Permissions in Azure DevOps to execute

azsk / ADOScanner-docs

Welcome to the documentation of ADO Security Scanner!

MIT License

64 stars 14 forks source link

Permissions in Azure DevOps to execute #59

Closed leandromsft closed 2 years ago

leandromsft commented 2 years ago

I'm running the command via PS console, but result the error:

Get-AzSKADOSecurityStatus -OrganizationName "........." -ProjectNames "......" -ScanAllResources -DetailedScan -ResetCredentials
Using '*' can take a long time for the scan to complete in larger projects.
You may want to provide a comma-separated list of projects, builds, releases, service connections, agent pools and variable groups.

Organization not found: Incorrect organization name or '............' account does not have necessary permission to access the organization. Use -ResetCredentials parameter in command to login with another account.
InvalidOperation: Invalid JSON primitive: .

What permissions does the user need to have in Azure DevOps?

Thank you Leandro Prado

juhi037 commented 2 years ago

Hi @leandromsft, you need to be a valid user in the given ADO org to scan it. If you can access the org on ADO, you should be able to scan via ADO scanner as well. Please check if you are giving the correct organization name in -OrganizationName parameter. Also check if the account being used to scan is the same as the one having access. You can also try logging in again by using the switch -ResetCredentials as the end of your command. If you are still facing issues, please let us know.

leandromsft commented 2 years ago

Hi @juhi037, I'm part of the Team Project Contributor group, but when I try to run the Get-AzSKADOSecurityStatus command, the error below

Organization not found: Incorrect organization name or XXXXXXXXX account does not have necessary permission to access the organization. Use -ResetCredentials parameter in command to login with another account.

I execute the command using the -ResetCredentials, but result the same error

I try to use the -PATToken parameter, and result the same error

Thank you for help

juhi037 commented 2 years ago

Hi @leandromsft. Can you please validate if you are running the latest version i.e. 1.17.0? Also can you try if you can use the ADO Scanner from an extension. You can find the steps here: https://github.com/azsk/ADOScanner-docs/tree/master/05-Running%20ADOScanner%20as%20pipeline%20extension. If this does not work as well, we can get on a call to better understand the issue. We work in IST hours from 9 AM - 6 PM.

leandromsft commented 2 years ago

Hi @juhi037 , thank you for help.

I was using an old version I upgraded to version 1.17.9 and now it worked

Thank you