snyk-container-test ○ success

Duration: 35s
Queued: 0s
📁 Stage: test
🖥 Runner: linux-aws-1
Back to Pipeline View in GitLab
Average Duration
52s
This job: 35s
Failure Rate
0.0%
last 30 days
External Links
📊 Grafana Pod View 📊 Grafana Node View 📋 Loki Logs 🔍 Lilibet Dashboard

Job Execution Phases

💡 Tip: Click on any phase bar to jump to that section in the log below

Job Analysis

Job Status: Passed

Status: Job passed successfully

Full Job Log

165 lines
Match - of 0
1 10:48:22 Running with gitlab-runner 18.9.0 (07e534ba)
2 10:48:22 on gitlab-runner-linux-1-746bdd58fd-tnh7j wRxjPbsJX, system ID: r_u8Qk6qrlK3xa
3 10:48:22 feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_USE_DYNAMIC_TRACE_FORCE_SEND_INTERVAL:true, FF_SCRIPT_SECTIONS:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_GIT_URLS_WITHOUT_TOKENS:true, FF_WAIT_FOR_POD_TO_BE_REACHABLE:true, FF_USE_FLEETING_ACQUIRE_HEARTBEATS:true, FF_USE_JOB_ROUTER:true
4 10:48:22 Resolving secrets
5 10:48:22 section_start:1778237302:prepare_executor
6 10:48:22 +Preparing the "kubernetes" executor
7 10:48:22 Using Kubernetes namespace: gitlab-runner
8 10:48:22 Using Kubernetes executor with image registry.scandit.com/dockerfiles/snyk:ubuntu@sha256:980f0a2ea9c35afe7e5bee860ec61ff923eaad5dfcfbba0c143ec0f3e342c6f3 ...
9 10:48:22 Using attach strategy to execute scripts...
10 10:48:22 Using effective pull policy of [Always] for container build
11 10:48:22 Using effective pull policy of [Always] for container helper
12 10:48:22 Using effective pull policy of [Always] for container init-permissions
13 10:48:23 section_end:1778237303:prepare_executor
14 10:48:23 +section_start:1778237303:prepare_script
15 10:48:23 +Preparing environment
16 10:48:23 Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...
17 10:48:23 WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...
18 10:48:24 Subscribing to Kubernetes Pod events...
19 10:48:25 Type Reason Message
20 10:48:25 Normal Scheduled Successfully assigned gitlab-runner/runner-wrxjpbsjx-project-621-concurrent-0-527sio5n to ip-10-0-24-10.eu-central-1.compute.internal
21 10:48:25 Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine
22 10:48:25 Normal Created Created container: init-permissions
23 10:48:25 Normal Started Started container init-permissions
24 10:48:25 Normal Pulled Container image "498954711405.dkr.ecr.eu-central-1.amazonaws.com/dockerfiles/snyk@sha256:980f0a2ea9c35afe7e5bee860ec61ff923eaad5dfcfbba0c143ec0f3e342c6f3" already present on machine
25 10:48:25 Normal Created Created container: build
26 10:48:25 Normal Started Started container build
27 10:48:25 Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine
28 10:48:25 Normal Created Created container: helper
29 10:48:25 Normal Started Started container helper
30 10:48:27 Running on runner-wrxjpbsjx-project-621-concurrent-0-527sio5n via gitlab-runner-linux-1-746bdd58fd-tnh7j...
31 10:48:27
32 10:48:27 section_end:1778237307:prepare_script
33 10:48:27 +section_start:1778237307:get_sources
34 10:48:27 +Getting source from Git repository
35 10:48:28 Gitaly correlation ID: 01KR3K7RXG7TQXWWNRWTP61J4X
36 10:48:28 Fetching changes with git depth set to 50...
37 10:48:28 Initialized empty Git repository in /build/internal/gitlab-templates/.git/
38 10:48:28 Created fresh repository.
39 10:48:29 Checking out 6e76a6a0 as detached HEAD (ref is refs/merge-requests/641/merge)...
40 10:48:29
41 10:48:29 Skipping Git submodules setup
42 10:48:29
43 10:48:29 section_end:1778237309:get_sources
44 10:48:29 +section_start:1778237309:step_script
45 10:48:29 +Executing "step_script" stage of the job script
