search

microsoft / security-devops-azdevops

Microsoft Security DevOps extension for Azure DevOps.
MIT License
59 stars 14 forks source link

ADO Task unable to initialize on Azure Hosted Agent macos-13 #107

Closed mohitdangwal1 closed 3 months ago

mohitdangwal1 commented 3 months ago

I am trying to run the task(ms-securitydevops.microsoft-security-devops-azdevops.build-task-microsoft-security-devops.MicrosoftSecurityDevOps@1) in a classic pipeline in Azure DevOps pipeline and it is failing each time with error shown below in debug mode.

I am running this on Azure DevOps Hosted Agent macos-13.

I have no other significant tasks in the pipeline to interfere with this task but it still fails.

Is this task supported for Mac?


##[debug]packageDirectory = /Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0
##[debug]msdoDirectory = /Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools
##[debug]msdoFilePath = /Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian
------------------------------------------------------------------------------
##[debug]cliFilePath = /Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian
##[debug]which '/Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian'
##[debug]not found
##[debug]Error: Unable to locate executable file: '/Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian'. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.
Exception occurred while initializing MSDO:
##[debug]cliFilePath = /Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian
##[debug]which '/Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian'
##[debug]not found
##[debug]task result: Failed
##[error]Error: Unable to locate executable file: '/Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian'. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.
##[debug]Processed: ##vso[task.issue type=error;]Error: Unable to locate executable file: '/Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian'. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.
##[debug]Processed: ##vso[task.complete result=Failed;]Error: Unable to locate executable file: '/Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian'. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.
Finishing: Run Microsoft Defender for DevOps```
reynoldsa commented 3 months ago

Hello, @mohitdangwal1. When you say a classic pipeline, are you referring to a classic Release pipeline?

If so, MSDO doesn't run in that environment; it would only work in YAML pipelines.

If not, can you give us some more information about what your environment is like, including the YAML you're using to run MSDO?

mohitdangwal1 commented 3 months ago

I meant classic build pipeline in ADO, not release pipeline. Let me try the same in yaml as well to see if it makes any difference.

mohitdangwal1 commented 3 months ago

I ran the below yaml step in a macos-13 image from the build pipeline and it is failing. See output below:

   - job: DefenderForDevOps
     displayName: 'Defender For DevOps'
     pool:
      vmImage: 'macOS-13'

     steps:

     - task: MicrosoftSecurityDevOps@1
       displayName: 'Security DevOps'
       inputs:
         break: true
         publish: true

Output:

2024-04-11T11:07:42.2118000Z ##[section]Starting: Security DevOps 2024-04-11T11:07:42.2123930Z ============================================================================== 2024-04-11T11:07:42.2124120Z Task : Microsoft Security DevOps 2024-04-11T11:07:42.2124220Z Description : Run the Microsoft Security DevOps CLI for static analysis. 2024-04-11T11:07:42.2124370Z Version : 1.11.1 2024-04-11T11:07:42.2124480Z Author : Microsoft Corporation 2024-04-11T11:07:42.2124600Z Help : Runs the Microsoft Security DevOps CLI for security analysis. Effective September 20th 2023, the Secret Scanning option (CredScan) within Microsoft Security DevOps (MSDO) Extension for Azure DevOps is deprecated. MSDO Secret Scanning is replaced by the Configure GitHub Advanced Security for Azure DevOps features offering. 2024-04-11T11:07:42.2125560Z ============================================================================== 2024-04-11T11:07:42.3440080Z ------------------------------------------------------------------------------ 2024-04-11T11:07:42.3442290Z Installing Microsoft Security DevOps Cli version: Latest 2024-04-11T11:07:43.3879020Z Installed Microsoft.Security.Devops.Cli version 0.202.0 2024-04-11T11:07:43.3880540Z ------------------------------------------------------------------------------ 2024-04-11T11:07:43.3897510Z Exception occurred while initializing MSDO: 2024-04-11T11:07:43.3924120Z ##[error]Error: Unable to locate executable file: '/Users/runner/work/_msdo/versions/Microsoft.Security.Devops.Cli.0.202.0/tools/guardian'. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable. 2024-04-11T11:07:43.3980190Z ##[section]Finishing: Security DevOps

reynoldsa commented 3 months ago

Mohit, unfortunately I see you're using a macOS hosted agent. macOS is not officially-supported for MSDO. If you are able to reproduce this with either Linux or Windows, please reopen this and we will have a look.