Closed richardtallent-erm closed 1 year ago
@richardtallent-erm I looked at the source. Here is the information you are looking for: https://github.com/microsoft/security-devops-azdevops/blob/main/src/MicrosoftSecurityDevOps/v1/task.json#L52
According to the comments for the parameter categories:
A comma separated list of analyzer categories to run. Values: `secrets`, `code`, `artifacts`, `IaC`, `containers`. Example: `IaC,secrets`. Defaults to all.
You need to provide atleast one analyzer. If you dont have IaC code then you should have from best practice perspective - secret, code, artifacts.
Error message is correct. When you dont provide a category - it defaults to running all analyzers. In your case you provide an explicit value to category parameter and that too gave it 1 value which happens to be not to run IaC. Now it has no configuration to run. So it is asking for at least 1 config value to run.
hope this helps.
Confirmed, a categories
value of "secrets,code,artifacts" works as expected. Thanks!
@richardtallent-erm great to hear it worked. Thanks for closing the issue.
FWIW I solved it by explicitly listing the tools we wanted to run under tools
since we wanted TemplateAnalyzer
to scan our bicep files:
- task: MicrosoftSecurityDevOps@1
displayName: 'Microsoft Security DevOps'
inputs:
tools: 'credscan,templateanalyzer'
I have a task for MicrosoftSecurityDevOps@1 in my build pipeline. It runs TerraScan, then generates reams of “warnings” for every folder and JSON file, complaining that no Terraform configuration is found in those files. Examples:
This is not useful, as I’m not using Terraform in this repo. So, I would like to disable the TerraScan part of this tool. But the MS Security DevOps documentation (https://learn.microsoft.com/en-us/azure/defender-for-cloud/azure-devops-extension) contains no information on how to do this. I reported the lack of documentation here:
https://github.com/MicrosoftDocs/azure-docs/issues/107268
Someone there suggested adding an
input
parameter ofcategories: "!IaC"
to disable TerraScan, but this just led to a new error, one that was fatal for the build:I also reported the issue on the DevCommunity site, and they directed me here:
https://developercommunity.visualstudio.com/t/Cannot-disable-TerraScan-in-MicrosoftSec/10326029
How can I continue to use this ADO plugin, but configure it correctly for my needs?