Problem to solve
Hello, I am trying to debug the kics-iac-sast job that timeouts when included from gitlab-ci provided template :
The security Infrastructure as code SAST job from gitlab template Jobs/SAST-IaC.gitlab-ci.yml
timeouts without info on what could be blocking…
$ /analyzer run
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ GitLab kics analyzer v4.1.12
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ Detecting project
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ Analyzer will attempt to analyze all projects in the repository
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ Running analyzer
[WARN] [kics] [2024-03-18T21:10:35Z] ▶ /builds/<REDACTED>/<redacted gitlabgroup>/gcp-infra/.gitlab/sast-ruleset.toml not found, ruleset support will be disabled.
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ path /builds/<REDACTED>/<redacted gitlabgroup>/gcp-infra
ERROR: Job failed: execution took longer than 1h0m0s seconds
(Full 1h job log here)
Resolving secrets 00:00
Preparing the "kubernetes" executor 00:00
Using Kubernetes namespace: runners
Using Kubernetes executor with image registry.gitlab.com/security-products/kics:4 ...
Using attach strategy to execute scripts...
Preparing environment 00:07
Waiting for pod runners/runner-eeutxazr-project-55768457-concurrent-0p9zs2 to be running, status is Pending
Waiting for pod runners/runner-eeutxazr-project-55768457-concurrent-0p9zs2 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-eeutxazr-project-concurrent-0p9zs2 via <custom_runner>-ssfln...
Getting source from Git repository 00:02
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/<REDACTED>/<redacted gitlabgroup>/gcp-infra/.git/
Created fresh repository.
Checking out a08f9ebe as detached HEAD (ref is main)...
Skipping Git submodules setup
Restoring cache 00:02
Checking cache for /builds/<REDACTED>/<redacted gitlabgroup>/gcp-infra-protected...
Downloading cache from <REDACTEDTERRAFORM BACKEND>
Successfully extracted cache
Executing "step_script" stage of the job script 59:49
$ export GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_KEYFILE_JSON}
$ export TF_VAR_GCLOUD_PROJECT TF_VAR_GCLOUD_REGION TF_VAR_GCLOUD_ZONE
$ /analyzer run
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ GitLab kics analyzer v4.1.12
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ Detecting project
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ Analyzer will attempt to analyze all projects in the repository
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ Running analyzer
[WARN] [kics] [2024-03-18T21:10:35Z] ▶ /builds/<REDACTED>/<redacted gitlabgroup>/gcp-infra/.gitlab/sast-ruleset.toml not found, ruleset support will be disabled.
[INFO] [kics] [2024-03-18T21:10:35Z] ▶ path /builds/<REDACTED>/<redacted gitlabgroup>/gcp-infra
ERROR: Job failed: execution took longer than 1h0m0s seconds
Steps to reproduce
- create a terraform project
- provide some terraform code to deploy to GCP (in my case, but not sure why it would be related to GCP only)
- include the provided template
Jobs/SAST-IaC.gitlab-ci.yml
- have the CI run
Configuration
.gitlab-ci.yml
include:
- template: Jobs/SAST-IaC.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml
- template: Jobs/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab-foss/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
Versions
Please select whether options apply, and add the version information.
- [-] Self-managed
- GitLab.com SaaS
- Self-hosted Runners
Versions
- GitLab: gitlab.com
- GitLab Runner :
15.8.3