Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-1428

NetObserv container warnings/failures for check-payload static FIPS scan

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Minor Minor
    • None
    • netobserv-1.5-candidate
    • Console Plugin, eBPF, Operator
    • None
    • False
    • None
    • False
    • Important

      Description of problem:

      Running the check-payload static FIPS scanning tool (https://github.com/openshift/check-payload) against the Network Observability 1.5 operator images results in two warnings and one failure.


---- Failure Report
+------------------------------------------+-----------------+------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+
| OPERATOR NAME                            | EXECUTABLE NAME | STATUS                       | IMAGE                
                  |
+------------------------------------------+-----------------+------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+
| network-observability-operator-container | /manager        | go binary is not CGO_ENABLED | brew.registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:1b0f84ed55f534e282b9b108d3daffbc3504527feec8bdd0cd3b3ae2f64b9a47 |
+------------------------------------------+-----------------+------------------------------+------------------------------------------------------------------------------------------------------------------------------------------
------------------+
F1205 12:01:16.087368       1 main.go:259] Error: run failed



---- Warning Report
+--------------------------------------------+-----------------------+-----------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+
| OPERATOR NAME                              | EXECUTABLE NAME       | STATUS                                                          | IMAGE                                                                                                                                                        |
+--------------------------------------------+-----------------------+-----------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+
| network-observability-ebpf-agent-container | /netobserv-ebpf-agent | go binary has no build tags set (should have strictfipsruntime) | brew.registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:b62ed9b19dc4ff4c8033dacef27ac1ccb5460e803fb5e35c1df0141dd713fa21 |
+--------------------------------------------+-----------------------+-----------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------+
---- Successful run with warnings


---- Warning Report
+------------------------------------------------+-----------------+-----------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| OPERATOR NAME                                  | EXECUTABLE NAME | STATUS                                                          | IMAGE                                                                                                                                                            |
+------------------------------------------------+-----------------+-----------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| network-observability-console-plugin-container | /plugin-backend | go binary has no build tags set (should have strictfipsruntime) | brew.registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:7da99db69b85cea14dcf1291c0a30d4bcf35723df5d34eab5db95012cb0e261c |
+------------------------------------------------+-----------------+-----------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
---- Successful run with warnings

      Steps to Reproduce:

      Run check-payload against the netobserv images.  QE has a job to do it but the repo has good instructions for running it.

      Actual results:

      1 failure, 2 warnings

      Expected results:

      Clean run

              Unassigned Unassigned
              mifiedle@redhat.com Mike Fiedler
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: