Comments (8)
andrewholler
commented on August 26, 2024
1
This issue affects our team as well and it is a little disappointing that this issue has got no feedback since being opened. We have the same issue in that we don't wish to disable the secure check or treat the errors as warnings in case of future additions to the security checks being ignored as they would show up as errors on a pipeline that always errors.
from devopskit.
ankrause
commented on August 26, 2024
This is also an issue for SVTs which say
2019-08-20T22:11:57.4161566Z ##[error]Security report not generated for provided resource details. Please check if task configurations are correct.
2019-08-20T22:11:57.4405736Z Cleaning logs from temp directory...
2019-08-20T22:11:57.5460430Z ##[error]Unable to perform security scan. Please check task configurations/variables.
My variables are correct, it's just that the target RG doesn't have a combination of resources vs controls that can be evaluated, resulting in 0 evaluations.
This error makes it difficult to enforce the usage of the task and prevent future non-compliance.
from devopskit.
ganesh-msft
commented on August 26, 2024
You can use and set variable FailTaskIfNoControlsScanned to 'false' for the task to not fail even if no controls were scanned. Please refer https://github.com/azsk/DevOpsKit-docs/blob/master/03-Security-In-CICD/Readme.md#advanced-cicd-scanning-capabilities-1 for more details.
from devopskit.
andrewholler
commented on August 26, 2024
@ganesh-msft Hi, the description of this control variable is:
"This variable is to control the behavior of the SVT extension in case of no controls scanned. For e.g., using this, one may choose to pass the task if it is configured to scan only 'High' severity control but there are no resources for which 'High' severity controls are applicable."
This issue is in regards to the ARM template security status functionality of AzSK and not SVTs. I also tested the AzSKARMTemplateChecker@4 task in a pipeline and set the pipeline variable, 'FailTaskIfNoControlsScanned':'false' and the task still failed on a template without any controls scanned.
from devopskit.
RohitYadav-msft
commented on August 26, 2024
Hi @aholler2 , Thanks for the details, we are able to repro it, we'll fix it in upcoming release
from devopskit.
manvkaur
commented on August 26, 2024
Hi Team, Facing this issue with multiple resource types. Any work arounds or expected release date of the fix?
from devopskit.
andrewholler
commented on August 26, 2024
Has this been addressed?
from devopskit.
andrewholler
commented on August 26, 2024
Has this issue been fixed in a release?
from devopskit.
Related Issues (20)
- Feature Request exclude passed controli ds from log
- Override values for Azsk.Azdo
- Support AzSKARMTemplateChecker task on Ubuntu agent HOT 1
- Secure DevOps Kit (AzSK) CICD Extensions - AzSKARMTemplateChecker task fails if template does not contain supported resources HOT 2
- Fail to upgrade Org Policy with AzSK from 4.4.0 to 4.10.0 HOT 3
- Azure_Storage_DP_Encrypt_In_Transit Failing unused property in Storage Account Blobservices ARM Template HOT 1
- Not showing azsk monitoring solution in Azure log analytics workspace HOT 1
- Azure_AppService_Audit_Enable_Logging_and_Monitoring fails when two Diagnostics settings are configured, but only one has all required logs enabled HOT 2
- Bypass 'Get-AzSKAzureServicesSecurityStatus' cmdlet's confirmation prompt for attestation HOT 2
- AzSK version 4.12 Security Status Report does not create SecurityEvaluationData json
- Module not catalog signed HOT 1
- AzSK 4.14 Install-AzSKContinuousAssuranceForCluster: Any way to run in a non-interactive mode
- Installation error HOT 1
- Logic app accesscontrol validations HOT 1
- Enable Eventhub output for Central CAs HOT 2
- Support for Azure Blueprints? HOT 1
- AzTS exceptions - System.ArgumentException: Requested value 'CDN' was not found. HOT 2
- Intermittent Error Thrown-Unable to deserialize the response. HOT 5
- APIM ARM template generated using Azure CLI dotnet command is giving error while deploying through Azure devops
- ARMTemplateChecker - Enable Azure AD admin for the SQL Database - False positive with linked templates HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from devopskit.