98
22:39:11
fi
99
22:39:11
# Sonarqube server is running on the same cluster. Use internal address
100
22:39:11
export SONAR_HOST_URL="http://sonarqube.sonarqube.svc.cluster.local:9000"
101
22:39:11
section_end:1778020751:section_pre_build_script_0
102
22:39:11
INFO: This is the CI job pre_build_script
103
22:39:11
INFO: It's defined in the backend/infra/aws repo.
104
22:39:11
INFO: These additional Scandit variables are available to you:
105
22:39:11
SC_K8S_NODE_NAME: ip-10-0-27-85.eu-central-1.compute.internal
106
22:39:11
SC_K8S_IMAGE_ID:
107
22:39:11
SC_K8S_KYVERNO_PATCHES: |
108
22:39:11
109
22:39:11
cpu (r/l): 1/4
110
22:39:11
memory (r/l): 1.0GB/16GB
111
22:39:11
112
22:39:11
Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-27-85.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-7-3ap4thc2&var-resolution=15&from=1778020751000&to=now
113
22:39:11
Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-27-85.eu-central-1.compute.internal&var-resolution=15s&from=1778020751000&to=now
114
22:39:11
Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1580356&var-filters=CI_JOB_ID|=|54442895&sortOrder=Ascending&from=1778020751000&to=now
115
22:39:11
Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-28~2026-05-12&job_name=snyk-container-test&project=internal/gitlab-templates
116
22:39:11
117
22:39:11
Setting up credentials for Gitlab Python registries
118
22:39:12
$ test -n "${SNYK_TOKEN}" || (echo "No SNYK_TOKEN defined. You have to provide a valid token for accessing Snyk."; false)
119
22:39:12
$ test -n "${IMAGE_URL}" || (echo "No IMAGE_URL defined. You have to provide a valid image for container scanner."; false)
120
22:39:12
$ echo "This job scans the given image for known vulnerabilities and outputs the result in the console."
121
22:39:12
This job scans the given image for known vulnerabilities and outputs the result in the console.
122
22:39:12
$ echo "Running 'snyk container test' on image $IMAGE_URL."
123
22:39:12
Running 'snyk container test' on image registry.scandit.com/internal/gitlab-templates/python:3.12-MR639.
124
22:39:12
$ snyk container test ${IMAGE_URL} --file=${DOCKERFILE_PATH} --exclude-base-image-vulns --exclude-app-vulns --policy-path=${SNYK_POLICY_PATH} --org=${SNYK_ORG} --json-file-output=${OUTPUT_FILE} ${SNYK_EXTRA_PARAMETERS}
125
22:39:39
126
22:39:39
Testing registry.scandit.com/internal/gitlab-templates/python:3.12-MR639...
127
22:39:39
128
22:39:39
Organization: scandit-internal
129
22:39:39
Package manager: deb
130
22:39:39
Target file: Dockerfile.python-3
131
22:39:39
Project name: docker-image|registry.scandit.com/internal/gitlab-templates/python
132
22:39:39
Docker image: registry.scandit.com/internal/gitlab-templates/python:3.12-MR639
133
22:39:39
Platform: linux/amd64
134
22:39:39
Target OS: Debian GNU/Linux 12 (bookworm)
135
22:39:39
Base image: python:3.12-bookworm
136
22:39:39
Local Snyk policy: found
137
22:39:39
Licenses: enabled
138
22:39:39
139
22:39:39
✔ Tested 429 dependencies for known issues, no vulnerable paths found.
140
22:39:39
141
22:39:39
142
22:39:40
143
22:39:40
Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54442895
144
22:39:40
145
22:39:40
146
22:39:40
Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-27-85.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-7-3ap4thc2&var-resolution=15&from=1778020751000&to=1778020780000
147
22:39:40
Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-27-85.eu-central-1.compute.internal&var-resolution=15s&from=1778020751000&to=1778020780000
148
22:39:40
Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1580356&var-filters=CI_JOB_ID|=|54442895&sortOrder=Ascending&from=1778020751000&to=1778020780000
149
22:39:40
Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-28~2026-05-12&job_name=snyk-container-test&project=internal/gitlab-templates
150
22:39:40
151
22:39:40
152
22:39:40
section_end:1778020780:step_script
153
22:39:40
+section_start:1778020780:upload_artifacts_on_success
154
22:39:40
+Uploading artifacts for successful job
155
22:39:40
Uploading artifacts...
156
22:39:40
snyk-container-test.json: found 1 matching artifact files and directories
157
22:39:41
Uploading artifacts as "archive" to coordinator... 201 Created correlation_id=01KQX4R2RS02HS97T3F99V9Z0G id=54442895 responseStatus=201 Created token=64_BhK-xY
158
22:39:41
Uploading artifacts...
159
22:39:41
snyk-container-test.json: found 1 matching artifact files and directories
160
22:39:41
Uploading artifacts as "container_scanning" to coordinator... 201 Created correlation_id=01KQX4R36KRKKKE29T4NQ1SWSN id=54442895 responseStatus=201 Created token=64_BhK-xY
161
22:39:41
162
22:39:41
section_end:1778020781:upload_artifacts_on_success
163
22:39:41
+section_start:1778020781:cleanup_file_variables
164
22:39:41
+Cleaning up project directory and file based variables
165
22:39:42
166
22:39:42
section_end:1778020782:cleanup_file_variables
167
22:39:42
+
168
22:39:42
Job succeeded
169