microsoft / security-devops-azdevops

Microsoft Security DevOps extension for Azure DevOps.
MIT License
67 stars 19 forks source link

PackagesNotProvidedException when using .gdnconfig in ADO Pipeline with templates #123

Open aavdberg opened 3 days ago

aavdberg commented 3 days ago

When I add the task:

  - task: MicrosoftSecurityDevOps@1
    displayName: 'Microsoft Security DevOps Scan'
    inputs:
      config: "pipelines/${{parameters.templateFolder}}/.defender/.gdnconfig"

in my pipeline template I am getting the following error: PackagesNotProvidedException

The folder structure is

graph TD;
    R[Root] --> E[pipelines] --> E1[Landingzones] --> E1a[datamanagement]
    R --> G[source] --> G1[bicep] --> G1a[Landingzones] --> G1a1[datamanagement]
    E1a --> H[.defender] --> H1[.gdnconfig]

And this is how the .gdnconfig file looks:

{
  "scan": {
    "include": [
      "pipelines/landingzones/datamanagement/",
      "source/bicep/landingzones/datamanagement/"
    ]
  },
  "tools": {
    "bandit": {
      "enabled": true
    },
    "binskim": {
      "enabled": true
    },
    "checkov": {
      "enabled": true
    },
    "eslint": {
      "enabled": false
    },
    "templateanalyzer": {
      "enabled": true
    },
    "terrascan": {
      "enabled": false
    },
    "trivy": {
      "enabled": true
    }
  }
}

And then when pipeline is running getting the following error:


      OK https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/flat2/microsoft.security.devops.tools.configuration/1.0.9/microsoft.security.devops.tools.configuration.1.0.9.nupkg 96ms
    Installed Microsoft.Security.DevOps.Tools.Configuration 1.0.9 from https://ff1a9733-c11f-5cef-b87a-175efb0b64be-fedphfembug6gddt.b02.azurefd.net/nuget/v3/index.json with content hash SDYfY1KSZ679I87MYZMHZuJ+QxDcd04zyE9nOijBkcPMaNl+gXWWHwMUnqVXlk30XnjQE0ogmmUwIsxGXaN+Dg==.
    Adding package 'Microsoft.Security.DevOps.Tools.Configuration.1.0.9' to folder 'D:\a\_msdo\versions\Microsoft.Security.Devops.Cli.win-x64.0.211.1\tools\Config\Tools'
    Added package 'Microsoft.Security.DevOps.Tools.Configuration.1.0.9' to folder 'D:\a\_msdo\versions\Microsoft.Security.Devops.Cli.win-x64.0.211.1\tools\Config\Tools'
    Successfully installed 'Microsoft.Security.DevOps.Tools.Configuration 1.0.9' to D:\a\_msdo\versions\Microsoft.Security.Devops.Cli.win-x64.0.211.1\tools\Config\Tools
    Executing nuget actions took 4.43 sec
  ------------------------------------------------------------------------------

