Hi
I am trying to use the Microsoft security devops extension to perform security analysis of my code. However eslint is not installing in my self hosted agent whereas credscan and other tools are installing successfully. Can anyone take a look at it and do the needful.
Logs for the security task:
Starting: Run Microsoft Defender for DevOps
Task : Microsoft Security DevOps
Description : Run the Microsoft Security DevOps CLI for static analysis.
Version : 1.7.2
Author : Microsoft Corporation
Help : Runs the Microsoft Security DevOps CLI for security analysis.
Installing Microsoft Security DevOps Cli version: Latest
Microsoft.Security.Devops.Cli.linux-x64 version 0.164.1 already installed
/home/myagent4/_work/_msdo/versions/Microsoft.Security.Devops.Cli.linux-x64.0.164.1/tools/guardian init --force
Init:
Creating guardian repo at: /home/myagent4/_work/51/s
A repository already exists at /home/myagent4/_work/51/s/.gdn.
Deleting existing guardian repository at: /home/myagent4/_work/51/s/.gdn
Removing Guardian repository at /home/myagent4/_work/51/s/.gdn
Created a settings file at: /home/myagent4/_work/51/s/.gdn/.gdnsettings
Added /home/myagent4/_work/51/s/.gdn/.gitignore file to ignore internal files. Please commit this file.
Guardian repository created at: /home/myagent4/_work/51/s/.gdn
Please commit everything in the .gdn folder to source control. You can now use "guardian run" to run tools.
/home/myagent4/_work/_msdo/versions/Microsoft.Security.Devops.Cli.linux-x64.0.164.1/tools/guardian run -p microsoft --rich-exit-code --logger-pipeline --export-breaking-results-to-file /home/myagent4/_work/51/a/.gdn/msdo.sarif --telemetry-environment azdevops
Run:
Installing Microsoft.Security.CodeAnalysis.Policy.Names
GET https://pkgs.dev.azure.com/secdevtools/fbe8430b-c7d4-4187-8c71-a0083ead3d4b/_packaging/a2fd5474-7706-4971-8654-fd0403cf8e6a/nuget/v3/registrations2-semver2/microsoft.security.codeanalysis.policy.names/index.json
OK https://pkgs.dev.azure.com/secdevtools/fbe8430b-c7d4-4187-8c71-a0083ead3d4b/_packaging/a2fd5474-7706-4971-8654-fd0403cf8e6a/nuget/v3/registrations2-semver2/microsoft.security.codeanalysis.policy.names/index.json 81ms
Attempting to gather dependency information for package 'Microsoft.Security.CodeAnalysis.Policy.Names.1.0.2' with respect to project '/home/myagent4/_work/_msdo/packages/nuget', targeting 'Any,Version=v0.0'
Gathering dependency information took 30 ms
Attempting to resolve dependencies for package 'Microsoft.Security.CodeAnalysis.Policy.Names.1.0.2' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Microsoft.Security.CodeAnalysis.Policy.Names.1.0.2'
Resolved actions to install package 'Microsoft.Security.CodeAnalysis.Policy.Names.1.0.2'
Found package 'Microsoft.Security.CodeAnalysis.Policy.Names 1.0.2' in '/home/myagent4/_work/_msdo/packages/nuget'.
Package 'Microsoft.Security.CodeAnalysis.Policy.Names.1.0.2' already exists in folder '/home/myagent4/_work/_msdo/packages/nuget'
Successfully installed 'Microsoft.Security.CodeAnalysis.Policy.Names 1.0.2' to /home/myagent4/_work/_msdo/packages/nuget
Executing nuget actions took 33 ms
Installing Microsoft.Security.CodeAnalysis.Policy.Microsoft
GET https://pkgs.dev.azure.com/secdevtools/fbe8430b-c7d4-4187-8c71-a0083ead3d4b/_packaging/a2fd5474-7706-4971-8654-fd0403cf8e6a/nuget/v3/registrations2-semver2/microsoft.security.codeanalysis.policy.microsoft/index.json
OK https://pkgs.dev.azure.com/secdevtools/fbe8430b-c7d4-4187-8c71-a0083ead3d4b/_packaging/a2fd5474-7706-4971-8654-fd0403cf8e6a/nuget/v3/registrations2-semver2/microsoft.security.codeanalysis.policy.microsoft/index.json 127ms
Attempting to gather dependency information for package 'Microsoft.Security.CodeAnalysis.Policy.Microsoft.1.2.7' with respect to project '/home/myagent4/_work/_msdo/packages/nuget', targeting 'Any,Version=v0.0'
Gathering dependency information took 2 ms
Attempting to resolve dependencies for package 'Microsoft.Security.CodeAnalysis.Policy.Microsoft.1.2.7' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Microsoft.Security.CodeAnalysis.Policy.Microsoft.1.2.7'
Resolved actions to install package 'Microsoft.Security.CodeAnalysis.Policy.Microsoft.1.2.7'
Found package 'Microsoft.Security.CodeAnalysis.Policy.Microsoft 1.2.7' in '/home/myagent4/_work/_msdo/packages/nuget'.
Package 'Microsoft.Security.CodeAnalysis.Policy.Microsoft.1.2.7' already exists in folder '/home/myagent4/_work/_msdo/packages/nuget'
Successfully installed 'Microsoft.Security.CodeAnalysis.Policy.Microsoft 1.2.7' to /home/myagent4/_work/_msdo/packages/nuget
Executing nuget actions took 0.7 ms
The target directory is not provided. Defaults to the working directory: /home/myagent4/_work/51/s.
