Closed pim-simons closed 1 year ago
I encounter a similar issue. I receive this error:
##[error]GuardianErrorExitCodeException: binskim completed with an Error exit code: 1. BinSkim failed. Verify the target(s) to be scanned. BinSkim targets must be a specific filename, or a pattern with a wildcard like *.dll, dir\*.dll, or dir\*
How can I specify the binskim targets to the MicrosoftSecurityDevOps task?
Found the solution in another GitHub issue. I added the .gdnconfig file with the content below to the project and it worked.
{
"tools": [
{
"tool": {
"name": "BinSkim",
"version": "Latest"
},
"arguments": {
"IgnorePdbLoadError": "true"
}
}
]
}
and in the pipeline file:
- task: MicrosoftSecurityDevOps@1
displayName: 'Microsoft Security DevOps'
inputs:
config: 'gdnconfig/.gdnconfig'
break: true
tools: 'binskim'
There is a similar issue when specifying template-analyzer
as the tool:
##[error]ConfigurationPathNotFoundException: A configuration file could not be found for: template-analyzer-linux
It works if I don't specify any tools at all.
These are supported tools, but they require some configuration to run. By default, the Bandit config tries to find .py files in your source but if it does not find them it will fail in this way. Binskim does the same, looking for .dll/.exe files. You can configure them to use another location either with a config file as described by @nb-atudose, or configure them in your pipeline yml as described in the wiki here: https://github.com/microsoft/security-devops-azdevops/wiki
Both Bandit and BinSkim are listed here as available tools. However when I run extension with this config:
The run fails with:
[error]bandit is missing required argument: Target
[error]Error running bandit job: 1 of 1
[error]AnalyzerMissingRequiredArgumentsException: bandit is missing one or more required arguments.
Same for BinSkim, if I run it like this:
The run fails with:
[error]Error running binskim job: 1 of 1
[error]InvalidResponseFileContentsException: Cannot create a response file with zero arguments. Ensure that your arguments are correctly set up.
Also when I run the task without specifying a tool (in which case all tools should be executed), bandit and binskim are missing:
Are Bandit and BinSkim supported or not?