  Created a settings file at: D:\a\1\s\.gdn\.gdnsettings
  Added D:\a\1\s\.gdn\.gitignore file to ignore internal files. Please commit this file.
  Guardian repository created at: D:\a\1\s\.gdn
  Please commit everything in the .gdn folder to source control. You can now use "guardian run" to run tools.
C:\Windows\system32\cmd.exe /D /S /C "D:\a\_msdo\versions\Microsoft.Security.Devops.Cli.win-x64.0.211.1\tools\guardian.cmd run -c pipelines/Landingzones/datamanagement/.defender/.gdnconfig -p azuredevops --rich-exit-code --logger-pipeline --export-file D:\a\1\a\.gdn\msdo.sarif --telemetry-environment azdevops"
Run:
  Installing Microsoft.Security.DevOps.Policy.Names
  ------------------------------------------------------------------------------
      GET https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/registrations2-semver2/microsoft.security.devops.policy.names/index.json
      OK https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/registrations2-semver2/microsoft.security.devops.policy.names/index.json 72ms
    Attempting to gather dependency information for package 'Microsoft.Security.DevOps.Policy.Names.2.0.0' with respect to project 'D:\a\_msdo\packages\nuget', targeting 'Any,Version=v0.0'
    Gathering dependency information took 25 ms
    Attempting to resolve dependencies for package 'Microsoft.Security.DevOps.Policy.Names.2.0.0' with DependencyBehavior 'Lowest'
    Resolving dependency information took 0 ms
    Resolving actions to install package 'Microsoft.Security.DevOps.Policy.Names.2.0.0'
    Resolved actions to install package 'Microsoft.Security.DevOps.Policy.Names.2.0.0'
    Retrieving package 'Microsoft.Security.DevOps.Policy.Names 2.0.0' from 'MSCA.Policy'.
      GET https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/flat2/microsoft.security.devops.policy.names/2.0.0/microsoft.security.devops.policy.names.2.0.0.nupkg
      OK https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/flat2/microsoft.security.devops.policy.names/2.0.0/microsoft.security.devops.policy.names.2.0.0.nupkg 211ms
    Installed Microsoft.Security.DevOps.Policy.Names 2.0.0 from https://ff1a9733-c11f-5cef-b87a-175efb0b64be-fedphfembug6gddt.b02.azurefd.net/nuget/v3/index.json with content hash vo5wd0KXEIlHKWvFVvQ65BTt7xrhYDQ8U0LuyxMzPOVkHiXxjWz+Pv8WskZZAcRl2PXIOCIQcqW95WJR6uUPkQ==.
    Adding package 'Microsoft.Security.DevOps.Policy.Names.2.0.0' to folder 'D:\a\_msdo\packages\nuget'
    Added package 'Microsoft.Security.DevOps.Policy.Names.2.0.0' to folder 'D:\a\_msdo\packages\nuget'
    Successfully installed 'Microsoft.Security.DevOps.Policy.Names 2.0.0' to D:\a\_msdo\packages\nuget
    Executing nuget actions took 592 ms
  ------------------------------------------------------------------------------
  Installing Microsoft.Security.DevOps.Policy.AzureDevOps
  ------------------------------------------------------------------------------
      GET https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/registrations2-semver2/microsoft.security.devops.policy.azuredevops/index.json
      OK https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/registrations2-semver2/microsoft.security.devops.policy.azuredevops/index.json 53ms
    Attempting to gather dependency information for package 'Microsoft.Security.DevOps.Policy.AzureDevOps.2.0.3' with respect to project 'D:\a\_msdo\packages\nuget', targeting 'Any,Version=v0.0'
    Gathering dependency information took 0.6 ms
    Attempting to resolve dependencies for package 'Microsoft.Security.DevOps.Policy.AzureDevOps.2.0.3' with DependencyBehavior 'Lowest'
    Resolving dependency information took 0 ms
    Resolving actions to install package 'Microsoft.Security.DevOps.Policy.AzureDevOps.2.0.3'
    Resolved actions to install package 'Microsoft.Security.DevOps.Policy.AzureDevOps.2.0.3'
    Retrieving package 'Microsoft.Security.DevOps.Policy.AzureDevOps 2.0.3' from 'MSCA.Policy'.
      GET https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/flat2/microsoft.security.devops.policy.azuredevops/2.0.3/microsoft.security.devops.policy.azuredevops.2.0.3.nupkg
      OK https://msdoeu.pkgs.visualstudio.com/a0cea213-0e9d-434b-af98-c310dc79a15a/_packaging/43047372-b941-4b65-b8cd-da64656f07e5/nuget/v3/flat2/microsoft.security.devops.policy.azuredevops/2.0.3/microsoft.security.devops.policy.azuredevops.2.0.3.nupkg 322ms
    Installed Microsoft.Security.DevOps.Policy.AzureDevOps 2.0.3 from https://ff1a9733-c11f-5cef-b87a-175efb0b64be-fedphfembug6gddt.b02.azurefd.net/nuget/v3/index.json with content hash 2n+JiYpRLL/1AmndTByAqCjIKxpI8C4NA8Ql5dya99e0Ze/NfESnnoJjSN4z7NvgueJ13UM5Lum+W8TehPRI2Q==.
    Adding package 'Microsoft.Security.DevOps.Policy.AzureDevOps.2.0.3' to folder 'D:\a\_msdo\packages\nuget'
    Added package 'Microsoft.Security.DevOps.Policy.AzureDevOps.2.0.3' to folder 'D:\a\_msdo\packages\nuget'
    Successfully installed 'Microsoft.Security.DevOps.Policy.AzureDevOps 2.0.3' to D:\a\_msdo\packages\nuget
    Executing nuget actions took 529 ms
  ------------------------------------------------------------------------------
  Install:
##[error]PackagesNotProvidedException: No packages could be found.
##[error]MSDO CLI exited with an error exit code: 1
Finishing: Microsoft Security DevOps Scan
aavdberg commented 1 day ago

@chrisnielsen-MS, @sukhans, @laragoldstein13 is the Team reviewing the issues in this repo?