46 10:48:30 section_start:1778237310:section_pre_build_script_0[hide_duration=true,collapsed=true] $ function cleanup {
47 10:48:30 rv=$?
48 10:48:30 if [ $rv -ne 0 ]; then
49 10:48:30 echo ""
50 10:48:30 echo " Failure Cause Analysis might help, please open this link:"
51 10:48:30 echo " https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"
52 10:48:30 echo ""
53 10:48:30 fi
54 10:48:30 echo ""
55 10:48:30 echo "Scout Analysis: https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"
56 10:48:30 echo ""
57 10:48:30 echo ""
58 10:48:30 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"
59 10:48:30 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"
60 10:48:30 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=${EPOCHSECONDS}000"
61 10:48:30 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"
62 10:48:30 echo ""
63 10:48:30 exit $rv
64 10:48:30 }
65 10:48:30 trap cleanup EXIT
66 10:48:30 echo "INFO: This is the CI job pre_build_script"
67 10:48:30 echo "INFO: It's defined in the backend/infra/aws repo."
68 10:48:30 echo "INFO: These additional Scandit variables are available to you:"
69 10:48:30 echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"
70 10:48:30 echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"
71 10:48:30 echo " SC_K8S_KYVERNO_PATCHES: |"
72 10:48:30 echo "$SC_K8S_KYVERNO_PATCHES" | sed 's/^/ /'
73 10:48:30 echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"
74 10:48:30 if command -v numfmt >/dev/null 2>&1; then
75 10:48:30 echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"
76 10:48:30 else
77 10:48:30 echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"
78 10:48:30 fi
79 10:48:30 __start_time=${EPOCHSECONDS}
80 10:48:30 echo ""
81 10:48:30 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"
82 10:48:30 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"
83 10:48:30 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=now"
84 10:48:30 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"
85 10:48:30 echo ""
86 10:48:30 echo "Setting up credentials for Gitlab Python registries"
87 10:48:30 mkdir -p ~
88 10:48:30 echo "machine gitlab.scandit.com" > ~/.netrc
89 10:48:30 echo "login gitlab-ci-token" >> ~/.netrc
90 10:48:30 echo "password ${CI_JOB_TOKEN}" >> ~/.netrc
91 10:48:30 chmod 600 ~/.netrc
92 10:48:30 if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then
93 10:48:30 git config --global --add safe.directory $CI_PROJECT_DIR
94 10:48:30 fi
95 10:48:30 # Sonarqube server is running on the same cluster. Use internal address
96 10:48:30 export SONAR_HOST_URL="http://sonarqube.sonarqube.svc.cluster.local:9000"
97 10:48:30 section_end:1778237310:section_pre_build_script_0
98 10:48:30 INFO: This is the CI job pre_build_script
99 10:48:30 INFO: It's defined in the backend/infra/aws repo.
100 10:48:30 INFO: These additional Scandit variables are available to you:
101 10:48:30 SC_K8S_NODE_NAME: ip-10-0-24-10.eu-central-1.compute.internal
102 10:48:30 SC_K8S_IMAGE_ID:
103 10:48:30 SC_K8S_KYVERNO_PATCHES: |
104 10:48:30
105 10:48:30 cpu (r/l): 1/4
106 10:48:30 memory (r/l): 1.0GB/16GB
107 10:48:30
108 10:48:30 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-24-10.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-0-527sio5n&var-resolution=15&from=1778237310000&to=now
109 10:48:30 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-24-10.eu-central-1.compute.internal&var-resolution=15s&from=1778237310000&to=now
110 10:48:30 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1585539&var-filters=CI_JOB_ID|=|54677920&sortOrder=Ascending&from=1778237310000&to=now
111 10:48:30 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-05-01~2026-05-15&job_name=snyk-container-test&project=internal/gitlab-templates
