Closed Cadacious closed 2 months ago
It looks like the version downloaded can be controlled by the MSDO_VERSION environment variable.
We have added a pipeline variable with that name to our centralized YAML template that invokes this task to pin to the latest working version as a temporary workaround.
Please advise when a fixed version of this NuGet package is released so we can remove this hotfix from our pipelines.
WE are having the same issue. The environment variable workaround also works for us using classic pipelines (non-yaml)
For anyone looking for a quick fix, add the following to your DfC Scan Task:
# - task: MicrosoftSecurityDevOps@1
env:
MSDO_VERSION: '0.202.0'
The bug seems to be in 0.203.0
and 0.203.1
.
Don't forget to check back in a week to see if it's working again on the latest, or you'll get to debug this again once 202 reaches EOL 😉
This was an issue with a config template in Friday's release. It should be fixed with 0.204.0 (released today). Please let us know if you are still experiencing this issue with 0.204.0 or later versions. Apologies for any inconvenience.
When using the latest version of the Microsoft Security DevOps pipeline task with the 0.203.0 and 0.203.1 versions of the Microsoft.Security.DevOps.Cli nuget package we are seeing the below pipeline failure across all pipelines.
The 0.202.0 version of the nuget package worked fine in our pipelines.
Both new versions of the Microsoft.Security.DevOps.Cli nuget package were published in the last two hours.
This is a complete show-stopper for our pipelines as we run this task in every pipeline run.