search

microsoft / azuredevopslabs

Learn how you can plan smartly, collaborate better, and ship faster with a set of modern development services with Azure DevOps.
https://www.azuredevopslabs.com
MIT License
806 stars 905 forks source link

Secure Supply Chain Analysis (DockerFile Analysis) times out in case of invalid Docker Image Path #696

Open Mkk-VMS opened 6 months ago

Mkk-VMS commented 6 months ago

Secure Supply Chain Analysis timed out when performing DockerFile Analysis. After further investigation, one of my Dockerfiles was invalid.

Reproduce the timeout, docker file with double :: before the tag FROM ACR/registry::tag

Expectation: Scan failure with error noting invalid DockerFile Actual: Scan failure due to time out

2024-01-08T18:30:22.3594023Z ##[section]Starting: Secure Supply Chain Analysis (auto-injected by policy) 2024-01-08T18:30:22.3598894Z ============================================================================== 2024-01-08T18:30:22.3599056Z Task : Secure Supply Chain Analysis 2024-01-08T18:30:22.3599167Z Description : A task to scan for vulnerabilities in your software supply chain. Formerly "NuGet Security Analysis". 2024-01-08T18:30:22.3599309Z Version : 0.2.195 2024-01-08T18:30:22.3599384Z Author : Microsoft Corporation 2024-01-08T18:30:22.3599499Z Help : See https://aka.ms/sscatask for more information. 2024-01-08T18:30:22.3599594Z ============================================================================== 2024-01-08T18:30:23.3354961Z Telemetry ID: d74b4973-8030-401a-bd0e-235a58fd7660 2024-01-08T18:30:23.3355273Z For more information please visit: https://aka.ms/sscatask 2024-01-08T18:30:23.3389456Z > Starting Multifeed Nuget Security Analysis: 2024-01-08T18:30:23.3950660Z > Starting Multifeed Corext Analysis: 2024-01-08T18:30:23.4023442Z > Starting Multifeed Python Security Analysis: 2024-01-08T18:30:23.5020283Z > Starting CFS NuGet Analysis: 2024-01-08T18:30:23.5652895Z > Starting CFS NPM Analysis: 2024-01-08T18:30:23.6032703Z > Starting CFS Maven Analysis: 2024-01-08T18:30:23.6129092Z > Starting CFS Cargo Analysis: 2024-01-08T18:30:23.6348615Z > Starting CFS CoreXT Analysis: 2024-01-08T18:30:23.6449287Z > Starting CFS CDPx Analysis: 2024-01-08T18:30:23.6544452Z > Starting DockerFile Analysis: 2024-01-08T18:35:22.3693729Z ##[error]The task has timed out. 2024-01-08T18:35:22.3704732Z ##[section]Finishing: Secure Supply Chain Analysis (auto-injected by policy)