Open nb-atudose opened 1 year ago
can you try adding categories: secrets,code,artifacts
to the inputs
I added the categories as you suggested. I can now see the outputs of the eslint run in the sarif file, but the build does not break, although it says in the pipeline logs that the eslint run finished with exit code 1.
Running ESLint 7.32.0.2
------------------------------------------------------------------------------
D:\a\_msdo\packages\node_modules\eslint\eslint.cmd --no-eslintrc --config D:\a\_msdo\packages\node_modules\eslint/node_modules/@microsoft/eslint-plugin-sdl/config/required.js --ext .js --ext .ts --ignore-pattern *.d.ts --format D:\a\_msdo\packages\node_modules\eslint\node_modules\@microsoft\eslint-formatter-sarif\sarif.js --output-file D:\a\1\s\.gdn\.r\eslint\001\eslint.sarif **/*.{js,ts}
Tool run time: 1.6169278 seconds
------------------------------------------------------------------------------
ESLint completed with exit code 1
Sarif file output:
{
"tool": {
"driver": {
"name": "eslint",
"informationUri": "https://eslint.org",
"properties": {
"RawName": "eslint"
}
}
},
"invocations": [
{
"toolConfigurationNotifications": [
{
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///D:/a/1/s/insecure.js",
"index": 0
},
"region": {
"startLine": 3,
"startColumn": 1
}
}
}
],
"message": {
"text": "Parsing error: The keyword 'const' is reserved"
},
"level": "error",
"descriptor": {
"id": "ESL0999"
}
}
],
"executionSuccessful": false
}
],
@nb-atudose you need to set another prop called "break". here is the documentation of that property:
{
"name": "break",
"label": "Break",
"type": "boolean",
"required": false,
"helpMarkDown": "If checked, will fail this build step if any error level results are found.",
"defaultValue": "false",
"group": "advanced"
}
As you can see by default - break is set to false. False means dont break the build when eslint errors are present. If you want to break the build you need to set break:true
Try this out and let me know please.
hope this helps.
Hi, break has been already set to true. This is my pipeline:
trigger: none
pool:
vmImage: 'windows-latest'
steps:
- task: UseDotNet@2
displayName: 'Use dotnet'
inputs:
version: 3.1.x
- task: UseDotNet@2
displayName: 'Use dotnet'
inputs:
version: 5.0.x
- task: UseDotNet@2
displayName: 'Use dotnet'
inputs:
version: 6.0.x
- task: MicrosoftSecurityDevOps@1
displayName: 'Microsoft Security DevOps'
inputs:
break: true
tools: 'eslint,credscan'
categories: secrets,code,artifacts
- task: PublishBuildArtifacts@1
condition: always()
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: 'CodeAnalysisLogs'
publishLocation: 'Container'
If credscan finds any issues, the build breaks. If eslint finds any, it doesn't.
Pipeline:
Output of eslint:
There are a lot of .js & .ts files in the repo, even in the root folder of the repo, all of them with issues, but none were detected Are there any configurations that I should make?