Comments (4)
I am also facing similar issue on the Build pipeline.
Error running templateanalyzer job: 1 of 1
GuardianErrorExitCodeException: templateanalyzer completed with an Error exit code: 22. Violation + Error: Scan encountered both violations in template(s) and errors trying to analyze template(s)
from security-devops-azdevops.
Same here with Binskim.
I have an exe file, licecap.exe from cockos, in my test / demo setup, and it fails binskim with error
D:\a\1\s\DFDOFiles\licecap.exe : error ERR997.ExceptionLoadingPdb : 'licecap.exe' was not evaluated because its PDB could not be loaded (E_PDB_NO_DEBUG_INFO).
## <cut for brevity>
------------------------------------------------------------------------------
BinSkim completed with exit code 1
##[error]Error running binskim job: 1 of 1
##[error]GuardianErrorExitCodeException: binskim completed with an Error exit code: 1. BinSkim failed. Verify the target(s) to be scanned. BinSkim targets must be a specific filename, or a pattern with a wildcard like *.dll, dir\*.dll, or dir\*
Adding an exclusion in .gdnconfig like this
{
"tools": [
{
"tool": {
"name": "BinSkim",
"version": "Latest"
},
"arguments": {
"IgnorePdbLoadError": "true"
}
}
]
}
fixes the error and .sarif output is created
The tests do continue, and my log also has errors for other demo /test files, but the sarif output stops as soon as an error is output to the log.
from security-devops-azdevops.
A wild guess would be, judging from my binskim error and looking at the source of the extension, that terminating errors from the runtime itself and not errors in the scanned files, throws and stops the task who then doesn't create the .sarif files.
One potential workaround might be to turn of the sarif output by setting the inputs -> publish value to false and then manually publishing it with a condition of always() like this
- task: MicrosoftSecurityDevOps@1
displayName: 'Microsoft Security DevOps'
inputs:
config: 'gdnconfig/.gdnconfig'
publish: false
- task: PublishPipelineArtifact@1
condition: always()
inputs:
targetPath: '$(System.DefaultWorkingDirectory)\.gdn\.r'
artifact: 'CodeAnalysisLogs'
publishLocation: 'pipeline'
This at least makes any sarif files available, however it seems like if one step fails then no sarif files exists even if other steps complete.
A better solution might be to have the extension compiling and publishing the sarif file outside of the run() function in the task, but I don't know how or even if that is possible..
from security-devops-azdevops.
Fyi; a fix for Template Analyzer was deployed to deal with that issue. Also, a fix was deployed to prevent breaking the whole flow if a tool does not execute successfully. The exception will be caught and re-thrown at the end, after post-processing has completed.
from security-devops-azdevops.
Related Issues (20)
- Credscan: Support suppression in files that does not allow comments, such as JSON documents HOT 1
- Template analyzer Azure DevOps pipeline HOT 2
- [Q] How to configure suppressions file for CredScanner and use it? HOT 2
- Having a 'packageVersion' variable causes the task to fail HOT 2
- Trivy version is very out of date HOT 2
- Pipeline task 'MicrosoftSecurityDevOps@1' fails to detect the Secrets/passwords in Python files. HOT 6
- TemplateAnalyzer missing an report format argument in wiki HOT 3
- Installing Microsoft Security DevOps Cli: Not supported error (v1.7.1) HOT 6
- Microsoft Security DevOps - Error calling url: Error: connect ECONNREFUSED 13.107.246.67:443
- Build not failing even if there are some bugs detected HOT 5
- Error: Failed to install the MSDO CLI nuget package while running behind proxy HOT 3
- Pipeline Run Successful But Results not Visible HOT 5
- Eslint is not installing in the self hosted agent HOT 2
- Microsoft security DevOps task is breaking when we use 3rd party modules/private repositories. HOT 1
- Path is undefined in release pipeline HOT 2
- Improve Task Documentation HOT 7
- Unknown header detected while attempting to read CredScan Tsv output HOT 5
- Antimalware Scan not Supported on Linux Build Agents HOT 1
- Slowness in task completion HOT 4
- Wrong paths for files in scan results with multi-checkouts. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-devops-azdevops.