The platform is not provided. Defaults to the current OS: Linux.
Starting tools applicability analysis...
Tools Applicability Infomation:
Applicable Tools:
Tool Name: terrascan
Tool Version: 1.18.0.1
Tool Config File Path: /home/myagent4/_work/51/s/.gdn/c/terrascan-linux.gdntool
Tool Name: credscan
Tool Version: 2.5.1.13
Tool Config File Path: /home/myagent4/_work/51/s/.gdn/c/credscan-linux.gdntool
Tool Name: eslint
Tool Version: 7.32.0.2
Tool Config File Path: /home/myagent4/_work/51/s/.gdn/c/eslint-linux.gdntool
Tool Name: templateanalyzer
Tool Version: 0.5.1
Tool Config File Path: /home/myagent4/_work/51/s/.gdn/c/templateanalyzer-linux.gdntool
Completed tools applicability analysis.
Install:
Installing Microsoft.Guardian.TerrascanRedist_linux_amd64
------------------------------------------------------------------------------
Attempting to gather dependency information for package 'Microsoft.Guardian.TerrascanRedist_linux_amd64.1.18.0.1' with respect to project '/home/myagent4/_work/_msdo/packages/nuget', targeting 'Any,Version=v0.0'
Gathering dependency information took 299 ms
Attempting to resolve dependencies for package 'Microsoft.Guardian.TerrascanRedist_linux_amd64.1.18.0.1' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Microsoft.Guardian.TerrascanRedist_linux_amd64.1.18.0.1'
Resolved actions to install package 'Microsoft.Guardian.TerrascanRedist_linux_amd64.1.18.0.1'
Found package 'Microsoft.Guardian.TerrascanRedist_linux_amd64 1.18.0.1' in '/home/myagent4/_work/_msdo/packages/nuget'.
Package 'Microsoft.Guardian.TerrascanRedist_linux_amd64.1.18.0.1' already exists in folder '/home/myagent4/_work/_msdo/packages/nuget'
Successfully installed 'Microsoft.Guardian.TerrascanRedist_linux_amd64 1.18.0.1' to /home/myagent4/_work/_msdo/packages/nuget
Executing nuget actions took 0.8 ms
------------------------------------------------------------------------------
Installing Microsoft.Security.CredScan
------------------------------------------------------------------------------
Attempting to gather dependency information for package 'Microsoft.Security.CredScan.2.5.1.13' with respect to project '/home/myagent4/_work/_msdo/packages/nuget', targeting 'Any,Version=v0.0'
Gathering dependency information took 142 ms
Attempting to resolve dependencies for package 'Microsoft.Security.CredScan.2.5.1.13' with DependencyBehavior 'Lowest'
Resolving dependency information took 0 ms
Resolving actions to install package 'Microsoft.Security.CredScan.2.5.1.13'
Resolved actions to install package 'Microsoft.Security.CredScan.2.5.1.13'
Found package 'Microsoft.Security.CredScan 2.5.1.13' in '/home/myagent4/_work/_msdo/packages/nuget'.
Package 'Microsoft.Security.CredScan.2.5.1.13' already exists in folder '/home/myagent4/_work/_msdo/packages/nuget'
Successfully installed 'Microsoft.Security.CredScan 2.5.1.13' to /home/myagent4/_work/_msdo/packages/nuget
Executing nuget actions took 6 ms
------------------------------------------------------------------------------
Installing eslint
------------------------------------------------------------------------------
npm install --loglevel error [email protected] [email protected] @microsoft/[email protected] [email protected] [email protected] @typescript-eslint/[email protected] @typescript-eslint/[email protected] @typescript-eslint/[email protected] @microsoft/[email protected] [email protected] --prefix /home/myagent4/_work/_msdo/packages/node_modules/eslint --global
------------------------------------------------------------------------------
##[warning]Failed to install from source npm with exception System.ComponentModel.Win32Exception (2): An error occurred trying to start process 'npm' with working directory '/home/myagent4/_work/_msdo/packages/node_modules'. No such file or directory
at System.Diagnostics.Process.ForkAndExecProcess(ProcessStartInfo startInfo, String resolvedFilename, String[] argv, String[] envp, String cwd, Boolean setCredentials, UInt32 userId, UInt32 groupId, UInt32[] groups, Int32& stdinFd, Int32& stdoutFd, Int32& stderrFd, Boolean usesTerminal, Boolean throwOnNoExec)
at System.Diagnostics.Process.StartCore(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
at System.Diagnostics.ProcessWrapper.Start()
at System.Diagnostics.ExecutableRunner.Run(String arguments, String workingDirectory, Boolean waitForExit)
at System.Diagnostics.ExecutableRunner.Run(String arguments, String workingDirectory)
at Microsoft.Guardian.Installers.NpmClient.Install(IList`1 packageList, String prefix, String workingDirectory, Boolean global, Boolean quiet, Boolean engineStrict)
at Microsoft.Guardian.Installers.NpmClient.Install(PackageConfig packageConfig, String outputDirectory)
##[error]PackageInstallerException: Failed to install Npm package: eslint v7.32.0
##[error]MSDO CLI exited with an error exit code: 1
Finishing: Run Microsoft Defender for DevOps