Installing Microsoft Security DevOps Cli: Not supported error (v1.7.1)

[SwS-LuKy]

Since the update of the Azure DevOps "Microsoft Security DevOps" from v 1.6.0 to v1.7.1 we started getting the following error, when trying to execute the "MicrosoftSecurityDevOps@1" task in our pipelines with self-hosted agents.

Can you anybody help me out here? Any feedback is appreciated, thanks.

Regards, Luca

Azure DevOps Log log.txt

[9livesarmory]

We are also getting the same error on self-hosted agents after the update. Updated node.js but doesn't appear to be the issue. What version are your azdo agents? We are currently on 2.200.2 and are debating updating ours.

[davidknise]

Hey @SwS-LuKy and @9livesarmory, thank you both for reporting this.

Please see this related issue: https://github.com/microsoft/security-devops-azdevops-task-lib/issues/13

Updated node.js

The agents ship with their own copies of node in the ./externals folder of the agent.

My hunch is that the dynamic import / require inline is only supported on node16.

We should have a fix out within 24 hours.

[davidknise]

I was able to reproduce the error and will have a fix out shortly.

An available remediation would be to upgrade the build agent to a version with node16 in the externals, but a fix will be shipped for prior versions of node asap.

Here are the latest agents: Windows: https://vstsagentpackage.azureedge.net/agent/3.220.5/vsts-agent-win-x64-3.220.5.zip Linux: https://vstsagentpackage.azureedge.net/agent/3.220.5/vsts-agent-linux-x64-3.220.5.tar.gz

[SwS-LuKy]

Hey @davidknise Thanks a lot for the quick response. Looking forward to the fix and until then we'll look into updating our agents.

[SwS-LuKy]

We've just updated our agents to v2.218.1 (from v2.204.0). With this version the error no longer occurs.

cc @9livesarmory

[davidknise]

Thanks for the confirmation @SwS-LuKy.

I've deployed version 1.7.2 with the backwards compatibility fix.