112 10:48:30
113 10:48:30 Setting up credentials for Gitlab Python registries
114 10:48:30 $ test -n "${SNYK_TOKEN}" || (echo "No SNYK_TOKEN defined. You have to provide a valid token for accessing Snyk."; false)
115 10:48:30 $ test -n "${IMAGE_URL}" || (echo "No IMAGE_URL defined. You have to provide a valid image for container scanner."; false)
116 10:48:30 $ echo "This job scans the given image for known vulnerabilities and outputs the result in the console."
117 10:48:30 This job scans the given image for known vulnerabilities and outputs the result in the console.
118 10:48:30 $ echo "Running 'snyk container test' on image $IMAGE_URL."
119 10:48:30 Running 'snyk container test' on image registry.scandit.com/internal/gitlab-templates/python:3.12-MR641.
120 10:48:30 $ snyk container test ${IMAGE_URL} --file=${DOCKERFILE_PATH} --exclude-base-image-vulns --exclude-app-vulns --policy-path=${SNYK_POLICY_PATH} --org=${SNYK_ORG} --json-file-output=${OUTPUT_FILE} ${SNYK_EXTRA_PARAMETERS}
121 10:48:54
122 10:48:54 Testing registry.scandit.com/internal/gitlab-templates/python:3.12-MR641...
123 10:48:54
124 10:48:54 Organization: scandit-internal
125 10:48:54 Package manager: deb
126 10:48:54 Target file: Dockerfile.python-3
127 10:48:54 Project name: docker-image|registry.scandit.com/internal/gitlab-templates/python
128 10:48:54 Docker image: registry.scandit.com/internal/gitlab-templates/python:3.12-MR641
129 10:48:54 Platform: linux/amd64
130 10:48:54 Target OS: Debian GNU/Linux 12 (bookworm)
131 10:48:54 Base image: python:3.12-bookworm
132 10:48:54 Local Snyk policy: found
133 10:48:54 Licenses: enabled
134 10:48:54
135 10:48:54 ✔ Tested 429 dependencies for known issues, no vulnerable paths found.
136 10:48:54
137 10:48:54
138 10:48:55
139 10:48:55 Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54677920
140 10:48:55
141 10:48:55
142 10:48:55 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-24-10.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-0-527sio5n&var-resolution=15&from=1778237310000&to=1778237335000
143 10:48:55 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-24-10.eu-central-1.compute.internal&var-resolution=15s&from=1778237310000&to=1778237335000
144 10:48:55 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1585539&var-filters=CI_JOB_ID|=|54677920&sortOrder=Ascending&from=1778237310000&to=1778237335000
145 10:48:55 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-05-01~2026-05-15&job_name=snyk-container-test&project=internal/gitlab-templates
146 10:48:55
147 10:48:55
148 10:48:55 section_end:1778237335:step_script
149 10:48:55 +section_start:1778237335:upload_artifacts_on_success
150 10:48:55 +Uploading artifacts for successful job
151 10:48:55 Uploading artifacts...
152 10:48:55 snyk-container-test.json: found 1 matching artifact files and directories
153 10:48:56 Uploading artifacts as "archive" to coordinator... 201 Created correlation_id=01KR3K8T6TDE421417Z91206Z5 id=54677920 responseStatus=201 Created token=64_ftXyAn
154 10:48:56 Uploading artifacts...
155 10:48:56 snyk-container-test.json: found 1 matching artifact files and directories
156 10:48:56 Uploading artifacts as "container_scanning" to coordinator... 201 Created correlation_id=01KR3K8TWGH83T0TG39GMS44CG id=54677920 responseStatus=201 Created token=64_ftXyAn
157 10:48:56
158 10:48:56 section_end:1778237336:upload_artifacts_on_success
159 10:48:56 +section_start:1778237336:cleanup_file_variables
160 10:48:56 +Cleaning up project directory and file based variables
161 10:48:57
162 10:48:57 section_end:1778237337:cleanup_file_variables
163 10:48:57 +
164 10:48:57 Job succeeded
165