search

microsoft / security-devops-action

Microsoft Security DevOps for GitHub Actions.
MIT License
97 stars 44 forks source link

BinSkim failed. Verify the target(s) to be scanned. #45

Open mhborg-timextender opened 1 year ago

mhborg-timextender commented 1 year ago

We have a project that I recently tried adding the following YAML to the build pipeline:

  - task: UseDotNet@2
    displayName: 'Use dotnet'
    condition: eq(variables['Build.SourceBranchName'], '18321-add-vulnerability-scan')
    inputs:
      version: 3.1.x
  - task: UseDotNet@2
    displayName: 'Use dotnet'
    condition: eq(variables['Build.SourceBranchName'], '18321-add-vulnerability-scan')
    inputs:
      version: 6.0.x
  - task: MicrosoftSecurityDevOps@1
    displayName: 'Microsoft Security DevOps'
    condition: eq(variables['Build.SourceBranchName'], '18321-add-vulnerability-scan')
    inputs:
      tools: 'BinSkim,CredScan,ESlint'

But BinSkim fails with the following: 

    D:\a\_msdo\packages\nuget\Microsoft.CodeAnalysis.BinSkim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe analyze --config default --hashes --statistics --sarif-output-version OneZeroZero --output D:\a\1\s\.gdn\.r\binskim\001\binskim.sarif @D:\a\1\s\.gdn\.r\binskim\001\.gdntoolinput
    Analyzing...
    D:\a\1\s\UserPortalAPI\bin\Release\netcoreapp3.1\runtimes\win-arm64\native\sni.dll : error ERR997.ExceptionLoadingPdb : 'sni.dll' was not evaluated because its PDB could not be loaded (E_PDB_NOT_FOUND).
    D:\a\1\s\UserPortalAPI\bin\Release\netcoreapp3.1\runtimes\win-x64\native\sni.dll : error ERR997.ExceptionLoadingPdb : 'sni.dll' was not evaluated because its PDB could not be loaded (E_PDB_NOT_FOUND).
    D:\a\1\s\UserPortalAPI\bin\Release\netcoreapp3.1\runtimes\win-x86\native\sni.dll : error ERR997.ExceptionLoadingPdb : 'sni.dll' was not evaluated because its PDB could not be loaded (E_PDB_NOT_FOUND).

    Done. 125 files scanned.

    One or more rules was disabled for an analysis target, as it was determined not to be applicable to it (this is a common condition). Pass --verbose on the command-line for more information.

    Analysis did not complete due to one or more unrecoverable execution conditions.
    Unexpected fatal runtime condition(s) observed: ExceptionLoadingPdb

    Tool run time: 3.1682485 seconds
    ------------------------------------------------------------------------------
    BinSkim completed with exit code 1
##[error]Error running binskim job: 1 of 1
##[error]GuardianErrorExitCodeException: binskim completed with an Error exit code: 1. BinSkim failed. Verify the target(s) to be scanned. BinSkim targets must be a specific filename, or a pattern with a wildcard like *.dll, dir\*.dll, or dir\*
    ------------------------------------------------------------------------------

Although it doesn't fail the entire build pipeline, I am still curious why it fails.

jmarti326 commented 11 months ago

Where you able to get an answer of this error? I am having the same problem, but don't find anything in the docs.

mhborg-timextender commented 10 months ago

Where you able to get an answer of this error? I am having the same problem, but don't find anything in the docs.

No, currently have binskim disabled in our pipelines.